

Three easy ways to fix the App Store. And one really, really hard way. - seldo
http://seldo.com/weblog/2009/11/17/three_easy_ways_to_fix_the_app_store_and_one_really_really_hard_way

======
megaduck
I wonder if the author isn't barking up the wrong tree. I don't think that the
App Store review process can be 'fixed'. Instead, it might be doomed.

Android allows for unfettered development, as does Symbian. WebOS is headed
that way too, according to their developer relations team. On every other
smartphone platform, you are (or will be) able to just develop an app and
deploy it onto people's phones, without running the gauntlet of an approval
process.

Judging from the current state of the App Store, the review process doesn't
materially improve the quality of applications. However, it does slow down and
frustrate developers. If open platforms like Android gain enough market share,
I think a lot of devs are going to jump ship just so they don't have to deal
with the headaches of review any more.

The folks running Apple aren't dumb. They're sticking by their guns because
the iPhone ecosystem is working marvellously right now. However, if they start
to see a large migration of developers, they'll probably do whatever it takes
to bring them back. And that might mean killing 'review'.

~~~
Perceval
>Judging from the current state of the App Store, the review process doesn't
materially improve the quality of applications.

It's hard to know that for certain. We don't see exactly what gets rejected.
We only hear the horror stories of basically good developers encountering
frustratingly arbitrary and trivial objections to otherwise solid submissions.

But the majority of rejection we probably don't hear about, and we don't know
what exactly they are able to keep out of the iPhone App Store with this
review layer. Apple may see a lot of apps being rejected for very good
reasons, but we aren't necessarily hearing about those rejection.

Ultimately Apple is going to have to weigh things for themselves, balancing
the frustration of good developers versus the legitimate protection of the end
users from malicious or malformed submissions. So far they seem satisfied with
the ratio, and are happy to prioritize the end user over the developer.

~~~
enjo
I find it interesting that we keep acting like Apple somehow invented the App
Store. These are issues we've been dealing with for a LONG time, in a variety
of different ways. Handango, for instance, has been functioning as an on-
device app store for getting close to a decade.

It's interesting, then, to look at their product and see how they never really
solved these issues particularly well either.

The BIGGEST issue for Apple isn't really touched on in the article. It's about
proper discoverability. The problem with app-stores in general is that they
have a lot of trouble allowing the best apps to filter to the top. The more
apps that clutter the store, the more difficult it becomes to differentiate
between them. If there is a password manager that everyone universally loves,
then how do you grant exposure to a new password manager that may be better,
but doesn't have the user recommendations (yet) to match it.

It's that problem that plagues these stores. Handango (and others) tried a
number of approaches. The "what's new category" isn't enough really. The
exposure length is to short. Staff picks are nice, but that becomes an
exercise in political maneuvering as opposed to app quality.

It's this issue that really mandates a review process. The review process at
least serves as a rudimentary filter that keeps the REALLY bad apps from
competeing for mindshare with the quality new ones (thus increasing exposure,
even if it is for an already to brief period).

Ultimately the app store lives and dies with it's ability to put the best
applications for a purpose into the hands of customers looking to solve
problems. Apple is starting to deal with the problems of scale, and that is
where it should be focused.

\-----------------------

Oh, and for the love of god give me some ability to get a refund for an app.
Read reviews and count the number of times folks have essentially gotten
ripped off by a product that barely functions (or sometimes doesn't function
at all). Eventually we all are no longer enamored with the novelty of iPhone
applications and we want some accountability behind our purchases.

I'm very wary with paid apps at this point for that reason alone.

~~~
philwelch
Allowing refunds might relieve some of the downward pressure on prices. No one
really cares enough to get 99 cents back for an app that sucked, but
conversely, no one's willing to pay more than 99 cents for an app that might
suck without any possibility of refund.

------
blasdel
They don't need to fork Objective-C to lock down the use of private APIs!

They just need to check for disallowed or computed symbols in the sumbitted
binaries. They don't do any static analysis whatsoever — not even strings!

~~~
ryanpetrich
The fact that private APIs can crash the device, access private data or cause
issues with the network means Apple hasn't done their job in securing the OS.
If OS X allowed processes in unprivileged user accounts access to hardware or
other users' files, that would be considered a massive security hole

~~~
lukifer
The vulnerability was due solely to users running SSH (which is not installed
except by jailbreaking) without changing the default root password. It's
surprising that such a gaping security hole took as long as it did to be
widely exploited.

------
derefr
Has anything on Cydia ever "broken the network" by using these private APIs,
whether accidentally or maliciously? I'm starting to think this whole
"cellular networks are fragile webs of tissue paper" meme got started from a
pure guess, and even if previously correct, may no longer be correct for 3.5G.

~~~
allenp
Wasn't there a rick roll virus spreading between jailbroken phones just last
week? I'm guessing the next one could be a lot more malicious and with enough
phones involved cause some service disruptions.

~~~
conover
I believe that was because many people never bothered to change the default
password for the OpenSSH app. It's seems like that kind of thing could be
exploited regardless of venue.

~~~
wmf
Apple doesn't allow daemons which should slow down worms quite a bit.

~~~
ryanpetrich
Except for MobileMail, MobileSafari, SpringBoard, locationd, mdnsresponderd,
pasteboardd, mediaserverd, launchd, configd, fairplayd, dataaccessd,
accessoryd, BTServer, CoreTelephony, apsd and MobilePhone

~~~
wmf
We're talking about security vulnerabilities introduced by third-party apps,
so your list isn't relevant. An approved third-party iPhone app cannot include
a daemon, therefore it's less likely that a bug in said app would allow worms
to get into the phone.

~~~
ryanpetrich
Worms don't require a user-installed daemon when the Apple-provided ones are
also vulnerable (example: the SMS vulnerability in 3.0)

I agree though, disallowing third-party daemons reduces the damage exploited
apps can do.

------
martythemaniak
The whole "we need a review board because otherwise VERY BAD THINGS WILL
HAPPEN!!" is just a scare-tactic to justify Apple's draconian attitude towards
developers.

Android is open, and nothing bad has happened in over a year. BlackBerry and
WinMo have been open for years and nothing bad has happened. Quite frankly, if
you believe that Apple line, you're a fool.

~~~
scottjackson
[http://www.obsessable.com/news/2009/01/26/android-
applicatio...](http://www.obsessable.com/news/2009/01/26/android-application-
deleting-data-from-t-mobile-g1-phones/)

> The application has reportedly deleted all the contacts from the device's
> internal memory, as well as all data on SD cards on the device.

I'm not justifying Apple's review process, I'm just saying bad stuff _has_
happened on Android before.

