Hacker News new | past | comments | ask | show | jobs | submit login

I get a headache every time I look at an app store.

Google Play is full of crap, Apple's app store has plenty of low value apps, the Windows 10 App store sucks, etc, etc, etc.

They've improved user security, but the amount of garbage to sift through is terrible.

I think the following is a good way to do an "App Store":


And companies, individuals, non-profits, and others are all allowed to run their own repos, or mirror these.

To be honest I think the chrome extension storefront(?) is pretty decent as well. It's just a matter of curation from the point they've got it at. The reality is that the average user _wants_ a barrier to entry: no one likes what download.com or sourceforge have become.

Mozilla now, and not sure how long it's been doing this, does code review on all submitted extensions to their extension marketplace. Google chrome's store is less restrictive as they don't do any review of it but rely on user reports to find violations of TOU/malicious activity.

Similar approaches to the apple app store vs. android store... up front binary check from apple vs. a permissive store with user reports being the primary thing that pulls apps from circulation.

They've improved user security, but the amount of garbage to sift through is terrible.

From my POV, it's like complaining that the seat belt left a bruise after an automotive collision; IOW, missing the bigger picture. I can sort my own garbage, thanks (and that's not to say that you're not right about the quality in app stores). It's easy, and if I screw it up then I've just got a garbage binary taking up space that is otherwise harmless.

But what I grow increasingly tired of is wondering if bad actors have found new ways to make my life difficult before I install that random app. Download from an app store, the app might be garbage, but at least I can be confident that it won't trash my machine. Servers, my dev machine? Sure, I'm willing to put up with a little more rigamorole for more control, etc. But my phone? I don't want to put up with that crap, vetting everything binary that goes on the box. I just want to tap and download, and if the quality of the app sucks, then fixing that is a long-press away.

My point was more that they aren't entirely a trade off from ended up a mess of malware and abusive advertising.

That second problem remains unsolved (crap apps blasted into the stores just to show ads fit my definition of abusive advertising).

A fair point that I apparently missed. Because, yeah, though an app from an app store might not trash my machine, it ain't all rainbows and roses in AppStoreLand, either.

You can have sandboxing without an App Store (macOS supports it)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact