Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: If Apple didn't approve apps, would you install them on your only phone?
29 points by jasongullickson on Nov 20, 2009 | hide | past | favorite | 53 comments
With the recent surge in criticism of Apple's App Store approval process the idea of eliminating the process completely has been tossed around. However would you be willing to install an application on your phone that has not been "blessed" by Apple, bearing in mind that such applications would be able to do things system-wide that the apps currently available are unable to do only because Apple does not allow them into the App Store.



In addition to my iPhone, I have an Android device. None of the applications on the market are approved. Before this, I had a blackberry(pre app world), and none of the applications on that were approved either, and prior to that the Palm Treo apps didn't have any special permissions either.

I'm sorry, but for a supposedly smart group, most of HN seems to forget about critical thinking when it comes to anything Apple or Jobs says. Programmatically, the iPhone is the most restrictive SMARTPHONE out there and it was the one that introduced the sad "innovation" of restricting a smartphone.


Not to mention that none of the apps on my desktop have been "approved" by anybody (apart from myself).


This is true, and a fairly good point, but then again, you don't have nearly the precise control that you do on your desktop.


How so? I've only heard of one instance of a trojan compromising a smartphone, yet I've heard millions of instances of trojans, virus' and other malware, spyware, adware infecting computers and costing people thousands of dollars.

So how do we have less control on a smartphone? All you need to do is format the system, which IIRC the iPhone actually has and can be done remotely (like any iPod can) through iTunes. Similarly the Pre and any phone can have its data storage 'formatted' and be reset to factory defaults.

Aside from taking my computer back to the medieval ages (IE full format) I have little beyond anti-virus programs that truly protect my OS from anything. Every phone's OS is on read-only memory that can be reset at any time by the push of a button. IMO that gives me a lot more control over my phone than my desktop.


The fact that formatting your computer brings it back to "the medieval ages" shows how important third-party software is.

A full-format/reinstall of your desktop OS is almost identical to resetting your phone. It wipes everything, and restores the machine back to "factory defaults". It's exactly the same level of control, only you lose all of that valuable software and customization.

The problem of trojans and malware is orthogonal, since virtually all that nastiness seems to be confined to a single platform. That's not a "computer" problem, it's a Windows problem.


I have almost no mobile app development experience, so take this with a grain of salt, but it seems to me like the reason you wouldn't have to worry about an Android app wrecking havoc on your smartphone is because it runs in a JVM-ish sandbox, whereas iPhone apps have unfettered access with Obj-C. The Android technical environment is self-regulatory, whereas Apple has to bolt-on a bureaucratic process to ensure quality.


I don't know if that's how I'd describe it but, but one thing Android has is that each app needs to assert the capabilities it needs to run (can make phone calls, can keep the phone from sleeping, can access GPS info, can read anything on the sd card, will store data on the sd card, etc), and will not be able to do things it doesn't assert it needs in the manifest (this was actually a minor problem early on because the string for GPS access was unknown/documented wrong). And at least at install time, users can see these permissions so they can be aware of what they are getting into.


The iPhone OS also runs a sandbox, but it's much less restrictive than it should be. Often public API's will just use a private API or write to an SQLite database directly; this behind-the-curtain behaviour could be replaced by background daemons wired up to the public API's.

Just because an application is native doesn't mean the kernel doesn't protect the OS from rogue processes; desktop/server OS's have been doing this for ages.


Exactly, and not one of the other devices you've mentioned have had nearly the success that Apple has had. They've made it easy and SAFE. I have very few apps on my Blackberry, mostly because I'm concerned that I have no idea where they come from.

On my desktop computer I have un-approved apps, but I have virus scanner, firewall, and registry monitor so I am defended against attackers. On the Blackberry, I've got nothing like that, but I have sensitive emails, so no, I don't install as many apps on the Blackberry as I would on the iPhone.


People have been installing their own software for decades. I don't see why it should be any different on a smartphone.


How about if Apple could certify the apps instead. Developers can pay to have confirmation from Apple that the apps is safe, but they don't have to.

That way users have the choice.


Kinda like what Java Verified and Symbian Signed have been doing for years?

A cryptographic signature (with an Apple-run signing authority) also ensures that your apps haven't been tampered with by a third party and (in theory) should let you track down the owner of an app if it turns out to be malware.


What if Apple were to start assigning a reliability or confidence score to the app/developer and amending the approval process to take this score into effect?

New apps/developers need to go through the standard application approval process as it is now. As applications are approved/rejected, their score changes based on the results of the testing.

As developers release updates to a given app, the approval process of that app is adjusted based on the confidence score. e.g., an app with a high confidence score would just automatically get approved (or maybe just a quick static analysis) whereas one with a medium score might just get a quick cursory testing.

Additionally, to keep people from trying to game the system they could add in some random full testing of apps regardless of their confidence score.


I think this is a brilliant idea.


That is exactly what Palm announced last month.

http://investor.palm.com/releasedetail.cfm?releaseid=413826


That would be about as effective as the use of SSL certificates to prevent phishing. That is: zero effectiveness.


It seems to me that the goal of the App Store is to not only provide a convenient location for consumers to purchase apps (and therefore to act as a source of revenue for both Apple and their clients), but to also help ensure a quality experience for their customers. This process has some major benefits; the process, however, is poorly implemented. I think most people would be just fine with the App Store if the approval process had quicker turn-around time, or at least predictable turn-around time.


I'd say: let market decide. If your app is not good, you won't make any significant amount of money on it, no matter if it is pre-approved or not.


So you think it doesn't matter if there is an app store or an approval process...?


While we wait for the market to decide, years might pass, and in the meantime we're stuck with a suboptimal solution.


I'd treat them the same way I do apps on other systems: I'd avoid ones that I was unfamiliar with or that came from an untrusted source, but if a general consensus developed that something was good, I'd go ahead and download it. Quality applications seldom turn out to ALSO be malware without people knowing about it, so this strategy works pretty well for me.


The thing everyone misses is that, commercially, the ONLY thing that matters is being on the App Store. It doesn't matter how draconian the rules are, it doesn't matter how long the wait is- these price points ONLY work if Apple is footing the marketing bill.

If you are in the Top 5 of any category then you have guaranteed impressions at a very high volume. That allows one to sell an app for 99 cents or $1.99. If you are promoting outside the App Store, your user acquisition cost will be too high to make that price point work, so you'll have to raise your prices. In raising your prices, you'll price yourself out of the Category Top 5's and the Overall Top 100- thus killing the upside.

If you're doing medical apps, no worries. If you're doing a book or a game app, however, publishing outside the App Store is suicide, 'free my device!' geekery aside.


Without the App Store, there would be dozens of download portals and review sites and countless blogs for iPhone apps doing marketing for you, just as they work for every other product or service in the internet. I don't think anyone is missing this, geekery aside. A free market approach rewards competition. Anything else, diminishes it.


There still are- 148apps, appcraver, appvee, etc. Cumulatively they just don't push the kind of volume that the App Store itself does. A more distributed system is only better for folks whose apps can't hack it in the Top 5 of their given category.


All I'm arguing in favor of is multiple markets, which requires an unlocked device. If a software developer or consumer wants to use Apple's store, they can. If they want to use another, including Apple's they also have that choice. At the moment, you must use Apple's store. Currently, secondary markets, like appvee, have to first go through Apple's store for their secondary market to work with a locked iPhone.

Some believe that free markets produce better results and others don't believe this. Further, some that believe free markets are the best approach also believe that precluding competition should be unlawful. This is an ideological argument, so I'll get off my soapbox now.


Not only would I install them, I would install more of them.

Don't forget there is a whole security industry that would not mind testing the Apps. And nobody is saying that Apple should not have a virus scanner built in. Simply put, using security as a reason for this App approval process is BS.


Is there any evidence that Apple's approval process is actually thorough enough to detect if an app is a virus or trojan? That's a pretty non-trivial thing to detect isn't it?


Personally, a virus scanner is the last thing I'd want on a mobile device. I haven't used one since I stopping using Windows several years ago, and it's not something I'd like to return to, especially on a platform where power consumption is such a big deal.


You're making an assumption that Apple's app reviewers do a full fledged deep analysis of an app to come to the flawed conclusion that a "blessed" App is same as a "Safe" App.

For example, how difficult is it for me to create a perfectly nice app/trojan and then embed a time bomb in it, which activates 3-4 months later, after the app is already on the store. At that time the trojan sends me all your personal information. There is no way Apple's drones will be able to find this.

And yes, before you say that maybe the App reviewers change systems clock etc., I'm can be more creative to fool that too. Above is just an example.

So, in other words, "blessed" is NOT equal to "safe" and hence "blessed" has nothing to do with what an app can and cannot do from a security standpoint.


When your timebomb goes off, Apple will certainly hear about it and will be paying you a visit in short order.

You could try to circumvent this by using bogus information when you sign up for the developer program, but it's not as easy as setting up a false eBay account or something along those lines

If your a master criminal and can social engineer around all this, then you probably have better things to do with your time and skill.


Yes, I do it on my computer all the time... I did it on my older smart phones as well. If an app was buggy or crashed a lot, I uninstalled it.


Newsflash for iPhone users: Windows Mobile users were able to install whatever they want for years. And yet, no malware, no viruses, no nothing that would require any sort of pre-approval process.


Windows Mobile (CE exactly) had viruses as early as 2004 (http://www.viruslist.com/en/analysis?pubid=170773606), with many others available later on (for example: http://www.avertlabs.com/research/blog/index.php/2008/02/26/...)

Why didn't you think that would happen?


To be fair these are mostly proof-of-concept viruses. The typical WinMo user is not at risk.


Also no friends. :(


There are "no viruses" for OS/2, either.


I install "non-approved" apps all the time on my G1. One of my favorite apps pdanet isn't even on the app store.


Yes. I do that all the time on Windows and Linux.

Frankly, I am the one that should be doing the blessing as a consumer who is free to choose in a free market of apps. I will reward developers of good apps and bring bankruptcy to developers of bad apps.


Of course. Similarly, I would very much dislike if Apple required Mac apps to be distributed through iTunes. It just doesn't seem quite as absurd on your iPhone because you never had it another way.


such applications would be able to do things system-wide

You should see how many ways I could make someone miserable with shareware running on Windows, and that didn't stop 100,000 people...


You are asking this question on HN. You will learn very little from that. We are not a representative slice of the iPhone or Android markets.


Perhaps not the largest slice, but to me the more interesting one to market to. I see HN readers as consumers of "App Store B": http://www.marco.org/208454730


I had to jailbreak my iphone to get basic functionality, and I have installed a number of unapproved apps on it. All of my previous phones and pdas have had unapproved apps as well.

I'm dumping my iphone as soon as the Milestone becomes available because I am sick of the way apple does things.

The approval process has little to do with security and a lot to do with money.


Aren't viruses typically a factor of OS market share? E.g., viruses are prevalent on Windows because the market share is around 85-90%. Symbian and RIM still hold a sizable lead on the mobile front, so unless Apple plans on obliterating the mobile OS market, viruses will continue to be a non-issue.


currently you have with the iPhone: a phone that handles calls and small tablet computer that runs app and can view the web, it is also a pretty good music/video device.

I want apps that can add functionality to the phone, contacts music and video sides my iPhone So my answer would be; hell yes.


I install all sorts of random jailbroken apps. I also install Android apps.

So far so good, but buyer beware.


Yes and No.

I wouldn't be totally happy about it; it would require making individual decisions of trust for each program.

I think the app store is broken for independent developers but not completely for users and larger companies.


It depends on the application. I would install Google Voice no matter whether it has been approved or rejected by Apple.


I'm still disappointed at developers who are advocates ofopen-source developing for the IPhone.

A little hypocritical in my opinion.


I think reputation is a much more valuable way to evaluate software than approval by Apple. Just like now.


I already jailbreak and install software on my iPhone, so the answer is yes, absolutely.


If Apple didn't approve apps, would you install them on your only laptop?


seems to work for Android.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: