Apple Justifies iOS App Store’s Tight Control in White Paper
On 23 June 2021, Apple released a white paper that shows the company pushing back against the left/right alliance in US politics that threatens to redefine antitrust for today’s digital era. Apple’s white paper, “Building a Trusted Ecosystem for Millions of Apps: The important role of App Store protections,” tries to justify the company’s white-knuckled grip on the iOS App Store as stemming from a desire to protect users from malware and the exfiltration of personal and private data.
After a brief run through the document’s main points, I look at whether Apple’s stance is reasonable.
Apple Warns of Unfettered Harm
Owners of Apple gear and those who follow its technology or the politics of antitrust already know Apple’s core arguments. In this paper, the company puts it all on the table in a structured way. It’s a debate brief for congressional hearings to come and the firm’s attempt to defend itself ahead of six allied bills advancing in the US House that would require platforms to open up to competitors and allow greater user access, among many other changes.
Regulatory action that requires no new laws is also afoot. Lina Kahn, the Federal Trade Commission’s recently confirmed chair, brings a philosophy she developed for antitrust analysis that asserts consumers can be harmed even if a monopoly delivers low prices in the short term. Her position explains why the Department of Justice pursuing Apple rather than Amazon over ebook prices made no sense in the larger scheme of things because it allowed Amazon to increase its dominance and further control the market. Her view ran contrary to popular antitrust frameworks at the time, and her appointment indicates the Biden Administration’s intent to move away from the Robert Bork era’s antitrust focus on consumer harm in favor of a new path towards promoting competition. On 1 July 2021, Kahn achieved a 3-2 win in an FTC commissioner vote to rescind a 2015 FTC memo that reaffirmed the Bork view, seen as a first step towards revising policies.
The changes in law and rules would likely require Apple to open up iOS and iPadOS to allow sideloading, the installation of software by a user without going through an official store. Google’s Android platform already allows this. The current draft of the relevant bill in the House doesn’t suggest a specific mechanism, so Apple wouldn’t have to release an update that allowed the unfettered installation of any app—just some capability to do so. The language in question is:
It shall be unlawful for a person operating a covered platform, in or affecting commerce, to—
(1) restrict or impede the capacity of a business user to access or interoperate with the same platform, operating system, hardware and software features that are available to the covered platform operator’s own products, services, or lines of business;
Apple’s document is quite readable and makes cogent arguments, but it is 26 pages long. Here’s the summary:
- Sideloading would allow malicious apps to trick users into downloading them, resulting in the installation of ransomware, sniffing software, and other unwanted apps.
- Apple’s privacy rules couldn’t be enforced on sideloaded apps, rendering users susceptible to apps extracting personal information and private data. Some of those apps might even come from legitimate companies working within the letter of the law.
- Third-party app stores would be key targets of malicious actors. Those stores could have the best intentions but be unable to match Apple’s resources.
- Children would be able to circumvent parental controls by installing apps that work around them.
- Parents might inadvertently download apps for kids that would allow children to make endless, uncontrolled purchases.
- Even if you never intend to sideload an app, an employer or a school you or your child attends might require that you install apps from a third-party app store, exposing you to subverted apps or intentionally malicious ones. Even apps chosen by the business or school might engage in surveillance Apple would never approve, with or without properly disclosing it to you.
- Users could accidentally purchase and install pirated apps from third-party app stores.
- Developers could see their apps become available in pirated form in app stores without any reasonable way to stop it.
The document then explains the App Review process, in which humans and automated systems examine submitted apps to make sure they do what they say, are not malicious, and are not misleading. In this section, Apple notes that some of its privacy and purchase features—including privacy limitations, purchase controls for children, and subscription management—could be ignored or overridden by sideloaded apps, lead to unwanted exposure, recurring charges, or kid-initiated purchases: “These controls could not be fully enforced on sideloaded apps.” (Note the passive voice!)
This is all quite reasonable in form, but it provokes two separate questions: Why don’t these same problems apply to macOS? And how is this different from the state of things today? Let’s start with the Mac.
Why Is the Mac Different?
Is the Mac not subject to concerns about sideloading already? macOS currently has three tiers of app installation. The first tier allows only apps from the Mac App Store. The second allows Mac App Store apps plus apps that have passed a vulnerability and malware-testing stage (known as notarization) and then been cryptographically signed by Apple. If the second tier option still prevents you from launching apps you trust, you can then use a sequence in the Finder to open unsigned or unnotarized apps. This third tier (without any special sequence) was of course the status quo before the Mac App Store came to macOS.
The second- and third-tier options have retroactively become sideloading, and they remain the primary way that many users get their Mac software. That may be because the developer doesn’t wish to sell through the Mac App Store or because the app in question—like Keyboard Maestro, dearly beloved by some TidBITS editors—can’t meet the App Store’s sandboxing and other technical requirements and still perform its functions.
Apple’s response is to talk down the Mac. It notes that over a billion people use an iPhone daily—no love here to iPad and iPod touch owners—and as a result:
This large user base would make an appealing and lucrative target for cybercriminals and scammers, and allowing sideloading would spur a flood of new investment into attacks on iPhone, well beyond the scale of attacks on other platforms like Mac.
There’s some logic here—macOS and iOS really do inhabit different worlds in both how they’re used and how at risk they are to attack. At present, iOS is vulnerable almost exclusively to state actors because it’s so locked down that any exploits found are therefore incredibly valuable to governments who want to observe or disrupt criminals, activists, or opposition politicians. (Some governments classify activists and opposition politicians as criminals.) There have been plenty of patched iOS exploits in recent years, but while none have been widely exploited, some have been narrowly deployed against individuals or small classes of targets, like journalists in a given country.
Any hacker or researcher who discovers an effective iOS flaw may choose one of three paths: report it to Apple and potentially claim a cash bounty, report it publicly for personal or professional reasons before or after Apple has patched it, or sell it either to a company that packages exploits for governments or directly to a nation.
Exploits for Windows and Android offer additional revenue opportunities to their discoverers. It’s profitable and sometimes less risky for a hacker to deploy an exploit in malware to reap a reward from ransomware, extract financial information, hijack cryptocurrency balances, or rent out their software to malicious partners.
iOS exploits are rarer and fetch a high price (or provide increased credibility to reputable researchers) but are also restrictive and hard to deploy to unwitting recipients. (Jailbreaks remain feasible but rely on a device’s owner following numerous tricky steps.) It makes little sense to try to make money on the back of one or a combination of them. Windows and Android and Windows have such a huge array of versions, with a significant portion of devices both unpatched and unpatchable—like pirated copies of Windows or forks of Android—that it can be easy to target a large number of vulnerable users.
Relatively few Macs are in use compared to Windows PCs, Android phones, and iPhones. Arguably, Windows 10 offers better or as good security as macOS 11 Big Sur. But the proof is in the hacking: there has been no effective, widespread ransomware or other malware for macOS in ages. Either ne’er-do-wells avoid the Mac because of its small installed base or because it’s just hard enough to exploit that there’s no profit there.
Could Apple produce a hybrid solution that would satisfy demands for sideloading without compromising privacy? Arguably, the Mac App Store’s notarization and signing tier offers that, but it still requires a paid subscription to Apple’s Developer Program and adherence to Apple’s terms, including a round-trip through its automated verification processes.
Could Apple Negotiate Its Way Out of Sideloading?
Unfettered sideloading with no participation from Apple would be a terrible idea. It’s exactly why Apple makes users jump through hoops to open an unsigned and unnotarized app in macOS. If Apple opened iOS to sideloading with no protections, it would turn into the scene from Ghostbusters (1984) in which a government official succeeds in getting the ectoplasmic containment unit shut down. Tens of millions of new malware variations appear each year, developed and deployed by legions of individual, organized crime, and government-backed hackers who already spend their days and nights poking into iOS.
While unfettered sideloading might not be what’s best for users, Apple is using a classic motte-and-bailey tactic to push back: instead of advocating for a position unpopular with its critics and that Apple likes (the bailey), the company instead pushes a connected but much more defensible position (the motte). Apple’s goal is total control of its platform and a generous cut of all revenues that pass through. That’s the bailey in this case—what Apple wants but would struggle to defend if stated openly. The motte, Apple’s easily argued position, is that smartphone users want to be safe and secure. The logical fallacy is Apple’s suggestion that if it were to loosen any control, iOS would fall like Rome to the barbarians when, in fact, there are existing counterexamples inside the Apple ecosystem itself.
Apple already offers both the macOS model and its enterprise support for non-App Store installation. Michael Tsai noted this in a blog entry summarizing reactions to the white paper, “Businesses can already force employees to install certain apps, and these apps can already bypass App Review via Apple’s enterprise program.” (Schools can’t use this to push apps to students, only employees.)
If Mac owners can be trusted with “signed and notarized apps” with a non-obvious override for unsigned and unnotarized ones, and enterprises can be trusted to make apps and release them to millions of employees, why can’t individual users be given some control, too? Apple also has its hidden XProtect and MRT (Malware Removal Tool), which can police all apps, even those installed via the notarization and signing third tier noted above.
Is Apple so paternalistic that this white paper’s summary could be, “We know what’s best for you. Trust us. We’re protecting you.”? This sounds like the opening of every dystopian superhero film and TV show, recently including The Tick (season 2), Invincible, and The Boys. (Weirdly, those three shows were all made by Amazon. Is Jeff Bezos trying to tell us something?) Could overprotection exist to keep us within bounds that benefit others rather than for our own good? It’s also entirely possible that Apple justifies its paternalistic tone because it legitimately believes a firm hand is necessary given the virulence of the threats from sleazy marketers and organized crime alike.
A better approach might be for Apple to negotiate some sort of middle ground with developers, its customers, Congress, and the Biden administration (and the EU and other countries, too) in which it gives up some of its financial leverage in exchange for a more broadly moderated alternative to App Store only installation.
Here are a few areas of contention where Apple could give ground:
- Drop fees from 15% and 30% to 10% and 15%: Developers and users alike are already frustrated that Apple both places itself in the middle and tries to claim that it is not purely out to make money—that it adds value to the system worth 15% or 30% of the price of apps, subscriptions, and digital transactions. The commission has long been seen as too high. Last year, Apple admitted 30% was excessive by offering a program for small and mid-sized developers to drop that to 15%, with some provisos (see “Apple Drops App Store Commission to 15% for Small Developers,” 18 November 2020). In 2016, Apple also shifted subscription renewals to 15% and has reportedly cut private deals for under 30% with some companies. If Apple went further and dropped the fees to 10% for small developers and 15% for larger ones, much developer ill-will would disappear.
- Allow non-Apple payment methods for digital goods: Rather than forcing developers to use Apple’s in-app purchase system, the company should allow digital purchases using methods from which it wouldn’t receive a cut. That would put it in a position of having to compete for developers’ business by being easy to use and price-competitive.
- Allow links from apps to the developer’s site: Apple should allow apps to contain links to a developer’s website, including for off-app subscriptions. Apple has negotiated arrangements with billion-dollar companies for some of this—why not $10,000-per-year developers, too? (Apple should also stop complaining to publishers about hyperlinks in ebooks on its bookstore that point to Amazon and other competitors.)
- Stop “Sherlocking” apps: Apple certainly should have the right to make apps and add features that its customers want. But the company isn’t innovating when it nearly duplicates apps and then uses its App Store control to promote them more heavily in search results. There’s a balance that doesn’t involve undermining app creators.
- Improve protection of customers: The company’s words about how it maintains a safe App Store through strong oversight ring hollow given how easy it is to find apps that use deceptive titles to mimic popular apps from other developers. (In 2018, David Barnard examined the combination of app deception and subscription scams in depth.) Similarly, stories abound of apps charging usurious fees or tricking users into expensive subscriptions.
- Improve protection of developers: Developers lose revenue from apps that hijack consumer attention through misleading titles, ads that impersonate another app, and countless fake reviews. The paper noted, “Apple deactivated 244 million customer accounts due to fraudulent and abusive activity, including fake reviews. It also rejected 424 million attempted account creations due to fraudulent and abusive patterns.” That may be so, and it’s certainly troubling, but Apple is still falling short in this regard.
Will Apple’s white paper be sufficient to deter the US Congress’s and FTC’s desire to offer more choice to consumers and leave them subject to less control? On its own, it seems unlikely. (Never underestimate the power of other forces, such as deep-pocketed lobbying.) I believe Apple has to trade away some control to justify why it should still play an essential role in protecting users without being the sole gatekeeper and toll collector.
Apple and regulators might reach compromises that don’t go as far as my suggestions above, but the paper is convincing only about certain aspects of Apple’s arguments. And there’s something about technology giants that brings politicians in the United States together across the aisle. While liberals, conservatives, and those of other political stripes seldom find commonalities these days, complaining about Big Tech’s moderation, lack of consumer control and protection, and bad behavior towards vendors is one point of agreement. Dissenters appear across the political spectrum, too, but seem to be in the overall minority.
There are two side notes to end with. First, Apple oddly notes that “A study found that devices that run on Android had 15 times more infections from malicious software than iPhone.” The footnote cites Nokia’s 2020 Threat Intelligence Report 2020. That’s an accurate citation, but a bizarre statistic. The report says an average of 0.23% of mobile devices were estimated to be infected each month. Given that a couple billion Android and iOS/iPadOS smartphones and tablets are in use globally, that means roughly 5 million are infected at any given time…and that over 300,000 of those are iPhones. That number seems quite high relative to what we know about iOS security.
Second, the report opens with a 2007 quotation from a sort of blog post/open letter from Steve Jobs originally posted on apple.com:
We’re trying to do two diametrically opposed things at once: provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc. This is no easy task.
Follow the footnote and you find that Apple didn’t use a permanent link for that public statement. Because of that oversight 14 years ago, Apple was forced to point to a reliable third-party resource. One that has been trusted by Apple users for over 31 years and has worked hard over decades to ensure that old URLs to articles don’t break even across three distinct Web publishing systems.
Yes, it’s little old us. Adam Engst’s mother was for many years the Cornell University Archivist, and I hope she’s proud of her son and daughter-in-law.
I’m not sure I buy the logic that security should default to the lowest denominator. Just because the Mac is more open than the iPhone doesn’t mean that Apple has to drop the iPhone down to the Mac’s level. In fact, rather the opposite seems true: Apple offers you a relatively open platform (the Mac) and a much more closed platform (the iOS). Customers can decide which computing platform they want to buy.
On the motivation front, the unspoken assumption behind the logic is always that there has to be one motivator for Apple to do this. It has to be either revenue or privacy. But that’s flawed as well – people and organizations are almost always doing things out of multiple motivations, and it seems much more likely that Apple is motivated by both things.
Finally, just because the App Store is highly imperfect at weeding out scammers and the like doesn’t mean that allowing side loading won’t make the situation massively worse. In fact, it suggests just how much pent up demand there is to scam the billions of iOS users out there.
I own an iPhone, iPad, and Mac, and one of the reasons I like the iOS stuff so much is that it’s nicely locked down. One of the reasons I like the Mac stuff is that it’s much more flexible. I’d like to continue having both of those options, thank you.
That’s sort of the exact opposite of what I wrote, I think! Security can default (as on the Mac) to the highest model, but there can be titrated levels below it just as on the Mac. No security at all — unfettered installation without any involvement from Apple — seems like a terrible idea for iOS.
Here’s just one recent demonstration of how beneficial the App Store’s tight control is:
Great article, Glenn! I was dreading having to look through the entire white paper.
“Allow non-Apple payment methods for digital goods:”
Might this just lead to a lot more “free” apps that then require an in-app purchase through a non-Apple payment method in order to have a minimum level of functionality? Then Apple would be stuck reviewing and hosting apps that generate no revenue for Apple while remaining profitable for developers.
I don’t think it was. The lowest level here is the Mac, not absolute openness. The levels within Mac security is a bit of an illusion. As you pointed out, companies will insist their customers, and/or their workers go to the lowest level available. Fundamentally, it’s a more vulnerable model. Why is that better?
The argument shouldn’t be that iOS could be as open as the Mac, it’s why it should be. A company building safes could do a variety of security levels and no one would argue that their most secure model should be just as accessible as their lowest level. Apple is offering a range of computing devices with a range of security levels. As I said originally, I like that choice.
Companies can already insist on that; see article.
Possibly, but it’s also not very popular among users to have zero-function apps they have to pay to enable.
I don’t imagine any world in which the majority of digital revenue within apps wouldn’t accrue to Apple if they actually provided a competitive rate and worked more closely with developers instead of the current antagonism.
That’s not an example of that. That’s an example of what happens when you abandon most of your devices from upgrade paths within a year or so and left gaping holes in most older versions.
It’s not a demonstration of that. It’s a demonstration of how bad Google is.
The numbers from Apple are meaningless.
As developer my wishes are:
Apps for iOS could be codesigned and notarised, too, so that there is no loss of security at all. Just the stupid review process isn’t done.
The stupid review process either needs to be removed or it needs to be done right. I can’t imagine that the reviewer has a nice job. The reviews are so annoying. It’s not the responsibility of the reviewers to give technical assistance. But when they find a bug it’s usually not reproducible so that the developer is screwed.
Mentioning my website and the non-AppStore version is very important to me.
I also would like a customer list. The customers are Apple’s and not mine because I don’t know who they are.
I’m sure the iOS App Store review process does far more to protect customers from malicious developers than the automated vulnerability and malicious code checks done as a part of Mac app notarization.
But that’s not what the customers want. Sure, many will give it up if it’s part of the price of admission or trade it for something (sometimes for very little), but they wouldn’t want it to be the norm any more than they’d want General Mills to get their info every time they bought Cheerios at a grocery store.
I can’t speak as a developer, but as a consumer I’d prefer just a single App Store and no sideloading at all. What worries me about alternative app stores and/or sideloading is that we would need to pay attention to which app used which store or installation method.
It is simply fantastic that if I set up a phone from scratch I have a single place to find and install all of my apps - go to the purchased apps list and just click the download and install button for each one. I don’t want to have to remember that the Nest app came from Google’s store, and the Alexa app came from Amazon’s store, and Netflix required users to download the app to install directly, and Fantastical and CardHop only from the Flexibits store. The iPhone and iPad have been a huge improvement for the vast majority of users for this. (Of course those are examples of apps that would probably exist in the Apple App Store as well, but I just use them as hypothetical examples.) I could see some companies with extremely popular apps deciding to skip Apple’s review process and only distribute using their own or a third party store, or requiring sideloading. And of course nobody beats Apple’s method to unenroll from a subscription. I’ve had to make phone calls that take forever to cancel subscriptions and that is so much worse than a simple click.
Also as a consumer of course I’d want to see Apple’s payment processing fee reduced as low as possible, to reduce the cost of apps and subscriptions.
As for other improvements - allowing apps to point to how to create an account; allow (for example) Amazon to sell Kindle books within the app using their own payment method, just as the Amazon app sells physical goods - absolutely yes.
It’s complex, I know. Hopefully Apple will come up with a solution that is begrudgingly agreeable to all parties before they’re forced by government regulation or the courts to do something that we all end up hating.
Uh, yes, that’s why I put in the “as you said” part.
So, yes, companies will insist that iOS users go down to the lowest level and that’s a model Apple should emulate?
Someone mentioned that this was an issue. A child gets a free game, then purchases game bling for hundreds of dollars.
When the freemium model first came to the App Store, this was a massive issues. Fortunately, because the payment systems were handled by Apple, Apple reversed the payments then tossed the miscreant app and developer out of the App Store. If the child purchased the games through a third party service, Apple couldn’t return the money, but the parents would still be mad at Apple.
Now these types of freemium apps plague the Google Play store, but not the App Store
This is not the clever rhetorical device you may think it is. It deters my interest in continuing a discussion
I meant the enterprise distribution model mentioned in the article that is not the part you were referring. Companies can today make their employees install apps that they develop or license and distribute through that method.
It was in response to a strong indication that you hadn’t actually read my comment, so I’ll take the risk.
Thus addressing half my point, which talked about “customers and/or employees.”
For the most part, I don’t think customers think twice about whether the store or the manufacturer knows that they’ve bought something. And manufacturers have long tried to learn more about their customers when they aren’t selling directly—witness those “warranty” cards that used to be the norm, and all the various contests that breakfast cereals used to run. And of course, the stores often then turn around sell that data back to manufacturers in various ways.
Part of the problem is that it’s not clear that it’s any better that a store knows what you’ve bought than that the manufacturer does. Both want to sell you more stuff, only the store is less picky about which particular stuff.
All that said, I do think we’re in a different era now, and the tech world is very different from the breakfast cereal world. I’m sensitive to this issue particularly because of my 14 years running Take Control, where we cared deeply that we be able to communicate with our customers. Some of that was for support reasons—we really did look up what people owned when they wrote in and used that in part to inform our replies—and some was for marketing reasons. Our goal was to create products that would result in loyal users who would buy more from us, and one aspect of that was to build tight customer relationships. We sold through other stores where we didn’t get any customer information and they were less valuable to us (but we turned around and used our Check for Updates system as a way to bring those customers into our orbit). Joe may have different thoughts about this now.
So, obviously, opinions may vary on this topic, and I’m sure there are stores that care deeply about building strong customer relationships more than the manufacturers whose products they resell, but I’m very much on the side of manufacturers being able to build customer relationships.
I like the idea of manufacturers building relationships with their customers in ways that support the customers (and I think that you and “Take Control” model that very effectively). The problem is that the abuse of that knowledge has been so systemic and so widespread that it’s hard to trust anyone.
Two other notes to think about:
Apple’s not just trying to sell us more apps, they’re trying to sell us on Apple products as a trustworthy and private ecosystem. That changes the “stuff” analysis a bit, I think.
If I give my personal info to 100+ App Store programmers and start getting mass amounts of spam, etc., I’m going to have a very hard time figuring out who to blame (remember the trick where, if you owned your own domain name, you could put slightly different email addresses for everything you bought and thus know who was selling your info? Fun times). If I give my personal info to Apple only and start getting spam, then I know very well who to blame (leaving out other ways my info might get out for purposes of this scenario).
I think we’re already in this world and it hasn’t been a huge problem. The reason is that Apple doesn’t require the use of Apple payment services for physical goods or service—in fact, it explicitly seems to prevent that:
For instance, I use the Coinless app to pay for car washes locally. It ties into Apple Pay or I could set up my own credit card.
That’s my belief as well. Apple can make it easier than anyone else, and could at least in theory make it cheaper too, given the company’s financial clout. I’d rather see Apple competing than controlling.
Fair point, although arguably, Apple has created a position with the App Store where they don’t need to sell us any more stuff because they’ve created rules that prevent all competition.
I think there’s a spectrum of possibilities surrounding how Apple could allow developers to use third-party payment systems. Apple already requires a great deal of developers, with the Made for iPhone program being one of the more limiting. So Apple could require certain privacy-protecting policies of payment systems, and allow only those that meet both Apple and regulatory bars. Similarly, it could require that all customer communications go through Apple’s new privacy-protecting email address system that’s coming in Monterey in such a way that customers could easily identify or block spam.
Obviously, this is all speculation, but Apple has already built an incredibly complex—technically and policy-wide—system around the App Store, so I don’t think it’s unreasonable to ponder other ways the company could expand it to meet other needs and desires.
This is a big reason why people willingly sign up for affinity credit cards and retailer membership programs. They are more interested in cash back, user discounts, donations to causes, etc. than privacy. Data brokers, including but not limited to, Google, Amazon, Facebook, Axcion, etc., etc., make the information they accumulate available to just about anyone who will pay for it. Though infinitely more data about everyone and anyone is available since the development of the interwebs and mobile communications devices, collecting third party information and finely tuned targeting is nothing new. It’s been around for well over a century.
I don’t care what developers want and I am tired of their grizzles. Most of them wouldn’t be in business without Apple, the iPhone (invented by Apple) and the App Store.
As an iPhone owner, I want a single App Store, no sideloading, top security and privacy, well designed and high quality apps. I do not want to waste my time going through the hoops with alternative app stores or buying directly from developers; I dont have time. I don’t buy in-subscription apps at all because it is difficult to determine the value and monitor price-creep. If the app that I want is top class, then I am happy to pay top price. I certainly do not want my personal details given to any developer because I do not trust them to appropriately manage my personal details.
The various governments’ and regulators’ approach in this whole business is overriding customers’ interests. To me, Glenn’s take is that of the regulators and developers.
I’m okay with the macOS approach as it is easier to qualify non-App store developers and most downloads are updates of already purchased apps.
I think a lot of apps will still use Apple for payments (at least as an option) because the conversion rate will be so much higher. It’s far easier to pay through the App Store or in-app purchase than entering all your billing details in an app. And for kids that aren’t given free reign of their parent’s card, the App Store is the only way they can pay for something (via the ‘request’ feature of family sharing). Ultimately, I can’t see a huge exodus from App Store payment even if developers could use their own systems. And the big ones that can take the financial hit have already left (see Netflix, Amazon, etc.).
How likely is this to happen, though? Given that sideloading is possible on Android and Google is generally less restrictive, why haven’t the big players set up their own alternative stores there. I think it came out in the recent Epic trial that they had tried distributing Fortnite for Android outside the Google store so they could avoid paying Google a cut, but they had to abandon that and put it on the Google store because they couldn’t get enough people to download it outside the official store. If a big company selling a game as addictive as Fortnite can’t make a profit selling outside the official platform app store, it’s hard to see anyone else doing it. Or, to take another example, why hasn’t Facebook taken their app off the Google store? Surely that would give them a lot more freedom in what they can do with the app?
I have to say, I’m still on the fence as to whether sideloading would be a problem if it were allowed on iOS. The counter argument is that Android is already a lot more permissive than iOS, so a company like Facebook has a lot less incentive to go to the effort of an alternative distribution method. And of course, once you allow sideloading, it would be near impossible to take it away if things did go badly. The specific implementation would make all the difference. Apple could allow sideloading but make it so onerous to enable that it’s not a viable route for any mass market app.
So… I still don’t know what I think. But the worst case scenario seems unlikely given the state of app distribution on Android.
As the owner of BusyCal, BusyContacts, Omnifocus, and many third party apps with Apple competitors, I think the lack of competition has been overstated.
I suspect that many developers would fight against even those regulations. There’s an assumption that the result of forcing Apple to open up will be [insert this more reasonable solution] rather than [insert some highly unpleasant scenario]. I’m not sure the optimism is justified.
Amazon has had an Android store for a long time. I don’t think it’s all that popular, but it’s there. And apparently you can pay with Amazon Coins. The Amazon App
We may find out how popular third party app stores are. But also, look at the Mac and Windows platforms, where the central stores are less dominant. This won’t be anything new.
I’m not saying there isn’t competition for Apple’s apps, I’m saying that there’s no competition for the iOS App Store. That’s the reason Apple doesn’t need to care about selling iOS users more stuff—there’s nowhere else to get iOS apps. Cydia doesn’t count.
Amazon’s Android Store is a default on all Kindle devices and their Fire TV stick, and it is hugely successful and popular. It will be the default shopping app on Microsoft’s soon to be released Windows 11. What I think is exceptionally creepy is how tightly Windows 11 will mesh with Amazon shopping and very creepy Amazon Coins. I suspect it’s a kind of an admission on Microsoft’s part that Amazon is better at selling a wider variety of stuff to Windows users than they are.
Sure – but focusing on the App Store ignores that Apple makes the vast majority of its profits from hardware, not software. The App Store and the privacy & security emphasis is a way to sell people on buying more Apple iPhones and iPads. And there’s plenty of competition in that space.
Opening the App Store would compromise the privacy and security that Apple touts and thus make the iPhone and iPad less marketable in that regard.
I think this is the point. Even if third-party stores could exist on iOS, I’m not sure they would gain much traction. Is there any (significant?) Android app that is on the Amazon app store but not the Google one?
But success is irrelevant in terms of security. Opening a hole in iOS that allows third-party stores, third-party billing, and/or side-loading would open up a raft of security issues whereby innocent people would be duped into clicking links that would take them to alternate stores/download sites/payment methods and expose them to malware, scamware, viruses, and fraud.
Even if only a tiny fraction of iOS users were so scammed, the breaches would be serious (i.e. financial) and in the hundreds of thousands. It would be a disaster.
I agree the App Store has problems and isn’t perfect, but opening the phone up isn’t the answer. It would create far more problems than it solves.
I agree with this, and I think that Apple should be given credit for creating a growing and thriving retail environment that gives developers the opportunity to reach over a billion iOS device owners. And these iOS owners spend much more per capita in Apple’s App Store than Android owners do in Google’s store.
And there have been some very serious data breeches of Microsoft’s cloud services over the past few months, including Solar Winds, exposing the data of hundreds of millions of users. That doesn’t even count the recent mega zero day hacking of Microsoft owned LinkedIn, which compromised over 90% of its millions of current members around the globe.
I’ve used it. It’s not the end of the world. You do have to configure Android to allow installation from “unknown sources” in order to use it, but you can also revert the setting (to block unknown sources) when you’re not actually installing an app, if you are worried about malware auto-installing something.
Personally, I think there’s a happy medium here. Apple (or Google, for that matter) doesn’t need to remove all access controls in order to permit third-party app stores. You can instead make “install software” another permission that an app needs if it is going to be allowed to install additional apps. With such a feature, legitimate app stores (like Amazon or Samsung or your wireless carrier) can install your purchases without permitting everything in the world access.
Yes, a user might be tricked into installing a malicious app store, but there’s no way to avoid that. It didn’t destroy the Windows platform (where malware is a far bigger problem), it didn’t destroy the Mac platform and it won’t destroy iOS. And those that don’t want to trust third-party app stores can use the existing permission mechanism to block apps from installing additional apps.
And, of course, there is no reason why iOS can’t still require apps to be signed and notarized even if they are distributed by a third-party store. Gatekeeper on macOS does this and it seems to work just fine.
It’s been a while, but I don’t think so. But they don’t cost the same. Amazon offers discounts and promotional pricing that isn’t always mirrored on the Google store. Back when my personal phone was Android (admittedly, several years ago), I used both Google and Amazon for my app purchases.
No different from any other computer platform. Macs aren’t the wild west despite the fact that anyone can install apps from any source. Gatekeeper is sufficient to make sure you really really mean it when you try to run an app that isn’t suitably signed, but it lets you make the final decision.
I see no reason why a similar mechanism couldn’t be done for iOS. Yes, some people will be fooled into installing the mega-virus-spam-adware app, but the only way to protect those people is to block all third party apps completely. Ultimately, you have to treat your customers as adults and your customers need to deal with the consequences of making bad choices.
I think it would be perfectly fine to treat iOS like macOS - allow installation of signed and notarized apps from any source, but require users to jump through a few hoops before they’re allowed to install apps that are unsigned or have self-signed certificates.
But I’m 99% certain that Apple has motivations that go beyond system security. And I’m even OK with that, but I wish they would admit it and stop pretending that their motives are purely altruistic.
Macs are a fraction of the installed user base of iOS. The target for the latter is much bigger and thus much more lucrative.
I don’t really understand this. Apple’s very upfront in its quarterly sales releases about how much money they’re making from services, so they’re not hiding it. But what else should they do? Have Tim Cook roll around in a pile of money laughing on live TV? I’m not sure why companies are expected to fess up to aiming for a profit, as if that revelation will neutralize everything else they do.
No argument. But in this context, we’re talking solely about Apple’s iOS App Store policies and how they may not track with what a normal store would have to do because Apple has ensured that there’s no competition for the App Store.
I tend to agree. I’m not exercised about sideloading; in my ideal world, Apple would compromise on a variety of non-technical issues, such as by lowering the transaction fees, because I think those would cause a lot of the other complaints that could hurt security to go away.
Well, wait. I’m not talking solely about the App Store, because I don’t think you can do that without considering the larger context.
The entire context here is the article Glenn wrote about Apple’s white paper justifying its actions with the App Store.
I don’t think it’s possible to limit it that way.
Then you are certainly welcome to start a new topic which scopes things to your liking.
Or, I could continue to point out that trying to talk about the App Store in isolation and ignore the larger world leaves out massively critical context. Having said that, I don’t think this is a particularly productive conversation at the moment, so I’ll leave it.
We developers do not “grizzle”. I’m tired to hear that “we just should stop whining”.
The AppStore and Apple are a miserable experience. For almost every developer. Quite a few reviewers are bullies. There are spurious rejections. Some developers are treated different than others. Some companies get to do things that others aren’t allowed to do.
We must make money, too. Without developers there are no applications. And I don’t want to be treated by Apple as we are nothing to them.
There was a point, and it was very early on really, when the benefit of the App Store and sticking within the walled garden became very clear for users, including advanced ones who were comfortable with jailbreaking etc. The security, the general reliability, all meshed with the need for such a device to be stable and dependable, given the ubiquity of the phone within users lives.
I would have sympathy with developers regarding payment systems however, I think Apple may have a point about what they are providing to developers but I think they should, on balance, let developers pursue other third-party payment systems. The ‘on balance’ rests on the flow of cash Apple are hauling in from their position in the marketplace outside the App Store revenue, the apps developers provide have benefits for Apple too, its a two way street.
I would imagine that smaller developers are happy enough with the straight up ease of using Apple’s system for their users payments, I think the majority of users when faced with a pay via Apple or enter your credit card details choice will simply authorise the Apple payment.
Apple is the AppStore’s owner, so they get to decide what to sell and what not to sell in it. Saks Fifth Ave. sells Nyx cosmetics, but nothing else from the many brands of Nix’s parent company, L’Oreal. They won’t sell Maybelline or any of its affiliate company products either. And they pulled all Ivanka Trump products from their stores a few years ago. This is how the retail industry works. And Apple wouldn’t be bullied by Fortnight, one of the largest app developers in the world.
Join the discussion in the TidBITS Discourse forum