The fact that the word 'side-load' exists and is used with a straight face is part of the problem. Installing applications yourself is the default. It's all these walled gardens that are weird.
As a long-time desktop Linux user, I don't quite agree with this. The default for me long before iOS existed was to install software from my distribution's repository. Sideloading software not included in the repository was often a technically onerous process, to be repeated manually in case of updates. I had pity for users of Mac OS and Windows who had no access to such convenience.
I don't think having a managed system for installing software is a bad thing at all, though I'm disappointed the big ones don't support third-party repositories. I do think there should always be an option to do it manually.
I might be scarred for life as a long time Debian Testing user, but I found that this worked approximately never. There was always some sort of dependency that was only in Unstable, and installing that would cause libc to need to be upgraded, and then your entire system broke. Even if it wasn't that severe, it probably didn't work. Windows, Mac, and iPhone users certainly don't have the problem where if they install FooUtility, it causes their computer to not boot anymore. (Unless FooUtility is malware, of course, which I didn't get a lot of installing out of Debian's repositories. Except of course that weak keygen bug... Hmm.)
(Of course, the underlying problem is that shared libraries are actually a bad idea. They were a hack for days when storage and memory was very expensive. But for some reason, Linux still uses them. New languages just compile everything into a statically linked binary, which is wonderful. I can write a Go program on my Windows machine, and with one command, compile it for a Raspberry Pi. Copy it over and it just works. Snap is also a thing that appears to work well.)
I'm a long time Ubuntu PPAs user and they work like expected, for precise reasons (the parent makes a generic consideration about 3rd party repos, so I introduce the discussion with Ubuntu).
PPAs build in environments matching the chosen distributions, so as long as the builds are properly setup and the user chooses the correct one (which is automatic, with the standard tools), dependencies will work out as expected.
The last time I had a discussion about perceivedly broken PPAs with somebody on HN, it turns out that he was abusing this system, by not using the proper suite (distribution).
I'm not sure how this works for Debian (I think PPAs also allow Debian suites), but if there isn't such [widespread] support for 3rd party repositories, then this subject should get more consideration.
Regarding shared libraries, if they wouldn't exist, operating systems would would take an order of magnitude more in space. I'm not a big fan of an 80 GB Ubuntu; if the public accepts that, that's fine, but shared libraries have a specific purpose.
I think the point is less about repositories and more about how desktop operating systems let you install any software you want, be it via package managers, Makefiles, or random binaries you get via torrent.
Install your custom stuff into /usr/local and never let the system package manager know about it. GNU Stow can manage self compiled binaries with ease.
However, the repository was for convenience. Nothing stops you from adding a new repository to install new apps. You simple have no choice with iOS on that front.
You have some choice on Android though, through both sideloading and using third-party app stores like F-droid.
I have a problem with iOS not allowing sideloading in a way that's viable for most applications, but I don't see having a default, managed system for installing software as a problem in itself.
Doesn’t this require the person building the code to own a Mac, a potentially expensive computer? Also I recall that years ago there was a $100 fee to register as an iOS developer, though I’ve no idea if that continues to be the case.
Yes, it still costs $100 per year, or else your apps expire after seven days and you can only have three (AltStore hacks notwithstanding—those will get closed soon I’m sure).
There are ways to sign apps without a Mac/xCode, namely Cydia Impactor. But Apple has very purposefully made this impractical for every day use.
If the actual goal is to sideload—which is what was being discussed—you don’t need to compile anything. You’d download a prebuilt but unsigned IPA, and then use Cydia Impactor to sign it with your developer certificate.
If you're ok trusting a third party (such as an alternative app store), they can build it, send you the binary, you sign it (on Windows or Linux), and install it on the phone.
Yes, it does require access to MacOS, and payment to Apple to register as a dev - even aside from having to build apps yourself, this is not a reasonable solution to escaping the walled garden
There is a $99 fee for the Apple Developer Membership. A Mac is only needed to run Xcode, which is Apple's IDE+toolchain for iOS/macOS/etc development. If you want to build from source, you do need a Mac. If you want to install a precompiled app (.ipa file) you can use Windows or Linux.
Main use case I have is to side load a tethering app because the carriers have monopolized that functionality into one solution with a rediculous fee in the app stores. Cannot stop me from side loading though on Android.
I'm also a long-time desktop Linux user. Since 2003. I'd say that my average linux desktop computer has about half and half repo and non-repo software. I can't imagine limiting myself to just what was in the repos. There's only a tiny fraction of software in those even including personal repos like ubuntu's PPA system.
With Arch / AUR even non-repo software feels like repo software.
However, on my ubuntu installs lately, I've found myself having to go with non-repo software for things that are in the repos. Because the repo version is just so far out of date. Version freezes with only security updates means lots of old software. I was loading my Arch configs on ubuntu and things were breaking. Update to current stable version and suddenly things work again. If i was stuck with repos, I would have just not used ubuntu at all.
I have a few applications which are installed from source, and as you say a couple of things installed beneath /opt. Currently that is: Firefox, golang, Arduino studio and Calibre.
I am mostly in agreement but I just want to highlight that having a curated store that is super easy isn't the problem.
The problem is not allowing other software. Sure, on Linux installing third party software isn't as simple as your package manager but it is possible and not made more difficult than necessary.
yes, but the difference is how high that wall is on the garden. Using an ubuntu/debian type apt based system as an example, it's quite easy and fast to 'trust' a GPG signing key for a new repository and add it if needed.
That is only because App Stores never used to exist. Now it is common to not to have a side-load option.
And walled gardens aren't weird. It has always been the default. I can only install console games approved by Sony, Nintendo etc for example. Printer cartridges were even signed against the printer themselves. Companies have always tried to lock you down in some way.
> Printer cartridges were even signed against the printer themselves.
Printer cartridges used to be dumb and replacable by mechanically identical 3rd party products.
> And walled gardens aren't weird. It has always been the default. I can only install console games approved by Sony, Nintendo etc for example.
Those are gaming devices, not general purpose edge computing devices under which smart-"phones" fall for all intents and purposes. Personal computers are a much better reference point.
Personal computers are probably the only reference point in favor of “install anything you want”. Walkmans, TVs, game consoles, MP3 players, household appliances, automobiles, flip phones etc all come without the ability to run custom software. I think the only reason PCs didn’t start with an App Store model is that they predate the internet, so there was no way for them to really control distribution.
Frankly I think there’s a reason why no more open model is succeeding — the demand is not there and the app stores provide the utility most people want. I used to jailbreak my iPhone but there’s really no need anymore.
Many electronic devices simply lack the technical features or input channels that would allow third party software to run. I find it much more worrying when the devices have all the infrastructure in place to do so, but their manufacturer decides to actively restrict the users' freedom in that regard.
installing trough package manager has been the default on Linux for what, 20 years now? it was called installing from sources instead of side loading, but it wasn't the default, and it's something you can do anyway in both iPhone and Android and it takes more or less the same effort and knowledge. the outliers were dos and Windows, and even then it caused loads of issues so much they had y to add multiple layers of checks between signatures, uac, blacklists and defenders because average users cannot be trusted to manage their own systems
> it was called installing from sources instead of side loading, but it wasn't the default, and it's something you can do anyway in both iPhone and Android and it takes more or less the same effort and knowledge.
Really, can you please explain how to install apps on an Iphone direct from the source for free permanently?
With Linux package managers, you can easily add additional repos.
And of course on Windows, Linux and MacOS, you can install whatever you like, from wherever you like. Android allows you to side-load apps (but I'd prefer if it made it much easier to do so), whereas iOS makes it both difficult and costly.
Consoles are very different, the hardware is subsidized by Sony where with Apple you pay a premium. Also consoles are more an entertainment device you use a few hours a day or just in weekends where smartphones are replacing general computers.
Comparing a smartphone and a console is a big stretch
Its not that weird. Don't forget when iPhone launched, you couldn't load any applications at all. It was all going to be web apps. "It's a phone, an appliance - not a computer". The majority of people are quite happy with having their phones as a 'it just works, its relatively secure, it doesn't crash all the time or run out of battery' thing.
And those perfectly happy people could continue to install apps via the app store without ever even thinking about the fact that some people install apps that aren't explicitly approved by Apple. And when you start getting into issues of free speech and people fighting for their rights against an oppressive government, it starts to feel like people other than the big happy majority matter quite a bit.
It was really weird when Windows tried to start using 'sideloading' as a term when pushing UWP. As if the standard method of installing software on Windows hadn't always been to run an installer file on it.
The term is still in use on the Developer options of Settings where you can decide if UWP apps can be installed outside of the Microsoft Store, though I believe they've backed off drastically, so the default is to 'allow sideloading'.
1. For most of the time you could hold a thing to your head and talk into it, “installing” apps was not a default.
Depends whether you think the handheld thing is an appliance instead of a processing unit.
We only started complaining about limits on installing apps on phones relatively recently in the life of phones and even smartphones.
We still mostly don’t complain about watches, but within a decade we will.
2. iPhone, Palm, others in late 2000s, attempted to kickstart an open app ecosystem where you could save HTML5 apps to your home screen that worked offline and with no marketplace.
All kinds of apps proliferated briefly, I even had a PacMan clone. Those apps still work, and much more is now exposed through APIs than used to be.
Free distribution remains a viable option for most types of apps. Especially for those developers that are just fine with things like Electron as a platform.
Had developers embraced this and pushed the limits, the ecosystem might have tilted very differently. It might still be possible given enough adoption to warrant platform investment.
We have been using Windows which is full of trojans, viruses and malware of all sorts, as well as slowed down by the absolutely necessary antiviruses, who are in a way viruses themselves, and don't properly help anyway.
I completely disagree. The walled garden has done far more good than harm, in practice. I like the ability to sideload, as I have needed to do on Android on several occasions. Remember the technical skill level of the audience - you are not their target.
Some level of curation is beneficial. Opting out of the curation should be essential.
Buy Android. (or some obscure non-duopoly platform)
There has never been a mobile platform that allowed desktop level freedom to install whatever you wanted. That has more to do with mobile carriers demanding it than the platform companies. Android has been the most open, but even then, the more carriers they supported, the more locked down the device became.
I have no sympathy for the ruthlessness of Apple and its dictatorship about no app can have its own App Store like functionality, but it's also disingenuous to put all the blame on them for where we are today.
"There has never been a mobile platform that allowed desktop level freedom to install whatever you wanted." -- You mean like the old Palm and Nokia Symbian allowed us to do?
If I remember correctly, 99% sure anything sold from Cingular & Bell Atlantic came super locked down and you had to go through their SMS service to download the PRC files. You could enable developer mode by installing some app called HotSync, but then you had to find the software online to sync and those weren't easy to do.
I had a Treo from Cingular, it had absolutely no restrictions on installing programs. The preferred way to do so was generally by HotSyncing them from a desktop, but that wasn't any sort of developer mode, it was just how things were designed to work in the ecosystem (you wouldn't want to wait for the download over the air anyway).
There were a ton of aggregator sites for software with reviews, or you could just search the web for it, it was pretty easy.
All of Verizon’s phones were locked down with their BREW OS and proprietary VCAST App Store. Even doing something as simple as loading your own ringtones required heavy workarounds and sometimes third party software.
Indeed, I still have pseudo-fond memories of cutting my programming teeth on .NET Compact Framework and using the User Interface guidelines to design my UIs.
> There has never been a mobile platform that allowed desktop level freedom to install whatever you wanted.
Erm. I developed apps for Nokia and Blackberry without a hitch.
The restricted walled garden became popular with apple. It took off because, although the developer requirements were very constrained (as they still are), there was a very large swathe of users. I was 'forced' to join because my clients were bankers and traders jumping ship from blackberry. Then came ms and goog with their 'ecosystem' of stores.
You can side load Apps into Android and install competing stores all day long. The objection I have is that Google doesn't let you delegate that authority, it's either "Let Google Manage It" or "Let everyone do whatever the hell they want".
>The objection I have is that Google doesn't let you delegate that authority, it's either "Let Google Manage It" or "Let everyone do whatever the hell they want".
What do you mean? After android 7 or 8, the "install unknown apps" permission was per-app rather than being a global setting[1]. That means you can allow f-droid to install apps but not your weather app. The only difference is that third party apps can't install apps "silently" (you have to manually confirm each install/update through a system dialog).
That is better, but not ideal. You don't have a way to trust developer keys independently. What's the point of trusting Chrome if everything can be installed through Chrome?
Yes, trusting a store like fdroid is the ideal case. However, most uninformed users would come across an apk file on their browser, trust Chrome, and then Chrome will happily install anything.
The sad part is users being trained to just click away those warnings. Installing one of the few big & trusted third party stores should not require me to go through the same warnings as getting an APK from some random third party page. Though obviously Google won't be willing to grant that much control to a third party, even if revocable.
> Installing one of the few big & trusted third party stores should not require me to go through the same warnings as getting an APK from some random third party page.
Honestly I think there should be a distinction between normal permissions and permissions required to install other APKs.
AND I think it should be more cumbersome to install an APK that wants permission to install other APKs.
If you mean windows, perhaps to an extent. On linux though, it is straightforward to do fine grained management of gpg keys for repos/ppas etc. Essentially, from the end user's standpoint, what you want chrome to ask you is "Do you trust developer Foo for the app Bar?", not "Do you trust chrome to install software?"
> The only difference is that third party apps can't install apps "silently" (you have to manually confirm each install/update through a system dialog).
That's a huge difference. Try downloading and maintaining apps installed with F-Droid on a device where it doesn't have system privileges. It's a massive pain in the butt.
Even proper support on iOS for Progressive Web Apps would help bridge this gap. On Android, you can go to a URL and receive a prompt to "install" it on your home screen. iOS keeps burying their equivalent more with each release and imposes way too many restrictions to web apps make it an alternative to the iOS App Store.
Unfortunately, iOS does not support web push notifications like Android (and practically every desktop browser including Safari on macOS), which is a huge limitation.
Not supporting notifications at all is a dealbreaker for most apps that could just be PWAs.
Furthermore, last I checked, iOS doesn’t allow PWAs added to the home screen to access the camera or certain other valuable things that they should be able to access, but maybe that has finally been fixed.
Apple has intentionally made PWAs a bad experience to push people to the App Store, which is really unfortunate since they basically invented the concept of adding a website to your home screen that would then open in a chromeless experience that felt like an app.
While I too wish for better support for PWAs in iOS, the way push notifications are implemented in PWAs and iOS are fundamentally incompatible. iOS requires all push notifications to go through Apple's push server, which means there is only one long-poll connection to check and significant battery savings. Whereas, Google's PWA docs[1] literally lists random-push-service.com as the push server.
That's not true. Long pools cannot have an indefinite timeout, especially for a mobile use case. Plus, it's not just the TCP connections. If you look at push notifications on Android phones in China, because GMS isn't available, every other app is having a background thread checking for push notifications. It adds up.
I appreciate the frustration as a developer but as a user some of those APIs e.g. Push and Media Capture come with a lot of downsides.
I just checked Safari Desktop and I have well over 50 websites that I have blocked for Push Notifications. Many of which have no need to e.g. image site. But thankfully Apple has a polished, easily accessible UI for me to switch them off so not a huge deal.
On Safari iOS there is no Settings screen and not an obvious place to put one. You could put it under the main Settings screen but (a) nobody checks there and (b) it makes it confusing if you think of PWA as being a website still. And so you could end up with Push API being a feature that is hard to turn off. And that makes it a huge net negative for users.
Ideally, PWAs added to the home screen would show up in the Settings app like normal iOS apps do. You would be able to control notification settings and privacy settings just like on any other app.
If they don’t want to allow web push for websites, that’s one thing, but crippling PWAs that users have chosen to add to their home screen is another thing entirely.
> Similar for the Web Capture API.
You can already use the camera through a PWA on iOS, until you add it to the home screen. Then, last time I checked, it stopped being able to use the camera or even ask for permission to use the camera, which really hurts the usefulness of PWAs.
The limitations are not entirely without reason, from my point of view. With app installation, there’s explicit consent involved — apps can never run unless I have requested such. On the web, all it takes is a redirect in an unexpected place to open an “app” that I want absolutely nothing to do with, at which point it’s free to slurp up all the unpermissioned data it wants.
That’s not to say that browser vendors have a bad track record when it comes to permission dialogs, but there’s still a ridiculous amount that they just hand over to sites without any prompt whatsoever.
This is easily fixable, however: just restrict the greater bulk of API access to “installed” PWAs, where the app runs in its own little easily manageable container with zero access to my main browser and specialized permissions UI.
That's different from full PWA support. Apple understandably has strong incentives to make building a PWA not a viable alternative to a native iOS app (since that means more iOS-only apps which makes other platforms less useful).
I dunno, I feel like there is a very solid user experience argument for not allowing the average person to do this. For those of you who are old enough, think back to all the sh*t your mom/uncle/grandparent would load up on their Windows 95 desktop. Now make it 100x easier to install an app. Seems like a recipe for disaster, for the average case anyways.
> think back to all the sh*t your mom/uncle/grandparent would load up on their Windows 95 desktop
So what. Should my computing experience be crippled because people are ignorant to security practices? Should we hold the market back because uncle Marty keeps visiting gross sites with Internet Explorer?...
> Should my computing experience be crippled because people are ignorant to security practices?
But it's not. You don't have to buy an iPhone. This isn't some bait and switch tactic. People who buy iPhones know the App Store is where they get software.
macOS presents a nice model where by default the computer is locked down but you can disable code signing checks to run 3rd party apps at your own risk.
The big difference is that iOS/Android are sandboxed, whereas Windows gave every app access to anything. Even if you do manage to install malware on your device, the potential for damage is much more limited.
Uploading all your contacts and photos to malicious attackers is not “much more limited” damage; we keep a lot more important data on our devices now than we used to.
Even so, people should be free to fuck themselves over. Removing the possibility for everyone just because you don’t trust users to take care of themselves is such a sad way of thinking.
Think about it from Apple's point of view. If they make app installation easy from anywhere, you soon end up with tons of ads, popups etc. that direct you to a crappy app's site, which is either just very badly designed or straight up malware. And the average user will download them, just like they have been doing it on Windows (ever looked at non-technical people's computers? Remember toolbars?). Then people end up complaining about the manufacturer of the computer because they don't understand the difference. Windows used to be blamed for being slow after people installed all sorts of garbage on it. Similarly, in the minds of non-technical people, Apple would be blamed for making their iPhone experience clumsy and frustrating. Apple support will be called when they lose data or get their nudes stolen.
Apple wants everyday users to have a streamlined, simple, "just works" experience.
It is a common principle in many other facets of life. You can't just buy any prescription medicine for example, even though theoretically a well-prepared patient with access to the newest medical literature could figure out what he needs. But the vast majority most definitely cannot and relies on some kind of access-filter.
No one is forcing you to buy an iPhone or use iOS. I'd say the market has spoken on the whole curated app store thing, and it largely doesn't give a hoot. There are entire phone OSs built for people just like you. Vote with your feet and your wallet.
It would be if users didn’t pay real money to voluntarily opt in to the scheme.
Devices that can’t (generally) run malware are a value, to some. I have computers, and I also have Pixelbooks and iPads. I use them for different things, and I store different data on them.
That infamous quote has gotten rather a lot of visibility within the past few years, AFAIK it gained popularity shortly after Secure Boot and Cory Doctor's articles that started the term "war on general-purpose computing" became well known, over 7 years ago:
It isn't anti-competitive if you have a choice of comparatively equal standards and quality and you choose the one that doesn't offer the option you want.
It is anti-competitive regardless. The fact that it is or isn't the only option in the market is what frequently causes the intervention of anti-trust authorities, but it is still harmful behavior.
You can side load applications on iOS devices by re-singing it with your developer key. I do this when testing iOS apps for security vulns when source code or jailbreaks are not available. You can even binary patch the application and add new functionality (such as instrumenting w/ frida for debugging capability).
If you trust (laughs in credit card thief) the developer, a program called alt store recently made tethered side loading easy. It doesn’t require xcode, a developer account, or a mac. The app is signed by the iPhone. It’s more convoluted than it needs to be but as it stands right now things are in a better state. It remains to be seen if Apple will crush this, as they do many nice things.
>Mandating sideloading would remove consumer choice.
How exactly are you affected by an optional thing that is off by default and hidden away. Apple could force you to watch some videos that explain why this is dangerous and make you read all the warnings.
Some smart developers and designers could design this so grandma is not tricked to install malware, you could even require you take a quiz online.
You also have the Mac OS example, it is not locked down and the viruses and malware are not rampant.
Honest question , can you take 1 minute and consider thins, is there a large monetary incentive for Apple to lock down iOS?
There is a good incentive for them to do it, just like any other business decision they make. There should also be a large monetary incentive for someone to create a more open platform if people really cared about it as much HN does. The problem is most people could care less. I will never hear my mom say she wishes she could download apps that aren’t on the App Store.
My son was playing a new video game. After he finished I asked him about it and he told me that was good but some buttons were inverted and he had to get used to that. He did not know or asked himself if maybe there are options to change the buttons/controls.
Same with your mother, she will not even know or consider the side loading app idea, this will happen only you are hit with things like your application or books are removed from your device, or a popular application is not approved because of political or moral issues.
Other example is ad blocking, my relatives do not ask me randomly , "hey is there something that can block ads?" , I need to notice they are missing an ad blocker, then explain why should install one and install one for them.
Btw my parents don't play video games, so since you decided if parents don't need something then is useless let's get rid of video games.
The incentives for people to trick grandma and anyone else into downloading malware would outweigh any benefit.
Frankly, Google and Facebook would probably be the first to release their own App Store apps and then use their platforms to tell everyone how this was safe.
>he incentives for people to trick grandma and anyone else into downloading malware would outweigh any benefit.
What is your opinion on Apple Pay then? if Apple has such a large user base of user that follow every instructions they read on a webpage and put their password in random inputs then Apple Pay is even more dangerous
So the Apple users would read some instruction from Google to go into a hidden area of the Settings, tap some button 10 times, then lick Apple log 10 times, then enter into an input "I am aware that this is extremely risky and Steve Jobs will hate me" and then enable the different app store and later get infected AND they would complain to Apple "Why did you did not protect me from my stupidity, I did not knew what I was doing" , Really are this iOS users that stupid ? how could they use MacBooks without going monthly to a shop to remove viruses ? Or only iPhone users that don't have laptops are stupid?
You lost the point too, this kind of systems are already used,
do you even know how you enable side loading n Android? or disable secure boot on a PC ? have you seen the warrnings that appear when you allow a webpage access to your webcam ?
Apple has designers that can create a UX that will stop 995 of idiots to enable a dangerous option without knowing what they are doing. You did not responded why is not apple protecting the laptop users from their own stupidity.
Here is the exact problem we are talking about, happening today on Android.
The mechanisms you are talking about have been proven not to work.
As for laptops - they are. It’s not ‘stupidity’ that causes most people not to understand these risks. It is a lack of time to develop the expertise. Many people would like to pay Apple to manage these risks for them. For those who do not, there is Android.
I prefer the risk of some people installing some bad apps then the risk of Trump forcing Apple or Google to brick my device that I own.
You are still avoiding to answer why is Apple not locking down the MacBooks ? I mean is for the users safety, are this users in danger and Apple not caring enough abut them?
The answer is simple, you can make it safe by default and let the user unlock their device(from BIOS or from a setting s) Apple can afford to hire a UX designer to make the warnings clear for average person, can afford a lawyer to put some disclaimers there, can afford some developer to implement this unlocks. The reason they do not do this is not for your safety is for money and when they will be forced to implement it I am sure you will praise them on how a nice job they did when implementing it.
If you prefer to take the risk, then you are free to buy an android phone. For those who don’t, they can choose an iPhone. That is the current situation, and it is good. Taking that choice away by force is not.
You are proposing to have the government start mandating software features, which is absurd given your claim not to want the government controlling your phone.
I already answered your question about your MacBook but you chose to ignore it. The answer is that they are locking down the MacBook to protect users.
As for the ‘hire a UI designer’ argument. That has been proven not to work, but again you are pretending not to see this.
The userbase should be up and arms about it. But they aren't, because most iOS users have never even known an experience on their phone of being able to sideload their own apps. Instead you always get some hand waving about how "Apple knows best" and if you "don't like it, get an Android". It's tragic.
I too wish you could side-load, and the reasons for which you can't aren't 100% noble, but I do appreciate the side-effect of improved security. Side-loading from phone to phone would be a hacker's wet dream.
Is that a rebuttal? That makes no sense: as it is the target platform, of course it is required.
The point was I don't need a Chromebook to develop Android applications. I don't need a Microsoft Surface laptop to develop Windows software. Somehow, Apple requires you to buy their expensive hardware to develop for their platform. There's no technical reason you couldn't just get their OS and development tools; they just want you to shell out for overpriced x86 hardware along with those.
HKMap maybe? Did you just forget the main topic? Or are you insinuating that protestors fighting their regime must also be expert at hacking electronic devices?
This website is full of people openly stating that they'll never switch away from their beloved Apple devices until competitors catch up with privacy protection, OS updates or what else. Somehow, one opinion going the opposite direction (for instance, Leader2light's) appears once in a while and quickly gets greyed to death. This bias is plainly disgusting to me.
It also helps beef up security against drive-by attacks, no? Wouldn't it be easier for a malicious website to install software on your phone without your express permission if not every app had to be signed by Apple? Presumably it would have to be combined with another exploit, but still.
No one is advocating for "silent" installs; even in the wide-open-freedom days of early Windows, you still had to download and run a binary to install anything (browser exploits and such notwithstanding.)
No but what I'm saying is, given other exploits, this could be one additional hurdle for attackers. I.e. right now, if they figured out how to bypass the prompt, I believe (?) they still couldn't install a binary that isn't signed by Apple.
The point is that every layer helps. It's bad security practice to build a single layer of defense and call it a day. People always find a way through.
If a JS script can bypass all of this then you have a bigger problem, the malware developers can easily already have a dummpy app already in the app-store that is signed by Apple, the installer signature is the last thing you should worry about in this case (better disable JS now)
You are correct that the walled garden contributes to security by creating "another hurdle" for attackers to overcome.
Nobody is arguing that Apple's approach isn't more secure; they are arguing that the tradeoff (an additional layer of security vs. the right to install the software of your choice in a computing device you paid for) is not worth.
There are countless examples of this. Requiring everyone to strip completely naked to get on an airplane would absolutely act as an additional hurdle for a person with nefarious intent, but we don't do that because we acknowledge that there must be a fundamental tradeoff between our safety and our freedoms.
> I get that they want a sanitary app store but if I go to myapp.com I should be able to side load.
Great. Maybe get yourself a developer license and do as you please. I applaud the fact that whatever I install comes with some sort of safety constraint.
Because not being approved is normal for all sorts of apps. This whole controversy was blown out of proportion. If your app is not approved, you just make the changes and resubmit.
Assuming changes can be made in order to be approved while still being true to their goal (which is essentially escaping from law enforcement).
Apple rejected the app explicitly because of what it was trying to achieve.
Citation? There are an estimated 2M+ apps on the App Store now. How many are sitting in a not approved purgatory? I've written a few iOS apps over the years and either been approved or told I was missing a proper sized screenshot and once fixed then immediately approved.
Approval is the default state, which is why it's news when an app is not approved.
That would be my guess, the review process is incredibly arbitrary. We made an minor change to our App that's been in the store for years and it was rejected because suddenly our App was misusing Apple branding and also promoting another Platform. Both objections cited a screen that's been in the App for years that allows the user to make a payment using Check, Credit Card, PayPal, Apple Pay, and Google Pay.
Apparently we magically started mis-using the Apple Pay log and were promoting Google/Android for having the Google Pay logo. I responded back asking if we needed to remove the PayPal, Visa and Mastercard logs since they were competing platforms to Apple Pay as well. The random reviewer that looked at it next said it was fine and approved it.
I have had similar experiences with it being arbitrary. I'll push up a quick bug fix for something and get dinged on something completely unrelated, meaning I have to wait for a second review to get my fix in. It's pretty frustrating.
The problem is that often the only effective way to 'appeal' those failures is to make a sufficiently large public stink that someone with the power to fix it is notified (by employees seeing the bad press) and actually fixes it.
Maybe a non-senior, or even senior reviewer rejected it to be safe until a higher-up could make the executive decision on whether or not it was allowed.
or both, or neither. Apple’s review process is pretty opaque so we may never know. What we do know is that they changed their minds. That’s a good thing.
As others here have said, Linux distributions are well used by using official packages. That said, my two Linux laptops and Linux servers I spin up for personal projects are at least partially for the freedom to install anything I want.
For macOS, iPadOS, iOS for my watch, and iOS for my iPhone, I like the protected walled garden. I also like to sometimes use my Chromebook for the same reason: these closed platforms feel more secure to me.
I once got denied. Deleted the app, changed the name by just adding a !. Got approved. Apples process is very inconsistent. Unclear to me if it was public pressure or just the failures of their system
Slightly OT: Why does HKMap have to be an actual app and not a browser app/PWA? Does it do something in the background or with the hardware of the phone? Or are websites more easily blocked in HK than the App Store?
Our game uses emoji to represent players and their structures on the map. Just like HKMap app which displays live events using iOS emoji font.
We’ve been rejected until we came up with our own graphics for emoji. Who knows, maybe this was why they were rejected. Also, the UI is quite buggy. Could be another reason.
How would "speed camera apps" encourage illegal behavior? The state patrol in my state is happy for people to know where cops are places on the road, where speed cameras are used ... this knowledge makes people slow down and makes the road safer.
Cool, Apple isn't so bad I though after this app ban.
But anyway, if you're in China - be careful, seems like Chinese icloud (or something like it) under government control, too many issues/speculations about it.
I get that they want a sanitary app store but if I go to myapp.com I should be able to side load.
It would also be nice to side-load from phone to phone in situations like this so that apps can't be blocked by governments like China.
If the apps just verified keys that would be enough so that you know you're installing the app from the right developer.