Apple offers many ways to self-issue mobile apps, but they all have restrictions that prevent them from being used for malware attacks. That’s how they were able to globally kill that Facebook VPN scam app that used Enterprise Certificates, and that’s why all non-enterprise app distribution methods carry an expiry: either you’re a free sideload developer (one week), a TestFlight user (twelve weeks), or an enterprise user (no expiration unless your enterprise earn a revoke for distribution to the public).
The scenario you describe, where my pocket brain can be enrolled in a third-party App Store, is hostile to my security requirements for my pocket device and I’m glad Apple prohibits it.
Nonetheless, it is essential to your liberty and freedom.
I have the ability to recklessly spend the entire contents of my bank account on Amazon purchases if I so choose. I'm certainly not faulting the bank for "allowing" that though! Truly, I will never understand why some are so eager to have their behavior dictated by others.
There's a long history of the government preventing abuse when one party in a relationship is not capable of evaluating the other party. We see certifications for various roles from tax preparers to hairdressers, we see limits on what can be sold as food and medicine (unfortunately not enough limits in the US).
Would you consider such (common) systems to be authoritarian?
It is unfortunate that technology evolves so much faster than the average person's understanding of it. It both places a huge need on such intermediaries being present, but puts the running of such an intermediary outside of an entity supposedly operating in the public good (like the government) and into the hands of a corporation that may in one way or another be motivated to abuse such a role - and even if they try not to, being a for-profit gate-keeper guarantees they will be perceived as abusing such a role.
> Would you consider such (common) systems to be authoritarian?
That question can only be meaningfully answered on a case by case basis. Many of them do cross the line as currently implemented in my opinion; to what extent varies. Oftentimes there is a perfectly reasonable explanation for their design rooted in history (ex being created prior to the internet or some other technology). On the whole most of them seem to work well enough.
I would note that the presence of one flawed system does not serve as justification for others to exist as well. The world is certainly imperfect, but that is not a valid argument against improving it.
> places a huge need on such intermediaries being present
I don't dispute this - what I take issue with is the inability to opt out.
> being a for-profit gate-keeper guarantees they will be perceived as abusing such a role
Regarding app stores, the manufacturers could have trivially set them up such that it wasn't possible to abuse them. Functioning examples of such systems already exist. They specifically chose not to do this, so I do not think it is unreasonable to assume the worst about their intentions.
"How dare we adopt code licenses like the GPL, allowing a shadowy authoritarian figure known only as ESR to dictate our every move. If we don't start writing our own code licenses this very day, we risk the authoritarian take over of all software by the select few who are able to write them competently. Every time someone uses an off-the-shelf license from a third party they neither know nor trust, our freedom suffers."
So, your argument doesn't pan out, I think. At some point experts are expert and you are not. I am not an expert at app stores. I defer my app store choices to the people who make my phone, because they have a track record of choices I usually approve of, and their missteps are never in service of "exploit me" (like Facebook's). There are many competing hardware platforms to choose from with many fewer restrictions. I choose the more-restricted and my free time available to focus on actual benefits to the world increases. I don't believe I would benefit the world by using a third-party app store, and I don't have time for the drama it involves. YMMV.
This argument doesn't make any sense to me. I'm not implying that you should blindly distrust the app store your device ships with. I'm not claiming that experts aren't experts, or that you specifically are an expert. I don't know where you got these impressions from. I'm particularly puzzled by your choice of software licenses as an analogy, given that they were designed by experts in the field specifically to maximize freedom (whereas app stores were not) and have held up in this regard to sustained scrutiny over many years (the default app stores have failed miserably here).
What I am claiming is that you don't have freedom if you can't make these choices for yourself. Sane defaults are fine. Shipping with a prepackaged app store is fine. Even having to reboot the device into a separate mode and enter a password in order to change sensitive system settings is fine. But if I want to add F-Droid, I need to be able to do that and it needs to be a first class citizen. I need to be able to remove Google Play if that's what I want to do. On iOS, there is not and can never be a third party app store under current policy. That is most definitely a restriction on your freedom as a user; I do not believe that any cohesive argument can be made against that statement.
Just because you have the option to opt-out of vendor restrictions doesn't mean that you have to do so. For example, my mobile device won't allow me to disable secure boot or to install my own keys, and it is incredibly difficult to locate one for sale that will. In contrast, my laptop will allow me to do both of those things if I so choose. Doing so requires rebooting into the UEFI shell, which I have the option of password protecting. None of this can be done by a malicious program from user space barring a truly massive security hole. As such, I do not believe that this freedom negatively impacts my security in any way.
We disagree on what basic rights _must_ be offered with any hardware-software combination that is sold to us.
I demand the right to take apart my hardware and software as I see fit.
I do not demand the right to receive active support for doing so from the manufacturer.
If they can lock me out with their technology, that is their right as author of the technology. If I can circumvent their lockout with my technology, that is my right as purchased of the technology.
Apple does this so well that most of us aren’t capable of hacking their technology. Good job.
A certain large American tractor company tries to take away your right to attempt to hack their device, rather than simply making it difficult. I disapprove of this with every fiber of my being. As purchaser of the tractor, I may do whatever I wish with what I chose to purchase.
When I buy an iPhone, I knowingly choose to purchase a device that keeps me out so effectively that there are no known ways to hack into it if it’s up to date. Apple has the right to make it so, and it’s very useful to me that they do. I then continue to update it to maintain that line of defense. Folks who root their phone choose otherwise on both counts. That’s their right, too.
If you wish to remove Apple’s freedom to build devices that defend against non-Apple software intrusion, you’re welcome to campaign for that, but I support their freedom to build security countermeasures to the same degree that I support my freedom to purchase a device with those countermeasures enabled. My freedom need not come at the cost of theirs, as the plethora of Android options clearly evidences.
I reject your implication that not being allowed to lock you out of your own device would somehow be equivalent to mandating official manufacturer support of arbitrary user modifications. I already provided what I believe to be a reasonable example of such a system. No manufacturer support is required beyond an interface for the user to disable key checks or possibly to replace the manufacturer's key with their own. Once you do so, you are in unsupported territory and everything that follows is entirely on you.
Perhaps an analogy would help here. For example, suppose auto manufacturers started welding the hoods of new vehicles shut. Suppose that legislation was subsequently passed which banned this practice and asserted that you have a legal right to access, inspect, manipulate, and replace the internals of a vehicle you own. This would not be equivalent to requiring the manufacturer to actively support such activity! It would only prevent specific undesirable behavior on their part.
> I support their freedom to build security countermeasures
This is a false implication about my position, and my previous post very clearly addressed this exact point. Providing the user with the means to optionally unlock things does not require that security be diminished. Functioning examples of this already exist in the wild.
> If they can lock me out with their technology, that is their right as author of the technology.
Currently, yes - from a legal perspective. For the public good, that needs to change. We have ample evidence at this point that we cannot rely on the market to make choices in its own best interests in this case. The market consistently chooses the cheapest devices and the largest ecosystems; it does not appear to select based on the openness of the ecosystem. Meanwhile, manufacturers are actively walling off their ecosystems wherever they can get away with it. They often point to security when questioned, but I find these claims dubious at best. Meanwhile, their behavior demonstrably protects their profits while actively pushing our society towards a state that is very easily abused in a great many ways.
To my mind, such regulation is conceptually analogous to the ADA compliance requirements for certain types of buildings in the US. Without the ADA regulation, the market would almost certainly not choose to conform on its own. Nevertheless, it is clearly in the public's best interest for it to do so.
-----
Editing to add: Your belief that there are no known ways to break into an iPhone if it is up to date is almost certainly incorrect. This article (https://motherboard.vice.com/en_us/article/qvakb3/inside-nso...) from ~6 months ago was on HN at some point. From the article:
> He gave NSO that phone number and put the phone on the desk. After “five or seven minutes,” the contents of his phone’s screen appeared on a large display that was set up in the meeting room, all without him even clicking on a malicious link, he said.
> Apple offers many ways to self-issue mobile apps
Do any of them allow a third party to certify a general purpose application from another developer as safe?
> That’s how they were able to globally kill that Facebook VPN scam app that used Enterprise Certificates, and that’s why all non-enterprise app distribution methods carry an expiry: either you’re a free sideload developer (one week), a TestFlight user (twelve weeks), or an enterprise user (no expiration unless your enterprise earn a revoke for distribution to the public).
To me, that sounds like they're happy to provide various levels of workarounds as long as there's absolutely no way it can compete with their app store. I suspect an enterprise signature used to sign various third party apps for distribution would not be looked upon kindly by them. What's more, I don't believe they should have final call over what software should be allowed on the phone, so even if they did allow a more general signing capability, what ecosystem is going to develop there when the metaphorical Sword of Damocles or Apple's arbitrary whims as to what is acceptable or not are continually reassessed (and possibly checked for conflict with Apple's future business ventures)?
> The scenario you describe, where my pocket brain can be enrolled in a third-party App Store, is hostile to my security requirements for my pocket device and I’m glad Apple prohibits it.
Possibility is not the same as certainty. It's only hostile to your security if utilized. If the ability to do so was gated by a settings toggle, you would be no worse off than you are if you did not enable it.
And so do I, because without the user being able to carefully select who to trust (and there's no reason Apple is inherently more trustworthy than another company), that's almost the same as removing any vetting process.
As a simple example, might you be willing to trust Mozilla to offer a service where they review and certify all submissions that pass review for apps that are willing to pay for the process (allowing Mozilla to use some of their credibility and engineering expertise to raise funds)? I would. It wouldn't be perfect, but it would allow for a company with different principles and motives than Apple to be used, and my sensibilities lie closer to Mozilla's than they do Apple's or Google's.
> We already know that Apple is more “trustworthy” than Facebook and Google.
It's in Apple's interest now to position themselves for privacy, because that differentiates them from the major alternative. That said, it's irrelevant who is more trustworthy now. That may change over time, and just because Apple is trustworthy now doesn't mean their business can't change over the next decade. Should we allow a precedent that just because a company has been trustworthy so far that we allow them to ensconce themselves as thew arbiters of trust thereafter?
People thought Google was very trustworthy in the past. I think Google was trustworthy in the past, but little by little they've been incentivized by their business model towards decisions and stances that are not as aligned with what I want anymore.
Companies change, quite a bit and quite often actually. All it takes is different management and/or a different board for a public one. Allowing people to actually assign who they trust at a more granular level than "Apple or Google" is essential if we want a say in our future.
The scenario you describe, where my pocket brain can be enrolled in a third-party App Store, is hostile to my security requirements for my pocket device and I’m glad Apple prohibits it.