[bloomca]

"Allow access" is pretty orthogonal, I don't know how it all works in mobile OSes, but I assume everything is virtualized there, so you can't just access whatever you want without user granting a permission (e.g. through a file picker system component).

You can also ship sandboxed apps on Desktop without the store (although I am not sure on how hard it is to auto-update them, usually stores handle that part), at least on Windows and macOS.

Stores handle storing the apps themselves and distributing updates, that part of the cost is real, plus they do manually review submissions (to some degree), but 30% is insane for that.

[labcomputer]

Well, some of the permissions include things like “allow the app to track the user for advertising purposes”. There isn’t a technical way to enforce that with virtualization and sandboxing.

You can enforce it by booting misbehaving apps from the app store... but that only works if there’s one app store.

[bloomca]

I _believe_ on macOS, if they revoke your certificate (the one you used to sign the app), the app moves into the "We can't verify that this app is free of malware" category, so in theory they can still do that.

But it is a nuclear option, and it would be a big deal if they did so for something "minor".