Skip to content
Thoughtful, detailed coverage of everything Apple for 32 years
and the TidBITS Content Network for Apple professionals
100 comments

Apple’s App Store Stubbornness May Be iOS’s Greatest Security Vulnerability

When Apple decided to support applications on the iPhone in 2008, it did so in the most Apple way possible (see “Apple Announces iPhone 2.0, Releases SDK,” 6 March 2008). The company distilled the complex process of finding, purchasing, downloading, and installing apps down to a simplified user experience. With the App Store, customers could go to a single storefront and do everything with the tap of a finger. Apple vetted apps to meet the company’s standards and security requirements, providing customers both convenience and peace of mind.

Apple prioritized iOS security from the start, realizing that customers were more likely to buy iPhones and apps if they didn’t have to worry about malware. The company leveraged its complete control of iPhone and iPad hardware, iOS, and the App Store to create one of the most secure software ecosystems in the history of personal computing, rivaled only by gaming consoles. Perfect? No. Highly effective? Absolutely. Apple built a security model based on vertically integrated security that combines hardware, software, and services, with the App Store playing a key role (see “Apple Platform Security Guide Reveals Focus on Vertical Integration,” 18 February 2021).

But this foundation is now at risk, largely due to how Apple has treated app developers and payments. On 25 March 2022, the European Union published its draft Digital Markets Act. If enacted, the legislation would, among other things, require Apple and similar companies to support alternative app stores. Apple is still embroiled in a lawsuit with Epic Games that focused on forcing non-Apple app stores onto iOS. Over in the Netherlands, Apple has been forced to open up external payment systems for, of all things, dating apps. While supporting alternate payment systems doesn’t affect security, opening up to alternative app stores will have profound implications.

Apple largely has itself to blame. Apple didn’t create a walled garden marketplace merely to ensure consumer safety; it also did so to own the billing model and financial transactions, and thus the customer relationship. Until a week ago, a developer wasn’t even allowed to link to or mention their website for prospects to sign up for subscriptions. For over 13 years, Apple refused to budge to pressure from developers, forcing them to turn to the courts and legislatures.

Let’s distill this down to understand why the App Store is so important for security, how opening iOS up to alternative app stores or sideloading will reduce our safety, and why this now seems inevitable.

How does the App Store work with iOS security?

Apple uses a vertically integrated security model for iOS devices. That means that the overall platform security is provided by Apple hardware, software, and services all working together. You can read the details in the Apple Platform Security Guide, but here is a simplified summary:

  • Developers write their app code using Apple’s tools, which automatically enable certain security features to reduce the risk of vulnerabilities.
  • To submit apps, a developer must be approved by Apple and issued a digital certificate to sign their apps. Apple tries to validate that the business is real, but experience tells us that it doesn’t always get it right.
  • Developers sign their apps and submit them for approval. Apple assesses each version of each app, including running security scanners to find common coding vulnerabilities.
  • By default, apps are completely isolated and have no access to user data anywhere on the device. Even access to capabilities like Bluetooth is restricted. Developers who want additional access must request an entitlement from Apple.
  • If approved, the application and its entitlements are cryptographically signed by Apple and placed on the App Store. I’ll explain why this is so important in just a moment.
  • On the device side, iOS boots up using a chain of trust. This complex process relies on a series of digital signatures and code signing checks to assure that each part of the operating system is official, trusted, and tamper-proof. It also relies heavily on the Secure Enclave, which manages cryptography functions and holds the root encryption keys and certificates in a secure portion of the device’s system-on-a-chip so they can’t be modified.
  • When an app runs, the operating system extends the chain of trust to the certificate used to sign the app itself. That certificate must be valid, and the app’s code has to match code signature checks that ensure it hasn’t been modified since it was installed or updated.
  • Part of this process validates the app’s entitlements. Apple signs those so an app can’t suddenly start reading your contacts if it hasn’t officially been approved for an entitlement. Many entitlements also won’t work unless the user is prompted and approves the access. Facebook can ask to see your contacts, but you don’t have to let it. (And for the sake of the privacy of all your contacts, don’t!)
  • The app then runs in a sandbox that is isolated from the rest of the software on the device. Apps are provided their own file storage, separate from other apps. iOS uses internal security capabilities to enforce this isolation. When apps do need access to shared resources or each other, this access is also controlled by iOS and relies (partially) on more digital signatures for enforcement.

Now explain it like I’m a fifth grader?

Sure thing. Apple scans every app submitted to the App Store for malware and security vulnerabilities. After approving an app, Apple puts it in a digital envelope sealed with digital wax (those signatures and certificates we talked about). Hardware and software on our iPhones and iPads check the seal and ensure the app was approved and no one has tampered with it. That same hardware and software then isolate the app when it runs so it can’t do bad things. All this keeps your device safe and, via entitlements, protects your privacy.

The entire system relies on Apple services (the App Store and developer program, plus digital certificate servers), Apple software (iOS and iPadOS), and Apple hardware (the Secure Enclave and certain other hardware protections we are skipping).

This sounds great, so malware is impossible on iOS?

Alas, no. There has been malware on iOS. It’s just a lot harder and more expensive to create, much more difficult to distribute, and far easier to shut down. For example, the NSO Group developed an incredibly sophisticated iOS exploit that relied on building a Turing-complete emulator within an obscure PDF feature.

There are also plenty of scammy apps in the App Store that meet all of Apple’s security requirements but still come up with ways to trick users out of their money through sneaky subscriptions or by targeting kids. Unpleasant as these apps are, they can’t take over your iPhone and spread to other devices on the same network.

How do we know this all actually works?

As we like to say in the security world, the proof is in the pudding. There has never been any widespread malware on iOS. Malware is more of an issue on Android, but even there it is less of a concern when users stick with the official Google Play Store.

In Nokia’s Threat Intelligence Report 2020, the company shared a breakdown of malware infections by device for 2019 and 2020. In 2019, Android led with 47% of infections, compared to less than 1% for iOS (the other two categories were Windows PCs at 36% and Internet-of-Things devices at 16%). However, noting that the security of official app stores like the Google Play Store has increased continuously, Nokia found in 2020 that Android accounted for only 27% of infections, and iOS remained under 2%. (Windows increased slightly to 39%; the IoT devices drew most of the malware attention, jumping to 33% of infections.)

Nokia's malware charts
Source: Nokia

These numbers support the fact that there is vastly less malware targeting iOS than Android, thanks to Apple’s insistence on a single App Store. Even within the Android world, the increasing security of the Google Play Store resulted in an overall drop in malware infections, even though they remain high due to the availability of alternative app stores and sideloading.

Why are digital signatures so important?

Earlier, I mentioned the chain of trust. Many forms of malware find a vulnerability on a computer and then use that to embed themselves in some pre-existing piece of software. This technique enables attackers to establish persistence, so the malware doesn’t just run in memory and disappear when the app shuts down or you reboot.

The chain of trust does two things. First, it uses cryptographic signatures to ensure the running software comes from a trusted source. That’s why Apple embeds a read-only signature onto its devices; the attackers have no way to swap in a different signature to fool your iPhone into thinking that it’s running trusted code. Web browser developers like Google do something similar by embedding known signatures into their browsers as certificates that enable a “root of trust.” These root certificates are trusted by the Web browser companies and are used to sign and validate the site-specific certificates used by websites, so you get those little green validation marks when you connect to your bank.

For apps, Apple also makes a cryptographic “hash” of the code and signs it digitally. A hash is a manageable number that maps to the app’s code and changes if even a single bit of the code changes. iOS can then ask, “Does this app come from where I expect?” and “Did the app change at all?” (And obviously, if the answer to either of those questions is “No!” iOS won’t let the app run.)

On iOS, this chain of trust runs from the lowest levels of the operating system when our iPhones and iPads boot, all the way to the apps we download and run from the App Store. The entire chain relies on these digital signatures, certificates, and hashes.

Tell me again how knowing all this improves security?

There are three benefits:

  • We know that all apps in the App Store have been scanned and approved by Apple. This significantly reduces the risk that an app we download is deliberately malicious or accidentally harmful.
  • We know that all the apps on our iPhones or iPads came from the App Store and are running the same code that we downloaded—malware infections that modify apps are nearly impossible.
  • We know that apps can’t get—or even ask for—access to data like contacts or calendars, or features like Bluetooth, without Apple having approved their entitlements.

What about sideloading?

Sideloading means allowing users to install apps directly, without going through any app store. Typically, users must enable sideloading manually, since devices default to staying locked down, but it’s still a huge security hole. Alternative app stores enable installing apps from additional, hopefully trusted sources. Sideloading lets users install anything they want… or can be tricked into installing.

Of course, sideloading is nothing new—it’s how things work on the Mac today, where you can install any app from any source. Although much Mac malware takes advantage of sideloading, none of it has been truly widespread so far. That’s more likely a side effect of the Mac being a relatively small target; there are so many more iPhones and iPads combined that malware authors target them even though it’s very difficult; if it got easier, we’d see many more attacks.

Could Apple enable alternative app stores?

Yes. There are two ways Apple could support third-party stores:

  • Apple could authorize another store and issue it a certificate with which it could sign its own apps, after which the chain of trust would expand to include that certificate. This approach would be similar to how Web browsers come bundled with a series of root certificates used to sign the certificates of websites, although that system has been abused as well.
  • Apple could also issue certificates to all comers or disable some or all of its existing security checks for apps that users download from a third-party store. This approach, which is how things work on Android, would make possible a range of potential app stores with widely varying approval policies and levels of security.

Why do alternative app stores reduce security?

It comes down to consistency and enforcement. Apple couldn’t review the apps in those stores and ensure they meet Apple’s requirements. Nor would Apple be able to review entitlements in those stores. The alternative app stores would only be as secure as they want to be and are capable of enforcing.

If Apple were to allow only a small number of vetted alternative app stores, this might not be too terrible. Apple could set standards for those partners and issue them special certificates to sign their own apps. Then Apple could build a security program to ensure those partners met and maintained standards that were at least equal to Apple’s.

On the other hand, if Apple were required to allow any arbitrary alternative app store, we immediately run afoul of the same problems that plague Android since there is no way to enforce any security standard. This model would either require Apple to issue certificates to anyone or, more simply, enable users to disable the signing mechanisms and allow any app to run without the security checks.

The first option is much more secure, but it doesn’t provide many benefits to the third-party app stores beyond handling their own payments (I’ll get back to that). Also, Apple would likely still draw complaints similar to those the company faces over the official App Store, since Apple would have to set standards to be in the program, charge to participate, and probably anger all sorts of alternative app stores that don’t align with Apple’s goals. The second option creates a free-for-all without any security enforcement, and we can already see how that model results in a less-secure, malware-friendly environment on Android.

Couldn’t users just stay secure on the official Apple App Store?

Users could choose to trust only Apple, but over time, there would be both direct pressure and scams to move users to alternative app stores. Some popular apps might require you to use an alternative app store and decline to participate in Apple’s. Most people aren’t computer security experts and won’t know the implications of trusting a new app store on their phones, and even tech-savvy users will be forced to install Facebook, Instagram, and WhatsApp.

What if your bank only supports an alternative store? Or someone tricks you into thinking your bank only supports an alternative store? How certain are you that you’ll be able to make the safe decision every time one comes up? Alternative stores and sideloading increase security complexity for users, and history shows us that complexity opens up opportunities for attackers.

Again, we already see this on Android, where users can be tricked into sideloading or using an alternative, untrusted app store to install some app without realizing it is a scam or malware.

Isn’t this how “enterprise applications” work?

Apple does have a program for enterprises to build and install their own apps onto corporate-owned devices. This is exactly how the best-case alternative app store model could work. Apple issues a certificate to these companies, which then use a process to install the certificate on employees’ iPhones, allowing apps signed by that company to run.

This system was abused by Facebook a few years ago, which highlights the trust issues that come into play when Apple starts handing out certificates.

Don’t gaming consoles do the same thing?

Absolutely. Apple didn’t invent the app store model or create the first walled garden marketplace. Video game consoles are probably the closest example. They are powerful computer systems with single-source app stores and locked-down hardware. Game companies have been running walled garden marketplaces since the first home systems appeared. The only difference back then was that we only loaded games from physical media, like cartridges or CD-ROMs.

As a result, game systems also have extremely low rates of malware and scams, just like the iOS ecosystem.

Why do developers and companies want alternative app stores?

The first answer is easy: “follow the money.” Right now, Apple enforces app standards (such as no “adult” apps) and takes a 30% cut of all sales made within apps (there is now some variation in the fees). Apple also takes a cut of all in-app purchases. This is why you haven’t been able to buy a new book in the Kindle app; Amazon doesn’t want to pay Apple 30% of every book sale when it can instead make users buy books within their Web browsers and not share any of the revenue with Apple.

The problem is that Apple has also long prevented Amazon and other companies from linking out to their websites for purchases or even telling users that it’s an option. Happily, after pressure from Japan and the Netherlands, Apple has relaxed its rules to allow alternative payment options or linking to external subscription services. “Reader apps” that are primarily meant to provide access to digital content, such as Kindle, Netflix, Spotify, and others, can now direct users to an external site for payment, albeit with some rather stiff required language. (At least it’s better than it used to be.)

How Apple's alternative payment system works
Source: Apple

Apple does deserve some cut of transactions—running the App Store does entail significant costs—but well below the standard 30%.

Apple also has a history of frustrating developers in other ways. It sometimes rejects apps for seemingly arbitrary reasons. It doesn’t do a good job blocking clones and copies of popular apps, which can damage small developers. It puts in obnoxious requirements, like requiring developers to use “Sign in with Apple” if they also enable “Sign in with Google” or any other third-party sign-in service. Plus, there are entire categories of apps Apple simply doesn’t want on its platform and won’t accept into the App Store.

Regardless, money, more than frustration, is what drives the push for alternative app stores. I highly doubt Epic Games is suing Apple for any reason other than the cash. It just so happens that Epic Games has its own app store for games where it takes a cut of all the sales from the developers in its ecosystem. Just like Apple does now. And no, the Epic Games Store doesn’t allow alternative stores within it, either.

Money comes into play in another way, too: privacy. Some developers and payment providers want to track users and their purchases so they can further monetize this information. Right now, Apple owns the customer relationship for in-app purchases, which is why, for example, you aren’t spammed by every app you ever downloaded. If you don’t create an account with a particular developer, they have no idea who you are. Also, if you sign up for a subscription to something in the App Store, it appears on your account and you can cancel whenever you want without having to jump through any hoops.

In short, Apple enforces its philosophy that you are the customer, not the product being sold. There are robust ecosystems to track and sell your data that are significantly more restricted on iOS than Android because of Apple’s requirements. For example, Facebook is losing billions of dollars because Apple now forces the Facebook app to ask users for permission to track them. Well, and because 96% of users in the US opt out when asked.

Why are regulators forcing Apple to support alternative app stores?

Many companies have been unhappy with the App Store’s restrictions and financial model. Some of these companies, like Epic Games, have sued Apple in an attempt to force changes via the courts, while others have been lobbying governments. Apple is a huge target, and the European Union, in particular, is open to using regional regulations to increase the competitiveness of its local businesses by forcing interoperability.

Global technology companies like Apple, Google, and Meta (Facebook) are facing increasing scrutiny worldwide due to their dominance across society. Issues surrounding alternative app stores and sideloading are among the many regulatory questions surrounding the tech giants, along with antitrust investigations, encryption regulations, and complex issues around content moderation and ownership.

From one perspective, it seems unfair to force Apple to allow alternative app stores, given that it built a completely contained robust marketplace in a world with Android’s even larger competitive ecosystem.

The opposing view recognizes that mobile devices have become essential and ubiquitous—in the future, everyday activities will be more difficult or even impossible without one. (In some places, you now need a smartphone to scan a QR code at a restaurant even to see a menu.) That points toward governments wanting some say in how their citizens are treated. The world is dominated by just two platforms, Apple and Google, both of which rely on their own app stores (Google also takes a 30% cut), but only Apple’s is mandatory.

Right now, the European Union is the biggest threat to Apple’s model because of its sheer size and influence. But we also see lawsuits and proposed regulations here in the United States, including the Epic vs. Apple case, which is on appeal. (Full disclosure: I signed an amicus brief to the courts in that case highlighting the dangers of alternative app stores.)

Couldn’t Apple just allow alternative payment systems and keep the App Store secure?

It may be too late to prevent governments—or possibly the courts—from forcing Apple to support alternative app stores and maybe even sideloading. Apple had many years to respond to the complaints and concerns that led companies to file lawsuits and lobby lawmakers. When Apple talks about keeping the App Store locked down and exclusive, it always focuses on security without acknowledging the financial side of the equation.

I believe that Apple could have reduced the likelihood of being forced to accept alternative app stores and sideloading by decoupling the security of the App Store from payments. Apple continues to fail to discuss or even consider App Store payments separately from App Store security, but the two are only slightly related. (Apple has some legitimate concern in preventing customers from being scammed by alternative payment systems, but that’s largely unrelated to platform security.) I can’t help but think that developer complaints would have been far more muted had Apple loosened some of its payment restrictions and percentages more aggressively. Apple might not be in this position today if it has been more responsive to developers in the past.

Courts and regulators aren’t technology experts and seldom understand subtleties like the difference between payments and security. They tend to use a sledgehammer instead of a screwdriver. Apple simply let App Store dissatisfaction simmer for too long.

What will happen now?

Sadly, from my perspective as a security expert, I think that courts and regulators will force Apple to support both alternative app stores and sideloading within the next few years. This will materially increase the security risk on iOS devices, especially for those less familiar with technology who don’t understand the security risks. It will start in Europe but quickly spread to other regions, including the US. It could also have larger implications in markets like China, where the government will likely try to exert even more control over what Chinese citizens can buy—imagine a highly regulated Great Bazaar to match China’s Great Firewall.

As Apple customers, we can still protect ourselves. Personally, I plan to stick with Apple’s official App Store and will continue to recommend the same to anyone willing to listen. I fully expect Apple to default to the same level of security we have today and require users to jump through a (hopefully) painful process to authorize other app stores and sideloading. I also fear that, at least at the start, the technical updates required to support alternative app stores will create new attack surfaces and security vulnerabilities that could have a broad impact.

If any lawmakers, regulators, or judges are reading, I implore you to explore the implications of such requirements and consider that there are options to force payment processing changes rather than blowing up the entire security model that has kept iPhones so safe for over a decade.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 31 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About Apple’s App Store Stubbornness May Be iOS’s Greatest Security Vulnerability

Notable Replies

  1. Why do you still say that sideloading “compromises” the security? Even on the Mac the apps are signed and notarised. The only check that Apple does takes 10 minutes to verify that an app does what it says. What do you think that a reviewer can do in 10 minutes?

    Many developers get rejected for the most ridiculous reasons. That’s what the app review is for me. And not something that ensures security.

    It’s also trivial to make a fraudulent app pass the review. Just check what Kosta Eleftheriou found out with super simple data.

    I develop a macOS app and don’t do iOS.

  2. Signing and notarization on the Mac only tell you who to blame, and give Apple an emergency rip cord, but they don’t preemptively prevent you from rogue applications.

  3. https://www.makeuseof.com/sideloading-installing-apps-risk/amp/

  4. Here’s Google’s answers to why side loading apps is extremely dangerous:

    https://support.google.com/android/thread/147764727/how-do-i-download-apps-that-arent-from-play-store?hl=en

    As well as this:

    And the results of an excursion into side loading by one of the powers that be at Malwarebytes:

  5. But there’s one huge difference here - Google allows third-party app stores. For nearly everybody, side-loading is unnecessary. I’ve only used it for work, in order to install apps that were written by a co-worker as part of a proof-of-concept development effort for a customer.

    You can explicitly grant an android app the ability to install an application package. As a matter of fact, that’s how side-loading works - you copy a package to the file system and (at least the way I’ve done it on my Samsung phone), you grant your file manager installation permissions. Then when the file manager opens the package file, you are asked if you want to install it and after you say yes, it installs.

    The Google Play Store automatically has permission to install apps - since it wouldn’t work otherwise. You can grant this permission to other apps. This is how (for example) the Amazon app store works. It’s just another app on your phone, but it has app-install permission, which it uses when you download and install a purchase.

    I think Apple could do the same thing, if they wanted to. They could grant app-install permissions to third-party app store applications (e.g. Amazon), which would be distributed as free apps on Apple’s app store. They can be as careful as they want to make sure only legitimate software resellers that supervise what they sell (to block malware and pirated software and such) are allowed to release app store apps.

    I think doing this would satisfy most government regulators without allowing full-blown side-loading. The only potential catch here is that there will always be some app stores that get denied permission and some will complain and threaten lawsuits. So Apple needs a very clear-cut and well-documented set of standards and they must stick to them no matter how inconvenient they might be for some stores.

    And the nice thing is that Apple already has the software infrastructure in place. A third-party app store is conceptually not much different from a corporate profile (which allows installation of corporate apps from a corporate server on phones managed by that corporation). It will really just come down to business policy, not any technological change.

  6. I’m very sorry the App Store hasn’t worked out for you. I do hope that you’ll be able to do some adjusting and resubmit, and get a positive result soon. But like just about every retail operation across the globe, the powers that be in stores get to decide what they will, or will not sell, for whatever reason they want.

  7. Josh Centers’ Aug 2020 TidBITS posting doesn’t discuss sideloading per se, but it does delve heavily into the App Store and its various issues. Just thought I would reference it here.

  8. Of the entire chain of security listed in the article, the only one that is omitted in sideloading is the app store review.

    Everything automatic in the App Store review can be done before notarising the app as well.

    So the only thing extra is some Apple Employee launching your app and verifying that for the first few minutes that the application vaguely does what it says it does. But nothing stops the application from waiting until next month (or any other signal) and changing its behaviour entirely. So the app review servers no security purpose - its purpose is purely to disallow honest developers from breaking Apple’s (often unwritten) rules in how they behave. App Review is entirely to control applications for Apple’s benefit.

    There is no additional security in App Review, and therefore no loss of security in sideloading.

    Meanwhile there are whole categories of applications that will never be written while Apple has absolute control over what applications can be distributed. This is a huge, unknown, loss to all iPhones users, one that is impossible to quantify.

  9. Thanks for remembering! Rich and I are very much at philosophical odds here, but I respect his well-informed opinions.

  10. This came up from someone on Twitter as well. I think the issue is if notarization would still be considered acceptable to the regulators and competitors (and Apple). I suspect I internally self negotiated out of that being a viable option.

    The automated/anti-malware reviews could be included still… but would that fly? Apple would still be the gatekeeper so… I’m willing to admit it could work. I think it would still be less secure/private but to a much smaller degree than fully-ungoverned side loading. I believe you are saying that a notarization review would still have some level of nominal security checks, please correct me if I’m wrong. I’m also assuming that you mean notarized apps would still have entitlement enforcement and sandboxing (I don’t mean apple reviewing the entitlements, but the entitlements triggering user consent).

    I’d prefer to see Apple being held more accountable for App Review improving security (including updates) than saying they suck at it so let’s just get rid of it. Clearly it works to a large degree due to the very limited amount of malware we’ve seen.

  11. Oh, I agree Apple has screwed up a lot in the App Store. I just want to keep the ecosystem as safe as it is right now.

  12. What the whining programmers don’t consider is that before Apple created its App Store Model, programmers were at the mercy of the publishers they had to sell through and received way less than the 70% which Apple would be paying them. So if the EU requires Apple to let other publishers sell apps, the whining programmers of of those apps will be paid less & less. Sounds like they are being penny wise and pound foolish to me.

  13. Of course, sideloading is nothing new—it’s how things work on the Mac today, where you can install any app from any source.

    I never thought I’d see the day where TidBITS would derogatively refer to installing an app on my Mac as “sideloading.” Sad to see you try to make people think they’re in danger if they buy products from your sponsors.

    even tech-savvy users will be forced to install Facebook, Instagram, and WhatsApp.

    Nope. Nopity nope nope. Who’s forcing you to? They haven’t forced me. Hard pass.

    What if your bank only supports an alternative store?

    Are you kidding me? Can you point me to any example of this happening in Android world or is this just fear mongering?

    The only difference back then was that we only loaded games from physical media, like cartridges or CD-ROMs.

    In other words, what you call “sideloading” elsewhere. At the time this is also how we got apps onto our computers.

    I’m extremely hopeful that the government will stop the abuse that Apple has foisted on its customers. By demanding to have universal control over what we can use the computers in our pockets for, Apple harms it’s users and the market. Security may indeed decrease some, but look on the bright side:

    1. As you’ve already admitted, the choice is with the user. If you want to stay as secure as possible, just stick with Apple’s store.

    2. You’re a security guy. If other people don’t listen and security suffers, there’ll be more money flowing to your part of the economy. :slight_smile:

  14. Mac notarised applications do not have to be sandboxed.

    All applications are subject to the local consent and security restraints (and it would be nice if these were not so horrendously buggy on the Mac, which leaves me with little confidence that the actually security works properly).

    I’m not really sure that notorisation really adds any security anyway. Realistically, even if Apple static checks the application, applications are, by definition, Turing complete, and can get around those restrictions if they can generate their own code.

    What signing does provide is a way for Apple to remotely kill (and preventatively stop from executing in the future) specific application and/or developers.

    I am not opposed to either of these (the notorisation require and the remote kill-ability) remaining as long as the restrictions are strictly based on security threats.

    The problem with the App Review is a) it is pure security theatre and adds nothing at all, and b) it exists purely for Apple’s control, to limit what can be done to only what Apple allows, which I find needlessly (even offensively) restrictive. I just learnt today that I cannot even write a Car Play application for my own phone and my own car without getting Apple’s permission. That is simply an unacceptable restriction on my use of my own devices.

    The only effective security is the security that happens on the device. This is true regardless of the App Store or App Review. Signing/Notarisation allows the user to know that the app a) has been written by a known developer; b) has not been modified by a fourth-party; c) has not been actively killed as malicious by Apple, so it does have value.

  15. Without wanting to be rude, this is utter rubbish. Sorry, but it really is.

    I am a “whining programmers” in this regard, and I have been making a living selling my apps on the Internet since 1994. A typical cost would be less than 10%.

    And I am far from unique. Lots of software, probably most software, was available for sale on the Internet before the iPhone was event released, and with costs under 10%.

    The fact that Apple has tried (and apparently succeeded!) to convince people that there was no Internet sales of software before the introduction of the App Store is downright deceptive.

    Here is just the list of Top Sellers on Kagi in early 2007:

    Those are just the indies - all the major software houses had online stores as well.

    And pretty much none of them have online store expenses of more than 10%.

  16. Of course this is true. However, it was like the Wild, Wild West out there. Remember the days when shareware was the big thing? It’s still alive and easily available:

    Way back then, digital viruses were spreading faster and wider than Covid variants are today. Security, esp. payment security, was iffy. Global payments were even iffier, as were managing local and international taxation issues. So was privacy. And fraud was a huge issue as well.

    To participate in Apple’s App Store, developers do have to jump through hoops. Like in other most other retail venues in the free world, the owner gets to choose what they will sell, and what they will charge for stocking products. And Apple focuses on benefits to consumers as well as to developers. And I think that the costs of running the App Store must be very significant.

  17. On the consumer side, I remember very well the old days of software sales – it was chaotic, confusing, and hard to monitor. Entire web sites were dedicated to keeping track of various software packages and whether they’d been updated. It was a pain and I much prefer the centralized nature of the App Store: automatic updates* & one place to look for software.

    *Automatic updating techniques obviously arrived pre-Apple store but I found them unreliable.

  18. No they weren’t. Very hard to take you seriously when you make such outlandish claims. Viruses have never been a substantial problem on the Mac.

  19. I disagree.

    Kagi was well established (10+ years) with thousands of developers, processing many millions of dollars of sales. Other players were also in the market. And most of the big name software like Adobe and Microsoft had their own stores.

    On Windows, sure. On the Mac, not at all. Mac viruses were essentially eliminated by a cabal of anti-viral developers in the 90s, which restricted the number of viruses on the Mac to virtually none, and thus allowed easy management for them - essentially a reverse of Broken Window Syndrome. The last serious virus on the Mac back then was dealt with so effectively that the within days of its release the virus author was in jail.

    If Apple’s App Store is so fantastic for customers and developers, then it should have no trouble competing with sideloading. Apple wont allow sideloading specifically because the App Store is not good enough to compete on its own merits.

    The App Store is full of fraudulent scams (that Apple receives 30% of the revenue for, making them complicit in the fraud).

    There is no way the costs of running the App Store exceed 10% of its revenue.

  20. Only if you were extremely cavalier and careless. (Or used Microsoft Outlook and Internet Explorer, but that’s the same thing. :slight_smile: I never had a problem with command-line tools and later the Netscape/Mozilla suite.)

    I’ve been downloading shareware/freeware apps from the Internet since before there was a “WWW” and I’ve never even once downloaded a virus. And this was mostly DOS and Windows applications.

    It all comes down to where you choose to get your software. If you download from a server with responsible operators, that scan for and block malware, then you’re mostly going to be safe. And if you perform your own scans on what you download before trying to install/run it, that is about as good as you’re going to get.

    No need to limit yourself to an app store that’s officially approved by the OS provider.

    As a matter of fact, that’s hardly a guarantee. The one time I got a virus on my PC (running Windows 95, if I remember correctly), it got installed via Windows Update. That’s right - Microsoft’s own update server somehow got a virus-infected update, which they distributed. When I reported it to them, they denied that it was even possible, but I know for a fact that it was them because I wiped the computer (reinstalling from CD), and the same virus appeared immediately after installing the first update.

  21. Part of the fantastic-ness is that it doesn’t allow side-loading. Taking away its best feature is not a good way to win that competition.

  22. No. That’s not a feature of the App Store. That’s a feature of the operating system.

    Even if side-loading was allowed, anybody who chose to only use the App Store would receive exactly the same features and benefits as the App Store currently has.

    Side-loading changes nothing about the App Store.

  23. and even tech-savvy users will be forced to install Facebook, Instagram, and WhatsApp.

    Nope. Never had any of those. Likely never will. My life is just fine without them, thankyouverymuch.

    I’ve been “sideloading” on my Macs since 1984. Never had a problem. Sure, you need to research where you get your stuff from. And yes, that is work. And sure, some people will get in trouble because they are not willing/able to do that work. That’s just the way the world is. I prefer to do that little bit of extra work even on my iPhone than live in a world where two private companies alone get to dictate without any common-sense regulation the devices that are slowly but surely becoming a bare necessity just to get through everyday life. As mentioned by others before.

    My personal views on this issue and Apple specifically would be different if iOS were a 5% platform for a select few and you could claim whoever doesn’t want to abide by Apple’s closed App Store rules can go check out those other 95%. But at least in the US, and especially around this part of the US, iPhone is a major platform, of just two. That’s not choice, that’s duopoly. So if Apple doesn’t budge on its own, I expect regulation to kick in. In a world where there’d be 10 such platforms each with distributed market shares we could let the market duke it out. But that’s 5th grader libertarian fantasy land, not the actual world we live in. Ours is that of mostly unregulated duopoly. Now perhaps US regulators can get away with not doing their jobs (repeatedly), so then I’m more than happy to watch the EU clobber Apple into submission. Will that have undesired side effects? I’m certain it will. Will I regret that? I sure will. But does that in itself present a reason to just let Apple continue as it has in the past? Not a chance.

  24. It’s part of the entirety of the security system that Apple has set up, and it’s inextricably linked with the App Store, so I consider them part and parcel of the same thing.

  25. I want to roll up my responses to a few different points here.

    First, I completely agree that Apple has some capricious and developer-unfriendly policies in place. They also have some arbitrary enforcement (a lot from what I hear). Those are all issues I believe Apple needs to address and I’ve been knocking them for it for years. It’s the reason we used the title for the article that we did- Apple created this situation directly due to those policies, which aren’t all just about the payments/percentages.

    Second, malware was an unmitigated disaster on Windows until relatively recently. It was so bad the US government notified Microsoft that they, the largest IT buyer in the world, would stop buying MS products if the situation wasn’t changed. This resulted in the Trustworthy Computing Initiative in 2001 (I think, being lazy). Malware is still a problem on Windows today - for multiple reasons and Microsoft is also moving to an App Store model (not mandatory) to provide a “safer” experience. Again, very early days here.

    Macs simply weren’t a big enough target back then. They barely are today, but we do see greater targeting compared to the years mentioned here. Apple has has WAY better security now than 10 years ago. Far from perfect, but much better. Personally I advise friends and family to mostly just buy from the Mac App Store or well-known developers. Some still get annoying malware (mostly minor stuff so far that’s been easy to clean).

    On to iOS- clearly a much bigger target. Apple recognized this early and started taking security more seriously. I know this because… I know some people involved and will leave it at that.

    Back to notarization… yep, no scanning on Mac, no sandboxing. I would want both of those for iOS. I want NOTHING that compromises the sandbox. That’s my personal opinion based on 20+ years of working in security. It’s okay if you disagree, just my perspective. Notarization that respects the sandbox and entitlements could be a compromise. Still not my choice, but better than open-field side loading.

    In the end, much of this is about to be out of Apple’s hands anyway. They have been too slow to realize the risk and I don’t see this turning out well. Regulators are the last people I trust to make these decisions.

  26. Thanks for your response. I certainly agree with this part:

    I’d prefer that compromise. The sandbox is important, and as some of the security features from iOS move to MacOS, I’m happy. I’ve even been somewhat pleased that as Apple has added security to their latest computer hardware, that they haven’t prevented me from running Linux or other OSes if I want to. I think that’s important.

  27. mogull has saved me a lot of time by expressing my position fairly well.

    In over 30 years of supporting company security teams and many diverse users, I have found VAX/VMS and macOS to have been and to be my favorite environments because of continually increasing security capabilities with each OS release. I currently support users of Microsoft Windows and OS X, macOS, and all the device variants of iOS. I applaud the continuing vendor efforts toward a consistent and safe user environment.

    My biggest fear is that the existing Apple environment will be dismantled and become as disjointed as the Windows environment. As a regular user of Microsoft and Apple operating systems as well as supporter of diverse users of both, I find the current Apple model superior regarding ease of support and integration between OS and devices. Currently, I don’t worry much about what iOS users install – I can still support them. But, if the gazillions of iOS devices have anarchic software, the Users may not want to pay for my time required to support them.

    The proper target for our wrath is not closed software distribution as much as the apparently inconsistency of software review in Apple’s app stores.

  28. Unless you work for Apple…that statement has no basis in fact because Apple employees and only Apple employees (plus their accountants) know the cost of the store…and is most certainly more than just the cost of the hardware and bandwidth used. Office space, taxes, overhead, executive salaries, charitable donations, software engineering and many other corporate expenses are charged proportionately to departments or groups in the company…that’s the way business works and how expenses are allocated.

    That said…Apple is a business and absent being a regulated monopoly…it isn’t any of the government’s business how they run their business or how much profit they make…making a profit is really the sole goal of a business regardless of how many liberal or conservative or environmental or firearms or abortion or whatever causes they tout.

    And that said…it seems obvious that various governments around the world are going to stick their noses in anyway…and wrongfully IMO…and force side loading and 3rd party payment systems. When they do…Apple should force users to make a choice…you can have the Apple store or the 3rd party stores…and flipping the switch to 3rd party results in user agreement which is transmitted to Apple that Apple is not responsible. If a user switches back to the Apple store via settings…non Apple store apps get deleted…again with user approval via dialog and transmission to Apple. Same with 3rd party payment systems…if a dev chooses to use one then the dev either uses his own store or a 3rd party store or can use Apple’s but the dev gets charged for using Apple’s store…they don’t get to use Apple’s infrastructure for free.

    The walled garden is an Apple specific feature which millions of users want…those users and devs that don’t like it are free to go to Android or elsewhere. Same issue with forcing Messages to interact with all messaging platforms…there are other apps and OSes that do that…and again users have a choice…and millions of users have made the choice that the advantages of the walled garden offset the disadvantages which are clearly existent…but those users simply made a choice.

  29. That walled garden has been a blessing to my ability to support users.

  30. You’re simply begging the question. The fact that they are a monopoly is what allows them to have 100% of the market. It’s not an argument to say, but if we broke up the monopoly then they wouldn’t be a monopoly.

    Those who say they are doing a great job do need to face the fact if they are doing a great job they should be able to compete in a free market.

    It’s not secret knowledge that Apple is making more and more of their money on services. Let’s not pretend like 30% isn’t very profitable for them. I don’t want the government to dictate the percentage, but I’m less worried about demanding that Apple let users choose what to run on their own hardware.

    No, there are a lot of walled gardens. It’s not just Apple-specific.

    I think you meant to say “which millions of users have grudgingly accepted in order to get an iPhone.” I remember all the other examples things that competitors did or the jailbreaking scene added, that Apple eventually did. So many people said those things would be terrible… all the way up until Apple did them. Then all of the sudden it was great because Apple was doing it. This feels remarkably similar.

    Today: “Sideloading will be terrible!”

    My bet about tomorrow: “Sideloading is so amazing. Apple is the only company that could allow sideloading in this amazing way so that we still have security!”

  31. They’re not a monopoly in the smartphone market place – there are clear and successful alternatives to iOS. If I wanted an open architecture, I would switch to Android. I’d rather have a closed system, which is one of the reasons that I stay with iOS.

    Measuring success only by its ability to survive in a free market is what destroyed all the little mom&pop stores in the 1970s, hollowed out city centers in the United States, and put everything in giant warehouse stores at the city margins. We got things like Walmart and Amazon because of an irrational devotion to the free market.

  32. They are the only place to buy Apple products and services…but since Android exists they are no more a monopoly than PlayStation is…there are many other hardware and OS and software sources…they’re just not sources for Apple products and services. As I said…millions of users choose Apple…and for probably the vast majority the security (albeit not perfect but way beyond Android and Windows) of the walled garden was a key consideration in the decision to buy an admittedly more expensive product up front but largely cheaper in the long run. Saying there a monopoly because they are the only sellers of Apple products and services is like saying Ford or BMW or RAM or Canon or Nikon or Waterford Crystal are monopolies because they’re the only sources for their products and services. It’s a specious strawman argument.

    Apple does not do everything right with either their hardware, software, or store…and they should listen more to users and devs and fix what they can within their vision for what Apple OSes are supposed to look like and work like…but gain those are their business decisions to make…not the court’s or government’s because of so called anti competitiveness or user friendliness or cross platform capability…dumbing things down to the lowest common denominator is…well…dumb.

    Whether Apple could or could not compete in a free market is irrelevant to the simple fact that Apple…being NOT a monopoly…should conduct their business strategies as Mr. Cook, his staff, and the board think they should conduct their business. Whether you or I or the EU government thinks that their decisions are the best ones for Apple doesn’t matter in the absence of monopoly considerations.

  33. Thanks, Peter. You said what I wanted to say better than I could have. And this is the most important point in this entire conversation.

    Even these Apple-granted entitlements sound like a joke to me because we already have the user-granted Privacy prompts. I guess it’s reasonable that Apple could protect users, based on a human evaluation, from even being prompted to grant something ridiculous like Tetris access to your address book. But I’m not sure that’s a strong argument against side loading.

    Apple’s dishonesty by muddying the conversation and conflating disjoint concerns and technologies diminishes my respect for Cook.

  34. Most probably Apple does not want to have to deal with having its help services swamped with calls about scams, viruses, malware, etc. Side loading would be equally bad for customers and businesses as well as Apple. For years, Android has had ongoing concerns due to sideloading:

    https://www.androidpolice.com/2021/02/08/heres-why-some-google-app-updates-cant-be-sideloaded-on-android-11/

    Security and protecting consumers are among Apple’s biggest, and most effective, selling points. The overwhelming numbers of people who seem to be whining about it are developers. Like Tim Cook has said many times…if you want to side load apps, get an Android:

    And Craig Federighi:

    Apple has a thorough description about the threats of side loading:

  35. Well, with the App Store, only Apple has my payment details. I don’t have to worry about the developer having adequate security for my payment details; I don’t have to worry about having my credit card details leaked by a security breach except at Apple. And if there is a subscription involved, it’s a simple process to cancel the subscription. I won’t have to call anybody, write a notarized letter, etc., to cancel a subscription.

    I hope that if sideloading and third party app stores are required that I can have an option in settings that will prevent sideloading (as is the case by default for Android) and that there is some sort of warning before I approve a purchase/subscription to a third party. I hope especially that family sharing plans have this so family organizers can lock down their kids’ devices.

  36. I’ll just leave this here:

  37. Thanks for the anecdote. Do you have data that suggests this is widespread?

  38. Apple is in the business of selling great user experiences that offer more in “use value” than they charge in “cash value”. No consumers were mislead or fooled about the nature of Apple’s walled garden eco-system. Apple’s curated eco-system is a key feature of the iPhone that consumers factor in when considering its value proposition. To take this feature away from hundreds of millions of consumers who paid for it would be stealing.

    Apple has sold over a billion iOS devices and consistently ranks #1 in customer satisfaction. If you believe the App Store isn’t “competitive”, what do you base that on?

    Consider the services the App Store provides:

    • In app licensing system.
    • Web hosting for software downloads.
    • Automated one button software install and update.
    • Online E-commerce integration.
    • Payment processing in hundreds of countries including tax compliance.
    • Software review and code signing to help protect users from malware.
    • Marketing exposure as part of one-stop searchable software library.
    • Developer tools and documentation for writing and publishing platform software.
    • Created software platform with huge addressable market.
    • Ongoing support of large and expanding software eco-system.

    80% of the apps in the App Store are free and pay no commission beyond $100/year to be a member of Apple’s Developer program.

    You can’t get all these services for less than 10-15% unless you pay to design, build, and maintain some of them yourself. I’ve been selling Mac software on the web since 1998 and had to build my own store to accept credit cards and send out registration keys before most others existed.

    There are several areas where Apple needs to do better to play fair based on their current size and market power. In my view, breaking the single curated App Store model is missing the point and would be shooting iPhone users in the foot.

  39. Rich: Maybe I’m missing something here, after all I’m not a security guru, but would I be right in saying that, in a world where there were alternative app stores and sideloading was possible, then the only people at risk would be the people who used them? In other words buying an Apple device and only using the Apple app store would be as safe an option as it is today.

    If that is correct, would not a potential / appropriate Apple response be: if you want to stay safe, we have your back, but if you want to play Russian Roulette then feel free?

    The (a?) problem would be if the app that you really, absolutely, unavoidably, desperately must have was only available on a competing store and not on the Apple one. My contention would be that the vast majority of ordinary users would stay with the Apple store, inertia if nothing else :innocent:, so if the developer of that absolutely essential app would have an incentive to release it on the Apple store.

  40. Israeli firms have found ways to compromise the security of both iOS and Android phones without the user needing to download an app. The question is whether it’s easier to compromise an Android phone than an iOS phone in general, even if the Android owner only uses apps downloaded from the trusted Android store. It seems like there is a natural experiment in progress as a result of the differing security models. That is, the answer to your question might be in the real-life experience of Android phone users who are security conscious.

  41. This fails the “My Mom” test – what would happen to my elderly mother when screen pops up asking her to authorize side-loading? Not good things.

    But I’ll ask again, of everyone in this thread: as a consumer, what specific problem is this causing you? What are you missing because Apple won’t let you side load?

  42. Yes, I accept that, but think about the warning that pops up in eg Google Chrome when you try to go to an “insecure” web site. I could imagine a similar thing built in to the Apple ecosystem which asks “are you really, really sure you want to do this?”

  43. Or Apple could stay with no side loading and my Mom would have one less thing that confused her and possibly caused problems.

  44. Absolutely, but by the sounds of it that’s not an option going forward.

  45. Nothing has passed yet.

  46. It’s the social engineering- people are fooled constantly to disable security controls on their computers today. With the scale of iPhones this becomes a much worse issue.

  47. To add- people click through those warnings all the time. Last year I had to clean the Macs of both an older relative and a friend of my wife. Both of them said “I was so stupid” but they did it anyway.

    Humans are… mushy.

  48. Remember when Napster was a free file sharing site? It had the record, and other, industries quaking in their boots over lost revenue, and people were using it despite the fact that it also became a haven for malware. The US and other governments defanged it because of copyright infringements, not because of the rampant malware. People were willing to take the risk for freebies. A huge % of its membership, literally millions and millions across the globe, took the risk, regardless of the security issues.

    Steve Jobs was able to totally upend the way music was sold with the introduction of iTunes and iPod. A very big reason for the success of iTunes was that it was a very safe and secure app, and one that you could trust your credit card with.

  49. Did you even look at the article and tweets?

    One developer that is clearly fraudulent is responsible for 3 of the top grossing apps as well as 3 of the top free apps. But we’re not just talking about it being widespread, which it is. We’re also talking about the fact that Apple refuses to protect its users in its walled guard from the predatory practices of these sorts of developers when they are reported.

    Both of these facts are important in a discussion where people are lauding Apple for doing such a good job preventing these sorts of apps and protecting the users.

  50. It’s never been particularly dangerous to download an MP3, which is almost exclusively what Napster was used for. Such scare tactics about how big, bad and scary Napster was came directly from the mouths of the abusive media companies. So you quoting them in this context only further erodes your position in the eyes of anybody who actually used Napster at the time. FUD is not an argument.

  51. I’m not a big defender of Apple’s app review process, which I think is still struggling from growing pains and lack of focus on Apple’s part (I don’t believe Apple is malicious in how they handle the reviews, but their inconsistency is a side effect of their lack of organization and poor planning), but I can’t say app review is utterly useless or that side loading is a good idea.

    Case in point is I just finished watching Showtime’s “Super-Pumped” series about the rise and fall of Uber. Now I’d heard most of the leaked information about Uber’s slimy business practices before the series, but there was a scene in the show that depicted Apple threatening to kick Uber out of the App Store, which would have killed the company. I don’t know how much truth there was in that, but it was interesting, because Uber managed to circumvent (i.e. fool) Apple’s review process by doing sleazy tactics like incorporating a geofence in their app so that if the app was running near Cupertino it would behave well, but once it was outside of that circle, it would suck user’s data and track them, etc. against Apple’s rules. Once Apple caught onto this, Uber had to clean up their act or go out of business.

    Then there’s the case of Facebook who famously abused enterprise certificates to enable side-loading of a privacy-violating app onto iPhones.

    These are giant companies doing everything they can to skirt Apple’s rules that protect us users from abuse – can you imagine what those companies would do if Apple wasn’t there to stop them? And what about the zillions of tiny companies who have even less to lose than the giants?

    App review isn’t perfect, but it does catch and prevent a lot of bad behavior. Side loading eliminates that completely. Companies like Facebook would soon push their users to download the “official” app on their own website and who knows what that app would do with no one to regulate it.

    The bottom line is that it is a handful of developers and politicians who are complaining about Apple’s “monopoly,” not users. Users are quite happy with the status quo (and those who aren’t can switch to Android).

  52. If I could name one thing that could definitely be better, it’s subscription to digital services plus payments for digital goods in third party apps. You cannot purchase Kindle books within the Kindle app or the Amazon app (though you can if you go to Amazon’s web site in a browser.) At least for now, you cannot subscribe to Netflix within the Netflix app, or to YouTube TV within its app. Issues like this are not, to quote @silbey, “my mom” friendly.

    There are probably other issues, such as Microsoft’s game streaming service. It seems silly to require running in a browser rather than within an app.

    I’m not sure that I am saying that. At least for me, what I am saying is that I think that Apple does a better job of this (for the average user particularly) than I fear a third-party App Store would or that side-loading would for users. (Saying that, the Amazon App Store for Android I remember being fine.)

    When I search in the App Store, Googe’s app always comes up first when I search for Google Calendar, Gmail, or Google Drive. Dropbox’s app always comes up first when I search for Dropbox (even when I misspell it “Dripbox”). For the one billion users of the App Store, including “my mom”, that’s good enough. Yes, Apple can and should do better. But they do well enough I think.

  53. I did! That’s why I asked the question.

    What’s also important is knowing how widespread the problem, both absolutely and comparatively. Every large complex system is going to have failures. The issue is whether the system is better or worse than other, different systems. So, again my question: how widespread are situations like this?

  54. @siLBey, not @sibley, but that’s a good example. I have to say though, I do like the centralization of subscriptions that gives — managing through Apple simplifies things a lot.

  55. That was my thought if government overrules common sense and forces the issue…but the App Store use should be an either or situation….and if you switch stores the apps from the other store get deleted. You either have the walled garden with Apple’s approved apps or ypu have the other one and only out of the box Apple apps and those won’t get updated since you’re not in Apple’s store. And which store you’re using gets reported back to Apple with the AppleID it pertains to…so that Apple can say tough nuggies if you get screwed by the other store. One would have to be able to go back and forth between stores to get originally installed Apple apps to update but every time you switch all other apps from the other store get deleted with their data…that way the chance of iOS contamination gets minimized.

    In other words…allow 3rd party stores but make it hard to switch back and forth and make it explicitly known and agreed to by the user that you’re on your own.

  56. You’re right of course…and government should not be sticking their noses into the business practices of a not a monopoly company anyway…but unfortunately people of a certain political persuasion won’t be able to help them selves and will pass such laws and regulations. They might be eventually tossed out as unconstitutional or whatever the equivalent in the EU is or China or whatever…but Apple should be ahead of the game in having a pre figured out answer to this problem.

  57. OK, this is veering dangerously into political territory, and I’ll be deleting posts in that vein.

  58. Forcing people and app developers to choose all or nothing is spiteful and vindictive.

    Such behavior from Apple just because I downloaded an app that they didn’t get paid for would drive me straight to the arms of their competitors. I’m sure they can do a better job addressing your concerns and mine than what you’ve proposed.

  59. Yes, and kudos to ESPN+, Peacock, and Hulu (among others) who take the 15% hit to take subscriptions as in-app payments.

  60. I completely disagree. Apple has legitimate business and security interests in maintaining their own store…and realistically I think any attempt in 5he US anyway to force them otherwise is doomed to fail. They also have legitimate interests both security and business wise in not being blamed for something that happens on a store they don’t control…and legitimate interest in getting paid for the ecosystem they developed.

    That said…while I think the forced opening laws currently under consideration are incorrect and would eventually get tossed…and I’m treading carefully to not cross Adams politics line…it wouldn’t surprise me if they passed and were signed with the inevitable lawsuits being decided 5 years later…and in that case…what we used to call good engineering practice would point Apple towards a pending the lawsuit alternative that caused the least amount of damage to Apple’s legitimate business, economic, and ecosystem concerns. Is it exactly what I suggest? Maybe…maybe not…but they have a lot of smart engineers, lawyers, and business people to figure out ahead of time what they will do if xx or yy happens. Just like having macOS running on Intel years before that switch and on A series chips years before we saw the M1…it’s just being smart and proactive on their part.

    Allowing both stores simultaneously available on iOS is a losing proposition for their legitimate economic and security interests…because when Joe User loses $15,000 because of an app that was distributed on say the Epic store and that Apple had zero control over…Joe. user, his lawyer, and the Apple haters in some of the media aren’t going to blame Epic…they’re going to blame Apple.

    And it isn’t all or nothing…it’s either or. The user has a choice.

  61. I can just see it now:

    You’re email address has signed up for access to apps delivered by our competitors, therefore we are cancelling your subscription to iCloud, removing your access to all of the apps we’ve deemed incompatible with your security choices, including iPhoto, Photos.app, Pages, Numbers, Calendar, etc.

    TouchID and FaceID have been disabled lest somebody else learn what you or your finger look like. Your security is our top priority.

    Your iCloud drive has been emptied for the sake of protecting your privacy and ability to make free choices. Your photos have been deleted. Your wallet balance has been emptied. Your phone will no longer work with Messages, and all of your message history has been removed. We understand your desire for security and privacy, so we are sure you are happy to know we have been proactive to protect you.

    Because we value your safety, your phone can no longer access your contacts list, nor dial, lest a rogue app take advantage of your lapse in proper priorities. Of course, if you’d like to call emergency services, as always, you can count on Apple.

    We hope you enjoy your iPhone with alternative software and services!

  62. Napster started out to be just MP3s, but it very quickly evolved to be almost anything uploadable or downloadable. But it was basically a peer to peer format that enabled fonts, applications, artwork, etc. to be downloaded. Music was always dominant and therefore the most affected financially, but just about any content that could be condensed, uploaded and downloaded was able to participate in the service.

  63. 30% does add up, and Apple is doing very well with the continuing growth of their services. However, they traditionally don’t break out what each service earns individually when they are reporting. I stumbled upon a very interesting article about how Steve Jobs’ profit margins from the 30% take for iTunes sales were so low that it flabbergasted the record labels he pitched the service to. Microsoft and others had pitched had much higher rates to them, only to be turned down. They thought Steve was bat s—- crazy, but the cut was so ridiculously low they might as well give it a whirl. The rest is history:

    At the time, sales of Macs had just started to rebound, and when iPod and iTunes debuted, they upended the music industry. For Apple, the revenue from iTunes was profitable; but the money raked in by iPod was amazing. It’s highly likely that the margins from the 30% the App Store, Music, etc. are good, but most likely, they are not through the roof profitable like Apple hardware sales.

    Facebook just announced a 47.5% take from sales for its Meta NFT store, plus an additional 15% fee for Meta Worlds. It makes the App Store fee sound like a big bargain:

  64. My problem is I want my iPad to be different from my iPhone. I think more absolute security is a good feature for the phone and the identical implementation of security on the iPad is too restrictive. I understand there are many with legitimate reasons not to share this view. I would like the iPad to be more like the Mac in how it controls apps. Since my needs aren’t going to be filled by Apple, I hope there is some sort of accepted compromise for App Store control which comes out of the European litigation. Apple has itself to blame for not listening enough to developer and legitimate business complaints and concerns. Apple and its phones are not a monopoly, but the next best and worst thing.

  65. When Tim Cook starts giving me the hardware for free then it will be his business what I install on it or do with it.

    If they care about security, then they can continue to offer their App store and users can choose to buy from there based on the guarantees Apple offers. However Apple’s restrictions on what software goes into their App store and thus what we can install on a particular device goes well beyond protecting the user from malicious software.

    I completely support Apple being forced by governments to open up their devices to allow users to decide where they want to get their software and how they want to use the hardware for which they paid.

    Furthermore Apple is a de facto monopoly in the marketplace for iOS, iPadOS and tvOS apps. If they don’t like the government enforcing a free app market, then they are of course free to discontinue the iPhone, iPad and Apple TV. No-one’s forcing them to make this hardware.

  66. My elderly mother knows almost nothing about technology, but even she knows enough not to just click on things like that.

  67. That’s exactly the problem. Apple could probably have kept getting away with a monopoly on outlets for iOS et al apps, but for the fact that it is very obvious they’re blocking applications for reasons other than security.

  68. The claim that reviews of Fokusek Enterprise’s apps have been removed is clearly not true, or at least no longer true, they are present now, including reviews left before the tweet was sent.

    Complaining about the developer’s bad practices seems to have had some effect, all of Fokusek Enterprise’s apps now seem to have a 3 day trial.

    I’m not persuaded by “Mac App Store review is not perfect, therefore developers and users should have the right to avoid all app stores,” which is the only point I can think of for sharing this story.

  69. Apple defeats antitrust class action challenging App Store control:

    https://www.courthousenews.com/apple-defeats-antitrust-class-action-challenging-app-store-control/

    App Store monopoly claim rejected by federal court; reasoning is a strong win for Apple

  70. That currently is not accurate.

    No-one’s forcing you to buy it.

    Interesting – what do you want to do on the iPad that requires more openness?

  71. The reason I shared the article is because people are talking about how great a job Apple does compared to what the competition would do. It’s blatantly obvious that Apple is not doing a good job watching out for its users. Its users are having to force Apple to take action, which is what you’ve now seen.

  72. Lol. How about choose what apps I want to run? Instead of crawling to Apple begging permission to install an app on the most powerful personal computer in the room—that I own, not Apple!

  73. I assume the reason you’re sharing this very old news is because you disagree with Rich’s article that we’re all commenting on? From the article:

    But this foundation is now at risk, largely due to how Apple has treated app developers and payments. On 25 March 2022, the European Union published its draft Digital Markets Act. If enacted, the legislation would, among other things, require Apple and similar companies to support alternative app stores.

  74. what do you want to do on the iPad that requires more openness?

    The ability to create and install custom keyboard layouts (available for decades on MacOS with no problems) would be most welcome for the things I do.

  75. The reason I shared the article is because some posters to this thread, including this particular post that I responded to, keep calling Apple’s App Store a monopoly. A judge in the US court system ruled that it is not.

  76. Which apps, specifically? There’s a whole lot of “but my freedom!” ringing through this thread and a whole lack of actual specifics on what people are being stopped from doing.

    Thanks! That seems reasonable. A quick App Store search shows quite a few apps that claim to allow the creation of custom keyboards. Do those not work? (I’m genuinely asking – I didn’t do much more than the search).


    In terms of the monopoly question, the court in Apple v. Epic found that Apple was not a monopoly and that’s the major legal precedent at the moment.

  77. Does Saks Fifth Avenue sell Maybelline or Cover Girl makeup? When I worked across the street from their flagship store, I had to walk blocks away to buy products from these brands at a crowded drug store and wait on long lines to reach a cashier.

  78. Fortnite?

    Another browser that actually supports push notifications, so I can avoid installing apps on my phone and just run web apps for a lot of things?

    Linux on my old iPad for a simple home server so I don’t have to toss it in the landfill for no reason and buy another device to run Linux on?

    I used to jailbreak my iDevices all the time so I could run apps that Apple wouldn’t allow. How long was it before Apple allowed swipe typing?

    Now it’s become too hard to jailbreak my devices, so I’m left unable to do any number of things. What things you want to know? I’m generally not the one writing the apps. I was the one discovering them on the Cydia app store and going “AHAH! I never knew I needed that, but boy am I excited to have that now!”

    A shortcut straight to the camera app, just by double clicking the volume buttons while the phone is off?!? Yes please! I can’t tell you how many phone shots I miss because it used to take so long to get to the camera app. I didn’t know I needed that app until I saw it. Neither you nor I know what could be possible today if it weren’t for Apple getting in the way.

    If you’re interested, lookup what Apple has added to iOS that came directly out of them copying jailbreak apps. Almost all of the most useful quality of life additions to iOS were available for years before Apple added them. It’s just that Apple wouldn’t let you install them.

    Nobody is asking Apple to sell competitor products. No idea what you’re even trying to say. (Anyway, Apple does sell Microsoft software on the App store.)

  79. Apple owns the App Store and a lot of contributors to this thread are saying they should not have the right to to choose what they will, or will not sell in their App Store. Apple is acting just like the vast majority of retailers act. Maybelline is considered a low end drugstore brand, and Saks only stocks only the highest priced beauty products. It was a PITA for me to have to schlep a distance from my office and wait on long lines to buy products that I wanted that Saks refused to sell in their well stocked, beautiful and convenient store. And there was never a question of Saks being forced to.

    Saks does sell Nyx cosmetics, a very expensive upscale brand which is owned by the same company as Maybelline.

  80. I didn’t suggest they cancel your iCloud account…just limit you to a single store. What do you think they should do to protect their legitimate intellectual property, security, financial, and reputation from harm due to a store they have zero control over? Doing nothing means they take the hit when the Epic store screws up. And in any case…they are not a monopoly anymore than BMW is…you can only buy one from BMW and can only run BMW software that you get from BMW and can’t run that software elsewhere. Since they aren’t a monopoly…it isn’t the government’s or the devs business how they choose to run their business for the benefit of their stockholders…devs also have a choice as do consumers.

    You’re suggesting things I never said…and as I also said Apple has lots of smart people and should obviously make their own plans…and you can bet money they already have made them…they’re a lot of things but stupid isn’t on the list.

    So…what do you think they should do?

  81. Please provide a quote from anybody arguing this.

    I know. My point was that what you are arguing for requires them to go a lot further than you are realizing. Think about them leaving iCloud turned on and all this supposed SPYWARE and MALWARE gets installed on your device and extracts your iCloud photos and contacts. That’s a lot bigger problem for Apple, and your proposal doesn’t prevent it. All that your proposal accomplishes is that now I’m not allowed to install both Fortnite and the Shortcuts app. I have to choose whether I want to play a game or have my device be useful for work. But either way, if you are convinced that Apple will take the flak for problems caused by Fortnite, they’ll get the same flak.

    I think what they should do is throw up a large warning. Sure, make it a slow process. Make it a pain with 15 “are you sure” prompts, pointing out that Apple doesn’t have any control over what these potentially nefarious apps like Fortnite want to do to your phone and data. The user is already required to accept responsibility for what happens on the user’s device. Remind them of that, and point out that Apple has been “helping” you do that and they won’t be helping anymore. Then let people install what they want. Then anytime there is a report of a nation state hacking the iPhone or whatever (which already happens regularly, let’s remember), they can tut-tut about people installing non-Apple-approved software and pretend like it’s the user’s fault. Their reputation won’t be damaged.

    I think what they will do if they are forced down this path is at the very least disable Apple Pay for those who want to venture outside the garden, possibly all of iCloud and Apple services.

  82. Thanks.

    One of the reasons to get specific is to see if there were gaps/missing apps that would make me want to shift my position on this. So far, no. The digital subscription issue is a bit annoying, but that’s the only one I’m really bothered by.

  83. There isn’t one specific app I have in mind probably because it hasn’t been created or released. I have many non-appstore-apps on my Mac and I bet a bunch of them would make sense on my iPad. I like desktop computers and tablets but not laptops. I would like the iPad OS to be as much like the macos as possible (or at least more than it is) except that I absolutely do not like macos being influenced by iOS. I use my iPhone and its apps differently than I use my iPad and its apps and of course the Mac serves me differently than both the others. Except for creating notes, using the web, and sharing photos, I generally do much different things on each computer. However, for iOS, I more often use websites than corresponding apps when both are available. I wish many developers would do a better with their web apps. Usually, a lousy website means a lousy app and vice-versa. One benefit of Apple’s restrictiveness is probably that more is available on websites. Yet web practices seem to have gone downhill when I’m using my iPhone. I care about this far more than the app restrictions. The iPad experience is often far superior to the garbage that too often comes up (in Safari) on the iPhone.

  84. And you probably would have said the same at each version of iOS through the past ten years, right? That’s why I pointed out that the features we have in iOS were often created not by Apple, but others in the jailbreak world. You like Control Center, pull down to refresh, and a million other things about iOS? You can thank jailbreakers who said, “We think there are apps Apple won’t let us run that would be good.” So now you want to know the killer feature that is missing right now without acknowledging the history of killer features that nobody knew they needed and were content without, just like you are now.

    I listed a couple of killer apps that people want, like Fortnite, which is important to millions of people, and browsers with push notifications, also important to millions of people, and you shrug your shoulders and say, “I don’t personally need those.” So, what am I supposed to do, guess at what’s important to you that Apple currently won’t allow? That’s impossible. It’s even impossible for me to know myself what I want.

    I’m curious if you can acknowledge that if it weren’t for people refusing to respect Apple’s much vaunted “wall” that iOS would suck today. Apple and you and I have all benefited from the competition. Unfortunately Apple’s gotten so good at preventing people from running the programs they want to run on the devices they own that they’ve killed the competition.

    So, to return to your statement, once you realize how many killer features came from the jailbreak community, I think the fact that you currently can’t think of anything missing says more about your and my lack of creative thinking than anything else.

  85. Actually, no. None of the things you mention would be deal breakers for me, so your point is wrong. Further, claiming jailbreakers are solely responsible for Apple adding a feature ignores that operating systems are updated all the time with new features and those features come from all sorts of places.

    Yes – I make purchases based on my preferences and needs (and what I think will work best for people like my Mom). I’m not sure why you think that’s a problem – I’d recommend that you do the same and all those people who play Fortnite should do the same.

    I note also that you’re telling me to privilege the need of the folks who play Fortnite over my own preferences and needs, which seems really strange. Do you make purchase choices based on the needs of millions of complete strangers?

    As I noted, I don’t agree with that analysis, so it seems not.

    Actually, I think it means that the actual consumer need for a more accessible iOS is drastically overestimated, and that the conversation (here and in other venues) is largely driven by the voices of developers and those with professional responsibility in the Mac world (ie, tech journalists, etc).

  86. I know. My point was that what you are arguing for requires them to go a lot further than you are realizing. Think about them leaving iCloud turned on and all this supposed SPYWARE and MALWAREgets installed on your device and extracts your iCloud photos and contacts.

    That’s a good point…and they will likely have to abide by whatever law gets passed until the inevitable lawsuits work out…but at the same time they need to protect their legitimate interests and not be in the position of having 2 stores at the same time because the blame then isn’t’ clear and it will be Apple, not the 3rd party store, that gets blamed by the user and the Apple haters in the press. Not all the press of course.

    I think what they should do is throw up a large warning. Sure, make it a slow process. Make it a pain with 15 “are you sure” prompts, pointing out that Apple doesn’t have any control over what these potentially nefarious apps like Fortnite want to do to your phone and data. The user is already required to accept responsibility for what happens on the user’s device. Remind them of that, and point out that Apple has been “helping” you do that and they won’t be helping anymore. Then let people install what they want. Then anytime there is a report of a nation state hacking the iPhone or whatever (which already happens regularly, let’s remember), they can tut-tut about people installing non-Apple-approved software and pretend like it’s the user’s fault. Their reputation won’t be damaged.

    I think what they will do if they are forced down this path is at the very least disable Apple Pay for those who want to venture outside the garden, possibly all of iCloud and Apple services.

    I don’t think making it hard…no matter how hard they make it…will prevent people from blaming them so unless they are somehow prevented from doing so good engineering practice…at least the way I always used it back on the submarine and then in the sysadmin biz…was to anticipate as many problems that while unlikely could occur and do whatever I could ahead of time so that if they did occur I had already engineered the solution I would be using…and if I were them I would put a clear divide between their walled garden and whatever the other choice is. If that means telling the user they have to log out of iCloud that’s fine…then only the contacts and photos on the device in question get compromised. iCloud and inter device syncing is part of the walled garden…and not part of the 3rd party store. Doesn’t mean the user can’t have the 3rd party…but I would force the user to choose one way or the other if it was me unless my lawyers told me I wasn’t legally allowed to do that.

    Not trying to argue…just to point out their concerns and how they might alleviate them…guess we’ll find out if/when the bills in question are signed into law.

  87. Here’s just one:

  88. But you did have the choice of going to a different store, however inconvenient it was for you, to obtain the product you wanted. With iOS, the situation would be akin to having Saks, and only Saks, as a place to buy your makeup.

  89. But they’re not a monopoly…the judge has already ruled on that for reasons he described perfectly. Yes…they are the only place to buy Apple hardware and the only place to get software to run on that Apple hardware…but that doesn’t make them a monopoly in the smart phone market anymore than BMW being the only place to buy a BMW or use BMW software makes BMW a monopoly.

    I realize there’s still ongoing appeals of the case…but unless the judge made a mistake of law…and from his opinion it looks like he didn’t…then the appeals court does not change the facts of the case…they’re just looking for judicial or remedy errors.

    As I said before in another reply though…Apple’s store is not perfect…and they could and should improve it. That said…it is still less of a jungle than the various Android stores…I think we will all likely agree with that statement. Given that they’re not as bad as Android stores…making Apple’s store worse just so it will match Android’s seems counterproductive at best and stupid at worst…not to mention as a non monopoly the government has no legal right to force Apple’s business decisions. That doesn’t mean they’re not going try…e.g., the currently in Congress bills…and I doubt that either of them has enough votes to get passed…and we don’t know if the President would veto them or not…and there will then be the inevitable lawsuits as I believe those laws aren’t constitutional since no monopoly exists…and we know that Apple believes that already.

    I’m not against 3rd party stores…but if Apple decides to allow them then Apple is perfectly justified in protecting their interests.

  90. The equivalent would be refusing to leave Saks and insisting that they bring in whatever goods you demand, as opposed to going to the perfectly good Android Bloomingdales store down the street.

  91. I’d say it’s more like having drug stores only in Europe and telling someone if they want to buy Maybelline cosmetics they should move to Europe.

  92. You can’t get Android phones in the United States?

  93. That’s because it’s Saks makeup…if you want knock off Saks makeup you can go to Macy’s or Android in this comparison.

  94. I don’t know if you’re just trolling, but obviously, I was drawing an analogy between the difficulty in switching ecosystems to relocating to a different country.

  95. And I was disagreeing that it rose to that level of difficulty. One of the problems of argument by metaphor is that there’s no way to prove whose metaphor is correct, so it’s just back and forth.

  96. Can we knock off these BS comparisons?

    The situation on smartphones is entirely different. On smartphones there are only two stores: Saks and Bloomingdales. I would definitely expect regulators to step in telling Saks what it can do in its stores when all of humanity has just these two stores to choose from (especially since they are following each other so closely effectively making any choice pseudo choice at best).

    Perhaps some of you think duopolies are fine. I definitely don’t. The EU appears to agree. And fortunately for me, their anticipated actions will likely disrupt this duopoly far beyond just the EU. All the way to CA I hope (kind of like how we started setting US-wide emission standards by setting them in CA, the relevant market).

  97. First of all, it is blatantly obvious in the context that what I’m talking about here is their monopoly within the iOS ecosystem.

    Secondly, calling Apple a monopoly, no matter which way you (mis)interpret that, is NOT calling for Apple to be forced to sell other people’s products.

    I won’t be responding any further to you.

  98. Alright, I think it’s time to close down this discussion.

Join the discussion in the TidBITS Discourse forum

Participants