Why can apps do this?
"If a user relents and okays the dialogue, the malware gets admin privileges,... traffic interception is supported by the Comodo certificate installed by the malware."
With Apple's walled garden approach, why are apps allowed to gain admin privileges and install certificates? Seems like something included for companies that run their own internal applications, but why is anything that's available from the public app store allowed to do this? Why, in 2017, do apps need Admin privileges still?