This article glosses over the biggest deal in the bill.
Section 3 subsection d - INTEROPERABILITY
A Covered Company that controls the operating system or operating system configuration on which its App Store operates shall allow and provide the readily accessible means for users of that operating system to—
(1) choose third-party Apps or App Stores as defaults for categories appropriate to the App or App Store;
(2) install third-party Apps or App Stores through means other than its App Store; and
(3) hide or delete Apps or App Stores provided or preinstalled by the App Store owner or any of its business partners
Let's see how far this goes before it gets mangled all to hell.
> APP STORE.—The term ‘‘App Store’’ means a publicly available website, software application, or other electronic service that distributes Apps from third-party developers to users of a computer, a mobile device, or any other general purpose computing device
General purpose computing device isn't even defined in this bill! Is the Xbox general purpose? Sure, most people use it to play games, but it has a full web browser with Microsoft Edge! the Switch and PS5 also have web browsers, just not with a URL bar. Do they qualify?
There really isn't, at least in the US Code. If there was and this law was referring to it, it would refer to it "as defined by U.S.C <number>".
This discussion from a year ago illustrates my point; this bill is PR fluff and the one they actually discuss putting into law will have to be more specific https://news.ycombinator.com/item?id=24191018
Do you think Alexa 'apps' count? If so making that work seems like it have to completely open 'Alexa' up (hooks into voice recognition, programming logic) as basically an extensible AWS type platform.
That's actually a fairly sensible bill. I'd imagine that both Google and Apple's respective teams are working their hardest to prevent the American people from hearing too much about this.
I haven't yet formed an opinion on whether this bill should apply to Sony (PSN) or Microsoft (Xbox), but in general, Sony and Microsoft very definitely qualify as giants.
The non Google Play stores are severely nerfed though - they for example can't auto-update apps installed from them, like Google Play can.
So if you install something say from Fdroid and want to have it up to date (say a Firefox rebuild), you have to periodically open the Fdroid app, check if there are any updates for the app and manually install them if there are some.
Also I don't think you can currently hide Google Play if its installed, again giving it an unfair advantage.
Exactly. This is because F-Droid requires root access to provide this functionality. I'm not sure if the module for this is still up to date, but it is a Magisk module that could be installed on any Android device rooted with Magisk.
Well I actually also have a Note 9 and it seems Samsung stuff generally does not get updated by itself & either stays outdated or nags for update I need to manually trigger.
It's not quite that dire, as F-Droid will pop up a notification when there are apps that need updating. But yeah, you do have to tap through and confirm to get it to update, once for each app.
Not so much "preventing" anyone from hearing it as much as disparaging the bill in public discourse alongside buying off politicians. Mostly because word about bills like this tends to go around anyway thanks to all the orgs working for the public good. E.g the EFF, etc.
It's too easy to for Google&Apple to tip the scales. Choice will mostly be an illusion as almost everyone will choose Google or Apples store. You can see it on Android today.
I don't mind that personally. They can default to their own stores and advertise them, as long as I can sideload anything I want.
On Android I do use sideloading for niche applications and for FOSS applications available outside the Play Store (F-Droid).
If iOS allowed the same ability to sideload that Android does, that would be a huge step forward for "power"users, irrespective of whether the majority of the population stays with the Apple default.
For what it's worth, https://altstore.io/ is a relatively-new sideloading system that "just works" for iOS without jailbreaks - you can download .ipa packages however you want, and as long as you're on the same WiFi as a computer running the server, it will re-sign them with a personal key every 7 days. Outside of emulators, though, there's just not much of an ecosystem of high-quality apps for iOS that aren't built to be Apple-approved. But hey - you can bring back Flappy Bird!
I’m not sure who lobbied for this legislation, but I have a gut feeling a company like Facebook is behind some of the money. What a Trojan horse, a government legislated third party Facebook App Store on your IPhone/Android that incentivizes developers to build apps that plug into the FB ecosystem. Lower percentage cut taken by Facebook, with the ultimate caveat - no privacy, all your user data is ours, oh and ads, lots of them.
Cheers. Shit, FB didn’t even have to develop their own phone. What a win.
At this point the enemy of my enemy is my friend. Let's see if whoever is doing the arm twisting can force Apple onto a path where they don't get to do every single little thing that they want.
That's interesting because I have the opposite view - I prefer Apple maintains control so that Facebook doesn't get to do every single thing they want. Facebook is strictly worse and I bemoan a future where FB is given even more data to sell on hundreds of millions of Americans.
Personally, I don't really like the idea of depending on re-signing every 7 days to prevent apps from breaking. In practice it would be fine nearly 100% of the time, it's just not something I like from a point of view of principles. It feels like an immense contortion to make just to install a binary on a device I own :-(
It should really work the same way you select a default browser during setup. Even if you can sideload a different option, setting a default to their own property is a classic example of bundling, which is an anticompetitive act.
Even if the only effect of a law like this was that you could run a better browser on iOS, that in itself would potentially be game-changing. It is hardly a radical suggestion at this point that Apple might have consistently and knowingly nerfed the only real browser users can run on iOS to reduce competition to native apps bought through its own store.
Let’s be honest here. If that happens , Chrome wins cause developers interest do not align with consumer interest but money interest. Understand I’m not saying that Developers go for the money, I’m saying the majority of companies that employ developers do and they will target chrome. Firefox by itself is not enough to fend off Chromes “standards” and the only thing ironically stopping Chrome dominance is stagnation not completion.
I am all for browser diversity but if there did end up being only one browser almost everyone used I would prefer it to be Chrome than iOS Safari. Everything from security updates to functionality in numerous areas is inferior with Safari and that hurts users and developers alike.
Yes forcing Apple to allow alternative Browser Engines and javascript/html/css runtimes such as Electron, would be the quickest and easiest way to help developers introduce some real competition to native apps.
I think that these demands should require the built-in app store to support an interoperable feed to other sources. I think that they do but not clearly enough.
I doubt Google would interpret it that way, but that would be the fair way to do it. Make it so that the information is interoperable rather than just not actively disallowing it. Then it can stop being a monopoly.
Out of luck how? Isn’t the goal to be able to install and use Cydia without jailbreaks and without signing it yourself? And if the bill passes in the sort of form that is here, isn’t that exactly what’s going to be possible, so then the goal is achieved?
(1) choose third-party Apps or App Stores as defaults for categories appropriate to the App or App Store;
What does "appropriate" mean? From apples POV they will probably push that no "sensitive" default is ever appropriate for any App or AppStore and how is it handled? If I would be Apple acting like apple did in recent years I would require such apps to be white listed in a extremely cumbersome system which requires and Apple Dev account, allows later revocation by Apple and requires resigning every time you push a update which will always takes weeks and gets randomly denied because they supposedly detected malware or security flaws in you app. Making it "de-facto" impossible to set defaults to 3rd party apps.
(3) hide or delete Apps or App Stores provided or preinstalled by the App Store owner or any of its business partners
Hide doesn't mean disable, it just means "make it not visible" and makes this paragraph in the end pointless.
I suggest you read the full text or at least in part.
>choose third-party Apps or App Stores as 13 defaults for categories appropriate to the App or 14 App Store;
Categories appreciate to the app means you can set a non default browser to handle urls and a image viewer to handle images herein appropriate means that the application can handle that type of content it is not an opening for apple to decide what kinds of apps are appropriate in the normal English language definition of the word.
I don't think merely deleting the icon for an app but opening it in response to a link would meet the intent of the law but it ought to just say disable.
Facebook app store and Epic App Store are about to double turn their faucets on.
But you are right, the lobbyists involved here are playing for seriously high stakes. I guess someone finally found a way to make Apple spend all that cash on hand.
As a long-time Android user, if this passes I might actually consider buying an iPhone for the first time in my life, which feels rather ironic considering Appple is fighting it tooth and nail.
I love this idea - I paid a grand for this thing, I should be able to run whatever I like on it.
However, this does make it significantly more difficult for Apple to dictate terms to every random app that your network of friends and colleagues makes you download, and makes it more likely that those apps will be a regression in terms of actual consumer experience.
Regulation of access to your camera roll and contact list is a terrible idea, so I don’t see a solution.
Apple is the only thing stopping WhatsApp (let’s face it, an essential app in 2021) from demanding your location at all times. We don’t notice this on the web, because Mozilla and Google (!) enforce terms for us (and most desktops don’t have GPS receivers).
Take out the gatekeeper on mobile and we might find that the benevolent dictatorship wasn’t so bad after all.
Edit: want to add that replacing Apple’s consumer protection gatekeeper role with a government agency is a non starter. Apple (and to give them credit, Google) know that the data available to the gatekeeper role is toxic and dangerous. Government thinks it’s a big bowl of lollies.
What splitting the app store from the OS does is encourage stores to compete on the basis of quality of the store and not the quality of the store + OS + hardware. Apple and Google will have less leverage, but all the qualities of an aggregator will still apply. Google doesn't own the websites they index or the internet they're served over, but they still have tremendous control over the web.
We see this even in the PC space: people will refuse to buy games not on Steam and many of the stores that sprung up a few years ago (Origin and UPlay) have since conceded and narrowed in scope.
Some apps will bypass the Apple/Google store, advertise themselves, and supply their own infrastructure for distribution. When that happens, Apple and Google will no longer have control. Implicit in the argument that they should have control is the assumption that these two companies are the only two enforcement bodies that can be trusted. As should be evident by now, you do not control Apple or Google and have no recourse if they break your trust. These companies care, first and foremost about their profit margin. It is naïve to think that consumer choice reflects Apple's or Google's stewardship of the store. Not everyone buys a phone because they like the walled garden.
I used to think sideloading was/third-party stores were a problem because of what you describe, but I've come to believe that it's the most free-market solution available to curtail some of the excesses of these gatekeepers while minimizing design-by-government.
The issue is that, now, third-party companies can force you install their store to download their app, and can use ad tracking identifiers outside of the IDFA, or worse, use private APIs (like auto-obtaining your phone number) as much as they want. We saw this with Epic before they went on the Play Store - you had to use their launcher to install Fortnite.
All it does is force "choice" onto users further down the stack - users that don't know what they might be giving up when they install a third-party app store when trying to install "Fortnite" or even "Fortnite VBucks Generator Free iOS".
> The issue is that, now, third-party companies can force you install their store to download their app
And they will have a vastly reduced set of people willing to use their software as a result. Other than a few key things, that's probably more trouble than it's worth for a lot of people, and the requisite "Warning: This app store is handled by someone else to make absolutely sure you trust the company running it" will scare a bunch more off, if it's something new.
If, on the other hand, it's Steam, or Epic, or some other super well known steward of content that has a well known name and reputation, then maybe if users are also lured by lower prices, they might consider it.
You know, exactly the same way you might feel a lot more comfortable buying that watch or toy you really want if it's from your local target and not some random guy with a table on the street.
If Epic/Tencent forces iOS users to use their app store to play Fortnite, there will be no luring of users based on lower prices.
They will just (effectively) all move over and (effectively) none of them will read any warning text.
God only knows what companies like 100% Tencent owned Riot Games will have running on millions of Americans' phones once they get the elevated access an app store requires.
Exactly. There shouldn't be a private API to get your phone number. There should be a public API, and calling it should request permission from the user.
Of course, the app can refuse to function if you deny it...
Exactly. Come in HN. You’re smart. If you give the average user numerous pop up boxes to click they’re going to be conditioned to click allow no matter what the permission is to get where they need to go. It is not an answer and counter productive.
Sure, there's a fine line between users actually reading the prompt and making a real choice vs. just tapping "allow" to get it to go away.
I feel like "do you want to give this app your phone number?" falls under the former, though. Right there along with "do you want to give this app your location?", which is of course already something users have to allow.
When you rely on a gatekeeper for security, it results in problems like the Play Store being the main vector for malware distribution on Android[1], and Apple's App Store distributing 500 million copies of Xcodeghost to users' devices[2].
Xcodeghost was just another analytics API to Apple, so they didn't care until they were alerted that it was added to apps without the consent of these developers. It was not 'malware' in the sense of enrolling users in a botnet or utilizing private APIs to record the screen without permission.
Lookout Security describes it as malware[2] and as malicious, as does Palo Alto Networks[3], Ars[4], Reuters[5] and The NY Times[6].
From here[1]:
> Remote control security risks
> XcodeGhost can be remotely controlled via commands sent by an attacker from a Command and control server through HTTP. This data is encrypted using the DES algorithm in ECB mode. Not only is this encryption mode known to be weak, the encryption keys can also be found using reverse engineering. An attacker could perform a man in the middle attack and transmit fake HTTP traffic to the device (to open a dialog box or open specific app for example).
> Read and write from clipboard
> XcodeGhost is also able, each time an infected app is launched, to store the data written in the iOS clipboard. The malware is also able to modify this data. This can be particularly dangerous if the user uses a password management app.
> Hijack opening specific URLs
> XcodeGhost is also able to open specific URLs when the infected app is launched. Since Apple iOS and OS X work with Inter-App Communication URL mechanism (e.g. 'whatsapp://', 'Facebook://', 'iTunes://'), the attacker can open any apps installed on the compromised phone or computer, in the case of an infected macOS application. Such mechanism could be harmful with password management apps or even on phishing websites.
> Stealing user device information
> When the infected app is launched, either by using an iPhone or the simulator inside Xcode, XcodeGhost will automatically collect device information.*
> Then the malware will encrypt those data and send it to a command and control server. The server differs from version to version of XcodeGhost; Palo Alto Networks was able to find three server URLs:
My point is that these are all things which analytics apis (which, mind you, are also arguably malware) at the time did as well - reading the clipboard was common as many operated their own internal clipboard proxy due to the slowness of pasting in older iOS versions. It's only called malware and not Facebook because it was injected into developers' apps without their knowledge.
And the 'remotely controlled via commands' section is meaningless - apps can't JIT so such C&C was simply turning flags on-and-off to go on different code paths.
The OS layer can be compromised - all recent iOS jailbreaks besides ones that rely on checkm8 use a series of userland exploits to break out of the sandbox and gain rootfs access. Nothing is stopping a seemingly innocuous App Store from installing an app that silently jailbreaks the phone in the background to then bypass the OS whitelists that gatekeep these private APIs to Apple-provided apps.
Also slots nicely under the "failure of an OS" category.
Legislation like this forces Apple to actually maintain a good OS lest it be riddled with malware. They seem to be doing fine on macOS they can do the same for iOS.
Craig Federighi said it himself that the level of malware on MacOS is unacceptable[0]. It's impossible to make a completely secure OS that never has bugs - it's less impossible to create a review system with rules and processes that limits the amount of user-downloaded malware to single-digit numbers.
Craig Federighi is a very powerful executive doing everything in his power to protect his company's business model. That includes lying as he did in that court. Craig uses a Mac everyday he's fine with it's security.
I'm sure his MDM-enforced gatekeeper setting is on "Apps downloaded from the App Store" and not in the default position that includes "and identified developers".
I do think competition will be limited, though, as Apple's and Google's stores will be installed by default when you get the phone. Most people just stick with the default. Consider browser search engine defaults: Google pays Mozilla a lot of money to be the default search engine on Firefox, even with Firefox's small and declining market share. The holder of the default has a huge competitive advantage in that most users won't stray from it, or even think about the possibility of an alternative.
(It's funny, because this just feels like an echo of the 90s, when Microsoft killed Netscape in no small part by bundling Internet Explorer as the default for new OS installs.)
But only Apple and Google are big enough to fight the other bad actors. Sure, their interests may not always be aligned with mine, but we are much more likely to be aligned than mine with the bad actors.
So, I pay my money, and I get Apple to be my Big Brother who protects me from the bad actors. And if I decide that I no longer want Apple to play that role, then I can go buy an Andoproid device, or whatever.
But Apple can’t effectively play Big Brother in that role and protect me from all the other bad actors, if they are forced to allow alternative app stores and sideloading.
It’s like cryptography. Either it’s broken, or it’s not. Or Pregnancy. You are either pregnant or not. You can’t be a little bit pregnant, or have crypto that is only a little bit broken.
> if they are forced to allow alternative app stores and sideloading.
You can not use alternatives.
It's like pregnancy, if you wear protection, you can have safe sex. If you're scared protection isn't enough, you can not have sex and you won't get pregnant.
Ok wait that's a weird example that isn't supposed to be preachy but the point is you can always not use non-apple app stores and apple can still protect you.
The largest part of this protection is major companies not being exclusive on other app stores. If EA says all games must be downloaded from X, people are going to use X even if X doesn’t offer refunds of any kind etc.
For a lot of the world, they will not be able to say ‘no’ to a Facebook App Store. That’s the attack vector. Selling an ad-model based FB app on the FB App Store might have more reach than simply targeting iOS users.
If Zuck’s money is behind this, it’s a really good checkmate.
Where are the real journalists when you need them? We need a list of whoever is funding these lobbyists.
> But only Apple and Google are big enough to fight the other bad actors. Sure, their interests may not always be aligned with mine, but we are much more likely to be aligned than mine with the bad actors.
So, I pay my money, and I get Apple to be my Big Brother who protects me from the bad actors. And if I decide that I no longer want Apple to play that role, then I can go buy an Andoproid device, or whatever.
That's quite a Stockholm syndrome-y view. What protects users, first and foremost, are users themselves.
Take the imaginary scenario of "WhatsApp requiring constant location data".
On an open platform, other users will provide you tools to defeat these requirements, either by modifying the app code itself, adding code around it to provide it fake data, or simply not allow these APIs in the first place.
If WhatsApp is really clever about it and detects all attempts at thwarting the surveillance, then users will develop and distribute an alternative messaging service (see Signal gaining serious traction after a way milder anti-user update by WhatsApp a few months ago).
It's only in the context of a lack of competition that such bad behavior is tolerated by users.
> But only Apple and Google are big enough to fight the other bad actors
"big" is not the deciding factor. Amazon and Microsoft are also big. They do not decide what's on your phone. Apple's and Google's stores are big by default because Apple and Google have control of the platform. It's not the other way around. It's also not binary. If the store is decoupled, they will have less control, but not no control. Influence is weighted by user-base.
> Sure, their interests may not always be aligned with mine, but we are much more likely to be aligned than mine with the bad actors
Their interests are more aligned because they sell you the platform. They have many more ways to do this that aren't dependent on a quality app store. A store that survives on just the store is even more aligned to maximizing loyalty and trust in that store.
> And if I decide that I no longer want Apple to play that role, then I can go buy an Andoproid device, or whatever
Maybe you can, but for most people in the world, a phone is a significant investment and not a choice you can easily switch when you've already spent significant money in the ecosystem.
> It’s like cryptography. Either it’s broken, or it’s not
It's not. Even now, there are practical limits to what Apple can demand of its developers. Less control means less power, not no power. A store filled with bad apps is not a store most people will willingly buy from, unless there is external pressure forcing them. I don't think there's really much of an argument there. What this discussion is really about is the Facebooks of the world that have tremendous influence and also do shady things. Already, we see that Facebook plays by different rules with different stores, with greater tracking on Google platforms. This wouldn't change if Apple's store were still big enough to matter, but if Apple's power were weakened there's a risk that Facebook (for example) might have enough power to not care. So, this is what it's really about: some people trust Apple more than Facebook and want Apple to have total power in that relationship by being bigger than Facebook. This necessarily piggybacks off of the power given by people who do not care about or trust Apple, gained by means that are not the quality of the store. These people will likely stay with Apple regardless of how much Apple abuses its trust, but yet the people that do trust Apple think their trust matters.
> Amazon and Microsoft are also big. They do not decide what's on your phone.
I agree with your point, but just want to point out that Microsoft does similar things on Windows with Defender that Apple does on macOS with Gatekeeper, and both can be described as the companies deciding what does or doesn't get to run on your computers.
Both companies require you to buy certificates and remain in good standing with them if you want your software to run on Windows or macOS without a problem. Microsoft and Apple can revoke certificates whenever they want for any reason they want, and after doing so, Defender and Gatekeeper will prevent apps signed with those certificates from running on either OS.
macOS treats unsigned apps as if they're radioactive, and hides the ability to run them from the user. The switch to the M1 platform brought a new requirement that all apps must be signed as unsigned binaries won't run on M1 Macs. Windows Defender will also treat unsigned apps as if they're radioactive, and prevents users from running them initially.
If you want your apps to actually run on modern macOS or Windows systems without users thinking they're either broken or malicious, you need to pay for certificates and remain in good standing with both companies. Apple goes one step further and requires all apps to be Notarized, which involves uploading the app to Apple's server so it can analyze and approve it to run on macOS.
To truly open up iOS, by my understanding, Apple would need to remove the requirement for notarisation of binaries. This would mean they'd also need to sort out their entitlements system, given an app can use entitlements to say it isn't sandboxed. That was the root cause of a recent exploit, where differing parsing logic allowed an app to get signed while declared as unsandboxed. (https://siguza.github.io/psychicpaper/)
One approach could be to namespace installed apps based on the store ecosystem which installed them. Assuming platform level permissions for access to user data are enforced by the platform and can't be worked around via the manifest file, this would ensure apps can't move around outside of their "store" sandbox and access the data of other apps.
More ideally, Apple would move away from signing a plist that gives an app special access, towards the user prompts like those for contacts access etc. And where possible, use portals to give granular access to selected resources like photos (or selected contacts).
> To truly open up iOS, by my understanding, Apple would need to remove the requirement for notarisation of binaries.
Or extend the notarization system such that adding another store adds another notarization authority to check.
There's no technical reason Apple can't provide a close to seamless experience for other app stores, there have always been incentives to not do so though.
Even if this bill were to pass, I don't think we'd see smooth use of external app stores, but not because it's technically impossible, but because it takes effort and the incentives for Apple are still to not put any effort into it that isn't strictly required, beyond not leaving the perception of their security in shambles.
Absolutely - there's few technical barriers here. I thought about the idea of supporting multiple notaries, but concluded that the current system is too reliant on the notary system for platform security, since the signed app's permissions statement is taken "as-given".
A redesign of this would certainly enable a seamless experience - just namespace apps by their store, and the official app store becomes one of many stores, sitting inside a namespace based on their public key hash.
I regretably concur - the non technical barriers would go up. I could envisage some convoluted process to add a store (that would make installing a provisioning profile seem like a walk in the park, even though actually a provisioning profile might be the best technical example this could be done!), followed by a whole list of restrictions imposed on apps from alternative stores - no Apple pay access clearly, probably no NFC hardware access (wouldn't want someone able to use that hardware they paid for!!), no keychain access (to protect you). Perhaps no photo reel access and no doubt no iCloud access, and no ability to bypass background task restrictions to build your own cross device data sync ecosystem.
Being able to plug in an alternative to iCloud would certainly also be nice (so you don't need their cloud storage to use data sync and other nice-to-have features some people use, like backups), but I just don't envisage it happening. Making that kind of on-device, app-facing API pluggable would be the right technical approach... But no doubt iCloud would remain the "only" storage provider, for non-technical reasons.
> Or extend the notarization system such that adding another store adds another notarization authority to check.
This assumes those App Stores themselves are either audited or verified by Apple to provide a level of verification to prevent such apps from just being submitted unsandboxed and/or the platform notarizing every app without question - which I can assure you is not what the policy makers nor the people behind the funding for this bill (collation for app fairness most likely, Epic second most likely) will accept.
> This assumes those App Stores themselves are either audited or verified by Apple to provide a level of verification to prevent such apps from just being submitted unsandboxed and/or the platform notarizing every app without question
No, it very specifically doesn't. It would be Apple allowing another authority to also shoulder this load, after the user has specifically said they want to also trust that authority.
I have no idea how you could come to the conclusion the Apple would need to verify everything in a discussion about a way in which Apple would not need to be the only entity verifying everything.
Why aren't all apps severely isolated from each other today? Because Apple could pretend that their half-assed draconian oversight is 'good enough' protection for everyone? If this forces them finally to implement real, technical isolation and protection measures for apps and APIs then GREAT. 15 years late is better than never.
To an extent. Maybe the system can still block location access, for example, but it can't force the app to gracefully degrade without it. A future version of WhatsApp could lock you out until you give it location, contacts, calendar, phone call log.
There are lots of soft-rules that Apple enforces around permissions that are still really beneficial. For example: the new "you have to be up-front about all usage of user data" would be nearly impossible to enforce at a technical level.
If all the apps that don't want to comply can just leave, you may find yourself relying on Apple services even more than you do now, because nobody else will respect their rules.
> If all the apps that don't want to comply can just leave, you may find yourself relying on Apple services even more than you do now.
Or more likely what's gonna happen is the 95% of users who care more about having WhatsApp than privacy, will install the Facebook app store and get the apps from there.
Not really. If there’s an alternative App Store, then apps in that store can use private APIs and there’s nothing Apple can do to stop them. If there is only one App Store and it’s run by Apple, then if an app tries to use private APIs, then Apple can kick them out of the App Store.
This really is an all or nothing deal.
Once you jailbreak your device, or allow an alternative App Store, it’s game over for that device.
Arguably an approach that assumes there can be a hostile store operator would create a more secure and private product, as Apple would rely less on private entitlements and APIs in plists, and more on either technical measures to control access to these APIs, or actual security across them.
There's antitrust potential around private APIs and entitlements, like the background video access given to zoom before it was available to other developers. Arguably the "green dot" status bar warning approach helps alert users to abuse of this API, and a permission prompt before first use would let users choose.
Sandboxing binaries more than at present would also improve the general security posture of the device - I'd want my app sandbox to be secure even if a rogue app gets onto the device, and such a security posture would arguably better secure iOS for all users.
I could see a need to namespace keychain and team IDs and similar with a secure identifier (like the public key of an alternative app store's signing CA key), to protect keychain and other information from spoofed apps, but again this kind of change would arguably better harden iOS for everyone. The less that platform security relies on trusting someone else to validate and sign a plist, the safer the more secure the platform will be for users even of the default store.
That’s a good point, but the behaviour I’m talking about is enforcing the optionality of those functions in order for the app to work.
I might be wrong about this (not a dev, just play one on the internet) but Apple has the power to say that in order to submit an app to the App Store, user location/contacts/photos/whatever must not be required to be turned on for the app to work. ie. Apple enforces your ability to use WhatsApp without giving up microphone access.
Without that model, yes, permissions are still granular. But WhatsApp can tell you to turn all of them on, or you can’t use the app. To me, that’s not a meaningful difference to the “just don’t install it” crowd’s preferred suggestion.
This approach sounds a lot like that used by XPrivacy, and its successor, XPrivacy Lua, both for rooted Android with the Xposed framework.
They allowed you to spoof responses to a huge range of API calls that revealed sensitive data, by hooking function calls in the underlying OS, and returning arbitrary or random values, which could be a subset of the full valid set of values.
That approach works pretty well if you test it robustly and ensure your dummy responses are valid according to the API spec.
Something I always feared was that apps would try to detect this and refuse to run if you didn't have any contacts or photos, or had folders on your SD card that they could not access, but I'm not aware of this ever really having materialised, beyond banking apps and some online games using Google's device attestation, which didn't really play nice with the Xposed framework.
> However, this does make it significantly more difficult for Apple to dictate terms to every random app that your network of friends and colleagues makes you download, and makes it more likely that those apps will be a regression in terms of actual consumer experience.
Well, the corollary to "Mussolini made the trains run on time" is that they weren't on time without him.
Also, like how that's actually a myth, perhaps Apple actually doing a good job running their App store isn't really all it's made up to be either.
Finally, even though the initial view of a lot of people is probably that it's unfair to pull a baby Godwin on this, I think there's a lot of parallels that deserve a deeper look and examination, where we piece together why we're okay with strict authoritarian practices in some cases and not others, and possibly whether there's a link as to whether we accept it in a case where we think it benefits us, without considering how it affects everyone overall and the long reaching effects.
Apple still retains full OS level controls and perhaps a good level of controls on what app stores can do. In fact, I expect the OS level protection to become even stronger if this bill gets passed since that is the only way to keep Apple's controls on users.
I’m fine with app restrictions as they are. The problem is even apps which do not do anything special get removed from the App Store for a ToS violation. You can not for example publish an app that lets you download YouTube videos for example even though this does not require much access to anything.
This is a good use case actually - Apple seeks to prevent "thought crimes" from arising around breach of third party terms of service etc, like this. Even if a user may be acting legally around copyright (overwhelming public interest of newsworthy material that's likely to be removed).
They also don't permit GPL-licensed software on their store, since the extra restrictions they impose appear incompatible with the GPL license.
An alternative store ecosystem would no doubt emerge very quickly, which allows GPL software, or perhaps any kind of free/open source software (like F-Droid in the Android ecosystem). That would arguably be a good thing for independent developers and the open source community.
> However, this does make it significantly more difficult for Apple to dictate terms to every random app that your network of friends and colleagues makes you download, and makes it more likely that those apps will be a regression in terms of actual consumer experience.
Don't you think that is something apple should have thought of before doing what they did to cause the outcry that lead to this?
Apple wanted to be the gatekeeper blocking out harmful apps, fine by me.
Apple then wanting to use that gatekeeper status to steal money from app developers, block apps that compete with apple internal apps, and enforce moral choices on what kinds of apps you can install on your phone, evil by me.
They could have done the former without doing the latter, but they fucked it up, and have to pay the piper.
> We don’t notice this on the web, because Mozilla and Google (!) enforce terms for us (and most desktops don’t have GPS receivers).
I still tend to think the technical steering committees, operating out in the open, have done an unbelievably fantastic job of sticking to mission, of growing a user-centric pro-user web. They've abided by fantastically high standards, been unwaveringly unwilling to accept privacy or security compromises. Microsoft and Safari also exist here, and there are countless interested other small parties trying to enhance the web, to make it stronger, to make it more secure, and because this is happening in public, it is very very hard for even the product owners to take advantage.
The web is also Google's home: they exist because of the web, they existed for a decade having virtually no other presence than the web. The rest of public-facing computing remains locked up, truly & genuinely controlled by corporate titans. Their advantage is to grow a healthy competitor, one that is still diverse & ever more competitive, one that is ever more appealing to the user.
Look at the current fights. Current fights about specs are about a seemingly wild & wacky federalized learning algorithm (most hated by the ad industry above all & media outlets second), and then Apple and Mozilla who wage a campaign decrying how horribly bloody awful it is that there are Ambient Light and Web MIDI specifications, and boo hoo look how terrible & bad things are. There is enormous Fear Uncertainty & Doubt, extreme reactionary-ism happening against the web. But to me: the web appears very well protected; it's interests & citizens are extremely vigilant & vocal about what happens to their cherished public internet medium, and change is slow, well planned, & deliberate (ok so the recent cross-frame alert() getting dropped is an unfortunate but perhaps moderately understanding counterexample of that process & deliberation).
Sunshine really has been an incredible disinfectant.
Yeah, I feel like the most likely outcome from this path is that Facebook launches a competing app store and offers developers lower fees than Apple in exchange for their users' data.
Which is kind of a problem, because all this does is provide choice to developers, not to users.
I very much doubt the app would be available on both stores but cheaper on the FB one. Instead, the developer will pocket more money on the FB store, while the apps wont function without all kinds of permissions requires to accept.
> which will give it a bad reputation as a store and that will drive people away.
Which will give it a bad reputation among the HN crowd and drive a tiny fraction of global user population away. The rest will happily grant the permissions requested if it gives them access to the latest Angry Birds game, or to Facebook app itself for example...
I mean, how many millions of users does Facebook still have that either have no idea about the impact of sharing their life with it, or don't care, because their social network interaction is essentially locked into the platform?
How many people have been successful at getting their friends & family to switch from FB Messenger or WhatsApp to something like Signal? Some, sure...
Many people have a bad image of Android and only use iOS because "walled garden = safe family". Those people are not going to suddenly be happy using the FB Store.
> How many people have been successful at getting their friends & family to switch from FB Messenger or WhatsApp to something like Signal? Some, sure.
Maybe it's an americanism, but i know almost no one that doesnt use SMS exclusively on android and SMS + iMessage on iphone. a few techies use signal, but i've never met anyone ask to use any other chat platform.
As long as the Facebook store also maintains a reputation for not having malware, Facebook parents will happing download "Facebook App Store" to download "Facebook".
> I love this idea - I paid a grand for this thing, I should be able to run whatever I like on it.
The price shouldn't matter. If Apple sold it for $1, losing hundreds of dollars in raw materials per purchase, would you still say that? In both price scenarios, Apple expects pay on the back-end in the form of the 30% cut they take from app purchases and in-app purchases. It's the same with consoles - they're basically sold at a loss or very near-cost (eg. the $500 PS5 might have a per-unit COGS of $450) which, with R&D costs, isn't profitable on its own without backend revenue to recoup that loss, ie. from game sales or PSN/Xbox Live.
Sony recently confirmed that the $500 PS5 is no longer selling at a loss, thought the $400 PS5 Digital Edition still is.
I assume they are measuring it by component and manufacturing cost, and not counting amortized costs such as hardware and software R&D, digital infrastructure, marketing, etc., which are probably substantial.
judging by alternate app stores on android, the vast majority of people will probably continue to stick with the apple app store, and only that. I'm not so sure whatsapp could get away with having people download the facebook store to download whatsapp. and I suppose apple can still impose restrictions on apps via other means besides the app store
> those apps will be a regression in terms of actual consumer experience
Current conditions protect and fortify established companies to behave as bad actors. It's impossible to compete as a new product when you're permanently separated from your customers by predatory platforms.
> Apple is the only thing stopping WhatsApp ... from demanding your location at all times.
Nope, I will just disallow it. Or I will feed it random GPS coords. After all I own the device I paid $1000 for, and can run whatever software I like on it, including custom GPS drivers.
I dont know anyone that uses facebook messanger (is that different from facebook?) and I didnt know that there is smartphone client for discord. On the other hand all my contacts have whatsapp and some have signal.
It’s different from Facebook in that you can access it without having to see the Facebook news feed (either using the messenger app, or messenger.com). It’s the same as Facebook in that you need a Facebook account to login to it, and it’s just the messenger part of Facebook.
The discord app is pretty nice, just remember to mute any fast moving servers that you are part of to avoid getting spammed with notifications.
>your network of friends and colleagues makes you download
When you're a child typically you learn to use the word "No." If that's not enough then whatever crap they want you to install is probably non-free software (otherwise it would already be on sane app stores) so you can use that if you need an excuse.
No, grandma does not have an email or even have a concept of an email. 'Grandma'shouls have been a clue that technology literacy of this user is roughly zero.
Also neither email nor phone enable me do a video call and inspect something she is struggling with.
Most social media services actually require an email address to set up in the first place. Also consider that it's not the 1980s. If Grandma is 65 then she was born in 1956. When she was 14 the first email was sent. Computers took off when grandma was 24 and became pervasively including being part of most people's working lives during the time frame when grandma was 34-44.
This grandma and people older than her represent only 15% of the population and at this point 99% of them have emails. In 10 years. In the next 10-15 years half of grandmas confederates will have passed on further shrinking the population of non email users towards virtual insignificance.
This is mostly good, but it forces Apple/Google to hand over your email address (or other means of communication) to anyone you download an app from so they can spam you.
The bill says they don’t have to allow spam, but specially allows “legitimate business offers, such as pricing terms and product or service offerings”… which is spam unless one explicitly opts-in to it.
I don’t appreciate the double-talk. This part of the bill is user hostile and should be deleted.
> it forces Apple/Google to hand over your email address (or other means of communication) to anyone you download an app from so they can spam you
Which part of the text says this? I did see:
> (b) INTERFERENCE WITH LEGITIMATE BUSINESS COMMUNICATIONS.—A Covered Company shall not impose restrictions on communications of developers with the users of the App through an App or direct outreach to a user concerning legitimate business offers, such as pricing terms and product or service offerings.
But that part doesn't seem to be requiring app-stores to hand over emails, but rather merely prohibits app-stores from controlling communications.
> "At the core of this case is Spotify's demand they should be able to advertise alternative deals on their iOS app, a practice that no store in the world allows," it said in a statement.
> > "At the core of this case is Spotify's demand they should be able to advertise alternative deals on their iOS app, a practice that no store in the world allows," it said in a statement.
Which is a ridiculous assertion for Apple to make. Best Buy doesn't control what manufacturers ship in side their boxes. If I buy something from Logitech chances are something in there will mention I can go to logitech.com and buy direct at some point, and if they provide a 10% off coupon or note that some things are cheaper there, Bust Buy isn't going to really know about it much less have anything to say about it.
Best Buy might not be happy it there's a coupon for some other non-manufacturer marketplace, but there's not really an incentive for manufacturer to include something like that anyway.
And just to drive home how completely similar the types of things sold are, there are plenty of hardware (and software, at least in the past) offerings that Best Buy sells that have a subscription element that Best Buy gets no cut of.
No, it's pretty reasonable - Apple wants their cut (for developing iOS & the hardware), so advertising "hey we don't sell via the App Store, go to our website to purchase" is effectively driving sales via iOS without paying Apple for making that possible.
No, we're specifically talking about subscriptions here, and Spotify as the example to boot. People weren't browsing around the App Store and randomly coming across Spotify and after trying it out deciding to subscribe, people were instead getting inundated with information about Spotify in everyday life and being told by their friends and family and media they should use it and then looking for it in the App Store. Lack of Spotify in the App Store would have made iOS users less happy with their devices, that's how popular it is and was, and that Apple felt it could cash in on Spotify's success is exactly the problem.
I would say the majority of subscription services fall into the same category, to a lesser degree. People don't discover Hulu, or HBO, or Netflix, or Disney Plus through the App Store. They go there looking for them because subscription services live and die by marketing and word of mouth, as people want to know whether it's worth signing up first.
Emphasis on it being done via iOS, not on the "figuring out who drove this person to become a paying subscriber". Apple made the device and the operating system: their cut, both upon sale of the device AND via in-app purchases/subscriptions thereafter, is part of the profit model of that devices over the lifetime of the device (including devices introduced 6 years ago, which will arguably take more time optimizing for when developing the new OS version) and goes towards that development.
Funny how that 30% cut applying to subscriptions only rolled out years after the store was already present, and apps with subscriptions had already been for sale for years.
If you want to make a case that the cut is needed to run the Apple Pay network (which IIRC when introduced is when they started charging for all purchases through it) and make sure that runs correctly, then fine. But the whole point here is that companies want to opt out of that network, or to clearly communicate that Apple's extra features cost them and they are passing that cost on to the consumer if they choose to pay it (either pay through linked Apple payment account with a higher cost subscription, or pay direct to the company in a different manner).
What this is, very clearly, is Apple limiting information allowed to be displayed to customers at time of purchase if it's on an Apple device. Sine free markets only work as well as the information available to consumers, this is anti-free market, and anti-consumer.
The only reason to not provide information to consumers about their choices is when you are trying to make them make a choice they wouldn't make if they had all the information. Any argument about doing it for their own good falls flat in the face of the fact you could just give them more information about why it's better for them. If they still choose not to use it, the only respectful way to treat that is that those people weighed their choices and decided what was best for them. Anything else is extremely anti-consumer, and when it's multiple companies colluding together to do so, we have very well known laws against it.
They are not optimizing for old devices. In fact the old devices get slower with each OS version, until Apple simply gives you the finger and there are no more updates. And you can't install another browser, so small websites with few developers (like Twitter) end up shutting you completely off.
A lot of the initial iOS "slowness" after updates is generally attributed to background indexing, and beyond that the phone likely becomes a victim of an aging battery which is fixable with a new one every 1-3 years - Androids are often stuck on old versions susceptible to malware.
>advertising "hey we don't sell via the App Store, go to our website to purchase" is effectively driving sales via iOS without paying Apple for making that possible.
Sounds good to me. I can get programs for PC operating systems (Windows, MacOS, Linux) without paying unnecessary middle men. Adobe doesn't have to give Microsoft a cut when I pay for Photoshop, and they don't have to give Best Buy a sympathy cut either because they run their own website.
Why should I be stuck with unnecessary middle men (app stores) for my phone?
But what if they didn't? If apple was losing $10 per iPhone, would you change your stance? what if they lost $200 per iPhone? the profit model for both iPhones and gaming consoles includes post-sale revenue since they know most people won't purchase it if the cost was all up-front (eg. the $500 PS5 would likely cost $900+ if Sony didn't get their cut of game sales and/or PSN sales).
> If apple was losing [...] per iPhone, would you change your stance?
No. They should change the phone price to match the cost instead of hiding additional charges in app fees.
> the profit model for both iPhones and gaming consoles includes post-sale revenue since they know most people won't purchase it if the cost was all up-front
Just because a profit model is convenient for a corporation is conveninet does not mean it should be accepted. If they want recurring revenue for a smaller up front price they can offer loans instead of being dishonest. But that would allow people to make an informed choice based on the true price they will be paying, and Apple / Sony don't want that.
I'm legitimately curious how you would mandate platform portability and also prevent communication from the third party in the form of a law?
The only way to do that is to mandate that the platform (Apple/Google) give the third party the ability to move the user, which it is doing here with the most universal identifier.
This is incorrect. I do think that section 3(b) is unnecessary and should probably be removed, but preventing app stores from interfering in communications between developers and users is obviously not the same thing as requiring app stores to give user contact information to developers.
That requirement isn't user hostile, and it's not even that bad.
You have to give your address to people that ship you things. You used to have to use your email address to sign up for websites. Nobody complained. People used throwaway emails if needed. It's not like they're reading your files.
Gatekeeping the means of contact is an asymmetry that allows Apple and Google to retain power. Remember, these companies were trying to shrink wrap all of us and sell/tax access. An artificial world impossible to operate in without them.
This act needs to go a step further and guarantee web downloads of apps independent of app stores as a first class construct. It also needs to allow runtimes and alternative web browsers specifically to combat Apple.
Furthermore, it should disallow devices from coming with a default app store or default browser. (Similar to the EU's browser choice screen for Microsoft Windows.)
Then we'll have a fair mobile world for the first time ever. Apple and Google will still make a metric ton of money. They'll also be able to start focusing more on future endeavors and innovations, which would be good for them and for us.
Is it even necessary? An app store could simply require that users make an account. That allows them to harvest your email at time of account creation, and provides users choice of which email address will be shared. And it's fully above-board.
Going to put in some positivity compared to the other comments here—
Good. The OS store should have to compete with other software stores. If their store is actually better for consumers, then they have no cause for concern.
Counterpoint: I wish to install say Facebook messenger, because my friends use it and I can't get them to change to something sensible.
With an appstore monopoly, Apple can say "you must respect the users privacy, not use these apis and only request location permission through us and if denied you must still have a functional app". If Facebook wants to be on the iPhone at all they will have to play ball.
With an alternative app, they can just require that I install their store and accept their terms.
I am between a rock and a hard place, and I would like to choose the Orchard in that case.
I’m pretty unhappy about Adobe’s “app store” on MacOS. I’m unhappier about debris from countless non-app store apps, all with difference license engines, update engines, sites that disappear or change, it’s a mess.
Devs, feel free to raise your price and charge me an extra 15% or whatever you need to make up what you think Apple is “stealing” from you. I’m not that price sensitive, just don’t make me think about all your homegrown BS hoops I jump through for your percentage points.
As a consumer I want one store, one purchase history, one subscription list, one update engine, total peace of mind. Percentage of consumers that genuinely want to track that stuff separately rounds to zero.
I also can’t help but notice that SetApp apps work on my Mac and on iOS without this bill. (I try apps “for free” from SetApp, then I buy them on App Store. Costs me a good deal more, but I’m making sure the dev knows the app store is fine with me thanks.) And SetApp, like Apple Arcade, or Xbox GamePass is even less to track, as you no longer worry per app, it’s the whole library for one price.
Speaking of which, I’m also wondering if someone is going to force me, as a consumer who chose a mobile appliance, to screw up my phone, are they planning to screw up my console too? Fair is fair:
“Senators Blumenthal, Blackburn, and Klobuchar recognize that independent 3rd party developers are being restricted in anti-competitive ways that impact what users pay for video games and other software,” said Ernesto Falcon, Senior Legislative Counsel at the Electronic Frontier Foundation. “The Open App Markets Act will put a stop to these practices, which will lower the costs for both developers and their customers by setting forth common sense competition policy for the industry.”
Or, you know, we can wait it out, let the market decide.
That doesn't sound like it should be possible. It's fairly trivial to put an application in a sandbox where it can't make certain system calls even if it wants to. If iOS doesn't or worse can't do that, that's a design flaw in the OS. Making them pinky swear to get listed in the official app store isn't real security. What the heck way other than through the OS can you ask for access to hardware? That's the entire point of an OS. Ability to prevent hardware access shouldn't depend on the distribution channel.
Even with the monopoly Facebook behaved pathologically, often escaping Apple's sandbox through technical exploits and their analytics/auth "SDK" that almost all iOS apps include. They're social influence extends to Apple, not just your friend group.
Apple is also significantly more careless than I would like, there's no source code audit and no instrumentation beyond a network proxy. Just a 15 minute or so inspection of the app UI. If I wanted to run an authoritarian computer regime I would require full source submissions and clear explanations that looked even moderately obscure. Preferably your assigned app reviewer would be present during internal code reviews.
Don't you think that is something apple should have thought of before doing what they did to cause the outcry that lead to this?
Apple wanted to be the gatekeeper blocking out harmful apps, fine by me.
Apple then wanting to use that gatekeeper status to steal money from app developers, block apps that compete with apple internal apps, and enforce moral choices on what kinds of apps you can install on your phone, evil by me.
They could have done the former without doing the latter, but they fucked it up, and have to pay the piper.
I think android is a pretty good case study of this not happening (so far). Most people wouldn't bother downloading other app stores, and making your app much more confusing to find for the default experience is a costly endeavour.
I am not sure. Google has restrictions on third party stores at this time: huge warnings, settings that require changing, and the store cannot do auto-updates. This will likely not be allowed under this bill.
The app store is your Phone's distro's package repo. The big difference is all the dumb extra restrictions app stores put on their "packages", like taking a cut of their money, or not allowing apps to be published for various reasons.
Also, you can already download and run unsigned phone apps that way (on Android anyway). It's just that mostly nobody publishes their apps that way.
I'd support this if app developers were also required to release their apps on all the available stores and obey the policies of a particular store for users who obtain the app through that store.
Why is that? If an App Store is cruel to the app developers, either through terms or actions, why should developers be forced to support them?
This is particularly important for stores like Amazon which dictate things you're allowed to do with your app outside of the Amazon store. (i.e., you can't charge a lower fee outside of Amazon regardless of what Amazon is charging you.)
Because the App Store acts as the user's agent. I have no ability to force Facebook not to track me, but Apple can. In the GP's comment, think of the App Stores as a jurisdiction and set of rules that the app maker and user agree on. Maybe Facebook doesn't want to follow Apple's rules, but I don't want to use Facebook on Android's terms.
That's why the grandparent comment said "I'd support this if app developers were also required to release their apps on all the available stores".
Without that clause, your approach wouldn't work, because what incentive would Facebook even have to release it on the Apple App Store and follow Apple's tighter privacy/anti-tracking rules, when they can just release it on the Facebook App Store for iOS (or whatever else they decide to call it or, alternatively, another third-party app store)?
Sure, having third-party app stores helps smaller devs. But it also unchains all the anti-tracking and privacy shackles from the tech giants like FB who don't care which app store they are on (as long as they can set their own rules), because FB/Instagram/etc. users will follow to whatever app store their app is on (no matter how much or how little privacy protection that specific app store is willing to enforce on FB).
Facebook might not be the best example of course, but I shudder when thinking about apps I truly need… WhatsApp in Europe is 90% of friend communication. Banking apps and other 2fa apps are required to do any banking.
Why ought a developer be forced to accept all terms on offer?
If I released an app store that forced you to offer the app for the lowest price it's available elsewhere while charging the dev 1/2 of the profit and inspired users to use it by giving them a rebate equal to 30% of the cost I presume I could get some takers.
After all if it's 10 bucks on the apple store it's 7 on mine.
3rd party stores aren't a check on unreasonable terms if developers are legally forced to do business on the oems terms no matter how unreasonable.
> Do not want to respect it but still be on the platform? Please gtfo…
You don't have to install those apps, lol. You can feel free to tell Facebook to GTFO off of the phone that you own, by merely not installing it.
But why should one think, that they should control someone 'elses' phone? If someone else wants to install facebook, on that other app store, let them do it.
> You don't have to install those apps, lol. You can feel free to tell Facebook to GTFO off of the phone that you own, by merely not installing it.
You are correct, I can simply not install those apps that I believe violate privacy rules of the platform. However, in this case, I will not be able to sleep worry-free after handing my barely technologically literate parents an iPhone anymore, because they will immediately install all the random crap without any second thoughts about privacy. Switching my mother away from android to an iPhone (and subsequently, from Windows to macOS) has reduced my "home IT troubleshooting" workload to pretty much nil. I don't want to go back to how it was before. That's pretty much why I got my mom an iPhone, so that her device can be fairly secure without tons of guidance and troubleshooting on my end.
The wild west of "I am a responsible person, so I can decide what's good to install and what isn't, because I can evaluate this on my own" isn't the kind of a situation I want to put my parents in. I want them to not worry about it and be able to install whatever apps they can without any major worries about malware or privacy or breaking their device, and that's why I switched them to iOS.
If we are even the least bit creative, there are easy solutions to your problem.
Just provide users with a way of "locking down" their phone to only allow the app store that they choose, with some difficult undo process, if the user chooses that.
So that way, people who want parental/child controls on their phone can have them, and those who disagree, and want to remove those protections, can choose to do so.
As long as the locking down, is a choice that the user can make, and it is not forced on everyone, then we all can get what we want. Well, except Apple I guess.
Problem is that it is incompatible to "get what we want".
For people who bought into managed garden the minute it is dismantled you lose "all apps need to stick to do not track me request" you get mish-mash of everything.
This is cost to give others freedom to side load. There is no way to put genie into the bottle if it is out.
Only way I see it would be possible is that Apple could offer fully locked iPhones and multi-store iPhones. Then market could decide what works better.
Developers, especially on HN, cannot accept there is group of customers that just doesn't want to interact them directly.
Correct. When this bipartisan bill passes, everyone will be able to install whatever app store that they want on their iPhone, and Apple won't be able to do anything to stop it.
The future is going to be pretty awesome, when the law forces Apple to make it extremely easy for people to use other app stores.
Ok, and when the bill passes it will be their for smartphones as well, and people will be able to install whatever app store on their android or iPhone.
> it sucks
Then don't install the app stores that you don't like, lol. Problem solved. Only use Apple's, if that is what you prefer.
You can simply only install the Apple App store... There is nothing stopping you from having a phone that has exactly as many app stores as you want on it.
You can have your phone that only uses the apple app store.
The App Store is an important part of the platform - what 3rd party dev can and can't do, and how I as a user interact with them. My experience as a user it better because of the rules Apple forces app developers to follow.
Yeah, but that’s just laziness on Apple’s part. They could easily move those restrictions to the OS itself, rather than the App Store. Then, it would be consistently applied, since it wouldn’t be done by human review.
because most pc steam competitors are 1 step removed from malware and yet I am virtually required to install them. Or take the moral high ground, but that sucks.
I agree with you up to a point, namely that developers should be prevented from making their apps exclusive to any specific app store, but they shouldn't have to spend any resources making their app acceptable to any other app store.
So if Epic Games want to create their own app store, they can, but Apple should be allowed to list their games on its own app store too (and pay Epic whatever the relevant price is for each download of a game, out of the amount that Apple bills the user for it).
Why should Epic be made to do business with Apple if you can't get a game via the app store of your choosing and it's that important play something else.
The point or the justification for this sort of legislation is that monopolies and bundling are bad for consumers, so enabling companies to force users to use their app stores in order to download their games doesn't seem like a very consistent approach.
There is no monopoly if there is competition between the stores. Users are not forced to download anything if there is competition. If this practice is as bad as you think, it will be driven out by competition (spoiler alert: it's not bad at all and will remain in vogue).
You could equally say that Apple don't have a monopoly on phones, which is true, but they do have monopoly-like control over the apps which iOS users can install, which this legislation is trying to remedy.
Similarly, if the Epic Store is the only place you can download Fortnite, and you really like Fortnite, but hate the advertising and data harvesting and battery use of the Epic Store, then you are being denied the ability to participate freely in the market for app stores.
Saying "just play a different game" is as unhelpful as saying "just buy a different phone", and doesn't address the underlying complaint that product tying is an anti-competitive practice that consumers should be protected against:
There is no precedent for choosing the distribution of your product in an open market as being "anti-competitive". Direct-to-consumer is in no way anti-competitive and is in fact the opposite. Simply put, if businesses opt to distribute their product via their own channels (or others) instead of yours that means your offering is not good enough, full stop. You will need to improve your product if you want to survive in the market. This is the definition of competition.
Let's be frank here: people here are afraid because they know Apple's App Store and its policies are in no way actually compelling in the open market and, if they are subjected to real competition, they will fail just like most other 1st party stores that are subjected to competition.
Instead of allowing Apple to be the governing body of what is acceptable software policy simply because they are a for-profit company that makes a lot of money, maybe you should focus this attention on actual legislation from your elected governing body that would give you such protections.
Sidenote: Fortnite doesn't have a monopoly on gamers and most gamers do not play Fornite. People need to stop using Fornite as if it is the new Standard Oil of gaming. There is no such thing in gaming and it makes for silly arguments.
> Saying "just play a different game" is as unhelpful as saying "just buy a different phone"
No. This is a false comparision.
The smartphone market is a duopoly that is worth trillions of dollars.
Battle royale videos games are not that.
If fortnite eventually is worth trillions of dollars, and literally almost every single person in the world has to use it, on the same level that they use freaking smart phones, `then` we can use anti-trust law, or pro-competition laws on this now vital service.
Any particular game is merely a singular and temporary amusement no matter how temporarily pervasive the smartphone is the single most pervasive platform for communication, culture, work, and computation in the world. There can be no comparison.
There is no universe where you have a right to purchase a particular product via a particular market. For example if Fred Meyers doesn't carry every product that Walmart does you cannot say that the merchant infringed your rights by not offering it for sale in the market you would prefer.
Apple is using its position to insert itself between vendor and customer while the customer sits snug in their own home whereas your position would require positive action on the part of someone who has no particular obligation nor relationship to you. You have not hired them and they aren't obligated to work for you.
There is a universe where consumers have a right to purchase products without the market interference of exclusivity agreements, and that universe contains the EU:
> (151) In an exclusive distribution agreement the supplier agrees to sell his products only to one distributor for resale in a particular territory.
The rules are complicated and depend on the supplier's and buyer's market share, but you can read the details on page 46 of their "Guidelines on Vertical Restraints".[0]
I'm not suggesting that a company should be required to take a positive action to fulfil Apple's requirements, but if a company is producing a file which can be installed via an app store, they should not try using copyright or contract law to prevent other app stores from also selling/distributing their app.
(Admittedly there would have to be some amount of paperwork for allowing the various app stores to pay money into the app developer's account, but that could be done on Apple's side so that the developer continues to get a payment each month, with some stats on a dashboard somewhere showing which app stores the app was sold through).
Exclusivity is something the market maker buys from the vendor. Making such a transaction illegal does not in any fashion require the vendor to actually sell their goods on multiple markets it just requires them not to exchange money for exclusivity.
In particular I don't think it says anything at all about a situation where the vendor and market are not engaged in a relationship but rather are literally the same company. Nothing forbids a donut shop from actually baking AND selling the donuts.
I don't think a 3rd party Epic store is an example of tying either. It's not something you are being asked to purchase in order to realize the other purchase it is rather a means to actually receive the product you have purchased. You might as well say that <insert app> is tied to the purchase of an executable or disk.
Not only that but if Apple allowed sideloading they would arguably be able to trivially able to avoid even a misguided accusation of tying by providing a manually installable package file with the app store merely providing a free means to receive updates.
If I wanted a more-open-but-more-dogshit experience I could always switch to Android and Linux. I don't want that. And I definitely don't want that for my nontechnical family members.
Just to play devils advocate but isn’t this already possible? Who is forcing people to buy Apple phones? Doesn’t Android already allow other app stores?
Isnt it possible that Apples users like the fact that apps are curated on an App Store by Apple?
For me as a developer, I feel Apple's Mac App Store sucks. And it's probably the same for iOS.
Discoverability on Apple's Mac App Store is horrible. I released a game earlier this year on the Mac App Store and while it's not a great game (my first experience with LÖVE, so a pretty simple project), I got zero sales.
I recently finished a 2nd game and published it on both the Mac App Store and Steam this week. On Steam I sell some units every day. On the Mac App Store it's still zero. And I don't expect the sales on Mac App Store to be the same as on Steam (since I sell mostly to Windows users on Steam), but it would be nice to see at least a couple of Mac sales.
I am currently working on my 3rd game (which will be a bit more ambitious compared to my first 2 games) and I am considering publishing only on Steam, since publishing on the Mac App Store seems a waste of energy.
I don't know if this bill would help someone like me, but maybe ...
> Discoverability on Apple's Mac App Store is horrible. I released a game earlier this year on the Mac App Store and while it's not a great game (my first experience with LÖVE, so a pretty simple project), I got zero sales.
One of Apple's excuses for their fees is that they're doing all of the marketing of your app on their App Store for you!
I didn't know how anyone could say that with a straight face in the past, and I'm glad app developers are waking up to this.
I do most of my gaming on the same Mac Book Pro I work on and I buy pretty much everything on Steam anyway since I can eventually install them on the gaming PC I keep telling myself I’ll build.
Not saying it’s a waste of money or time to use the MacOS store but given the choice I’ll always choose Steam since my library is much more flexible and portable.
I don't recall using it (maybe once?), and I burnt through 3 macs over the past 5 years.
Things are either installed via brew or steam, or even git and make.
But then again my interface of choice is terminal and editor of choice is vim, so maybe a far outlier.
Back to your experience, go steam alone, the thought of even downloading regular software in the 'App Store' don't even cross my mind, let alone games.
I wonder what the impact will be on the operating systems themselves.
Currently, Android has the ability to run alternate app stores, but there's no way for an "app store" to silently install apps. Every update needs to go through a consent popup unless the phone has been rooted and some security-bypasses have been worked around. I run into this every week in F-Droid.
If this practice is allowed to continue, Apple and Google will just modify their operating systems to add as many popups and warning screens for every install as they legally can.
The only way to get useful app store support that allows competition is to introduce a way to mark an external application as an "app store" that has installation privileges. In my opinion, that part can have all the red tape and warnings, because installation permissions can be very dangerous.
In my opinion, this law is a good thing that should've been introduced years ago, but its implementation will probably take years, with politicians and tech giants flinging shit at each other every chance they get.
Are user-initiated app installations on par with Google's revenue generating path for app installations via the Play Store?
Do users still have to adjust arcane settings to use another app store or install an app without one?
Does Google still show users scary warnings and make competitors' apps seem as if they're broken or malicious, and still say the user is protected by Play Protect despite that the Play Store itself distributes the majority of Android malware[1]?
Is Google going to drop the mandate that all apps on the Play Store must use Google's billing system that gives them a 15% to 30% cut[1]? And how will Google treat apps that don't use Google's billing system as their payment method, considering how Google makes user-installed apps seem malicious?
Jeroen was wondering specifically about "updates needing to go through a consent popup". That exact thing is being changed, as per the article, and in exactly the way Jeroen suggested by adding a permission.
None of your questions seem to have to do with that, and you're just soapboxing on all kinds of totally unrelated perceived wrongs.
They're rhetorical questions that pertain to the topic in the OP and are related to the GP. The ability to install apps in the background is related to Google's antitrust issue, but there are other problems when it comes to Android app distribution.
In /r/androiddev I've read stories of developers getting lifetime bans (from Google Play) for 3 strikes. Maybe they are guilty but often they say they didn't know what its for and the decisions are made by bots. A common one is screenshots of a music player app showing copyrighted material: album covers. So alternate stores would be appreciated by small developers.
I don't care about competition, for payments or other shit. I want to deal with Apple's payment system because I don't want my payment details and other personal information scattered across whatever crap an app developer decides to use. I like being able to cancel subscriptions in a single place. I don't give a shit about your profit margins or being able to sell my personal info for more money.
From what I've read the bill would not prevent Apple from forcing developers to use their payment system. It would prevent Apple from mandating devs use it as their only option. So, any developer could put any other payment system in their apps, but that wouldn't block you from still using Apple's if you don't trust that developer.
Devs have enough UX dark patterns in their toolkits to funnel the vast majority of their non-technically savvy userbases into the their favored payment systems and away from Apple's. It is way easier to enforce a blanket ban than trying to play whack-a-mole with those.
Apple doesn't even do a great job enforcing its blanket ban either. Lots of shady developers will skirt the rules around subscription apps still being functional without subscription by having it function while under review and then flip something on the server side to lock it down once approved.
> Devs have enough UX dark patterns in their toolkits to funnel the vast majority of their non-technically savvy userbases into the their favored payment systems and away from Apple's. It is way easier to enforce a blanket ban than trying to play whack-a-mole with those.
If my interpretation of the bill is correct, then Apple could just say "You need to list Apple IAP in the same screen as the other payment methods, and you can't make it harder to find than the custom methods you implement." And knowing Apple, that's what they would do.
Every single big company will only allow their payment method. None that can afford to change will want to pay Apple's cut if they don't have to. If this passes, for any big successful app, using Apple payment will not be an option.
Small developers will likely still use Apple because it is easy. The cut is likely less than the hassle of using a different system.
After an update took away the required login setting for a purchase, Twice I have called Apple and received a refund when my kid spent hundreds of dollars in a couple hours. What is going to happen when that is a malicious game developer? They are not giving that money back. The cable monopolies show how monopolies will make it exceedingly hard to cancel a subscription.
As a mere consumer, that is no longer developing for a living, I do not want this option. I do not really care if companies have to pay Apple a cut. I want easy. I want to trust who has my credit card.
> Every single big company will only allow their payment method.
Did you read the comment you replied to?
Even if this passes, Apple will still be able to require that all apps offer Apple pay as an option for in-app payments.
They just won't be able to prevent developers from offering additional payment options, or from informing users about Apple's 30% cut, or from charging a different price to users who opt to pay using another method.
> Even if this passes, Apple will still be able to require that all apps offer Apple pay as an option for in-app payments.
Not possible if the developer only offers their app via their own competing app store, which won't be subject to forced Apple Pay nor Apple's in-app payment system integration.
iOS Apps (at least the ones downloaded via Apple's App Store) have a pop-up for children to request their parents purchase an app or an in-app purchase. To add, this will probably not be possible if third-party developers start only offering their own payment methods.
As a business owner. The principle policy I despise in this is that Apple won't let me charge iOS users differently than other users.
If I could just mark up the iOS version to cover the additional fee, I would find it much less onerous. You like the walled garden? You are welcome to pay for it.
I also find Amazon's similar policy equally disturbing. I don't think players in such powerful positions should be able to dictate pricing in such a manner.
Don't you think that is something apple should have thought of before doing what they did to cause the outcry that lead to this?
Apple wanted to be the gatekeeper blocking out harmful apps, fine by me.
Apple then wanting to use that gatekeeper status to steal money from app developers, block apps that compete with apple internal apps, and enforce moral choices on what kinds of apps you can install on your phone, evil by me.
They could have done the former without doing the latter, but they fucked it up, and have to pay the piper.
Generally, I agree with you. I don't care about what you don't care about. I like the way Apple implements things, I've mostly liked their privacy-protecting moves until this latest fiasco.
But I'm not sure this is bad. With Apple being the only app store, all the possible apps are in their App Store. If there were other stores, perhaps Apple could actually clean all the garbage out of their store. Give them the opportunity to hawk their wares on less reputable stores. This also can potentially lead to Apple touting the "luxury-brandness", or simply the exclusivity of their app store -- they seem to really like that.
I'd also love to see an app store that's entirely focused on open source apps, perhaps with no payment method required. I bet there'd be no end to the types of storefronts we would see. As long as you can continue to opt-in to what you want, this doesn't seem too bad.
Yeah, personally I feel that this bill is a bit too broad in some ways, too narrow in others.
Too broad because I'm fine with walled gardens so long as there's a way to opt out of them. If Apple wants to force apps distributed through their store to behave a certain way to ensure a consistent user experience, that's fine with me. If Apple wants to force _me_ as the device owner to remain within that walled garden though just because I bought their hardware I'm very much against that.
Too narrow because I think the principle that _users_ should control their own devices is sufficiently generalizable that it should apply to more than just "App Store[s] for which users in the United States exceed 50,000,000" on "general purpose computing device[s]".
Overall though, I think I'd much rather have this bill pass as written than not have it pass at all.
So don't use other app stores, which I suspect a majority of people won't do. I doubt app developers are going to leave the apple app store in large numbers for some other thing you have to search for and install first (meaning your app also by default won't show up on search at all)
Tell that to a parent of a kid who wants to play Fortnite on their iPhone. Make no mistake, this isn't a matter of consumer choice. Whether or not people trust Tencent/Epic, they will install their app store because they want to play their games.
I would love to see Apple forced to allow alternate app stores, which this bill also seems to require.
And since both app stores charge a 30% fee, I can really only see this helping consumers in the end. Epic demonstrated it pretty well when they were willing to offer half off to customers who pay outside the app store. Apps would allow you to likely still purchase the 'easy way', but could give a discount if you use a sane processor that charges the standard ~3% fee versus 30%.
Epic doesn't release it on Steam because they don't want to support the Steam platform at all; worse for consumers in choosing which 'app store' to use, easier for developers to have their cake and eat it too.
This is awesome. Now - does it have a chance? My gut says yes, because Apple’s lobbying will be met by that of all the companies interested in getting rid of the fees.
My main interest is in sideloading, but I fear that might eventually be compromised away/Apple will meet the demand by themselves to not have to follow the rest.
By the way, devices and services should not be tied either.
Apple shouldn’t be allowed the give their apps and services a special place and special rights only they can use. I should be able to self host my own iCloud (with a third-party implementation). So for me this bill doesn’t go far enough, but it’s definitely a step in the right direction.
The bill's text seems to specify "App Stores" to those limited to "users of a computer, a mobile device, or any other general purpose computing
device".
Does anyone if this can possibly apply to video game consoles? A wasteful amount of computing is locked behind these consoles and it would be great to see open access come to these platforms as well. Another concern is whether Android and iOS can get out of this bill by arguing themselves to be similar entertainment devices.
then I suppose Nintendo Switches are also "mobile devices" - it would help if this bill had any definition whatsoever of "mobile device" and "general purpose computing device". It's a PR fluff piece and not even the initial version of the bill that will be submitted to congress.
I think this will create a race to the bottom on app quality, at least on iOS. I suffer from Apple’s seemingly random antics and app review process as much as the next dev here but as a consumer I’m all for paid, curated content from a trusted source. I like Sign In with Apple buttons and strict enforcement of permissions and privacy.
Many times I hear “just let me pay for what I’m consuming instead of having my data sold and spammed with ads”; the App Store, to some extent, pretty much does that.
Now, “what’s wrong with having an alternative” you say? Apps will migrate to the path of least resistance. No reviews, no rules? Much easier than the official store. Once you develop your app for the unofficial store, getting it into the official one would be like certifying a Mad Max vehicle at the Californian DMV.
In short, I like the ecosystem Apple created, especially for my kids. This seems like a big step forward for competition but is it really that good for me?
Don't you think that is something apple should have thought of before doing what they did to cause the outcry that lead to this?
Apple wanted to be the gatekeeper blocking out harmful apps, fine by me.
Apple then wanting to use that gatekeeper status to steal money from app developers, block apps that compete with apple internal apps, and enforce moral choices on what kinds of apps you can install on your phone, evil by me.
They could have done the former without doing the latter, but they fucked it up, and have to pay the piper.
>No reviews, no rules? Much easier than the official store. Once you develop your app for the unofficial store, getting it into the official one would be like certifying a Mad Max vehicle at the Californian DMV.
but also not being able to be found by default at all, until your potential users download some other app store. I think android is a good example showing that most people probably will not bother to do that, and apple still has a large advantage, it just evens the playing field a little
I honestly think Apple might go nuclear here if this gets a serious shot at passing. I could see them removing the app store outright and instructing people to complain to their representatives, like lyft & uber did for prop 22.
In fact, the first people to complain would probably be the senators themselves.
A) Apple would probably be sued by their shareholders and users.
B) Making their app store useless wouldn't stop them from being obligated to allow 3rd party stores so this would drive users and developers to such stores
If they don't
C) It says developers would be entitled to 3x actual damages plus attorneys fees.
Damages could be as high as 318 million dollars per day a sticker shock fit to startle even a giant since it's more than their daily profit.
If they don't run an app store, they aren't a covered company, and therefore not required to allow a third party app store. At least that's what I gleaned from my reading of the bill.
I don't think they would be able to bring a successful suit, the bill doesn't outlaw shutting down an app store. Apple could just say, we don't think running an app store is worth it anymore, and therefore exempt themselves from the bill.
You are assuming that judges in America all the way up the food chain are going to think that your cleverness is cute and allow you to cheat the obvious intent and purpose of the law with a technicality. Why would they?
As of the day before the law goes into effect Apple has an app store. Apple would pretty much have to kill its entire phone business, not just its app store, which is the lions share of its income now and forever if it gave up on having any credible way for normal users to install software.
A reasonable judge would say Apple HAS an app store that it has temporarily shuttered for the purposes of a political stunt and happily fine them for believing they were immune from consequences for ignoring the law.
Meanwhile all its partners far from merely yelling at their congresscritter would be steadily losing faith in Apple.
My thoughts from a user perspective are that a mandatory app store is only beneficial to me to the extent that it enforces one or more positive aspects in published apps that could be expected to disappear due to profit motives if looser alternatives were available.
The existence of such an option would seem to lead directly to most apps being exclusive to the cheapest and least stringent viable store (this doesn't seem to be the case for Google, but it is often suggested that it is hindered by factors like preventing automatic updates for apps from third party stores). I would not expect to have a choice of stores for a single app, or serious competition between stores on rule quality.
That primarily leaves the question of what positive aspects are enforced by Apple's App Store in the first place, beyond the omnipresent operating system security model.
Privacy and Apps not locking themselves out if a specific unnecessarily permission isn’t granted. The later would never slide in a walled garden but absolutely would in another store operated by a giant capable of spinning one off I.e Epic Games , Facebook, Google , Samsung. Etc.
Does this mean Apple will be forced to allow third-party Xcode extensions? When they released their "extensions" they disabled all third-party extensions that everyone was already using.
I say "extensions" because source editor extensions are really just macros with a menu item to run them.
Wouldn't this be a net benefit for Google? They could offer their Play store on IOS if this passes. That could lead them to really break the IOS walled garden if user's purchases work on both platforms. Actually this goes for any third party store. I don't see Apple ever offering their store on other platforms given their history though.
Overall this seems like a huge net benefit. I can then not care about IOS vs Android if my purchases follow me.
This is clearly being done to specifically target Apple, I'm not sure this would hold up as being legal. I see a situtation where Apple takes this to the supreme court, wins on first amendment grounds, and then everyone is royally f*cked for eternity because it's now unconstitutional to prevent a company from lockding down their proprietary hardware/software.
Anti trust legislation doesn't require monopolies, just uncompetitive practices. Which is something monopolies can help facilitate, but it is not a requirement.
Apple is not being anti-competitive, competitors are free to go play in Google's play ground. The iphone started with no third party apps, Apple has zero obligation to anyone. Apple's walled garden approach is differentiator against its competitors. Forcing them to act like everyone else is anti-competition because you are removing my choice to willingly buy into that walled garden.
Where did I say they were? I said antitrust which means anticompetitive. If you don’t like the law take it up with the governments in the EU, US and Australia.
Actually there are numerous regulations you have to follow to run pretty much any sort of business or sell product under the sun. None of this is a violation of the first amendment.
It's a short amendment. Can you please quote the part which you believe this law runs affoul of and explain how?
Freedom of association is not explicit in the first amendment but it is still widely understood, and tested in court that it protected by it. Financial transactions between two individuals or corporations is an exercise in free association. Nobody is forcing anyone to buy an iPhone.
* Apple makes a phone, it works in X, Y, Z ways and asks someone to buy it. <- this is what people call "speech" for a corporation.
* Someone says, ok - I will buy this. <- spending money in a consensual transaction is considered a form of speech. This is well established in American law.
* Government later comes in and says - hey, you MUST provide feature A, even though Apple doesn't want to. <- this violates the "congress shall make NO law prohibiting the free exercise theoreof" of the "free speech" portion of the first amendment.
It's also an infringement on the first amendment right of the customer to engage in a consensual transaction with Apple as now the government is forcing them to pay for and use something that they did not agree to in said transaction.
Apple is not being deceptive about how their walled garden works. If they were, then it's just fraud.
Anti-trust in and of itself is an infringement of the first amendment, and is often counterproductive to the intended goal anyway. How did getting slapped with Antitrust work out for Microsoft? They are bigger and more powerful than ever, and they still ship two web browsers with their operating system, and nag you when you try to change it. Standard Oil got splintered and Exxon came out of it. Many such cases.
By your logic the first amendment would forbid all regulation as you have redefined all commercial activity as speech. This is certainly novel and interesting but it's not in line with our nations laws nor jurisprudence. Back in reality commercial speech and activity will remain regulated.
I think many people here will be supportive of the proposed "Open App Markets Act" [1]. I found the bill to be fairly comprehensive, here are the excerpts I found most interesting:
> COVERED COMPANY.—The term ‘‘Covered Company’’ means any person that owns or controls an App Store for which users in the United States exceed 50,000,000.
> SEC. 3. PROTECTING A COMPETITIVE APP MARKET. (a) EXCLUSIVITY AND TYING. A Covered Company shall not:
> (1) require developers to use an In-App Payment System owned or controlled by the Covered Company or any of its business partners as a condition of being distributed on an App Store or accessible on an operating system
> (2) require as a term of distribution on an App Store that pricing terms or conditions of sale be equal to or more favorable on its App Store than the terms or conditions under another App Store
> (3) take punitive action or otherwise impose less favorable terms and conditions against a developer for using or offering different pricing terms or conditions of sale through another In-App Payment System or on another App Store.
> (b) INTERFERENCE WITH LEGITIMATE BUSINESS COMMUNICATIONS. A Covered Company shall not impose restrictions on communications of developers with the users of the App through an App or direct outreach to a user concerning legitimate business offers, such as pricing terms and product or service offerings.
> (d) INTEROPERABILITY. A Covered Company that controls the operating system or operating system configuration on which its App Store operates shall allow and provide the readily accessible means for users of that operating system to:
> (1) choose third-party Apps or App Stores as defaults for categories appropriate to the App or App Store
> (2) install third-party Apps or App Stores through means other than its App Store
> (3) hide or delete Apps or App Stores provided or preinstalled by the App Store owner or any of its business partners.
> (e) SELF-PREFERENCING IN SEARCH. (1) A Covered Company shall not provide unequal treatment of Apps in an App Store through unreasonably preferencing or ranking the Apps of the Covered Company or any of its business partners over those of other Apps. Unreasonably preferencing - (A) includes applying ranking schemes or algorithms that prioritize Apps based on a criterion of ownership interest by the Covered Company or its business partners; and (B) does not include clearly disclosed advertising.
> (f) OPEN APP DEVELOPMENT. Access to operating system interfaces, development information, and hardware and software features shall be provided to developers on a timely basis and on terms that are equivalent or functionally-equivalent to the terms for access by similar Apps or functions provided by the Covered Company or to its business partners.
If I'm reading this right, Apple would be forced to make private APIs public. That could be interesting and also a nightmare, especially if some developers use some private apis in dark patterns (eg take the 2/4/6 minute reminders iMessage gives you, now make that every minute or so). They also beta test APIs in a version and then the following version release a public type of it.
I'm not a fan of services utilizing alternative payment methods for subscriptions as using the App Store Subscriptions page is the easiest I've ever used. Now if you were forced to use the apple subscriptions page API but your own payment provider, that could make more sense.
I'm curious if this applies to Xbox/Playstation/Nintendo though.
There's a question of whether newer generations of consoles count as having different app stores, which would change those numbers. Does having a different store platform make it count separately? Does having a new generation of device count separately? Or is it any user of any store platform owned by a single company?
For example, the Xbox One and Xbox Series X use the same store but they're different generations of Xbox. Do you count those users together or not? If those aren't counted together, what about mid-generation refreshes like the Xbox One S or Xbox One X?
If generations are counted separately, what about iPhone generations? Or the fact that Android isn't even based around generations since there are multiple manufacturers?
And there's the question of what counts as a user for the purpose of this bill - would anyone who has ever bought into the ecosystem count? Or would it be something like monthly active users?
The intention here is obviously to go after Apple/Google, but the wording of the user count just seems way too open as to make it unclear if markets outside of the mobile space are affected.
Full disclosure, I work for Microsoft and Xbox. I have feelings about how this would affect Xbox (which would obviously be biased), but even without getting to them it's unclear whether this bill would even be relevant.
I personally don't believe this will make a dent to the current situation; Apple and Google have so many other strategies to maintain their monopoly effectively on the app store market. But at least I hope this bill will give users some choice and control.
Between this and the infrastructure bill passing, are U.S. politicians actually starting to do their jobs (aka finding common ground, compromising, and passing meaningful legislation)?
Senator Marsha "I've Never Met A Cable Or Telecom Lobby Dollar I Refused To Take" Blackburn makes me wonder if some of this push isn't by the telco's to try to get back in the game.
Before the iPhone and Apple App Store, the telcos made a lot of money on mobile apps. Not comparable to what Apple and Google make now, but in part because they charged the developers so much to get an app on their platforms.
So we’re looking at a future where if you buy a phone from a phone company, it will come preloaded with their own version of the app store and a bunch of spyware apps selling you upgrades?
Seems like the bill would hit them back, since you would just disable Verizons app store, as it would no doubt be shitty.
The telcos really, really, really do not like to be a dump pipe and just give users cheap minutes and data. I don't see why - the oil companies have made some of the largest fortunes in the world selling commodities.
this conspiracy theory would be more entertainable if the telecomm giants had any dog in the game at all. but they dont. there is essentially no competition, other than F-Droid, which appears to be 100% public benefit, barely monetized at all.
that itself says quite a lot about this situation to me. no one else is even able to compete? the other giant companies haven't made any progress at all? not media outlets, not telecomm giants, no one? it's just two companies running the market, unchecked? which they guard jealously, & use their position to obstruct possible competition over? what words come to mind to describe this???
The only ones that can barely compete are phone manufacturers that can pre-install their store. I'm thinking of the Samsung app store in particular, which even has some relevant exclusives[1]. Doesn't really weaken your point though, it's effectively an absolute monopoly.
Telco has basically no interest here, she's probably doing this as a bid to please her freedom-loving constituents who're begging for the ability to install Gab on their $1000+ phone.
But only iPhone send your pictures automatically to the police without your consent, just because some unreliable Apple-AI suggest it *could be* something illegal...
> Senators Richard Blumenthal and Amy Klobuchar, both Democrats, teamed up with Republican Senator Marsha Blackburn to sponsor the bill, which would bar big app stores from requiring app providers to use their payment system.
Extremely disappointing. Google and Apple already support other payment methods, but by forcing apps on the iOS store to support Apple Pay and Sign in with Apple, me and my family are all the safer for it. That's part of the reason I jumped into the Apple ecosystem — that Apple intermediates relationships.
This is not a pro-consumer move. Consumers already have choice. We should instead have laws for Extremely Strict data handling for payment vendors, including the sale of customer information.
IAP is a platform-enforced monopoly that allows Apple and Google to extract a flat 30% from every digital transaction that happens in an app. It's one of the clearest examples of the deadweight loss from monopolies, as businesses that would otherwise exist but have higher marginal costs can't offer products that consumers would otherwise benefit from.
App store fees and Apple Pay are different things. What people are concerned about are increased fees and side-loading apps, and we can have a separate policy discussion on capping fees and having separate stores.
What Apple Pay does is protect consumers from having to hand out their credit card information to random companies with less-than-Apple's reputation for handling consumer financial data. This is true both on and off the app store.
No other payment vendor is going as far as Apple to protect your financial data, and you most certainly will never have the negotiating position to make Target budge on how they do things.
I keep thinking of this burger joint 22 km from my house who do free delivery when I order a rather large 6 euro burger menu. The micro-margins and the monumental effort involved blows my mind. They have to be cheap enough to get enough orders to be able to chain together enough deliveries most of the time. Surely Apple and Google in this settings are entitled to 2 euro for all the work they did. Seems only fair.
I interpreted the remainder of the sentence that you quoted from as acknowledging that the restriction applies to the App Store, and contrasting this with other possible distribution methods (presumably web sites or web apps with their own online payment forms).
Such a claim is either facetious, or misinformed. Apple severely restricts what is allowed on web apps on iOS devices, specifically against allowing them to become viable alternatives to its monopoly on native apps.
I've successfully used everything from apple pay (note 2FA required) to different credit cards to debit cards to even paypal and weird things like gift cards and add funds. What payment method does apple not support when buying things? Maybe ACH / Wire? Is that realistic for apps?
I think they mean IAP, not Apple Pay. Apple requires every app (unless it's for a physical product and some other exceptions) to use Apple's in app purchase system. You can pay with credit card, gift cards, etc, but 15% (30% over $1mm) goes to Apple, not the merchant - which is what this bill is about, since Apple has a monopoly as the only app store they can charge whatever they want and developers have to put up with it. You can't embed your own payment system, or even make references that such system is available elsewhere (e.g. on your website)
That is very different. Most users like apple's consistent payment flow and protection it provides, especially if you've dealt with other providers online (and all the scam tactics).
I think many customers will switch to alternative payment solution if the price is lower by 30~40%. Consistent payment flow and protection is of course desirable, but I don't think that's worth the current cost. Perhaps 10% makes sense.
No question - but it's usually cheaper in part because the costs (to consumer) are hidden.
Impossible to cancel subscription
Renewal terms hidden.
Trial terms hidden.
No prompt to cancel on app delete
Hard to get refunds if app doesn't work.
And list goes on.
So yes - they will be cheaper, but you will ALSO have a lot more unhappy users. So if you can think longer term - the short term gain all these devs will make milking users trust is a long term loss to platform trust (where apple wins).
Apple is a brand company. A top global brand. Part of that is a fair bit of control over the on apple experience.
Just look at the folks fighting apple on this - a lot fo them have been sued (repeatedly) for scam billing practices.
Yeah, I can happily pay 5%, even 10% to Apple for that. But 30%? Sorry. I would rather pay directly to the developers to support longevity of my favorite apps and games.
Does that apply to all apps? Can any app provide those modes? Or are those modes restricted only to Amazon-like apps that allow users to buy physical goods etc.?
My claim is generic across apps; your anecdotes are limited to certain types of apps.
You do realize you are paying upwards of 42% (1/.7) more on every single thing you buy via Apple for that "benefit", right? Like, I see a lot of people say stuff like this, but I just can't imagine that every single time they spend $5 they are mentally picturing handing at least $1 of that to Apple while thanking them for preventing people from telling anyone about alternative ways to pay (or even breaking down that $1 fee so people can viscerally understand what is going on).
I've bought apps on jailbroken iPhones and never had my payment method stolen. I agree with you, I can't believe people are so brainwashed into thinking it's scary to pay for something on a phone any other way than giving Apple a cut.
You'll actually find that iphone users, because you are relatively "safe" (in my case around subscriptions -> I've never had a problem cancelling on apple where JUST TODAY I'm told I have to call a customer service number to cancel another product - UGH!!!) people will actually spend MORE (much more sometimes).
That's the case for me. Subscriptions online generally -> hell no. On apple -> sure.
If that is actually true, then you will still be willing to do it even if I were allowed by Apple to tell you how much money Apple was taking and even if I were allowed to present the option to you in my application and make it just as easy for you to buy using an alternative payment system (instead of having to only implement the feature on my website, and then hope you are curious enough to look). Apple, however, seems to be very confident that it isn't true (well, maybe for you, but that you are an outlier)--that if presented with two payment options, one of which cost $5 and one of which cost only $4 (I needn't even add a markup: my goal might be to make more volume at a lower price), that a lot of people would choose the $4 option--and so they specifically ban both of the above practices.
We need to be crystal clear that the coalition fighting apple on this (match.com and friends) are EXACTLY the type of people you DO NOT want on your platform.
"FTC Sues Owner of Online Dating Service Match.com for Using Fake Love Interest Ads To Trick Consumers into Paying for a Match.com Subscription"
DA claim in CA "Match used actions that included misleading billing characterizations, nonconspicuous auto renewal disclosures, elimination of required cancellation disclosures, and imposition of a long and tedious cancellation process,” the district attorney said.
Do I think match and all the other scam billers / loot box mechanic providers will be able to get consumers into their impossible to cancel flows with $1 and $0 offers (with hidden huge renewal fees and early cancel requirements)? Sure.
Note that Apple's policies cost developers like you LOTS more than just their cut.
Their billing flow includes same font size trial renewal details (no * or hidden renewal rules).
Their flows include easy cancellations WITH REMINDERS ahead of time on subscriptions (no call to cancel).
Their flows include prompts to cancel subscriptions on app deletion (when I deleted the few paid apps I have where you subscribe on provider site they NEVER once emailed me to give me a quick link to cancel related subscription).
So you really could offer the $0 and $1 offers and even MAKE MORE MONEY.
Do I think this would destroy a lot of the "don't think about it" apple platform vibe? Also for sure. And so as a consumer I'm glad apple keeps these folks in line and off their platform. I can just imagine the spamming pop-ups to try to get folks into these crap billing flows already.
Do devs not pay attention to per user cash money revenue? Apple is building a platform that should be MORE lucrative, not less by making it safe to spend money on. Are devs really making more per user on Android? I find that hard to believe. The same sideloading epic likes on android means tons of stuff can be pirated etc.
From the iPhone settings app, it’s literally 4 taps to cancel any subscription. No questions asked. I also am willing to pay a premium for that convenience.
No doubt the upfront premium has saved me money versus the the time and difficulty of cancelling a service in every individual’s product bespoke system.
Do you use a Mac or buy anything on the internet? You can buy iPhones with different payment methods at the Apple Store right? My point being iOS is basically one big lootbox where Apple sells the coins you need to buy (rent) the apps on your iPhone. Consumers deserve the choice to pay developers directly, just like they do on Macs (for now).
Very strongly disagree... consumers have almost no choices on portables today. Should someone as a parent be able to prevent their kids from installing other app stores to bypass Apple's curation, if they deem Apple's App Store the safest? Of course, and that's not liable to change.
But what exactly is the argument against device owners being free to procure any available app they want for their own devices, if they so choose? This paradigm already exists on Windows PCs and largely Macs too and it's very successful and the openness is worth the risk for me and any hacker I know.
For games, there are several stores like Steam, Epic, GoG, Ubi, Origin, etc and each provide reliable delivery of safe apps, so allowing consumers that same choice on their portable devices absolutely is a pro-consumer stance.
Except you as an individual consumer have zero - ZERO negotiating power vis a vis whatsapp for example. So if WhatsApp makes you get their app through X, and skips all the protections apple offers - you are not getting them to budget.
> by forcing apps on the iOS store to support Apple Pay and Sign in with Apple, me and my family are all the safer for it.
The legislation will still allow Apple to do this. It will force Apple to allow developers to give users a choice (in addition to Apple pay), to charge different prices for different payment methods.
You and your family will be welcome to continue paying via Apple pay if you so choose - the only thing that will change is you'll know how much you're paying Apple for the privilege of using Apple pay.
Don't you think that is something apple should have thought of before doing what they did to cause the outcry that lead to this?
Apple wanted to be the gatekeeper blocking out harmful apps, fine by me.
Apple then wanting to use that gatekeeper status to steal money from app developers, block apps that compete with apple internal apps, and enforce moral choices on what kinds of apps you can install on your phone, evil by me.
They could have done the former without doing the latter, but they fucked it up, and have to pay the piper.
Realistically, on the one hand we have the option to incentivize Apple to be an intermediary by letting them increase the price of everything by 42% and pocket the difference.
On the other hand, we have the option to ban this practice, and force big app stores to allow alternative payment systems. This will, as you state, predictably lead to some developers building their own insecure alternative payment systems, selling private information, and other negative outcomes. Sometimes it works fine, though.
What we're unlikely to get is some utopia in the middle where you can select a sign-in and payment option in each app, where you can choose between paying $5 to Apple and letting them be the intermediary, paying $3.50 to the developers directly, or perhaps paying $3.61 using a 3% markup intermediary.
Section 3 subsection d - INTEROPERABILITY
A Covered Company that controls the operating system or operating system configuration on which its App Store operates shall allow and provide the readily accessible means for users of that operating system to—
(1) choose third-party Apps or App Stores as defaults for categories appropriate to the App or App Store;
(2) install third-party Apps or App Stores through means other than its App Store; and
(3) hide or delete Apps or App Stores provided or preinstalled by the App Store owner or any of its business partners
Let's see how far this goes before it gets mangled all to hell.