While there is generally always some small percentage of apps that don't do what they promise and slip through the review I think I can be reasonably sure that if I download something from the macOS / iOS app store it'll do what they say.

I trust it enough to believe it won't start crypto mining in the background or connect to random servers and sending the content of my computer somewhere. For the average user it's probably the better option than downloading the top Google result and just executing it.

Uh, what are you talking about? Phoning home with your data (mainly phonebook and location data) is exactly what a lot of apps are doing.

Sure, they wont do crypto mining, but that's because it would drain your battery quickly, and people would notice and uninstall.

As I said, it can happen but I'd assume it's done a lot less than on the "open" internet where there's no repercussions. At least in the App Store the developer would get thrown out, people would post it in the reviews or report to the App Store moderators.

Isn't the whole point of sandboxing and the permission systems exactly preventing phonebook and location data misuse? Especially location tracking prevention was a pretty big part of the iOS 13 announcements.

The permission system does work and is a great achievement. Along with battery monitor and the ability to easily and cleanly uninstall any app.

> I trust it enough to believe it won't start crypto mining in the background or connect to random servers and sending the content of my computer somewhere.

The current migration towards more sandboxing also helps. For instance, Android has restrictions on how much an application can do in the background without showing up as a persistent notification, and xdg-app's sandboxing can restrict how much of the content of your computer an application can access without using a file open dialog.