[darkhelmet]

Playing devils advocate for a moment: One reason why is that many app developers truly do not have your best interests at heart. Taking heat for being a gatekeeper sucks, but the downsides of the alternatives are potentially limitless.

Random example: the fuss about the facebook advertising/tracking SDKs back in the day. When apple started giving unique device IDs to each app, this cross-app tracking mesh imploded and they were screaming about lost revenue. Maybe you find billions of dollars worth of tracking to be creepy, maybe not. But if facebook had the option of getting that functionality and revenue back via an easy sideloading or some other frictionless alternative mechanism then the entire app ecosystem that was even remotely related to facebook tracking would have been off the app store in a heartbeat. Instead of being at the mercy of apple, you, and your extended tech-support family would have been at the mercy of facebook.

Apple is no angel, but the potential downsides are limitless. Instead of the facebook tracking example, consider partially or overtly malicious apps that your parents are now installing on their phones (as well as their malware-ridden PCs).

On the other hand, sideloading is a fairly low barrier for technically competent folks. Stuff like iResign and other tools have been around forever. You can grab any pirated/hacked/etc app package, sign it yourself, and sideload it via your dev credentials. But at least you don't have to worry about your parents doing that. Or facebook telling your parents to do that.

Anyway, that's a "for some reason" example. The readership of HN are not the target audience that the app store gatekeeping is there for.

(But don't get me started on fees/commissions/etc - that's indefensible IMO)

[luuurker]

Apple controls the OS and the sandbox apps run on independently of the source of the app. Facebook would be able to tell users "you have to give us location access or the app won't run", but Apple controls what data is given to the app. Facebook could implement something to track users in the background, but the sandbox still kills/freezes the app as soon you hide it. They could implement some kind of tracking, but again, remember that the app runs in a sandbox and Apple controls that sandbox.

This is why a malware app on an iPhone can only do limited damage. It can't access all files, it can't encrypt the storage, it can't launch a DDoS in the background because the OS doesn't let it run, etc. iOS or Android are not Windows.

If you want to know how it works in practice, look at Android. It has supported sideloading for a long, long time. People do install a lot of crap, but that's from the app store. My parents are really bad with tech and never sideloaded anything.

And there are other layers of security too. If you go to a store, buy a Samsung, a Google Pixel, a OnePlus, Nokia, etc, they all come with Google Services, which includes Google Play Protect... essentially an anti-virus that looks at your apps and flags anything that is known to be malicious.

Are there any downsides? Yes. Are they as bad as some say? The Android example tells us that it doesn't have to be that bad.

[judge2020]

> They could implement some kind of tracking, but again, remember that the app runs in a sandbox and Apple controls that sandbox.

Sandbox escapes are incredibly common, Apple still controls eliminating your business from iphones if you attempt to use an exploit to pull user data when you distribute through the App Store.

If you can do distribution via your own site, it becomes a whack-a-mole game with Apple - where data exfiltration exploits are found, Apple fixes them in a new update, then we have to wait for people to update.

And until most users update, the at-fault company is busy siphoning data from any user who can't update (e.g. no wifi / limited data plan) or any user who is slow to approve the update dialog. Eventually the company's app will grow to contain an exploit for the last dozen iOS versions that conditionally execute based on the iOS version/feature detection/probing for exploit availability.

[luuurker]

> Sandbox escapes are incredibly common

If iOS' sandbox is that insecure, then they have a problem on their hands.

[judge2020]

The sandbox is the largest attack surface ever and trying to lock it down from everything forever is basically impossible.

[Gud]

And as soon as app X starts exploiting a sandbox vulnerability, apple will patch it.

[judge2020]

Apps without app store review could also start delivering dynamic code packages that aren't included in the binary. There could be targeted attacks via these apps on specific users (say, journalists, politicians and their families, etc) not delivered to everyone; Apple thus can't analyze until it's been delivered to a device they control. App Store rules forbid dynamic native code delivery.

[hagbard_c]

> Are there any downsides? Yes.

There are downsides for Apple to the rate of their 30% cut. That is why they are doing their best to keep sideloading off their devices. Not to protect users - as you already stated there are many other layers of protection in place for that - but to protect their revenue.

[tptacek]

I think one thing that's happening is that people have forgotten (or are too young to have really experienced) the absolute torrent of crapware that preceded the closed mobile app ecosystem. Almost no app developers had your best interests at heart, and some of the few who did ended up selling their apps to developers that didn't. If that risk seems remote now, it's in part because of the App Store.

[userbinator]

I remember, and would still prefer that "torrent of crapware" which one could make up one's own mind about, rather than the dictatorship of the walled garden.

It's not like the App Store review process is particularly trustworthy either. There have been plenty of stories here and elsewhere of that.

Almost no app developers had your best interests at heart

Neither does Apple nor the developers of apps in the App Store. In fact, given the fees, they have even less incentive to avoid greed.

[tptacek]

Absolutely. I'm glad you have the choice to use platforms that don't block crapware!

[nottorp]

> preceded the closed mobile app ecosystem

Just because the app store is closed it doesn't mean it's not full of crapware?

All the "games" are IAP fests. Every time you search for some big name app you get the app (if available) and a bunch of results that are named so deceptively that you're afraid to click on them.

Every week there's another story about a flashlight app that charges a 50/month or 9.99/week subscription.

So tell me how Apple's app curation helps?

> If that risk seems remote now

Maybe to you? I haven't looked at iOS games since the days of the iPad 1, when Apple hadn't pushed all game devs into IAPs yet.

And the few apps I bought, they were mentioned on forums not connected to Apple. And as you said yourself, there's always the chance the app gets sold and the terms change, and the walled garden won't help a single bit.

[tptacek]

Who cares if games have IAPs? That's not what crapware is.

[nottorp]

Sounds like you don't play games :)

[tptacek]

Not so much, no, but if you'd said in 2005 that there'd be a mainstream platform for general-purpose computing where the worst problem was that a lot of the games had in-app purchases, nobody would have believed you.

[nottorp]

Conveniently ignoring the subscription flashlight apps and the still existing chance that apps get sold and become predatory on the next update, I think…

[luuurker]

Do you know anyone that has any of that old crapware on their Macs or had their Mac infected by malware in the past 5 or 10 years? I don't. And they can go to a website, download and install any app they want.

What about Android, which lets you sideload apps? How many people do you know that sideload apps or have installed a malicious app from outside the Play Store?

Yes, the App Store was and is important, but you need to look at other platforms if you really think that Apple allowing app sideloading (proper sideloading, not that shit they're doing in the EU) is going to take us back to the days of browser toolbars. iOS is not Windows XP.

[jncfhnb]

The downsides to not having a vpn in an oppressive regime are limitless

[1over137]

iOS has IPSec VPN support built-in, you don’t need the App Store or even an Apple ID to have a VPN.

[amritananda]

China's Great Firewall is known actively detect and block most VPN protocols and things like SSH tunneling. There are custom protocols designed to camouflage traffic, but they require apps (e.g. Shadowrocket for iOS) which are, surprise, unavailable on the Chinese App Store. IIRC the same sort of blocking also happens in Iran as well.

[WheatMillington]

In which case Apple's move here is anti competitive and monopolistic.

[judge2020]

I'm not sure a country where they're forcing a company to take down apps would allow them to then get sued for the act of compliance being considered anti-competitive. Obviously whatever Apple does in a specific country can't be used to prove anti-competitiveness in another country since that country doesn't have jurisdiction.

[lupusreal]

Not quite sure I follow that logic. The point is an iphone can be configured to use a VPN (operated by anybody, not limited to Apple) without requiring the use of apps.

[luuurker]

> The point is an iphone can be configured to use a VPN (operated by anybody, not limited to Apple) without requiring the use of apps

A very specific type of VPN, which is easily blocked.

I don't know if it's monopolistic as the comment you replied to says, but in the context of the thread, the build-in support doesn't fix the problem banning apps from the app store creates.

[dahart]

How do you know Apple is making a move? What if this is a technical glitch?

[WheatMillington]

I dont understand how you can look at what is happening right now in this very article and say "Apple has my back".

[felipelemos]

> Playing devils advocate for a moment: One reason why is that many app developers truly do not have your best interests at heart.

You are right, and neither Apple does.