Hacker News new | past | comments | ask | show | jobs | submit login
Apple approves previously rejected HKMap.live app (twitter.com/hkmaplive)
379 points by jayyhu on Oct 4, 2019 | hide | past | favorite | 224 comments

The fact that we can't side-load apps is a tragedy. Any anti-trust investigation into Apple + Google should discuss this it's highly anti-competitive.

I get that they want a sanitary app store but if I go to myapp.com I should be able to side load.

It would also be nice to side-load from phone to phone in situations like this so that apps can't be blocked by governments like China.

If the apps just verified keys that would be enough so that you know you're installing the app from the right developer.

The fact that the word 'side-load' exists and is used with a straight face is part of the problem. Installing applications yourself is the default. It's all these walled gardens that are weird.

As a long-time desktop Linux user, I don't quite agree with this. The default for me long before iOS existed was to install software from my distribution's repository. Sideloading software not included in the repository was often a technically onerous process, to be repeated manually in case of updates. I had pity for users of Mac OS and Windows who had no access to such convenience.

I don't think having a managed system for installing software is a bad thing at all, though I'm disappointed the big ones don't support third-party repositories. I do think there should always be an option to do it manually.

The huge difference is that you can update or add package repos to get the best of all worlds.

Load whatever you want, from wherever you trust, whenever you want.

I might be scarred for life as a long time Debian Testing user, but I found that this worked approximately never. There was always some sort of dependency that was only in Unstable, and installing that would cause libc to need to be upgraded, and then your entire system broke. Even if it wasn't that severe, it probably didn't work. Windows, Mac, and iPhone users certainly don't have the problem where if they install FooUtility, it causes their computer to not boot anymore. (Unless FooUtility is malware, of course, which I didn't get a lot of installing out of Debian's repositories. Except of course that weak keygen bug... Hmm.)

(Of course, the underlying problem is that shared libraries are actually a bad idea. They were a hack for days when storage and memory was very expensive. But for some reason, Linux still uses them. New languages just compile everything into a statically linked binary, which is wonderful. I can write a Go program on my Windows machine, and with one command, compile it for a Raspberry Pi. Copy it over and it just works. Snap is also a thing that appears to work well.)

I used to use Testing and that's your problem, not the idea of repos. Both Stable and, ironically, Unstable have far fewer hiccups than Testing.

I'm a long time Ubuntu PPAs user and they work like expected, for precise reasons (the parent makes a generic consideration about 3rd party repos, so I introduce the discussion with Ubuntu).

PPAs build in environments matching the chosen distributions, so as long as the builds are properly setup and the user chooses the correct one (which is automatic, with the standard tools), dependencies will work out as expected.

The last time I had a discussion about perceivedly broken PPAs with somebody on HN, it turns out that he was abusing this system, by not using the proper suite (distribution).

I'm not sure how this works for Debian (I think PPAs also allow Debian suites), but if there isn't such [widespread] support for 3rd party repositories, then this subject should get more consideration.

Regarding shared libraries, if they wouldn't exist, operating systems would would take an order of magnitude more in space. I'm not a big fan of an 80 GB Ubuntu; if the public accepts that, that's fine, but shared libraries have a specific purpose.

I think the point is less about repositories and more about how desktop operating systems let you install any software you want, be it via package managers, Makefiles, or random binaries you get via torrent.

Install your custom stuff into /usr/local and never let the system package manager know about it. GNU Stow can manage self compiled binaries with ease.

You can package software on Linux with specific libraries: see Flatpak and Snap.

You can manage multiple versions of shard libraries as needed by different applications: see Nix.

Nix's is such an obvious and elegant solution to me that I wonder how it hasn't got much more traction.

I suspect a big part of it is people don't want to learn a subset of haskell to in order to effectively use their package manager.

Yeah, debian nowadays is much better you should try sid or buster.

However, the repository was for convenience. Nothing stops you from adding a new repository to install new apps. You simple have no choice with iOS on that front.

You have some choice on Android though, through both sideloading and using third-party app stores like F-droid.

I have a problem with iOS not allowing sideloading in a way that's viable for most applications, but I don't see having a default, managed system for installing software as a problem in itself.

Ohh I agree with Android. I just use AOSP and f-droid, and it works great

There is another choice for iOS -- register as a developer, and build and install the software yourself.

There's even a third party that is automating much of this process, because this is a hole that Apple will have a hard time closing.

The AltStore does not require a jailbreak: https://www.engadget.com/2019/09/26/altstore-alternative-ios...

Doesn’t this require the person building the code to own a Mac, a potentially expensive computer? Also I recall that years ago there was a $100 fee to register as an iOS developer, though I’ve no idea if that continues to be the case.

Yes, it still costs $100 per year, or else your apps expire after seven days and you can only have three (AltStore hacks notwithstanding—those will get closed soon I’m sure).

There are ways to sign apps without a Mac/xCode, namely Cydia Impactor. But Apple has very purposefully made this impractical for every day use.

and the cost of a macbook. for some people, it's a given.

but if you live in a 3rd world country, a macbook can cost as much as a car. it's just not viable.

> but if you live in a 3rd world country, a macbook can cost as much as a car. it's just not viable.

Not to be glib, but if a person can't afford a used/low end Mac how can they afford an iPhone?

Well my issue is I have no use for a Mac, I’m a Linux user.

Again, you don’t actually need a Macbook, you can use Cydia Impactor on any Windows or Linux machine.

How do you build the IPA without Xcode?

Hell, whatever that process is, I might even use it in a Mac (if I had one), just because I have Xcode so much.

If the actual goal is to sideload—which is what was being discussed—you don’t need to compile anything. You’d download a prebuilt but unsigned IPA, and then use Cydia Impactor to sign it with your developer certificate.

If you're ok trusting a third party (such as an alternative app store), they can build it, send you the binary, you sign it (on Windows or Linux), and install it on the phone.

Yes, it does require access to MacOS, and payment to Apple to register as a dev - even aside from having to build apps yourself, this is not a reasonable solution to escaping the walled garden

It doesn’t require a Mac or the $99 developer fee. You can use a free developer account and a non-Mac as the server.

Maybe we're talking about 2 different things here; to build for iOS, you need Xcode, and for Xcode you need MacOS and a dev subscription.

There is a $99 fee for the Apple Developer Membership. A Mac is only needed to run Xcode, which is Apple's IDE+toolchain for iOS/macOS/etc development. If you want to build from source, you do need a Mac. If you want to install a precompiled app (.ipa file) you can use Windows or Linux.

That's against TOS and it's something that Apple is trying to fix. This is not a solution. It's a hack.

As a casual user I prefer the walled garden that I get with iPhone.

Sure there are other apps but it’s just too much variety. What is out there is good and works.

Maybe I don’t know what I am missing because I never had it.

Maybe I don’t know what I am missing because I never had it.

That applies to freedom too.

> As a casual user I prefer the walled garden that I get with iPhone.

No one wants to force you to use other stores.

Main use case I have is to side load a tethering app because the carriers have monopolized that functionality into one solution with a rediculous fee in the app stores. Cannot stop me from side loading though on Android.

I'm also a long-time desktop Linux user. Since 2003. I'd say that my average linux desktop computer has about half and half repo and non-repo software. I can't imagine limiting myself to just what was in the repos. There's only a tiny fraction of software in those even including personal repos like ubuntu's PPA system.

With Arch / AUR even non-repo software feels like repo software.

However, on my ubuntu installs lately, I've found myself having to go with non-repo software for things that are in the repos. Because the repo version is just so far out of date. Version freezes with only security updates means lots of old software. I was loading my Arch configs on ubuntu and things were breaking. Update to current stable version and suddenly things work again. If i was stuck with repos, I would have just not used ubuntu at all.

I have a few applications which are installed from source, and as you say a couple of things installed beneath /opt. Currently that is: Firefox, golang, Arduino studio and Calibre.

You are confusing the availability of an automated software installation process with the possibility of installing software of choice.

I am mostly in agreement but I just want to highlight that having a curated store that is super easy isn't the problem.

The problem is not allowing other software. Sure, on Linux installing third party software isn't as simple as your package manager but it is possible and not made more difficult than necessary.

yes, but the difference is how high that wall is on the garden. Using an ubuntu/debian type apt based system as an example, it's quite easy and fast to 'trust' a GPG signing key for a new repository and add it if needed.

You've always been able to add additional package manager repos in Linux with a few lines of config. Not true for iOS.

That is only because App Stores never used to exist. Now it is common to not to have a side-load option.

And walled gardens aren't weird. It has always been the default. I can only install console games approved by Sony, Nintendo etc for example. Printer cartridges were even signed against the printer themselves. Companies have always tried to lock you down in some way.

> Printer cartridges were even signed against the printer themselves.

Printer cartridges used to be dumb and replacable by mechanically identical 3rd party products.

> And walled gardens aren't weird. It has always been the default. I can only install console games approved by Sony, Nintendo etc for example.

Those are gaming devices, not general purpose edge computing devices under which smart-"phones" fall for all intents and purposes. Personal computers are a much better reference point.

Personal computers are probably the only reference point in favor of “install anything you want”. Walkmans, TVs, game consoles, MP3 players, household appliances, automobiles, flip phones etc all come without the ability to run custom software. I think the only reason PCs didn’t start with an App Store model is that they predate the internet, so there was no way for them to really control distribution.

Frankly I think there’s a reason why no more open model is succeeding — the demand is not there and the app stores provide the utility most people want. I used to jailbreak my iPhone but there’s really no need anymore.

Many electronic devices simply lack the technical features or input channels that would allow third party software to run. I find it much more worrying when the devices have all the infrastructure in place to do so, but their manufacturer decides to actively restrict the users' freedom in that regard.

> I can only install console games approved by Sony, Nintendo etc for example.

That's an argument against consoles, not in favor of walled gardens.

installing trough package manager has been the default on Linux for what, 20 years now? it was called installing from sources instead of side loading, but it wasn't the default, and it's something you can do anyway in both iPhone and Android and it takes more or less the same effort and knowledge. the outliers were dos and Windows, and even then it caused loads of issues so much they had y to add multiple layers of checks between signatures, uac, blacklists and defenders because average users cannot be trusted to manage their own systems

> it was called installing from sources instead of side loading, but it wasn't the default, and it's something you can do anyway in both iPhone and Android and it takes more or less the same effort and knowledge.

Really, can you please explain how to install apps on an Iphone direct from the source for free permanently?

I didn't say free.

With Linux package managers, you can easily add additional repos.

And of course on Windows, Linux and MacOS, you can install whatever you like, from wherever you like. Android allows you to side-load apps (but I'd prefer if it made it much easier to do so), whereas iOS makes it both difficult and costly.

package managers let you add additional repositories with little hassle.

Consoles are very different, the hardware is subsidized by Sony where with Apple you pay a premium. Also consoles are more an entertainment device you use a few hours a day or just in weekends where smartphones are replacing general computers.

Comparing a smartphone and a console is a big stretch

Neither Xbox One nor Playstation 4 were sold at subsidized prices even at launch. That trend died with the 7th generation consoles.

Console manufacturers take a loss at the start but they start to make a profit as the components become less expensive.

And a console is exactly what Apple has tried to emulate so of course it's relevant.

>And a console is exactly what Apple has tried to emulate so of course it's relevant.

You could also say that Apple is emulating the printer manufacturers , some practices are similar but there are important differences.

Its not that weird. Don't forget when iPhone launched, you couldn't load any applications at all. It was all going to be web apps. "It's a phone, an appliance - not a computer". The majority of people are quite happy with having their phones as a 'it just works, its relatively secure, it doesn't crash all the time or run out of battery' thing.

And those perfectly happy people could continue to install apps via the app store without ever even thinking about the fact that some people install apps that aren't explicitly approved by Apple. And when you start getting into issues of free speech and people fighting for their rights against an oppressive government, it starts to feel like people other than the big happy majority matter quite a bit.

It was really weird when Windows tried to start using 'sideloading' as a term when pushing UWP. As if the standard method of installing software on Windows hadn't always been to run an installer file on it.

The term is still in use on the Developer options of Settings where you can decide if UWP apps can be installed outside of the Microsoft Store, though I believe they've backed off drastically, so the default is to 'allow sideloading'.

1. For most of the time you could hold a thing to your head and talk into it, “installing” apps was not a default.

Depends whether you think the handheld thing is an appliance instead of a processing unit.

We only started complaining about limits on installing apps on phones relatively recently in the life of phones and even smartphones.

We still mostly don’t complain about watches, but within a decade we will.

2. iPhone, Palm, others in late 2000s, attempted to kickstart an open app ecosystem where you could save HTML5 apps to your home screen that worked offline and with no marketplace.

All kinds of apps proliferated briefly, I even had a PacMan clone. Those apps still work, and much more is now exposed through APIs than used to be.

Free distribution remains a viable option for most types of apps. Especially for those developers that are just fine with things like Electron as a platform.

Had developers embraced this and pushed the limits, the ecosystem might have tilted very differently. It might still be possible given enough adoption to warrant platform investment.

We have been using Windows which is full of trojans, viruses and malware of all sorts, as well as slowed down by the absolutely necessary antiviruses, who are in a way viruses themselves, and don't properly help anyway.

I'd much rather stick with a walled garden.

My thought exactly

I completely disagree. The walled garden has done far more good than harm, in practice. I like the ability to sideload, as I have needed to do on Android on several occasions. Remember the technical skill level of the audience - you are not their target.

Some level of curation is beneficial. Opting out of the curation should be essential.

Buy Android. (or some obscure non-duopoly platform)

There has never been a mobile platform that allowed desktop level freedom to install whatever you wanted. That has more to do with mobile carriers demanding it than the platform companies. Android has been the most open, but even then, the more carriers they supported, the more locked down the device became.

I have no sympathy for the ruthlessness of Apple and its dictatorship about no app can have its own App Store like functionality, but it's also disingenuous to put all the blame on them for where we are today.

"There has never been a mobile platform that allowed desktop level freedom to install whatever you wanted." -- You mean like the old Palm and Nokia Symbian allowed us to do?

If I remember correctly, 99% sure anything sold from Cingular & Bell Atlantic came super locked down and you had to go through their SMS service to download the PRC files. You could enable developer mode by installing some app called HotSync, but then you had to find the software online to sync and those weren't easy to do.

I had a Treo from Cingular, it had absolutely no restrictions on installing programs. The preferred way to do so was generally by HotSyncing them from a desktop, but that wasn't any sort of developer mode, it was just how things were designed to work in the ecosystem (you wouldn't want to wait for the download over the air anyway).

There were a ton of aggregator sites for software with reviews, or you could just search the web for it, it was pretty easy.

All of Verizon’s phones were locked down with their BREW OS and proprietary VCAST App Store. Even doing something as simple as loading your own ringtones required heavy workarounds and sometimes third party software.

Nitpick: both Symbian and Windows Mobile/CE allowed this in the pre-iPhone times.

Indeed, I still have pseudo-fond memories of cutting my programming teeth on .NET Compact Framework and using the User Interface guidelines to design my UIs.

> There has never been a mobile platform that allowed desktop level freedom to install whatever you wanted.

Erm. I developed apps for Nokia and Blackberry without a hitch.

The restricted walled garden became popular with apple. It took off because, although the developer requirements were very constrained (as they still are), there was a very large swathe of users. I was 'forced' to join because my clients were bankers and traders jumping ship from blackberry. Then came ms and goog with their 'ecosystem' of stores.

> There has never been a mobile platform that allowed desktop level freedom to install whatever you wanted

All the flip-phones where working like this, you could just install any .jar into the phone and it would not complain.

What about the iPAQ and all the other Windows CE devices?

Windows CE devices were not locked down. Loved my Dell Axim back in the day.

You can side load Apps into Android and install competing stores all day long. The objection I have is that Google doesn't let you delegate that authority, it's either "Let Google Manage It" or "Let everyone do whatever the hell they want".

>The objection I have is that Google doesn't let you delegate that authority, it's either "Let Google Manage It" or "Let everyone do whatever the hell they want".

What do you mean? After android 7 or 8, the "install unknown apps" permission was per-app rather than being a global setting[1]. That means you can allow f-droid to install apps but not your weather app. The only difference is that third party apps can't install apps "silently" (you have to manually confirm each install/update through a system dialog).

[1] random image result: https://media.kasperskydaily.com/wp-content/uploads/sites/92...

That is better, but not ideal. You don't have a way to trust developer keys independently. What's the point of trusting Chrome if everything can be installed through Chrome?

I could see that being valuable if it's a Store like Steam or Amazon. It's not any worse than Google Play right?

Yes, trusting a store like fdroid is the ideal case. However, most uninformed users would come across an apk file on their browser, trust Chrome, and then Chrome will happily install anything.

The sad part is users being trained to just click away those warnings. Installing one of the few big & trusted third party stores should not require me to go through the same warnings as getting an APK from some random third party page. Though obviously Google won't be willing to grant that much control to a third party, even if revocable.

> Installing one of the few big & trusted third party stores should not require me to go through the same warnings as getting an APK from some random third party page.

Honestly I think there should be a distinction between normal permissions and permissions required to install other APKs.

AND I think it should be more cumbersome to install an APK that wants permission to install other APKs.

Not much different to installing things on a desktop OS.

If you mean windows, perhaps to an extent. On linux though, it is straightforward to do fine grained management of gpg keys for repos/ppas etc. Essentially, from the end user's standpoint, what you want chrome to ask you is "Do you trust developer Foo for the app Bar?", not "Do you trust chrome to install software?"

> The only difference is that third party apps can't install apps "silently" (you have to manually confirm each install/update through a system dialog).

That's a huge difference. Try downloading and maintaining apps installed with F-Droid on a device where it doesn't have system privileges. It's a massive pain in the butt.

> After android 7 or 8

That's at most 30% of devices?

7+ is over 50% of devices: https://developer.android.com/about/dashboards

And will eventually be all/most devices.

Yes, but we're not talking 7+, we're talking >7 which is very different.

I am on 7.1.1 and Allow Unknown Sources is still a global on/off toggle.


38.7% (8+ only) or 57.9% (if you include 7)

He said after 7 or 8. That excludes 7 and possibly 8.

I have a 7.1.1 device and can confirm they have the global toggle still.

Even proper support on iOS for Progressive Web Apps would help bridge this gap. On Android, you can go to a URL and receive a prompt to "install" it on your home screen. iOS keeps burying their equivalent more with each release and imposes way too many restrictions to web apps make it an alternative to the iOS App Store.

It is trivial to add a website to the home screen.

Just two clicks. One for share button. One to add to home screen.

Unfortunately, iOS does not support web push notifications like Android (and practically every desktop browser including Safari on macOS), which is a huge limitation.

Not supporting notifications at all is a dealbreaker for most apps that could just be PWAs.

Furthermore, last I checked, iOS doesn’t allow PWAs added to the home screen to access the camera or certain other valuable things that they should be able to access, but maybe that has finally been fixed.

Apple has intentionally made PWAs a bad experience to push people to the App Store, which is really unfortunate since they basically invented the concept of adding a website to your home screen that would then open in a chromeless experience that felt like an app.

While I too wish for better support for PWAs in iOS, the way push notifications are implemented in PWAs and iOS are fundamentally incompatible. iOS requires all push notifications to go through Apple's push server, which means there is only one long-poll connection to check and significant battery savings. Whereas, Google's PWA docs[1] literally lists random-push-service.com as the push server.

[1]: https://developers.google.com/web/fundamentals/push-notifica...

Safari on macOS already implements a proprietary web push technology using APNS. Push providers like OneSignal already support it.

It is 100% compatible with the way notifications work on iOS.

A long poll connection (i.e., a TCP connection not sending packets) uses exactly 0 joules of battery until something is sent.

That's not true. Long pools cannot have an indefinite timeout, especially for a mobile use case. Plus, it's not just the TCP connections. If you look at push notifications on Android phones in China, because GMS isn't available, every other app is having a background thread checking for push notifications. It adds up.

From that page:

> Each browser can use any push service they want, it's something developers have no control over.

The browser dictates the push service to use, not the developer of the web app. That URL is for the app developer to push content to.

I appreciate the frustration as a developer but as a user some of those APIs e.g. Push and Media Capture come with a lot of downsides.

I just checked Safari Desktop and I have well over 50 websites that I have blocked for Push Notifications. Many of which have no need to e.g. image site. But thankfully Apple has a polished, easily accessible UI for me to switch them off so not a huge deal.

On Safari iOS there is no Settings screen and not an obvious place to put one. You could put it under the main Settings screen but (a) nobody checks there and (b) it makes it confusing if you think of PWA as being a website still. And so you could end up with Push API being a feature that is hard to turn off. And that makes it a huge net negative for users.

Similar for the Web Capture API.

Ideally, PWAs added to the home screen would show up in the Settings app like normal iOS apps do. You would be able to control notification settings and privacy settings just like on any other app.

If they don’t want to allow web push for websites, that’s one thing, but crippling PWAs that users have chosen to add to their home screen is another thing entirely.

> Similar for the Web Capture API.

You can already use the camera through a PWA on iOS, until you add it to the home screen. Then, last time I checked, it stopped being able to use the camera or even ask for permission to use the camera, which really hurts the usefulness of PWAs.

The limitations are not entirely without reason, from my point of view. With app installation, there’s explicit consent involved — apps can never run unless I have requested such. On the web, all it takes is a redirect in an unexpected place to open an “app” that I want absolutely nothing to do with, at which point it’s free to slurp up all the unpermissioned data it wants.

That’s not to say that browser vendors have a bad track record when it comes to permission dialogs, but there’s still a ridiculous amount that they just hand over to sites without any prompt whatsoever.

This is easily fixable, however: just restrict the greater bulk of API access to “installed” PWAs, where the app runs in its own little easily manageable container with zero access to my main browser and specialized permissions UI.

That's different from full PWA support. Apple understandably has strong incentives to make building a PWA not a viable alternative to a native iOS app (since that means more iOS-only apps which makes other platforms less useful).

Yes. Because that's exactly the place where users would look for the install option. Apple's finest UX people at work, here.

Note, this only applies to Safari. So if you're using Chrome, Firefox, Brave, etc, you won't get that option.

IMO, this is also the best way to use Twitter on an iPad.

I dunno, I feel like there is a very solid user experience argument for not allowing the average person to do this. For those of you who are old enough, think back to all the sh*t your mom/uncle/grandparent would load up on their Windows 95 desktop. Now make it 100x easier to install an app. Seems like a recipe for disaster, for the average case anyways.

> think back to all the sh*t your mom/uncle/grandparent would load up on their Windows 95 desktop

So what. Should my computing experience be crippled because people are ignorant to security practices? Should we hold the market back because uncle Marty keeps visiting gross sites with Internet Explorer?...

> Should my computing experience be crippled because people are ignorant to security practices?

But it's not. You don't have to buy an iPhone. This isn't some bait and switch tactic. People who buy iPhones know the App Store is where they get software.

When uncle Marty and aunt Mavis are 99% of your users then yes, it does make sense.

macOS presents a nice model where by default the computer is locked down but you can disable code signing checks to run 3rd party apps at your own risk.

The big difference is that iOS/Android are sandboxed, whereas Windows gave every app access to anything. Even if you do manage to install malware on your device, the potential for damage is much more limited.

Uploading all your contacts and photos to malicious attackers is not “much more limited” damage; we keep a lot more important data on our devices now than we used to.

Even so, people should be free to fuck themselves over. Removing the possibility for everyone just because you don’t trust users to take care of themselves is such a sad way of thinking.

Think about it from Apple's point of view. If they make app installation easy from anywhere, you soon end up with tons of ads, popups etc. that direct you to a crappy app's site, which is either just very badly designed or straight up malware. And the average user will download them, just like they have been doing it on Windows (ever looked at non-technical people's computers? Remember toolbars?). Then people end up complaining about the manufacturer of the computer because they don't understand the difference. Windows used to be blamed for being slow after people installed all sorts of garbage on it. Similarly, in the minds of non-technical people, Apple would be blamed for making their iPhone experience clumsy and frustrating. Apple support will be called when they lose data or get their nudes stolen.

Apple wants everyday users to have a streamlined, simple, "just works" experience.

It is a common principle in many other facets of life. You can't just buy any prescription medicine for example, even though theoretically a well-prepared patient with access to the newest medical literature could figure out what he needs. But the vast majority most definitely cannot and relies on some kind of access-filter.

No one is forcing you to buy an iPhone or use iOS. I'd say the market has spoken on the whole curated app store thing, and it largely doesn't give a hoot. There are entire phone OSs built for people just like you. Vote with your feet and your wallet.

> I'd say the market has spoken on the whole curated app store thing, and it largely doesn't give a hoot.

I would say the market even prefers the App Store model. Google/Android is working more towards the Apple model and not the other way around.

It would be if users didn’t pay real money to voluntarily opt in to the scheme.

Devices that can’t (generally) run malware are a value, to some. I have computers, and I also have Pixelbooks and iPads. I use them for different things, and I store different data on them.

That also can happen (and does happen) with apps downloaded from the App Store / Google play Store.

so the question is whether user freedom is a better tradeoff.

I will quote Benjamin Franklin

" Those Who Sacrifice Liberty For Security Deserve Neither."

That infamous quote has gotten rather a lot of visibility within the past few years, AFAIK it gained popularity shortly after Secure Boot and Cory Doctor's articles that started the term "war on general-purpose computing" became well known, over 7 years ago:


A few more relevant quotes:

"Freedom is not worth having if it does not include the freedom to make mistakes." -Gandhi

"Insecurity is freedom." -(various)

Good thing you can still buy and use other phones that will run any malware you wish. It’s not a question of freedom.

Given the number of things that only run on an iPhone, I’m inclined to disagree.

Such as?

Side-loading is a first-class feature on Android.

[Edit: I'm a dumbass regarding APKs, ignore this]

You're talking about rooting which is different from sideloading.

On android, you can go to foo.com/someApp.apk and after accepting a bajillion warnings, install the app with no approval from Google needed

Isn't this thread talking about sideloading APKs, not installing custom ROMs?


You don't need to mess with the bootloader at all to sideload apps on Android. Maybe you're thinking of installing custom ROMs?

You don't have to only use Verizon branded phoneson Verizon's network. I haven't for years.

It isn't anti-competitive if you have a choice of comparatively equal standards and quality and you choose the one that doesn't offer the option you want.

It is anti-competitive regardless. The fact that it is or isn't the only option in the market is what frequently causes the intervention of anti-trust authorities, but it is still harmful behavior.

You can side load applications on iOS devices by re-singing it with your developer key. I do this when testing iOS apps for security vulns when source code or jailbreaks are not available. You can even binary patch the application and add new functionality (such as instrumenting w/ frida for debugging capability).


The point is that it requires permission from Apple.

If you trust (laughs in credit card thief) the developer, a program called alt store recently made tethered side loading easy. It doesn’t require xcode, a developer account, or a mac. The app is signed by the iPhone. It’s more convoluted than it needs to be but as it stands right now things are in a better state. It remains to be seen if Apple will crush this, as they do many nice things.

Some people consider this a bad feature of the iPhone and some think it is desirable.

Products are available on the market to suit both preferences.

Mandating sideloading would remove consumer choice.

It would also be compelled speech, since code is considered speech.

>Mandating sideloading would remove consumer choice.

How exactly are you affected by an optional thing that is off by default and hidden away. Apple could force you to watch some videos that explain why this is dangerous and make you read all the warnings.

Some smart developers and designers could design this so grandma is not tricked to install malware, you could even require you take a quiz online.

You also have the Mac OS example, it is not locked down and the viruses and malware are not rampant.

Honest question , can you take 1 minute and consider thins, is there a large monetary incentive for Apple to lock down iOS?

There is a good incentive for them to do it, just like any other business decision they make. There should also be a large monetary incentive for someone to create a more open platform if people really cared about it as much HN does. The problem is most people could care less. I will never hear my mom say she wishes she could download apps that aren’t on the App Store.

My son was playing a new video game. After he finished I asked him about it and he told me that was good but some buttons were inverted and he had to get used to that. He did not know or asked himself if maybe there are options to change the buttons/controls.

Same with your mother, she will not even know or consider the side loading app idea, this will happen only you are hit with things like your application or books are removed from your device, or a popular application is not approved because of political or moral issues.

Other example is ad blocking, my relatives do not ask me randomly , "hey is there something that can block ads?" , I need to notice they are missing an ad blocker, then explain why should install one and install one for them.

Btw my parents don't play video games, so since you decided if parents don't need something then is useless let's get rid of video games.

The incentives for people to trick grandma and anyone else into downloading malware would outweigh any benefit.

Frankly, Google and Facebook would probably be the first to release their own App Store apps and then use their platforms to tell everyone how this was safe.

To believe otherwise is naive.

>he incentives for people to trick grandma and anyone else into downloading malware would outweigh any benefit.

What is your opinion on Apple Pay then? if Apple has such a large user base of user that follow every instructions they read on a webpage and put their password in random inputs then Apple Pay is even more dangerous

You are clearly missing the point. Nobody is talking about people who ‘follow every instruction on a webpage’.

If you don’t think Facebook or Google could persuade people to install a store, you are out of contact with reality.

Once installed, those stores would be just as compromised as Google and Facebook have already proven themselves to be over and over again.

So the Apple users would read some instruction from Google to go into a hidden area of the Settings, tap some button 10 times, then lick Apple log 10 times, then enter into an input "I am aware that this is extremely risky and Steve Jobs will hate me" and then enable the different app store and later get infected AND they would complain to Apple "Why did you did not protect me from my stupidity, I did not knew what I was doing" , Really are this iOS users that stupid ? how could they use MacBooks without going monthly to a shop to remove viruses ? Or only iPhone users that don't have laptops are stupid?

You seem to have lost track of the conversation. We are talking about Apple being mandated to allow sideloading.

They obviously wouldn’t be allowed to make it so difficult that nobody could be persuaded to do it, which defeats your point.

You lost the point too, this kind of systems are already used, do you even know how you enable side loading n Android? or disable secure boot on a PC ? have you seen the warrnings that appear when you allow a webpage access to your webcam ? Apple has designers that can create a UX that will stop 995 of idiots to enable a dangerous option without knowing what they are doing. You did not responded why is not apple protecting the laptop users from their own stupidity.

And yet you are simply wrong:


Here is the exact problem we are talking about, happening today on Android.

The mechanisms you are talking about have been proven not to work.

As for laptops - they are. It’s not ‘stupidity’ that causes most people not to understand these risks. It is a lack of time to develop the expertise. Many people would like to pay Apple to manage these risks for them. For those who do not, there is Android.

I prefer the risk of some people installing some bad apps then the risk of Trump forcing Apple or Google to brick my device that I own.

You are still avoiding to answer why is Apple not locking down the MacBooks ? I mean is for the users safety, are this users in danger and Apple not caring enough abut them?

The answer is simple, you can make it safe by default and let the user unlock their device(from BIOS or from a setting s) Apple can afford to hire a UX designer to make the warnings clear for average person, can afford a lawyer to put some disclaimers there, can afford some developer to implement this unlocks. The reason they do not do this is not for your safety is for money and when they will be forced to implement it I am sure you will praise them on how a nice job they did when implementing it.

If you prefer to take the risk, then you are free to buy an android phone. For those who don’t, they can choose an iPhone. That is the current situation, and it is good. Taking that choice away by force is not.

You are proposing to have the government start mandating software features, which is absurd given your claim not to want the government controlling your phone.

I already answered your question about your MacBook but you chose to ignore it. The answer is that they are locking down the MacBook to protect users.

As for the ‘hire a UI designer’ argument. That has been proven not to work, but again you are pretending not to see this.

Except you can "side-load" apps (though you do need access to a Mac/Xcode).

No developer license needed, though it is slightly technical (but not outrageously so).

that requries: accept xcode terms and conditions, an apple id, and 7 day renewal.

It's sad that when you build an app from source and install it on your iPhone that it automatically expires after 3 days.

The userbase should be up and arms about it. But they aren't, because most iOS users have never even known an experience on their phone of being able to sideload their own apps. Instead you always get some hand waving about how "Apple knows best" and if you "don't like it, get an Android". It's tragic.

What do you mean "side load"? You can download non-App Store apps from source code...

If only there was an app to automate this process.

I too wish you could side-load, and the reasons for which you can't aren't 100% noble, but I do appreciate the side-effect of improved security. Side-loading from phone to phone would be a hacker's wet dream.

https://altstore.io/ automates sideloading in iOS without xcode

you've been able to sideload apps on iOS for a bit now.

2016 article: http://osxdaily.com/2016/01/12/howto-sideload-apps-iphone-ip...

Okay mom, first thing you need to do is install Xcode...

There's cydia impactor which is much more straightforward. It only needs your apple id and an IPA.

Unless you have a paid developer account you will have to reload every 7 days.

...on a MacBook - I forgot to tell you - you have to buy first.

You also need an iOS device too. Crazy.

Is that a rebuttal? That makes no sense: as it is the target platform, of course it is required.

The point was I don't need a Chromebook to develop Android applications. I don't need a Microsoft Surface laptop to develop Windows software. Somehow, Apple requires you to buy their expensive hardware to develop for their platform. There's no technical reason you couldn't just get their OS and development tools; they just want you to shell out for overpriced x86 hardware along with those.

Unless your mom seriously understands the security implications of sideloading, she should probably just stick with the App Store.

What kind of app is your mom needing that wouldn’t be App Store approved?

HKMap maybe? Did you just forget the main topic? Or are you insinuating that protestors fighting their regime must also be expert at hacking electronic devices?

XCode runs on iPhone?

Edit: It looks like you need a Mac computer to do this.

yes, for that exact method you need xcode. there's other methods.

Not like a normal app. Not like an android phone. I will never get an iPhone until I can install whatever apps I want.

nobody asked or cares but you do you

This website is full of people openly stating that they'll never switch away from their beloved Apple devices until competitors catch up with privacy protection, OS updates or what else. Somehow, one opinion going the opposite direction (for instance, Leader2light's) appears once in a while and quickly gets greyed to death. This bias is plainly disgusting to me.

It also helps beef up security against drive-by attacks, no? Wouldn't it be easier for a malicious website to install software on your phone without your express permission if not every app had to be signed by Apple? Presumably it would have to be combined with another exploit, but still.

No one is advocating for "silent" installs; even in the wide-open-freedom days of early Windows, you still had to download and run a binary to install anything (browser exploits and such notwithstanding.)

No but what I'm saying is, given other exploits, this could be one additional hurdle for attackers. I.e. right now, if they figured out how to bypass the prompt, I believe (?) they still couldn't install a binary that isn't signed by Apple.

Apple developers are smart enough to sandbox a browser and have the installer processes secured enough, there are so many ways to do it.

The point is that every layer helps. It's bad security practice to build a single layer of defense and call it a day. People always find a way through.

Who said only 1 layer ?

You sandbox the browser

you put the installer on a different user

you make the installer always open a popup

you ask for the password/pin

If a JS script can bypass all of this then you have a bigger problem, the malware developers can easily already have a dummpy app already in the app-store that is signed by Apple, the installer signature is the last thing you should worry about in this case (better disable JS now)

You are correct that the walled garden contributes to security by creating "another hurdle" for attackers to overcome.

Nobody is arguing that Apple's approach isn't more secure; they are arguing that the tradeoff (an additional layer of security vs. the right to install the software of your choice in a computing device you paid for) is not worth.

There are countless examples of this. Requiring everyone to strip completely naked to get on an airplane would absolutely act as an additional hurdle for a person with nefarious intent, but we don't do that because we acknowledge that there must be a fundamental tradeoff between our safety and our freedoms.

You jailbreak the device and then you can sideload anything you like.

> I get that they want a sanitary app store but if I go to myapp.com I should be able to side load.

Great. Maybe get yourself a developer license and do as you please. I applaud the fact that whatever I install comes with some sort of safety constraint.

The big takeaway is that the app was never removed from the store - it was just never approved. Apps not being approved is quite common.

All the headlines were saying that the app was "banned"/removed from the store, leading to massive outrage.

I don't see how there's much difference, it's like arguing that a library isn't "banning" a book because they refused to carry it in the first place.

Because not being approved is normal for all sorts of apps. This whole controversy was blown out of proportion. If your app is not approved, you just make the changes and resubmit.

Assuming changes can be made in order to be approved while still being true to their goal (which is essentially escaping from law enforcement). Apple rejected the app explicitly because of what it was trying to achieve.

The App Store is not an open, public resource. It is supposed to be curated so not allowing most apps is its purpose.

Great, we all got trolled then. So hard to differentiate these days...its exhausting

Manufactured outrage.

When you see an apparently sudden influx of mostly negative OR mostly positive news about something, suspect that it's paid for.

See cases like https://www.google.com/search?q=samsung+paid+students+for+re...

Is it really not likely that it was escalated internally, and some managers were sitting on it?

The controversy might have caused an escalation but not being approved is fairly normal. It’s entirely likely that all this was manufactured outrage.

> Apps not being approved is quite common.

Citation? There are an estimated 2M+ apps on the App Store now. How many are sitting in a not approved purgatory? I've written a few iOS apps over the years and either been approved or told I was missing a proper sized screenshot and once fixed then immediately approved.

Approval is the default state, which is why it's news when an app is not approved.

The app was banned just as Apple bans all apps by default.

Maybe it was a misunderstanding or review failure, not an evil conspiracy? You know, they are know to happen quite often...

That would be my guess, the review process is incredibly arbitrary. We made an minor change to our App that's been in the store for years and it was rejected because suddenly our App was misusing Apple branding and also promoting another Platform. Both objections cited a screen that's been in the App for years that allows the user to make a payment using Check, Credit Card, PayPal, Apple Pay, and Google Pay.

Apparently we magically started mis-using the Apple Pay log and were promoting Google/Android for having the Google Pay logo. I responded back asking if we needed to remove the PayPal, Visa and Mastercard logs since they were competing platforms to Apple Pay as well. The random reviewer that looked at it next said it was fine and approved it.

I have had similar experiences with it being arbitrary. I'll push up a quick bug fix for something and get dinged on something completely unrelated, meaning I have to wait for a second review to get my fix in. It's pretty frustrating.

The problem is that often the only effective way to 'appeal' those failures is to make a sufficiently large public stink that someone with the power to fix it is notified (by employees seeing the bad press) and actually fixes it.

Apple was involved so everyone was already chomping at the bit with their rhetoric and pitchforks.

Apple only has its self to blame when it doesn’t necessarily get the benefit of the doubt as far as potential Chinese policy influence goes.

Maybe a non-senior, or even senior reviewer rejected it to be safe until a higher-up could make the executive decision on whether or not it was allowed.

So it's either incompetence or sucking up to China?

"Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith."


or both, or neither. Apple’s review process is pretty opaque so we may never know. What we do know is that they changed their minds. That’s a good thing.

As others here have said, Linux distributions are well used by using official packages. That said, my two Linux laptops and Linux servers I spin up for personal projects are at least partially for the freedom to install anything I want.

For macOS, iPadOS, iOS for my watch, and iOS for my iPhone, I like the protected walled garden. I also like to sometimes use my Chromebook for the same reason: these closed platforms feel more secure to me.

I am happy that Apple OKed the HKMap.live app.

> For macOS, iPadOS, iOS for my watch, and iOS for my iPhone, I like the protected walled garden.

No one wants to take away the option to only use Apple's store.

With macOS, you can install anything you want. The macOS App Store only contains a subset of all software available/written for macOS.

That seems to be changing too for apps outside the Mac App Store:

"Beginning in macOS 10.15, notarization is required by default for all software." [1]

How many users would even figure out (if it's possible and) how to bypass this? Looks like developers will have to do a lot more.

[1]: https://developer.apple.com/documentation/security/notarizin...

Not that difficult to notarize an app. For example, the latest Sublime Text just added it the other day.

Alright, but, of course, we're talking about more legacy apps, here. What if I've paid a licence for an obscure VST?

I have been running beta versions of Catalina for several months. Catalina is locked down, security wise.

Since no other comments or the Twitter thread have any context, here's a Boing Boing article on what the heck HKMap.live is: https://boingboing.net/2019/10/04/hkmap-live-hong-kong.html

I once got denied. Deleted the app, changed the name by just adding a !. Got approved. Apples process is very inconsistent. Unclear to me if it was public pressure or just the failures of their system

I’m genuinely curious. Does this app do anything that couldn’t be accomplished by a progressive web app?

Yes, gain a real audience. For whatever reason regular users don't use progressive web apps at nearly the same numbers as native apps. At least on iOS

There are an android version as well as a web app.

Slightly OT: Why does HKMap have to be an actual app and not a browser app/PWA? Does it do something in the background or with the hardware of the phone? Or are websites more easily blocked in HK than the App Store?

What if this app is actually a "honeypot" developed by the HK/Chinese government?

Protestors being infiltrated by those who wish to subdue them, has been a thing since forever.

Our game uses emoji to represent players and their structures on the map. Just like HKMap app which displays live events using iOS emoji font.

We’ve been rejected until we came up with our own graphics for emoji. Who knows, maybe this was why they were rejected. Also, the UI is quite buggy. Could be another reason.

Could this work as a website? Seems like the easiest way to avoid depending on App Store

It is, https://hkmap.live, and the app is probably boilerplate with the PWA embedded inside.

I get that "no encouraging illegal behavior" could be a rule.

But then I wonder how there are multiple crowd sourced speed camera apps.

How would "speed camera apps" encourage illegal behavior? The state patrol in my state is happy for people to know where cops are places on the road, where speed cameras are used ... this knowledge makes people slow down and makes the road safer.

> How would "speed camera apps" encourage illegal behavior?

If almost all speed cameras are in the app, then you can just slow down near the cameras and speed everywhere else.

If there's no app, you don't know where the cameras are, so you need to be careful everywhere.

So apple would have to ban telegram and all Internet forum ?

Put under pressure, Apple is coming back. Funny

I bet they read the uproar here.

Cool, Apple isn't so bad I though after this app ban.

But anyway, if you're in China - be careful, seems like Chinese icloud (or something like it) under government control, too many issues/speculations about it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact