Yup. At the end of the day these logic-bomb-esque mechanisms are unpreventable and just a cat-and-mouse problem.
There should be a way to battle this outside technical measures, like a crowdsourced group of real distributed humans testing apps for anything malicious.
You can detect both the triggered behavior and "hey this looks like a logic bomb" with static analysis. Yes, you'll never trigger this with some dynamic analysis of the app. But "hey, some code that does things associated with malicious or otherwise bad behavior is guarded behind branches that check for specific responses from the app developer's server" is often enough to raise your eyebrows at something.
In this case suspicious code is anything that achieves a fairly narrow subset of possible outcomes so I doubt it would come up much.
It’s a common fallacy to assume infinite worlds result in every possible world but 1, 10, 100, … is an infinite series but is only covering ~0% of possibilities.
Yeah. It's really really hard to prevent actors from coming up with clever ways to circumvent the automatic checks. But that just means that apple needs to play the cat-and-mouse game. That's what they always say their cut is for, no?
One of the reasons that Apple does a bit of due diligence during the onboarding of a developer and establishing a developer agreement is to ensure they can reliably take legal action against developers that abuse the system.
The possibility of being banned from the Apple App Store ecosystem and/or legal reprisals is one way to deter unwanted behavior that can't be blocked through technical means.
I think AI is close to the point where synthetic users will be indistinguishable from real ones. To mitigate the techniques above and elsewhere in this thread, I think Apple will quickly move towards making the review process both highly automated and continuous.
It really means we need to lean into what ecosystem and government pressure we can apply to ensure the terms are sensible and fair because it will become nearly impossible to hack around them. (I do think many of these hacks are clever, I just don't think they will be enduring.)
I find your comment overly optimistic. Review processes are already highly automated and effective, but even as they advance there will always (short of AGI) be (1) effective tricks to mask behavior from analysis and (2) a need for a human in the loop to verify findings.
I do agree that we need to continue to apply pressure to tear down walls around the garden as a means of protecting code as speech, including the ability to distribute and run it on our devices without burden.
“Executable Code
Except as set forth in the next paragraph, an Application may not download or install executable code. Interpreted code may be downloaded to an Application but only so long as such code: (a) does not change the primary purpose of the Application by providing features or functionality that are inconsistent with the intended and advertised purpose of the Application as submitted to the App Store, (b) does not create a store or storefront for other code or applications, and (c) does not bypass signing, sandbox, or other security features of the OS.”
At least in live service games, nearly 100% of them pull down new interpreted code on a regular basis on mobile, which means they're all basically circumventing app store review. It seems like it's just an agreement between game developers and Google/Apple that in exchange for bypassing review, the billions of dollars worth of lootbox money will keep flowing.
I'm not sure if updating code is circumventing. Third party code (javascript or another emulator) was explicitly forbidden for a while and this approach, be it with react, or others.. Can Flutter do this with something other than a web view?
Review is for sizeable changes that are black and white across some lines, and also keeping malicious apps out. If it's not malicious, and updating for usage, maybe those are metrics that can be monitored and managed.
The point with this kind of update is it doesn’t go through the App Store review process at all. The developer just sends the new content / feature straight into the app which was approved based on its original version.
Apple is allowing third party browser engines in the EU.
Hopefully the option is available to all Apple users since they do take a proud stance on user privacy. Having a blackbox browser like Safari or Webkit does still leave it open for Apple to potentially be able to see things Chrome cant' :)
I wonder if all it takes is having a device registered in the EU?
This feels relatively open ended, for an app that will largely still be after the same result without going after it in a grossly different way.
One feature set I notice is how many apps have you pay outside of Apple's walled system for a subscription because the actual work of the app is done in the cloud, and not entirely on device. Separating the app into a basic local app with extra work in the cloud seems to have merits, but with the increased horsepower on devices, it is more and more appealing to see what can be done locally.
If an app has a high level and clear enough layout, the details that fill them out can fill in.
I've been a fan of things like SDUI (Software defined UI) for a while, to allow more dynamic interface generation based on user preferences, usage, etc.
The approach of creating software that is for a fixed business process is more and more becoming outdated. Replacing fixed mindset software with software where flexibility is required, whether during the different stages of pandemic lockdowns, or truly personalizing a user's experience.
I just used a time based trick when I needed to push through behavior that apple didn't like. 20 days after submitting the app one of the buttons changed it's behavior to allow a "File Open" dialog to go directly to the users root directory.
I did the same in one of my apps. It's a private app, you need a login code to use it; Apple wanted to test all the features, so I put some fake screens in the app, those screens didn't even make API calls.
I set a timer for two weeks, after those the app started having its real behavior, with API calls and everything.
Seems pretty unreliable. At least I know a recent Google Play Console reviewer was located at the Google office in Lisbon. I wouldn't be surprised if Apple used reviewers outside Cupertino.
Sidenote: the vast majority of scam apps seem to take people's money using recurring weekly subscriptions.
There are use cases for non-recurring week passes (eg. VPN app for a week during travel) but recurring weekly payments should require manual approval. Not all apps should be allowed to charge weekly recurring payments.
> In 2021, documents revealed that the App Store Review team has more than 500 human experts to review more than 100,000 apps every week.
Ignoring the weasel wording in the sentence, and assuming the reviewers dedicate 100% of their time to reviewing and a standard work week, that's ≈12 minutes per app.
And the gross revenue in 2021 for the Apple app store that same year was $85B. Alas, poor Apple just can't afford more reviewers to ensure every app has a meaningful review process and well paid workers who have a decent work environment. I assume they have a rushed quota of apps they must review per week.
There are telegram channels/groups with thousands of people interested in the latest app that will survive the app store review and use it until apple takes action and cycle goes on. There are also a market for signing certificates and apple developer machines spots so more tech savvy audience could sign and install the IPAs directly.
The US desperately needs some DMA-like legislation, one company shouldn't be able to hold 60%+ of US users hostage when it comes to installing the apps they want to use.
Similarly, two companies, Apple and Google, shouldn't be able to keep 15% to 30% of all revenue generated in the entire mobile app market.
I agree with your position statement. However I think your point of view is developer centric, not user centric.
Firstly the 60% have chosen iOS. They are not "hostage" they can leave. And this is not new behavior- it has existed since the iPhone shipped. Consumers are voting for this. [1].
Secondly Google doesn't control what you install, so by definition doesn't keep a potion of "all revenue". And most value from mobile apps comes from elsewhere [2], so even the Apple number isn't accurate.
As -developers- of course we want unfettered access to users devices to run any code we like. Unfortunately some proportion of developers want that access for reasons unhealthy to the consumer. So yes developers game the system. And your honest app gets rejected.
But it's worth understanding that users -want- this curated access, and are voting For it not Against it.
[1] you can argue about messenger, but that's about messenger not apps.
[2] most all apps I install are free. The company that makes them gets revenue from some other part of the system. We have a "free app" that integrates with our product (which people pay for).
Have we really made an informed choice or did I just go into a store to "buy a phone". I don't recall a booklet with each device what you can and can't do on it? e.g. iPhone "can't play Fortnite, Apple temporarily doesn't like Epic" would have been a good warning.
> They are not "hostage" they can leave
I think if you try changing ecosystems today, you will realise it's a very painful process. Apple and Google don't interoperate, don't follow standards (or just invent their own) and there are aspects of both ecosystems that are closed so no "move my stuff" app can ever be smooth and feature complete. Also, how do I convince my family and friends to switch so we don't downgrade to a green bubble situation.
It's been close to 20 years since iPhone shipped. None of these restrictions are new.
There are pros and cons to any consumer choice. I think users are well informed an making their choice explicitly.
Yes, both eco systems employ lock-in and network-effects to keep customers. And yes that is an issue (separate from the app store issue.)
It may interest you to know that outside the US (and some parts of Europe) Apple has a smaller network share and people avoid the green bubble effect by using alternate messengers (mostly WhatsApp).
There are -choices- which you may or may not like. In the US folk have largely -chosen- to use iPhones despite Fortnite.
What's new is that Apple/Google now effectively control our lives. Their presence is everywhere.
And so yes, in this case it really matters what happens in every ecosystem. These corporations are effectively dictating policy for how my life is supposed to work, although nobody elected them, there is no oversight. I live in Europe, so both Apple and Google are really an ocean away in terms of mindset and values.
Yup. I lost all respect for Apple's arguments that they should be allowed to gatekeep after they colluded with Google and Twitter in blocking the Parlor app right as it started to take off.
I have a possible workaround for the "how can I pay for things" part: don't use Goopple wallet, carry a card (and maybe some cash)?
Tap to pay is your phone emulating an iso14443 smart card, which is what a contactless bank card is. Carrying a card is of course another thing to carry, but on the plus side they don't need charging every 24h and they won't be old tech next year when the iPhoxel n+1 incrementally better edition is released.
So you bought an iPhone 20 years ago as your introduction to smart phones and whenever you visit the topic of switching you learn that your apps don't go with you, it won't work with your apple devices, and it's a pain in the ass so you abandon the idea altogether. Such choice!
The “everybody other than me is too stupid to make decisions for themselves” argument is not very compelling, especially when you have to curate the hypothetical model of stupidity to fit nicely with your stance on the topic.
I don't use an ad blocker, not because I'm not aware of them, but in order to support the creators of content I view via ad revenue, and to avoid installing a potential MITM vector directly into my browser.
If there's a site with a really bad ad experience, such as audio playing video ads with audio, constant pop-overs, or using an ad vendor that allows ads to redirect or run super-heavy scripts, I simply stop visiting.
Short term, sure, blocking ads would be in my interest. Longer term, having content producers I'm interested in be able to get paid, and thus be able to continue to produce content is in my best interest.
Installing software that puts me one malicious update away from surveillance and/or credential theft, however unlikely, is not something I want to do. Perhaps there are protections against such things in the browser, and perhaps there are workarounds against those protections. Keeping up with the latest security status of browser plugins isn't something I want to invest any time in doing, and not something the majority of people would be able to do.
Your typical user understands perfectly well that iPhones don’t support 3rd party distributed software. This has been a well publicised fact ever since the iPhone was first released. When it was first launched one of the most well publicised talking points about it was that it didn’t support flash. Trying to claim that this isn’t well known is borderline gaslighting.
This claim you’re making here though is far more insidious. Who are you to decide what software choices are best for other people? I doubt most people care about ad blocking at all. But you think a persons right to make their own software choices should be restricted just because you think this is important? Why should anybody have any regard for what you think?
I don't claim that people don't know of alternatives existing. I don't think the reason adblockers aren't more widely used is people not knowing about their existence.
I also don't believe your implicit claim of people prefering watching ads over using an adblocker. I believe the vast majority of people would prefer a browser (or other software) that blocks ads over one that doesn't.
So if people know about adblockers and prefer not watching ads, why don't they use adblockers?
Because most people do not want to invest even a few minutes in finding the best option for them. They simply choose the default configuration of the software they have always used (e.g. Windows) or that they were introduced to by ads (e.g. Chrome).
I do believe that most people are capable of making the best decision; I don't think most people are willing to make the best decision.
People who aren't heavily into the topic will usually go with the default option. And that option is usually the worst.
(This isn't limited to software. There are many non-software products where I will chose the "default" option, too. Simply because I don't care about figuring out what the best option is for me. I will simply use the default: If it works, it's good enough. But I recognize that by doing so I, too, am promoting markets that are not trying to compete on product quality, but simply their marketing/advertising and the attention they get.)
> I do believe that most people are capable of making the best decision; I don't think most people are willing to make the best decision.
The error you’re still making, and the source of the massive level of arrogance in this statement, is presuming you know what’s best for people.
Firstly, there’s plenty of things in my life that I have no interest in learning how to optimise, and this is the best decision for me, because I get what I want, and I don’t waste my time on something I don’t care about.
But even if I did suddenly take an interest in optimising one of these things, I’m sure as hell not going to do it based on your preferences, or the preferences of anybody other than myself.
Going through life assuming you know what’s best for everybody is not only incredibly arrogant, but it’s also incredibly dangerous. Because it naturally leads to you wanting to start making decisions for everybody else as well, and the idea that they might want something different to what you want doesn’t even seem like it’s conceivable to you.
> the source of the massive level of arrogance in this statement, is presuming you know what’s best for people.
So it's ignorant for them to say it, but correct and well-reasoned when Apple says they know whats best for people?
This is exactly why they're going to get legislated. You and Apple can maintain whatever weird interpersonal relationship you percieve while letting others sideload too. It's already happening in some parts of the world. Your ivory tower hasn't crashed-down yet; it's all just been fearmongering and whataboutism from people with $AAPL shares weighing down the perceptive part of their consciousness.
I agree that going through life trying to make decisions for people is a bad idea; that's why I reject the Play Store on Android and use F-Droid for better software. You should be allowed to do that on your iPhone; Apple is making your choice for you in an attempt to force you through their payment services. If that's not illegal bundling, then nothing is.
Apple never claims to know what’s best for people. I’d presume they do their best to anticipate what people want, turn that into a product, and then people are free to either buy it or not. What you’re suggesting in this comment is that people shouldn’t be free to make that choice.
Your comment about payment services illustrates this perfectly. For starters, you're not forced to use it at all. Out of all the paid services I use on my phone, exactly none of them require me to pay via the App Store. I do however choose to use it for every single one of them, because the Apple App Store is by far the most consumer friendly subscription manager I’ve ever seen.
Can’t wait for the corporate lobbyists to take that choice away from me…
> What you’re suggesting in this comment is that people shouldn’t be free to make that choice.
I am suggesting that people in other countries are already making that choice, and it hasn't even remotely impacted your or their freedom. In fact, users that live in countries covered by the DMA have more freedom to use their iPhone than ever before.
> When it was first launched one of the most well publicised talking points about it was that it didn’t support flash.
> Trying to claim that this isn’t well known
Well known by who? I know about it, you know about it. Look where we are and what we read.
If I ask my friends if they knew about this, the first thing most would say is "What's Flash?"
Many of them would say the App Store shipped with the iPhone on Day 1.
We are in a bubble, and it's not gaslighting to point that out.
> But you think a persons right to make their own software choices should be restricted just because you think this is important? Why should anybody have any regard for what you think?
This is always the argument peddled out, like "now you'll be forced to use these things". You like the Apple way, then keep doing that. I like the Apple way and will keep doing it. It's weird for you to describe being given additional options is having something 'forced' upon you, or that your choices are being 'restricted' by having additional options now. Now that is getting to some 1984-ish language games.
> Firstly the 60% have chosen iOS. They are not "hostage" they can leave.
Your are are hostage once Apple stops supporting your device, and it becomes officially impossible to install any software on it.
Consider the case of a perfectly functioning iPad 4. If I wipe it and hand it to my nephew, there's nothing he can do with it. Nothing in the AppStore will install on it, and sideloading is impossible. Aside from chucking a perfectly working device into the e-waste, which I hate to do if someone else might get a year out of it, the only other options are complex, dubious hacks.
You can't call something "perfectly working" and then complain that it doesn't work. You're talking about machine contemporary to netbooks, the Lumia 900, the Nexus 7, etc. None of that stuff is perfectly functional out of the box in 2024, either.
To be fair though, the ability to sideload on any of those devices has arguably expanded their usable lifetime beyond any depreciated iPhone. That's a feature that doesn't break when your TLS functionality gets depreciated, unlike iOS.
That's a nitpick. The hardware is perfectly working. And who even mentioned restricting this to "out of the box" functionality? The point is whether or not it's even possible to make it useful. I guarantee you I could install software on a Nexus 7, whereas I can't install anything on the iPad. Oh wait, except for VLC. But that's about it.
The trouble I have with Apple is that while it's possible to install software on an old device you can only do it if you're "grandfathered in" via a previous install years ago. Take Garage Band for instance. My nephew has a 2014 Macbook Pro, can't install Band Camp. But if I wipe a 2014 Macbook and sign into App Store using my account I can install it simply because I chose to install it on a Mac I owned back in 2015.
That does not make me jump for joy. Instead it tells me that I don't wanna touch another Apple product.
Yeah, we switched our phones to Apple after my wife's 9 month old Galaxy stopped being usable for her main purpose... Google Calendar. Visiting Google Calendar website, it refused to load and said to use the app. App refused to load saying it needed a newer OS. There was no newer OS available for her phone. She was SOL.
At the time only Google supported devices more than 1-2 years. Every Android partner had zero support. The message was clear. Switch to iPhone if we wanted >1-2 years of support, so we did, and we've been happy since (~15 years).
He could visit all the apps in the world from Facebook, Instagram, YouTube to Spotify on the web, right? Of course, he cannot use Friendster or Tumblr or Vine — all great iPad 4 era apps but can you really blame Apple for those apps _not_ existing anymore? — So I wouldn’t say “there’s nothing he could do with it”
Well if your argument is: “a perfectly good 10 year old iPad is held hostage by Apple because they don’t provide side loading” then isn’t that the same case with your perfectly good 10 year old Toyota? Or 10 year old Target Toaster oven or 10 year old Samsung fridge?
I think we will live in a strange world if we start demanding our refrigerators allow side loading YouTube.
To the contrary, if my refrigerator has a screen and speakers then I will be pretty upset if the OEM waggles their finger and blocks me from running YouTube on it.
Why does everyone on HN promote laying down and giving up when your manufacturer tells you not to do something that loses them money? It's like there isn't a living hacker left on this website.
> then isn’t that the same case with your perfectly good 10 year old Toyota?
A good 10 year old Toyota can have its head unit replaced and you can add new features if you so chose. When I was a kid it was a rite of passage to mod at least your speaker system.
> Or 10 year old Target Toaster oven or 10 year old Samsung fridge?
> I think we will live in a strange world if we start demanding our refrigerators allow side loading YouTube.
You set up a strawman argument. Who is demanding this of fridges and toasters?
Exactly. A computer is a general computing device that can be made to do thousands of things through software. When a computer hardware manufacturer wants to limit what software I can run on my computing device, it is not a good thing.
It's odd that people will defend Apple for this, or laugh when you say that you want to use a 10 year old device, when on the same forum people applaud when someone blogs about getting their old Commodore / Sinclair / Toshiba 8bit to connect to the Internet. Wait, is the iPad too old to be useful, but simultaneously not old enough to be worth repurposing?
The iPad 4 has wifi, bluetooth, a retina screen and several days of idle battery life. If I could install a terminal and a VNC client, I could save this thing from e-waste for another 5 years. The way some people talk on here, it'll like they think that there's something wrong with that.
>He could visit all the apps in the world from Facebook, Instagram, YouTube to Spotify on the web, right?
Do you really think that the web browser is going to load those pages? Try using a really old web browser on the web today and see how far you get.
> Well if your argument is: “a perfectly good 10 year old iPad is held hostage by Apple because they don’t provide side loading” then isn’t that the same case with your perfectly good 10 year old Toyota? Or 10 year old Target Toaster oven or 10 year old Samsung fridge?
Your fridge still keeps things cold. Your Toyota still drives. Your toaster still makes toast. What does a ten year old iPad do besides collect dust because all of the features you bought it for don't work anymore?
Indeed. The point of a computing device is that it runs software. With the right software a 10 year old iPad could absolutely browse the web, play music and videos and post crap on Facebook. It did it 10 years ago, so it could do it today if Apple allowed the software to be installed.
listen... it's this simple: I should have the ability to install software of my choosing on a hardware device I own. End of story. If a hardware manufacturer provides an App Store, then it should be an added extra, not a padlock.
You greatly overestimate the capacity of the average person to care about the nuances of their phone's OS, the amount of environmental harm their way of life brings, the corruption of the politicians they vote for, etc.
Obviously if you ask people, they'll say they don't want to not be able to install some apps on their phone, they don't want to destroy the environment, they want an honest government, etc. Yet when it comes time to act, they act contrary to all the above, because it's so hard to act otherwise.
This is like saying shopkeepers are happy with mafia protection because they keep paying for it.
One of my coworkers switched from iOS to Android. She immediately stopped getting invited to events by her friends, because all those invites went over iMessage. She switched back to iOS.
People say these things and I just have no idea how its possible. You can text android phones. Yes the bubble will be green. No, no one past middle school cares about the color of the bubble.
For one-to-one messages, SMS is mostly OK. Group chat via MMS is a bad experience. Group chat via internet-based chat like iMessage, Signal, WhatsApp, Telegram, etc... is a good experience.
Now the obvious solution is for the group to pick a cross-platform chat app and use that, but it's weirdly difficult to get a group of people to do that. Sometimes they would rather exclude someone from the group than switch apps, which might suggest that the excluded person needs better friends.
> No, no one past middle school cares about the color of the bubble.
This is just objectively not true. The nature of green vs blue messages feeds into the in-group out-group dynamics that humans (children and adults alike) are prone to.
If your “friends” stop communicating with you and stop inviting you to group events just because of the brand of mobile phone you use, then I have some bad news for you: they might not really be friends.
Or they need to de-register with iMessage (because of course, how could you not have known?!?).
Apple is the company that gates iMessage because if they don't, in Craig Federighi's words, they are "[removing an] obstacle to iPhone families giving their kids Android phones".
I also cringe at the corporate speak of "iPhone families". "We're an iPhone family". What?
That's as stupid as saying that anyone that doesn't have you added on Facebook doesn't care about you. Sometimes technology erects pointless barriers with the intent of making people FOMO. This is like Social Media 101 right here, people 10 years ago had this figured out.
Maybe some people don't know, or have forgotten that Apple was dead set against an App Store, or third party apps when the iPhone came out. It only relented after it was jailbroken so many times. Apple's view was it would be a closed phone of apps how they said so.
Perhaps some of that mindset moved to the respective App Stores. User's don't have as much choice as people think.
The new App Stores being regulated in the EU are interesting for that reason.
Still reading about phones like WebOS on Palm that was maybe a year too late, could be a different world if we had a phone running JS as front end and for apps like it did.
Getting a walled garden up as quickly as possible was critically important.
When most apps cost $1 in total, paying 30 cents for all that was probably good value. Now that many high-end apps cost more than $100/yr, paying >100x more for the same service is not good value.
I was using Kagi (the now-defunct store/payment API provider whose domain name later got bought by the search engine) at the time, and Kagi worked out at around that percentage for me* — though at the time, hosting and bandwidth was also a significant cost on top of that.
And this weekend, I'm starting to convert some of my old Mac (PPC era Java) shareware into web games so I can play them again. No ads, no cookies, hosted for free (for now) on github. I tried it out on my iPad, which didn't exist as a product when I wrote the original, and turns out this is fine.
* I can't be bothered to dig out the archive link for the pricing to figure out the exact percentage, there was both a fixed fee per transaction and a percentage fee that varied by payment method.
> Bad choice 1, or bad choice 2 is not really choice.
While true (and indeed so generalisable that one can say this of e.g. two-party politics), there are phones which ship with other app stores (Samsung's Galaxy Store).
Also: so far as I can tell the specific apps you need to get through life are themselves not monetised via the app store — e.g. banking apps, healthcare, and (as I read it) items bought within but not used within apps (such as groceries or travel passes) would not be subject to any commission from Apple.
My point was that since most ‘necessary for life’ apps (e.g. corona vaccine app, bank, travel etc) are only offered on one of two platforms, those platforms cannot really be considered a choice.
A duopoly is a choice. Not a lot of choice granted, but still a choice. There are also other platforms (like Samsung etc) but you won't like them for other reasons.
I don't think you understand the point. You're taking about poor decisions that those companies made several years after Apple and Google entered the market, but ignoring the years long head start that they had and squandered. Why weren't Symbian, BlackBerry OS PalmOS, or Windows Mobile good enough in 2007 to not get obliterated by two brand new platforms?
At some point we have to admit that one of the main reasons for the duopoly is that the rest of the competition wasn't that good.
You have the choice of starting a competing company. You can convince investors that there is in fact a market who are unsatisfied with the current options which can sustain your new company. Of course, if everyone is satisfied with the current options it will be difficult to get investment, but then there is no problem either.
The whole world will be against them. Nobody wants to develop apps for dozens of different competing platforms. In fact, for the longest time, I thought this was the reason Android/ open handet alliance exists but nobody talks about OHA anymore.
That's an important point. Microsoft wasn't lacking the resources to develop a phone OS and Windows Phone didn't fail because "it sucked".
Instead it's a demonstration of the power of two-sided markets. When Apple came out with the Apple ][, Silicon Valley had a competitive advantage in electronics because of networks across firms. Need parts? Need specialty talent? You got it.
Now the "competitive" edge of Silicon Valley is that it is the home of great monopolists such as Facebook, Apple and Google. That is, it crushed the competition and prevents it from emerging.
There's also the reality that (1) brands feel the need to express their brands through apps, (2) they are already annoyed enough that app development cost is at least doubled because you have to support iOS and Android, (3) many would express the belief that being forced to develop apps for a third (fourth, fifth, ...) mobile OS would be "extortion" or the equivalent. My understanding was that Windows Phone went EOL because carriers in the US were refusing to activate them because they too think it is bad enough to have to be able to deal with two OS.
If Android didn't exist, however, you'd probably being paying less than a 30% rake to the app store because the App Store would have been seen as a monopoly and the court would have done something about it. As it is the zombie OS Android doesn't really make money for Google or anybody else (Samsung is just proud it makes phones) and wastes money for app developers but it does make money for Apple. From that perspective a third mobile OS is like a fifth wheel.
There is such a thing as "pernicious competition" where fake competitors prevent the entrance of a real competitor, for years cable TV was a great example because you'd see several cable operators, several satellite operators, and later several IP based operators that all offered the same crummy channels with the same crummy UI at the same high price. Not only did the cable operators not serve the same customers but the structure of the industry caused them to "collude" to offer customers the same thing.
Android is like that. It adds $10-15 billion profit a year to the Apple App store just by keeping the court away.
> Can you book slots with TSMC for 3nm chips to put in another device?
I imagine if Google or Microsoft turned up to TSMC and offered to beat Apple's price with similar guarantees of volume and capacity utilisation, TSMC would be happy to have that conversation, yes.
> Firstly the 60% have chosen iOS. They are not "hostage" they can leave. And this is not new behavior- it has existed since the iPhone shipped. Consumers are voting for this. [1].
Are you assuming users would still feel this way if they were made thoroughly aware that Apple's intermediation increases the prices of app services by up to 43%?
You also can't leave a non-mobile operating system without pain. Mac to Windows: pain. Windows to Mac: pain. Windows to Linux: pain. Linux to Windows: pain. Linux to different Linux distribution: pain. Mac to Linux: pain. Linux to Mac: pain.
Some pairs might have lesser pain, such as Linux to different Linux distribution or Mac to/from Linux, if you mostly stick to more basic command line stuff, but the same is true for mobile device operating systems if you just stick to the basic mobile phone stuff which would be telephone, SMS messaging, camera, calendar, web browsing, and non-cloud syncing.
Good point but I think that it's another self-inflicted pain. Everyone can open this website no matter their operating system, architecture, etc. Why is that?
So... what if the developers are right, and their activism is warranted? It certainly seems like the courts are leaning towards the sides of the developers in the US and Europe.
> Firstly the 60% have chosen iOS. They are not "hostage" they can leave.
Competition laws are about fostering competitive markets. Customers and what they want is completely irrelevant past establishing that the market is not competitive.
Have you read the article? It’s about Uber bypassing review so that it can track users against Apple’s rules, and against their will. Or other apps doing it so they can spread pirated software.
Apple/Google's position also seems rather conflicted.
On one hand, they appoint themselves as bouncers for their respective stores - both claiming to keep end users safe.
On another hand, they both allows themselves flexibility in selectively applying the rules when the app in question is lucrative or somehow related to their numerous other product categories.
How does windows protect their users? This question makes it seem like every OS has control over all installed apps, when this wasn’t the case until iOS.
Also Android doesn’t have this problem. If you don’t want bad software don’t install it.
The only time I've seen malware on an Android device in person, it came from the Play store. I don't know if Apple is significantly better than Google at app review, but the methods described in the article would probably work for both.
The question is about who has the control and who has the responsibility.
There are users who want (or need) a curated, trustworthy experience. For them, an app store that heavily reviews all apps allowed on there and puts lots of restrictions on what they are allowed to do is ideal. There are also users who want to take the responsibility on themselves. They want the ability to host their own apps for free (or lower costs), faster update cycles, and just overall freedom. Those people don't want a highly curated app store (or rather, they want a co-existing alternative to the highly curated app store).
Perhaps the ideal situation would be that device comes with one default app store. That app store is highly curated and selective but it also allows other app stores on it. Those app stores can be reviewed in terms of their own quality but not on the quality of the apps they allow installing. The default app store can have huge warnings that these other store-like apps are not like the other apps and should be used carefully.
> There are also users who want to take the responsibility on themselves. They want the ability to host their own apps for free (or lower costs), faster update cycles, and just overall freedom. Those people don't want a highly curated app store (or rather, they want a co-existing alternative to the highly curated app store).
Why force Apple to make that App Store? This is what every argument like this boils down to. Apple are free to have their own opinion of what they want their product to be, and a tightly integrated experience is that opinion.
If users want something else, they can go elsewhere. If there is enough market demand for this, a company will exist and provide a product for it because that’s what companies do. But there isn’t, so they don’t.
No one is forcing apple to make that uncurated, open app store. They already exist. They want to force apple to allow that app store to be installed from their own app store.
> Apple are free to have their own opinion of what they want their product to be
While this would be fine in a free market with lots of competition, the market does not have that competition. Regulations are necessary so that the individual players in the market can't carve off their own separate realm. Apple is free to have a very tightly integrated experience with their devices and their app store and the very rigorously reviewed apps on that app store. It isn't like a non-default app store will destroy that. But that shouldn't mean that the users who are fine with a slightly less integrated experience for more freedom and control should be left without a choice.
> If there is enough market demand for this, a company will exist and provide a product for it because that’s what companies do.
There also needs to be space for such a company. No one (or mostly no one) will package their apps for a new OS so a standardised app format is required. No one will trust their phone number and identity and everything related to that to a new provider so a standardised way to switch the provider needs to be provided. Etc.
Make it so that I can switch out one part of the experience and the rest of it can't just refuse to work.
Reminds of similar separations in other industries:
- Newspapers: editorial and advertising (avoid that companies who pay for ads influence opinions)
- Banks: ‘origination’ and wealth management (avoid selling financial products created by bank to customers that trust the bank with managing their money)
Not sure if these dynamics are enforced by law, but pretty clear that there’s a need for the separation.
This is the same as companies wanting healthy, educated workers, law & order, reliable electricity, and good roads… but pay no taxes.
The Apple app market exists only because users trust it. They don’t trust you, and with good reason. You pay Apple a tax to gain the benefits of that trust.
Facebook seemed to be rather upset at being told they couldn't track users; by my (IANAL) reading, the rules Apple had that Facebook were objecting to were also the law in several places (CCPA and GDPR):
I used to use Android, run cyanogenmod, sideload apps, and I switched to an iPhone. I am not held hostage. I feel fine with the app store the way it is.
I’m not a fan of the control, but this is the free market at work. Nothing stops you or any other company from creating a competing phone with its own app ecosystem. It’s really not for the government to dictate to companies how their products can work. It’s up to consumers to choose the products they want to use.
It’s a free market because buying an iPhone is a choice. It happens to be an incredible product, so may not feel like a choice, but the experience was designed by one company and put into the market as an offering.
Apple has no control over your bank account and you have no control over Apple. You are both free to engage with each other or not.
Of course you could put apps on phones before app stores. Distribution etc. was harder, and most applications were much more limited (especially due to worse performance, network connection, and limited input methods), but a whole industry existed - there were even communities around "jailbreaking" and so on.
and you can still jailbreak now if you want to. But even with a jailbreak, I’m not sure there apps, as opposed to tweaks that you could put on the iPhone.
I can currently only jailbreak an iPhone due to mistakes made by Apple. It's conceivable that it won't be possible at some future point - though I'm not sure how this is relevant towards your earlier point?
> But even with a jailbreak, I’m not sure there apps, as opposed to tweaks that you could put on the iPhone.
There have been very limited workarounds on iPhones to enable sideloading, e.g. AltStore. These repositories are exactly the kind of apps you're looking for. But again, not sure how this is relevant towards your earlier point?
There are many more ways to do this. Most of iOS developers who ever published apps know that.
Hiding a functionality from Apple is a ticket to account and company ban and is not worth the hassle. Unless it was the intention of the whole enterprise.
It would seem plausible though that apps built with feature flags do not trigger these kinds of lines. Being able to roll out, or roll back features (even approved ones) for testing, bug fixing, etc, seems pretty essential, especially for larger apps.
It would be hard to wait for (up to?) weeks waiting for an app update to be approved.
We're looking at the wrong problem. The real problem is that developers have to pass (and bypass) reviews at all.
I would not mind Apple doing whatever the reviews they want with their own private AppStore if I, the user, could install whatever app I need on the device that I bought by downloading it directly from developer's website.
Apple maliciously tries to stand between developers and users, with the intent of extortion. Big Brother 2024.
How do these apps like collect cards reach the top of the app store to begin with? Is it because they are simply masquerading as piracy apps? And piracy apps are downloaded a lot?
I think you've got your use of 'masquerading' here backwards. These *are* piracy apps, and presumably people share them since they want their friends to have free content too.
Even if it was completely reliable at preventing malicious apps, I couldn't imagine being on a platform that required their permission to run a given piece of code. The fact that it's not reliable makes it even harder to understand why people accept it.
This. The amount of hoops I’ve had to jump through trying to follow the rules perfectly is really annoying when I look at my competitors blatantly breaking the rules. I’ve asked support direct questions (via phone support) and they say “no you can’t do that” (confirming what I thought the rules said) but they are uninterested in hearing about others breaking the rules.
Sometime we fail to do that too. Even legitimate apps have their quota of rejections (even for no good reason at all) before making it into the App Store. The review process is a dark and twisty place.
does anyone here have any insight into what they look for? i've published a few apps and they don't seem to care at all about code quality or security, but do care about whether i declare my security method and whether i allow users to delete their accounts. what do they check for?
> They’re built on React Native, a cross-platform framework based on JavaScript, and use Microsoft’s CodePush SDK which allows developers to update parts of the app without having to send a new build to the App Store
I don’t see a reason to name Microsoft’s solution specifically.
Firstly, there are other alternatives; also, Microsoft is shutting down parts of their offering; finally, JS apps are comparatively easy to update - even without a tool like this too.
More specifically some combination of an algorithm and outsourced first line support in India told you to fuck off.
It is incredibly hard to get through to a human with the powers to actually solve problems in these tech companies. I've been through it many times. Often the algorithm's say is final and you can't get through to anybody able to override it. It's even worse when the decision is made by machine learning because it's a black box, and they can't even explain why the decision was made.
It's commonly accepted among tech savvy Apple users, and developers that Radar (bug tracking) was essentially a black hole. You could see what you sent to it, but you couldn't see any information on your report.
100% unrelated: how sites trick users into ‘approving’ cookies.
That site has the most evil consent UI I’ve seen. Not only does it require you to click zillions of checkboxes to withdraw consent, while allowing you to give it with a single click, it also hides most of them behind a “more” button. It’s amazing how many companies claim to have legitimate interest in tracking things…
You can blame lax/non-existent GDPR enforcement for this.
This is against the GDPR (and no better than just not having a consent flow in the first place) but is allowed to continue since nobody cares about enforcing it.
Actually, the only reason the consent flow is there is because advertising providers require it (but only require the presence of one, ignoring the actual GDPR compliance of it).
I doubt that advertisers require a bogus consent flow implementation.
More likely their legal checkbox is that GDPR rights are properly protected, such as via a consent flow, if needed. That normally requires an assessment of the rights impacted, the data collected, and the required consents, and an implementation of the flow itself to cover that.
This assessment has to be done by the app or website displaying the advertising. And also by the advertiser. As you can probably guess, writing such an assessment is knowledge work and costs time. People quickly noticed that if they just skip this and put in a consent flow, bogus or not, no one will care... So money saved?
Probably the market was right, most companies will save money that way. Which is both unfortunate but also logical.
However, it's also a huge legal liability if your app or website operates in certain sensitive domains. Such as healthcare and politics, and possibly social media.
Because it may turn out the product didn't have the right to collect any data. And that sensitive data was collected (could be inferred). And that the advertiser should have known this, because of a bogus implementation consent flow.
Then the final question is: What's the damage? Why is this is a 'huge' liability?
Answer: At this stage you're looking at class actions in the US, or 'snipperschade' claims (mass 'little-damage' renumeration) in the EU.
Art. 82 of the GDPR provides for the possibility of compensation, including for immaterial damage. Successfully claiming damage under that article lacks a large corpus of case-law. It is 'in development'. Largely because the requirements of evidence are difficult to meet in most cases. Especially those not involving sensitive categories of data.
In the event of a mass art. 82 claim for sensitive data, one may expect both the advertiser as well as the product displaying advertising to be targeted. And lawyers would be incentivized to pursue this via a mass 'class' action. Which magnifies the claim to a portion of the affected EU population (500 million) and an amount of monetary compensation.
So let's say 2,500,000 * 30 euro's = 75,000,000. So a fairly small portion of people (0,5%) and a small amount of remuneration. Amounts to 75 million in damages. Lawyers take home a percentage of that.
In essence this is a lawsuit waiting to happen. But probably not to you, and not to this app.
I did a short stint for a startup in Korea whose top investor wanted us to get around Apple and Google's 30% cut. After explaining the ToS and how the exemptions didn't apply to us, she set up a meeting with developers from another company she invested in. Those devs, with great smiles on their faces, proceeded to show a remote config that toggled which payment flow a user went through, depending on whether the app version was currently pending review
And for those who don't view government regulations as sacred, the regulation in question was designed to limit how much poison everyone has to breathe, while Apple and Google payment rules are designed to make more profit for those companies.
There is a popular sports streaming app developed by burmese developer. The app looks like a normal sports news app with an instruction to tap the logo and type the number 3 three times in Burmese in the popup textbox. Upon entering the correct numbers, list of live streaming football matches appears.
Isnt the whole point of $99 and rigorous checks, and not to mention, all the marketing and legal claims, to say that Apple's App Store review process is foolproof and necessary for their platform?
Also, so funny how 9to5mac messages this. When Apple makes a misstep, it is developers "tricking" App Store, not Apple's incompetence. Lets call it what it is, Apple's review process is mostly security theater.
But then what isn’t? You can’t check everything/everybody. Pyrotechnics are forbidden at football stadiums, there are security at the entrance but they get them inside anyway. Goods of stores with security still get stolen. Smuggling still exists.
To use your analogy, the Apple stadium security will probably not let you in if you are visibly carrying pyrotechnics, but if you have a large backpack they aren't likely to look inside. In order to give the illusion that they have good security they also pick many people at random and refuse them entry and make up a reason on the spot.
Yeah and the top apps on the iPhone are basically half-legal casino games. At least on your example you have to search for it and disable all warnings.
Most corporate security is a security theatre. I saw an InfoSec consultant on LinkedIn argue that she does not need to be technical to be a security professional. Works in banking. I wouldn't be surprised if Apple had to outsource app reviews to an offshore partner, because of the sheer number of apps submitted. Quality falls at volume.
A lot of security is human and process based. Technical is important, but the best software in the world won't survive someone being social engineered.
The best software in the world is actually explicitly designed to survive being social engineered. Launching a nuclear ICBM requires more than 4 levels of remote authorization and combined secrets from 2 trusted sources that live offsite. Being "social engineered" in a situation like this means torturing a half-dozen military personnel for confidential keys you can't even validate.
1. Make an API call to your server with the build number of the app.
2. Have that API response control whether the "secret" features are available.
3. Only enable each build's secret features once it's passed review.
4. Profit?
No dynamic/interpreted code required.
And there are sufficient variations on this that I would guess it's reducible to the halting problem and thus undecidable.