"... The researchers didn't publish many technical details about their findings, except for one case concerning the extraction of the encryption key for D-Link router firmware images. ... By analyzing the corresponding variables and functions, the researchers eventually extracted the AES key used for the firmware encryption. Using that key, a threat actor can send malicious firmware image updates to pass verification checks on the device, potentially planting malware on the router. Such problems can be solved with full-disk encryption that secures locally stored images, but this practice is not common. ..."

If - apart from integrity and confidentiality - authenticity is a goal for firmware update checks (as it probably should be) then a firmware update should be protected by a private key signature and be verified by a _public_ key (and not rely on symmetric key encryption for something like that).

Start with an on/off radio button for internet access for each app (local network on/off is already there for any app that tries to access local network, I believe).

If apple is so privacy focused why not add the ability to restrict the network connectivity _per_ application (e.g. allow/disallow lists/masks or for local or general internet access for an app), _regardless_ of how the network is provided (wifi or cellular).