I suppose the next stage of malicious compliance will be to allow absolutely everyone to publish apps everywhere, but with some technical warning that is designed to be ignored.
I suppose the next stage of malicious compliance will be to allow absolutely everyone to publish apps everywhere, but with some technical warning that is designed to be ignored.
That would be great! I'd love to just be able to make and app and let Iphone users get it, without Apple having any business in it.
I would love that. I have recently tried downloading a few apps for different reasons and every single all is locked away, for any useful features, behind in app purchases. I remember the days back when iPhone first came out you could find apps and no such thing as purchasing features. It dawned on me that my iPhone is a pretty shitty platform unlike my Pc where I can download many free open source projects made by passionate people who like to share. I haven’t owned an android in years but I am seriously contemplating getting a google pixel phone as they still have unlocked bootloaders. Our phones are capable of so much more but have been dumbed down so apple can let developers sell us features through apps while taking a 30% fee along the way.
> I have recently tried downloading a few apps for different reasons and every single all is locked away, for any useful features, behind in app purchases.
And you think those developers, once freed from the Apple App Store, will release their apps for free on the web???
Probably not them, but other developers for whom Apple's bullshit (like the 99$/year fee) is too much of a barrier of entry would be happy to share their work for free.
Well if the iPhone was not locked down and one could install open source freeware yes. There are apps for almost anything you can imagine for free on a pc. Look at OpenOffice for example. Free where ms version is quite costly. People are passionate about sharing things. Yes there are paid software that is great and I think they should be allowed as well but they should also have to keep innovating and offer something to entice customers like real human support for example. But open source freeware also has a place but it is being blocked for “security “ which too is alright but at the end of the day we have these phones which are very powerful mini computers and if I want to risk my security I should be allowed to install anything I want. This is why I was into jailbreaking back in the day. I bought an iPhone and the guy at the cell store sold me 1000 video messages with my plan. Be me surprised to learn there was not even a way to take videos on the iPhone back then (people think this is bull shit but it is the truth iPhone only had a camera back then no video). When I searched how to take videos I learned about cycorder available on cydia. Then I learned about jailbreak and took the chance and did it. Then I was able to take videos. Although apple slowly closed the gap a jailbroken phone was far more superior for years. My current iPhone is jailbreakable but I have been out of the scene a long time so not sure I want to mess around I think it might break my banking app not positive but haven’t the time to figure it all out.
This reminds me of my tragicomic experience trying to install a calculator on my work iPad.
First one I tried had ads.
Second one required making an account.
Third one had some features reserved for the paid version (e.g. factorial).
Then more adware and other crap.
After 20 minutes I gave up and used pen and paper.
Same with PDF reader. A simple one that just let you read and annotate is something I guess no one is asking for. Everything has a premium plan that is a subscription.
This kind of UX is why I ended up installing a bunch of the official geogebra apps on an ipad in the past. Although, almost any calculation you'd want to do on a calculator can be done inside of spotlight search.
You just explained why web apps are nerfed on Safari.
What's malicious about that? That the warning is designed to be ignored? If they deleted the warning, would that be much different?
I suspect the GP is being sarcastic.
The same reason it’s frowned upon to install random apps from the internet onto your PC. It’s a disaster waiting to happen.
It's not frowned upon, it's the normal way of doing anything non-trivial in Windows land. You don't get something from a repo, you go to the Foobinator Tools website to download BarApp Pro
Windows is frowned upon.
Laptop sales decline every year. People are giving up the idea of keyboards and big screens to avoid Windows laptops. Copying and monetizing the open source repo idea is the smartest thing smartphone manufacturers did.
I thought Windows had winget or something now?
Sounds like their sandbox and permissions system is lacking then.
Hmm somehow I can go to any website in a browser and be just fine hmmmm
I've directly installed hundreds of apps on my PC. No disasters have happened.
“I’ve driven many miles and never crashed. Why do I need to pay for seatbelts?”
These are population level decisions which require you to think about mainstream use. For example, you probably have been safe because you know what to look for. This is not true of the general public and there are millions of people who _thought_ they were making a safe choice and only realized later that the polite person in the call center was not actually trying to help them, etc.
The implication that restricting user freedom to the degree that Apple does is as vital as the seatbelt in your car is hilarious to me. A better analogy would be "how come my Apple car can only drive on Apple-owned toll roads but every other car can drive wherever it wants?"
“Why are people buying safer cars than the brand I am emotionally attached to?”
Read through what’s actually happening:
https://developer.apple.com/support/web-distribution-eu/
> Apps offered through Web Distribution must meet Notarization requirements to protect platform integrity, like all iOS apps, and can only be installed from a website domain that the developer has registered in App Store Connect.
If you can’t see a safety benefit, go look at the Windows or Chrome extension malware industry and the billions of dollars it costs people every year. You don’t have to like Apple or agree with everything they’re doing to understand that there is a real problem here.
https://news.ycombinator.com/item?id=39685272
The problem exists in the Apple app store. So why behave as if it is an issue unique to windows and android?
The apple situation makes it worse, people now expect the app store to be a safe place to download from and perhaps do less due diligence because they assume apple are doing the heavy lifting, mainly because Apple keep telling us they are doing the heavy lifting to protect us.
Right; but the whole point of a browser extension is that it interferes with how other webpages work. But iOS apps can’t do that. They’re more like webpages themselves - sandboxed and run as isolated processes. In the absence of browser bugs, it should be safe to click any web link. Websites can impersonate one another. But my device stays secure.
iOS apps already work like that. Why does Apple have so little trust in their own security model?
I have no emotional attachment to any brand, and I suspect that you are projecting your own attachment by saying so. I simply want tools that take orders rather than give them. I want a system that gives me so much freedom that it will let me sudo rm rf myself. That is important to me on a pragmatic level (not an emotional one) because it is useful enough to me that it is non negotiable.
The usual line after this is "then just don't use Apple," and you'll be happy to learn that I don't and probably never will regardless of what changes they make. I am just baffled by the comments in here defending their behavior. Why subject yourself to this? Of all the brands to get attached to, why the one that makes it so obvious that they're milking you for every dollar they can get? If that answer is that you genuinely can't avoid getting malware unless you are physically prevented from doing so preemptively, then so be it, but I don't get it otherwise.
[flagged]
[flagged]
> “I’ve driven many miles and never crashed. Why do I need to pay for seatbelts?”
Bad analogy. A better analogy is: I’ve driven many miles and never crashed. Why do I still need Toyota's permission to drive?
I'm absolutely in favor of "seatbelts" for computers, but that means sandboxing, not censorship or rent seeking. It also means you can remove the "seatbelt" when you need to.
I used seatbelts because every car safety measure you can think of has had someone complaining about having to pay a cost for something they’re too good a driver to need. Having apps notarized to enforce some basic legal & safety standards seems similar: it definitely costs more than zero, it definitely is a restriction on absolute freedom, but it helps prevent things which are statistically certain to keep happening otherwise.
That's a very weak argument in favor of apple, and I respectfully disagree. Just another variation of 'think about the children' meme without much substance, repeated in every single apple discussion ad nausea.
Look, you lock your phone as much as you like, your device, your choices (here we are already very far from apple mindset). Why the obsessive need to push this on literally everybody and not even giving the choice? Maybe you have some serious impulse control issues, but most of us don't.
It can even be part of purchase process - choose ultra secure more locked down model, or on-your-risk more free.
But we all know all this is just about 1 singular thing - revenue via customer/market capture. Oracle stuff indeed.
> Look, you lock your phone as much as you like, your device, your choices (here we are already very far from apple mindset)
It keeps software and service vendors from going around security and privacy protections. Folks don’t always have a choice of what they have to install, so “just don’t install their stuff if you don’t like it” isn’t sufficient to achieve the same results, even if we ignore the inherent difference in UX between “100% of the software for this goes through the App Store” and “some software is not on the App Store”.
Doesn’t mean you have to agree that path is better, of course, but it’s also definitely not so easily dismissed as ridiculous.
Software and service vendors can't "go around security and privacy protections", they can do exactly what the operating system and Apple allow them to do (short of actual bugs and vulnerabilities which would exist regardless of distribution method).
Either those protections are technological, baked into the OS, and therefore apply equally to all installation sources, or they don't exist. There's no in between.
There’s in-fact an in between, which is humans enforcing rules. It’s what’s in place now. It does have an actual effect, it’s not like it’s imaginary or doesn’t do anything. Some of the rules aren’t practically enforceable by software alone, at least so far (things like “don’t try to fingerprint the user or device in unauthorized ways”)
Those rules are even less enforceable by human reviewers because they don't employ people to reverse engineer your app, never mind any subsequent updates.
Your contention is that the review process entirely fails at enforcing privacy and security rules that cannot be achieved entirely through automation, or fails at such a high rate that it may as well be entire?
That doesn’t reflect my experience submitting apps, nor as a user of Apple devices. It’s certainly imperfect, but it achieves a lot more than if they simply stopped doing it.
[edit] and in fact, some of the automated checks wouldn’t be practical to run on a user’s device—are those also totally ineffective?
Look at the history on the PC and Mac desktop side. Ever see someone who had Firefox or VLC, only the binary they got was loaded up with things not shipped by the real developer? Notarization prevents that shady phished from talking your dad into installing “a critical security update!!!” from their own server and then either having it immediately get access to his stuff or walking him through logging into his password manager, etc.
I'm not against notarization as long as it's free (akin to Let's Encrypt) and strictly used for combating outright malicious software like you described, and not as a way to keep competitors off the platform, rent seek, or ban apps for "philosophical" reasons (like NSFW content).
They're intentionally conflating these objectives to give themselves an excuse for maintaining their stranglehold on users and developers alike. They need to give up some ground if their security concerns are to be taken seriously.
I'm sure all the smart people in Cupertino (and elsewhere) can figure out some really great solutions for protecting users in an honest manner, if only their leadership didn't instruct them otherwise.
Analogies don’t really work in arguments, it always just devolves into an argument about the analogy. They are useful in other contexts (like teaching, where it might be necessary to simplify something).
Overuse of analogies is one of the worst things the internet has done to discussion in general.
> Having apps notarized to enforce some basic legal & safety standards seems similar.
Which things, exactly?
Consider how well malware and adware has done where the authors can impersonate legitimate developers (remember when people got faux-Firefox as the first Google hit?) or can run distribution campaigns from shady web hosts for years? Notarization and domain limits mean Apple can block malware almost instantly and the developers have to burn a real company identity on each attack campaign.
https://news.ycombinator.com/item?id=39685272
Not exactly blocking immediately are they.
https://news.ycombinator.com/item?id=39685272
Making a safe choice by downloading an app from the app store where Apple reviews all apps for user safety and security.
Some people need to be protected from themselves though. I don't receive support requests anymore from my grandparents since they switched from a Windows-based computer to a ChromeOS system. It suits their needs while being locked down, and it limits the amount of damage that can be done.
Isn't ChromeOS secure because of sandboxing, not because of curation? And isn't the situation similar with iOS? I wouldn't really expect Apple's curators (or automated analysis) to reliably detect malware, but I expect the OS to limit what kind of damage can be done.
> I don't receive support requests anymore from my grandparents...
And yet the ChromeOS platform still supports putting hardware into developer mode.
Apple's policy is about protecting profits.
Mobile OSes are not the same as windows or even Mac.
With typical usage they contain more sensitive data and people are less aware of what happens in them than PCs.
And mobile phones are perfect spying devices too. So the security question is more delicate
Well, not really. Usually people have all their personal data on their PC, rather than mobile phone.
Maybe this is changing for young people, but on my parents hard drive (for example) there is 30+ years of all sort of personal data, documents of every kind, emails, documents, etc. Not counting all the password and access saved in the browser itself.
If we talk about businesses, public administrations, hospitals basically everything is inside computers, including very sensitive data.
The location data from your PC, for example, is not nearly as sensitive as a phone.
Yeah, their main differentiator is that they’re locked down.
They're locked down through technological measures such as sandboxing, which is designed to resist against malicious guests regardless of their origin and distribution method.
and are most peoples 2fa device
You mean like Android does?
I'm developing an open source app(flutter) I have already started it in a simulator(kvm). I just don't want to jump through all the hoops and pay to be able to publis the app somewhere for ios users.
Nah, I bet they'll let people install apps from anywhere, but for those apps they'll purposefully crack open the app sandbox to truly allow anything & everything, then when malware/scams hit Apple will be like "see, we told you it was a bad idea "
Predicting it now.