[danShumway]

> …except if they value a device that enforces audited software only, because they find it safe and convenient.

There's a lot of selective reasoning on both sides of this debate. We both know that consumers don't think about security enough that they would consciously avoid an alternate app store in order to keep themselves safe. We've all worked with tech-illiterate people long enough to know that they don't have survival instincts around security, they will happily walk out of a walled garden at the first opportunity, disable their firewalls, and install malware.

But it's also pretty obvious that consumers don't think about security enough that the majority of them are consciously opting into a curated app store as an informed decision. If Apple suddenly decided to throw open the flood gates and became even more open than Android, these users would not switch to Android. I have never heard an ordinary, non-techy, non-HN user tell me that they're buying an iPhone because it doesn't support sideloading.

The reality is, consumers don't think about this at all and they probably don't have much of a conscious preference for any outcome. Some tech users do, but the majority of Apple users are neither so security conscious that they would inconvenience themselves in any way to avoid 3rd-party installs, nor so conscious of consumer freedoms that they would inconvenience themselves in order to buy a device that supports sideloading.

I do not believe that this is a behavior that the market selects for in either direction. The smartphone market is not a reflection of social preference towards either security or freedom.

So I think it's just kind of nonsense to act like this is a question of consumer choice. If Apple is allowed to run a curated store, customers will keep buying Apple products and they'll ignore any apps that they can't install and they'll lose zero sleep about that arrangement. If Apple is forced to run a more open store, customers will keep buying Apple products and they'll install anything they want regardless of the warnings, and they will once again lose zero sleep over it.

And of course that's the case because there's no other way to square the idea that people willingly buy into the Apple ecosystem and also that those same people wouldn't avoid sideloaded apps if given the choice. There's no way we can pretend that one of those decisions is a consumer preference and the other one is the opposite and their brains have magically turned off -- the only explanation that explains both behaviors is that consumers are not making either of these decisions based on security/freedom.

----

Most consumers are apathetic to this entire debate. Again, there are some tech users that doesn't apply to. They are an extreme minority, but they exist. Some people use Android out of principle, some people consciously choose to use Apple devices because they don't want sideloading. Most people do not fall into either of those categories, and I just think it's a mistake to interpret consumer buying trends of Android/iOS devices like it's some kind of general expression of customer will about technical issues that they don't even understand in the first place.

You have to remember the majority of both Apple and Android customers probably don't even know what sideloading is; they certainly are not making informed decisions about it in any direction. To the extent that they are thinking about privacy or security at all, they are primarily thinking about the number of TV ads that they've seen for each product that used the word "privacy."

So when we talk about regulation, it's more valuable to talk about the effects on the overall market for smartphone apps and software innovation, the practical effects on security regardless of people's supposed choices about the risks they want to take, and about whether the market/security benefits outweigh the downsides. "What consumers want" is a misdirection; consumers don't want anything to do with this debate and they couldn't care less about whether or not Apple has an API for 3rd-party web browsers or whether or not the app store allows distributing GPL apps. They don't know or care what those words mean.

[Wowfunhappy]

I mostly love this post but I want to quibble about one thing:

> And of course that's the case because there's no other way to square the idea that people willingly buy into the Apple ecosystem and also that those same people wouldn't avoid sideloaded apps if given the choice.

I think there is a universe in which:

1. Apple allows sideloading on iOS.

2. 95%+ of users don't ever sideload apps, preferring the safety and security of the official App Store.

Note that #2 does not mean consumers need to understand the precise risks of untrusted software, provided they generally understand that malicious apps exist and can harm their phone, whereas Apple promises everything in the app store is safe.

To make this happen, Apple would need to do some work, aka actually compete in the market! They would need to run an advertising campaign about the value of app store curation. They would need to improve search and discoverability, such as by not auctioning off the top search result spot. They might need to take a lower percentage of app revenue.

And Apple should have to do these things because it would be good for consumers!

[danShumway]

I don't necessarily disagree, just that what you're describing is an education effort.

I do think that general users can understand what the security/freedom tradeoff of sideloading is; this is not something that's beyond the ability of normal people to reason about. I just think that in the current market they don't. I don't believe that the current behaviors we see where lots of people simultaneously buy into iOS as a closed platform and are also pretty bad about staying in walled gardens without being forced to can be explained by saying that one of those things is an educated decision and the other one isn't.

But you're right, that's not to say that in theory consumers couldn't be educated about the tradeoffs or that it wouldn't be good to have a general education effort in that direction. But I think it would need to be a shift and we would need to start doing that education. I'm only trying to push back on the idea that absent consumer education we can still make inferences about their preferences through just surface-level choices that they might be making for arbitrary reasons.

[seanmcdirmid]

> To make this happen, Apple would need to do some work, aka actually compete in the market! They would need to run an advertising campaign about the value of app store curation. They would need to improve search and discoverability, such as by not auctioning off the top search result spot. They might need to take a lower percentage of app revenue.

Apple already does that marketing. It’s why I bought an iPhone rather than an android phone. Apple doesn’t have a lockdown on the smart phone market. They don’t even have a majority of it, I choose an iPhone because I don’t want to deal with my phone like a Linux box.

Yes, Apple has a monopoly on iPhones. But making the iPhone suck as much as other phones doesn’t seem like it will correct that monopoly.

[danShumway]

> Apple already does that marketing. It’s why I bought an iPhone rather than an android phone.

Do you believe that if sideloading is offered on the iPhone that the majority of Apple users will be able to make an informed decision about whether or not it's safe to use 3rd-party stores?

This is exactly what I'm getting at: it cannot simultaneously be true that iOS customers already know the security/choice tradoeffs and are opting into the market fully informed about their decisions specifically because they want a walled garden, and also be true that those same people's brains are going to suddenly, magically turn off and they'll be incapable of making security decisions if they ever have an option in the iOS settings to enable sideloading.

Given that we know that lots of people buy Apple phones, and given that we know that many of those same users would choose to sideload possibly malicious apps without hesitation even though doing so would open them up to security risks -- the only explanation that reconciles those two contradictory facts is that the majority of iOS users are not thinking about security or user choice at all. And that's an explanation that's supported by what we seen in the real world as well: when talking to non-technical iOS users they don't tend to have strong opinions about this (if they even know what the debate is in the first place). If you go to a random person on the street and ask them why they bought an iPhone, "app store policy" will not be their response.

You may not be in that category; maybe you did buy an iPhone specifically because you wanted a closed ecosystem. But if so, you are not representative of the majority of iPhone users. The majority of iPhone users don't know what an "alternate browsing engine" is. The majority of iPhone users have probably never thought about how the app store works or whether they agree with it. They don't have preferences in any direction; the majority of iPhone users currently think we're all giant nerds for having this conversation at all.

And being informed about that conversation is what we're talking about when we talk about education. None of this is to say that people couldn't be educated enough to make informed decisions about sideloading or that they're incapable of thinking about security, but you're fooling yourself if you think an average smartphone user is currently thinking about app store policies at all when they buy a smartphone.