If a heavily sandboxed, walled-garden App Store is still vulnerable on its smaller attack surface, then the open-for-all alternative will be absolutely plagued.
Counterintuitively, the walled garden may make the problem worse.
The App Store is a single target. It makes "discovery" easier for malware. Imagine if these apps had to get users the "old fashioned" way, one-by-one, word-of-mouth, etc. It also requires less initial setup for malware developers, as opposed to having to develop their own software distribution infrastructure. Every claim about the App Store making things easier for developers also applies to malware.
Moreover, the App Store race to the bottom undermined the previous paid upfront software model in favor of everything being free, supported either by ads or by "cash cow" manipulative IAP.
> Moreover, the App Store race to the bottom undermined the previous paid upfront software model in favor of everything being free, supported either by ads or by "cash cow" manipulative IAP.
Microtransactions were a thing even before the App Store race - remember Farmville, MafiaWars and the other host of Zynga's Facebook games?
I didn't say microtransactions weren't a thing. But clearly the App Store vastly expanded these practices.
Pointing to Facebook just proves the point. Facebook is a walled garden, but does anyone think Facebook is a "healthy software ecosystem" for developers and users?
Ancient GSM services were the starting point for those, from daily horroscope subs to java applet games sales... Apple is still eating the "take that out of GSM menus and sms orders and put it on its own dedicated internet app" cake (with same rate of tax of those ancient provider app stores took from 3rd parties).
It isn't open for all? F-Droid, surely one of the most popular 3rd party app stores has vastly stronger requirements than the Play store: https://f-droid.org/en/docs/Inclusion_Policy/
The Play store is such an unimaginable cesspit of crap that I've now stopped using it entirely except for official company apps, and then it will still suggest me malware clones every time.
Like I wanted a battery display for my AirPods and the choice was stuffed with ads, battery draining IAP from the Play store or a simple, free OSS one from F-Droid:
Of course, go figure, this app had to itself be modified to prevent scam artists from loading it up with advertisements and malware and putting it onto Play, where license violations are widespread and go entirely undetected.
I wasn't aiming my 'open-for-all' comment at any particular alternative.
It was more if you've got one walled and protected store and that's compromised, a free open alternative would be more likely suffer the same issues on a larger scale.
Certainly agree with your assessment of the Play Store
No. Because if we didn’t depend on someone getting funded and paying apple yearly we could use community maintained software. Are there any open source SFTP clients for the iPhone? (For example) Using SSH and SFTP via anything other than ish really creeps me out honestly.
Linux doesn’t have an “App Store” instead you have to engage with the community and publish your app source code if you want it easily installed by most users. I guess that’s still not quite a “free for all” (although there’s nothing stopping users from installing whatever they want) but it’s certainly not as strict as what apple does.
If a heavily sandboxed, walled-garden App Store is still vulnerable on its smaller attack surface, then the open-for-all alternative will be absolutely plagued.
What is the point you're trying to make?