Discuss why Apple is acting like sideloading is bad when those mini-programs do not go through Apple's App Store verification process and yet Apple doesn't cry about it!
...but that can all be done without 'sideloading'.
"Sideloading" is about installing
native iOS Apps that potentially, have less restrictive access to the hardware, and rely partly on Apple's app store rules & validation to enforce security.
Anybody, anywhere, without going through the App Store, can already write a "web app" using HTML5 and javascript, stick it on a https server and include a manifest file so it can be installed as a desktop shortcut with its own icon, which opens up without a browser toolbar and looks for all the world like a "proper" App. That can do anything a website opened in Safari can do - including making purchases using your PayPal/Google Pay/Ali Pay/whatever account, even accessing the camera and location info (try going to the Google maps website instead of the App - location still works) but, again, ultimately using quite restrictive web APIs and - ultimately - going via Safari/Webkit.
Reality is, though, it is still a shortcut to a website being delivered from a third-party server,
not a native iOS App installed locally. The "app" is actually being run by Apple's own WebKit and JavaScript engines and subject to all of the security restrictions built into those - for most practical purposes, it is technically the same as browsing a website in Safari. The advantage for the provider is that this method is largely platform-independent.
NB - you can also install "Chrome" and "Firefox" from the iOS/iPadOS App store which can also run web apps - except, whereas the MacOS/Android/Linux/Windows versions of these are complete browsers with their own implementations of HTML rendering and javascript (each with their own set of potential security vulnerabilities), the iOS versions are little more than custom "skins" for iOS's built-in WebKit/JavaScriptCore implementation (which may not be perfect, but are under Apple's control and means they only have one set of bugs/vulnerabilities to worry about!). At a guess, the "WeChat" App is probably a wrapper like "Chrome for iOS" - the docs you linked show that "mini programs" run on WebKit/JavaScriptCore on iOS whereas the Android version uses a customised version of Chromium.
Is it possible that Apple have cut a deal with WeChat and relaxed the App Store rules to make this all a bit more seamless? Absolutely - and you could easily see why it would be in Apple's interest to play nice with them. Making mutually beneficial deals with a few strategically important partners - backed up by legal agreements and security assurances - is a far cry from allowing a free-for-all where anybody could offer side-loadable apps with (intentional or accidental) vulnerabilities or set up their own App Store with no accountability to Apple. I'll leave the question of whether Apple is hypocritical in dealing with WeChat
at all while making a big noise about privacy for another place - since this thread is specifically about sideloading and payments.
NB: Payment services and sideloading are different topics, and I believe Apple has made some concessions in allowing "reader" services like Netflix to at least include web links to alternative payment methods. However, without
some check on that every App would become "freemium" with payment via the publishers's own payment service, so they got full advantage of the App Store's popularity without contributing a penny to its running.
I don't
entirely like my iPad's lack of sideloading. On the other hand, while I might want to hack my tablet, my
phone is increasingly used for payment and 2FA, so I really wouldn't want to sideload untrusted apps to it. Currently, I've got an iPad and an Android phone, which is
probably the wrong way round - when my iPad expires I'll probably replace it with a hackable Android tablet and
maybe one day Apple will make an iPhone that actually appeals to me - in which case I'd see it being securely locked-down as an
advantage.
Anyway, I have a free choice between iOS, Android and even a few non-Android Linux options. Attacking Apple for monopoly abuse when Android has a 70% market share and Google have a dominant position that extends across
every platform is a bit ridiculous.
