> Given that kext development is still supported (although highly discouraged), won’t they have to support the same level of kernel debugging as usual?

They just need to support loading kernel extensions. As watchOS has shown, developers will figure out a way to get their thing working on your device even if your make debugging extremely painful. (Apple's current silicon prevents debugging entirely because the kernel is prevented from being patched in hardware.)

> Can you name any of these apps?

Sure. If your app's bundle ID matches one of

  com.aspyr.civ6.appstore
  com.aspyr.civ6.appstore.Civ6MetalExe
  com.aspyr.civ6.appstore.Civ6Exe
  com.tencent.WeWorkMac
  com.tencent.WeWork-Helper
  com.igeekinc.DriveGenius3LEJ
  com.igeekinc.DriveGenius3LEJ.DriveGenius
  com.igeekinc.DriveGenius3LEJ.dgdefrag
  com.igeekinc.DriveGenius3LEJ.dgse
  com.igeekinc.DriveGenius3LEJ.dgprobe
  com.prosofteng.DGLEAgent
  com.prosofteng.DriveGeniusLE
  com.prosofteng.DriveGenius.Locum
  com.prosofteng.DriveGenius.Duplicate
  com.prosofteng.DriveGenius.Benchtest
  com.prosofteng.DriveGenius.FSTools
  com.prosofteng.DriveGenius.Scan
  com.prosofteng.DriveGenius.Probe
  com.prosofteng.DriveGenius.SecureErase
  com.prosofteng.DriveGenius.Defrag

dyld interposing is enabled for your app even if it comes from the App Store, opening the door for subverting the mechanism for applying the sandbox.

Huh, I wonder why those got exceptions. You said they were "Grandfathered in", but Civ 6 at least is recent.

They're two separate groups. Group one, the grandfathered one, is "legitimate" software that was simply published to the store prior to the mandatory sandboxing requirement–those can still get updates and remain unsandboxed. The second group is the list that I posted here, that have special status in the dynamic linker (can interpose functions) and through that can (probably don't, but "can" on a technical level by exploiting flaws in how Apple does sandboxing) bypass the sandbox.