Hacker News new | past | comments | ask | show | jobs | submit login

We also weren't using as many walled-garden devices and ecosystems a decade ago.

There are certainly a lot of issues with the app store model. But using a service like download.com was also rife with issues.

A curated app-store should not be considered synonymous with walled garden. android allows side-loading. windows has "install.exe", the microsoft store and steam co-existing side-by-side. linux distros have their package managers, container images and `curl ... | sudo bash`.

Anyone who argues that all users must be herded into a walled garden in the name of security and alternatives are not acceptable is essentially advocating a digital nanny state.

> `curl ... | sudo bash`.

That is the herpes of the Linux world. That is one of the worse things that someone can suggest to install something.

You missed the essence of my argument. The curl approach serves as an example of some less trustworthy, unvetted ways of installing software, similar to downloading an installer or apk from some random website.

Is it a bad idea? Maybe, especially if you're not technically versed. Does that mean we should take everyone's freedom to make their own choices. "because we know what's best for you"? I don't think so.

I believe that most non-technical users are self-aware enough that they stick to curated app-stores of their own volition.

And having lived through that, and now lived through the walled garden/App Store experience, I'll say with confidence the old way was better.

Better for you maybe, but not better for the average user who ended up with malware infecting their systems left and right because they weren't technical enough to avoid it.

Exactly. I have personally been on the receiving end of plenty of phone calls from users who had no idea they couldn't necessarily trust an application downloaded from a 3rd party site. "But it's the same application!" Sure it is, but who knows what else you're getting, even if it's as 'benign' as shitty toolbars. Has no one ever seen a parent/grandparents nightmare of toolbar hell in a browser window?

We did. And somehow the computer revolution still happened even though people actually had to learn a bit about how their tools worked. Meanwhile in that crazy wild west the whole OSS infrastructure powering the most important global computer network was born. Tools, operating systems and software that isn't allowed to exist in app stores because they might be "dangerous" to the average user (whoever that is).

people actually had to learn a bit about how their tools worked.

They didn't, though; they just muddled through and asked their friends or some tech support service to reinstall Windows occasionally, when the viruses, adware and other crap made the computer too slow, or when the ramsomware encrypted all their files.

Then we should either:

a) Educate users and give them more knowledge and better tools to easily protect themselves


b) Have app-stores organized in such a way that user interests and legitimate security concerns are not conflated with commercial interests of the platform owners as it's currently the case. Either treat app stores as a public utility with rights and regulations or require all devices to support competing stores.

You don't necessarily need a walled garden to solve that problem - package managers on Linux distribution do the same. It needs the appropriate user experience for non-technical users.

This is an excellent example: all of those less "walled gardens" ended up a mess of malware and abusive advertising. It's a pretty clear trade-off so far as I can tell.

I get a headache every time I look at an app store.

Google Play is full of crap, Apple's app store has plenty of low value apps, the Windows 10 App store sucks, etc, etc, etc.

They've improved user security, but the amount of garbage to sift through is terrible.

I think the following is a good way to do an "App Store":


And companies, individuals, non-profits, and others are all allowed to run their own repos, or mirror these.

To be honest I think the chrome extension storefront(?) is pretty decent as well. It's just a matter of curation from the point they've got it at. The reality is that the average user _wants_ a barrier to entry: no one likes what download.com or sourceforge have become.

Mozilla now, and not sure how long it's been doing this, does code review on all submitted extensions to their extension marketplace. Google chrome's store is less restrictive as they don't do any review of it but rely on user reports to find violations of TOU/malicious activity.

Similar approaches to the apple app store vs. android store... up front binary check from apple vs. a permissive store with user reports being the primary thing that pulls apps from circulation.

They've improved user security, but the amount of garbage to sift through is terrible.

From my POV, it's like complaining that the seat belt left a bruise after an automotive collision; IOW, missing the bigger picture. I can sort my own garbage, thanks (and that's not to say that you're not right about the quality in app stores). It's easy, and if I screw it up then I've just got a garbage binary taking up space that is otherwise harmless.

But what I grow increasingly tired of is wondering if bad actors have found new ways to make my life difficult before I install that random app. Download from an app store, the app might be garbage, but at least I can be confident that it won't trash my machine. Servers, my dev machine? Sure, I'm willing to put up with a little more rigamorole for more control, etc. But my phone? I don't want to put up with that crap, vetting everything binary that goes on the box. I just want to tap and download, and if the quality of the app sucks, then fixing that is a long-press away.

My point was more that they aren't entirely a trade off from ended up a mess of malware and abusive advertising.

That second problem remains unsolved (crap apps blasted into the stores just to show ads fit my definition of abusive advertising).

A fair point that I apparently missed. Because, yeah, though an app from an app store might not trash my machine, it ain't all rainbows and roses in AppStoreLand, either.

You can have sandboxing without an App Store (macOS supports it)

Why can't we just have the equivalent of APT for mobile devices?

We did. On N900, but the hardware was bulky and then Nokia stopped being Nokia.

That's actually pretty much what Cydia for iOS is.


What things like apt-get?

Yep. That was, best I can tell, the original "app store".

Also, still the best implementation.

As a consumer, I love the walled garden. I can trust things will work more or less as advertised and that I'll have financial recourse if they don't.

What you trust is the app store manager. The entire ecosystem doesn't need to be walled off in order to achieve that.

Download.com was no more than SEO junk site, no one really needed it.

It was more than that, originally, it just degraded over time. They also bought up all the good competitors (softseek anyone?) and then killed them off.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact