Hacker News new | ask | show | jobs
by duhast 1612 days ago
How would you realistically solve this problem? Part of what makes these platforms so attractive to the end user is in fact app curation. Strict control over APIs and power usage, all sorts of minimum standards and mandatory integrations are contributing enormous value to these ecosystems.
6 comments
Hizonner 1612 days ago
What makes these platforms attractive to the end user is that they're the only things available for sale down at the phone store. And what makes the decision between the two available choices is what your friends have, or what you already have, or what's on sale, or about a trillion other things that are more likely to be "top of mind" for the average buyer.

I bet not one user in 1000 gives any thought to "app curation" before they choose a phone.

link
dkarl 1612 days ago
I very much appreciate how freely I can install apps from the app store. I hear about, I install it, I try it out, no worries. Whereas without curation I'd spend twenty minutes making sure it was mentioned by multiple sites or people I trust and doing a set of web searches to check for reports of malicious behavior, and I'd still worry about it, especially about updates. Putting out a good, well-behaved app and then putting out a malicious update that is required for the app to work with the latest OS update would be a common malware vector.

I'd probably uninstall half my apps every major OS update. How often do I use this app? Once a month? Is it worth doing a few quick web searches to see if the latest update is malicious? Nah, just delete it. I can do without.

Once or twice I've had to install a major OS update just a few days after it was released, which would mean no time for other people to discover malicious app updates. What would I do then? Just roll the dice? What if the initial update is fine, but then a week later it's replaced with a malicious one, to catch people who put off updating?

link
infamia 1611 days ago
What if someone else did all of that privacy research and monitoring for you, only it was a set of volunteers, and they did it for free? This is what F-droid does except they verify that apps on their store are clean at the source code level, compile the source code, and then publish it in their app store on behalf of the authors. When I'm looking for an app in the F-droid repo, I only need to wonder, "Is it any good?", because it is at least safe. They also warn you if the app does anything at all you might object to. For an example, check out the page for Firefox below, which at least gives you an idea of the kind of information available in the app.

https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/

At times, Apple has removed apps capriciously out of self-interest and done things that aren't good from a privacy perspective. I trust F-droid to be a more equal an honest arbiter more than Apple since they don't have and reason to do something I wouldn't like. Basically, I'm saying that (in addition to scummy app stores) there would likely also be some app stores that do a better job than what Apple does at protecting you from the bad actors you just mentioned.

link
freedomben 1612 days ago
I completely agree with you on the value of curation.

But why not have a setting deep in the menu to allow sideloading unapproved apps? If Joe Block is able to opt in to the uncurated minefield, does that harm you or take away from you ability to enjoy curation?

link
ComradePhil 1612 days ago
I would not mind my apps on iOS being curated by Microsoft for example and some people would probably prefer their apps on Android devices being curated by Apple... or Microsoft or EFF or Mozilla or Signal or say a new community of volunteers who come together just for this purpose.

It could also be that I trust a group of vendors while I don't trust some others as a user. For example, someone would maybe want their Android apps to be delivered by Apple, Samsung and Mozilla... but not by Google or Amazon for example.

The phone makers could still control their frontends and interface of their stores as they please... but to absolutely not allow certain apps from vendors altogether even if the user REALLY wants to install it on their device is a completely different thing (which is the case now as far as Apple is concerned).

Note: In the above examples when I am naming companies and organizations, I'm imagining a world where any of these companies can have hosting service for their own curated list of apps where developers would submit their apps for various platforms and users can add these as sources on their App Store. There could be a chain of trust for new app store source vendor, where a group of third party organizations decide who to give or take away these rights from.

link
freedomben 1612 days ago
This is exactly the point I try to make but to no avail. I don't understand why it's so hard for most people to see that you can still have a curated app store even if there's an option buried in the menu to allow power users to subscribe to additional stores, or sideload, etc.

If there's any Apple people who think that would be bad, I'd love to hear about it. So far it's been nearly impossible to get an answer on that. At that point the argument usually changes to "just get an Android if that's what you want" or "nobody but you cares about that" or "if you want to sideload just pay the annual developer fee" or "Apple's curation is a lot better than Google's" (which is an entirely different argument I would point out).

link
foxfluff 1612 days ago
I would allow fair competition and let the user choose.

You don't need a monopoly to have curated storefronts. For example, GOG is curated and if I don't like their curation, I can look at Steam or a plethora of other stores.

F-Droid has its own kind of curation, which I prefer to Google's curation; it gives me a decent guarantee that I'm looking at free software, and antifeatures are usually hilighted. However, I don't have to use F-Droid if I don't want to.

So maybe another entity can provide better curation that Google does. And maybe another entity can offer an uncurated store; if users prefer that, it's their choice.

link
duhast 1612 days ago
Users are consistently choosing locked down Apple ecosystem over more open Android. How are you going to explain this?

You also need to realise that you’re not an average user. You’re in 0.0001% of the population when it comes to use of technology and your preferences might not reflect the average Joe.

Most phones would quickly fill up with apps doing malware, phishing, spam, crypto mining and DDoS attacks.

link
foxfluff 1612 days ago
> Users are consistently choosing locked down Apple ecosystem over more open Android. How are you going to explain this?

Not true in my part of the world. I don't know, maybe people over there see iPhone as a status symbol? Or just think it's the best phone? Or maybe they trust Apple more than they trust G. I'm glad they can make the choice!

> You also need to realise that you’re not an average user. You’re in 0.0001% of the population when it comes to use of technology and your preferences might not reflect the average Joe.

I fail to see how this is relevant to the discussion.

> Most phones would quickly fill up with apps doing malware, phishing, spam, crypto mining and DDoS attacks.

I disagree. Most users would consistently choose to stick to a locked down store they trust; in your part of the world, perhaps that'd be the Apple store if they trust locked down ecosystems as much as you think. But in a world where the platform's blessed app store isn't a monopoly, they'd have other alternatives to choose from.

A small fraction of users would be tricked into installing malware, but it's not as if they were immune to that right now.

link
freedomben 1612 days ago
> Users are consistently choosing locked down Apple ecosystem over more open Android. How are you going to explain this?

Anecdata, but of the couple dozen people I know well, 18 or so choose Apple, 1 does so because her husband is an iOS dev and it's the only thing she knows, and only 1 does so (at least he claims) because he likes the locked down nature of it. I usually point out that he doesn't really, because he uses his developer to account to sideload apps onto his device, but for some reason that argument gets nowhere with him. 6 or so of the others do so because that's what their company gave them (either now or in the past). Nearly all of them stay with Apple because they have a big investment now in apps and purchases that they lose if they move. And of course iOS is what they know, and most people stick with the devil you know over the devil you don't know.

But how do I explain this? I think it's a multi variable equation. No doubt Apple is known for quality and deserves this reputation (although the last few years they've been losing this on the software side). There's also no doubt a lot of people who view it as a status symbol. My son wants an iPhone so bad because he doesn't want to be a "green bubble" anymore. He's never even used one, it's purely social pressure. I doubt adults are immune to this stuff either. There's also a pool of people that truly prefer to be powerless over what they run on their device. I guess they are afraid that if sideloading is an option, they will decide to sideload apps from sketchy sources and get themselves infected with malware.

link
nottorp 1612 days ago
> Users are consistently choosing locked down Apple ecosystem over more open Android. How are you going to explain this?

The choice is not only based on the app ecosystem. I started with Android phones because why pay the Apple tax? They had so many problems I eventually bought an iPhone and never looked back.

As for the "ecosystem", I'm probably an outlier but I'm so disgusted by all the IAP crap available in both "ecosystems" that my phone is basically an expensive portable chat terminal. I have almost no other apps on it.

link
Const-me 1612 days ago
> Strict control over APIs and power usage

These are doable with technical measures. Modern OS kernels are multi-user, when implemented properly, their user isolation features are very hard to break. If an OS doesn’t want apps to have some APIs, it shouldn’t expose that API to apps. For instance, Linux doesn’t allow users to pretend they’re someone else, but that’s not enforces by curation, instead the APIs like setresuid() only work if the caller is a root.

Similarly, if the OS doesn’t like high resource usage of background services, it has technical tools to enforce various limits. An easy enforcement method is killing the offending process. For instance, in Windows Phone 7, background audio agents were limited to 15 MB RAM. If a background audio process exceeds that limit, the OS silently kills the process, audio stops playing.

When something is doable with technical measures or curation, technical measures are almost always better because the curation is fundamentally unreliable.

link
sam0x17 1612 days ago
Legislation mandating all platforms to allow for third party app stores to exist with zero functionality/feature penalties in terms of what those apps are able to do (Apple can't gatekeep certain features as only supported by Apple app store apps). I would dovetail this with legislation limiting app store cuts to 5%.
link
Ostrogodsky 1612 days ago
I coulda/sorta buy this argument for Apple(though I am pretty sure that is not the main reason people buy Iphones) , but for Android?? Curation??? Hahahahhahahahahaha
link