With the recent surge in criticism of Apple's App Store approval process the idea of eliminating the process completely has been tossed around. However would you be willing to install an application on your phone that has not been "blessed" by Apple, bearing in mind that such applications would be able to do things system-wide that the apps currently available are unable to do only because Apple does not allow them into the App Store.
In addition to my iPhone, I have an Android device. None of the applications on the market are approved. Before this, I had a blackberry(pre app world), and none of the applications on that were approved either, and prior to that the Palm Treo apps didn't have any special permissions either.
I'm sorry, but for a supposedly smart group, most of HN seems to forget about critical thinking when it comes to anything Apple or Jobs says. Programmatically, the iPhone is the most restrictive SMARTPHONE out there and it was the one that introduced the sad "innovation" of restricting a smartphone.
How so? I've only heard of one instance of a trojan compromising a smartphone, yet I've heard millions of instances of trojans, virus' and other malware, spyware, adware infecting computers and costing people thousands of dollars.
So how do we have less control on a smartphone? All you need to do is format the system, which IIRC the iPhone actually has and can be done remotely (like any iPod can) through iTunes. Similarly the Pre and any phone can have its data storage 'formatted' and be reset to factory defaults.
Aside from taking my computer back to the medieval ages (IE full format) I have little beyond anti-virus programs that truly protect my OS from anything. Every phone's OS is on read-only memory that can be reset at any time by the push of a button. IMO that gives me a lot more control over my phone than my desktop.
The fact that formatting your computer brings it back to "the medieval ages" shows how important third-party software is.
A full-format/reinstall of your desktop OS is almost identical to resetting your phone. It wipes everything, and restores the machine back to "factory defaults". It's exactly the same level of control, only you lose all of that valuable software and customization.
The problem of trojans and malware is orthogonal, since virtually all that nastiness seems to be confined to a single platform. That's not a "computer" problem, it's a Windows problem.
I have almost no mobile app development experience, so take this with a grain of salt, but it seems to me like the reason you wouldn't have to worry about an Android app wrecking havoc on your smartphone is because it runs in a JVM-ish sandbox, whereas iPhone apps have unfettered access with Obj-C. The Android technical environment is self-regulatory, whereas Apple has to bolt-on a bureaucratic process to ensure quality.
I don't know if that's how I'd describe it but, but one thing Android has is that each app needs to assert the capabilities it needs to run (can make phone calls, can keep the phone from sleeping, can access GPS info, can read anything on the sd card, will store data on the sd card, etc), and will not be able to do things it doesn't assert it needs in the manifest (this was actually a minor problem early on because the string for GPS access was unknown/documented wrong). And at least at install time, users can see these permissions so they can be aware of what they are getting into.
The iPhone OS also runs a sandbox, but it's much less restrictive than it should be. Often public API's will just use a private API or write to an SQLite database directly; this behind-the-curtain behaviour could be replaced by background daemons wired up to the public API's.
Just because an application is native doesn't mean the kernel doesn't protect the OS from rogue processes; desktop/server OS's have been doing this for ages.
Exactly, and not one of the other devices you've mentioned have had nearly the success that Apple has had. They've made it easy and SAFE. I have very few apps on my Blackberry, mostly because I'm concerned that I have no idea where they come from.
On my desktop computer I have un-approved apps, but I have virus scanner, firewall, and registry monitor so I am defended against attackers. On the Blackberry, I've got nothing like that, but I have sensitive emails, so no, I don't install as many apps on the Blackberry as I would on the iPhone.
Kinda like what Java Verified and Symbian Signed have been doing for years?
A cryptographic signature (with an Apple-run signing authority) also ensures that your apps haven't been tampered with by a third party and (in theory) should let you track down the owner of an app if it turns out to be malware.
What if Apple were to start assigning a reliability or confidence score to the app/developer and amending the approval process to take this score into effect?
New apps/developers need to go through the standard application approval process as it is now. As applications are approved/rejected, their score changes based on the results of the testing.
As developers release updates to a given app, the approval process of that app is adjusted based on the confidence score. e.g., an app with a high confidence score would just automatically get approved (or maybe just a quick static analysis) whereas one with a medium score might just get a quick cursory testing.
Additionally, to keep people from trying to game the system they could add in some random full testing of apps regardless of their confidence score.
It seems to me that the goal of the App Store is to not only provide a convenient location for consumers to purchase apps (and therefore to act as a source of revenue for both Apple and their clients), but to also help ensure a quality experience for their customers. This process has some major benefits; the process, however, is poorly implemented. I think most people would be just fine with the App Store if the approval process had quicker turn-around time, or at least predictable turn-around time.
I'd treat them the same way I do apps on other systems: I'd avoid ones that I was unfamiliar with or that came from an untrusted source, but if a general consensus developed that something was good, I'd go ahead and download it. Quality applications seldom turn out to ALSO be malware without people knowing about it, so this strategy works pretty well for me.
The thing everyone misses is that, commercially, the ONLY thing that matters is being on the App Store. It doesn't matter how draconian the rules are, it doesn't matter how long the wait is- these price points ONLY work if Apple is footing the marketing bill.
If you are in the Top 5 of any category then you have guaranteed impressions at a very high volume. That allows one to sell an app for 99 cents or $1.99. If you are promoting outside the App Store, your user acquisition cost will be too high to make that price point work, so you'll have to raise your prices. In raising your prices, you'll price yourself out of the Category Top 5's and the Overall Top 100- thus killing the upside.
If you're doing medical apps, no worries. If you're doing a book or a game app, however, publishing outside the App Store is suicide, 'free my device!' geekery aside.
Without the App Store, there would be dozens of download portals and review sites and countless blogs for iPhone apps doing marketing for you, just as they work for every other product or service in the internet. I don't think anyone is missing this, geekery aside. A free market approach rewards competition. Anything else, diminishes it.
There still are- 148apps, appcraver, appvee, etc. Cumulatively they just don't push the kind of volume that the App Store itself does. A more distributed system is only better for folks whose apps can't hack it in the Top 5 of their given category.
All I'm arguing in favor of is multiple markets, which requires an unlocked device. If a software developer or consumer wants to use Apple's store, they can. If they want to use another, including Apple's they also have that choice. At the moment, you must use Apple's store. Currently, secondary markets, like appvee, have to first go through Apple's store for their secondary market to work with a locked iPhone.
Some believe that free markets produce better results and others don't believe this. Further, some that believe free markets are the best approach also believe that precluding competition should be unlawful. This is an ideological argument, so I'll get off my soapbox now.
Not only would I install them, I would install more of them.
Don't forget there is a whole security industry that would not mind testing the Apps. And nobody is saying that Apple should not have a virus scanner built in. Simply put, using security as a reason for this App approval process is BS.
Is there any evidence that Apple's approval process is actually thorough enough to detect if an app is a virus or trojan? That's a pretty non-trivial thing to detect isn't it?
Personally, a virus scanner is the last thing I'd want on a mobile device. I haven't used one since I stopping using Windows several years ago, and it's not something I'd like to return to, especially on a platform where power consumption is such a big deal.
You're making an assumption that Apple's app reviewers do a full fledged deep analysis of an app to come to the flawed conclusion that a "blessed" App is same as a "Safe" App.
For example, how difficult is it for me to create a perfectly nice app/trojan and then embed a time bomb in it, which activates 3-4 months later, after the app is already on the store. At that time the trojan sends me all your personal information. There is no way Apple's drones will be able to find this.
And yes, before you say that maybe the App reviewers change systems clock etc., I'm can be more creative to fool that too. Above is just an example.
So, in other words, "blessed" is NOT equal to "safe" and hence "blessed" has nothing to do with what an app can and cannot do from a security standpoint.
When your timebomb goes off, Apple will certainly hear about it and will be paying you a visit in short order.
You could try to circumvent this by using bogus information when you sign up for the developer program, but it's not as easy as setting up a false eBay account or something along those lines
If your a master criminal and can social engineer around all this, then you probably have better things to do with your time and skill.
Newsflash for iPhone users: Windows Mobile users were able to install whatever they want for years. And yet, no malware, no viruses, no nothing that would require any sort of pre-approval process.
Frankly, I am the one that should be doing the blessing as a consumer who is free to choose in a free market of apps. I will reward developers of good apps and bring bankruptcy to developers of bad apps.
Of course. Similarly, I would very much dislike if Apple required Mac apps to be distributed through iTunes. It just doesn't seem quite as absurd on your iPhone because you never had it another way.
Perhaps not the largest slice, but to me the more interesting one to market to. I see HN readers as consumers of "App Store B": http://www.marco.org/208454730
I had to jailbreak my iphone to get basic functionality, and I have installed a number of unapproved apps on it. All of my previous phones and pdas have had unapproved apps as well.
I'm dumping my iphone as soon as the Milestone becomes available because I am sick of the way apple does things.
The approval process has little to do with security and a lot to do with money.
Aren't viruses typically a factor of OS market share? E.g., viruses are prevalent on Windows because the market share is around 85-90%. Symbian and RIM still hold a sizable lead on the mobile front, so unless Apple plans on obliterating the mobile OS market, viruses will continue to be a non-issue.
currently you have with the iPhone: a phone that handles calls and small tablet computer that runs app and can view the web, it is also a pretty good music/video device.
I want apps that can add functionality to the phone, contacts music and video sides my iPhone So my answer would be; hell yes.
I'm sorry, but for a supposedly smart group, most of HN seems to forget about critical thinking when it comes to anything Apple or Jobs says. Programmatically, the iPhone is the most restrictive SMARTPHONE out there and it was the one that introduced the sad "innovation" of restricting a smartphone.