Hacker News new | ask | show | jobs
by ryankrage77 296 days ago
Apple and Google insist their walled gardens are needed for user safety and security, but they can't even catch popular apps violating their own policies. It casts (even more) doubt on their ability to screen for malware, phishing, etc, which are already rampant.
2 comments
musicale 296 days ago
You're not wrong, but Apple and Google probably remember things like the Facebook VPN fiasco of 2018, where Facebook's VPN app was banned from the app store for breaking privacy rules – and then they turned around and abused enterprise app certificates to sidestep the ban.

> By installing Onavo, millions unknowingly granted Facebook full access to their digital activity. App usage, browsing habits, and precise timestamps were silently collected. Facebook VPN didn’t just observe its own users - it tracked behavior across rival platforms like YouTube, Amazon, and Snapchat.

> ... Engineers exploited Onavo’s infrastructure to install a root certificate on phones, masking Snapchat’s servers to decrypt user activity.

This is an obvious security hole that should never have existed, but the fact that Facebook eagerly exploited it, while abusing VPNs for tracking and enterprise certs for sidestepping app store privacy rules, shows the threat landscape.

https://www.analyticsinsight.net/news/when-facebook-used-vpn...

link
echelon 296 days ago
The DOJ/FTC need to end app stores on phones.

Two companies can't own all of computing.

Smartphones are the internet for most people, and two companies have installed comprehensive paywalls and distribution gateways.

It's unnatural how large and complete their monopolies are.

Call your legislator and demand web installs without scare walls and hidden developer flags. With no phony restrictions on app type, technology choice, JIT/runtimes, or UI adherence.

We need complete freedom on mobile.

link
ronsor 296 days ago
I agree, but we shouldn't end app stores entirely. I don't want to go back to the days of Windows in the 2000s where you always had to download random executables from websites to install software.
link
Pooge 295 days ago
This is 2025 and still the way it works. I've never seen a lambda user install a package manager.
link
echelon 295 days ago
We have scoped accounts, jails, permissions, and a whole host of new protections now.

And this is still how people get desktop software.

link
whyoh 295 days ago
>had to download random executables from websites

I don't remember being forced to use a randomizer for downloading executables...

Actually, people are more likely to install random apps from an app store, because the OS promotes that behavior.

link
999900000999 296 days ago
>We need complete freedom on mobile.

Technically alternative stores exist on Android.

On IOS you can argue customers are paying for security.

Stopping Billy from downloading a key logger is a corporate choice Apple makes.

If you need to install random binaries from the internet your free to buy android device or a cheap computer.

iOS reduces the attack surface.

link
echelon 295 days ago
> Technically alternative stores exist on Android.

You have to navigate five settings menus deep to enable the ability to even install them, and after that the OS scares you into thinking it'll turn your phone into a grenade.

Unless you're 0.0000001% of users, you will never do this.

Google knows what they're doing. It's the tyranny of defaults.

link
999900000999 295 days ago
That's fine.

Most people are stupid.

In the modern era getting access to your personal phone let's an attacker have access to your identity, finances, etc.

A better approach would be real sandboxing, but let's not get our hopes up.

link
musicale 295 days ago
> The DOJ/FTC need to end app stores on phones.

Game developers like Epic would certainly like to pay less money to Apple and Google than they pay to Nintendo and Sony (and Microsoft for the Xbox game store), but what's the legal argument for terminating Apple and Google's walled-garden game store businesses? And doesn't Android already allow sideloading?

> Smartphones are the internet for most people, and two companies have installed comprehensive paywalls and distribution gateways.

The web is the internet for most people, and neither Apple nor Google have installed paywalls and distribution gateways for third-party web pages. (Apple does restrict browser engines, but ironically that might be the only thing preventing a chromium monoculture.)

link
echelon 295 days ago
Phones aren't rinky-dinky little games. Games, that mind you, have over a dozen choices in terms of platforms and are highly competitive.

Phones are used for everything in life. Finding jobs, finding romance, ordering food, paying for things, navigating. You can't even pull up a menu at a modern restaurant without a phone.

Phones are the entirety of computing for over 50% of Americans. Are we going to let two companies own the entirety of that and tax it?

Imagine if our cars were like phones. When you take your Honda out for a spin, if it couldn't visit certain destinations. Or if your car taxed McDonalds (which passes the cost onto you) every time you stop by. Imagine if it shoved its view of what it wants you to see in front of you, forcing you to take detours or miss your objective entirely. That's what our lax regulatory environment has allowed to happen to computing.

link
musicale 295 days ago
> Imagine if our cars were like phones. When you take your Honda out for a spin, if it couldn't visit certain destinations

What web sites are you seeing that are blocked on Android (or is is just an issue in Chrome?)

Have you tried turning off "Safe Browsing"?

It's arguably a legitimate safety feature, but I believe you can turn it off and visit any web site.

I think sites presenting forged or expired SSL certificates are blocked (probably a legitimate security feature), but it may be possible to add them manually if desired.

link
Gunax 296 days ago
And yet, people keep buying i Phones. They have a choice. And they are opting in to a closed platform. Likewise with PlayStations and Wiis versus computer games.

Consumers largely don't care and are not interested in esoteric concepts like free software. I would be careful about dictating how things should work.

link
echelon 295 days ago
Both platforms are closed. There is no choice.

Do you know how difficult it is to exercise your freedom to install software on an Android?

Both of these companies know what they're doing. They've co-opted computing and have locked it down and owned it.

link
musicale 295 days ago
> Do you know how difficult it is to exercise your freedom to install software on an Android?

Download the APK, open it, and tap past the warnings?

https://www.androidauthority.com/how-to-install-apks-31494/

Isn't that about the same difficulty as installing an app from a .zip on Windows or a .dmg on macOS?

link