It’s also not clear that the EU requires the PWA engine to also be replaceable but I’m personally in favor of that so we’ll stipulate that’s the case as well.
The term “security model” is doing all the work here.
The EU has no requirement for the “security model” to be changed. They require the browser engine to be replaceable.
The argument that Apple’s security model is the only one that can provide security is not sufficient. Those making this argument need to also prove that the browser engine can only be secure when made by Apple.
And yet the entire history of computing, and especially the history of browsers, browser engines, and app engines in general, have consistently shown that no one company has a monopoly in being able to make secure browser engines, competitive pressure has helped security across the board, and non first party browser engine makers have often made far more secure browser engines than the first party makers.
Apple fans are obscuring the issue by shouting “security model”. The real question is why this security model is irrecoverably damaged by replacing a first party browser engine by a third party one.
And why Apple, at a time of much greater computing power, much more advanced computer science, and far more advanced in browser engine theory and technology, is unable to do what Microsoft was forced to do 2 decades ago.
