Hacker News new | past | comments | ask | show | jobs | submit login
Senators introduce bipartisan antitrust bill to promote app store competition (senate.gov)
381 points by averysmallbird 3 months ago | hide | past | favorite | 367 comments



This article glosses over the biggest deal in the bill.

Section 3 subsection d - INTEROPERABILITY

A Covered Company that controls the operating system or operating system configuration on which its App Store operates shall allow and provide the readily accessible means for users of that operating system to—

(1) choose third-party Apps or App Stores as defaults for categories appropriate to the App or App Store;

(2) install third-party Apps or App Stores through means other than its App Store; and

(3) hide or delete Apps or App Stores provided or preinstalled by the App Store owner or any of its business partners

Let's see how far this goes before it gets mangled all to hell.


Obviously phones/game consoles would be game changing with this law, but i wonder what else would get hit...

Could this impact the infotainment on cars? Google Home devices? Smart TVs?

This could have major affects on user's ability to control their devices.


As always, they draw an arbitrary line in the sand since they know they just want to target specific things.

This hasn't been introduced yet, btw, so it doesn't have a real congress.gov entry - you'll have to settle for this https://www.blumenthal.senate.gov/imo/media/doc/8.11.21%20-%...

> APP STORE.—The term ‘‘App Store’’ means a publicly available website, software application, or other electronic service that distributes Apps from third-party developers to users of a computer, a mobile device, or any other general purpose computing device

General purpose computing device isn't even defined in this bill! Is the Xbox general purpose? Sure, most people use it to play games, but it has a full web browser with Microsoft Edge! the Switch and PS5 also have web browsers, just not with a URL bar. Do they qualify?


Laws need to hit the right amount of vague in order to be practical.

Courts and legal traditions will fill in the gaps (especially in a precedence heavy system like the US one).

It wouldn't surprise me if there isn't already a standard interpretation for "general computing device".


> general purpose computing device

There really isn't, at least in the US Code. If there was and this law was referring to it, it would refer to it "as defined by U.S.C <number>".

This discussion from a year ago illustrates my point; this bill is PR fluff and the one they actually discuss putting into law will have to be more specific https://news.ycombinator.com/item?id=24191018


A simple way to determine whether a device is primarily a "gaming handheld" is to follow the money.

According to statista.com, "gaming apps accounted for 85 percent of gross app revenues in the Google Play store in 2019."


That's a good question!!

Do you think Alexa 'apps' count? If so making that work seems like it have to completely open 'Alexa' up (hooks into voice recognition, programming logic) as basically an extensible AWS type platform.


It doesn't seem like it since it specifies on-device stores, but hopefully!


That's actually a fairly sensible bill. I'd imagine that both Google and Apple's respective teams are working their hardest to prevent the American people from hearing too much about this.


I believe it is a sensible bill. it limits its impact to companies that have access to 50,000,000 users or more so it should only curtail giants.


I'm sure PSN and xbox have more than 50M users, so does this bill apply to them?


I haven't yet formed an opinion on whether this bill should apply to Sony (PSN) or Microsoft (Xbox), but in general, Sony and Microsoft very definitely qualify as giants.


IANAL. It will probably argued that way at some point if this passes.


don't know but I hope it does


Google already complies with that except the default is one big switch AFAIK on android, it's not per-category.


The non Google Play stores are severely nerfed though - they for example can't auto-update apps installed from them, like Google Play can.

So if you install something say from Fdroid and want to have it up to date (say a Firefox rebuild), you have to periodically open the Fdroid app, check if there are any updates for the app and manually install them if there are some.

Also I don't think you can currently hide Google Play if its installed, again giving it an unfair advantage.


This is probably because I'm running a Samsung os, but I get auto updates from the Samsung store.


The vendor has custom modules for auto-updating. afaik F-Droid also auto-updates on freer distributions of Android but not on most manufacturer ones.


Exactly. This is because F-Droid requires root access to provide this functionality. I'm not sure if the module for this is still up to date, but it is a Magisk module that could be installed on any Android device rooted with Magisk.


Well I actually also have a Note 9 and it seems Samsung stuff generally does not get updated by itself & either stays outdated or nags for update I need to manually trigger.


Stores that are baked into vendor images are granted special privileges to act as app stores.


It's not quite that dire, as F-Droid will pop up a notification when there are apps that need updating. But yeah, you do have to tap through and confirm to get it to update, once for each app.


It is a feature, not a bug. Moreover, I want to be able to roll back the update or install an older version and pin it.


I think having two app stores being installed would (or should) satisfy this.

I think the intention is to prevent Apple saying "either you use our store exclusively, or you opt out of all our apps".

Google lets you install a browser from one store, a game from another, and everything else from the official Play Store.

Google could also easily implement category switching. The URL navigation structure of android could just append ?cat=gaming.


Not so much "preventing" anyone from hearing it as much as disparaging the bill in public discourse alongside buying off politicians. Mostly because word about bills like this tends to go around anyway thanks to all the orgs working for the public good. E.g the EFF, etc.


Why downvotes? Can we please have a discussion of ideas rather than blatant info-warfare on HN?


It's too easy to for Google&Apple to tip the scales. Choice will mostly be an illusion as almost everyone will choose Google or Apples store. You can see it on Android today.


I don't mind that personally. They can default to their own stores and advertise them, as long as I can sideload anything I want.

On Android I do use sideloading for niche applications and for FOSS applications available outside the Play Store (F-Droid).

If iOS allowed the same ability to sideload that Android does, that would be a huge step forward for "power"users, irrespective of whether the majority of the population stays with the Apple default.


For what it's worth, https://altstore.io/ is a relatively-new sideloading system that "just works" for iOS without jailbreaks - you can download .ipa packages however you want, and as long as you're on the same WiFi as a computer running the server, it will re-sign them with a personal key every 7 days. Outside of emulators, though, there's just not much of an ecosystem of high-quality apps for iOS that aren't built to be Apple-approved. But hey - you can bring back Flappy Bird!


I’m not sure who lobbied for this legislation, but I have a gut feeling a company like Facebook is behind some of the money. What a Trojan horse, a government legislated third party Facebook App Store on your IPhone/Android that incentivizes developers to build apps that plug into the FB ecosystem. Lower percentage cut taken by Facebook, with the ultimate caveat - no privacy, all your user data is ours, oh and ads, lots of them.

Cheers. Shit, FB didn’t even have to develop their own phone. What a win.


At this point the enemy of my enemy is my friend. Let's see if whoever is doing the arm twisting can force Apple onto a path where they don't get to do every single little thing that they want.


That's interesting because I have the opposite view - I prefer Apple maintains control so that Facebook doesn't get to do every single thing they want. Facebook is strictly worse and I bemoan a future where FB is given even more data to sell on hundreds of millions of Americans.


How about (gasp) the government maintains control so that non-democratic bodies don't get to do every single thing they want?


What government are you referring to?

I suspect that not all countries (even western) would love the idea that the US government had that type of control ;)


How about designing devices and services such that they are open and cross-compatible and the user is ultimately in control?


Yeah, I had heard of that.

Personally, I don't really like the idea of depending on re-signing every 7 days to prevent apps from breaking. In practice it would be fine nearly 100% of the time, it's just not something I like from a point of view of principles. It feels like an immense contortion to make just to install a binary on a device I own :-(


Last time I checked you also had install some their plugin for mail.app that is setup with Apple ID account - that was deal breaker for me.


It should really work the same way you select a default browser during setup. Even if you can sideload a different option, setting a default to their own property is a classic example of bundling, which is an anticompetitive act.


Right, it would have a huge impact on iOS devices and for their users.


Even if the only effect of a law like this was that you could run a better browser on iOS, that in itself would potentially be game-changing. It is hardly a radical suggestion at this point that Apple might have consistently and knowingly nerfed the only real browser users can run on iOS to reduce competition to native apps bought through its own store.


Let’s be honest here. If that happens , Chrome wins cause developers interest do not align with consumer interest but money interest. Understand I’m not saying that Developers go for the money, I’m saying the majority of companies that employ developers do and they will target chrome. Firefox by itself is not enough to fend off Chromes “standards” and the only thing ironically stopping Chrome dominance is stagnation not completion.


I am all for browser diversity but if there did end up being only one browser almost everyone used I would prefer it to be Chrome than iOS Safari. Everything from security updates to functionality in numerous areas is inferior with Safari and that hurts users and developers alike.


Yes forcing Apple to allow alternative Browser Engines and javascript/html/css runtimes such as Electron, would be the quickest and easiest way to help developers introduce some real competition to native apps.


But does that mean Google can release an iOS app store? I guess the reverse is much easier as Android is a much more open platform.


> You can see it on Android today.

Are there any good third-party Android stores? My (dated) experience is that it's only Amazon and hundreds of pirate sites.


There is F-Droid, which is a terrible client app but provides (non-Amazon, non-pirate) open source software such as NewPipe, Simple Notes or DavX.


Foxydroid is a really nice and imo much faster F-Droid frontend https://f-droid.org/en/packages/nya.kitsunyan.foxydroid/

(not affiliated just a big fan)


There's also Aurora Droid, an F-Droid client developed by the creator of Aurora Store.

https://f-droid.org/en/packages/com.aurora.adroid/

It's currently being rewritten to match Aurora Store v4's interface.


I think that these demands should require the built-in app store to support an interoperable feed to other sources. I think that they do but not clearly enough.

I doubt Google would interpret it that way, but that would be the fair way to do it. Make it so that the information is interoperable rather than just not actively disallowing it. Then it can stop being a monopoly.


Fdroid is ok. Not the best, but it does function.


WeChat is pretty much an app store (among many other things).


Apkpure and fdroid.


I wonder how the Cydia lawsuit against Apple is going.

I'm not a lawyer so I don't know, if this law passes before the conclusion of the lawsuit, is Cydia out of luck?


Out of luck how? Isn’t the goal to be able to install and use Cydia without jailbreaks and without signing it yourself? And if the bill passes in the sort of form that is here, isn’t that exactly what’s going to be possible, so then the goal is achieved?



That's an awesome law! I doubt the copyright industry will allow it to pass...


Apple is like "over my dead body!!!"


It's already mangeld:

(1) choose third-party Apps or App Stores as defaults for categories appropriate to the App or App Store;

What does "appropriate" mean? From apples POV they will probably push that no "sensitive" default is ever appropriate for any App or AppStore and how is it handled? If I would be Apple acting like apple did in recent years I would require such apps to be white listed in a extremely cumbersome system which requires and Apple Dev account, allows later revocation by Apple and requires resigning every time you push a update which will always takes weeks and gets randomly denied because they supposedly detected malware or security flaws in you app. Making it "de-facto" impossible to set defaults to 3rd party apps.

(3) hide or delete Apps or App Stores provided or preinstalled by the App Store owner or any of its business partners

Hide doesn't mean disable, it just means "make it not visible" and makes this paragraph in the end pointless.


I suggest you read the full text or at least in part.

>choose third-party Apps or App Stores as 13 defaults for categories appropriate to the App or 14 App Store;

Categories appreciate to the app means you can set a non default browser to handle urls and a image viewer to handle images herein appropriate means that the application can handle that type of content it is not an opening for apple to decide what kinds of apps are appropriate in the normal English language definition of the word.

I don't think merely deleting the icon for an app but opening it in response to a link would meet the intent of the law but it ought to just say disable.


Pretty sure I could retire if I was a lobbyist and this is the only issue I worked on

Apple's about to turn some money faucets on


Facebook app store and Epic App Store are about to double turn their faucets on.

But you are right, the lobbyists involved here are playing for seriously high stakes. I guess someone finally found a way to make Apple spend all that cash on hand.


As a long-time Android user, if this passes I might actually consider buying an iPhone for the first time in my life, which feels rather ironic considering Appple is fighting it tooth and nail.


This would be so good for the smartphone environment and clean and trustworthy systems. It would a complete game changer. One can dream...


I love this idea - I paid a grand for this thing, I should be able to run whatever I like on it.

However, this does make it significantly more difficult for Apple to dictate terms to every random app that your network of friends and colleagues makes you download, and makes it more likely that those apps will be a regression in terms of actual consumer experience.

Regulation of access to your camera roll and contact list is a terrible idea, so I don’t see a solution.

Apple is the only thing stopping WhatsApp (let’s face it, an essential app in 2021) from demanding your location at all times. We don’t notice this on the web, because Mozilla and Google (!) enforce terms for us (and most desktops don’t have GPS receivers).

Take out the gatekeeper on mobile and we might find that the benevolent dictatorship wasn’t so bad after all.

Edit: want to add that replacing Apple’s consumer protection gatekeeper role with a government agency is a non starter. Apple (and to give them credit, Google) know that the data available to the gatekeeper role is toxic and dangerous. Government thinks it’s a big bowl of lollies.


What splitting the app store from the OS does is encourage stores to compete on the basis of quality of the store and not the quality of the store + OS + hardware. Apple and Google will have less leverage, but all the qualities of an aggregator will still apply. Google doesn't own the websites they index or the internet they're served over, but they still have tremendous control over the web.

We see this even in the PC space: people will refuse to buy games not on Steam and many of the stores that sprung up a few years ago (Origin and UPlay) have since conceded and narrowed in scope.

Some apps will bypass the Apple/Google store, advertise themselves, and supply their own infrastructure for distribution. When that happens, Apple and Google will no longer have control. Implicit in the argument that they should have control is the assumption that these two companies are the only two enforcement bodies that can be trusted. As should be evident by now, you do not control Apple or Google and have no recourse if they break your trust. These companies care, first and foremost about their profit margin. It is naïve to think that consumer choice reflects Apple's or Google's stewardship of the store. Not everyone buys a phone because they like the walled garden.

I used to think sideloading was/third-party stores were a problem because of what you describe, but I've come to believe that it's the most free-market solution available to curtail some of the excesses of these gatekeepers while minimizing design-by-government.


The issue is that, now, third-party companies can force you install their store to download their app, and can use ad tracking identifiers outside of the IDFA, or worse, use private APIs (like auto-obtaining your phone number) as much as they want. We saw this with Epic before they went on the Play Store - you had to use their launcher to install Fortnite.

All it does is force "choice" onto users further down the stack - users that don't know what they might be giving up when they install a third-party app store when trying to install "Fortnite" or even "Fortnite VBucks Generator Free iOS".


> The issue is that, now, third-party companies can force you install their store to download their app

And they will have a vastly reduced set of people willing to use their software as a result. Other than a few key things, that's probably more trouble than it's worth for a lot of people, and the requisite "Warning: This app store is handled by someone else to make absolutely sure you trust the company running it" will scare a bunch more off, if it's something new.

If, on the other hand, it's Steam, or Epic, or some other super well known steward of content that has a well known name and reputation, then maybe if users are also lured by lower prices, they might consider it.

You know, exactly the same way you might feel a lot more comfortable buying that watch or toy you really want if it's from your local target and not some random guy with a table on the street.


If Epic/Tencent forces iOS users to use their app store to play Fortnite, there will be no luring of users based on lower prices.

They will just (effectively) all move over and (effectively) none of them will read any warning text.

God only knows what companies like 100% Tencent owned Riot Games will have running on millions of Americans' phones once they get the elevated access an app store requires.


All of this is a failing of the OS layer which should manage permissions not stores.


Exactly. There shouldn't be a private API to get your phone number. There should be a public API, and calling it should request permission from the user.

Of course, the app can refuse to function if you deny it...


But I wouldn’t want the settings app for example to pop up a bunch of dialogs asking for permission to enable various private APIs.


Exactly. Come in HN. You’re smart. If you give the average user numerous pop up boxes to click they’re going to be conditioned to click allow no matter what the permission is to get where they need to go. It is not an answer and counter productive.


Sure, there's a fine line between users actually reading the prompt and making a real choice vs. just tapping "allow" to get it to go away.

I feel like "do you want to give this app your phone number?" falls under the former, though. Right there along with "do you want to give this app your location?", which is of course already something users have to allow.


When you rely on a gatekeeper for security, it results in problems like the Play Store being the main vector for malware distribution on Android[1], and Apple's App Store distributing 500 million copies of Xcodeghost to users' devices[2].

[1] https://www.zdnet.com/article/play-store-identified-as-main-...

[2] https://www.vice.com/en/article/n7bbmz/the-fortnite-trial-is...


Xcodeghost was just another analytics API to Apple, so they didn't care until they were alerted that it was added to apps without the consent of these developers. It was not 'malware' in the sense of enrolling users in a botnet or utilizing private APIs to record the screen without permission.


Lookout Security describes it as malware[2] and as malicious, as does Palo Alto Networks[3], Ars[4], Reuters[5] and The NY Times[6].

From here[1]:

> Remote control security risks

> XcodeGhost can be remotely controlled via commands sent by an attacker from a Command and control server through HTTP. This data is encrypted using the DES algorithm in ECB mode. Not only is this encryption mode known to be weak, the encryption keys can also be found using reverse engineering. An attacker could perform a man in the middle attack and transmit fake HTTP traffic to the device (to open a dialog box or open specific app for example).

> Read and write from clipboard

> XcodeGhost is also able, each time an infected app is launched, to store the data written in the iOS clipboard. The malware is also able to modify this data. This can be particularly dangerous if the user uses a password management app.

> Hijack opening specific URLs

> XcodeGhost is also able to open specific URLs when the infected app is launched. Since Apple iOS and OS X work with Inter-App Communication URL mechanism (e.g. 'whatsapp://', 'Facebook://', 'iTunes://'), the attacker can open any apps installed on the compromised phone or computer, in the case of an infected macOS application. Such mechanism could be harmful with password management apps or even on phishing websites.

> Stealing user device information

> When the infected app is launched, either by using an iPhone or the simulator inside Xcode, XcodeGhost will automatically collect device information.*

> Then the malware will encrypt those data and send it to a command and control server. The server differs from version to version of XcodeGhost; Palo Alto Networks was able to find three server URLs:

> http://init.crash-analytics.com, http://init.icloud-diagnostics.com, http://init.icloud-analysis.com

> The last domain was also used in the iOS malware KeyRaider.

[1] https://en.wikipedia.org/wiki/XcodeGhost#Behavior_on_infecte...

[2] https://blog.lookout.com/blog/2015/09/20/xcodeghost

[3] http://researchcenter.paloaltonetworks.com/2015/09/malware-x...

[4] https://arstechnica.com/information-technology/2015/09/apple...

[5] http://www.reuters.com/article/2015/09/20/us-apple-china-mal...

[6] http://www.nytimes.com/2015/09/21/business/apple-confirms-di...


My point is that these are all things which analytics apis (which, mind you, are also arguably malware) at the time did as well - reading the clipboard was common as many operated their own internal clipboard proxy due to the slowness of pasting in older iOS versions. It's only called malware and not Facebook because it was injected into developers' apps without their knowledge.

And the 'remotely controlled via commands' section is meaningless - apps can't JIT so such C&C was simply turning flags on-and-off to go on different code paths.


Excellent examples!


The OS layer can be compromised - all recent iOS jailbreaks besides ones that rely on checkm8 use a series of userland exploits to break out of the sandbox and gain rootfs access. Nothing is stopping a seemingly innocuous App Store from installing an app that silently jailbreaks the phone in the background to then bypass the OS whitelists that gatekeep these private APIs to Apple-provided apps.


Also slots nicely under the "failure of an OS" category.

Legislation like this forces Apple to actually maintain a good OS lest it be riddled with malware. They seem to be doing fine on macOS they can do the same for iOS.


Craig Federighi said it himself that the level of malware on MacOS is unacceptable[0]. It's impossible to make a completely secure OS that never has bugs - it's less impossible to create a review system with rules and processes that limits the amount of user-downloaded malware to single-digit numbers.

0: https://www.cnbc.com/2021/05/19/apples-head-of-software-says...


Craig Federighi is a very powerful executive doing everything in his power to protect his company's business model. That includes lying as he did in that court. Craig uses a Mac everyday he's fine with it's security.


I'm sure his MDM-enforced gatekeeper setting is on "Apps downloaded from the App Store" and not in the default position that includes "and identified developers".

https://support.apple.com/guide/mdm/security-privacy-payload...


I do think competition will be limited, though, as Apple's and Google's stores will be installed by default when you get the phone. Most people just stick with the default. Consider browser search engine defaults: Google pays Mozilla a lot of money to be the default search engine on Firefox, even with Firefox's small and declining market share. The holder of the default has a huge competitive advantage in that most users won't stray from it, or even think about the possibility of an alternative.

(It's funny, because this just feels like an echo of the 90s, when Microsoft killed Netscape in no small part by bundling Internet Explorer as the default for new OS installs.)


But only Apple and Google are big enough to fight the other bad actors. Sure, their interests may not always be aligned with mine, but we are much more likely to be aligned than mine with the bad actors.

So, I pay my money, and I get Apple to be my Big Brother who protects me from the bad actors. And if I decide that I no longer want Apple to play that role, then I can go buy an Andoproid device, or whatever.

But Apple can’t effectively play Big Brother in that role and protect me from all the other bad actors, if they are forced to allow alternative app stores and sideloading.

It’s like cryptography. Either it’s broken, or it’s not. Or Pregnancy. You are either pregnant or not. You can’t be a little bit pregnant, or have crypto that is only a little bit broken.


> if they are forced to allow alternative app stores and sideloading.

You can not use alternatives.

It's like pregnancy, if you wear protection, you can have safe sex. If you're scared protection isn't enough, you can not have sex and you won't get pregnant.

Ok wait that's a weird example that isn't supposed to be preachy but the point is you can always not use non-apple app stores and apple can still protect you.


The largest part of this protection is major companies not being exclusive on other app stores. If EA says all games must be downloaded from X, people are going to use X even if X doesn’t offer refunds of any kind etc.


For a lot of the world, they will not be able to say ‘no’ to a Facebook App Store. That’s the attack vector. Selling an ad-model based FB app on the FB App Store might have more reach than simply targeting iOS users.

If Zuck’s money is behind this, it’s a really good checkmate.

Where are the real journalists when you need them? We need a list of whoever is funding these lobbyists.


> But only Apple and Google are big enough to fight the other bad actors. Sure, their interests may not always be aligned with mine, but we are much more likely to be aligned than mine with the bad actors.

So, I pay my money, and I get Apple to be my Big Brother who protects me from the bad actors. And if I decide that I no longer want Apple to play that role, then I can go buy an Andoproid device, or whatever.

That's quite a Stockholm syndrome-y view. What protects users, first and foremost, are users themselves.

Take the imaginary scenario of "WhatsApp requiring constant location data".

On an open platform, other users will provide you tools to defeat these requirements, either by modifying the app code itself, adding code around it to provide it fake data, or simply not allow these APIs in the first place.

If WhatsApp is really clever about it and detects all attempts at thwarting the surveillance, then users will develop and distribute an alternative messaging service (see Signal gaining serious traction after a way milder anti-user update by WhatsApp a few months ago).

It's only in the context of a lack of competition that such bad behavior is tolerated by users.


> But only Apple and Google are big enough to fight the other bad actors

"big" is not the deciding factor. Amazon and Microsoft are also big. They do not decide what's on your phone. Apple's and Google's stores are big by default because Apple and Google have control of the platform. It's not the other way around. It's also not binary. If the store is decoupled, they will have less control, but not no control. Influence is weighted by user-base.

> Sure, their interests may not always be aligned with mine, but we are much more likely to be aligned than mine with the bad actors

Their interests are more aligned because they sell you the platform. They have many more ways to do this that aren't dependent on a quality app store. A store that survives on just the store is even more aligned to maximizing loyalty and trust in that store.

> And if I decide that I no longer want Apple to play that role, then I can go buy an Andoproid device, or whatever

Maybe you can, but for most people in the world, a phone is a significant investment and not a choice you can easily switch when you've already spent significant money in the ecosystem.

> It’s like cryptography. Either it’s broken, or it’s not

It's not. Even now, there are practical limits to what Apple can demand of its developers. Less control means less power, not no power. A store filled with bad apps is not a store most people will willingly buy from, unless there is external pressure forcing them. I don't think there's really much of an argument there. What this discussion is really about is the Facebooks of the world that have tremendous influence and also do shady things. Already, we see that Facebook plays by different rules with different stores, with greater tracking on Google platforms. This wouldn't change if Apple's store were still big enough to matter, but if Apple's power were weakened there's a risk that Facebook (for example) might have enough power to not care. So, this is what it's really about: some people trust Apple more than Facebook and want Apple to have total power in that relationship by being bigger than Facebook. This necessarily piggybacks off of the power given by people who do not care about or trust Apple, gained by means that are not the quality of the store. These people will likely stay with Apple regardless of how much Apple abuses its trust, but yet the people that do trust Apple think their trust matters.


> Amazon and Microsoft are also big. They do not decide what's on your phone.

I agree with your point, but just want to point out that Microsoft does similar things on Windows with Defender that Apple does on macOS with Gatekeeper, and both can be described as the companies deciding what does or doesn't get to run on your computers.

Both companies require you to buy certificates and remain in good standing with them if you want your software to run on Windows or macOS without a problem. Microsoft and Apple can revoke certificates whenever they want for any reason they want, and after doing so, Defender and Gatekeeper will prevent apps signed with those certificates from running on either OS.

macOS treats unsigned apps as if they're radioactive, and hides the ability to run them from the user. The switch to the M1 platform brought a new requirement that all apps must be signed as unsigned binaries won't run on M1 Macs. Windows Defender will also treat unsigned apps as if they're radioactive, and prevents users from running them initially.

If you want your apps to actually run on modern macOS or Windows systems without users thinking they're either broken or malicious, you need to pay for certificates and remain in good standing with both companies. Apple goes one step further and requires all apps to be Notarized, which involves uploading the app to Apple's server so it can analyze and approve it to run on macOS.


The APIs won’t change with alternative app stores. Asking permission for using gps or camera or … can still be enforced. Just like on macOS.


To truly open up iOS, by my understanding, Apple would need to remove the requirement for notarisation of binaries. This would mean they'd also need to sort out their entitlements system, given an app can use entitlements to say it isn't sandboxed. That was the root cause of a recent exploit, where differing parsing logic allowed an app to get signed while declared as unsandboxed. (https://siguza.github.io/psychicpaper/)

One approach could be to namespace installed apps based on the store ecosystem which installed them. Assuming platform level permissions for access to user data are enforced by the platform and can't be worked around via the manifest file, this would ensure apps can't move around outside of their "store" sandbox and access the data of other apps.

More ideally, Apple would move away from signing a plist that gives an app special access, towards the user prompts like those for contacts access etc. And where possible, use portals to give granular access to selected resources like photos (or selected contacts).


> To truly open up iOS, by my understanding, Apple would need to remove the requirement for notarisation of binaries.

Or extend the notarization system such that adding another store adds another notarization authority to check.

There's no technical reason Apple can't provide a close to seamless experience for other app stores, there have always been incentives to not do so though.

Even if this bill were to pass, I don't think we'd see smooth use of external app stores, but not because it's technically impossible, but because it takes effort and the incentives for Apple are still to not put any effort into it that isn't strictly required, beyond not leaving the perception of their security in shambles.


Absolutely - there's few technical barriers here. I thought about the idea of supporting multiple notaries, but concluded that the current system is too reliant on the notary system for platform security, since the signed app's permissions statement is taken "as-given".

A redesign of this would certainly enable a seamless experience - just namespace apps by their store, and the official app store becomes one of many stores, sitting inside a namespace based on their public key hash.

I regretably concur - the non technical barriers would go up. I could envisage some convoluted process to add a store (that would make installing a provisioning profile seem like a walk in the park, even though actually a provisioning profile might be the best technical example this could be done!), followed by a whole list of restrictions imposed on apps from alternative stores - no Apple pay access clearly, probably no NFC hardware access (wouldn't want someone able to use that hardware they paid for!!), no keychain access (to protect you). Perhaps no photo reel access and no doubt no iCloud access, and no ability to bypass background task restrictions to build your own cross device data sync ecosystem.

Being able to plug in an alternative to iCloud would certainly also be nice (so you don't need their cloud storage to use data sync and other nice-to-have features some people use, like backups), but I just don't envisage it happening. Making that kind of on-device, app-facing API pluggable would be the right technical approach... But no doubt iCloud would remain the "only" storage provider, for non-technical reasons.


> Or extend the notarization system such that adding another store adds another notarization authority to check.

This assumes those App Stores themselves are either audited or verified by Apple to provide a level of verification to prevent such apps from just being submitted unsandboxed and/or the platform notarizing every app without question - which I can assure you is not what the policy makers nor the people behind the funding for this bill (collation for app fairness most likely, Epic second most likely) will accept.


> This assumes those App Stores themselves are either audited or verified by Apple to provide a level of verification to prevent such apps from just being submitted unsandboxed and/or the platform notarizing every app without question

No, it very specifically doesn't. It would be Apple allowing another authority to also shoulder this load, after the user has specifically said they want to also trust that authority.

I have no idea how you could come to the conclusion the Apple would need to verify everything in a discussion about a way in which Apple would not need to be the only entity verifying everything.


Why aren't all apps severely isolated from each other today? Because Apple could pretend that their half-assed draconian oversight is 'good enough' protection for everyone? If this forces them finally to implement real, technical isolation and protection measures for apps and APIs then GREAT. 15 years late is better than never.


To an extent. Maybe the system can still block location access, for example, but it can't force the app to gracefully degrade without it. A future version of WhatsApp could lock you out until you give it location, contacts, calendar, phone call log.

There are lots of soft-rules that Apple enforces around permissions that are still really beneficial. For example: the new "you have to be up-front about all usage of user data" would be nearly impossible to enforce at a technical level.

If all the apps that don't want to comply can just leave, you may find yourself relying on Apple services even more than you do now, because nobody else will respect their rules.


> If all the apps that don't want to comply can just leave, you may find yourself relying on Apple services even more than you do now.

Or more likely what's gonna happen is the 95% of users who care more about having WhatsApp than privacy, will install the Facebook app store and get the apps from there.


Not really. If there’s an alternative App Store, then apps in that store can use private APIs and there’s nothing Apple can do to stop them. If there is only one App Store and it’s run by Apple, then if an app tries to use private APIs, then Apple can kick them out of the App Store.

This really is an all or nothing deal.

Once you jailbreak your device, or allow an alternative App Store, it’s game over for that device.


> there’s nothing Apple can do to stop them

You can runtime check the binary calling the API, you can sandbox the binary so it can't access the API at all.

I'm sure apple has tons of plans to limit this.


Arguably an approach that assumes there can be a hostile store operator would create a more secure and private product, as Apple would rely less on private entitlements and APIs in plists, and more on either technical measures to control access to these APIs, or actual security across them.

There's antitrust potential around private APIs and entitlements, like the background video access given to zoom before it was available to other developers. Arguably the "green dot" status bar warning approach helps alert users to abuse of this API, and a permission prompt before first use would let users choose.

Sandboxing binaries more than at present would also improve the general security posture of the device - I'd want my app sandbox to be secure even if a rogue app gets onto the device, and such a security posture would arguably better secure iOS for all users.

I could see a need to namespace keychain and team IDs and similar with a secure identifier (like the public key of an alternative app store's signing CA key), to protect keychain and other information from spoofed apps, but again this kind of change would arguably better harden iOS for everyone. The less that platform security relies on trusting someone else to validate and sign a plist, the safer the more secure the platform will be for users even of the default store.


That’s a good point, but the behaviour I’m talking about is enforcing the optionality of those functions in order for the app to work.

I might be wrong about this (not a dev, just play one on the internet) but Apple has the power to say that in order to submit an app to the App Store, user location/contacts/photos/whatever must not be required to be turned on for the app to work. ie. Apple enforces your ability to use WhatsApp without giving up microphone access.

Without that model, yes, permissions are still granular. But WhatsApp can tell you to turn all of them on, or you can’t use the app. To me, that’s not a meaningful difference to the “just don’t install it” crowd’s preferred suggestion.


Worst case Apple can feed those apps a random location, supplemented with a random film roll and address book.


This approach sounds a lot like that used by XPrivacy, and its successor, XPrivacy Lua, both for rooted Android with the Xposed framework.

They allowed you to spoof responses to a huge range of API calls that revealed sensitive data, by hooking function calls in the underlying OS, and returning arbitrary or random values, which could be a subset of the full valid set of values.

That approach works pretty well if you test it robustly and ensure your dummy responses are valid according to the API spec.

Something I always feared was that apps would try to detect this and refuse to run if you didn't have any contacts or photos, or had folders on your SD card that they could not access, but I'm not aware of this ever really having materialised, beyond banking apps and some online games using Google's device attestation, which didn't really play nice with the Xposed framework.


> However, this does make it significantly more difficult for Apple to dictate terms to every random app that your network of friends and colleagues makes you download, and makes it more likely that those apps will be a regression in terms of actual consumer experience.

Well, the corollary to "Mussolini made the trains run on time" is that they weren't on time without him.

Also, like how that's actually a myth, perhaps Apple actually doing a good job running their App store isn't really all it's made up to be either.

Finally, even though the initial view of a lot of people is probably that it's unfair to pull a baby Godwin on this, I think there's a lot of parallels that deserve a deeper look and examination, where we piece together why we're okay with strict authoritarian practices in some cases and not others, and possibly whether there's a link as to whether we accept it in a case where we think it benefits us, without considering how it affects everyone overall and the long reaching effects.


Apple still retains full OS level controls and perhaps a good level of controls on what app stores can do. In fact, I expect the OS level protection to become even stronger if this bill gets passed since that is the only way to keep Apple's controls on users.


I’m fine with app restrictions as they are. The problem is even apps which do not do anything special get removed from the App Store for a ToS violation. You can not for example publish an app that lets you download YouTube videos for example even though this does not require much access to anything.


This is a good use case actually - Apple seeks to prevent "thought crimes" from arising around breach of third party terms of service etc, like this. Even if a user may be acting legally around copyright (overwhelming public interest of newsworthy material that's likely to be removed).

They also don't permit GPL-licensed software on their store, since the extra restrictions they impose appear incompatible with the GPL license.

An alternative store ecosystem would no doubt emerge very quickly, which allows GPL software, or perhaps any kind of free/open source software (like F-Droid in the Android ecosystem). That would arguably be a good thing for independent developers and the open source community.


> However, this does make it significantly more difficult for Apple to dictate terms to every random app that your network of friends and colleagues makes you download, and makes it more likely that those apps will be a regression in terms of actual consumer experience.

Don't you think that is something apple should have thought of before doing what they did to cause the outcry that lead to this?

Apple wanted to be the gatekeeper blocking out harmful apps, fine by me.

Apple then wanting to use that gatekeeper status to steal money from app developers, block apps that compete with apple internal apps, and enforce moral choices on what kinds of apps you can install on your phone, evil by me.

They could have done the former without doing the latter, but they fucked it up, and have to pay the piper.


> We don’t notice this on the web, because Mozilla and Google (!) enforce terms for us (and most desktops don’t have GPS receivers).

I still tend to think the technical steering committees, operating out in the open, have done an unbelievably fantastic job of sticking to mission, of growing a user-centric pro-user web. They've abided by fantastically high standards, been unwaveringly unwilling to accept privacy or security compromises. Microsoft and Safari also exist here, and there are countless interested other small parties trying to enhance the web, to make it stronger, to make it more secure, and because this is happening in public, it is very very hard for even the product owners to take advantage.

The web is also Google's home: they exist because of the web, they existed for a decade having virtually no other presence than the web. The rest of public-facing computing remains locked up, truly & genuinely controlled by corporate titans. Their advantage is to grow a healthy competitor, one that is still diverse & ever more competitive, one that is ever more appealing to the user.

Look at the current fights. Current fights about specs are about a seemingly wild & wacky federalized learning algorithm (most hated by the ad industry above all & media outlets second), and then Apple and Mozilla who wage a campaign decrying how horribly bloody awful it is that there are Ambient Light and Web MIDI specifications, and boo hoo look how terrible & bad things are. There is enormous Fear Uncertainty & Doubt, extreme reactionary-ism happening against the web. But to me: the web appears very well protected; it's interests & citizens are extremely vigilant & vocal about what happens to their cherished public internet medium, and change is slow, well planned, & deliberate (ok so the recent cross-frame alert() getting dropped is an unfortunate but perhaps moderately understanding counterexample of that process & deliberation).

Sunshine really has been an incredible disinfectant.


I wouldn't want home builders dictating what sorts of microwaves people were allowed to sell even if we got better microwaves out of the deal


Yeah, I feel like the most likely outcome from this path is that Facebook launches a competing app store and offers developers lower fees than Apple in exchange for their users' data.


Which is kind of a problem, because all this does is provide choice to developers, not to users. I very much doubt the app would be available on both stores but cheaper on the FB one. Instead, the developer will pocket more money on the FB store, while the apps wont function without all kinds of permissions requires to accept.


> the developer will pocket more money on the FB store, while the apps wont function without all kinds of permissions requires to accept.

which will give it a bad reputation as a store and that will drive people away.


> which will give it a bad reputation as a store and that will drive people away.

Which will give it a bad reputation among the HN crowd and drive a tiny fraction of global user population away. The rest will happily grant the permissions requested if it gives them access to the latest Angry Birds game, or to Facebook app itself for example...

I mean, how many millions of users does Facebook still have that either have no idea about the impact of sharing their life with it, or don't care, because their social network interaction is essentially locked into the platform?

How many people have been successful at getting their friends & family to switch from FB Messenger or WhatsApp to something like Signal? Some, sure...


Many people have a bad image of Android and only use iOS because "walled garden = safe family". Those people are not going to suddenly be happy using the FB Store.

> How many people have been successful at getting their friends & family to switch from FB Messenger or WhatsApp to something like Signal? Some, sure.

Maybe it's an americanism, but i know almost no one that doesnt use SMS exclusively on android and SMS + iMessage on iphone. a few techies use signal, but i've never met anyone ask to use any other chat platform.


As long as the Facebook store also maintains a reputation for not having malware, Facebook parents will happing download "Facebook App Store" to download "Facebook".


Just like FB's bad reputation drives people away?


Yes!



> I love this idea - I paid a grand for this thing, I should be able to run whatever I like on it.

The price shouldn't matter. If Apple sold it for $1, losing hundreds of dollars in raw materials per purchase, would you still say that? In both price scenarios, Apple expects pay on the back-end in the form of the 30% cut they take from app purchases and in-app purchases. It's the same with consoles - they're basically sold at a loss or very near-cost (eg. the $500 PS5 might have a per-unit COGS of $450) which, with R&D costs, isn't profitable on its own without backend revenue to recoup that loss, ie. from game sales or PSN/Xbox Live.


Sony recently confirmed that the $500 PS5 is no longer selling at a loss, thought the $400 PS5 Digital Edition still is.

I assume they are measuring it by component and manufacturing cost, and not counting amortized costs such as hardware and software R&D, digital infrastructure, marketing, etc., which are probably substantial.


I’ll take freedom over a benevolent dictatorship, thanks!


The problem is that this bill forces freedom, thus simply moving choice further down the chain.


Freedom always requires enforcement. How else does one protect it if not through some kind of force.


judging by alternate app stores on android, the vast majority of people will probably continue to stick with the apple app store, and only that. I'm not so sure whatsapp could get away with having people download the facebook store to download whatsapp. and I suppose apple can still impose restrictions on apps via other means besides the app store


> those apps will be a regression in terms of actual consumer experience

Current conditions protect and fortify established companies to behave as bad actors. It's impossible to compete as a new product when you're permanently separated from your customers by predatory platforms.


> Apple is the only thing stopping WhatsApp ... from demanding your location at all times.

Nope, I will just disallow it. Or I will feed it random GPS coords. After all I own the device I paid $1000 for, and can run whatever software I like on it, including custom GPS drivers.


"Apple is the only thing stopping WhatsApp (let’s face it, an essential app in 2021) from demanding your location at all times."

Or, you know, we could actually treat is a stalking, which is a crimmual offence.


I don’t personally know anyone who uses what’s app.

It’s either Facebook messenger or discord for everyone I know.


I dont know anyone that uses facebook messanger (is that different from facebook?) and I didnt know that there is smartphone client for discord. On the other hand all my contacts have whatsapp and some have signal.


It’s different from Facebook in that you can access it without having to see the Facebook news feed (either using the messenger app, or messenger.com). It’s the same as Facebook in that you need a Facebook account to login to it, and it’s just the messenger part of Facebook.

The discord app is pretty nice, just remember to mute any fast moving servers that you are part of to avoid getting spammed with notifications.


>your network of friends and colleagues makes you download

When you're a child typically you learn to use the word "No." If that's not enough then whatever crap they want you to install is probably non-free software (otherwise it would already be on sane app stores) so you can use that if you need an excuse.


My grandna lived on another continent, and there is only one way to contact her.

You child analogy is childish


I bet grandma has email and a phone


No, grandma does not have an email or even have a concept of an email. 'Grandma'shouls have been a clue that technology literacy of this user is roughly zero.

Also neither email nor phone enable me do a video call and inspect something she is struggling with.

Sometimes I hate this community of smartasses


Most social media services actually require an email address to set up in the first place. Also consider that it's not the 1980s. If Grandma is 65 then she was born in 1956. When she was 14 the first email was sent. Computers took off when grandma was 24 and became pervasively including being part of most people's working lives during the time frame when grandma was 34-44.

This grandma and people older than her represent only 15% of the population and at this point 99% of them have emails. In 10 years. In the next 10-15 years half of grandmas confederates will have passed on further shrinking the population of non email users towards virtual insignificance.


Not to mention usually also a mailing address.


This is mostly good, but it forces Apple/Google to hand over your email address (or other means of communication) to anyone you download an app from so they can spam you.

The bill says they don’t have to allow spam, but specially allows “legitimate business offers, such as pricing terms and product or service offerings”… which is spam unless one explicitly opts-in to it.

I don’t appreciate the double-talk. This part of the bill is user hostile and should be deleted.


> it forces Apple/Google to hand over your email address (or other means of communication) to anyone you download an app from so they can spam you

Which part of the text says this? I did see:

> (b) INTERFERENCE WITH LEGITIMATE BUSINESS COMMUNICATIONS.—A Covered Company shall not impose restrictions on communications of developers with the users of the App through an App or direct outreach to a user concerning legitimate business offers, such as pricing terms and product or service offerings.

But that part doesn't seem to be requiring app-stores to hand over emails, but rather merely prohibits app-stores from controlling communications.

Which would seem to be related to, e.g., ["Apple charged over 'anti-competitive' app policies"](https://www.bbc.com/news/technology-56941173), 2021-04-30:

> "At the core of this case is Spotify's demand they should be able to advertise alternative deals on their iOS app, a practice that no store in the world allows," it said in a statement.


> > "At the core of this case is Spotify's demand they should be able to advertise alternative deals on their iOS app, a practice that no store in the world allows," it said in a statement.

Which is a ridiculous assertion for Apple to make. Best Buy doesn't control what manufacturers ship in side their boxes. If I buy something from Logitech chances are something in there will mention I can go to logitech.com and buy direct at some point, and if they provide a 10% off coupon or note that some things are cheaper there, Bust Buy isn't going to really know about it much less have anything to say about it.

Best Buy might not be happy it there's a coupon for some other non-manufacturer marketplace, but there's not really an incentive for manufacturer to include something like that anyway.

And just to drive home how completely similar the types of things sold are, there are plenty of hardware (and software, at least in the past) offerings that Best Buy sells that have a subscription element that Best Buy gets no cut of.


No, it's pretty reasonable - Apple wants their cut (for developing iOS & the hardware), so advertising "hey we don't sell via the App Store, go to our website to purchase" is effectively driving sales via iOS without paying Apple for making that possible.


No, we're specifically talking about subscriptions here, and Spotify as the example to boot. People weren't browsing around the App Store and randomly coming across Spotify and after trying it out deciding to subscribe, people were instead getting inundated with information about Spotify in everyday life and being told by their friends and family and media they should use it and then looking for it in the App Store. Lack of Spotify in the App Store would have made iOS users less happy with their devices, that's how popular it is and was, and that Apple felt it could cash in on Spotify's success is exactly the problem.

I would say the majority of subscription services fall into the same category, to a lesser degree. People don't discover Hulu, or HBO, or Netflix, or Disney Plus through the App Store. They go there looking for them because subscription services live and die by marketing and word of mouth, as people want to know whether it's worth signing up first.


Emphasis on it being done via iOS, not on the "figuring out who drove this person to become a paying subscriber". Apple made the device and the operating system: their cut, both upon sale of the device AND via in-app purchases/subscriptions thereafter, is part of the profit model of that devices over the lifetime of the device (including devices introduced 6 years ago, which will arguably take more time optimizing for when developing the new OS version) and goes towards that development.


Funny how that 30% cut applying to subscriptions only rolled out years after the store was already present, and apps with subscriptions had already been for sale for years.

If you want to make a case that the cut is needed to run the Apple Pay network (which IIRC when introduced is when they started charging for all purchases through it) and make sure that runs correctly, then fine. But the whole point here is that companies want to opt out of that network, or to clearly communicate that Apple's extra features cost them and they are passing that cost on to the consumer if they choose to pay it (either pay through linked Apple payment account with a higher cost subscription, or pay direct to the company in a different manner).

What this is, very clearly, is Apple limiting information allowed to be displayed to customers at time of purchase if it's on an Apple device. Sine free markets only work as well as the information available to consumers, this is anti-free market, and anti-consumer.

The only reason to not provide information to consumers about their choices is when you are trying to make them make a choice they wouldn't make if they had all the information. Any argument about doing it for their own good falls flat in the face of the fact you could just give them more information about why it's better for them. If they still choose not to use it, the only respectful way to treat that is that those people weighed their choices and decided what was best for them. Anything else is extremely anti-consumer, and when it's multiple companies colluding together to do so, we have very well known laws against it.


That it's part of their profit model doesn't make it justified.


They are not optimizing for old devices. In fact the old devices get slower with each OS version, until Apple simply gives you the finger and there are no more updates. And you can't install another browser, so small websites with few developers (like Twitter) end up shutting you completely off.


A lot of the initial iOS "slowness" after updates is generally attributed to background indexing, and beyond that the phone likely becomes a victim of an aging battery which is fixable with a new one every 1-3 years - Androids are often stuck on old versions susceptible to malware.


>advertising "hey we don't sell via the App Store, go to our website to purchase" is effectively driving sales via iOS without paying Apple for making that possible.

Sounds good to me. I can get programs for PC operating systems (Windows, MacOS, Linux) without paying unnecessary middle men. Adobe doesn't have to give Microsoft a cut when I pay for Photoshop, and they don't have to give Best Buy a sympathy cut either because they run their own website.

Why should I be stuck with unnecessary middle men (app stores) for my phone?


> "hey we don't sell via the App Store, go to our website to purchase"

A product sold at walmart would absolutely be able to ship a message, inside the sold box, that says this.

So no. It is not reasonable to prevent this, when it is completely fine for such a thing to happen in a retail store.


> for developing iOS & the hardware

They already get money for that when you buy the phone.


But what if they didn't? If apple was losing $10 per iPhone, would you change your stance? what if they lost $200 per iPhone? the profit model for both iPhones and gaming consoles includes post-sale revenue since they know most people won't purchase it if the cost was all up-front (eg. the $500 PS5 would likely cost $900+ if Sony didn't get their cut of game sales and/or PSN sales).

https://news.ycombinator.com/item?id=28152327


> If apple was losing [...] per iPhone, would you change your stance?

No. They should change the phone price to match the cost instead of hiding additional charges in app fees.

> the profit model for both iPhones and gaming consoles includes post-sale revenue since they know most people won't purchase it if the cost was all up-front

Just because a profit model is convenient for a corporation is conveninet does not mean it should be accepted. If they want recurring revenue for a smaller up front price they can offer loans instead of being dishonest. But that would allow people to make an informed choice based on the true price they will be paying, and Apple / Sony don't want that.


Good catch. I definitely do not want this. I don't even understand why it would be necessary.

I really don't want to be forced to maintain separate e-mail accounts for app stores just to quarantine the inevitable flow of spam.


tbh, email address aliases are the only thing keeping my inbox sane these days.


I'm legitimately curious how you would mandate platform portability and also prevent communication from the third party in the form of a law?

The only way to do that is to mandate that the platform (Apple/Google) give the third party the ability to move the user, which it is doing here with the most universal identifier.


This is incorrect. I do think that section 3(b) is unnecessary and should probably be removed, but preventing app stores from interfering in communications between developers and users is obviously not the same thing as requiring app stores to give user contact information to developers.


That requirement isn't user hostile, and it's not even that bad.

You have to give your address to people that ship you things. You used to have to use your email address to sign up for websites. Nobody complained. People used throwaway emails if needed. It's not like they're reading your files.

Gatekeeping the means of contact is an asymmetry that allows Apple and Google to retain power. Remember, these companies were trying to shrink wrap all of us and sell/tax access. An artificial world impossible to operate in without them.

This act needs to go a step further and guarantee web downloads of apps independent of app stores as a first class construct. It also needs to allow runtimes and alternative web browsers specifically to combat Apple.

Furthermore, it should disallow devices from coming with a default app store or default browser. (Similar to the EU's browser choice screen for Microsoft Windows.)

Then we'll have a fair mobile world for the first time ever. Apple and Google will still make a metric ton of money. They'll also be able to start focusing more on future endeavors and innovations, which would be good for them and for us.


Is it even necessary? An app store could simply require that users make an account. That allows them to harvest your email at time of account creation, and provides users choice of which email address will be shared. And it's fully above-board.


Going to put in some positivity compared to the other comments here—

Good. The OS store should have to compete with other software stores. If their store is actually better for consumers, then they have no cause for concern.


Counterpoint: I wish to install say Facebook messenger, because my friends use it and I can't get them to change to something sensible.

With an appstore monopoly, Apple can say "you must respect the users privacy, not use these apis and only request location permission through us and if denied you must still have a functional app". If Facebook wants to be on the iPhone at all they will have to play ball.

With an alternative app, they can just require that I install their store and accept their terms.

I am between a rock and a hard place, and I would like to choose the Orchard in that case.


I’m pretty unhappy about Adobe’s “app store” on MacOS. I’m unhappier about debris from countless non-app store apps, all with difference license engines, update engines, sites that disappear or change, it’s a mess.

Devs, feel free to raise your price and charge me an extra 15% or whatever you need to make up what you think Apple is “stealing” from you. I’m not that price sensitive, just don’t make me think about all your homegrown BS hoops I jump through for your percentage points.

As a consumer I want one store, one purchase history, one subscription list, one update engine, total peace of mind. Percentage of consumers that genuinely want to track that stuff separately rounds to zero.

I also can’t help but notice that SetApp apps work on my Mac and on iOS without this bill. (I try apps “for free” from SetApp, then I buy them on App Store. Costs me a good deal more, but I’m making sure the dev knows the app store is fine with me thanks.) And SetApp, like Apple Arcade, or Xbox GamePass is even less to track, as you no longer worry per app, it’s the whole library for one price.

Speaking of which, I’m also wondering if someone is going to force me, as a consumer who chose a mobile appliance, to screw up my phone, are they planning to screw up my console too? Fair is fair:

“Senators Blumenthal, Blackburn, and Klobuchar recognize that independent 3rd party developers are being restricted in anti-competitive ways that impact what users pay for video games and other software,” said Ernesto Falcon, Senior Legislative Counsel at the Electronic Frontier Foundation. “The Open App Markets Act will put a stop to these practices, which will lower the costs for both developers and their customers by setting forth common sense competition policy for the industry.”

Or, you know, we can wait it out, let the market decide.


That doesn't sound like it should be possible. It's fairly trivial to put an application in a sandbox where it can't make certain system calls even if it wants to. If iOS doesn't or worse can't do that, that's a design flaw in the OS. Making them pinky swear to get listed in the official app store isn't real security. What the heck way other than through the OS can you ask for access to hardware? That's the entire point of an OS. Ability to prevent hardware access shouldn't depend on the distribution channel.


Then the way to fix this isn't a benevolent for-profit organisation deciding what is good and right but a data protection law that with teeth.

Apple right now can change their stance on any of their rules on a dime (e.g. leadership change).


Get those laws passed first and then open pandoras box.


Opening "pandora's box" will get the laws passed more quickly.

In reality though there is no "pandora's box" which is plainly evident on Windows, macOS, Linux and any other self respecting desktop OS.


Even with the monopoly Facebook behaved pathologically, often escaping Apple's sandbox through technical exploits and their analytics/auth "SDK" that almost all iOS apps include. They're social influence extends to Apple, not just your friend group.

Apple is also significantly more careless than I would like, there's no source code audit and no instrumentation beyond a network proxy. Just a 15 minute or so inspection of the app UI. If I wanted to run an authoritarian computer regime I would require full source submissions and clear explanations that looked even moderately obscure. Preferably your assigned app reviewer would be present during internal code reviews.


counter counter point:

Don't you think that is something apple should have thought of before doing what they did to cause the outcry that lead to this?

Apple wanted to be the gatekeeper blocking out harmful apps, fine by me.

Apple then wanting to use that gatekeeper status to steal money from app developers, block apps that compete with apple internal apps, and enforce moral choices on what kinds of apps you can install on your phone, evil by me.

They could have done the former without doing the latter, but they fucked it up, and have to pay the piper.


I think android is a pretty good case study of this not happening (so far). Most people wouldn't bother downloading other app stores, and making your app much more confusing to find for the default experience is a costly endeavour.


I am not sure. Google has restrictions on third party stores at this time: huge warnings, settings that require changing, and the store cannot do auto-updates. This will likely not be allowed under this bill.

I don’t think we can use Android as a case study.


Maybe messenging apps ought to be forced to accept messages from well behaved clients. Perhaps over a reasonable standard like email.


Ye olde Facebook Messenger used Jabber and you could connect to it using any Jabber client.


You are conflating side loading apps with security mechanisms provided by the OS.


> I would like to choose the Orchard in that case.

You can. What you won't get to do is force all your friends to agree with you.

I am not sure how you have somehow turned a situation, where you being unable to force your friends to use something else, is an infringement on you.


> Apple can say "you must respect the users privacy ..."

No, they can't. Apple no longer has the moral high ground to lecture others on respecting users privacy.


What? It was never about morality? It was as simple as Apple having a Business Case and following it through with it for the most part.


> Apple can say "you must respect the users privacy

Yeah, it would certainly be a shame if a user installed an app that scans their phone for illegal content to report to the authorities.


I don't want another software store or walled garden, I just want a way download my software and run it.

This is how I install software on my PC, if it's not in the distro's package repo:

    wget -o the-binary https://path.to.binary.com/bin.01.02
    mv ~/.local/bin/the-binary
    chmod +x !$
If I don't do that, I compile the source.


The app store is your Phone's distro's package repo. The big difference is all the dumb extra restrictions app stores put on their "packages", like taking a cut of their money, or not allowing apps to be published for various reasons.

Also, you can already download and run unsigned phone apps that way (on Android anyway). It's just that mostly nobody publishes their apps that way.


My aunt does that too.

No, wait, she sideloads malware from chain emails claiming the attachments are Sunday hymns PowerPoint players.

There are more like her than like you.


the bill also includes sideloading software explicitly no?


I'd support this if app developers were also required to release their apps on all the available stores and obey the policies of a particular store for users who obtain the app through that store.


Why is that? If an App Store is cruel to the app developers, either through terms or actions, why should developers be forced to support them?

This is particularly important for stores like Amazon which dictate things you're allowed to do with your app outside of the Amazon store. (i.e., you can't charge a lower fee outside of Amazon regardless of what Amazon is charging you.)


Because the App Store acts as the user's agent. I have no ability to force Facebook not to track me, but Apple can. In the GP's comment, think of the App Stores as a jurisdiction and set of rules that the app maker and user agree on. Maybe Facebook doesn't want to follow Apple's rules, but I don't want to use Facebook on Android's terms.


So... don't install Facebook unless it's from the Apple App store. Problem solved, right?


That's why the grandparent comment said "I'd support this if app developers were also required to release their apps on all the available stores".

Without that clause, your approach wouldn't work, because what incentive would Facebook even have to release it on the Apple App Store and follow Apple's tighter privacy/anti-tracking rules, when they can just release it on the Facebook App Store for iOS (or whatever else they decide to call it or, alternatively, another third-party app store)?

Sure, having third-party app stores helps smaller devs. But it also unchains all the anti-tracking and privacy shackles from the tech giants like FB who don't care which app store they are on (as long as they can set their own rules), because FB/Instagram/etc. users will follow to whatever app store their app is on (no matter how much or how little privacy protection that specific app store is willing to enforce on FB).


Facebook might not be the best example of course, but I shudder when thinking about apps I truly need… WhatsApp in Europe is 90% of friend communication. Banking apps and other 2fa apps are required to do any banking.


Why ought a developer be forced to accept all terms on offer?

If I released an app store that forced you to offer the app for the lowest price it's available elsewhere while charging the dev 1/2 of the profit and inspired users to use it by giving them a rebate equal to 30% of the cost I presume I could get some takers.

After all if it's 10 bucks on the apple store it's 7 on mine.

3rd party stores aren't a check on unreasonable terms if developers are legally forced to do business on the oems terms no matter how unreasonable.


User bought platform that requires app to comply with do not track me request from the user. It is property of each app.

Do not want to respect it but still be on the platform? Please gtfo…


> Do not want to respect it but still be on the platform? Please gtfo…

You don't have to install those apps, lol. You can feel free to tell Facebook to GTFO off of the phone that you own, by merely not installing it.

But why should one think, that they should control someone 'elses' phone? If someone else wants to install facebook, on that other app store, let them do it.


> You don't have to install those apps, lol. You can feel free to tell Facebook to GTFO off of the phone that you own, by merely not installing it.

You are correct, I can simply not install those apps that I believe violate privacy rules of the platform. However, in this case, I will not be able to sleep worry-free after handing my barely technologically literate parents an iPhone anymore, because they will immediately install all the random crap without any second thoughts about privacy. Switching my mother away from android to an iPhone (and subsequently, from Windows to macOS) has reduced my "home IT troubleshooting" workload to pretty much nil. I don't want to go back to how it was before. That's pretty much why I got my mom an iPhone, so that her device can be fairly secure without tons of guidance and troubleshooting on my end.

The wild west of "I am a responsible person, so I can decide what's good to install and what isn't, because I can evaluate this on my own" isn't the kind of a situation I want to put my parents in. I want them to not worry about it and be able to install whatever apps they can without any major worries about malware or privacy or breaking their device, and that's why I switched them to iOS.


If we are even the least bit creative, there are easy solutions to your problem.

Just provide users with a way of "locking down" their phone to only allow the app store that they choose, with some difficult undo process, if the user chooses that.

So that way, people who want parental/child controls on their phone can have them, and those who disagree, and want to remove those protections, can choose to do so.

As long as the locking down, is a choice that the user can make, and it is not forced on everyone, then we all can get what we want. Well, except Apple I guess.


Problem is that it is incompatible to "get what we want".

For people who bought into managed garden the minute it is dismantled you lose "all apps need to stick to do not track me request" you get mish-mash of everything.

This is cost to give others freedom to side load. There is no way to put genie into the bottle if it is out.

Only way I see it would be possible is that Apple could offer fully locked iPhones and multi-store iPhones. Then market could decide what works better.

Developers, especially on HN, cannot accept there is group of customers that just doesn't want to interact them directly.


> For people who bought into managed garden

There is nothing that prevents you from staying in the managed garden. Just use the Apple app store, and don't use other app stores.

> Developers, especially on HN, cannot accept there is group of customers that just doesn't want to interact them directly.

Then don't interact with them. Just use the Apple app store only. Problem solved.


There is nothing that prevents you from staying out and using all other platforms app stores. There are plenty.


> There is nothing that prevents you

Correct. When this bipartisan bill passes, everyone will be able to install whatever app store that they want on their iPhone, and Apple won't be able to do anything to stop it.

The future is going to be pretty awesome, when the law forces Apple to make it extremely easy for people to use other app stores.


Future is already there on PC: Steam, Epic, EA and zillion other stores - it sucks. In China there are hundreds of Android stores - it also sucks.


> Future is already there on PC

Ok, and when the bill passes it will be their for smartphones as well, and people will be able to install whatever app store on their android or iPhone.

> it sucks

Then don't install the app stores that you don't like, lol. Problem solved. Only use Apple's, if that is what you prefer.



> Freedom you advertise

You are free to not use other app stores, correct.

Don't use app stores that you don't like.


Not free enough to buy a phone with only one supported app store - this option is too good so needs to be illegal.

Meanwhile Librem 5 and Pinephone can provide freedom today but need cash, userbase and apps.


You can simply only install the Apple App store... There is nothing stopping you from having a phone that has exactly as many app stores as you want on it.

You can have your phone that only uses the apple app store.


That has nothing to do with the App Store, but rather the platform which the app runs on.


The App Store is an important part of the platform - what 3rd party dev can and can't do, and how I as a user interact with them. My experience as a user it better because of the rules Apple forces app developers to follow.


Yeah, but that’s just laziness on Apple’s part. They could easily move those restrictions to the OS itself, rather than the App Store. Then, it would be consistently applied, since it wouldn’t be done by human review.


because most pc steam competitors are 1 step removed from malware and yet I am virtually required to install them. Or take the moral high ground, but that sucks.


Why are you required to install them?


I agree with you up to a point, namely that developers should be prevented from making their apps exclusive to any specific app store, but they shouldn't have to spend any resources making their app acceptable to any other app store.

So if Epic Games want to create their own app store, they can, but Apple should be allowed to list their games on its own app store too (and pay Epic whatever the relevant price is for each download of a game, out of the amount that Apple bills the user for it).


Why should Epic be made to do business with Apple if you can't get a game via the app store of your choosing and it's that important play something else.


The point or the justification for this sort of legislation is that monopolies and bundling are bad for consumers, so enabling companies to force users to use their app stores in order to download their games doesn't seem like a very consistent approach.


There is no monopoly if there is competition between the stores. Users are not forced to download anything if there is competition. If this practice is as bad as you think, it will be driven out by competition (spoiler alert: it's not bad at all and will remain in vogue).


You could equally say that Apple don't have a monopoly on phones, which is true, but they do have monopoly-like control over the apps which iOS users can install, which this legislation is trying to remedy.

Similarly, if the Epic Store is the only place you can download Fortnite, and you really like Fortnite, but hate the advertising and data harvesting and battery use of the Epic Store, then you are being denied the ability to participate freely in the market for app stores.

Saying "just play a different game" is as unhelpful as saying "just buy a different phone", and doesn't address the underlying complaint that product tying is an anti-competitive practice that consumers should be protected against:

https://en.wikipedia.org/wiki/Tying_%28commerce%29


There is no precedent for choosing the distribution of your product in an open market as being "anti-competitive". Direct-to-consumer is in no way anti-competitive and is in fact the opposite. Simply put, if businesses opt to distribute their product via their own channels (or others) instead of yours that means your offering is not good enough, full stop. You will need to improve your product if you want to survive in the market. This is the definition of competition.

Let's be frank here: people here are afraid because they know Apple's App Store and its policies are in no way actually compelling in the open market and, if they are subjected to real competition, they will fail just like most other 1st party stores that are subjected to competition.

Instead of allowing Apple to be the governing body of what is acceptable software policy simply because they are a for-profit company that makes a lot of money, maybe you should focus this attention on actual legislation from your elected governing body that would give you such protections.

Sidenote: Fortnite doesn't have a monopoly on gamers and most gamers do not play Fornite. People need to stop using Fornite as if it is the new Standard Oil of gaming. There is no such thing in gaming and it makes for silly arguments.


> Saying "just play a different game" is as unhelpful as saying "just buy a different phone"

No. This is a false comparision.

The smartphone market is a duopoly that is worth trillions of dollars.

Battle royale videos games are not that.

If fortnite eventually is worth trillions of dollars, and literally almost every single person in the world has to use it, on the same level that they use freaking smart phones, `then` we can use anti-trust law, or pro-competition laws on this now vital service.

But until then, it is a false comparison.


Any particular game is merely a singular and temporary amusement no matter how temporarily pervasive the smartphone is the single most pervasive platform for communication, culture, work, and computation in the world. There can be no comparison.


There is no universe where you have a right to purchase a particular product via a particular market. For example if Fred Meyers doesn't carry every product that Walmart does you cannot say that the merchant infringed your rights by not offering it for sale in the market you would prefer.

Apple is using its position to insert itself between vendor and customer while the customer sits snug in their own home whereas your position would require positive action on the part of someone who has no particular obligation nor relationship to you. You have not hired them and they aren't obligated to work for you.


There is a universe where consumers have a right to purchase products without the market interference of exclusivity agreements, and that universe contains the EU:

> (151) In an exclusive distribution agreement the supplier agrees to sell his products only to one distributor for resale in a particular territory.

The rules are complicated and depend on the supplier's and buyer's market share, but you can read the details on page 46 of their "Guidelines on Vertical Restraints".[0]

I'm not suggesting that a company should be required to take a positive action to fulfil Apple's requirements, but if a company is producing a file which can be installed via an app store, they should not try using copyright or contract law to prevent other app stores from also selling/distributing their app.

(Admittedly there would have to be some amount of paperwork for allowing the various app stores to pay money into the app developer's account, but that could be done on Apple's side so that the developer continues to get a payment each month, with some stats on a dashboard somewhere showing which app stores the app was sold through).

[0] https://ec.europa.eu/competition/antitrust/legislation/guide...


Exclusivity is something the market maker buys from the vendor. Making such a transaction illegal does not in any fashion require the vendor to actually sell their goods on multiple markets it just requires them not to exchange money for exclusivity.

In particular I don't think it says anything at all about a situation where the vendor and market are not engaged in a relationship but rather are literally the same company. Nothing forbids a donut shop from actually baking AND selling the donuts.

I don't think a 3rd party Epic store is an example of tying either. It's not something you are being asked to purchase in order to realize the other purchase it is rather a means to actually receive the product you have purchased. You might as well say that <insert app> is tied to the purchase of an executable or disk.

Not only that but if Apple allowed sideloading they would arguably be able to trivially able to avoid even a misguided accusation of tying by providing a manually installable package file with the app store merely providing a free means to receive updates.


If I wanted a more-open-but-more-dogshit experience I could always switch to Android and Linux. I don't want that. And I definitely don't want that for my nontechnical family members.


Nobody cares what you want for other people. I think those other people ought to pick for themselves


Just to play devils advocate but isn’t this already possible? Who is forcing people to buy Apple phones? Doesn’t Android already allow other app stores?

Isnt it possible that Apples users like the fact that apps are curated on an App Store by Apple?


With only 2 players what exactly is keeping Google from closing up.

Depending on the decency of the human race is a sucker bet.


For me as a developer, I feel Apple's Mac App Store sucks. And it's probably the same for iOS.

Discoverability on Apple's Mac App Store is horrible. I released a game earlier this year on the Mac App Store and while it's not a great game (my first experience with LÖVE, so a pretty simple project), I got zero sales.

I recently finished a 2nd game and published it on both the Mac App Store and Steam this week. On Steam I sell some units every day. On the Mac App Store it's still zero. And I don't expect the sales on Mac App Store to be the same as on Steam (since I sell mostly to Windows users on Steam), but it would be nice to see at least a couple of Mac sales.

I am currently working on my 3rd game (which will be a bit more ambitious compared to my first 2 games) and I am considering publishing only on Steam, since publishing on the Mac App Store seems a waste of energy.

I don't know if this bill would help someone like me, but maybe ...


> Discoverability on Apple's Mac App Store is horrible. I released a game earlier this year on the Mac App Store and while it's not a great game (my first experience with LÖVE, so a pretty simple project), I got zero sales.

One of Apple's excuses for their fees is that they're doing all of the marketing of your app on their App Store for you!

I didn't know how anyone could say that with a straight face in the past, and I'm glad app developers are waking up to this.


I do most of my gaming on the same Mac Book Pro I work on and I buy pretty much everything on Steam anyway since I can eventually install them on the gaming PC I keep telling myself I’ll build.

Not saying it’s a waste of money or time to use the MacOS store but given the choice I’ll always choose Steam since my library is much more flexible and portable.


I don’t think so. You can put your app on your website with Stripe as well. Nothing stopping you there for macOS.


This bill isn't about MacOS so much as it is iOS/Android, and moreover their owners.


Are Mac App Store actually useful?

I don't recall using it (maybe once?), and I burnt through 3 macs over the past 5 years.

Things are either installed via brew or steam, or even git and make.

But then again my interface of choice is terminal and editor of choice is vim, so maybe a far outlier.

Back to your experience, go steam alone, the thought of even downloading regular software in the 'App Store' don't even cross my mind, let alone games.


I wonder what the impact will be on the operating systems themselves.

Currently, Android has the ability to run alternate app stores, but there's no way for an "app store" to silently install apps. Every update needs to go through a consent popup unless the phone has been rooted and some security-bypasses have been worked around. I run into this every week in F-Droid.

If this practice is allowed to continue, Apple and Google will just modify their operating systems to add as many popups and warning screens for every install as they legally can.

The only way to get useful app store support that allows competition is to introduce a way to mark an external application as an "app store" that has installation privileges. In my opinion, that part can have all the red tape and warnings, because installation permissions can be very dangerous.

In my opinion, this law is a good thing that should've been introduced years ago, but its implementation will probably take years, with politicians and tech giants flinging shit at each other every chance they get.


That's already changing in Android 12, independent of this legislation:

https://www.xda-developers.com/android-12-alternative-app-st...


Are user-initiated app installations on par with Google's revenue generating path for app installations via the Play Store?

Do users still have to adjust arcane settings to use another app store or install an app without one?

Does Google still show users scary warnings and make competitors' apps seem as if they're broken or malicious, and still say the user is protected by Play Protect despite that the Play Store itself distributes the majority of Android malware[1]?

Is Google going to drop the mandate that all apps on the Play Store must use Google's billing system that gives them a 15% to 30% cut[1]? And how will Google treat apps that don't use Google's billing system as their payment method, considering how Google makes user-installed apps seem malicious?

[1] https://www.zdnet.com/article/play-store-identified-as-main-...


Jeroen was wondering specifically about "updates needing to go through a consent popup". That exact thing is being changed, as per the article, and in exactly the way Jeroen suggested by adding a permission.

None of your questions seem to have to do with that, and you're just soapboxing on all kinds of totally unrelated perceived wrongs.


They're rhetorical questions that pertain to the topic in the OP and are related to the GP. The ability to install apps in the background is related to Google's antitrust issue, but there are other problems when it comes to Android app distribution.


In /r/androiddev I've read stories of developers getting lifetime bans (from Google Play) for 3 strikes. Maybe they are guilty but often they say they didn't know what its for and the decisions are made by bots. A common one is screenshots of a music player app showing copyrighted material: album covers. So alternate stores would be appreciated by small developers.


I actively do not want this as a consumer.

I don't care about competition, for payments or other shit. I want to deal with Apple's payment system because I don't want my payment details and other personal information scattered across whatever crap an app developer decides to use. I like being able to cancel subscriptions in a single place. I don't give a shit about your profit margins or being able to sell my personal info for more money.


From what I've read the bill would not prevent Apple from forcing developers to use their payment system. It would prevent Apple from mandating devs use it as their only option. So, any developer could put any other payment system in their apps, but that wouldn't block you from still using Apple's if you don't trust that developer.


Devs have enough UX dark patterns in their toolkits to funnel the vast majority of their non-technically savvy userbases into the their favored payment systems and away from Apple's. It is way easier to enforce a blanket ban than trying to play whack-a-mole with those.

Apple doesn't even do a great job enforcing its blanket ban either. Lots of shady developers will skirt the rules around subscription apps still being functional without subscription by having it function while under review and then flip something on the server side to lock it down once approved.


> Devs have enough UX dark patterns in their toolkits to funnel the vast majority of their non-technically savvy userbases into the their favored payment systems and away from Apple's. It is way easier to enforce a blanket ban than trying to play whack-a-mole with those.

If my interpretation of the bill is correct, then Apple could just say "You need to list Apple IAP in the same screen as the other payment methods, and you can't make it harder to find than the custom methods you implement." And knowing Apple, that's what they would do.


Every single big company will only allow their payment method. None that can afford to change will want to pay Apple's cut if they don't have to. If this passes, for any big successful app, using Apple payment will not be an option.

Small developers will likely still use Apple because it is easy. The cut is likely less than the hassle of using a different system.

After an update took away the required login setting for a purchase, Twice I have called Apple and received a refund when my kid spent hundreds of dollars in a couple hours. What is going to happen when that is a malicious game developer? They are not giving that money back. The cable monopolies show how monopolies will make it exceedingly hard to cancel a subscription.

As a mere consumer, that is no longer developing for a living, I do not want this option. I do not really care if companies have to pay Apple a cut. I want easy. I want to trust who has my credit card.


> Every single big company will only allow their payment method.

Did you read the comment you replied to?

Even if this passes, Apple will still be able to require that all apps offer Apple pay as an option for in-app payments.

They just won't be able to prevent developers from offering additional payment options, or from informing users about Apple's 30% cut, or from charging a different price to users who opt to pay using another method.


> Even if this passes, Apple will still be able to require that all apps offer Apple pay as an option for in-app payments.

Not possible if the developer only offers their app via their own competing app store, which won't be subject to forced Apple Pay nor Apple's in-app payment system integration.


Don't allow your kid to have a device which also saves your credit card to the device.


iOS Apps (at least the ones downloaded via Apple's App Store) have a pop-up for children to request their parents purchase an app or an in-app purchase. To add, this will probably not be possible if third-party developers start only offering their own payment methods.


Apple could provide a way to communicate with the parent of a given account if they wanted to.


As a business owner. The principle policy I despise in this is that Apple won't let me charge iOS users differently than other users.

If I could just mark up the iOS version to cover the additional fee, I would find it much less onerous. You like the walled garden? You are welcome to pay for it.

I also find Amazon's similar policy equally disturbing. I don't think players in such powerful positions should be able to dictate pricing in such a manner.


Sure you can, but you’re not allowed to mention that it’s cheaper if you buy it elsewhere.


Don't you think that is something apple should have thought of before doing what they did to cause the outcry that lead to this?

Apple wanted to be the gatekeeper blocking out harmful apps, fine by me.

Apple then wanting to use that gatekeeper status to steal money from app developers, block apps that compete with apple internal apps, and enforce moral choices on what kinds of apps you can install on your phone, evil by me.

They could have done the former without doing the latter, but they fucked it up, and have to pay the piper.


Generally, I agree with you. I don't care about what you don't care about. I like the way Apple implements things, I've mostly liked their privacy-protecting moves until this latest fiasco.

But I'm not sure this is bad. With Apple being the only app store, all the possible apps are in their App Store. If there were other stores, perhaps Apple could actually clean all the garbage out of their store. Give them the opportunity to hawk their wares on less reputable stores. This also can potentially lead to Apple touting the "luxury-brandness", or simply the exclusivity of their app store -- they seem to really like that.

I'd also love to see an app store that's entirely focused on open source apps, perhaps with no payment method required. I bet there'd be no end to the types of storefronts we would see. As long as you can continue to opt-in to what you want, this doesn't seem too bad.


Yeah, personally I feel that this bill is a bit too broad in some ways, too narrow in others.

Too broad because I'm fine with walled gardens so long as there's a way to opt out of them. If Apple wants to force apps distributed through their store to behave a certain way to ensure a consistent user experience, that's fine with me. If Apple wants to force _me_ as the device owner to remain within that walled garden though just because I bought their hardware I'm very much against that.

Too narrow because I think the principle that _users_ should control their own devices is sufficiently generalizable that it should apply to more than just "App Store[s] for which users in the United States exceed 50,000,000" on "general purpose computing device[s]".

Overall though, I think I'd much rather have this bill pass as written than not have it pass at all.


So don't use other app stores, which I suspect a majority of people won't do. I doubt app developers are going to leave the apple app store in large numbers for some other thing you have to search for and install first (meaning your app also by default won't show up on search at all)


if you don't trust the developer, don't buy it just like on web.

the more likely scenario is Paypal, Amazon etc. are going to provide SDKs and developer can use that for checkout instead of going through App Store.


Tell that to a parent of a kid who wants to play Fortnite on their iPhone. Make no mistake, this isn't a matter of consumer choice. Whether or not people trust Tencent/Epic, they will install their app store because they want to play their games.


So you can keep using Apple's app store. That was always allowed.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: