Section 3 subsection d - INTEROPERABILITY
A Covered Company that controls the operating system or operating system configuration on which its App Store operates shall allow and provide the readily accessible means for users of that operating system to—
(1) choose third-party Apps or App Stores as defaults for categories appropriate to the App or App Store;
(2) install third-party Apps or App Stores through means other than its App Store; and
(3) hide or delete Apps or App Stores provided or preinstalled by the App Store owner or any of its business partners
Let's see how far this goes before it gets mangled all to hell.
Could this impact the infotainment on cars? Google Home devices? Smart TVs?
This could have major affects on user's ability to control their devices.
This hasn't been introduced yet, btw, so it doesn't have a real congress.gov entry - you'll have to settle for this https://www.blumenthal.senate.gov/imo/media/doc/8.11.21%20-%...
> APP STORE.—The term ‘‘App Store’’ means a publicly available website, software application, or other electronic service that distributes Apps from third-party developers to users of a computer, a mobile device, or any other general purpose computing device
General purpose computing device isn't even defined in this bill! Is the Xbox general purpose? Sure, most people use it to play games, but it has a full web browser with Microsoft Edge! the Switch and PS5 also have web browsers, just not with a URL bar. Do they qualify?
Courts and legal traditions will fill in the gaps (especially in a precedence heavy system like the US one).
It wouldn't surprise me if there isn't already a standard interpretation for "general computing device".
There really isn't, at least in the US Code. If there was and this law was referring to it, it would refer to it "as defined by U.S.C <number>".
This discussion from a year ago illustrates my point; this bill is PR fluff and the one they actually discuss putting into law will have to be more specific https://news.ycombinator.com/item?id=24191018
According to statista.com, "gaming apps accounted for 85 percent of gross app revenues in the Google Play store in 2019."
Do you think Alexa 'apps' count? If so making that work seems like it have to completely open 'Alexa' up (hooks into voice recognition, programming logic) as basically an extensible AWS type platform.
So if you install something say from Fdroid and want to have it up to date (say a Firefox rebuild), you have to periodically open the Fdroid app, check if there are any updates for the app and manually install them if there are some.
Also I don't think you can currently hide Google Play if its installed, again giving it an unfair advantage.
I think the intention is to prevent Apple saying "either you use our store exclusively, or you opt out of all our apps".
Google lets you install a browser from one store, a game from another, and everything else from the official Play Store.
Google could also easily implement category switching. The URL navigation structure of android could just append ?cat=gaming.
On Android I do use sideloading for niche applications and for FOSS applications available outside the Play Store (F-Droid).
If iOS allowed the same ability to sideload that Android does, that would be a huge step forward for "power"users, irrespective of whether the majority of the population stays with the Apple default.
Cheers. Shit, FB didn’t even have to develop their own phone. What a win.
I suspect that not all countries (even western) would love the idea that the US government had that type of control ;)
Personally, I don't really like the idea of depending on re-signing every 7 days to prevent apps from breaking. In practice it would be fine nearly 100% of the time, it's just not something I like from a point of view of principles. It feels like an immense contortion to make just to install a binary on a device I own :-(
Are there any good third-party Android stores? My (dated) experience is that it's only Amazon and hundreds of pirate sites.
(not affiliated just a big fan)
It's currently being rewritten to match Aurora Store v4's interface.
I doubt Google would interpret it that way, but that would be the fair way to do it. Make it so that the information is interoperable rather than just not actively disallowing it. Then it can stop being a monopoly.
I'm not a lawyer so I don't know, if this law passes before the conclusion of the lawsuit, is Cydia out of luck?
What does "appropriate" mean? From apples POV they will probably push that no "sensitive" default is ever appropriate for any App or AppStore and how is it handled? If I would be Apple acting like apple did in recent years I would require such apps to be white listed in a extremely cumbersome system which requires and Apple Dev account, allows later revocation by Apple and requires resigning every time you push a update which will always takes weeks and gets randomly denied because they supposedly detected malware or security flaws in you app. Making it "de-facto" impossible to set defaults to 3rd party apps.
Hide doesn't mean disable, it just means "make it not visible" and makes this paragraph in the end pointless.
>choose third-party Apps or App Stores as 13 defaults for categories appropriate to the App or 14 App Store;
Categories appreciate to the app means you can set a non default browser to handle urls and a image viewer to handle images herein appropriate means that the application can handle that type of content it is not an opening for apple to decide what kinds of apps are appropriate in the normal English language definition of the word.
I don't think merely deleting the icon for an app but opening it in response to a link would meet the intent of the law but it ought to just say disable.
Apple's about to turn some money faucets on
But you are right, the lobbyists involved here are playing for seriously high stakes. I guess someone finally found a way to make Apple spend all that cash on hand.
However, this does make it significantly more difficult for Apple to dictate terms to every random app that your network of friends and colleagues makes you download, and makes it more likely that those apps will be a regression in terms of actual consumer experience.
Regulation of access to your camera roll and contact list is a terrible idea, so I don’t see a solution.
Apple is the only thing stopping WhatsApp (let’s face it, an essential app in 2021) from demanding your location at all times. We don’t notice this on the web, because Mozilla and Google (!) enforce terms for us (and most desktops don’t have GPS receivers).
Take out the gatekeeper on mobile and we might find that the benevolent dictatorship wasn’t so bad after all.
Edit: want to add that replacing Apple’s consumer protection gatekeeper role with a government agency is a non starter. Apple (and to give them credit, Google) know that the data available to the gatekeeper role is toxic and dangerous. Government thinks it’s a big bowl of lollies.
We see this even in the PC space: people will refuse to buy games not on Steam and many of the stores that sprung up a few years ago (Origin and UPlay) have since conceded and narrowed in scope.
Some apps will bypass the Apple/Google store, advertise themselves, and supply their own infrastructure for distribution. When that happens, Apple and Google will no longer have control. Implicit in the argument that they should have control is the assumption that these two companies are the only two enforcement bodies that can be trusted. As should be evident by now, you do not control Apple or Google and have no recourse if they break your trust. These companies care, first and foremost about their profit margin. It is naïve to think that consumer choice reflects Apple's or Google's stewardship of the store. Not everyone buys a phone because they like the walled garden.
I used to think sideloading was/third-party stores were a problem because of what you describe, but I've come to believe that it's the most free-market solution available to curtail some of the excesses of these gatekeepers while minimizing design-by-government.
All it does is force "choice" onto users further down the stack - users that don't know what they might be giving up when they install a third-party app store when trying to install "Fortnite" or even "Fortnite VBucks Generator Free iOS".
And they will have a vastly reduced set of people willing to use their software as a result. Other than a few key things, that's probably more trouble than it's worth for a lot of people, and the requisite "Warning: This app store is handled by someone else to make absolutely sure you trust the company running it" will scare a bunch more off, if it's something new.
If, on the other hand, it's Steam, or Epic, or some other super well known steward of content that has a well known name and reputation, then maybe if users are also lured by lower prices, they might consider it.
You know, exactly the same way you might feel a lot more comfortable buying that watch or toy you really want if it's from your local target and not some random guy with a table on the street.
They will just (effectively) all move over and (effectively) none of them will read any warning text.
God only knows what companies like 100% Tencent owned Riot Games will have running on millions of Americans' phones once they get the elevated access an app store requires.
Of course, the app can refuse to function if you deny it...
I feel like "do you want to give this app your phone number?" falls under the former, though. Right there along with "do you want to give this app your location?", which is of course already something users have to allow.
> Remote control security risks
> XcodeGhost can be remotely controlled via commands sent by an attacker from a Command and control server through HTTP. This data is encrypted using the DES algorithm in ECB mode. Not only is this encryption mode known to be weak, the encryption keys can also be found using reverse engineering. An attacker could perform a man in the middle attack and transmit fake HTTP traffic to the device (to open a dialog box or open specific app for example).
> Read and write from clipboard
> XcodeGhost is also able, each time an infected app is launched, to store the data written in the iOS clipboard. The malware is also able to modify this data. This can be particularly dangerous if the user uses a password management app.
> Hijack opening specific URLs
> XcodeGhost is also able to open specific URLs when the infected app is launched. Since Apple iOS and OS X work with Inter-App Communication URL mechanism (e.g. 'whatsapp://', 'Facebook://', 'iTunes://'), the attacker can open any apps installed on the compromised phone or computer, in the case of an infected macOS application. Such mechanism could be harmful with password management apps or even on phishing websites.
> Stealing user device information
> When the infected app is launched, either by using an iPhone or the simulator inside Xcode, XcodeGhost will automatically collect device information.*
> Then the malware will encrypt those data and send it to a command and control server. The server differs from version to version of XcodeGhost; Palo Alto Networks was able to find three server URLs:
> http://init.crash-analytics.com, http://init.icloud-diagnostics.com, http://init.icloud-analysis.com
> The last domain was also used in the iOS malware KeyRaider.
And the 'remotely controlled via commands' section is meaningless - apps can't JIT so such C&C was simply turning flags on-and-off to go on different code paths.
Legislation like this forces Apple to actually maintain a good OS lest it be riddled with malware. They seem to be doing fine on macOS they can do the same for iOS.
(It's funny, because this just feels like an echo of the 90s, when Microsoft killed Netscape in no small part by bundling Internet Explorer as the default for new OS installs.)
So, I pay my money, and I get Apple to be my Big Brother who protects me from the bad actors. And if I decide that I no longer want Apple to play that role, then I can go buy an Andoproid device, or whatever.
But Apple can’t effectively play Big Brother in that role and protect me from all the other bad actors, if they are forced to allow alternative app stores and sideloading.
It’s like cryptography. Either it’s broken, or it’s not. Or Pregnancy. You are either pregnant or not. You can’t be a little bit pregnant, or have crypto that is only a little bit broken.
You can not use alternatives.
It's like pregnancy, if you wear protection, you can have safe sex. If you're scared protection isn't enough, you can not have sex and you won't get pregnant.
Ok wait that's a weird example that isn't supposed to be preachy but the point is you can always not use non-apple app stores and apple can still protect you.
If Zuck’s money is behind this, it’s a really good checkmate.
Where are the real journalists when you need them? We need a list of whoever is funding these lobbyists.
That's quite a Stockholm syndrome-y view. What protects users, first and foremost, are users themselves.
Take the imaginary scenario of "WhatsApp requiring constant location data".
On an open platform, other users will provide you tools to defeat these requirements, either by modifying the app code itself, adding code around it to provide it fake data, or simply not allow these APIs in the first place.
If WhatsApp is really clever about it and detects all attempts at thwarting the surveillance, then users will develop and distribute an alternative messaging service (see Signal gaining serious traction after a way milder anti-user update by WhatsApp a few months ago).
It's only in the context of a lack of competition that such bad behavior is tolerated by users.
"big" is not the deciding factor. Amazon and Microsoft are also big. They do not decide what's on your phone. Apple's and Google's stores are big by default because Apple and Google have control of the platform. It's not the other way around. It's also not binary. If the store is decoupled, they will have less control, but not no control. Influence is weighted by user-base.
> Sure, their interests may not always be aligned with mine, but we are much more likely to be aligned than mine with the bad actors
Their interests are more aligned because they sell you the platform. They have many more ways to do this that aren't dependent on a quality app store. A store that survives on just the store is even more aligned to maximizing loyalty and trust in that store.
> And if I decide that I no longer want Apple to play that role, then I can go buy an Andoproid device, or whatever
Maybe you can, but for most people in the world, a phone is a significant investment and not a choice you can easily switch when you've already spent significant money in the ecosystem.
> It’s like cryptography. Either it’s broken, or it’s not
It's not. Even now, there are practical limits to what Apple can demand of its developers. Less control means less power, not no power. A store filled with bad apps is not a store most people will willingly buy from, unless there is external pressure forcing them. I don't think there's really much of an argument there. What this discussion is really about is the Facebooks of the world that have tremendous influence and also do shady things. Already, we see that Facebook plays by different rules with different stores, with greater tracking on Google platforms. This wouldn't change if Apple's store were still big enough to matter, but if Apple's power were weakened there's a risk that Facebook (for example) might have enough power to not care. So, this is what it's really about: some people trust Apple more than Facebook and want Apple to have total power in that relationship by being bigger than Facebook. This necessarily piggybacks off of the power given by people who do not care about or trust Apple, gained by means that are not the quality of the store. These people will likely stay with Apple regardless of how much Apple abuses its trust, but yet the people that do trust Apple think their trust matters.
I agree with your point, but just want to point out that Microsoft does similar things on Windows with Defender that Apple does on macOS with Gatekeeper, and both can be described as the companies deciding what does or doesn't get to run on your computers.
Both companies require you to buy certificates and remain in good standing with them if you want your software to run on Windows or macOS without a problem. Microsoft and Apple can revoke certificates whenever they want for any reason they want, and after doing so, Defender and Gatekeeper will prevent apps signed with those certificates from running on either OS.
macOS treats unsigned apps as if they're radioactive, and hides the ability to run them from the user. The switch to the M1 platform brought a new requirement that all apps must be signed as unsigned binaries won't run on M1 Macs. Windows Defender will also treat unsigned apps as if they're radioactive, and prevents users from running them initially.
If you want your apps to actually run on modern macOS or Windows systems without users thinking they're either broken or malicious, you need to pay for certificates and remain in good standing with both companies. Apple goes one step further and requires all apps to be Notarized, which involves uploading the app to Apple's server so it can analyze and approve it to run on macOS.
One approach could be to namespace installed apps based on the store ecosystem which installed them. Assuming platform level permissions for access to user data are enforced by the platform and can't be worked around via the manifest file, this would ensure apps can't move around outside of their "store" sandbox and access the data of other apps.
More ideally, Apple would move away from signing a plist that gives an app special access, towards the user prompts like those for contacts access etc. And where possible, use portals to give granular access to selected resources like photos (or selected contacts).
Or extend the notarization system such that adding another store adds another notarization authority to check.
There's no technical reason Apple can't provide a close to seamless experience for other app stores, there have always been incentives to not do so though.
Even if this bill were to pass, I don't think we'd see smooth use of external app stores, but not because it's technically impossible, but because it takes effort and the incentives for Apple are still to not put any effort into it that isn't strictly required, beyond not leaving the perception of their security in shambles.
A redesign of this would certainly enable a seamless experience - just namespace apps by their store, and the official app store becomes one of many stores, sitting inside a namespace based on their public key hash.
I regretably concur - the non technical barriers would go up. I could envisage some convoluted process to add a store (that would make installing a provisioning profile seem like a walk in the park, even though actually a provisioning profile might be the best technical example this could be done!), followed by a whole list of restrictions imposed on apps from alternative stores - no Apple pay access clearly, probably no NFC hardware access (wouldn't want someone able to use that hardware they paid for!!), no keychain access (to protect you). Perhaps no photo reel access and no doubt no iCloud access, and no ability to bypass background task restrictions to build your own cross device data sync ecosystem.
Being able to plug in an alternative to iCloud would certainly also be nice (so you don't need their cloud storage to use data sync and other nice-to-have features some people use, like backups), but I just don't envisage it happening. Making that kind of on-device, app-facing API pluggable would be the right technical approach... But no doubt iCloud would remain the "only" storage provider, for non-technical reasons.
This assumes those App Stores themselves are either audited or verified by Apple to provide a level of verification to prevent such apps from just being submitted unsandboxed and/or the platform notarizing every app without question - which I can assure you is not what the policy makers nor the people behind the funding for this bill (collation for app fairness most likely, Epic second most likely) will accept.
No, it very specifically doesn't. It would be Apple allowing another authority to also shoulder this load, after the user has specifically said they want to also trust that authority.
I have no idea how you could come to the conclusion the Apple would need to verify everything in a discussion about a way in which Apple would not need to be the only entity verifying everything.
There are lots of soft-rules that Apple enforces around permissions that are still really beneficial. For example: the new "you have to be up-front about all usage of user data" would be nearly impossible to enforce at a technical level.
If all the apps that don't want to comply can just leave, you may find yourself relying on Apple services even more than you do now, because nobody else will respect their rules.
Or more likely what's gonna happen is the 95% of users who care more about having WhatsApp than privacy, will install the Facebook app store and get the apps from there.
This really is an all or nothing deal.
Once you jailbreak your device, or allow an alternative App Store, it’s game over for that device.
You can runtime check the binary calling the API, you can sandbox the binary so it can't access the API at all.
I'm sure apple has tons of plans to limit this.
There's antitrust potential around private APIs and entitlements, like the background video access given to zoom before it was available to other developers. Arguably the "green dot" status bar warning approach helps alert users to abuse of this API, and a permission prompt before first use would let users choose.
Sandboxing binaries more than at present would also improve the general security posture of the device - I'd want my app sandbox to be secure even if a rogue app gets onto the device, and such a security posture would arguably better secure iOS for all users.
I could see a need to namespace keychain and team IDs and similar with a secure identifier (like the public key of an alternative app store's signing CA key), to protect keychain and other information from spoofed apps, but again this kind of change would arguably better harden iOS for everyone. The less that platform security relies on trusting someone else to validate and sign a plist, the safer the more secure the platform will be for users even of the default store.
I might be wrong about this (not a dev, just play one on the internet) but Apple has the power to say that in order to submit an app to the App Store, user location/contacts/photos/whatever must not be required to be turned on for the app to work. ie. Apple enforces your ability to use WhatsApp without giving up microphone access.
Without that model, yes, permissions are still granular. But WhatsApp can tell you to turn all of them on, or you can’t use the app. To me, that’s not a meaningful difference to the “just don’t install it” crowd’s preferred suggestion.
They allowed you to spoof responses to a huge range of API calls that revealed sensitive data, by hooking function calls in the underlying OS, and returning arbitrary or random values, which could be a subset of the full valid set of values.
That approach works pretty well if you test it robustly and ensure your dummy responses are valid according to the API spec.
Something I always feared was that apps would try to detect this and refuse to run if you didn't have any contacts or photos, or had folders on your SD card that they could not access, but I'm not aware of this ever really having materialised, beyond banking apps and some online games using Google's device attestation, which didn't really play nice with the Xposed framework.
Well, the corollary to "Mussolini made the trains run on time" is that they weren't on time without him.
Also, like how that's actually a myth, perhaps Apple actually doing a good job running their App store isn't really all it's made up to be either.
Finally, even though the initial view of a lot of people is probably that it's unfair to pull a baby Godwin on this, I think there's a lot of parallels that deserve a deeper look and examination, where we piece together why we're okay with strict authoritarian practices in some cases and not others, and possibly whether there's a link as to whether we accept it in a case where we think it benefits us, without considering how it affects everyone overall and the long reaching effects.
They also don't permit GPL-licensed software on their store, since the extra restrictions they impose appear incompatible with the GPL license.
An alternative store ecosystem would no doubt emerge very quickly, which allows GPL software, or perhaps any kind of free/open source software (like F-Droid in the Android ecosystem). That would arguably be a good thing for independent developers and the open source community.
Don't you think that is something apple should have thought of before doing what they did to cause the outcry that lead to this?
Apple wanted to be the gatekeeper blocking out harmful apps, fine by me.
Apple then wanting to use that gatekeeper status to steal money from app developers, block apps that compete with apple internal apps, and enforce moral choices on what kinds of apps you can install on your phone, evil by me.
They could have done the former without doing the latter, but they fucked it up, and have to pay the piper.
I still tend to think the technical steering committees, operating out in the open, have done an unbelievably fantastic job of sticking to mission, of growing a user-centric pro-user web. They've abided by fantastically high standards, been unwaveringly unwilling to accept privacy or security compromises. Microsoft and Safari also exist here, and there are countless interested other small parties trying to enhance the web, to make it stronger, to make it more secure, and because this is happening in public, it is very very hard for even the product owners to take advantage.
The web is also Google's home: they exist because of the web, they existed for a decade having virtually no other presence than the web. The rest of public-facing computing remains locked up, truly & genuinely controlled by corporate titans. Their advantage is to grow a healthy competitor, one that is still diverse & ever more competitive, one that is ever more appealing to the user.
Look at the current fights. Current fights about specs are about a seemingly wild & wacky federalized learning algorithm (most hated by the ad industry above all & media outlets second), and then Apple and Mozilla who wage a campaign decrying how horribly bloody awful it is that there are Ambient Light and Web MIDI specifications, and boo hoo look how terrible & bad things are. There is enormous Fear Uncertainty & Doubt, extreme reactionary-ism happening against the web. But to me: the web appears very well protected; it's interests & citizens are extremely vigilant & vocal about what happens to their cherished public internet medium, and change is slow, well planned, & deliberate (ok so the recent cross-frame alert() getting dropped is an unfortunate but perhaps moderately understanding counterexample of that process & deliberation).
Sunshine really has been an incredible disinfectant.
which will give it a bad reputation as a store and that will drive people away.
Which will give it a bad reputation among the HN crowd and drive a tiny fraction of global user population away. The rest will happily grant the permissions requested if it gives them access to the latest Angry Birds game, or to Facebook app itself for example...
I mean, how many millions of users does Facebook still have that either have no idea about the impact of sharing their life with it, or don't care, because their social network interaction is essentially locked into the platform?
How many people have been successful at getting their friends & family to switch from FB Messenger or WhatsApp to something like Signal? Some, sure...
> How many people have been successful at getting their friends & family to switch from FB Messenger or WhatsApp to something like Signal? Some, sure.
Maybe it's an americanism, but i know almost no one that doesnt use SMS exclusively on android and SMS + iMessage on iphone. a few techies use signal, but i've never met anyone ask to use any other chat platform.
Doesn't seem to be working.
The price shouldn't matter. If Apple sold it for $1, losing hundreds of dollars in raw materials per purchase, would you still say that? In both price scenarios, Apple expects pay on the back-end in the form of the 30% cut they take from app purchases and in-app purchases. It's the same with consoles - they're basically sold at a loss or very near-cost (eg. the $500 PS5 might have a per-unit COGS of $450) which, with R&D costs, isn't profitable on its own without backend revenue to recoup that loss, ie. from game sales or PSN/Xbox Live.
I assume they are measuring it by component and manufacturing cost, and not counting amortized costs such as hardware and software R&D, digital infrastructure, marketing, etc., which are probably substantial.
Current conditions protect and fortify established companies to behave as bad actors. It's impossible to compete as a new product when you're permanently separated from your customers by predatory platforms.
Nope, I will just disallow it. Or I will feed it random GPS coords. After all I own the device I paid $1000 for, and can run whatever software I like on it, including custom GPS drivers.
Or, you know, we could actually treat is a stalking, which is a crimmual offence.
It’s either Facebook messenger or discord for everyone I know.
The discord app is pretty nice, just remember to mute any fast moving servers that you are part of to avoid getting spammed with notifications.
When you're a child typically you learn to use the word "No." If that's not enough then whatever crap they want you to install is probably non-free software (otherwise it would already be on sane app stores) so you can use that if you need an excuse.
You child analogy is childish
Also neither email nor phone enable me do a video call and inspect something she is struggling with.
Sometimes I hate this community of smartasses
This grandma and people older than her represent only 15% of the population and at this point 99% of them have emails. In 10 years. In the next 10-15 years half of grandmas confederates will have passed on further shrinking the population of non email users towards virtual insignificance.
The bill says they don’t have to allow spam, but specially allows “legitimate business offers, such as pricing terms and product or service offerings”… which is spam unless one explicitly opts-in to it.
I don’t appreciate the double-talk. This part of the bill is user hostile and should be deleted.
Which part of the text says this? I did see:
> (b) INTERFERENCE WITH LEGITIMATE BUSINESS COMMUNICATIONS.—A Covered Company shall not impose restrictions on communications of developers with the users of the App through an App or direct outreach to a user concerning legitimate business offers, such as pricing terms and product or service offerings.
But that part doesn't seem to be requiring app-stores to hand over emails, but rather merely prohibits app-stores from controlling communications.
Which would seem to be related to, e.g., ["Apple charged over 'anti-competitive' app policies"](https://www.bbc.com/news/technology-56941173), 2021-04-30:
> "At the core of this case is Spotify's demand they should be able to advertise alternative deals on their iOS app, a practice that no store in the world allows," it said in a statement.
Which is a ridiculous assertion for Apple to make. Best Buy doesn't control what manufacturers ship in side their boxes. If I buy something from Logitech chances are something in there will mention I can go to logitech.com and buy direct at some point, and if they provide a 10% off coupon or note that some things are cheaper there, Bust Buy isn't going to really know about it much less have anything to say about it.
Best Buy might not be happy it there's a coupon for some other non-manufacturer marketplace, but there's not really an incentive for manufacturer to include something like that anyway.
And just to drive home how completely similar the types of things sold are, there are plenty of hardware (and software, at least in the past) offerings that Best Buy sells that have a subscription element that Best Buy gets no cut of.
I would say the majority of subscription services fall into the same category, to a lesser degree. People don't discover Hulu, or HBO, or Netflix, or Disney Plus through the App Store. They go there looking for them because subscription services live and die by marketing and word of mouth, as people want to know whether it's worth signing up first.
If you want to make a case that the cut is needed to run the Apple Pay network (which IIRC when introduced is when they started charging for all purchases through it) and make sure that runs correctly, then fine. But the whole point here is that companies want to opt out of that network, or to clearly communicate that Apple's extra features cost them and they are passing that cost on to the consumer if they choose to pay it (either pay through linked Apple payment account with a higher cost subscription, or pay direct to the company in a different manner).
What this is, very clearly, is Apple limiting information allowed to be displayed to customers at time of purchase if it's on an Apple device. Sine free markets only work as well as the information available to consumers, this is anti-free market, and anti-consumer.
The only reason to not provide information to consumers about their choices is when you are trying to make them make a choice they wouldn't make if they had all the information. Any argument about doing it for their own good falls flat in the face of the fact you could just give them more information about why it's better for them. If they still choose not to use it, the only respectful way to treat that is that those people weighed their choices and decided what was best for them. Anything else is extremely anti-consumer, and when it's multiple companies colluding together to do so, we have very well known laws against it.
Sounds good to me. I can get programs for PC operating systems (Windows, MacOS, Linux) without paying unnecessary middle men. Adobe doesn't have to give Microsoft a cut when I pay for Photoshop, and they don't have to give Best Buy a sympathy cut either because they run their own website.
Why should I be stuck with unnecessary middle men (app stores) for my phone?
A product sold at walmart would absolutely be able to ship a message, inside the sold box, that says this.
So no. It is not reasonable to prevent this, when it is completely fine for such a thing to happen in a retail store.
They already get money for that when you buy the phone.
No. They should change the phone price to match the cost instead of hiding additional charges in app fees.
> the profit model for both iPhones and gaming consoles includes post-sale revenue since they know most people won't purchase it if the cost was all up-front
Just because a profit model is convenient for a corporation is conveninet does not mean it should be accepted. If they want recurring revenue for a smaller up front price they can offer loans instead of being dishonest. But that would allow people to make an informed choice based on the true price they will be paying, and Apple / Sony don't want that.
I really don't want to be forced to maintain separate e-mail accounts for app stores just to quarantine the inevitable flow of spam.
The only way to do that is to mandate that the platform (Apple/Google) give the third party the ability to move the user, which it is doing here with the most universal identifier.
You have to give your address to people that ship you things. You used to have to use your email address to sign up for websites. Nobody complained. People used throwaway emails if needed. It's not like they're reading your files.
Gatekeeping the means of contact is an asymmetry that allows Apple and Google to retain power. Remember, these companies were trying to shrink wrap all of us and sell/tax access. An artificial world impossible to operate in without them.
This act needs to go a step further and guarantee web downloads of apps independent of app stores as a first class construct. It also needs to allow runtimes and alternative web browsers specifically to combat Apple.
Furthermore, it should disallow devices from coming with a default app store or default browser. (Similar to the EU's browser choice screen for Microsoft Windows.)
Then we'll have a fair mobile world for the first time ever. Apple and Google will still make a metric ton of money. They'll also be able to start focusing more on future endeavors and innovations, which would be good for them and for us.
Good. The OS store should have to compete with other software stores. If their store is actually better for consumers, then they have no cause for concern.
With an appstore monopoly, Apple can say "you must respect the users privacy, not use these apis and only request location permission through us and if denied you must still have a functional app". If Facebook wants to be on the iPhone at all they will have to play ball.
With an alternative app, they can just require that I install their store and accept their terms.
I am between a rock and a hard place, and I would like to choose the Orchard in that case.
Devs, feel free to raise your price and charge me an extra 15% or whatever you need to make up what you think Apple is “stealing” from you. I’m not that price sensitive, just don’t make me think about all your homegrown BS hoops I jump through for your percentage points.
As a consumer I want one store, one purchase history, one subscription list, one update engine, total peace of mind. Percentage of consumers that genuinely want to track that stuff separately rounds to zero.
I also can’t help but notice that SetApp apps work on my Mac and on iOS without this bill. (I try apps “for free” from SetApp, then I buy them on App Store. Costs me a good deal more, but I’m making sure the dev knows the app store is fine with me thanks.) And SetApp, like Apple Arcade, or Xbox GamePass is even less to track, as you no longer worry per app, it’s the whole library for one price.
Speaking of which, I’m also wondering if someone is going to force me, as a consumer who chose a mobile appliance, to screw up my phone, are they planning to screw up my console too? Fair is fair:
“Senators Blumenthal, Blackburn, and Klobuchar recognize that independent 3rd party developers are being restricted in anti-competitive ways that impact what users pay for video games and other software,” said Ernesto Falcon, Senior Legislative Counsel at the Electronic Frontier Foundation. “The Open App Markets Act will put a stop to these practices, which will lower the costs for both developers and their customers by setting forth common sense competition policy for the industry.”
Or, you know, we can wait it out, let the market decide.
Apple right now can change their stance on any of their rules on a dime (e.g. leadership change).
In reality though there is no "pandora's box" which is plainly evident on Windows, macOS, Linux and any other self respecting desktop OS.
Apple is also significantly more careless than I would like, there's no source code audit and no instrumentation beyond a network proxy. Just a 15 minute or so inspection of the app UI. If I wanted to run an authoritarian computer regime I would require full source submissions and clear explanations that looked even moderately obscure. Preferably your assigned app reviewer would be present during internal code reviews.
I don’t think we can use Android as a case study.
You can. What you won't get to do is force all your friends to agree with you.
I am not sure how you have somehow turned a situation, where you being unable to force your friends to use something else, is an infringement on you.
No, they can't. Apple no longer has the moral high ground to lecture others on respecting users privacy.
Yeah, it would certainly be a shame if a user installed an app that scans their phone for illegal content to report to the authorities.
This is how I install software on my PC, if it's not in the distro's package repo:
wget -o the-binary https://path.to.binary.com/bin.01.02
chmod +x !$
Also, you can already download and run unsigned phone apps that way (on Android anyway). It's just that mostly nobody publishes their apps that way.
No, wait, she sideloads malware from chain emails claiming the attachments are Sunday hymns PowerPoint players.
There are more like her than like you.
This is particularly important for stores like Amazon which dictate things you're allowed to do with your app outside of the Amazon store. (i.e., you can't charge a lower fee outside of Amazon regardless of what Amazon is charging you.)
Without that clause, your approach wouldn't work, because what incentive would Facebook even have to release it on the Apple App Store and follow Apple's tighter privacy/anti-tracking rules, when they can just release it on the Facebook App Store for iOS (or whatever else they decide to call it or, alternatively, another third-party app store)?
Sure, having third-party app stores helps smaller devs. But it also unchains all the anti-tracking and privacy shackles from the tech giants like FB who don't care which app store they are on (as long as they can set their own rules), because FB/Instagram/etc. users will follow to whatever app store their app is on (no matter how much or how little privacy protection that specific app store is willing to enforce on FB).
If I released an app store that forced you to offer the app for the lowest price it's available elsewhere while charging the dev 1/2 of the profit and inspired users to use it by giving them a rebate equal to 30% of the cost I presume I could get some takers.
After all if it's 10 bucks on the apple store it's 7 on mine.
3rd party stores aren't a check on unreasonable terms if developers are legally forced to do business on the oems terms no matter how unreasonable.
Do not want to respect it but still be on the platform? Please gtfo…
You don't have to install those apps, lol. You can feel free to tell Facebook to GTFO off of the phone that you own, by merely not installing it.
But why should one think, that they should control someone 'elses' phone? If someone else wants to install facebook, on that other app store, let them do it.
You are correct, I can simply not install those apps that I believe violate privacy rules of the platform. However, in this case, I will not be able to sleep worry-free after handing my barely technologically literate parents an iPhone anymore, because they will immediately install all the random crap without any second thoughts about privacy. Switching my mother away from android to an iPhone (and subsequently, from Windows to macOS) has reduced my "home IT troubleshooting" workload to pretty much nil. I don't want to go back to how it was before. That's pretty much why I got my mom an iPhone, so that her device can be fairly secure without tons of guidance and troubleshooting on my end.
The wild west of "I am a responsible person, so I can decide what's good to install and what isn't, because I can evaluate this on my own" isn't the kind of a situation I want to put my parents in. I want them to not worry about it and be able to install whatever apps they can without any major worries about malware or privacy or breaking their device, and that's why I switched them to iOS.
Just provide users with a way of "locking down" their phone to only allow the app store that they choose, with some difficult undo process, if the user chooses that.
So that way, people who want parental/child controls on their phone can have them, and those who disagree, and want to remove those protections, can choose to do so.
As long as the locking down, is a choice that the user can make, and it is not forced on everyone, then we all can get what we want. Well, except Apple I guess.
For people who bought into managed garden the minute it is dismantled you lose "all apps need to stick to do not track me request" you get mish-mash of everything.
This is cost to give others freedom to side load. There is no way to put genie into the bottle if it is out.
Only way I see it would be possible is that Apple could offer fully locked iPhones and multi-store iPhones. Then market could decide what works better.
Developers, especially on HN, cannot accept there is group of customers that just doesn't want to interact them directly.
There is nothing that prevents you from staying in the managed garden. Just use the Apple app store, and don't use other app stores.
> Developers, especially on HN, cannot accept there is group of customers that just doesn't want to interact them directly.
Then don't interact with them. Just use the Apple app store only. Problem solved.
Correct. When this bipartisan bill passes, everyone will be able to install whatever app store that they want on their iPhone, and Apple won't be able to do anything to stop it.
The future is going to be pretty awesome, when the law forces Apple to make it extremely easy for people to use other app stores.
Ok, and when the bill passes it will be their for smartphones as well, and people will be able to install whatever app store on their android or iPhone.
> it sucks
Then don't install the app stores that you don't like, lol. Problem solved. Only use Apple's, if that is what you prefer.
You are free to not use other app stores, correct.
Don't use app stores that you don't like.
Meanwhile Librem 5 and Pinephone can provide freedom today but need cash, userbase and apps.
You can have your phone that only uses the apple app store.
So if Epic Games want to create their own app store, they can, but Apple should be allowed to list their games on its own app store too (and pay Epic whatever the relevant price is for each download of a game, out of the amount that Apple bills the user for it).
Similarly, if the Epic Store is the only place you can download Fortnite, and you really like Fortnite, but hate the advertising and data harvesting and battery use of the Epic Store, then you are being denied the ability to participate freely in the market for app stores.
Saying "just play a different game" is as unhelpful as saying "just buy a different phone", and doesn't address the underlying complaint that product tying is an anti-competitive practice that consumers should be protected against:
Let's be frank here: people here are afraid because they know Apple's App Store and its policies are in no way actually compelling in the open market and, if they are subjected to real competition, they will fail just like most other 1st party stores that are subjected to competition.
Instead of allowing Apple to be the governing body of what is acceptable software policy simply because they are a for-profit company that makes a lot of money, maybe you should focus this attention on actual legislation from your elected governing body that would give you such protections.
Sidenote: Fortnite doesn't have a monopoly on gamers and most gamers do not play Fornite. People need to stop using Fornite as if it is the new Standard Oil of gaming. There is no such thing in gaming and it makes for silly arguments.
No. This is a false comparision.
The smartphone market is a duopoly that is worth trillions of dollars.
Battle royale videos games are not that.
If fortnite eventually is worth trillions of dollars, and literally almost every single person in the world has to use it, on the same level that they use freaking smart phones, `then` we can use anti-trust law, or pro-competition laws on this now vital service.
But until then, it is a false comparison.
Apple is using its position to insert itself between vendor and customer while the customer sits snug in their own home whereas your position would require positive action on the part of someone who has no particular obligation nor relationship to you. You have not hired them and they aren't obligated to work for you.
> (151) In an exclusive distribution agreement the supplier agrees to sell his products only to one distributor for resale in a particular territory.
The rules are complicated and depend on the supplier's and buyer's market share, but you can read the details on page 46 of their "Guidelines on Vertical Restraints".
I'm not suggesting that a company should be required to take a positive action to fulfil Apple's requirements, but if a company is producing a file which can be installed via an app store, they should not try using copyright or contract law to prevent other app stores from also selling/distributing their app.
(Admittedly there would have to be some amount of paperwork for allowing the various app stores to pay money into the app developer's account, but that could be done on Apple's side so that the developer continues to get a payment each month, with some stats on a dashboard somewhere showing which app stores the app was sold through).
In particular I don't think it says anything at all about a situation where the vendor and market are not engaged in a relationship but rather are literally the same company. Nothing forbids a donut shop from actually baking AND selling the donuts.
I don't think a 3rd party Epic store is an example of tying either. It's not something you are being asked to purchase in order to realize the other purchase it is rather a means to actually receive the product you have purchased. You might as well say that <insert app> is tied to the purchase of an executable or disk.
Not only that but if Apple allowed sideloading they would arguably be able to trivially able to avoid even a misguided accusation of tying by providing a manually installable package file with the app store merely providing a free means to receive updates.
Isnt it possible that Apples users like the fact that apps are curated on an App Store by Apple?
Depending on the decency of the human race is a sucker bet.
Discoverability on Apple's Mac App Store is horrible. I released a game earlier this year on the Mac App Store and while it's not a great game (my first experience with LÖVE, so a pretty simple project), I got zero sales.
I recently finished a 2nd game and published it on both the Mac App Store and Steam this week. On Steam I sell some units every day. On the Mac App Store it's still zero. And I don't expect the sales on Mac App Store to be the same as on Steam (since I sell mostly to Windows users on Steam), but it would be nice to see at least a couple of Mac sales.
I am currently working on my 3rd game (which will be a bit more ambitious compared to my first 2 games) and I am considering publishing only on Steam, since publishing on the Mac App Store seems a waste of energy.
I don't know if this bill would help someone like me, but maybe ...
One of Apple's excuses for their fees is that they're doing all of the marketing of your app on their App Store for you!
I didn't know how anyone could say that with a straight face in the past, and I'm glad app developers are waking up to this.
Not saying it’s a waste of money or time to use the MacOS store but given the choice I’ll always choose Steam since my library is much more flexible and portable.
I don't recall using it (maybe once?), and I burnt through 3 macs over the past 5 years.
Things are either installed via brew or steam, or even git and make.
But then again my interface of choice is terminal and editor of choice is vim, so maybe a far outlier.
Back to your experience, go steam alone, the thought of even downloading regular software in the 'App Store' don't even cross my mind, let alone games.
Currently, Android has the ability to run alternate app stores, but there's no way for an "app store" to silently install apps. Every update needs to go through a consent popup unless the phone has been rooted and some security-bypasses have been worked around. I run into this every week in F-Droid.
If this practice is allowed to continue, Apple and Google will just modify their operating systems to add as many popups and warning screens for every install as they legally can.
The only way to get useful app store support that allows competition is to introduce a way to mark an external application as an "app store" that has installation privileges. In my opinion, that part can have all the red tape and warnings, because installation permissions can be very dangerous.
In my opinion, this law is a good thing that should've been introduced years ago, but its implementation will probably take years, with politicians and tech giants flinging shit at each other every chance they get.
Do users still have to adjust arcane settings to use another app store or install an app without one?
Does Google still show users scary warnings and make competitors' apps seem as if they're broken or malicious, and still say the user is protected by Play Protect despite that the Play Store itself distributes the majority of Android malware?
Is Google going to drop the mandate that all apps on the Play Store must use Google's billing system that gives them a 15% to 30% cut? And how will Google treat apps that don't use Google's billing system as their payment method, considering how Google makes user-installed apps seem malicious?
None of your questions seem to have to do with that, and you're just soapboxing on all kinds of totally unrelated perceived wrongs.
I don't care about competition, for payments or other shit. I want to deal with Apple's payment system because I don't want my payment details and other personal information scattered across whatever crap an app developer decides to use. I like being able to cancel subscriptions in a single place. I don't give a shit about your profit margins or being able to sell my personal info for more money.
Apple doesn't even do a great job enforcing its blanket ban either. Lots of shady developers will skirt the rules around subscription apps still being functional without subscription by having it function while under review and then flip something on the server side to lock it down once approved.
If my interpretation of the bill is correct, then Apple could just say "You need to list Apple IAP in the same screen as the other payment methods, and you can't make it harder to find than the custom methods you implement." And knowing Apple, that's what they would do.
Small developers will likely still use Apple because it is easy. The cut is likely less than the hassle of using a different system.
After an update took away the required login setting for a purchase, Twice I have called Apple and received a refund when my kid spent hundreds of dollars in a couple hours. What is going to happen when that is a malicious game developer? They are not giving that money back. The cable monopolies show how monopolies will make it exceedingly hard to cancel a subscription.
As a mere consumer, that is no longer developing for a living, I do not want this option. I do not really care if companies have to pay Apple a cut. I want easy. I want to trust who has my credit card.
Did you read the comment you replied to?
Even if this passes, Apple will still be able to require that all apps offer Apple pay as an option for in-app payments.
They just won't be able to prevent developers from offering additional payment options, or from informing users about Apple's 30% cut, or from charging a different price to users who opt to pay using another method.
Not possible if the developer only offers their app via their own competing app store, which won't be subject to forced Apple Pay nor Apple's in-app payment system integration.
If I could just mark up the iOS version to cover the additional fee, I would find it much less onerous. You like the walled garden? You are welcome to pay for it.
I also find Amazon's similar policy equally disturbing. I don't think players in such powerful positions should be able to dictate pricing in such a manner.
But I'm not sure this is bad. With Apple being the only app store, all the possible apps are in their App Store. If there were other stores, perhaps Apple could actually clean all the garbage out of their store. Give them the opportunity to hawk their wares on less reputable stores. This also can potentially lead to Apple touting the "luxury-brandness", or simply the exclusivity of their app store -- they seem to really like that.
I'd also love to see an app store that's entirely focused on open source apps, perhaps with no payment method required. I bet there'd be no end to the types of storefronts we would see. As long as you can continue to opt-in to what you want, this doesn't seem too bad.
Too broad because I'm fine with walled gardens so long as there's a way to opt out of them. If Apple wants to force apps distributed through their store to behave a certain way to ensure a consistent user experience, that's fine with me. If Apple wants to force _me_ as the device owner to remain within that walled garden though just because I bought their hardware I'm very much against that.
Too narrow because I think the principle that _users_ should control their own devices is sufficiently generalizable that it should apply to more than just "App Store[s] for which users in the United States exceed 50,000,000" on "general purpose computing device[s]".
Overall though, I think I'd much rather have this bill pass as written than not have it pass at all.
the more likely scenario is Paypal, Amazon etc. are going to provide SDKs and developer can use that for checkout instead of going through App Store.