[librish]

I'm surprised that so many developers are siding with Apple in this regard. If other stores and payment options were allowed I genuinely believe that:

- Apple's own fees would be reduced relatively quickly

- Technological savvy users will be able to discern which external sites are safe and get even lower prices when available

- Very few companies will be able to afford not being on the App Store (especially if Apple lowers their fees further)

- Apple will still make it hard _enough_ to use secondary stores that grandmas will not end up with iPads full of malware

[judge2020]

Unfortunately the most vulnerable will be easily manipulated into bypassing whatever prompts are needed. The threat vector is facebook telling users to install Instagram/FB from their own app store instead of from the App Store, both eroding their privacy (since they won't be mandated to respect the "do not track" popup) as well as training them how to install apps from third-party sources and that "it's OK to sideload because Facebook and Instagram require it".

[xyzzy_plugh]

I doubt it, otherwise we'd see this in Android. And while it does happen of course, it's vanishingly rare. Anecdotally I have plenty of friends and family who are neither technically proficient nor well educated and they seem to be doing just fine.

Instead it's a boon, especially for folks like myself who use a fair amount of software from alternative stores/installers.

[judge2020]

As far as I know, Android also doesn't have the same level of privacy requirements and permission prompts to show the user. Facebook et al. don't have much of a reason to push a third-party app store.

In addition, exploitation might be transparent to the user, i.e. a botnet that runs in the background[0] or replacing ads in other apps to steal their revenue[1]. People use iOS and recommend it to their friends/family because of its simplicity and the built-in safeguards the App Store provides, since installing a sideloaded app is a much more involved process.

0: https://cyble.com/blog/daam-android-botnet-being-distributed...

1: https://www.theverge.com/2019/7/10/20688885/agent-smith-andr...

[dns_snek]

Thankfully iOS users don't have to worry about any of that because Apple uses state of the art sandboxing that stops apps from stealing your data. I don't know what kind of safeguards you think the app store provides, but most of them are either provided by the OS itself, which would also apply to sideloaded apps, or they don't exist at all.

[danShumway]

> but most of them are either provided by the OS itself

It's tricky. Some of them are provided by the OS, some of them are not, my (possibly incomplete) understanding is that some are enforced by analyzing the submitted apps to know what they will request and not by blocking anything at runtime? I could be describing that incorrectly.

I would argue that permissions should be part of the OS itself and should work on every app regardless of where it came from, but there are people who know a lot more than I do about what specifically Apple is doing who have told me that's more complicated, and... :shrug: maybe they're right, maybe they're wrong, I don't know enough to argue with them about it.

Web browsers seem to be able to do this sandboxing at runtime just fine, so I don't really know why iOS is so heckin special, but it's not my area of expertise, I just know that there are apparently (?) some permissions that wouldn't work outside of the store.

[plorkyeran]

Facebook doesn't need a secondary app store on Android to bypass the default one's privacy rules because the default one isn't stopping them from doing what they want to do in the first place.

[hamandcheese]

Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.

[danShumway]

> The threat vector is facebook telling users to install Instagram/FB from their own app store

PSA, do not install Facebook on your iPhone. Use your browser.

Apple does deserve credit for forcing some privacy improvements on iOS for the Facebook app but it is in no way comparable to the privacy of a web browser. If you are using Facebook's app because you're on iOS and you're thinking, "oh it's fine, Facebook can't track me" -- please uninstall it, a native app on iOS still has far more tools at its disposal to track you than it should have.

As just one example, I would like to say that Facebook's in-app browser code on iOS is now blocked (https://www.engadget.com/meta-can-track-facebook-and-instagr...) but I'm not sure if that's actually the case. I hope it is, a quick cursory search couldn't tell me but it's very possible that Apple patched this by now. But what I do know is that Apple made a lot of noise about blocking tracking code before this article came out and while Facebook still had these capabilities.

Don't use known untrustworthy native apps. Don't use them on Android, and don't use them on iOS.

---

Also to be clear, the privacy improvements Apple has pushed for on iOS are in no small part to stop allowing access to an advertising ID that should not be on iOS at all. I don't want to act like there's no meaningful improvement here, Facebook's reaction is proof enough that Apple's changes did increase privacy. And I fully support Apple improving privacy. But some of that improvement is Apple putting controls in front of systems that shouldn't exist or covering for systems that are way more open and way less sandboxed than they should be.

So part of the difficulty of talking about Apple's security models and the role that the app store plays in that process is that some of Apple's policies are really only enforced on the app store, even though they should be enforced at an OS level that would apply to every app regardless of what app store it came from. Of course, not every permission can be expressed that way, but some permissions can. Web browsers are proof of that -- Safari doesn't have a quality control system in place to block abusive websites like Facebook, but despite that, it still manages to be better for your privacy for you to use Facebook from Safari instead of via a native app on iOS.

I worry that Apple's app store polices are sometimes used as an excuse to avoid building much more robust protections against tracking into the OS itself, and I worry that better privacy standards on the iOS app store get interpreted as proof that native apps on iOS are just generally safe and private. But Apple's standard of what counts as private "enough" to be on the app store is not always as strict as it could be. Generally speaking, until we get much better sandboxing controls on mobile devices than we have today, known malicious or known privacy-intrusive apps like Facebook, Twitter, Instagram, or Threads should not be installed period from any app store 1st or 3rd-party, they should be used in a web browser.

Reasonable people can disagree whether a 3rd-party app store would make this problem worse, but please don't have the takeaway of "a 3rd party app store would make the Facebook app suddenly unsafe and my parents would get fooled into installing it." The Facebook app is already unsafe, and your parents already shouldn't be using it.

[judge2020]

> Also to be clear, the privacy improvements Apple has pushed for on iOS are in no small part to stop allowing access to an advertising ID that should not be on iOS at all.

In 2010, Apple launched its own ad system called iAds[0]. Around that time, they started to crack down on other ad networks using UDID/mac addresses to target users with ads[1]. I imagine that Apple only made the IDFA in a compromise with advertisers[2].

While I understand the sentiment that any tracking identifier shouldn't exist, Apple needed iOS to continue to succeed in the iOS 6 days and probably didn't want to deal with any anticompetitive lawsuits that early in the lineup's lifetime.

0: https://www.apple.com/newsroom/2010/06/07Apple-to-Debut-iAds...

1: http://www.cultofmac.com/160248/what-the-hell-is-a-udid-and-...

2: https://www.businessinsider.com/ifa-apples-iphone-tracking-i...

[danShumway]

I'm confused how you would see this as anything other than further evidence for my point.

Don't install native apps from hostile networks like Facebook; they hook into systems that shouldn't exist that were added as a privacy-compromising concession in order to avoid regulatory scrutiny into other systems that also shouldn't exist.

The history of IDFA ultimately boils down to one fact: that for whatever reason it was added, the protections in place now are still protecting you from a tracking system that Apple added. And Apple's standards on what is and isn't an acceptable line to cross regarding privacy demonstrably are not always as going to be as strict as they ought to be. Sometimes Apple compromises.

These apps are not safe just because they have Apple's seal of approval, there is a certain threshold of abusive behavior from apps like Facebook that Apple will tolerate. It is better to use a web browser so that (however imperfect it may be) you can get at least some small amount of real sandboxing.

Look, I'm not even saying you need to support third-party app stores. I obviously have opinions on that, but if you disagree and think 3rd party stores will make things worse, then fine. That's not my point. My point is: don't get the impression that Facebook's native app is safe just because Apple hasn't removed it. iOS doesn't have enough tracking protection to make it a good idea to use these apps natively on your phone or to make it OK to advise others to install them; they should be avoided and used only within a browser if you care about your privacy.

[MBCook]

I think Apple should’ve won the lawsuit. Epic broke TOS they agreed to, got punished, and whined a bunch to the court. They deserved to lose as they largely did. They’re also not innocent. They don’t want to get rid of all of this, they want the middleman cashing in to be THEMSELVES, not Apple. They’re no underdog hero.

Apple is doing something incredibly stupid and absolutely killing their relationship with developers. Right when they need it most. They should fix that, but won’t. Wall Street would crucify them for daring to lose revenue. And regulators should probably limit how much they can charge.

But this lawsuit was not the way for that to happen. Don’t root for a bad lawsuit just ‘cause you hate the plaintiff. Fix it the right way.

[HDThoreaun]

Who cares what Epic wants? Their incentives align with mine so I supported them. Apples practices here clearly harm consumers by reducing competition on iOS. It is obvious to me that if Epic won iOS would be a better product, at least for me.

[nickthegreek]

Some would argue that Apples practices clearly protect the consumer from malware, privacy issues and scams. It is obvious to me that if Epic won iOS could be a worse product, at least for me.

[amiga386]

Exhibit A: https://www.theverge.com/2020/7/30/21348130/apple-documents-...

> Jobs said, “[i]t’s time for Amazon to decide to use our payment mechanism or bow out [of the App Store],”

> Jobs said: “I think this is all pretty simple — iBooks is going to be the only bookstore on iOS devices. We need to hold our heads high. One can read books bought elsewhere, just not buy/rent/subscribe from iOS without paying us, which we acknowledge is prohibitive for many things.”

Tell me how this clearly protects the consumer from malware, privacy issues and scams.

[nickthegreek]

Apple pay subscription cancellation ease and refunds protect the consumer. I’m not here to defend all of their practices. I am saying there are very obvious consumer friendly parts of the ecosystem starting with the fact that I don’t need to run tech support on my families tablets and phones.

I barely ever see consumers complain about the ecosystem, mostly companies and developers. And I just don’t feel like they are going to use a more an open system to the benefit of the consumer. I trust them _a lot_ less than Apple.

[lapcat]

> I barely ever see consumers complain about the ecosystem, mostly companies and developers.

Where have you looked? I see them complain all the time on Reddit, for example. And Apple actually denies a lot of refunds.

[samtho]

The ToS isn’t law and we desperately need to stop pretending it is.

A ToS a “shrinkwraped” contract. In Apple’s case, it’s enforceability was yet to be tested. We can agree to a lot of things in a contract, but in general, we cannot consent to letting a party break the law at your expense. A judge determined that Apples practices were unlawful and therefore the problematic stipulation of the ToS was struck.

This is an important tool to combat runaway shrinkwrap contracts that can say literally anything and attempt to enforce it.

[MBCook]

It’s not law, it’s a binding legal agreement.

This wasn’t some clickwrap thing you have to click through to play Angry Birds, it was the agreement for signing up for the developer program.

[samtho]

> This wasn’t some clickwrap thing you have to click through to play Angry Birds, it was the agreement for signing up for the developer program.

Both of these operate under precisely the same principle. The same principle is applied when you sign up for a gym membership, a credit card, or install software on your computer. The validity of the shrinkwrap contract is not something I’m challenging here even if I happen to believe they go against the spirit of contracts.

My point is that there are limits as to what you are able to consent to, legally speaking. You can’t typically sue a company for including something in the ToS that you haven’t yet signed which you believe is unenforceable because you suffered no damage and have no standing in the matter. The way to go about this is to agree to the ToS and challenge its enforceability when, specifically, the target stipulations(s) were enforced by the company you made the agreement with. If this stipulation was not legal for them enforce, then it’s perfectly within the rights of the signer to challenge it.

The other dynamic is that the signer is taking on risk by challenging the validity of the contract either as a whole or in part, therefore it’s not necessary asymmetrical.

There are other situations where a “legal contract” can be thrown out, such as being forced to sign one under duress/threat, or even if someone who cannot consent legally signs it.

[mschuster91]

> They don’t want to get rid of all of this, they want the middleman cashing in to be THEMSELVES, not Apple. They’re no underdog hero.

There's value to be had in more competition the "middleman" market, too!

At the moment, on PC there's a healthy competition between the Microsoft Store, Steam, GOG, Epic Games, EA Origin and probably at least a dozen other smaller platforms, some of which are also available on macOS and Linux.

On Android, there's the Play Store, some of the device manufacturers have their own additional stores (Samsung), even carriers have app stores (Vodafone Germany), and enabling a completely independent store like F-Droid is three taps away. The only thing that's unhealthy is how much AOSP functionality got shifted over to the Play Store Services which means that competitors on the OS level (e.g. Amazon's Fire series) have to do a lot of work on reimplementing that to even get basic apps running.

The only platforms where app/game vendors are completely dependent on the mercy of the device vendor is Apple's iDevices and game consoles (Xbox, PS5, Nintendo Switch) - and it's high time for that to end. Users should be free to run whatever they want to run on their devices, and they should be free to decide upon another curator for trustworthyness if they so desire. If the price of that is marginally more expensive hardware, so be it - it should not be allowed to sell stuff as permanent loss leaders anyway, it's unfair business practice.

[MBCook]

I agree there’s a benefit.

I’m just saying that Epic is not the underdog little guy some seem to act like they are. This wasn’t a small indie developer sticking up for their rights.

[threeseed]

That's because most iOS developers aren't confused about the situation.

Apple's commission is for the App Store, SDKs, Developer Support etc. Not just a payment processing fee.

And so if there are other stores and payment options which there will be soon Apple is still within their right to collect that fee. As every court around the world has said. They could collect it as a percentage of sales like Epic or just lump developers with an up front large development kit fee like Sony or Microsoft does.

[madeofpalk]

No one is confused (by these rules). But that doesn’t mean developers like it. I haven’t seen a single reaction from developers supportive of this.

They seem hell bent on destroying whatever reputation and good will they have left on chasing those casino games for kids.

[librish]

Then force them to unbundle those fees if they want to collect them. It just doesn't make any sense that some developers have to pay up to 30% of their iOS revenue while others (including huge corporations like Uber, Starbucks, Target etc) pay nothing.

[TillE]

It's 15% for any developer making under $1 million. Even if we think the SDKs should be free, you're not going to find a significantly better deal for payment (with Apple handling all sales taxes etc), auto updates, crash reporting, etc etc.

Smaller developers aren't being ripped off, not anymore. There's a philosophical argument that Apple shouldn't control your device, but that really has nothing to do with the 30% they charge larger companies.

[librish]

Wouldn't Stripe be significantly cheaper?

I'm making the opposite of a philosophical argument, I'm making a practical one. Apple is not going to take away the App Store, or make it too difficult for developers to upload apps, since that would be a real threat to their iPhone business.

Developers need Apple, but Apple needs developers too. Currently their market domination makes it an extremely hard collective action problem for developers. Not being on the App Store means losing out on the majority of your revenue, which makes it tough for enough developers to band together against Apple.

[kj99]

> Wouldn't Stripe be significantly cheaper?

Can we stop pretending the app store fee is just for payment processing?

[librish]

That is currently the only thing they're charging for. Like I said, let them unbundle if they want to. I wouldn't be surprised if they actually end up just taking a revenue hit to keep the ecosystem healthy, which would mean more money for developers.

[turquoisevar]

> Then force them to unbundle those fees if they want to collect them.

No, thank you.

I’ve seen what that looks like on the video console side of things. Thousands of dollars for the right of publishing on the manufacturer’s platform (i.e., using their IP) and again thousands for each build that needs to be certified.

Hundreds for smaller indie game devs.

I’m happy with my 15% commission and the $99/year fee. Nice and cheap and I get my money’s worth out of it and then some. Best part, they do well (i.e., I only owe them) when I do well. No upfront cost that’s essentially a gamble. No fee per build.

The more is bundled into a commission tied to my revenue, the better.

[judge2020]

The rule has been that physical purchases don't need to use IAPs, since the service you're purchasing is not solely enabled by Apple's investment into the entire hardware/software/APIs stack that allows your users to buy gems in your game.

[danShumway]

> As every court around the world has said.

https://www.reuters.com/technology/dutch-regulator-disputes-...

We're actually not 100% certain whether or not Dutch regulators are OK with those fees. We know that they consider Apple to still not be in compliance with the regulation, and there have been hints that the fee structure may be a part of that. But as far as I know we haven't gotten specific confirmation from Dutch regulators in either direction.

We know that 30% was too high, so according to the Dutch there is an upper limit to what Apple can charge proportional to its normal fees for in-app payments: https://www.reuters.com/technology/dutch-antitrust-watchdog-...

27% might be OK?

We'll have to wait until after Apple's responses to the most recent fines to work their way through courts to know whether the concerns listed most recently by Dutch regulators are the full list or not. It seems a little premature to say that every court in the world is fine with Apple's system when it doesn't seem that Apple has built a compliant Dutch system for us to even point to as an example of what that system could look like.

As it stands, we know that Apple's 3rd-party payment system is not compliant, but we don't know exactly why it's not compliant, and we won't know what a fully compliant system looks like for the Dutch government until after Apple has managed to come up with a proposal that doesn't get them fined for noncompliance.

[detourdog]

Probably a familiarity with how brick and mortar business work and what it was like when software came in a box.

30% or 15% for one stop global distribution and multi-jurisdictional tax collecting is a deal all day long.

Could Spotify have bootstrapped itself without the App Store?

[dataflow]

Did brick and mortar stores have a monopoly on software distribution?

[kj99]

Apple doesn't have a monopoly on software distribution.

If alternative stores equated to better software, then Android would have easily outpaced Apple by now.

The only people who would benefit from forcing Apple to allow alternative stores are the unscrupulous middlemen who would run them.

[smoldesu]

> Apple doesn't have a monopoly on software distribution.

This is just literally wrong, by-definition.

You can claim that Apple's monopoly isn't illegal or harmful, but the monopoly itself is self-evident. You cannot distribute software without Apple; their system is designed with monopolistic capability.

> The only people who would benefit from forcing Apple to allow alternative stores are the unscrupulous middlemen who would run them.

Source? You're inventing hypothetical claims to support your rhetoric.

[nodamage]

> This is just literally wrong, by-definition.

No it's not. There are plenty of ways to distribute software without Apple being involved at all.

Perhaps you meant to argue that Apple has a monopoly on iOS software distribution, but that's not actually what was originally written. It's also highly questionable given that the courts have rejected "iOS software distribution" as a valid antitrust market for the purpose of monopolization claims.

[smoldesu]

I didn't say they had a monopoly on all software distribution. I said that claiming Apple had no monopoly is wrong.

> It's also highly questionable given that the courts have rejected "iOS software distribution" as a valid antitrust market for the purpose of monopolization claims.

Pray tell, in which jurisdictions?

[dataflow]

> Apple doesn't have a monopoly on software distribution

It has a monopoly on iPhone software distribution... which is why they can set the fee at 27% without competition...

[Aaargh20318]

Not sure what point you are trying to make here. You think that developers got a better deal when software was sold in brick and mortar stores? I remember when the App Store was first announced, there was much excitement among developers over Apple only taking a 30% cut.

[lapcat]

> You think that developers got a better deal when software was sold in brick and mortar stores? I remember when the App Store was first announced, there was much excitement among developers over Apple only taking a 30% cut.

Not among Mac developers who distributed their software over the web directly to customers, bypassing the middlemen.

Also, little did we know at the time that the App Store would inaugurate a race to the bottom, devaluing software. What does the cut even matter if you have to sell software at the same price as a music single?

[detourdog]

Your points have validity but don’t come close to capture the richness of the world around us.

It is your choice on how to contemplate how full a glass is.

[dataflow]

> You think that developers got a better deal when software was sold in brick and mortar stores?

What? No, my point is developers would get a better deal when there isn't a monopoly on the distribution. Is it not obvious that the 27% fee is only possible due to lack of competition? That if there were other stores selling iPhone apps then competition would drive down the 27% fee?

[detourdog]

They had as much control of what was available one their shelves.

[dataflow]

Are you familiar with what a monopoly is? It's not about controlling what's on your shelf, it's about not letting other stores have the monopolized products on theirs.

[detourdog]

i thought it was about consumer choice.

[generalizations]

To me, apple has made it to where they are in large part because of the strict control they maintain over their ecosystem. I was an android user forever, because I wanted the freedom to root my device and do things my way. I bought into apple because I need an appliance that just works.

Trying to break apple’s control is pretty close to destroying exactly why their stuff is desirable.

[turquoisevar]

> I'm surprised that so many developers are siding with Apple in this regard.

I can’t speak for others, but I’m sick and tired of big corporate devs acting as if they speak for me, a small indie dev, resulting in outlets and everyday people echoing their talking points “in support” of me.

They have their own interests, some of which directly contradict mine, and they only use people like me as pawns to make their plight seem righteous in the hopes of drumming up support.

I was content with the 30% when I eagerly signed up. I’m downright happy with the 15% discount as a nice bonus to the point that I think the 15% is a steal for what I’m getting out of this arrangement with Apple.

Of course, this is my opinion, and I have no interest in speaking for others. There’s already enough of that going around.

I’d instead ask you to be open to the idea that what you’ve been seeing so far is corporate PR trickling down to you via outlets and other means and hear out the indie devs you come across here and elsewhere.

On a separate note:

As someone who has a legal background and practiced before pivoting to indie development, I’m surprised so many seem to think Apple’s latest move is a surprise or somehow utilizing a loophole.

Legal proceedings aren’t always easy to follow, I’ll be the first to admit, but this was spelled out crystal clear in both the district court’s judgment as well as the appellate court’s judgment.

What’s especially nonsense is that the likes of Spotify and Sweeny didn’t see this coming, like they now pretend. Either they all need to fire their entire legal team or stop being coy because the courts predicted this outcome black-on-white in their judgments.