Ah, thanks for clarifying the question, and it's a really good one, and I haven't seen the answer to that. I'm guessing it would have been part of one recent update to the OS, and the feature then gets enabled on a certain date or remotely or something like that.

And your final question "What else are they capable of doing without my permission?" --- the answer is anything they want. Concretely, what are the capabilities installed NOW that they can take advantage of, who knows exactly?

As an example, I do remember a looong time ago Google remotely removed apps from Android phones, pretty sure Apple could or might even have done so as well.

Apple has the ability to do so[0]. I believe they have used it against malware in the past, but finding articles is proving to be complex.

Another solution for apple is to simply revoke the codesigning certificate that is used to sign the app, which will render the application un-runnable.

[0]: https://www.macrumors.com/2008/08/06/apples-ability-to-deact...

The change is scheduled to ship with an OS update (iOS 15): https://www.macrumors.com/2021/08/05/apple-new-child-safety-...

Nothing technical prevents them from putting something in ring zero which does silent updates without announcing them, but that's not what's happening here.

They can force update your phone, so pretty much anything they want.

This means they can intercept even e2e encrypted messages such as signal, if they wanted.

When you control kernel, you can do anything, to anything running on that system.

That's the issue - apple devices run an opaque blob signed by the entity developing it which is also is in possession of the source code which it does not share with anyone, so users can't inspect it to see what it actually does.

For comparison in a Linux distro:

- everything is built from source on distro infrastructure, users can inspect any an all source code of everything running on their machine - software updates are transparent and not enforced, user can read changelog or compare source code of the updates - software updates of individual packages don't usually go directly from upstream open source software developers but via a package maintainer in the distro, for each distro - if an upstream project introduced fishy stuff like Apple is doing would almost certainly be noticed by either one of the package maintainers or users due to changes in the source or in software behavior, alerting others to do source code analysis and stop the attempt from affecting users