[b_b]

It seems ironic to me that the HN crowd seems to support these circumvention of Apple's insular app distribution strategy, but on the other hand also supports Apple's clamp down on efforts to stop privacy violating apps.

For my part, I guess I would prefer that Apple at least open up iOS devices to both the app store and allowing users to install non-App Store apps, the Android model. This would probably satisfy both casual and more tech-savvy users. Unfortunately, I don't see Apple doing this any time as they are all about profits, and this strategy has been working very well so far.

[chipotle_coyote]

I admit that back when Apple created "Gatekeeper" for OS X, er, macOS, I had high hopes this was laying groundwork that would come to iOS later -- that we'd be able to flip a switch in Settings which allowed us to install signed apps from non-Apple storefronts. Yes, this would potentially reduce Apple's profits (and it's hard not to suspect you're correct in guessing that's why it hasn't happened), but it's hard not to think that most developers would still make their apps available in Apple's storefront the way most Android apps are available on the Google Play store. I still feel like this would solve more problems than it creates not just for users and developers, but for Apple, too.

[Youden]

I don't think there's really any irony here, these are just two different concerns:

- I want Apple to do the job we pay them for and ensure that their store doesn't distribute malware.

- If I buy a device I want to be able to run whatever I want on it.

[chii]

The question is whether these two goals conflict with each other.

Full freedom to run whatever you want also means being able to install malware.

[pentae]

Well as you said yourself, people should be able to side load whatever they want outside of the official store if they are so willing. The general consensus is that their authoritarian approach on the App Store is a positive for consumers and also for Apples brand. So I don't see any hypocrisy here.

[freeone3000]

You can't run unsigned apps on an iPhone. No, not even your own. You can't generate a certificate for an iPhone app longer than one week, and even then, the certificate you generate only lets you run code on an iPhone physically connected to the computer where the certificate was generated.

EVERY OTHER way to get a certificate, including for internal development and testing through testflight, requires the app to go through review. Every. Single. One.

It's not simply for putting the app on the app store, it's for running the app at all.

Enterprise certificates were supposed to be a way for a company to avoid shipping their internal tools to Apple, but they turn out to be a way to actually run useful code on an iPhone, even if it's not something Apple wants you to do.

[jocoda]

Not quite correct.

Only if you do not have a paid developer account will the app be uninstalled after 7 days. Otherwise the app can stay installed for as long as your account is paid up.

And the phone does not have to be physically connected for it to run.

This more than anything else Apple does, shows quite clearly that you do not own your iPhone, you are paying Apple to be allowed to use it. So you want to run your own program, with no interest in publishing to the App Store or sharing it with others? Sure thing, just pay us $100 a year...

[jddj]

Hmm, is this a recent change?

I mean, I know there have been recent changes in apple's attitude towards enterprise certs, but I've been able to sign internal ad-hoc apps with a developer cert which would last one year (i.e until the provisioning profile expires) with no review.

Granted, you need the unique identifier of the device and it limits you to a certain number per year (100 or 200?), but this still seems different to the situation you are describing.

Fairly sure I did this last year, even. Though admittedly we switched to android at some point, purely because it was too much headache.

[kalleboo]

> EVERY OTHER way to get a certificate, including for internal development and testing through testflight, requires the app to go through review. Every. Single. One.

Not true.

There is still Ad Hoc distribution, where you can sign the app to run on any device in your developer account (up to 100 iPhones + 100 iPads) and host it for download yourself. The build runs until your developer cert expires (1 year IIRC?)

I believe this is how TestFlight worked before Apple bought them

https://help.apple.com/xcode/mac/current/#/dev31de635e5

[gwright]

It seem completely reasonable to believe that there is value in a curated ecosystem and also believe that there should be a mechanism for informed opt-out of that curated eco-system.

[gdfasfklshg4]

It is completely consistent to follow rules whilst opposing them. There are many laws I would like to see repealed but I still follow them.