[oblio]

Walled gardens are just security theater. The App Store revenue was $72bn in 2020, yet the review time for an app is a few hours. App reviewers barely have any qualifications, they're just "call center operators" running off a script.

[spoonjim]

I've watched the App Store reviewers try out apps (not in person, from logging) and they do seem to do a pretty thorough job of exercising the functionality.

[mupuff1234]

That makes me wonder how easy it is to just hide certain features during the review process.

[collaborative]

It's extremely easy, but it also is extremely easy to get permanently banned if they find out you "switched on" a hidden feature once the app got into production. A permanent ban can be very damaging, so one needs to make sure to be completely legit when it comes to app store submission reviews and app store ratings

[amacneil]

Can confirm. We got the Coinbase iOS app banned for doing this back in the day, when Apple did not allow bitcoin apps (IIRC showing the price was ok, transacting was not). Even after they relaxed their bitcoin restrictions (and calls to the head of app store), they still made us wait out the 12 month ban before reinstating the app.

https://www.coindesk.com/coinbase-bitcoin-app-apple-app-stor...

https://venturebeat.com/2014/12/14/bitcoin-wallet-coinbase-n...

[jimnotgym]

> Apple did not allow bitcoin apps

This is what is wrong with walled gardens, laws should be made by lawmakers, not Apple.

[buran77]

Who said anything about laws? Apple's rules are no different from HN's rules. And for that matter, your house rules. They're arbitrary decisions to the liking of the respective party. They just have to not be against the law themselves. If they are problematic the solution isn't to generically "ban rules" (saying it out loud already hints at the "value" of this proposition) but to change the law to prohibit certain rules.

[asddubs]

I wonder how they confirm this happened. Do they store a video of the review and cross reference on suspicion?

[kelnos]

Given that Apple has no oversight at all here, they can do whatever they want. If an app makes it through review, but has forbidden functionality, Apple will just assume that the developer hid that functionality for the review process, and ban them. Doesn't matter if the approval was due to a mistake on the reviewer's part. Apple won't care.

[tyingq]

I wonder how this works with webviews. Do they expect you to resubmit the same binary if a page displayed in a webview changes?

[Hamuko]

Isn't that how Fortnite did Project Liberty?

[bugfix]

It is actually pretty easy. As long as you don't use any private APIs, you can completely change the behavior of your app after the review by changing server side settings.

[zepto]

Yes, but if they catch you, you’ll get kicked out of the store altogether.

[jokethrowaway]

Why? We do it all the times, we ship most of our app behind feature switches and enable them in the future for subsets of users

[zepto]

It depends whether the disabled features break the rules of the App Store, or are fraudulent. Presumably you aren’t doing that.

[_jal]

It is partly an intent issue. If you are attempting to pull one over on Apple by hiding app behavior during review, well, they are not going to be happy about that.

Other folks are also noting that, because humans are sometimes bad at evaluating each others' intent, it is probably a good idea to attempt to make one's intent clear if going this route, lest you annoy the gatekeeper.

[bassdropvroom]

Right, but you don't know that they're not rejecting it because of your features being disabled. You only now that they didn't reject it.

[bassdropvroom]

VW should hire this person!

[oblio]

https://github.com/auchenberg/volkswagen

[danuker]

How do you know those were not automated systems?

[spoonjim]

Could have been, but then we got rejected for something which would have been hard to detect automatically.

[threeseed]

a) Apple has invested heavily in automated review methods over the years.

b) I don't know what qualifications you think an app reviewer needs. They are not looking through the code but simply playing with the app on a range of devices.

c) It is only a few hours for updates. Initial app submissions often take days/weeks and are very thorough.

[simion314]

> a) Apple has invested heavily in automated review methods over the years.

There was a news here where malware was found on the Apple iOS store, and Apple changed their mind in the last moment and refused to inform the victims.

The reality show you (if you want to see) that

- malware happens (you can't make automatic analysis code to detect all possible issues )

- Apple users will mostly have a wrong image of the Store security due to Apple not informing victims when bad things happen and a big PR budget to paint a fiction.

The reviewers are there mostly to make sure you do not put a link to your website and buypass the Apple payments and make sure that the app does not crash and use the approved UX. I really hope you are not that navie to think they are opening the app in a debugger and checking for weird code.

[wwtrv]

You need register with a real name and credit card and pay 100$ to be able to publish anything on the app store. Irregardless of how effective the review process is even if you manage to sneak any app with malware past it Apple will still be able to remotely remove it from every user’s device and ban your account. This alone make the Appstore inherently safer than any system which would allow side loading.

As for code, they run relatively extensive automatic tests to detect whether private (banned/undocumented) APIs are used, I don’t know how effective they are at catching malware, though.

[simion314]

>You need register with a real name and credit card and pay 100$ to be able to publish anything on the app store.

This was done on Windows too, you were not forced but any business would sign their application, otherwise they user would get a scary warning that the developer is not know.

>As for code, they run relatively extensive automatic tests to detect whether private (banned/undocumented) APIs are used, I don’t know how effective they are at catching malware, though.

The sandbox should solve this, unless the Store bans APIs only for some or worse there are hidden APIs that should not be used and the sandbox is to dumb to notice you are using them , then this would be security by obscurity.

This topic is different then most of the other topics about side loading apps, in this case the giant refused to allow an application on the store, or allow access to an API without a good enough reason. This reveals again that rules are not fair and is very hard to get justice for the users.

I would suggest a law to force the giants to give always an exact reason of why an action aganst someone happened, I have personal experience where an account of mine was banned and I have no way to appeal and I have no idea what was wrong. The giants are shitting on us all, as long as the numbers of the victims are low enough some flashy ads would solve their PR problems. We need something to make it fair for the users, make it easy to get our justice.

[g_p]

In the EU there is a (little known) law that does as you suggest -

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32...

This regulation specifically looks at platform-to-business relationships, and requires actual disclosure of reasons, notice periods, etc.

What we need to see are cases using this law (as it's pretty clear from article 4 what business' rights are), so it becomes too costly to trample over businesses in an unaccountable way. Once the cost of human intervention and support is lower than that of their legal bills and penalties, human support and intervention will return. Platforms are getting away without humans in the loop as a result of the lack of cost impact to them of a mistake. Once it hits their bottom line and gets their counsel in a pickle, it will start to change rapidly to preserve their bank balance.

[simion314]

I am from EU, I will try and google more, my issue is with PlayStation and I could not find with my searches any way to appeal or get clarifications on what happened. I am not sure if sending an email on a generic contact email address with a link to the law will work.

[citizenkeen]

Regardless

[swiley]

Your definition of "thorough" and mine are very different. I highly doubt they could do a meaningful review without the complete source code for the app. It's not unusual that apps change their behavior after the review and this sometimes comes from binary dylibs that the developer didn't write.

The whole thing is a scam.

[zepto]

> It's not unusual that apps change their behavior after the review

Which leads to the account being banned.

> and this sometimes comes from binary dylibs that the developer didn't write.

Which are detected through analysis if they are common spyware.

>The whole thing is a scam.

Clearly not.

[swiley]

>> It's not unusual that apps change their behavior after the review

>Which leads to the account being banned.

Only if it gets noticed.

>> and this sometimes comes from binary dylibs that the developer didn't write.

>Which are detected through analysis if they are common spyware.

Facebook got away with it for many years.

>>The whole thing is a scam.

>Clearly not.

If it weren't then they would let people choose to use the App Store. It only exists to protect Apple's services from competition.

[zepto]

> Only if it gets noticed.

True, but they are getting better at noticing.

>> and this sometimes comes from binary dylibs that the developer didn't write. >Which are detected through analysis if they are common spyware.

> Facebook got away with it for many years.

You know about that because they were stopped. And since then Apple has tightened the rules and stepped up detection.

>>The whole thing is a scam. >Clearly not. > If it weren't then they would let people choose to use the App Store.

No, because that would enable social engineering attacks once again.

> It only exists to protect Apple's services from competition.

This is straight up bullshit. You keep saying it, but it’s false at face value.

Millions of scams have been stopped.

https://www.apple.com/newsroom/2021/05/app-store-stopped-ove...

[swiley]

Noticing malware after it's installed based on a hash isn't any better than eg windows defender. The App Store doesn't help with that at all.

>You know about that because they were stopped. And since then Apple has tightened the rules and stepped up detection.

Nope, lots of people knew it was happening for years before Apple actually stopped it and it happens with other libraries still.

>No, because that would enable social engineering attacks once again.

People still get tricked into installing CA certs which is just as effective since everything has to be done in a browser due to the App Store restrictions. So no this hasn't prevented social engineering attacks, it's only changed them and it's come at an extreme cost.

[cosmodisk]

Meanwhile this is what Salesforce does for their AppExchange applicants:

https://developer.salesforce.com/docs/atlas.en-us.packagingG....

[Edit] I should add that an annual listing is $150 and the initial security review is $2550, so no free cheese either.

[Aulig]

c is not correct. I publish lots of apps for clients and I regularly get new apps published in less than 3 hours. Apples official stats are: 90% of apps get reviewed in less than 48h and 50% in less than 24.

[codesternews]

I agree with you, But you know there are different rules for each app.

Small developers don't get same access as big developers and their apps get klled for smallest reason just by having some obscure policy or change in policy.

Developers don't have same access as Apple google eg: Screen Time

[scarface74]

Yes. Because I really want third party developers to be able to track my app usage and disable other apps…

[Karunamon]

Hi, rescuetime user here. Yes, I want apps to be able to track my usage if I ask for it.

[benrbray]

> They are not looking through the code but simply playing with the app on a range of devices.

Hence, security theater.

[MikeUt]

All that "heavy investment", and they don't catch even the most obvious scams:

https://news.ycombinator.com/item?id=26888190

https://news.ycombinator.com/item?id=26069660

https://news.ycombinator.com/item?id=26504158

[Karunamon]

This may be a hot take, but I have a problem with the way that first article equates "extremely overpriced" with "scam".

A scam is when you've been deceived or defrauded.

If you consent to pay $10 a week for an app that doesn't provide what it claims to, that's one thing, and that should be actionable. But if it does what it claims to, not liking the price does not equate to being a scam.

[emn13]

Except that you don't really get to pick to pay the price or not because of their monopoly position.

At best you get to take your marbles and refuse to play entirely; which isn't exactly a reasonable long term strategy.

There should be competition between app stores.

[Karunamon]

This subthread is about purchasing subscriptions to apps. There are multiple apps serving the same niche, so I'm not sure what your point is here.

[emn13]

I misunderstood your criticism; so while I do believe such subscriptions are scams in the sense that they prey on victims via deception and the presence of such actors undermines trust in the marketplace thus undermining fluid trade, thus such scams should be prevented - that's really kind of neither here nor their, because that's at best a laudable goal, not some kind of requirement for Apple as app-store manager.

[simias]

If we judge by the result these app store seem to do fairly well security-wise, no?

Compared to Windows as a case study of what happens when you let users install anything they want from untrusted sources, it seems that the app stores do fairly well at culling obvious malware. At least that's what I experienced comparing the number of time I had to cleanup a friend or family member's computer filled with malware and browser toolbars vs. iphones and androids.

[zimbatm]

A large part of the stability can be attributed to sandboxing. This is what prevents apps from gaining unprivileged access and destabilizing the system. This is the time where relatives will call you.

What you don't see, is all the apps that steal the user's data.

Curation obviously helps but it's difficult to measure to what extent.

[zepto]

> A large part of the stability can be attributed to sandboxing. This is what prevents apps from gaining unprivileged access and destabilizing the system. This is the time where relatives will call you.

True

> What you don't see, is all the apps that steal the user's data.

Exactly this. Apple now has policies against fingerprinting etc. which can’t be prevented by sandboxing.

> Curation obviously helps but it's difficult to measure to what extent.

https://www.apple.com/newsroom/2021/05/app-store-stopped-ove...

[sneak]

It has to be both to work; the sandbox would fail in a day if there were no review/revocation system.

[nickflood]

Web browsers don't have widely known glaring security holes in them even though their vendors don't approve the content that's viewed through them.

On the other hand, you can't be completely sure that sandboxes on mobile devices don't have actively exploited security issues as there are many ways to bypass app review from discovering the true functionality of an app.

[sneak]

> Web browsers don't have widely known glaring security holes in them even though their vendors don't approve the content that's viewed through them.

Anything widely known gets fixed quickly. There are plenty of holes in browser sandboxing. The number approximately doubles as soon as you look at anything !Chrome, too.

[nickflood]

Yeah, but by that same logic there may be unknown holes in app review and app sandbox as well. And since Apple aren't big on publicising their missteps (while Chrome is developed in the open), we may never really know how secure the app store model really is.

[philistine]

I'd argue only the revocation is needed. macOS is moving towards that model: every app requires notarization, Apple provides it without asking questions, but reserves the right to revoke the running privileges of any app. This makes so much more sense.

[sneak]

There are certain apps (like Wireguard) that Apple will not notarize for non-App Store distribution.

Basically, for certain classes of apps, macOS is now already taking the iOS "App Store or gtfo" model.

[zepto]

How does it make sense to allow scams to do their damage before shutting them down?

[ajsnigrutin]

There is a lot of phone malware, showing random ad notifications, collecting gps data, sending it to whoknowswhere, some even sending premium sms messages, etc. There are less drive-by installs, but more intentional installs (eg. flashlight app with a gajillion permissions).

[antipaul]

Details on app review process, including picture of reviewer workstation, surfaced in the Epic game trial:

https://www.macrumors.com/2021/05/07/app-store-35-percent-of...

[kolinko]

And yet, over it’s 13 years of history there were only single instances of viruses/malware.

Compare that to Google Play

[grawprog]

https://www.techradar.com/news/apple-app-store-is-apparently...

https://threatpost.com/click-fraud-malware-apple-app-store/1...

https://www.tomsguide.com/news/iphone-apps-infected-malware

https://9to5mac.com/2021/05/07/emails-reveal-128-million-ios...

https://www.theiphonewiki.com/wiki/Malware_for_iOS

[kolinko]

Did you read the links you provided?

The last article explicitly mentions that most of the malware needs iPhone to be jailbroken or the app to be installed outside of the App Store, which kind of proves my point.

The research by Panda Security also showed that the ratio of malware on Android compared to iPhone is 50 to 1.

https://www.pandasecurity.com/en/mediacenter/mobile-security...

[user-the-name]

It is a lot more than "theatre". The first line of defence is the sandboxing built into the OS. The second line is a lot of automated analysis of the binaries that are uploaded. The human review is the third line, but that is much less about security.

[dalbasal]

..and the last line of defense is removing a bad app to prevent further harm.

Drivers licenses aren't only about competence. Sure, there's a test. But, there's also the ability to revoke a license.

[Siira]

So please explain why the licenses need to cost a fortune? Simple Bayesian thinking will tell you what the real motive is, and what is being used as the coverup motive.

[dalbasal]

There is no "real" motive, only history. One thing led to another. Now we are here.

[Siira]

Your theory has zero predictive powers, unlike mine.

[dalbasal]

What does it predict?

[user-the-name]

Is $99 a year really "a fortune"? It's less than the price of a Netflix subscription.