I'm dreading this. I want privacy hostile companies like Facebook to have to comply with the app store rules and respect system settings relating to privacy. As a user, I'm thrilled when Apple wields its big stick to stop big tech companies from overreaching. Before there was a bit of a compromise, I could use evil apps with some peace of mind that they wouldn't do something egregious. Now I suspect evil apps just won't be available in the App Store, or Apple will be forced to relax their control.
I'm the opposite, as looking at android, where do we see this? All big players are still in the play store, because the average user of those services doesn't want to be bothered going to a website, clicking scary looking buttons to enable third party installs, then manually update their own installed apps.
Basically the risk would be someone like TikTok dropping out of the store, but I find that unlikely. Maybe at the best they will have an "unrestricted" version with bonus features outside the app store. Visibility for indie apps is basically zero on the big platforms, but for the large players, being in the app store is actually important, at least for now, as users are used to going to the app store to search for software, and not just typing something into google.
The other thing is, these apps will still be sandboxed. Being available outside the store just means they can accept their own payments, they aren't going to have full system access to photos/contacts/files/etc. without explicit user permission, same as an app available via the app store.
> I'm the opposite, as looking at android, where do we see this?
1) Android hasn't made things as hard for malware vendors as Apple has, and
2) Android's not as lucrative a market as iOS
Those together mean incentives are significantly different, so we might not see the same behavior on iOS as we have on Android, from companies that are upset about not being able to to distribute as-effective malware as they'd prefer. Like Facebook.
User count, yes. Expected value per user, and amount spent per user on software and computer services is far lower for Android, even if we only look at the US. That, combined with the relative ease of supporting a couple iOS versions on a handful of devices versus a whole universe of Android OS-device combos, is why a lot of apps go iOS-first if they're not doing dual-platform from day 1. The benefit for most monetization models is greater on iOS, and the cost of support tends to be lower.
An alt-store stands to capture more value on iOS than Android, and spying on iOS users is probably a whole lot more lucrative than spying on Android users.
That, combined with the App Store restricting spying more than the Play Store does, is why we can't necessarily expect the iOS ecosystem to behave the same way as Android's, were iOS to get similar side-loading capabilities. A common argument goes that nothing will change on iOS, because it hasn't on Android, but the two markets are different enough that I don't find that a strong argument. Maybe it'll turn out to be right, but I don't think it's as much a slam-dunk argument as those advancing it seem to think it is.
> An alt-store stands to capture more value on iOS than Android, and spying on iOS users is probably a whole lot more lucrative than spying on Android users.
How so?
I think American Apple users just don’t realise how insignificant Apple market share is outside the US.
Android was open from the start. Giant like Amazon tried to kickstart alt stores. What did happen? Nothing.
I think people should stop drinking Apple fear mongering. It’s just aggressive lobbying to protect their cash cow.
> > An alt-store stands to capture more value on iOS than Android, and spying on iOS users is probably a whole lot more lucrative than spying on Android users.
> How so?
What... part of this remains unclear? It's the same incentives that drive iOS-first development choices, with the added wrinkle that the App Store restricts the potential of certain monetization schemes (spying on users) more than the Play Store does. All that means the incentives to distribute apps outside the App Store, or to launch an alt-store, are stronger than on Android.
> I think American Apple users just don’t realise how insignificant Apple market share is outside the US.
I do realize. I think you may be overestimating how much all those Android users spend, and how much their eyeballs (and personal data) are worth to advertisers, compared with iOS users.
> Android was open from the start. Giant like Amazon tried to kick start all stores. What did happen? Nothing.
My entire point is that there are enough differences between the two that we can't assume they'll behave the same.
Income demographics are almost certainly part of it, sure. I expect iOS also makes users feel safer or more comfortable spending money than Android does, and that the average iOS device in the wild is generally more pleasant to use than the average Android device. There could also be age-related demographic factors contributing (that is, Android users may skew older, and older people might spend less on software, and may tend to use their devices far less than younger smartphone owners—this is just a guess, though)
Whatever the reasons, iOS device owners use their devices a lot more, and spend a lot more money through them, than Android users, on average.
> use their devices a lot more, and spend a lot more money through them
Dark patterns are the same, by any other name. I left MacOS because the squeeze got too rough, and didn't even consider iOS for daily use since it's file syncing options are a clown show. If Apple has reached this market position through unfair or anticompetitive means, I don't see why or how it would stop regulators from ruling in favor of competition.
I doubt you're right that Apple's more-strongly leveraging dark patterns (... do they?) is the reason iOS users use their devices more, and spend more money on them. There probably are several things that all contribute, but I doubt that particular one ranks in the top-10, assuming the effect even goes that direction at all, and I'd certainly not bet that it does.
I mean, hell, Apple goes out of their way to let you know how much you're using the device and where you're spending (or wasting) your time. And they make managing e.g. subscriptions dead easy. Sure seems counterproductive if the secret of their success is dark patterns tricking us into spending more time on the devices, and spending more money.
Those are numbers for smartphone sales, not the software on them. Hardware sales can be negative, sometimes even intended. Just look at console vendors for that.
Are you arguing that the average Android user spends more on apps than their phone is worth?
Anecdotally, most people I know might spend $20/year on App Store purchases (excluding streaming services if they don’t have a desktop computer).
I’ve made well over six figures for a few years and have never spent more than $100 in a year, the vast majority of those purchases for one off games/apps, not iap coins/tokens/etc.
That can't make the numbers look better, after all, Apple gets 30% of App Store sales, while Google takes the cut of Android apps sold through the Play store. And that gets even worse when you see Apple gets 67% of all app revenues too. [1]
Then just say that in the first place. I don't disagree that Apple users are much more likely to pay for software than Android users, but you don't need hardware sales to make that point.
> In Q1 2022, Facebook had an average revenue per user (ARPU) of $48.29 in the US and Canada, $15.35 in Europe, $4.47 in Asia-Pacific, and $3.14 in the Rest of the World. Facebook reported a quarter-over-quarter decline in ARPU of 20% in the US and Canada, 22% in Europe, 18% in Asia-Pacific, and 5% in the Rest of the World.
I'm guessing they're looking for the users they can steal the most from in the least amount of time. Aka, the most lucrative.
Apple's ecosystem means that most of the devices are up to date, or close, and because they control the full pipeline, things behave better.
This means that targeting ios is easier (since they'll be on closer versions and behave uniformly) and that because they spend more money, which they have, means that targeting them is easier and more lucrative.
Most are looking to hack. If they're looking to build a botnet, android might be better.
I don't think so? Android devices are much more likely to be vulnerable to well-known exploits. Stealing keys and passwords of course is much easier if your app can get root on the device.
Yeah, I suppose this stuff isn't common-knowledge outside the commercial mobile development space.
There are complaints in this very thread about how shit the software selection is on the Play Store compared with iOS. This is why. Companies that have to, for whatever reason, pick only one platform to start on, usually pick iOS. If they add on Android later, they expect it not to make as much money as the iOS app, so may half-ass the port. In some cases, good apps that have enough revenue to keep them alive on iOS, may judge that an Android port won't be worth the added cost (especially smaller apps—think, one or two developer sorts of operations, they may run the numbers and project only a 20% revenue boost from adding an Android port, which may not be enough to cover the dev, testing, administrative, and support time the platform would require). There's a perception that, basically, Android users won't buy apps (which is... kinda true) and that's why the iOS version of an app might be ad-free and paid, while Android only gets an ad-supported variant—the vendor doesn't think creating and supporting a paid option on Android is worth the extra overhead.
I used to be a mobile developer, and I literally got death threats for charging $6 on Android. People just paid it on iOS and got on with using the app.
Spend more, and use their devices a lot more, both Web and Apps. At least, last time I looked at market research data like this, which was admittedly 4-5 years ago.
Something that I think is often not considered when thinking about mobile device usage stats is the proportions of types of users the market is comprised of.
While I don't have any links to back the idea up, I suspect that Android's marketshare is somewhat inflated by users who'd normally be using feature phones — these users don't need anything more than the ability to make cell calls and maybe text occasionally, and even the absolute cheapest of cheap Android phones checks those boxes. There's no point in these users buying even a low-midrange Android phone, let alone a flagship or an iPhone. So while these users are technically Android users, they're not really smartphone users.
Also, the difference in rates of usage extends beyond phones. I think I read some of the same reports you did and compared to iPads, Android tablets are much more likely to end up forgotten in a drawer or collecting dust on a shelf. Having a recent low-midrange Android tablet myself (for Android app dev purposes) I would guess that this is at least partially due to how ridiculously low-spec cheap Android tablets are… mine cost almost as much as a refurbished iPad 9th gen on sale but doesn't perform a fraction as well as that model of iPad. Even my old Pixel 3XL runs circles around it.
Agree with the user base portions. My parents (in their 80's) each have 3 android phones because my dad keeps buying them for some reason. We never know which of their phones/features are currently active. My mom wasn't getting my texts and we just figured out that she doesn't have texting enabled. Not sure if it's a setting or that my dad picked a 90 day phone plan without text support. :-)
As someone used Android and Apple co-currently, this is it. Android apps I supported (camera and photo apps, some music) all went down in some form and were gone in some time. Furthermore, the quality was always lower than any iOS counterparts.
Apple apps almost never have these problems and are higher quality.
Only Facebook makes the Facebook app, and I find it extremely easy to imagine a Facebook app that can only be sideloaded, so that Facebook can bypass the restrictions put in place by the App Store.
For instance, Apps are currently not allowed to degrade functionality if the user says no to a permissions request (e.g. location tracking).
Facebook has actually done this before with their Onavo VPN that intercepted all your web traffic in exchange for something like a $5 gift card every month. Distributed publicly using their internal enterprise certificate and got their cert revoked.
Perhaps, but what I was emphasizing was that on iPhone such apps will likely not come pre-installed; neither by Apple (vs e.g. Samsung) nor by a carrier because I seriously doubt Apple would allow that.
Instead, what Apple is doing is finding a new balance that appease those who are attacking the legitimacy of the App Store (and its toll booth) while in practice the vast majority of iPhone users will retain their privacy.
> Perhaps, but what I was emphasizing was that on iPhone such apps will likely not come pre-installed; neither by Apple (vs e.g. Samsung) nor by a carrier because I seriously doubt Apple would allow that.
If Facebook is willing to pay to have their app preinstalled, unremovable, and granted root permissions on Android, why in the world wouldn't they be willing to force users to sideload their app on iOS?
Why in the world does it matter? If Facebook wants to use the iOS sideloading scene to promote organ harvesting or whatever, we use that to sue them. From the outside-looking-in, it seems like another one of those hissy-fit scenarios where Apple's petty disagreement with other companies actively reduces the capability of their devices.
Sue them for what? Gathering user data that users gave an explicit permission to gather?
Previously, the app devs wouldn't be able to, for example, lock out the entire app from being used, just because you didn't give them permissions for something that isn't vital for the app to function (e.g., location tracking or photo gallery). App Store rules prohibit that behavior, and those apps get rejected.
Sideloading would allow FB and others to do that and more, since they won't need to follow App Store rules anymore. And I don't think there is anything illegal about them doing it.
I don't use the Facebook app. I hardly ever use FB, anyway (I am an admin on a user group for an OSS project I authored), but their app is a well-known nightmare.
I use their Web interface, which, I suspect, they deliberately cripple, in order to try forcing me to use their app.
I wanted to check fb messenger on my phone for a marketplace thing so I logged into the website: wouldn’t let you look/ pushed you to the app and I couldn’t flip it into desktop mode
They don't speak of the security model. But the compliance model, ie. "you can't block the entire app until the user enables precise 'always' location tracking".
But in terms of security, every jailbreak since ~iOS 8 besides checkm8 has been via a third-party app breaking out of the sandbox. The ramifications for shipping an exploit chain like this via the built-in app store is going to be extreme (possibly being blacklisted from iOS), but a sideloaded app can run such an exploit chain in the background (to install spyware if the user isn't on the most up-to-date version of iOS) with no consequence.
Facebook could pull Instagram and tell users to visit Instagram.com.
They can now block some/all of the app based on whether or not you've enabled location tracking.
And malware on macOS works different because macOS doesn't have the same security model as iOS. macOS apps can access large parts of the system after one or two security prompts, and Apple has gone on record that this is not the security level they want for iOS[0].
I guess you could mean that Apple would do notarization, but I can assure you that enough third parties would still fight Apple in court/via lobbying to remove all of Apple's oversight over app approval.
> I'm the opposite, as looking at android, where do we see this?
For one, DJI drone software. It's available in the Apple store but you have to sideload it for Android. DJI isn't a small company, and there is quite a large professional market.
Edit: meant apple app store, not play store...fixed for clarity
Because Apple forced DJI to comply for their version, but since sideloading is available on Android as an alternative, they basically told Google to go pound sand.
I suspect as well the version is Android has features the iOS one does not due to limitation placed on it from the store, Issues they got around by simply removing it from the draconian store.
It has been several years since I gave Android a try, but my experience was that the Android ecosystem (specifically the Google Play Store in the U.S.) was indeed much worse than iOS with apps distributing malware, destroying battery life and performance with background tasks, sending all your contacts off to their server, using push notifications for spam, etc. (To be clear, these things have also been problems on iOS, and my position continues to be that Apple should be even more restrictive about this stuff).
You already can side load apps. Just buy an Android device. I liken this to people who buy a house near an airport then lobby to get the airport closed because they do not like the noise. I bought into IOS because of the walled garden and without it some app that I would prefer to get through the sanctioned app store will now only be available by side loading.
> I liken this to people who buy a house near an airport then lobby to get the airport closed
Well, no, in this case it’s the government going to see the pseudo-monopolist and telling them: "Party is over. There is going to be some competition there from now on." Something I most definitely cheer for.
> There is going to be some competition there from now on.
there already is competition- it’s called Android based phones. This is more akin the government telling Walmart they have to freely give shelf space away to anyone and everyone to sell anything they want.
> I don't understand why so many act as Apple apologists and feel the need to justify the current situation.
Who’s acting as an apologist? I prefer it the way it is. It’s not like you don’t have a choice. If you want a device that offers the ability to sideload go buy an Android. I appreciate the fact that if anyone wants to offer an app on IOS they MUST go through the official app store to do so. Lets say for instance an app that I must have (example only) Facebook Messenger. Now that they (Facebook) can sideload they stop offering it in the app store. Now anyone that really needs that app either must sideload it or not have it. You think Facebook is going to honor all of the good privacy controls that IOS currently enforces?
That is a huge disservice to those that like the walled garden. It forces companies that want a presence on IOS to comply.
In this scenario Walmart is one of only two stores in the country, and while Walmart usually pays a few bucks for shelves, the merchants in question are happy to bring their own. They just need Walmart to get out of the way, not incur any real cost.
Some things can be sandboxed in software, some things are only socially-enforceable. For example, look at Apple's requirement to list everything an app does with the user's data. It's impossible to enforce that in software and still have functioning apps (trivial example: an app's back-end sells every single request made to it to some third party), but Apple was able to enforce it anyway via App Store rejections
We already have an example of what Meta would do with sideloading: trick clueless users into installing highly invasive spyware that inspects every traffic going in and out of your device, even MITM-ing TLS connections.
They did this by abusing their enterprise certificate.
As much as I'd like the ability to sideload apps, abuse by commercial vendors is a very real concern. With a few exceptions, commercial software has proven itself to be untrustworthy with the growth of surveillance capitalism. I'd rather that sideloading be reserved for free software.
what you’re seeing in the iPhone sideloading space is a product of a lot of hard work by many different people over many years. AltServer and the like (what I assume you’re referring to) are the best solutions we have, but come with significant downsides - iOS updates breaking the software, limits on how many apps you can install (last time i checked, you could only install 3), time constraints (need to ”re-sign” apps every week), software constraints (still can’t use JIT or other private APIs without Apple’s blessing), and - relative to using the App Store or Android sideloading - the setup procedure is pretty complicated. on both Macs and PCs, AltServer can be kind of difficult to set up.
all of this has prevented a legitimate sideloading scene from truly emerging on the iPhone - which, depending on where you ideologically stand on this, could be considered monopolistic.
i think there’s definitely room to make the process a lot easier - even if it’s just for power users.
When I first looked into this, free Apple developer accounts also could only use limited app entitlements: so no network extensions, VPN profiles, Apple push notifications, or other capabilities. NetworkExtension is basically the only reason I’m interested in iOS development at all, so a paid account was not optional.
It used to not be possible at all, and now you still have to repeat it regularly if you want to keep using the sideloaded application, which makes it close to useless for anything else than development. Of course, as expected from Apple, doing it from another OS than macOS is a huge PITA too.
The whole iPhone I got was $100 itself, second hand, some older version that was still useful for development. Its purpose was to let me port my game engine to iOS. I managed to port a single app, run it on the phone and then decided to forget about iOS at all. The necessary effort to deal with all that stuff is crazy and it's better to spend all that time elsewhere.
Today that phone stays in the drawer and I can't run that app on it anymore; I'd probably have to spend hours figuring things out again just to redeploy it so I can launch it on my phone.
Meanwhile, on my actual phone, I can just scp a deb package and install it with dpkg, and it works until I uninstall it myself.
Google doesn't prevent Meta or TikTok or any other apps from spying on you, as long as they also get to spy on you. So they have no incentive to build a competing store.
Apple, on the other hand, limits what apps are allowed to do.
What's preventing Apple from limiting what apps are allowed to do with iOS? It's got the same kernel as MacOS, presumably there's nothing stopping them from using the same venerated isolation technology, right?
What's the technology that enforces something like "apps are not allowed to degrade the user for denying permissions, except for features that actually use that permission". Or however Apple wrote the exact rule that prevents apps like FB from saying "give us access to all your contacts or we won't work at all".
Nothing. Just like the technology that enforces something like "apps cannot record from the camera and train it on AI off-device" or the technology enforcing well-written and clear EULAs.
When an app on my phone asks for contacts access to work, I don't use it. The system works as-intended.
Edit:
> So Apple users can use FB on their phones
According to your logic, this is a net-negative. Is Apple trying to help or hurt their users here?
And when you don't use FaceBook, then Mark Zuckerberg personally feels sad!
No wait, no one cares.
Meanwhile, Apple says "if you try that, you won't get access to all our customers". And FB and Mark Zuckerberg listen to that threat. So Apple users can use FB on their phones, deny access to location tracking and their contacts and feel safe that FB won't ever say "add them back or we'll stop working".
> Basically the risk would be someone like TikTok dropping out of the store, but I find that unlikely.
Maybe it's the other way around. I don't know the current legislative status of the attempts to ban TikTok, but the most realistic mechanism for doing so would involve banning it from app stores. By enabling sideloading, Apple would be enabling TikTok to circumvent such a ban.
Possibly this is preparation for TikTok being forced out of the store by the US government? But they'd still like to offer it, to avoid losing business to Android if that becomes the only platform with TikTok.
It would be deliciously ironic if one hand of the US government forces Apple to allow side-loading while another other forces it to stop distributing apps.
I appreciate it's not just the US in either case, but the irony is still delicious.
(No way I'm allowing side loaded apps on my main phone though; would rather have a secondary phone for them if I'm forced to install them for whatever reason).
However the solution to overreaching unaccountable private cooperations cannot be to hand all the power to another private unaccountable company.
Apple is venturing into advertising and that'll tempt them to weaken privacy protections sooner or later.
Additionally their app store rules went far beyond enforcing security and privacy. They gave themselves an advantage and removed competitors for commercial reasons.
Given that the mobile market is pretty much a duopoly in Europe there were two (political) realistic alternatives:
- Regulate tightly what apple/google are allowed to do with their stores (e.g. like a common carrier)
- force them to give customers a choice by allowing side loading.
The elected EU legislative took some points from both approaches AFTER the free market failed to implement a meaningful competition for central app stores.
> the free market failed to implement a meaningful competition for central app stores.
I don't want every component of my phone OS broken apart and subject to what some legislator or lobbyist thinks is 'competition'. The competition is between Apple and Google making mobile platforms and we already had a choice.
I chose Apple's approach after a few years with Google. I miss the headphone jack, but having no tacky tracky shit shovelled throughout the OS is nice.
>but having no tacky tracky shit shovelled throughout the OS
Like ads for icloud services in settings? Apple TV and Music subscription promotions appearing above all other the settings links? Personalized tracking being enabled by default?
Have you ever used a Samsung Galaxy device in comparison? I’m being upsold on their bloatware left and right and third party services. I hate Samsung and Android now with a passion because they don’t respect my settings and often install random system settings that contradict my choices.
iOS is a breath of fresh air in comparison and does none of this. I say this as a diehard Android G1/Nexus fanboy from way back before it became obvious to me that Google apps are basically spyware for the surveillance capitalism machine.
Graphene is actually great, I'll admit that. Though it does come at the cost of avoiding any mainstream apps. I suppose that depends where you are in life and who your main contacts are.
That and the fact that it isn't being sold to other companies (from what I know of their privacy policy) and can be disabled if you wish.
I don't blindly trust any company, but from what I can tell Apple makes their money from services and hardware. Someone else in this thread has indicated that advertisers are frustrated because they cannot access Apple user data. They recently implemented E2E for all iCloud data. It looks a better offering than trusting every aspect of my online life with a company who makes their $$$ from adverts and data mining.
While I'd love to use a PinePhone running OpenBSD for my mobile needs, having the ability to message my friends is nice. As are online services that Just Work, and if they make their money from me paying and not from selling my data, then we can be content.
More platforms would be better but the answer is for someone - commercial or some free software initiative - to get a usable and supported device to market, not making impositions on an already established platform with its own strengths and legions of customers who are willing to pay slightly more because of them.
Meta is collecting data from people using its products to create targeting-models for advertisement. An Advertiser can then buy ads targeting a specific audience. Companies really want the individual user-information to cut out Meta, but Meta is not sharing it to the advertiser, they have to go through Meta to reach their audience based on Personas they curate.
Now Apple owns the underlying Hardware and tracks usage of every single application and service on top.
How exactly is Apple expected to operate their advertising business if NOT with the very same method as Meta/Google (creating personas, selling them for ads)?
Google, literally, buys a copy of everyone's credit/debit card transaction data so they can spy on your bank account and not just your online activities.
Glossy Magazines sell Ads to people interested in those glossy magazines. The Magazine-content defines its target-group. This doesn't work for platform-based advertising, the platform needs to offer ways to select the target-group to address.
Google purchased transaction data to connect online behavior to the real world and refine their Persona profile. Apple doesn't need to do this, because they already collect data from their users' behavior in the real world via their Apple Pay / Apple Card purchases.
In 2017 Google didn't know whether you actually have money to buy a new TV, they only saw that you kept looking at TVs online. So they thought it's a good idea to buy this data to refine their Ad Personas.
In 2023, Apple already owns sufficient data to know if you can afford a TV or not. They curate your persona from your Apple ID and your Apple Pay transactions and even know whether you went to BestBuy recently.
Putting you in a matching advertising cluster for that isn't a legal privacy violation, your private data will never be shared with anyone. Just like Google and Meta don't share your private data with anyone.
I don't like any of those practices, but let's not buy into the illusion that Apple is doing anything different to Meta/Google. They all create and refine Personas to allow targeted marketing, and protect the underlying data to be the gatekeeper.
> Glossy Magazines sell Ads to people interested in those glossy magazines.
It's entirely possible to sell ads based on the content of a web page, just like it's possible to sell ads based on the content of a magazine.
It's just not as profitable as relentlessly spying on everyone.
> Google purchased transaction data to connect online behavior to the real world and refine their Persona profile
Google already has more than enough data on it's customers through their search history. They don't need to relentlessly spy on every aspect of your life, including your bank account, to turn a profit.
> It's entirely possible to sell ads based on the content of a web page.
Yes. But at some point i.e. Bentley wants to spend its Marketing money only on people likely to buy a Bentley. If Bentley shops for ads tomorrow, they can select Personas like "Age 40-60", "owns a car" and many others from Meta as well as Google as well as Apple. Those are the "ads relevant to you" Apple talks about in their T&C.
Again, I don't like it either, but let's not buy into the illusion that Apple is not entering this exact same industry to sell their customers' attention to the highest bidder.
> Google already has more than enough data on it's customers
And so does Apple. Time to start a lucrative ads business.
Yes, for some reason you're pushing the straw man argument that relentlessly spying on everyone, even people who are not your customer at all, is the same thing as having a first party business relationship with your own customer.
I'm asking how the persona creation of Google/Meta for selling ads is any different to Apple doing the very same thing, and if those actions when done by one party qualify as "spying", what are the same actions done by Apple then.
You avoided clarifying your view on Apple's actions for hours and instead kept arguing how Google/Meta's action are clearly espionage.
Now you inadvertently clarified that Apple is free to do all of the same that Google/Meta are doing because when Apple is doing it it is a first-party "business relationship". When Google/Meta is doing it, it is somehow never a first-party relationship but always an outside actor spying on people who don't use their products. Despite both parties doing this to refine the persona's they have of their platform users.
You keep circling around a "good company is good, bad company is bad" narrative.
You condemn the collection of data for the purpose of targeted advertising, because that's "spying".
You don't care if Apple is also doing advertising, because it's the collection of data which is problematic.
I just asked how Apple is expected to sell targeted ads any differently than collecting their users' data (to create personas for ads), and you keep reframing it to reply how others are "bad companies" because they collect userdata. This is the straw man argument you keep creating.
You made it very clear that there is no answer. To you Apple is simply different because they are a "good company".
I've given many examples of the difference between a first party business relationship and the sorts of worldwide spying that Facebook and Google have been engaging in.
>How is a first party business relationship with your own customer different than buying a copy of people's credit card transaction data, spying on receipts emailed by other businesses, turning on location tracking by default, paying children to give root access to their device (Onavo), setting up user tracking on a huge swath of websites (Google Analytics, Facebook Like Button), and the other sorts relentless spying tactics that we have seen from companies with a surveillance capitalism business model?
As I've pointed out previously, this isn't the same thing as Amazon having a record of things I've purchased from Amazon.
>I didn't even attempt to convince you
You haven't convinced anyone of your favorite straw man.
> Advertising has been profitable without spying for many, many decades.
So was the horse drawn carriage. Where is that industry now?
George Orwell could not have conceived a time where everyone was voluntarily carrying an electronic billboard in their pocket. But we are in that world, and that world no longer has room for the Mad Men/Ogilvy/Chiat Day era of ad agencies creating one-size fits all campaigns. Google and Facebook took them out over the past 15 years.
> Apple is venturing into advertising and that'll tempt them to weaken privacy protections sooner or later.
I hope they never become this short-sighted. I buy Apple primarily because I believe that they protect my privacy—or at least that they do a better job of it than everyone else.
The thing is, yes Meta/Google did make mistakes in the past and malicious players were able to gather individual information from them.
But the current business of Meta/Google Ads is actually based on protecting your private information and curating it into anonymous Personas.
They protect your privacy for the very same reason as Apple: To be the sole gatekeeper for effectively reaching you with Ads.
There also won't be any "weakened privacy protections". The goal of Meta/Google/Apple is to reach maximum precision for those Personas they create from their users, and protect the underlying data for competitive advantage.
Personas are legally not personal data, they are abstractions. Advertising to you via a cluster with other people who recently purchased a new car is not a legal violation of privacy.
This is how Meta/Google advertising works and how Apple Ads works as well, their T&C already state this clearly ("your information will be used to show ads relevant to you").
The problem is that once the apple turns sour, and it will, you’ll turn around to see that all the fruit is spoiled. Some moldy, some maggot-ridden, but none made for you.
Because iAd was designed to preserve user privacy?
>A new report on Advertising Age has revealed what advertisers think of Apple's arrogance when it comes to its mobile advertising platform and its tight grip on user data. This attitude towards its ad business turns off advertisers and makes them turn elsewhere, perhaps other avenues such as Google, Yahoo, or Facebook that make life a lot easier for them.
"One person familiar with the situation exec said Apple's refusal to share data makes it the best-looking girl at the party, forced to wear a bag over her head," the AdAge report read.
Exactly this. When Apple tried "Premium Advertising" without sharing any Personas 10 years ago, it failed as it was expensive and didn't allow targeted marketing.
In the meantime Meta learnt that they can't allow others to extract their precious userdata and need to protect their position by clustering data into Personas for advertisers to select from.
Now Apple reenters the ad-business, using the very same scheme as Google/Meta (maintaining Personas based on userdata they safeguard) but with an unprecedented set of profiling data of its users, as they collect data on the Apple-ID level, spanning from positioning data over types of apps used and stocks you're watching to actual purchases in the physical world.
If people consider Meta/Google's practice as spying, I don't know what they expect Apple's Ads to be. Their T&C already describe that they create a persona from your data to display "Ads relevant to you", just like Meta/Google does...
Are we talking about something like Amazon having a record of things I have purchased from Amazon? Or are we talking about Google buying a copy of my credit card transaction data?
Because one of those is a perfectly normal part of any business relationship, and the other is absolutely not normal and not acceptable.
I mean, Amazon stopped mailing receipts with line items of your purchases to Gmail customers because Google was maintaining a purchase history for transactions that they had nothing to do with.
> Google’s secret page records everything you’ve bought online
I'm not defending either of these practices, I'm asking how it is any different to what Apple does.
So Apple forcing all third parties on the iOS platform to use Apple's payments APIs to process payments and thus being able to track what you've purchased inside of any third party app they have nothing to do with, is that comparable to what Google does on the Gmail platform?
> I'm asking how it is any different to what Apple does.
How is a first party business relationship with your own customer different than buying a copy of people's credit card transaction data, spying on receipts emailed by other businesses, turning on location tracking by default, paying children to give root access to their device (Onavo), setting up user tracking on a huge swath of websites (Google Analytics, Facebook Like Button), and the other sorts relentless spying tactics that we have seen from companies with a surveillance capitalism business model?
> Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page.
> They gave themselves an advantage and removed competitors for commercial reasons.
Which competitor has been “removed”?
> Regulate tightly what apple/google are allowed to do with their stores (e.g. like a common carrier)
So there shouldn’t be any rules are quality controls on what should be allowed?
> The elected EU legislative took some points from both approaches AFTER the free market failed to implement a meaningful competition for central app stores.
Yes, the EU is the model of smart regulations when it comes to tech. That’s the reason that it has such a thriving tech ecosystem.
>Yes, the EU is the model of smart regulations when it comes to tech. That’s the reason that it has such a thriving tech ecosystem.
I don't think the (perhaps perceived) lack of entrepreneurship in the EU should be taken as a sign of regulation overreach to protect privacy. Seems liked a red herring in this conversation
The reality is simply that the EU is just not competitive in pretty much any of these industries. I'm actually struggling to think of any industry at all where EU has produced the market leaders.
> That’s the reason that it has such a thriving tech ecosystem.
By "market leaders" you mean the very many American companies fuelled by unlimited investor money that lose billions of dollars a year with no chance of ever turning a profit?
Hitory, lax laws (esp. around consumer protection) etc.
On top of that the US is a rather homogenous market with a single language vs. 27 conuntries with 27 different languages (in reality more) and quite a difference in local laws (even if all are compliant with EU-wide laws). IIRC there's also an expectation in Europe that companies should actually turn a profit at one point (though with influx of American money this is starting to change, too).
You still get ASML and Infineon, SAP, Adyen, Amadeus etc.
> However the solution to overreaching unaccountable private cooperations cannot be to hand all the power to another private unaccountable company.
Another way of thinking about this is what we're taking this so-called overreaching, unaccountable private corporate power from one company and giving many companies that same power.
> The elected EU legislative took some points from both approaches AFTER the free market failed to implement a meaningful competition for central app stores.
You are presenting both Android and iOS, and default app stores for each platform as a duopoly, which is a mistake, because on Android you can already install third-party app stores. The mobile OS landscape is a duopoly, but there are many app stores across both platforms so is is not really a duopoly, it's just that the Google Play Store and App Store on iOS are superior products (particularly the iOS App Store).
On the OS side I think instead of premature legislation and stagnation we should let things just play out. It's a mistake to assume that because the state of the world is X today that it'll always be X. You can't have instantaneous change. It also might just be the economic reality that having just a couple of operating systems is the best for consumers and the market.
They are doing no such thing. You don't have to use side loaded apps. If a company decides to only distribute from side loading, you can just not use their app. This is effectively what you are forcing on people who would prefer side loading, so it shouldn't be a problem for you.
I want a locked down phone. So does every old person in my life. I'll literally pay extra for a locked-down phone. If you want to side load, buy a phone that allows it, don't force Apple to make one.
You, and the old people in your life, can simply stick to downloading from the official store. This change doesn't suddenly force you to live your life in a way that you're uncomfortable with.
If applications suddenly drop out of the App Store (horrendously unlikely) and force you to install them via sideloading, don't do it. It's entirely your prerogative.
Plus, I imagine Apple is going to make it quite involved to actually sideload anything. I think the old people in your life (incidentally, I know a lot more tech savvy older people than younger people, but that's neither here nor there) are safe from the nefarious clutches of added freedom.
This is still an objectively worse outcome for the person who doesn't want sideloading (fwiw, I agree). There is a non-zero chance they'll lose access to apps they like / need to keep in touch with friends if they stick to their principles and avoid all sideload-only apps.
Can you explain how this will compromise your ability to lock down your phone? Not only do you still have complete control over which apps you install, those that are installed are still subject to the same sandbox.
If you want only Apple "approved" apps, well you can still do that and you lose nothing. You can't really complain about side load only apps that aren't Apple approved then, because that is exactly what you want. But keep in mind this is orthogonal to the "locked down" level of your phone.
These days? Sadly, yes. With good reason, I cannot by default trust any software from the web.
Depending on how exactly this is done, it might yet be safe: we can have multiple roots of trust, multi multiple app stores, etc.
I'm nostalgic for the bygone days when I didn't feel even slightly concerned about spyware because no bank cards were stored on my device and tech companies didn't phone home so routinely that the EU nations unified their existing legislation into GDPR in a vain attempt to try to get them to stop.
But I don't see those days returning short of a Butlerian Jihad against anything post-2002.
This is true for every powerful country that you are not a citizen of.
For example: EU citizens have zero power over US regulations forcing US companies to share data with them. Plenty of examples from other jurisdictions as well.
I don't think there is a way around this. A global market with these influences is still much better than fully isolated markets.
I am very confused. Is someone forcing you to deliberately side-load apps ? If nobody is forcing you to do this, why do you want to force others to only use the App store ?
I don't see a reality where companies like Facebook or Snapchat start distributing their applications outside the App Store. Maybe we see something where e.g. Facebook tries to spin up their own App Store, for them and anyone else who wants to join, but I would bet every dollar I have that this would simply be a failed venture. Because ultimately most people think, intentionally or not, like you do: Apps come from the App Store. Leaving would be suicide.
The company to watch is Epic Games. If they have the opportunity to bring a new gaming-focused App Store to iOS, to get Fortnite and other games back on the platform: I think they'll take it, and its possible it will do rather well. Giving game devs a distribution channel with a far lower cut of revenue is tempting, and may open the door to higher quality games on mobile. That could pivot to companies like Facebook distributing Instagram through something like the EGS for iOS; but again, I wouldn't bet on it.
Three industries will be massively benefited by this change: Gaming, Gambling, and Porn.
You're dreading giving other people the freedom to make one choice, and yourself the freedom to make a different choice (yours being the default option from the factory btw), and everyone gets the privacy/control tradeoff they want?
Meta makes the Facebook app. Currently, the only way to get the Facebook app on iOS is through Apple's App Store. Which means Meta has to follow all of Apple's guidelines.
Once sideloading is allowed, Meta can make a version of their app that does not follow Apple's guidelines.
Now, they can maintain two apps, but last time I checked, the cost of maintaining one app was lower than the cost of maintaining two.
Eventually, the App Store version will no longer work with Facebook's API. Or the iOS version, or a third thing. There will only be the sideloaded option.
I don't have the freedom to choose the version of the app I want. And now I can't actually trust any of the apps out there because none of them are required to follow any of Apple's guidelines.
If Meta pulled from the official app store, their install rate would go to 0 overnight. And a third-party developer would quickly swoop in and take over the #1 search result for the word "Facebook" (plenty of such apps already exist), so oblivious users would still end up ahead.
Sure they could offer a sideloadable app on their website somewhere, but nobody will find it or use it. If your grandma searches for facebook and the top result says "Friendly for Facebook" instead of just "Facebook", do you really think she'll notice the difference let alone go on a wild goose chase of googling for alternative app stores and clicking through scary warnings?
I mean it didn't stop a lot of people from clicking through "scary warnings" to install Facebook's VPN app that hoovered up their data. I think you are vastly underestimating what people will go through for a minor benefit to themselves (in the case of the VPN it was low dollar amount gift cards).
FB won't remove their app from the app store but instead will add a new feature or offer a perk that is only in their side-loaded version and it will drive users in droves to install it.
Something tells me the people who installed FB's shaddy VPN via sideloading weren't exactly what's I'd call "competent users".
FB complained about lost revenue from Apple locking down tracking so if $X is what they make per user via the official app store and $Y is what they make on the sideloading app store then there exists $Y-$X = $Z where $Z (or even $Z * some number) can be used for "customer acquisition" to convince people to switch with the goal of making more off them in the long run.
"Get $5 in FB Credit if you download this app", "Get access to this cool new filter if you install this app", etc. No, people here on HN won't be swayed by that but a good number of people will.
I would bet that Apple would still require developers to sign their apps, like they do on macOS.
That means you that if a vendor does something particularly egregious, stuff akin to malware, they can pull the certificate for that vendor. They don’t do that often: IIRC, they’ve only done that in macOS a handful of times.
how did you come to that conclusion? certainly not true in the android world. I don't have the stats on prevalence of sideloadong vs. play, but all official apps are alive and well in play after decades of being able to sideload
Meta already does all sorts of stuff that violates Apple's TOS, they just do it server-side.
> I don't have the freedom to choose the version of the app I want.
Sure you do. You can either use it or you don't. Regulating data privacy isn't Apple's job, if you want that fixed then you should take it up with the government or someone who can actually hold them accountable.
> if you want that fixed then you should take it up with the government
Yeah, I'd strongly prefer the government do what it obviously should and reign in abusive, dangerous stalking-at-scale across the entire economy, but absent that, it sure is nice to have a choice to still get some of that regulation in one area of my life, by going with Apple.
Take away that option and I'm sure as shit not going to feel more free.
> Sure you do. You can either use it or you don't.
That's two choices, where now we have three. Buy Android and every app you download is malware; don't use apps; buy Apple and every app's trying to be malware, but at least they can't be nearly as good at it as on Android. Losing choice three doesn't increase my liberty.
Okay. It's meaningless in a legal context, completely unaccountable and contradictory to their own regulation.
You're welcome to insist otherwise but I don't think any just court would hear you further than that.
> Take away that option and I'm sure as shit not going to feel more free.
Nobody is taking away anything. These apps have always had the option to leave Apple's ecosystem, adding additional stores doesn't miraculously add that possibility. It's like saying that the Taco Bell opening up down the road is threatening your upscale Cantina burrito that you're eating as-we-speak.
> That's two choices
Okay, I'll amend it then. You can either use it, or you don't, or go buy an Android phone. Or degoogle your Android phone, that's 4 options.
Quit whining about liberty and put your stubbornness where your mouth is. Stay on the App Store if you insist, nobody will stop you. If you did it on a Mac, you'd probably look like a bit of a fool though. Plenty of longtime, respectful Apple devouts (see: Panic) acknowledge that the App Store is a raw deal and distribute their apps themselves. There are people other than bad actors advocating for this, as shocking as it may sound. It is possible to see the forest through the trees.
> Buy Android and every app you download is malware
This is really not true. Android has a thriving open source ecosystem of great free apps without any tracking. F-droid even has reproducible builds.
Apple doesn't have this precisely because the lack of sideloading. Not many open source devs want to pay the 100 bucks to offer something for free and to deal with the hit and miss app store review process.
> Take away that option and I'm sure as shit not going to feel more free.
No options will disappear. You don't have to use sideloading. The same way most users on Android don't do it. Even alternative stores like Huawei's are a fringe phenomenon.
> Regulating data privacy isn't Apple's job, if you want that fixed then you should take it up with the government or someone who can actually hold them accountable.
I live in the United States of America, where the government is bought and paid for by companies who dislike privacy for their users.
In the meantime, it may not be Apple's "job," but it's part of their value proposition, and the grumbling from software vendors indicates it's reasonably effective.
You live in the United States of America, which has had Google, Microsoft and Apple under it's thumb since Snowden's leaks. If you want to insinuate that Apple protects you against state-level actors, you should disprove that or at least refute their own transparency page[0].
> the grumbling from software vendors indicates it's reasonably effective.
If not the software vendors, who are you trusting to keep your best interests at-heart here?
> I don't have the freedom to choose the version of the app I want. And now I can't actually trust any of the apps out there because none of them are required to follow any of Apple's guidelines.
You don't have that "freedom" right now either, it's just the Apple Store one.
Also the law is about giving options on the distribution system, not on "app versions". So if Epic or 37 Signals use their own channel to distribute their own apps with subscriptions fees, they can do it and Apple cannot take its cut. So, Apple might want to reduce their fees there. You know, competition.
Right, but the person I responded to spoke as if this was going to be a way to increase consumer choice. It's not.
Everyone will not get "the privacy/control tradeoff they want". They're going to get whatever the creator of the app decides. And sure, for TODO apps, you can choose from the 15 billion ones out there. But if you want ride-sharing, you have Lyft and Uber. If you want specific services, you will have to use their app.
And after the shit Epic pulled, I don't really think I want them in control of the payment processing portion.
Apple doesn't offer Uber. Uber offers Uber. Uber offers it through the App Store because that's their only option. And even if the only thing that happens is that Apple takes a smaller percentage, that doesn't impact me at all. I'd still pay the same.
So, in your best case, we have a scenario that is neutral for me. Excuse me for not being thrilled by that.
Software isn't fungible and right now today you have the ability to install facebook with app store restrictions on iOS and without on Android. If FB pulls from the app store that choice is taken away.
No, you can't. You can have some protections against the most egregious overreaches, but if you're concerned about privacy you shouldn't be on Facebook, ever, on any platform.
Aside from that, there's no way Facebook will remove themselves from the app store. Apple isn't going to make sideloading easy enough for the average Facebook user.
No, you can't.
And if you could, the protections aren't that good.
And if they were, it's not going to happen anyway.
And if it does, that's Apple's fault for making it too easy.
And even so, you deserve it anyway for using Facebook.
I don't think is the argument you think it is. It's basically "nuh-uh" while agreeing with all the arguments in favor no sideloading along the way.
Facebook has 2.95 billion MAUs and 73% of the entire US population actively use it, 93% of businesses are on it -- "just don't use Facebook" is a woefully out of touch take. And this is only Facebook and doesn't include IG and WhatsApp. Meta is 4/4 of the most downloaded apps.
> "just don't use Facebook" is a woefully out of touch take
It's worked for me so far, and we're way past peak Facebook, so I don't see myself needing to use it in the future. Businesses still have phone numbers, and none of my friends or family are active on any Meta platform. I really don't think it's the pillar of society that you seem to think it is.
You can also do it the same way I use Facebook on my desktop without install an app that gives up my privacy. Open up my browser and type in www dot facebook dot com. You'll get all the privacy protection that Safari on The App Store gives you. I think they even have a PWA now if you really want an icon to make it easier.
You're confused on hows removing your privacy in this example though. The recent-ish changes to iOS protects your privacy from FB. So, yeah, your choice is use FB or don't. It has always been this way. The app store is not the bad guy in the FB conversation.
On some things but not others. E.g. OS protections don't limit against things like "Displaying targeted advertisements in your app based on user data collected from apps and websites owned by other companies." as it's not something the OS can really know is happening, just that there are ads being loaded.
The OS can control the data the app has access to for fingerprinting, with enough restrictions apps like Facebook would still have to rely on guesswork to do so
The OS can only stop fingerprinting of the hardware while the app is generating a fingerprint of the user. The latter is more valuable anyways since most users use more than 1 device and change those devices over time.
You can't solve a behavior problem with OS controls. It's not about what bits on the device are readable it's about what happens with the identity information shared with 3rd parties.
Play has restrictions they are just less strict than the App Store. Similarly on iOS if people are choosing iOS for this vetting then it follows Facebook would not be able to migrate to being a 3rd party app just because the option is there. All else being equal it's actually quite hard to get most users to use anything but the default store anyways, as is seen on Android.
> You're dreading giving other people the freedom to make one choice
Users made this choice when they bought an Apple product in the first place. Everybody knows well in advance that this is the current state of things, that is a well-informed choice by the end user.
I did not know that side loading was impossible when I choose the ios ecosystem. I mainly chose it because the green texts made communicating difficult. Now I'm locked in.
I agree, and the idea of a sideload-able iOS makes me very uneasy. I like the idea of Apple aligning itself with the user to protect me and, more importantly, my tech-unsavvy friends and family, from scams, data-hoarding apps, and just generally crappy software. I don't mind that they take a portion of revenue in return for providing that platform (30% feels too much, but you can't argue that it should be zero).
Unfortunately, in practice, Apple have proven to be entirely incompetent at achieving that protection. The App Store is 90%+ garbage and scams. It's completely unusable for any form of discovery. Even when you know exactly what app you're looking for, you have to wade through copycats, typo squatters, and even paid adverts trying to distract you from your search.
Sideloading is full of risks, and I don't love it. But it's at least a little bit of competition to push Apple towards make the App Store useful again.
> Sideloading is full of risks, and I don't love it. But it's at least a little bit of competition to push Apple towards make the App Store useful again.
As someone who develops for the platform, I tend to agree, I'll probably never distribute apps with sideloading, but I think ultimately it's a good thing. I'd also be happy if it attracts more interest and developers to the platform who were previously turned off by the App Store process and Apple Tax.
I also build for macOS, which has always allowed sideloading and don't see any major issues with it there.
> I also build for macOS, which has always allowed sideloading
Isn't it funny that something that has been completely normal for decades - the freedom to (develop and) install the software we want - now has new term because corporates have forced themselves as a middle-man to dictate what we can or cannot install? (And worse, now even have automated ways to kill or uninstall a software without our permission. Remember when the Amazon Kindle app deleted the 1984 ebook from everyone's devices (Amazon Secretly Removes "1984" From the Kindle - https://gizmodo.com/amazon-secretly-removes-1984-from-the-ki... )? That's the bleak future we are heading to ...)
It should at the very least help with Safari. What a dreadful existence that browser is when you can't get extensions into the store without paying the 99/yr fee, which has stopped a lot of potential ports from happening.
Most ports right now are quite gnarly, you have to jump through a multi step build process just to do what other browsers can handle in a single click or drag and drop. Other methods I've seen involve relying on something like tampermonkey to run the scripts on the sites you want. Alternatively, making safari users mad by making your extension cost on the app store.
So I have high hopes! Finally developers should be able to release things for safari without feeling so suffocated.
That won't happen. People will install Chrome, and that's the end of it. Well, not the end of Google, of course, which will now have even more opportinuties to grab your data and sell your privacy.
I'm not sure you're really following. If developers are already jumping through hoops to make their extensions available for safari users, the only way this "will not happen" is if apple makes barriers to entry even worse.
Safari will become irrelevant. Users, some through ignorance, others coerced by incompetent front-end teams ("Safari is the new IE") will switch to Chrome. It will be the end of Safari. There will only be a few extension developers left.
When that happens, please switch to Firefox. It has more extensions than you'll ever need, and it's better for the tech environment and your privacy.
I use Safari as a daily driver because it tends to have a low impact on my machine. Whether Apple has the stomach for competing with Google directly after these changes remains to be seen, Microsoft threw in the towel after all.
Are you worried about piracy or that your app may not be available to all platform users anymore? I bet that immediately after this feature comes countries, mobile providers, etc. will roll out their own app stores and many users will not go with Apple's. Those stores will probably incentivize big apps like Facebook get on them but not regular solo developers. You may have to distribute your app through a dozen of app stores and comply with all their differing regulations and review processes instead of one, or pass on user share... (Or more likely you'll need to pay up some app store distribution middleman who will capitalize on the situation)
I think the thing with macOS is, is that if sideloading ever became impossible on mac OS, they would instantly lose most, if not all of the major applications, making the platform irrelevant.
Nobody's forcing you to do these things, though (except arguably paying taxes). Of course, nobody's forcing me to use an iPhone either. I just picked the least crap option I could find given my personal preferences.
What I object to is the idea that I'd be better off with more totalitarianism (in this instance, a corporation dictating which computing I am allowed to perform on my pocket computer) rather than less. I prefer as little as possible.
Again, I sacrifice some freedom and privacy (too much, I'm afraid) for convenience. But I certainly won't go ahead and say, "I wish I'd sacrificed even more."
Though I can understand that this is very common, and appears to be an adaptive mechanism that maintains mental health by minimizing cognitive dissonance.
Why is everyone so worried that Facebook, etc. will pull out of the App Store and require sideloading on iOS just because it'll be possible, when they haven't pulled out of the Play Store or required sideloading on Android where that's already been possible all along?
It's a talking point. I'm sorry that it is negative and it might not fair to the parent commenter, but it's obvious bs. It is a propaganda point that was placed somehow into the discussion and gets repeated again and again. In no world does it make any sense that an app like FB would not try to be in every big store, but here we are, having that "concern" repeated under every Apple sideloading discussion.
Propaganda is fucking awesome in how effective it can be. And equally dangerous.
The difference between the Play store and the Apple App store is that the Play store doesn't even pretend to protect against apps that do underhanded, unexpected, and intrusive things. There are numerous stories of iOS apps being pulled out of the store for using private APIs to bypass this or that protection.
That's not true. The Play store absolutely promises such protection, and Google adds more protection measures every year. The Android system even warns you when you install apps from other sources. Also see the related https://support.google.com/googleplay/answer/2812853?hl=en.
Running a "safety check" is not the same thing as the (admittedly opaque) Apple App Store review process. Based on the challenges developers have had with Apple getting certain apps approved, the Apple App Store review process is significantly more involved than Google's.
Is your argument that because Apple's review process has a lot of false positives, that it must be good? Consider a "review" process that consists of rolling two dice, and rejecting the app if you rolled snake eyes.
The Play Store reviews promises more than a rubber stamp. It's okay to see it as such, but you said above the Play Store doesn't even pretend; If that were the case there would be no review process.
Google will this year address some of the data leaks that are still possible by limiting what apps can do. They introduced the limitations before, now apps will be forced to use the newer API targets that enable them. And that is done via the limitations the Play Store applies to apps (rule based + reviews) and the changed to Android's permission system.
All of that can be criticized in detail, but that they are doing nothing and not even try to project the image that they protect users is just wrong.
As an iOS user who doesn’t care to give my mobile device any thought at all, Google has a long way to go to overcome the perception that behind a thin shiny veneer, the Play store is like Mos Eisley.
That and seamless shared clip boarding keep me from leaving the ecosystem.
I wouldn’t call it propaganda. Facebook’s reputation in this regard hasn’t exactly been stellar because they’ve been caught red-handed spying on users at scale [1] [2].
And Apple was swift to limit the damage of their spying by banning [1] their app from the app store which is why the point the gp is making is sound. The app store is two things: a (heavy-handed) review process and a marketplace. Without the Apple app store review process, you’d end up with what looks like the Google Play store.
So it’s not hard to imagine Facebook disappearing completely from the Apple app store (to avoid being bogged down by Apple’s policies) forcing users to sideload the app directly from their website to “get their fix”.
Why would the technical solution that solved the privacy issue not still solve it just because it is now sideloaded? It’s not like the sandbox will suddenly get disabled for sideloaded apps..
> when they haven't pulled out of the Play Store or required sideloading on Android where that's already been possible all along?
Has Android restricted spying as much as iOS has? I seem to recall Facebook freaking out pretty hard about iOS policy changes around tracking and blaming that for some serious revenue shortfalls, a while back, and have no such recollection about Android, but maybe I just missed it.
Because Facebook announced publicly that Apple's privacy policy changes would cost them $10 billion[0], putting them on the record as having strong motive to avoid the App Store.
Yes, Facebook has plenty of motive. Apple mandating that Facebook give users the ability to opt out of their tracking has made a major dent in their revenue, and Google never implemented an equivalent requirement for the Play Store.
Additionally, iOS users' attention has traditionally been worth more to advertisers than that of their Android using counterparts because they buy so much more.
App Tracking Transparency is more App Store policy than technical feature, and even if Apple were stonewalling third party dev access by technical means, outside of the App Store there's nothing to stop Facebook from using a rotating set of holes to pull data through, turning the situation into an arms race which will only result in iOS being locked down progressively further, despite having sideloading.
I don't think Apple will diminish their control on the App Store requirement, it's too much of a selling point to them. In fact I hope they keep their requirements the same, and I'm quite happy to see sideloading becoming a thing. More choice is nice.
I'd be so happy to see F-Droid venturing on the iOS side, and distribute open-source apps you can trust that would otherwise not be available on the App Store (emulators, third-party YouTube clients, an actual Mozilla Firefox browser using its own rendering engine, etc).
The only reason I am using an Android phone and not an iOS one is because of F-Droid to install the open-source app I like and need. I would definitely switch to iOS if I could have this freedom there.
I hate that with Android I trust that Google will at some point succeed with a dark pattern in letting me agree to siphon my data without my real agreement.
TBH I'm hoping Apple will use this to actually improve the app store's position and security, get rid of all the garbage spam apps, fake clone games and whatnot. But I doubt they will, given they make a ton of money off the scam subscription apps.
This seems like the wrong target. A better solution might be to break the monopoly control that platform operators like Apple and Google have and impose proper laws and regulations to fight abusive behaviours by app developers (and the platform operators, if necessary).
Even if this set of changes is coming out of the EU and the chances of getting good tech regulation any time soon might not be high it's probably still better than having all of the safeguards for millions of people using a platform depending only on the whims of companies like Apple, whose track record on user-hostile behaviours and issues like privacy has no shortage of concerning events.
Exactly. Recently there was a big drama by the US where they summoned TikTok app's management to answer questions publicly in a Congressional hearing. International media were commenting how America is getting ready to ban TikTok because of privacy concerns that allegedly even allowed spying.
None of the major media in the USA even suggested that a strong data privacy act, and a general privacy regulation, could fix this for every app and be a better long-term solution.
Stop installing "evil apps" and stop believing Apple actually cares about you. Cheering for a corporation to control what you can and can't install on your phone is gross.
App Store review was not stopping evil/scam apps, though. I would expect the system privacy APIs to clamp down on the worst of it (even Facebook can't violate your privacy if it can't identify your device, or access its contents or location).
Normal users don't sideload on Android. Even the (objectively easy) steps for enabling it there are too much for the average user. Why do you think this would be any different?
> I want privacy hostile companies like Facebook to have to comply with the app store rules and respect system settings relating to privacy. As a user, I'm thrilled when Apple wields its big stick to stop big tech companies from overreaching.
Apple's reality distortion field never really faded. Any Action taken by Apple Is Absolutely Righteous. Even if the very same action taken by another company would make them Absolutely Evil. The cognitive dissonance is truly amazing.
> I want privacy hostile companies like Facebook to have to comply with the app store rules and respect system settings relating to privacy.
Just as a general reminder, I heavily recommend that you not install Facebook on your phone even if you have an iPhone. There are good things Apple is doing with enforcing privacy controls, the controls aren't useless, but there are still loopholes: https://arstechnica.com/information-technology/2022/04/a-yea...
To provide a counter silver-lining to the concerns here, I'm hoping that if iOS gets sideloading that maybe apps like NewPipe could start becoming more commonly available for iOS users.
Right now, iOS is sort of stuck in this middle ground where Apple does legitimately do some excellent work reducing the privileges of apps, but also... you still have to use those apps if you want access to the services. It would be good to see more unofficial clients for some of these services like NewPipe or Twire get better support like they have on Android. I'm not knocking Apple here, they're trying to hit a middle ground between accessibility and privacy, but I don't want people thinking that the iOS version of Facebook isn't still tracking them. It's (hopefully) tracking less than it would on Android, but it's still tracking.
Has everyone forgotten that bit where Facebook sent representatives out to college campuses and paid students twenty bucks to install their VPN app (distributed via Apple's beta or testflight or whatever)?
Apps like Instagram are popular enough that, if Meta wants to move them to their own app store (possibly incentivized via exclusive new features), people _will_ follow. And the VPN thing shows that there's no depths to the level of trickery and and violation of privacy that they will indulge in.
You're phrasing that as though paid market research is on the order of living through war. If we don't all remember that continuously in the context of how dangerous app installs are, it might not be warranted.
I kinda like being able to install open source software without agreeing to anyone's terms of service. I'm typing this from an open source browser going through an open source firewall that blocks trackers which both came from an app store that I contributed to, for example. That's a lot more benefit than letting a bigcorp from another continent with a very different culture decide the rules about everything you can do with every unit sold.
There are paths where you can prohibit businesses you deem evil from paying people to study their lives that don't involve letting your device's content rules be set by an undemocratic and profit-oriented company.
It's the OS that enforces privacy and security, not the App Store. They won't be able to do much more than they can now.
Besides, they'll stay on the App Store just like they are still on the Google Play Store on Android where side loading has been possible since version 1.0.
Same. I wish all laptops and all electronics gadgets are totally locked down and only cozintrollable by the manufacturer. Like Lenovo laptop, should only have apps from Lenovo store. I would also say we should have only one editor. I don't see point of many. Like you, i am filled with dread about multiple choices!
Edit: just thought of an idea. Maybe each ISP can provide a store and we can only install from those into our devices. After all, we trust ISP already
In response to Facebook or WhatsApp requiring side-loading, one might remark:
> "Just don't use services provided by Meta"
There are insurmountable network effects.
For example, I must keep WhatsApp on my phone if I want to know when child's swim practice is moved/canceled/etc. There is only one swim team in the area. Getting other parents to use Signal ain't happening unless the head coach requires it. The head coach isn't moving to Signal unless parents already use it. Moreover, I'm a coach, so I have more say/power over this than typical.
Of course, I could always force my kid to find another after school activity... or, I can buy an iPhone. At least with an iPhone I can deny Meta access to my Contacts, which it incessantly requests.
This is just one concrete example. There are plenty of organizations land-locked to Facebook for the same reasons; dropping Facebook is tantamount to collapsing the community they built.
For me, checking the monopoly power of Meta by using an iPhone
is the least worst option. At least Apple has interests that are partially aligned with mine... as they want me to buy my next mobile device from them.
Apple (and Google) blocks all sorts of apps from their stores that even though legal in nature are not allowed for some arbitrary reason that helps their bottomline. E.g. things like gambling, crypto, adult etc are all blocked. On Android you have the choice to side load them on iOS you can't. For this reason alone allowing sideloading will be a generally good thing.
For the average user there will be zero impact and for the power users who wants to still to Apple's guidelines no one is forcing them to install anything they don't want to. If its any similar to Android it will take quite a few clicks to allow the installation which deters the average user from installing unwanted stuff.
How does blocking gambling, crypto, and adult content help their bottom line? Seems to me like these would be a lucrative source of income if they allowed them on the store.
The risk to the average user is that an app they want is removed from the App Store and only available via sideloaidng.
Adult and Gambling have different compliance requirements with banks and payment processors, some outright don't allow dealing with these types of content/marketplaces (have a look at Stripe's T&C as an example). Apple and Google would rather not get into these markets than dealing with the legal complexities, this is the reason they are blocked. If they were doing it for the good of the users they would have just blocked them for underage users.
> Apple and Google would rather not get into these markets than dealing with the legal complexities, this is the reason they are blocked
I find this claim pretty suspect. What are you basing this on? I'm sure the extra income would be vastly more than the cost of dealing with legal complexities.
You do realize that the sandbox won’t seize to exist, right? Apple does jackshit at censoring the App Store, they run some routine checks on the code and disallow upload if it has “porn” in the title, the real security is the sandbox.
No such thing really happened on Android. Facebook is still there.
But the opposite happened , apps were pushed out from the Store and if you are using iOS you are screwed but on Android you could decide to take the risk and side load the app from the official website. I just had to do this, I installed solar panels and they are made by Huawei, thx to USA-China wars , Huawei apps are no longer in google Play and Huawei phones do not contain Google Play support anymore (or last time I checked)
The extent to which Apple has hammered the idea that any sort of freedom is unconditionally dangerous and undesirable into its users' heads is legitimately impressive.
To support sideloading do they have to "Relax control" though?
I think the fear is "sideloaded apps can do bad things" and my answer is make the OS better and more clearly manage bad things?
What are the bad things we imagine a sideloaded app could do? Like it still has to follow the platform APIs right? It would have to ask for perms? Sure, it could have egregious tracking or spam, or hostile ads, but app store apps already have this??
The risk of big companies like Meta requiring users to sideload in order to use their service. To me the answer is obvious: don't use services provided by Meta. They can choose to race to the bottom all they want. I welcome the freedom to use my phone the way I want to.
If bad actors choose to misbehave don't blame the medium they're misbehaving on. This line of thinking is similar to negotiating with terrorists.
What? The most meaningful privacy controls are enforced at the OS layer as technical controls. The thing that prevents Facebook from accessing all your contacts is the design of iOS, not the App Store.
Allowing sideloading of apps does nothing to weaken the technical features meant to enable privacy and security that are already in place.
In fact, you shouldn't have been relying on the App Store in the first place, as malware/spyware can and does slip through their very human and very fallible approval process.
This talking point is so common in every thread about sideloading Apple devices that I can't determine whether it's propaganda or ignorance.
I think Apple may not have a choice. This is a move that will leave Apple free (or freer) of liability in various situations. For example, Apple is no longer liable if you sideload an app that is outlawed by your locality, and Apple removing apps from the App Store for violating App Store TOS can no longer be as strongly framed in a censorship debate.
I'm looking forward to it because quite a few apps that feature adult content can exist on iOS now and not have to be clunky web apps.
> The setting that Facebook hates and evidently bet the whole company on - "Ask App Not To Track" - probably wouldn't go away for sideloaded apps.
Apple phrased that as peculiarly as they did for several reasons. "Ask App Not To Track" is not "Force App Not To Track", it relies a lot on self-disclosure from apps and some discovery from App Store testing cycles and apps already currently lie about it and things are missed in App Store certification.
There's less reason for self-disclosure by sideloaded apps and no certification process to spot-check such self-disclosures even if a sideloaded app provided them.
"Ask App Not To Track" does feel like a vulnerable tool if sideloading is allowed and certain major apps create pressure to encourage average users to sideload some common apps.
Whether or not you are looking forward to capabilities that sideloading would grant, it is fair to lament the possible loss of how good "Ask App Not To Track" has been so far and assume it will get worse in a sideloading world.
> I'm thrilled when Apple wields its big stick to stop big tech companies from overreaching.
If Apple did just that, it would have been ok. But they didn't stop at that - they decided to do the very same thing that Google, Meta, Amazon, Microsoft etc. - after partially preventing their competitors from getting hand on some data they started to deliberately invade our privacy and collect as much of our personal data as they can to mine it. They self-appointed and forced themselves to be our conservatorship ( https://medium.com/@tonytyre9/what-is-conservatorship-legal-... ) because we have all been judged too stupid to manage it ourself. And like any abusive conservatorship they also exploit us.
None of this affects you whatsoever. Just don't use a sideloaded apps. I don't see why this would bother you in any way.
Personally if Apple finally allows me to install whatever I want on my phones then I may return to their phones. Until then, I will use Android since I can download and install any .apk I want on my device.
> None of this affects you whatsoever. Just don't use a sideloaded apps. I don't see why this would bother you in any way.
That's unfortunately wrong.
Say you use WhatsApp to keep in touch with your friends. Say Facebook pulls WhatsApp from the app store and makes it only available via side-loading. What do you do? You have to decide between trying to move everyone you know off of WhatsApp, or you side-load.
An unattractive decision is still a decision you can make.
If you believe so strongly that you shouldn't sideload applications, you absolutely have the choice to not do it. It may not be a choice that you like, but it is a choice available to you. Which I think is what's so wonderful about this whole situation. It's opening up options that were previously unavailable.
Besides, this kind of Sophie's Choice has been around forever. Your friends all use Facebook Messenger but you're morally against Meta. Do you compromise your principles so you can see gifs your friends post or do you stand your ground and potentially miss out?
It's just a variation on another theme that's been around for ages. Only this time it actually adds exciting possibilities rather than a binary 'use' or 'don't use' choice.
There's a potential that someone who's currently using some app without side-loading won't have the opportunity to keep using the app without side-loading as a result of a decision to allow side-loading. That means "this decision doesn't affect you, just keep using apps without side-loading" isn't a valid statement.
You're right that everyone will technically always have the choice not to side-load. Just like everyone technically has the choice to not own a phone in the first place. It's the "it doesn't affect you whatsoever" part I take issue with.
> Say Facebook pulls WhatsApp from the app store and makes it only available via side-loading.
Say a meteorite hits the Earth and we all die.
In a completely hypothetical scenario there are much worse things that can happen than Facebook voluntarily pulling WhatsApp from the App store, forcing their users to side-load it, gaining nothing on the permissions side of the bargain while at the same time losing a majority of their users or, even more probably, having users stuck on the last version they could install from the store and never update again.
Because it doesn't seem implausible? Apple allowing side-loading is unprecedented, we can't say from experience how companies will respond to the ability to side-load.
The closest analog we have is Android, where side-loading is permitted. Google Play is much more lenient than the App Store, so there's less incentive for companies to make their apps sideload-only than on iOS, yet some companies have already done it. Alternative software stores are also a thing there.
I'm also not against side-loading. I think, as the owner of the device, I should be able to put software on it without Apple's permission. My only point here is that there are ways in which people who don't have to may be forced into side-loading software, meaning "just don't side-load if you don't want" is too simplistic.
Apple is only trying to open up how the apps can be distributed to the phone. It’s not removing restrictions around how an app tuns on the phone. From what I guess (reading around so far) these apps might as well have it tougher because the sandbox for these could be more restrictive.
However there could be things like — e.g. TrueCaller might refuse to work without contact permission and call log etc (just like on Android; on iOS it works just fine) but when side-loaded these could demand all those permissions to run. Well that is something we may have to see how such changes pan out.
This reminds me of the "protections" real estate agents provide by taking a "meager" 5% commission on a home sale. Right now it seems practically impossible to sell a house without the involvement of an agency. I wish we could get rid of these overpaid middle men for filling out a bunch of forms and taking zero risk.
I feel what Apple is doing is taking 30% of what you pay to e.g. Spotify as a middle man because they made the device and can dictate whatever terms they please. How are people ok with this is beyond me.
> I'm dreading this. I want privacy hostile companies like Facebook to have to comply with the app store rules
I can't honestly understand this argument.
Are you afraid of yourself?
If you don't trust Facebook, don't install their app.
App store or not, nothing changes, what the app is allowed to do is the exact same thing, they're asking for the exact same permissions, that you can grant or not on a per app/per permission basis.
End of the story.
But if I want to install an app that I completely trust, because I know the developer or I have developed it myself, I can't install it now.
They're got going to have such mainstream apps only available by sideloading. Not enough people do it. See how few people actually use this on Android. It's way too complex and scary for Joe Soap and Facebook won't want to lose all of them.
The only big player I can imagine doing this is TikTok if they really get banned, they'll still lose a ton of users though.
It's a great thing for the ecosystem because at least those who want to sideload can do it.
They could allow side loaded apps with the same notarization requirements as Mac apps. This could prevent the proliferation of outright malware. Even side loaded apps are still subject to the iOS app sandbox. The permissions APIs could still be enforced too. Done correctly, this could be like current side loading but without the need for a developer certificate to make apps last more than 7 days.
I'm less worried about the large companies than the scammers. If we look at Android, the big name apps will stay in the OEM app store and the scammers will trick the young and old into installing their janky app from an untrusted source. Hopefully Apple will have a setting in parental controls that prevents side loading.
I agree with you and I hate that you are being downvoted.
People love to say this is about choice for the consumer but it really is not going to be.
My fear is that the choice will be taken away from my by companies that are no longer able to engage in shady behavior on iOS. Things like trying to collect all my data, forcing me into their billing system, shady subscriptions (like how I can cancel or reminders of it being about to charge).
The Facebooks, TikTok, etc know that many of their users are addicted to their platform and it would not be a stretch for them to push users to download the app through a third party service. I could even see them going so far as to not be on the official store because they know they have the name recognition.
Facebook could even make their own store for other apps that don't want to respect my privacy.
This is a huge concern of mine that this could be a trend that starts small but overtime I no longer have the choice to avoid these alternate stores or to side load to be able to continue to get the full use out of my phone.
Choice is great, but this is giving the choice to developers not consumers.
This doesn't mean that Apple's solution is perfect, but just opening up the flood gates is not the solution either. If you really want to side load get an Android phone.
You can never assume that one company represents your interests better than another: the solution to reducing addictive patterns is to enable other developers to build more privacy-oriented and dark-pattern-busting apps (one sec is a good example of this).
Apple makes certain aspects of the phone addictive as well (i.e. the app tray that can't be disabled, Screen Time is a joke for actually trying to restrict how much time is spent on apps, etc.), and the lack of 3rd party APIs to modify the addictive behavior makes it difficult to control.
The easiest way to reduce addiction to devices is design UX roadblocks that prevent seamless, mindless interaction with the device, and the "digital drug" providers are never going to willingly build that themselves.
I agree that we should be talking about the addition problem of these apps.
But I reference these specifically as being the gateway to more bad behavior.
The idea of Facebook being able to introduce their own App Store for example that would allow other developers to engage in the same shady behavior.
I only mention those apps since I feel like they have the addicted user base to be able to pull it off in a meaningful way, but I don't mean that those apps are specifically my concern.
Any technology can be abused and misused. If the bar for introducing any new technology was that it couldn't do harm to anyone, then nothing would ever change.
The current marketplace for apps gives us very limited choice in many ways, it's more of an illusion of choice in many cases. If 3rd-party marketplaces allow us to build more and less-private apps at the same time, I see that as a net positive.
>...this could be a trend that starts small but overtime I no longer have the choice to avoid these alternate stores...
You wouldn't lose that choice. Want only Apple-vetted apps? Only use their App Store. Easy. Maybe I'm misunderstanding, but you seem to be saying: 'evil facebook will harvest more data, but I want to keep using evil facebook'. Maybe the conclusion you need to reach is that you should stop using facebook (and the like)?
No I am not saying I want to continue using Facebook, but as more technical people we have to understand the impact that this has on non technical people.
Short term we may just see apps like Facebook, TikTok, and others that wish to engage in shady practices put out a side loaded app. Fine no harm done I can just choose to not use those.
But as they get more users they could push their own app stores that make it even easier for other smaller apps to ditch the App Store entirely.
My concern is not what happens right away for me. (But we should all be concerned about companies like Facebook being able to harvest more data and be more shady for others). But as time goes on and if I need a certain app that I no longer have the choice of using an App Store with basic protections in place because its too easy for a developer to use the alternate store.
We all know that app developers love to use really shady practices, this is just going to make it worse.
Per the parent comment, the terms they would have to add to be competitive in this scenario would be "Developers can blatantly and horrendously mine all sensitive data from users." which, while they would be appreciated by many businesses that want to provide apps to iOS users, may not be as desirable to the users themselves.
Essentially, what I believe that parent comment is calling out is that Apple is currently (voluntarily) acting as a user advocate by discouraging exploitative behavior, and enforcing that position using their monopsony.
When the monopsony breaks down, Apple will lose the power to enforce this rule, and exploitative practices will become the new norm. Of course, this does take a somewhat paternalistic view of users, in that it assumes that people will continue to use TikTok, Instagram, and so on despite their privacy being grossly violated. I think that this assumption does have a strong precedence, however.
And not just privacy but also shady practices around canceling and managing subscriptions and others.
There is a very good reason I bought my parents iOS devices and the app store is the biggest one.
Even as a technical person myself this is a big selling point for me to have an iPhone.
Does it give a lot of control to apple and have they blocked some apps I wish they could allow, Yes!
But I will take that over a future (that I really don't see being an "IF" since we know developers like Facebook will jump at the chance to be shady, and they could just make it easier for others to follow) where the choice is made for me by an app not being available on the store.
I'll respond to both of your comments here, since I think you're largely coming around to the same point.
> the terms they would have to add to be competitive in this scenario would be "Developers can blatantly and horrendously mine all sensitive data from users."
If they can do this as-is on iOS, that's the OS manufacturer's failure, not the failure of the store. Apple controls the runtime, they control what data gets exposed. Same as it ever was.
> Apple is currently (voluntarily) acting as a user advocate by discouraging exploitative behavior
I'm going to proceed on good faith and say I agree. Their idea of "exploitative behavior" is an obvious double-standard, but they don't make zero effort to protect their runtime. For the sake of argumentation, I'll assume they're entirely benevolent (even if I believe they aren't).
> Apple will lose the power to enforce this rule, and exploitative practices will become the new norm.
No they won't. They control the sandbox, there is no reason to assume "this rule" goes away. They just have to enforce it on an OS level instead of with arbitrary App Store signing. Their current method is arguably the worse/less secure option anyways.
> it assumes that people will continue to use TikTok, Instagram, and so on despite their privacy being grossly violated.
They already do. Apple can protect them against certain fine-grained fingerprinting from the runtime (and should), but they haven't removed any of those apps from their store. They all violate their acceptable terms for data processing, but they do it server-side where Apple can prove nothing. Apple's personal enforcement crusade failed since they cannot compel any company to truly act in good faith. It's living proof that the government should be handling this, not a private company. If Apple would lobby for privacy bills stifling Meta/TikTok, their privacy dollars would go much further than signing certs for known malicious apps.
---
> And not just privacy but also shady practices around canceling and managing subscriptions and others.
Sure, all those are great features. They also require Apple to charge an asinine per-transaction fee to sustain, but I'm sure the user experience is excellent. Without the ability to impose an unfair monopoly, I'm not sure if they'll be able to offer these going forward.
> Even as a technical person myself this is a big selling point for me to have an iPhone.
I'd hate to hear what you go through when you gotta cancel the morning edition of The Times.
> But I will take that over a future where the choice is made for me by an app not being available on the store.
You don't get to choose. If the market settles on an illegal or unproductive status quo, it will be disrupted or regulated back into functionality. It doesn't matter if you're a user or a shareholder, bad behavior gets patched-up through the democratic process. Apple is standing in the way of fixing things, and instead of cooperating they're being bent into compliance by the EU and States.
> that I really don't see being an "IF" since we know developers like Facebook will jump at the chance to be shady
FWIW, it's not like Apple doesn't also have a litany of shady moments. They're cardholding PRISM members who have no problem operating in China even if it means compromising iCloud. They want to upload unique identifiers for your Photo Gallery so they can pinkie-promise that they won't use it for anything bad, complimenting their OCSP telemetry.
Facebook is no saint, but nobody is forcing you to use their app. Your "fear" is that other people might still find Facebook's terms agreeable after leaving the App Store, which is neither "your" business nor that different from the status quo. The only thing that changes is Apple isn't negotiating the business side of things anymore... and why should they? Their only concern should be keeping the runtime secure and improving their platform.
---
In conclusion, myself (and a number of regulators) feel like Apple has asserted unfair control over app distribution. No foul, they still have a chance to fix things - the iOS platform can still remain secure while offering users options. The very plain reason Apple resists this is because the status quo is profitable - the App Store makes ~$80bn annually on a good year, so they'll defend it's monopoly to the death. Apple shouldn't say what the user does on a phone they own though. You should have the option to default to Apple's opinion, but purchasing any product does not make you beholden to the manufacturer's will. Apple has seemingly forgotten this: the government will kick them out of bed if it finds that they've been fucking the economy on the side this whole time.
Let's stop pretending that not being allowed to engage in "mining sensitive data" is the only reason a company has to not want to be on the app store.
- Discrimination against entire fields of endeavor like emulators and streaming clients
- 30% tax
- Victorian era morality clause that has forced applications to make UX degrading changes for NSFW content
- Anti-competitive behavior for anything that competes with Apple's own offerings, including e-books (audible), music (bandcamp), web browsers (Firefox/Chrome), and probably more I'm not thinking about right now.
- No GPL on the app store
If this were just about "Facebook is mad because they can't data mine and stay on the app store" there would be a much stronger case, but in the world we live in, Apple has abused their so-called "user advocate" position to advance their own interests at the expense of their competitors, and users, in many other ways. They did not have to do this.
If you want to be upset at someone, be upset at Apple for inviting the typically heavy and imprecise hammer of the state when they could have just stayed in their lane and not behaved like greedy controlling puppet masters.
Like TikTok and Facebook, both of whom already collect and process data serverside? If we want those things seriously addressed, we should be lobbying governments to fix it. Private companies are obligated to serve the government and shareholders first, then address your privacy somewhere after that.
There are no terms on which companies big enough to already be bad actors and not get banned[0] won't at least push users to their own app stores where they can easily sidestep any of Apple's privacy rules.
Of course not! They have an image to uphold, as the stalwart tinfoil knights of user privacy. However they respond is up to them, their forced competition with the free market is inevitable though.
Think about it this way: any app that refuses to go through Apple's store is telling you that you're not a customer they want. If Facebook makes that choice, it's a great time to give up Facebook!
Maybe it's just me, but I'd rather have my government defending my (and most citizen's) interests (with laws such as GDPR) rather than a private company's rules which, as evidenced by this article's existence, have pretty big "collateral damage".
>I want privacy hostile companies like Facebook to have to comply with the app store rules and respect system settings relating to privacy.
How about you spend 10 minutes looking at what Apple is actually doing and realize they are just as if not more "privacy hostile" as Facebook/Google/etc. They've been on a hiring spree since they announced their "privacy" update in 2020 to build out their own Ad Tech/DSP/Self Service Ad Platform.
Yeah - Apple was pulling a monopolistic move and kneecapping their competition for profits sake. They realized "Hey, we can kneecap these guys and in the near future profit billions like they did with our own ad network".
> they are just as if not more "privacy hostile" as Facebook/Google/etc
You're going to have to back that up. Apple is degrading their privacy value prop for sure, but show me their Cambridge Analytica or their "Incognito mode" that still ties web activity back to user identity.
> How is this good for privacy?
That's a straw man. It is possible to believe that 1) Apple is curbing the worst excesses of abusers like Facebook, AND ALSO 2) Apple is making some mistakes that weaken their own privacy story.
> Apple was pulling a monopolistic move and kneecapping their competition for profits sake.
This is a recurring theme on HN and I find it so strange. Are we really supposed to form opinions on what we imagine faceless committees motives are, rather than the actual corporate actions?
I honestly don't care why Facebook does the things they do. My opinion would not change if it turned out it was from the most noble and altruistic motives. Just like I'll judge Apple for what they do. I don't think it's fruitful to argue about whether individual people are a "good person" or "bad person", and it's even less meaningful for giant multinationals.
> This is a recurring theme on HN and I find it so strange. Are we really supposed to form opinions on what we imagine faceless committees motives are, rather than the actual corporate actions?
I’m unsure which side I fall on in this argument, since Apple has had an incredible run of customer-friendly decisions IMO (at least when compared to their competitors, and other near-monopolies). However, it’s important to learn from history too. Amazon was once one of the most revered brands in the world. They successfully priced out local shops and online retailers by stocking everything, having reliable and fast shipping, and good customer service.
But now look at them. Fake products and reviews everywhere, 2 day shipping is no longer a thing, they’re purposefully making returns more of a hassle, and people outside of major metropolitan areas no longer have other options for many things.
Companies with serious lock-in are bound to screw you eventually. Strong culture and product decisions can only last for so long until some minmaxer with no product vision or care for brand reputation starts calling the shots.
I agree with everything you've said. I guess I'm just not invested in guessing whether Apple will make better or worse decisions in the future, or at least I don't have enough confidence in my ability to guess correctly to make any kind of purchasing decisions.
I'll buy Apple until there's something better for my utility function. And then I'll switch and I won't look back. I might read a book about how culture, durable advantages, and customer-first policies are intertwined, I suppose.
> Historically, Apple execs including Tim Cook and Craig Federighi have staunchly opposed sideloading citing privacy and security reasons.
Which is funny to me, because after flipping through the App Store for an email client, I found, on this heavily curated storefront, a single digit number of apps I would trust with my email credentials. Android, with it's option to "sideload" F-Droid, gives me dramatically more options that I trust.
Security and trust do not require locking me out of my own hardware.
Apps you trust is a really poor security mechanism for the general public.
The Apple App Store is a dumpster fire, but there is a perfectly reasonable argument for locking down a device you’re handing to family members who aren’t security conscious.
I don't personally know a single person outside of developers that have side loaded apps on Android. Maybe I am an anomaly, but it just seems very rare.
Fortnite went sideload-only on Android in 2018, and had ~40m players on Android. Their userbase is 60% 18-24 years old, so you may not know many players. [0]
Leading drone maker DJI's app for Android is also sideload-only, and they've sold hundreds of thousands of drones to people, many of whom probably use Android.
My mom got tricked into installing an "emoji pack" that would make her phone give her constant notifications for a gambling website. She doesn't know she sideloaded an app, but that's what happened.
On Android you have to download the app, open it, navigate a dialog with no Next or OK buttons (it requires you to toggle on a permission switch for the application you are using out of a list of applications) and then go back and try again, then click install. If you are doing all of that, you are very determined to install that malware. I don't think protecting against that is worth denying everyone else the freedom to use their device as they see fit.
I'm going to assume you're coming from a place of ignorance here.
A significant portion of people (often > 50) will absolutely follow this process if guided maliciously. Many people are incapable of grokking a warning message, as using a misunderstood device already sets their anxiety high.
I'm not saying Apples method is necessarily the right method, but stating that these people aren't worth protecting - or at least not worth protecting at the cost of opening up a device you bought knowing it was closed and had alternatives for - comes across as callous as best.
I'm on the latest version of MacOS and I routinely install software outside of the App Store (in fact, nearly 100% of the software I install is outside the app store).
Developers don't get paid for information, ads, user data, or per-install / purchase on F-Droid. As a very general rule, apps are uploaded to F-Droid because people made something fun or helpful, and they want to share. Their incentives ("I made something fun!") align with my incentives ("I want something made by a dev that can at least pretend to give a shit about the user"). Apps are not inherently user-hostile, or made for an ulterior motive.
Proprietary app stores are... nearly as much of an exact opposite I can think of, regardless of who sponsors them; Microsoft, Amazon, Google, or Apple, devs are putting apps there to get paid. Sometimes it's user data, sometimes it's "Free" with in-app purchases pushed by dark patterns, sometimes it's to push for consumer lock-in, and sometimes it's straight up malware, like most flashlight and cleaner apps on Google Play. Regardless, the incentives don't align, and that is what I'm on about when I use the word trust here.
People don't like it when a UX change is made by and for the company that just so happens to screw lots of users, or break or slow their usage. That's exceedingly rare on apps made by devs in the first category, and depressingly common for the latter group.
That's irrelevant when you're never going to read the source code. It's like saying that you can trust a chinese chemical plant to make good chicken because if you pay for a flight over there they'll let you read their recipe. Unless somebody actually puts that effort in to check that out and conduct a huge factory-wide audit in their own time for free then you are getting zero benefit from that.
One of the reasons I trust F-Droid more than Apple's App Store and Google Play is that F-Droid prohibits proprietary ad and tracking libraries. F-Droid reviewers are also more technically proficient than Apple's App Store reviewers and less likely to err in judgment.
For me, it's where the apps send the credentials or usage information off to.
Most apps in the iOS App Store are chock full of spyware that reports on everything you do in the app. Many of the Apple system apps function the same way too (even with analytics disabled).
Again, totally genuine question: how do you know this?
From a (my) relatively uninformed perspective, I'd have expected the opposite - that the iOS App store was more of a 'controlled' environment, and the Play store more like the wild west. But maybe this is just me believing Apple's marketing...
Well, any app can make web requests for starters. If Facebook/Meta/Whoever wants to exfiltrate data from their app, they probably can. So, the issue on most apps becomes limiting the amount of personally identifying data that can reach that runtime in the first place.
Both Android and iOS now do a fairly good job sandboxing the filesystem, but both cannot protect against advanced fingerprinting/data processing. Apple can outline acceptable data processing terms in the App Store, but that doesn't stop bad actors from taking data and processing it remotely. In Facebook and TikTok's case, this is almost certainly what's happening - and why the government is the only one capable of holding them in check.
The "alternative" is restricting the amount of entropy a user can generate to near-zero, which isn't really useful for app developers. Suffice to say it's an unsolved issue, even with a singular App Store.
The problem is that most of the mainstream apps will not be in F-Droid et al. when they are the ones which should be in there.
We lose all transparency for the big players. Meta does not want us to know precisely how much it collects data.
If they can start somehow avoid Apples privacy restrictions and reduce transparency with side loading, they will do it.
There isn’t really problem with the lack of sideloading in iOS.
It is just that costly developer licence and strict requiremets of App store to increase the quality of the apps.
Sideloading just makes it easier to install lower quality software and some random oss projects where maintainers do not have either Apple’s licence or time to maintain app store releases.
Of course, there is the payment fee but that is another story.
What happens when the apps which used to be available on the app store get taken down and made sideload-only, like what Epic did with Fortnite on Android?
If you don't want to sideload, then don't. If companies don't want to be on the platform app store anymore, it's not the end of the world. I ran a windows phone for several years; if there's no app for something, there's usually a website, and Safari is loads more usable than mobile IE or mobile Edge; so you're fine for the most part.
Yeah, you might lose out on playing FPS games on your phone, but is that really a loss?
The net loss is to society when Meta pulls Instagram from the official store and says "to continue using Instagram, go to instagram.com in safari and follow the instructions".
And they could close overnight from lack of millions of users.
Apple is not required to make it “download file and double click” easy, the best course for action would be making it relatively hard to enable so that no one’s grandma will be able to follow the instructions.
Epic pulled Fortnite from Google Play Store in 2018 because they wanted to keep more of Google's 30% share and they were back in 18 months because most people aren't that determined to get an app outside of the official app store.
Any company pulling their apps from the App Store must have a pretty good reason to do so, because they're gonna be decimating their download numbers.
> Epic pulled Fortnite from Google Play Store ... and they were back in 18 months because most people aren't that determined to get an app outside of the official app store.
Can you please link me to the Fortnite page on the Play store?
That's an unrelated issue. They're not on the Google Play Store anymore because Google banned them. But they most definitely did come back to the Play Store with their tail between their legs, and even made some salty comments on life outside the Play Store.
If the company is big enough (e.g. not using whatsapp is not an option for a lot of people), or if the app comes from a state that can force you to install it by law, yes it can be.
As opposed to Apple being big enough that they can bully developers into both building for their platform and distributing through the channels they christen?
Don’t worry, you can bet Apple is going to make sideloading as awkward as possible within the bounds of the law. It’s not like Apple woke up one day and decided they don’t like money. It will only be useful for hobbyists.
I'm saying that "[you can] simply just get apps from the official store" is not necessarily correct. I'm not making a value judgement about whether that's a good or a bad thing.
It is a good thing that mainstream users get their apps from somewhere that they've been reviewed by a third party. A world where sideloading from anywhere becomes a normal thing for mainstream users to do, is bad for privacy and security.
I hope Epic does this for the Bandcamp store on iOS (Epic bought Bandcamp recently). The iOS app disallows the purchasing of digital music, but if they can get around the App Store policies then I can purchase digital music from the app without needing to go to the mobile site.
I'm curious what benefit this would actually yield to you? Is it simply just the case of not having to leave the app? Because aside from that, there would (likely) be no IAP; you'd still be required to give your financial info directly to the app.
I suppose the current situation is that buying is disabled in the app because it is not allowed by Apple (without going trough them and pay the 30% cut), but in an app outside the store it could be enabled.
The same thing that happened before: you either chose to install it and side-load it or you don't. Side-loading is something that only a very marginal minority of people do. I don't understand the fearmongering.
Anyway when you sideload an app on an Android phone, the APK is scanned to check if it's secure to install.
Permission wise, nothing changes.
Policy wise, it means no Apple tax and maybe some publisher will be able to cut prices, to the users' benefit.
As dumb as it sounds, I'd buy a second phone for side loading things if I needed to use enough of those apps. Before side loading on my personal phone, I'd want enough real world time to pass to make sure it's not easy to find vulnerabilities that lead to a complete compromise by side loading (they will be found, but it needs to be "zero-click text message for root" levels of rarity).
I look forward to this, not for potentially sketchy third party apps but for my own apps. My phone is the computer, camera, etc. that I always carry with me and I'd like to be able to write my own apps, both for experimenting and for my utility. Just sideload them, no developer program, no yearly license fees, write in languages of my choice, have a VM on my phone if I want.
If nothing else, imagine your own AI assistant that you know respects your privacy because it only communicates with your home server, or fits completely on your phone.
That would still require Apple to open the various APIs. Even though we will be able to sideload apps, it dosent necessarily grant us access to everything we need to compete with let's say Siri (not from a technical standpoint, but from an integration perspective)
> 7. The gatekeeper shall allow providers of services and providers of hardware, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same hardware and software features accessed or controlled via the operating system or virtual assistant listed in the designation decision pursuant to Article 3(9) as are available to services or hardware provided by the gatekeeper. Furthermore, the gatekeeper shall allow business users and alternative providers of services provided together with, or in support of, core platform services, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same operating system, hardware or software features, regardless of whether those features are part of the operating system, as are available to, or used by, that gatekeeper when providing such services.
If you have a free developer account then you need to redeploy the app to your phone every 7 days. You can only add up to 3 devices to your free account, and there's no way to remove them without paying (at least that I could see when I let my subscription lapse), so good luck if you replace your phone too many times or try to share an app with a family member or friend.
It's not impossible, and perhaps it's easy if you've already hit all the pitfalls and know where they are, but I would not describe it as easy.
Having "side loading" -- also known as regular app installation on non-phone platforms -- hasn't caused chaos on desktop platforms or android. No reason to think it will on iOS either.
I beg to differ. How many windows machines were infected in the early 2000's? Would bot-nets exist if Windows had a strict app store back then?
Now: I will agree that freedom to install any software on desktops has been wonderful, and I hope it remains, but I wouldn't say it hasn't caused chaos.
> How many windows machines were infected in the early 2000's?
Great Scott. If you haven't looked at a calendar recently, its not 2001 anymore. The industry has spent the past 23 years improving the security of basically everything. Isolation is better. Filesystem security is better. Anti-virus is better. Browsers are more secure. Everything is more secure. Malware is still around. Its harder and harder for it to cause real damage, unless the user clicks past thirty five warnings.
Because it’s the only way their argument holds any water. In 2023, the security problems inherent to allowing app installations outside operating system stores have been almost completely mitigated.
> How many windows machines were infected in the early 2000's?
Yeah, that's a very bad analogy, it wasn't about side loading, even assuming that MS was able to vet every application out there, which nobody was technologically or had the resources to or wanted to, the infrastructure wasn't there, the OS security was worse than today and based on different assumptions entirely, the responsibility is still in the hands of the user, and, most of all, with good reason users pushed back on the all TPM/Trusted Computing thing.
So they did not want that feature and voted with their money, until they could not vote anymore, because smartphone ruined it for everyone except Google and Apple.
edit:
besides (obviously) RMS [1] being right and opposing to TC/TPM, this BBC article from 2005 [2] summarizes what even users there were not particularly tech savy thought about the topic
A couple of significant quotes
computing base is also used to make digital rights management systems more secure, this will give content providers a lot more control over what we can do with music, movies and books that we have bought from them
We need to ensure that trusted computing remains under the control of the users and is not used to take away the freedoms we enjoy today
Windows had absolutely ZERO security at the time though, appstore or not you could just go into the System32 directory and delete everything. I don't see how any appstore would have solved that, malware would have spread equally with such a poor security model.
because they were not integrated in the operating system [1] and/or the OS were not sandboxed.
Also, app stores did not exist, app stores do scan software for malwares, they are actually antiviruses on the cloud.
but it's an opaque anti virus, not under the user's control, apps could be rejected for whatever reason, so today chaos is only hidden under the rug, but it's actually worse then it was before.
Nobody back then said: "my grandfather should not use the computer, he's in danger", also because if someone owned a computer back then they probably knew how to operate it, today that's not true anymore by a large margin.
My comment was a bit ironic and maybe low quality in that sense.
They wouldn't be needed if there weren't malware chaos in the first hand.
So people were willing to pay for removing malware and keeping their computers safe because the threat was real and common.
It is true that there is still a big chaos, but it is hidden under the rug.
Well, my first computer was a Commodore PET, so I was there before, during, and after. Don't you think iOS with "side loading" would be more like MacOS in 2023 than Windows 98?
On the other hand, you can install 3rd party firewalls, virus scanners and more on windows. That also means you can install programs to know what microsoft is doing with your comptuer, and protect yourself.
Currently there is no way on ios to know what an app is really doing, and what it is sending where.
What people are suggesting is giving an entire new unsupervised point of entry and one with a lot of permissions is opening up unsuspecting users to these kinds of problems.
And iOS could by an iMessage [0]. OS bugs are OS bugs. On Windows, non-administrator accounts and GPO restrictions are the way to go, in an enterprise environment.
I doubt it, most people I know rarely use laptops except for work related purposes... keep in mind we are talking about people not in tech (yes I know hard to imagine that is most people on the planet)
If you look at traffic stats by OS, remember they don't show that most traffic comes disproportionately from a minority of tech users and bots.
I can't wait when Apple will stop being a little childish brat about "What obscure rule does this application break and I am not allowed to publish?" when I will have the ability to publish on competing app store and tell Apple to GFY.
Apple users should also rejoice, because browsers coming to iOS will finally support full PWA functionality and Safari will either support all the features as well (not the current neutered one) or it will disappear into obscurity.
From my perspective I just need a PWA browser with working WebBLE API or Apple stop having set of obscure unpublished rules. I am betting that I will get working PWA sooner than Apple will stop being Apple.
This is my plan, I'm super excited about this change.
I plan to sideload exactly 0 non-play-store apps except maybe dolphin or similar big-name open source things.
I DO plan to sideload two apps of my own (currently web apps but they suffer for being so, as opposed to being native), and while I know apple has given some ways previously to let you have "private" apps etc, they still require paying a ton of money AND you still have to get them approved by Apple!!
I was sad when I left android solely for the reason of sideloading apps, but given I'd used android for ages and only sideloaded two apps: dolphin and one of my own custom apps that I had stopped developing, I figured it wouldn't be a big deal. But I'm looking forward to this a lot now.
Apple already lets you sign your own apps, but i will admit the 1 week expiration is very quick and a $99/year developer subscription for 1 year signing is way too expensive for most hobbyists.
It'll be great to see all the neat little apps that macos has come over to ios
I wonder if there will still be two classes. I imagine sideloadable apps will need notarization like they recently implemented for macOS apps delivered outside the mac app store. They can require a developer account for that, or make it behave differently for the separate classes.
That's exactly what I want to do and what I hope this will eventually enable: Run my own apps on my own frigging devices (no distribution involved) without having to bribe Apple for the privilege (if you don't buy a Developer subscription, you have to re-install your apps weekly to keep them functional).
This would eat the app store alive and I could not be happier. So many very basic and simple, frequently cloned, but sometimes necessary apps exist out there that do the whole trial and subscription song and dance to collect rent. This is only because there is no path for open source alternatives. If there were, it would be like the state of affairs with desktop based software, where you have some first party solution, then on github there are typically a couple open source free alternatives if there is any demand for that sort of software, or there are even whole ecosystems like apt, brew, or conda to maintain open source software on your device.
There's F-Droid on Android, which is exactly what you're describing. App Store for Open Source projects. I'm hoping this brings something similar to Apple Devices!
I can't wait for my banking app to ask me to disable sideloading on iOS before I can actually use it. Such idiocy has been rampant on Android with banking apps refusing to launch when Developer Options are enabled.
That aside, I am very happy with this development. I have personal apps that I'd like to sideload without paying for a developer account. I am also looking forward to a more lively open-source ecosystem around iOS apps which has been significantly lackluster compared to that on Android.
I don’t think banking apps will have much reason to do so, given that sideloaded apps will still be sandboxed. This is not like a jailbreak. I would also assume that apps have no way to check what kind of other apps are installed.
I hope that sideloading detection will not be possible for other apps. Enabling Developer Options is not rooting Android devices but that hasn't stopped many banking apps forcing users to completely disable them before they can be opened.
It seems like everyone in these discussions sees only two worlds: lawless hellscape of intrusive, data-stealing apps that permit freedom or “walled garden” of good apps that restrict it and users’ freedom. The truth, as always, is already somewhere in between. And it will be after iOS 17.
Let’s see how Apple innovates in this space. It’s time. The iPhone is 16 years old this year. Time to users get behind the wheel if they want to.
My nightmare scenario is if every country and mobile reseller will come up with their own app store, and pre-load/make users use those. Once Apple gave in, they will press further to make this happen.
These stores would onboard Facebook and other big apps, but regular solo dev will have to submit each app to a dozen of different stores and comply with a dozen of different requirements and review processes or pass on user share to some local dev who copies the idea quickly enough.
The EU is pushing for (has already ratified?) rules against even pre-installing Apple apps, or at least making it easy to remove them. I’m certain that Apple, who sells their phones directly, will be able to keep the carrier bloat at bay.
But I also share that concern. It’s one reason I don’t use android as a daily driver.
So many "Not good. I want [company I trust] to be free to regulate [company I don't trust]" comments here.
Even more odd, its sometimes followed by the even stranger argument "If [company I trust] is legally forced to stop restricting its competitors and has to allow me to choose, I may be lured into choosing [company I don't trust]".
Sorry, but all this is closer to religion than common sense.
It’s Apple Stockholm syndrome at it’s finest. But you are apt in your religion comparison. Anything the good lord Jobs, or his prophet Cook says or does is law
If Apple do implement this, I hope they can ensure 3rd party apps live in a sandbox or otherwise need to be given explicit permissions. One big argument I've seen against side-loading on iOS is people like the confidence of knowing that an app has to play by iOS's rules, so if we can bring this to the world of side-loading then this could be a win-win for "both camps".
7. The gatekeeper shall allow providers of services and providers of hardware, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same hardware and software features accessed or controlled via the operating system or virtual assistant listed in the designation decision pursuant to Article 3(9) as are available to services or hardware provided by the gatekeeper. Furthermore, the gatekeeper shall allow business users and alternative providers of services provided together with, or in support of, core platform services, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same operating system, hardware or software features, regardless of whether those features are part of the operating system, as are available to, or used by, that gatekeeper when providing such services.
None of that negates what GP said. Apps have the ability to interoperate, but they still have to build that functionality. Apps can’t just take over other apps or their data at unawares.
Interesting point. I also hope that Apple will allow sideloads into these permission-less sandboxes.
Imagine two classes of sandbox: offline with loads of permissions, online with no permissions. Offline apps will obviously have to be paid for upfront. Online apps will have a subscription model.
I find the term sideloading problematic. It carries the bias that the "correct" way is to install apps from the centralized app store. The term conveys that this is an alternative and undesirable thing to do.
The concern of malware is legitimate, but having a centralized approved store is a weak barrier anyway. The iOS has a solid system of permissions and sandboxing that should take care of that. A more drastic change is that tgere are no technical means to impose UI that conforms to the Apple standards or enforce that the app payments go through the Apple payment system.
> It carries the bias that the "correct" way is to install apps from the centralized app store. The term conveys that this is an alternative and undesirable thing to do.
But... It is. This is a designed for purpose device, chosen to be used freely and this the "correct" way to install. Who defines the "correct" way if not the OS developers?
The big question is: will there be some kind of "program" the user and/or developer needs to get into to be able to sideload/distribute independent apps?
The ideal status quo would be one where developers can make native apps, and users download and run them, without entering into a contractual relationship with Apple period. (Beyond the iOS EULA, which stands on legally shaky ground)
Speaking of which, if you don't like that kind of thing, never use a Xiaomi phone. It requires registering for a Xiaomi account to "unlock" the bootloader and install alternative operating systems (such as one without most of the spyware - why does the calculator app or the pdf viewer need a privacy policy?)
This account registration is baked into the phone while the bootloader is unlocked, and you have to factory-reset the phone and lock it back up to be able to dissociate the account from the phone.
Samsung is the same, you can't unlock them any more without signing in into both Samsung and Google accounts which allows the two companies to detect if the device was registered as stolen. And for what it's worth, Samsung is the worst of the bunch anyway as rooting it permanently bricks the TEE via an e-fuse.
I guess having an account enables that deterrance, but I don't see how it is related to unlocking the bootloader if there was not an account bound beforehand.
If signing into an account can be preserved despite the "unlocked" bootloader, there has to be some sort of hypervisor/"secure chip" type deal denying access to the part of the device the account info is stored, no? Otherwise one could erase the account info and pass the device as untainted anyways.
So, if that information is secured against alternative operating systems, then there is no harm in allowing them by default or upon local user authorization.
In other words, if it was strictly for theft deterrence then surely you would need an account to be able to factory reset the device at all, even with the bootloader locked?
> If signing into an account can be preserved despite the "unlocked" bootloader, there has to be some sort of hypervisor/"secure chip" type deal denying access to the part of the device the account info is stored, no? Otherwise one could erase the account info and pass the device as untainted anyways.
All Android devices have some sort of TEE these days, otherwise they wouldn't get Netflix and a bunch of other apps people will demand to work.
Yeah, I'm not denying the existence or need for a TEE, I just mean that either the TEE is secured against custom OSs and therefore signing in beforehand is unnecessary, or the sign-in information could be erased by a custom OS.
So requiring a login to unlock the bootloader doesn't really disincentivise any theft in either case, as I understand it.
Im fairly certain it will be just like macos, sure you can make apps people can download, but if you don't want your users to face scary popups when starting up your app for the first time you gotta cough up $99/year for a developer subscription
I disagree. Allow side loading of apps that still meet a threshold for safety, privacy, etc (determined through a program like you refer to), but eliminate the App Store cut of sales.
Who does the checking and verification that the apps are compliant with the “threshold for safety, privacy, etc”?
Apple do this now, using the Apps that pay the 30% on digital purchases to fund everyone. If they no longer make a fee from those to cover every app (including all the free ones), who pays to validate the apps?
And what about the plenty of policies Apple has that I don't agree with and they've declared not their problem?
* their developer policies (as in my own apps, think business apps, playing around, ... and no the little play education app is not enough)
* file synchronization apps (syncing books, development/source code, apps, photos and music on my webserver, ios, android, and laptops through syncthing)
* emulation (in both directions). Both emulating other systems on the iPhone and emulating the iPhone/ios elsewhere (strange how they have always allowed and even facilitated this for macos, but on either iphone or ipad ...)
* their policy about 30% cut on anything sold through apps. Sorry, but that's just going too far
* their charging policies (meaning what their devices allow for charging and how fast. And frankly 90% of the problem I have with their policy on charging is how complicated it is. If they merely instituted a rule "if it's apple equipment, it just works as fast as possible", that'd already be a big improvement)
At this point I'm very inclined to say, not getting the 30% cut and still having to check ... is Apple's problem, not mine. How about we treat it the way apple treats their customers' problems? At this point I don't care about whatever problems being reasonable presents for Apple.
What I got from the comment was that the overall intention and push behind sideloading, both by the community and what the EU mandates, is to not be bound by Apple's policies for appmaking, not just to use your own distribution infrastructure.
As far as I can tell the main use case for side loading that people are making inevitably boils down to piracy. Emulators, torrents, cracked software. 95% of the talk about “freedom” on Android revolves around Vanced and other kinds of piracy.
I’m glad to see people talking about alternative browsers for PWAs (yuck) and open source projects but I am thoroughly cynical about the motivations of the vast majority of people advocating for side loading on iOS. I worry that this ability to pirate like you can on Android will result in degradation in app quality in the App Store.
> I worry that this ability to pirate like you can on Android will result in degradation in app quality in the App Store.
Is it possible for quality on the App Store to get any lower?
80% of App Store revenue comes from Pay to Win games (according to the Epic trial). Most of the other apps monetize through subscriptions for things like streaming services or don’t charge money at all.
That brings me to another thing I'd like to add. Over the years I've paid for quite a few apps on the app store that PREDATED most of the "monetization" of the app store. And the social shit and the login and account and ... shit that games have now.
Essentially all of these have disappeared from "my apps" and I can't install them anymore. I want them back.
And now this emulator comes out with the super monkey ball that my dad bought for me on my initial ipod (not ipad, pod). I want that game back on my current ios devices, and that one, with essentially no interruptions to the gameplay, not the current shittified version.
And even this article only acknowledge this at the 3rd paragraph, if you only read the title or the first few sentences it depict Apple as the good guy.
I think everyone agrees that not only Apple has the ability to offer an malware free App Store, it’s just that if F-Droid exists than so can G-Droid, the fork made by criminals to exploit less technical users. I think it’s overblown, though. Android has side loading and there doesn’t seem to be an epidemic of sketchy app stores.
That's going to end up the same way as Android if I have to guess yeah, as complicated as it gets for a normal user to activate so that nobody uses this outside of tech workers.
Then they can just say that it's technically "there" for the courts.
Hot take: that’s how it should be. After fixing laptops for less technical people, I don’t think the average person can be trusted to protect themselves against malware.
I don't agree there's any links between an appstore and malware.
Sandboxing and app distribution are two concept which might or might not be linked depending on the implementation.
For example, if somebody implemented an appstore for WindowsXP which had zero software protection, the appstore would have been a significant vector of distributing malware as well.
I think developers who don't want to give 30% are going to have to deal with a new enemy: Piracy. The moment sideloading is available for iPhone, I expect within weeks there will be a cool, first-of-its-kind piracy App Store. As well as, within months, a cool, first-of-its-kind hacked game clients for iOS App Store. I think Epic Games might quickly discover that 30% might be lost to Apple or Piracy, pick your poison.
Apple is considering possibly removing one of the most anti-consumer features of its phones and there are people in the comments arguing against it. Not looking good for the future of society.
Not OP, but I'd start with a one-click way to "install" the PWA apps using an API, e.g. with a banner (like on Android) instead of an item in the share menu.
I would hope that Apple is going to try adding some kind of security guardrails on this. Not sure if they could do it, though.
The one really big deal with cracked phones, is that the apps can do whatever the hell they want, and many app authors (I'll bet a number of them are on this very venue) will take advantage of that.
I know that I can be circumspect, but many of my non-technical friends, cannot. They are highly likely to be manipulated into sideloading malware.
Phones, these days, carry our whole freaking life. They are lucrative hacking targets.
Many phone owners seem to be blissfully unaware. I have at least two friends, that deliberately don't engage locks or biometrics, for convenience, yet, their phones are loaded with banking apps and whatnot (I don't use any banking apps, myself).
Man, I remember arguing with so many people, who were on complete copium, regarding this decision.
It should have been obvious, for anyone who has following this whole saga, that eventually Apple was going to be forced to open up.
Sure, maybe it was the Epic lawsuit that did it, but there were a dozen different vulerabilities, and pathways to them being forced to open up. If it wasn't that lawsuit, then it was going to be a new law, if not in america, then instead in the EU.
I have mixed feelings about this. I'm exactly the type of person who used to jailbreak my iPhone to run Cydia, and I used to build my own custom Android ROMs and spend hours on XDA-Developers before that. Now though, I appreciate how locked down iPhones are, and I keep it as locked down via Apple Configurator as possible, because the mobile web and mobile application space are fraught with peril. The vast majority of mobile apps are net-negative experiences unless it's a companion app to an in-person service (e.g. restaurant/airline/hotel/bank), and even those are often risky. If you look at the Android ecosystem, the Google Play Store is basically a ghetto where the lowest common denominator criminal gangs operate malware at scale with impunity, and Apple has been a haven away from this.
I went through a lot of effort to switch my elderly parents into the Apple ecosystem, and since doing so I have been able to have a lot less support required and to sleep easy at night. With sideloading coming, I am not longer certain that their devices are safe and they won't be tricked into putting malware on the device.
A nice solution to this would be a new Parental Control setting. If I fear a parent may end up installing malware, then I would configure their phone to disallow 3rd party stores.
> Do you wrap yourself with tinfoil at night to prevent your neighbors Android from scanning your thoughts?
Do you think this sort of question is in line with HN guidelines? Nothing I said is driven by paranoia, it's driven by the reality we find ourselves in. As mentioned in my comment I've developed custom Android ROMs, my wife actually is an Android user (yes I'm in a house divided), but myself and my wife are also much more technology savvy than my elderly parents. If you cannot understand how those situations differ in our current reality, there's not much I can do for you.
When it comes to non-technical users that don't have good opsec practices, Android is a ghetto that basically guarantees your mobile devices are running malware, and the Apple ecosystem is nearly the opposite. Arguably the App Store is fraught with danger, but it's many orders of magnitude better about the impact of apps on user security and privacy than the Google Play Store. You may feel strongly in your support of Android and its ecosystem for other reasons, but it's pretty indisputable that it is less secure and less privacy-respecting, especially in relation to third-party applications.
Many people here are afraid of being able to install apps on iOS from somewhere else than the Apple store because then Facebook will be able to be fully evil on iOS.
A relationship without trust and with fear of evil actions is called a toxic relationship. If you don't trust Facebook, don't install it. Even from the app store. There is no world in which you need the app.
First, if you use Facebook because of the network effect, don't stay passive. Advocate for using something else, like Signal, mastodon, anything.
Second (in the meantime), if you still need Facebook, I'm sure you can access it from a browser in private mode.
Get out of this toxic relationship now.
Get your news and your fun from somewhere else not amenable to a filter that suits a manipulative company.
We should be happy for such new possibilities. Of course it requires putting your time and money where your mouth is. But it's worth doing either way! Stop the dissonance!
I have resisted installing it from the start. Of course I felt some pressure about this.
People never built the expectation I had WhatsApp. I never stopped advocating against it (in a nice way, without blaming people).
Now, more and more people have been installing Signal and now I can have group discussions again.
We are many who don't like Facebook. If enough of us resist, WhatsApp will stop being so pervasive and "mandatory".
It has happened in my social circles. There's no drawback anymore for me to not having WhatsApp. When there was, I still had a fulfilling social life, with as many friends, or even more, than average. I was still invited to events, I was still able to organize events, etc.
If people like you, they'll reach you. Having WhatsApp is just convenient, not a determining factor.
Most people now understand that privacy is an important topic and will cope with you not having WhatsApp, or even embrace your action.
The world needs you to become better. Of course it's not easy. But it's not inevitable.
Again, WhatsApp might (still) be mandatory to you today. Okay! You are stuck with it for now. Fine. I understand. But do something about it! Advocate for something else! You can do it gently without pissing people off (which would be the best way to fail convincing them anyway)
If nobody does anything about it, we are stuck with Meta.
The only risk I see is their progressive views at times being a little too progressive, leading to "safetyism" and a too restrictive policy on what can go in the store and what cannot, or this somehow affecting which app get prime real estate, whilst others are burried.
Screw it, I might as well spit it out: it should not be a woke app store.
I'm excited and afraid at the same time.
Excited for all the stuff the community will come up with that wasn't possible on the app store, but afraid that some apps I rely on will leave the App Store to do evil things.
This seems like a no-brainer to me: just make it opt-in with a huge warning label: "If you turn on this feature, many bad things might happen to you if you are not very careful, and we disclaim responsibility."
Is there a business opportunity here for an independent, transparent 3rd party, (side-loaded or not app)safety inspection/testing service? Right now customers rely on the word of outfits. mostly Google and Apple who make money on your use, that the software they will "allow" you to install is "safe." Yet a lot of malicious crap gets through and sometimes remains available until enough victims post reviews.
A legitimate, transparent and disinterested 3rd party vetting service would not have a stake in whether or not a customer would download or sideload apps - from anywhere.
When the App Store first opened, I wondered if Apple would allow an alternative App Store to launch, to carry apps that Apple was unwilling to. I wonder if that solution, instead of a side-loading free-for-all, would 1. Satisfy Europe 2. Protect users 3. Potentially get Apple everything they want.
1. Because Apple wouldn't have a monopoly on app distribution
2. Because there would still be a limited number of players who would need to commit to app review/security.
3. Because users would likely continue to use Apple's App Store almost exclusively, while allowing certain outliers (subscription-dependent apps) a way out.
I got a beat that they will launch this sounding like they made this decision to improve the user experience. One more thing now we have opened the iPhone so all developers can test their apps without the cumbersome approval process. We call it express deploy and it’s awesome.
Thanks to the sandbox, sideloaded apps will have no more access than regular apps. Of course every app will ask for every permission but that's a different problem.
In addition to governments, how long do you think it will take for companies and schools to roll out apps to monitor what people are doing with their phones? Companies will say you have a choice (you can always quit!) and schools will just be protecting children - who could oppose that?
And you know when it comes to enterprise and software sold to school districts, it's usually top quality stuff.
Following the typical cycle of adversial compliance by industry, politicans will immediatly start working on round 2 to plug the holes.
I believe this is much better than being to broad on the first attempt.
And maybe apple decides that this battle is not worth their time and preempts the need for further regulations.
Precisely. You'll find that within HN and consumer electronics communities, the concept is much more polarizing. How many of your friends know what side-loading is? How many would want it if they did know what it was?
If app-store only is ANY more secure than side loading than that's what I'd want my friends and family using, based on their technical chops, and my desire to not be their IT guy.
This assumes facts not in evidence. The change is being forced by EU law, but it would take more effort to geo-fence it than to make the change globally. Not to mention the fact that it would be effort in the direction of a PR loss.
No, the more Apple way to spin this is as a positive for everyone. As if they had the idea the entire time and just now figured out how to make it work.
Like Apple One, Apple News, the Emergency SOS feature, the Apple card stuff, Apple Pay it Later, ECG on the watch, heart rate notifications, Siri defaulting to a male voice, etc that’s only available in the US/UK/some other countries.
And that’s not even getting into all the changes they’ve made to the Chinese version of iOS to appease the Chinese government.
It's been previously reported, you missed the evidence you say doesn't exist (you frame your ignorance as knowledge of absence)
>Apple is only planning to implement sideloading support in Europe.
See also the language about this being the start of a rollout of sideloading in other reports - ie EU only. This will be driven by courts, Apple hasn't and won't be charitable. Apple spins every incremental change as a positive win to cover PR instead of admitting partial defeat.
Btw Apple already today restricts loads of services and content based on region, you should look into that if you think that's a challenge for them
Many Android devices have the concept of carrier-specific configuration files (CSCs) which are baked into the ROM, and phones sold in the region come baked with the variant with only the specific CSCs in question. A similar implementation could be followed by Apple, where they have a separate image for the EU.
Phones of major vendors sold in EU still contain carrier info for the region even if they're sold unlocked.
Outside of US and China, Samsung for example ships so-called "Multi-CSC" variants of their devices which permanently apply the region and country of your device on first power-on with a SIM-card.
The required information for that is not pulled from the network but is already preloaded in the ROM of the device, a network connection can be used to get an updated version of these profiles though
The AppStore is not there to protect your parents from awful software, it's there to protect Apple's interests. And they sure as hell won't force side-loading on you.
You just said there would be "five different App Stores", yet this hasn't happened on Android.
Amazon has an app store for Android, but its apps are all on the Google Play Store. It's really there to serve Amazon's Fire platform where Amazon doesn't licence Google Play.
Samsung has an app store for Android, but again, all of its apps it makes available to other non-Samsung device users are on Google Play.
Additional app stores on Android have so far been complementary to Google Play, which remains the place where the overwhelming majority of apps are obtained.
The EU found that argument unconvincing. As, likely, do you. Requiring a Mac and a reinstall every week and not more than three apps at a time is blatantly anti-competitive.
Except people that don't have a computer, a decent chunk of technical know-how, and if you want the apps to stick around for longer than a week, $99/year.
It's understandable that people are eager for the potential of side loading on iOS, as it could provide more direct access to apps without the need for intermediaries / App Store policy misunderstandings. However, it's worth considering the potential downsides of this approach, particularly the risk of app and service balkanization. This is already happening in the gaming industry, where major studios force you to use their own launchers to capture valuable (sellable) data about their customers.
But to play the optimist, perhaps inspiration can be taken from how macOS handles app installation from non-App Store sources:
- You go to the developers website
- You are presented with two links if the app is also available on the App Store with the alternative being direct download
- After downloading the .dmg you are presented with a modified version of the Installer.app UI that runs you through what services the app uses, data that it collects, where it will install, additional options, etc.
- One final confirmation of "Is this from a trusted developer"
- Installer.app runs a virus / malware check against what is going to be installed
