Hmm, couldn’t Apple solve this properly with better technical measures? Right now, we have “Apple swears that its first-party AI system won’t exfiltrate data even though the OS doesn’t stop it from doing so” and “Apple doesn’t trust other vendors to pinky swear not to exfiltrate data”.

But Apple could instead have a sandbox that has no Internet access or other ability to exfiltrate anything, and Apple could make a serious effort to reduce or eliminate side channels that might allow a cooperating malicious app to collect and exfiltrate data from the translation sandbox. Everyone, including users of the first-party system, would win.