Apple Justifies iOS App Store’s Tight Control in White Paper

Originally published at: Apple Justifies iOS App Store’s Tight Control in White Paper - TidBITS

Apple says that the dangers of allowing customers to load arbitrary apps are too severe and that the iOS App Store is a bulwark against ransomware, device hijacking, the invasion of children’s privacy, and other problems common on Android.

1 Like

I’m not sure I buy the logic that security should default to the lowest denominator. Just because the Mac is more open than the iPhone doesn’t mean that Apple has to drop the iPhone down to the Mac’s level. In fact, rather the opposite seems true: Apple offers you a relatively open platform (the Mac) and a much more closed platform (the iOS). Customers can decide which computing platform they want to buy.

On the motivation front, the unspoken assumption behind the logic is always that there has to be one motivator for Apple to do this. It has to be either revenue or privacy. But that’s flawed as well – people and organizations are almost always doing things out of multiple motivations, and it seems much more likely that Apple is motivated by both things.

Finally, just because the App Store is highly imperfect at weeding out scammers and the like doesn’t mean that allowing side loading won’t make the situation massively worse. In fact, it suggests just how much pent up demand there is to scam the billions of iOS users out there.

I own an iPhone, iPad, and Mac, and one of the reasons I like the iOS stuff so much is that it’s nicely locked down. One of the reasons I like the Mac stuff is that it’s much more flexible. I’d like to continue having both of those options, thank you.


That’s sort of the exact opposite of what I wrote, I think! Security can default (as on the Mac) to the highest model, but there can be titrated levels below it just as on the Mac. No security at all — unfettered installation without any involvement from Apple — seems like a terrible idea for iOS.

Here’s just one recent demonstration of how beneficial the App Store’s tight control is:

Great article, Glenn! I was dreading having to look through the entire white paper.

Allow non-Apple payment methods for digital goods:

Might this just lead to a lot more “free” apps that then require an in-app purchase through a non-Apple payment method in order to have a minimum level of functionality? Then Apple would be stuck reviewing and hosting apps that generate no revenue for Apple while remaining profitable for developers.

I don’t think it was. The lowest level here is the Mac, not absolute openness. The levels within Mac security is a bit of an illusion. As you pointed out, companies will insist their customers, and/or their workers go to the lowest level available. Fundamentally, it’s a more vulnerable model. Why is that better?

The argument shouldn’t be that iOS could be as open as the Mac, it’s why it should be. A company building safes could do a variety of security levels and no one would argue that their most secure model should be just as accessible as their lowest level. Apple is offering a range of computing devices with a range of security levels. As I said originally, I like that choice.

Companies can already insist on that; see article.

Possibly, but it’s also not very popular among users to have zero-function apps they have to pay to enable.

I don’t imagine any world in which the majority of digital revenue within apps wouldn’t accrue to Apple if they actually provided a competitive rate and worked more closely with developers instead of the current antagonism.

1 Like

That’s not an example of that. That’s an example of what happens when you abandon most of your devices from upgrade paths within a year or so and left gaping holes in most older versions.

1 Like

It’s not a demonstration of that. It’s a demonstration of how bad Google is.

1 Like

The numbers from Apple are meaningless.

As developer my wishes are:

Apps for iOS could be codesigned and notarised, too, so that there is no loss of security at all. Just the stupid review process isn’t done.

The stupid review process either needs to be removed or it needs to be done right. I can’t imagine that the reviewer has a nice job. The reviews are so annoying. It’s not the responsibility of the reviewers to give technical assistance. But when they find a bug it’s usually not reproducible so that the developer is screwed.

Mentioning my website and the non-AppStore version is very important to me.

I also would like a customer list. The customers are Apple’s and not mine because I don’t know who they are.

1 Like

I’m sure the iOS App Store review process does far more to protect customers from malicious developers than the automated vulnerability and malicious code checks done as a part of Mac app notarization.

But that’s not what the customers want. Sure, many will give it up if it’s part of the price of admission or trade it for something (sometimes for very little), but they wouldn’t want it to be the norm any more than they’d want General Mills to get their info every time they bought Cheerios at a grocery store.


I can’t speak as a developer, but as a consumer I’d prefer just a single App Store and no sideloading at all. What worries me about alternative app stores and/or sideloading is that we would need to pay attention to which app used which store or installation method.

It is simply fantastic that if I set up a phone from scratch I have a single place to find and install all of my apps - go to the purchased apps list and just click the download and install button for each one. I don’t want to have to remember that the Nest app came from Google’s store, and the Alexa app came from Amazon’s store, and Netflix required users to download the app to install directly, and Fantastical and CardHop only from the Flexibits store. The iPhone and iPad have been a huge improvement for the vast majority of users for this. (Of course those are examples of apps that would probably exist in the Apple App Store as well, but I just use them as hypothetical examples.) I could see some companies with extremely popular apps deciding to skip Apple’s review process and only distribute using their own or a third party store, or requiring sideloading. And of course nobody beats Apple’s method to unenroll from a subscription. I’ve had to make phone calls that take forever to cancel subscriptions and that is so much worse than a simple click.

Also as a consumer of course I’d want to see Apple’s payment processing fee reduced as low as possible, to reduce the cost of apps and subscriptions.

As for other improvements - allowing apps to point to how to create an account; allow (for example) Amazon to sell Kindle books within the app using their own payment method, just as the Amazon app sells physical goods - absolutely yes.

It’s complex, I know. Hopefully Apple will come up with a solution that is begrudgingly agreeable to all parties before they’re forced by government regulation or the courts to do something that we all end up hating.

1 Like

Uh, yes, that’s why I put in the “as you said” part.

So, yes, companies will insist that iOS users go down to the lowest level and that’s a model Apple should emulate?

Someone mentioned that this was an issue. A child gets a free game, then purchases game bling for hundreds of dollars.

When the freemium model first came to the App Store, this was a massive issues. Fortunately, because the payment systems were handled by Apple, Apple reversed the payments then tossed the miscreant app and developer out of the App Store. If the child purchased the games through a third party service, Apple couldn’t return the money, but the parents would still be mad at Apple.

Now these types of freemium apps plague the Google Play store, but not the App Store


This is not the clever rhetorical device you may think it is. It deters my interest in continuing a discussion

I meant the enterprise distribution model mentioned in the article that is not the part you were referring. Companies can today make their employees install apps that they develop or license and distribute through that method.

It was in response to a strong indication that you hadn’t actually read my comment, so I’ll take the risk.

Thus addressing half my point, which talked about “customers and/or employees.”

For the most part, I don’t think customers think twice about whether the store or the manufacturer knows that they’ve bought something. And manufacturers have long tried to learn more about their customers when they aren’t selling directly—witness those “warranty” cards that used to be the norm, and all the various contests that breakfast cereals used to run. And of course, the stores often then turn around sell that data back to manufacturers in various ways.

Part of the problem is that it’s not clear that it’s any better that a store knows what you’ve bought than that the manufacturer does. Both want to sell you more stuff, only the store is less picky about which particular stuff.

All that said, I do think we’re in a different era now, and the tech world is very different from the breakfast cereal world. I’m sensitive to this issue particularly because of my 14 years running Take Control, where we cared deeply that we be able to communicate with our customers. Some of that was for support reasons—we really did look up what people owned when they wrote in and used that in part to inform our replies—and some was for marketing reasons. Our goal was to create products that would result in loyal users who would buy more from us, and one aspect of that was to build tight customer relationships. We sold through other stores where we didn’t get any customer information and they were less valuable to us (but we turned around and used our Check for Updates system as a way to bring those customers into our orbit). Joe may have different thoughts about this now.

So, obviously, opinions may vary on this topic, and I’m sure there are stores that care deeply about building strong customer relationships more than the manufacturers whose products they resell, but I’m very much on the side of manufacturers being able to build customer relationships.

I like the idea of manufacturers building relationships with their customers in ways that support the customers (and I think that you and “Take Control” model that very effectively). The problem is that the abuse of that knowledge has been so systemic and so widespread that it’s hard to trust anyone.

Two other notes to think about:

  1. Apple’s not just trying to sell us more apps, they’re trying to sell us on Apple products as a trustworthy and private ecosystem. That changes the “stuff” analysis a bit, I think.

  2. If I give my personal info to 100+ App Store programmers and start getting mass amounts of spam, etc., I’m going to have a very hard time figuring out who to blame (remember the trick where, if you owned your own domain name, you could put slightly different email addresses for everything you bought and thus know who was selling your info? Fun times). If I give my personal info to Apple only and start getting spam, then I know very well who to blame (leaving out other ways my info might get out for purposes of this scenario).

I think we’re already in this world and it hasn’t been a huge problem. The reason is that Apple doesn’t require the use of Apple payment services for physical goods or service—in fact, it explicitly seems to prevent that:

  • 3.1.3(e) Goods and Services Outside of the App: If your app enables people to purchase physical goods or services that will be consumed outside of the app, you must use purchase methods other than in-app purchase to collect those payments, such as Apple Pay or traditional credit card entry.

For instance, I use the Coinless app to pay for car washes locally. It ties into Apple Pay or I could set up my own credit card.

That’s my belief as well. Apple can make it easier than anyone else, and could at least in theory make it cheaper too, given the company’s financial clout. I’d rather see Apple competing than controlling.

1 Like