@anton_chuvakin @pbrass as I posted on Twitter apple’s latest update to reset airdrop to contacts only after 10 minutes is an inherently secure design choice. The system resets itself to a known secure baseline regardless of the user’s intervention.
It’s like nightly reimagining of VMs.
ChromeOS is another example. It’s a hardened Linux OS with all the dangerous toys hidden away. Most users will stick to the browser and use anything within sight. Combination of hardened OS and security by obscurity.
Finally, apple’s product design choices, soldered everything, no removable parts or drives, limited ports, is not serviceable and annoying but it increases the inherent security due to lack of exploitable means.
Controlling both software and hardware gas the potential to increase inherent security if done right.
The alternative, for example Android devices produced by 3rd party vendors loaded with 5 different questionable app stores and some with malware as part of the image is the definition of inherent insecurity. A bag of trouble.

Phew, Twitter wouldn’t let me write all this thing without going into a 15 threat answer.