Unfortunately on the software side they have not sought any of the better tradeoffs available between security and vetting vs owner power and decentralization, and in turn find themselves in the crosshairs for every single app. Not even just from governments though they're most coercive, but from any public cultural/religious interest group at all. Since Apple has to approve everything, Apple is also seen (correctly) as directly responsible for everything on the App Store. The result has been exactly as you'd expect: they're more conservative on average about what sort of content they'll allow, not merely about objective issues like security.
Perhaps negative PR from actions like this might be sufficient eventually to get Apple to change course on their own. They wouldn't actually need to do very much, even selling a one-time permanent single device signing cert might be sufficient , and could form the basis of alternate App Stores even. But if Apple (and others) won't move it should be legislated. Improving wearable displays will ultimately mean the merger of "mobile" and "PC", that is the next disruptive evolution in computers. We should not allow that to become the end of bazaars for software too.
1: Right now they have a free one, but it only lets apps run for 7 days, and the developer one is yearly and subscription based.
I expect Apple and any other company to have to comply with local laws in various countries. It's unavoidable. What else could they do? Refuse and loose access to that population?
But right now, as regards device encryption and back doors, there is a sort of mutually assured destruction. A MAD that the US law enforcement (e.g. FBI et al) are constantly trying to undermine. Right now Apple claims the iPhone is designed such that they cannot unencrypt it. The FBI wants to force them to create a method.
Regardless of the technique used that then will make every similar device world wide subject to the whims of local law as regards allow that country access.
What would stop any country from then demanding blanket access to devices? But at the moment this doesn't seem happen because there's an unspoken detente among adversarial countries to not demand such back-doors.
This situation reminds me of that. Since it is possible for Apple and others to block things on their app stores, countries demand it.
It's a cautionary tale of why it's important for companies to design certain things from the bottom up to prevent bad behavior.
I believe Erlang creator Joe Armstrong has proposed some sort of split security. Something along the lines of securing the most important data from everyone & allowing government access to limited data that could help them catch bad guys. He wasn't very convincing in the podcast I listened to but maybe in written form he could provide a better argument.
I'm glad they are thinking this way. But over the past few years, Silicon Valley companies have also made themselves more hated and less trusted by the general public. This won't bode well for the "final fight" between them and the government, because they may be surprised to find out that people won't show up to support them anymore.
So tech companies, don't be Uber, is basically what I'm saying. Stop being so non-transparent with your data collection and your aggressive and shameless tracking, while also making it very hard for users to either know what you're doing or to disable your tracking.
If all companies would revert back to a "first, do no evil" mantra by default, I think they would find it much easier to have the support of the general public when it comes to big government fights.
Can you link the podcast? I'd like to hear what he said.
I'm a strong believer in privacy, in not trying to legislate backdoors into encryption, but I'm also a proponent of the idea that everything in society is a balancing act between the individual and society (and we see this play out in every aspect of life, so it's not a radical new idea); the question is finding the right balance.
Interesting, very interesting. Please, if you can, link that podcast.
It was actually Carl Hewitt & not Joe Armstrong. Though the Joe Armstrong episode after this one is also interesting.
... yes ? that would require putting human rights above profits, though.
Making a principled stand is often important, and can make a big difference in the world. That said, I often see an assumption that China would bend if companies would just stand their ground. History suggests that this is not the case at all. China would be perfectly happy for all non-Chinese companies to withdraw and leave WeChat to stand alone. WeChat which happens to give the Chinese government access to any and every message they want. So other companies might be able to feel better about themselves, or not, but we can assume it will have no bearing on China's actions.
So, how does it benefit humans or the cause of human rights for Apple to completely withdraw from China over this? Chinese users would lose access to secure iMessage and a device with a secure enclave, but would gain... what?
What people don't understand here is that the principle of fiduciary duty binds the hands of a lot of these companies. If you don't hold the controlling voting interest in the company... you really have very limited room to maneuver legally speaking.
Now if Apple could count on its shareholders not to sue them...
THEN they could operate in the fashion that you postulate.
Yes! And go even further: actively assist in aiding dissent and revolution in nations whose disrespect for human rights is so flagrant as to threaten their business model.
I don't understand why the state is held in such regard as to casually gloss over the possibility that private entities, especially those as massive as Apple, might help to smash it.
Apple is an incredibly powerful entity in the world today. There is no reason for them to sit on the sidelines rather than to aid in bringing China down. It's inevitable; the only question is whether it takes 60 years and happens on the backs of the poor and nameless or whether giants like Apple flex their muscle to help.
but I think you, at once, overestimate the power of Apple...
and underestimate the power of "nations... [that]... disrespect... human rights". (The US, China etc etc I suppose).
If you care to read the article, Microsoft says they are working with the government and the app will soon get reinstated.
This has everything to do with centralization precisely because decentralization makes it easier to break the law. I thought it went without saying when discussing bypassing censorship in China, but to be clear I am actively advocating for the ability for end users to more easily defy the law in the setting of software performing as expected that they choose to utilize on their own devices.
>(Every (even decentralised) shops need to comply with local laws.*
1: "need" and 2: LOCAL laws. Which in the case of shops based outside of a jurisdiction means only their own jurisdiction, not anyone else's. Apple is a multinational, so it cannot avoid this. But other shops absolutely could, just as they do in the PC market right now.
And again, this applies to every polity, not just China. I (and probably most of Americans on HN) am absolutely a computer law breaker. I have ripped my own DVDs and Blu-rays, which has put me in direct violation of the DMCA. I have utilized open source software like x264 (or, back in the day, gif encoders) without negotiating or paying a license fee, which puts me in violation of software patents.
In the real world, entities like RIAA and the MPAA have had to play whack-a-mole and could do nothing about places based in jurisdictions where evil laws like patenting of ideas/math are not in place, and thus there was freedom to go around them and change the course of public expectations beyond those with central power, which in turn affects the law too (which is an organic entity). If we instead imagine an alternate world where in the 90s Microsoft and Apple and so forth had iOS level hardware full stack control and central stores, would we ever have had anything like DeCSS? Hell, would open source platforms have been possible at all? Law and morality are not the same thing, not even in the most egalitarian and democratic countries. There needs to be some give at the edges for experimentation and evolution over time.
Absolutely, it should be outlawed now! Do you have an address for the person in the Chinese legislature that I should be writing to, to pass the relevant law?
In a global market and considering a universal hardware platform, cooperation from any specific polity is entirely unnecessary. It is sufficient merely to convince one single polity that cannot be abandoned. America or the EU would do it. Both are markets that Apple absolutely cannot give up, and of course the former also has direct legal jurisdiction over the majority of Apple.
You also seem to be extremely confused about what I actually suggested should be legislated:
>I'm arguing with the underlying problem. I'm suggesting that passing laws against app stores is not a practical solution.
I never suggested that "App Stores should be banned", that's ridiculous. What I said is that Apple (or any other entity) should be required to offer (for free or at a reasonable fee ) owners a cert/key they can use to sign arbitrary software to run on their device indefinitely. That's it, though it might make sense to require that developers be offered that as well. That alone could be sufficient to serve as a foundation for various non-Apple implementations of side loading, up to and including full 3rd party App Stores. The point isn't that Apple wouldn't still have their own App Store, nor even that it wouldn't still be by far the preeminent choice. It's merely that there'd be a core level steam release valve available.
So in that scenario the actions of the Chinese (or any other) government would revert to the same as any standard computer: within their own borders they could pursue all legal and technical avenues their government wished, but people could try to go around it. A bypass of the great firewall (or merely a tourist visit outside of the country) would be sufficient to gain a key which could then be used on an iDevice within China (or anywhere else). Apple would simply not be involved in that, instead it'd be between a government and its people again.
The same would apply even beyond government, for example Apple doesn't allow certain content that is perfectly legal but not family-friendly enough on the App Store anywhere. A legal requirement that owners may sign software to run on their own devices would create an alternative.
1: which can be a thing in law, no "of course you can do it on your $500 device for $1 million" stuff.
Nothing to do with Apple.
You can't sell telephony software in China as a Western company directly anymore. Not matter how.
Yes, some additional risk comes of certain avenues of malware  comes with decentralization. However I really want to emphasize that the risk in an optional-non-central-source scenario is not at all the same as what exists on the PC, and in turn any risk must be weighed against the direct harm that centralized censorship is already doing. First, in the scenario I'm describing everything is still signed, potentially even with an Apple-based PKI type cert. Allowing owners to have their individual cert signing for their devices isn't the same thing as giving them root or jailbreaking, while certain restrictions of Apple's are non-technical (like private API usage) a lot of jailing can be enforced by the OS. With trusted authorization and data input paths going through an HSM in iOS, an owner key does not mean any software can run willy-nilly, and the scope for malware is limited outside of security vulnerabilities that may exist anyway . There is still a trust infrastructure available, and in turn the ability for alternate App Stores to have reputations of their own (and for owners to get extra warnings, do revocations, etc). Apple could still themselves issue blacklists against malware (with user control). Etc etc. Ubiquitous hardware backed signing infrastructure required for running software throughout the device offers a lot of anti-malware options regardless of whether Apple alone owns the device keys.
Users would also simply face a much higher barrier of entry to running malware. If it costs money, any money, to get an owner cert and requires any hoops then social engineering becomes significantly harder. Apple does in fact cover most of the needs in their App Store, so going outside of it would still be something unusual. With the right UX and possible dual requirement for developer signing as well, users might simply themselves (or with a technical friend) side load one single app like Skype and otherwise not bother. Apple has a number of levers to better push non-technical users in that direction too.
FWIW you didn't mention it but I will touch on piracy since that's a material concern for Apple and devs too: without getting into the weeds on effectiveness of DRM and specifics of implementation, I don't see why a device that allows running non-App Store software couldn't still effectively deny running something that's available directly in the local regional App Store itself (options for official/unofficial non-App Store offerings would be possible too, that'd be a business decision for Apple).
In short I don't discount that, amongst the entirety of Apple's user base, there might well be some users who'd experience some level of harm from a decentralized option, no matter how it's implemented. But at the same time there are definitely a lot of owners who are experiencing harm from present situation right now. Theoretical maybe harm shouldn't entirely distract from existing proven harm. I think the tradeoff of Apple giving up some control (and in turn responsibility) there would be worth it for all involved (except oppressive governments).
1: In a discussion of government actors it's worth considering whether in a centralized scenario could Apple be ever be pressured/legally ordered to deploy malware directly, but that doesn't diminish the primary threat of malware being from private/foreign sources.
2: If anything I'd expect vulnerabilities appearing in general malware would accelerate their patching vs the present 0-day market where they're sold for a lot of money for use mainly in APTs.
In fact Skype has been removed from the Android stores as well so the non-walled gardens aren’t faring better. Also, since this class of apps is about communication, the app stores are just a side-skirmish in the war for control. The real power is in controlling the network, which the Chinese government does (and Apple does not).
That brings us back to the real problem here: the repressive control of speech and communication by the Chinese government.
The relative openess of tech ecosystems means little in an environment of a repressive, controlling government.
They only put “Apple” in the headline for the clicks.