[procombo]

There are many solutions here. I can come up with several. All would limit Apple's power, and that's the issue for them.

Maybe Apple should have thought about the implications of "valiently" eliminating choice for (quite nearly) half of U.S. voting population during and after an election year. They played their cards terribly, and it hasn't aged well.

[sascha_sl]

Apple makes premium devices. If Google did this inside their Play Services, you'd have a point, because that is the affordable (and, outside the US, mainstream) choice, but people explicitly buy Apple.

[viraptor]

Apple also supports much older iPhones which are not premium price anymore. In the other hand Google itself sells premium device line (pixel). I don't think your generalisation carries a strong point.

[sascha_sl]

Addendum, because I see some unexplained opposition to this argument.

I don't see how you can say people are smart enough to decide when and how to sideload an app - especially if existing apps leave the appstore and start doing shady things in the background - , but not smart enough to buy devices that have a software distribution model in their best interest. Either people are making informed choices or they're not.

[viraptor]

Because it's not a one dimensional issue. Instead of "distribution model" axis when making a purchase, you have to decide on: interoperability, cost, support, familiarity, exclusive apps availability, hardware features, previous purchases, etc. Whatever you choose you will compromise somewhere. Sometimes people compromise on the distribution model they don't like.

[swiley]

The problem I have is that the AppStore doesn't solve the problem of people being tricked into misconfiguring their computer. Until Apple employs experts to stand physically between the machine and the user this is always going to be possible.

While you're reading the rest of this, ask yourself if it's really worth throwing away personal computing (free speech and community maintained software are some of the bigger things you lose) for a very slight increase in security.

Here are just some ways to get in trouble despite Apple's intrusion into people's lives:

1) CA certs.

McAffee now tells users to install malware on (or just replace) their routers with software that terminates their TLS connections (and does God only knows what with them.) They've managed to convince Verizon to advertise this and have their technicians set it all up. So the AppStore didn't keep one of the larger malware vendors out. You can also find many sites telling you to install their (likely malicious) CA cert because certain jailbreaking methods in the past used that.

2) There is malware on the AppStore and you almost certainly have some installed

Distributing malware directly as an App you build is hard, Apple can revoke your developer ID and so that gets expensive. The solution is to distribute libraries that make certain things easier for developers (authentication is a big one.) You can do this anonymously and don't even need a machine running OSX. This is one of Facebook's primary methods for getting malware on your phone. Almost every non-trivial App you have uses the Facebook SDK, and if you log into anything in the App Facebook knows who you are and adds the information to the profile they have for you (whether or not you've "created" or "deleted" it.) There is no easy way for users to detect this since the AppStore makes user buildable open source software impossible. Facebook is not the only company doing this but they're one of the biggest.

3) Software can be installed outside the AppStore but only if you have money and know what you're doing

It is possible to distribute iOS software outside the AppStore with no review. There are two channels for this: the first is testflight which is supposed to be used for beta testing. iSH used testflight for a long time before attempting to get listed on the AppStore. The issue here is that testflight apps cannot be widely used: the "beta" is limited to ~10,000 users. The iSH authors would weekly go through the list of users and remove ones that hadn't opened the app recently (near the end it was 10s of users and the period would get shorter and shorter, I remember having to re-install the app pretty much every time I wanted to do anything useful with my phone.)

The other method is via enterprise deployment. Non-coorperate users aren't supposed to see these but I've heard some larger companies (surprise, it's Facebook again) use this to get certain Apps installed on devices owned by minors because that would cause problems for their primary App.

[sascha_sl]

Okay, so.

1 and 3 require profiles to be installed (or, as with the case of testflight, have a limited blast radius), they are high friction and non-technical users are not likely to go through with them. Any party bypassing Apple on a large scale would see their signing cert revoked. Apple doesn't generally do that because enterprise certs that have been stolen would also disable business processes for weeks for that customer, but they still have the right to pull them. And I seem to recall that Facebook had their enterprise cert revoked indefinitely.

2 is, yet again, a policy issue. One that iOS 14 actually partially solved. The issue I have with (easily enabled) sideloading specifically is that some very desirable apps want to bypass the App Store to either circumvent the IAP tax (I'd say that's legitimate) or policies designed to prevent #2 from happening. Fortnite being the obvious example, since they already pulled out of Google Play. Facebook is a weird example to bring up, considering they've been in crisis mode ever since iOS 14 took away most of their tracking data.

The issue is that Apple uses some of the side effects of their strict curation for their own benefit (once again IAP, but also special entitlements for their own ecosystem, e.g. how their HomePod third party API surface is very barebone and will never work properly with Spotify Connect). I'd be very happy if some better rules were put in place as a result of Apple v. Epic, but I don't think the model is broken to begin with.

[swiley]

As far as I can tell there are no policies that prevent #2 from happening.

As for 1 and 3, the limited blast radius doesn't matter so much as long as you target the installs, which seems to be happening.

Also: sorry someone downvoted you, it wasn't me. I'm pretty much eternally logged out due to noprocrast so I rarely vote.