Apple Justifies iOS App Store’s Tight Control in White Paper

Fair point, although arguably, Apple has created a position with the App Store where they don’t need to sell us any more stuff because they’ve created rules that prevent all competition.

I think there’s a spectrum of possibilities surrounding how Apple could allow developers to use third-party payment systems. Apple already requires a great deal of developers, with the Made for iPhone program being one of the more limiting. So Apple could require certain privacy-protecting policies of payment systems, and allow only those that meet both Apple and regulatory bars. Similarly, it could require that all customer communications go through Apple’s new privacy-protecting email address system that’s coming in Monterey in such a way that customers could easily identify or block spam.

Obviously, this is all speculation, but Apple has already built an incredibly complex—technically and policy-wide—system around the App Store, so I don’t think it’s unreasonable to ponder other ways the company could expand it to meet other needs and desires.

This is a big reason why people willingly sign up for affinity credit cards and retailer membership programs. They are more interested in cash back, user discounts, donations to causes, etc. than privacy. Data brokers, including but not limited to, Google, Amazon, Facebook, Axcion, etc., etc., make the information they accumulate available to just about anyone who will pay for it. Though infinitely more data about everyone and anyone is available since the development of the interwebs and mobile communications devices, collecting third party information and finely tuned targeting is nothing new. It’s been around for well over a century.

I don’t care what developers want and I am tired of their grizzles. Most of them wouldn’t be in business without Apple, the iPhone (invented by Apple) and the App Store.

As an iPhone owner, I want a single App Store, no sideloading, top security and privacy, well designed and high quality apps. I do not want to waste my time going through the hoops with alternative app stores or buying directly from developers; I dont have time. I don’t buy in-subscription apps at all because it is difficult to determine the value and monitor price-creep. If the app that I want is top class, then I am happy to pay top price. I certainly do not want my personal details given to any developer because I do not trust them to appropriately manage my personal details.

The various governments’ and regulators’ approach in this whole business is overriding customers’ interests. To me, Glenn’s take is that of the regulators and developers.

I’m okay with the macOS approach as it is easier to qualify non-App store developers and most downloads are updates of already purchased apps.

I think a lot of apps will still use Apple for payments (at least as an option) because the conversion rate will be so much higher. It’s far easier to pay through the App Store or in-app purchase than entering all your billing details in an app. And for kids that aren’t given free reign of their parent’s card, the App Store is the only way they can pay for something (via the ‘request’ feature of family sharing). Ultimately, I can’t see a huge exodus from App Store payment even if developers could use their own systems. And the big ones that can take the financial hit have already left (see Netflix, Amazon, etc.).

How likely is this to happen, though? Given that sideloading is possible on Android and Google is generally less restrictive, why haven’t the big players set up their own alternative stores there. I think it came out in the recent Epic trial that they had tried distributing Fortnite for Android outside the Google store so they could avoid paying Google a cut, but they had to abandon that and put it on the Google store because they couldn’t get enough people to download it outside the official store. If a big company selling a game as addictive as Fortnite can’t make a profit selling outside the official platform app store, it’s hard to see anyone else doing it. Or, to take another example, why hasn’t Facebook taken their app off the Google store? Surely that would give them a lot more freedom in what they can do with the app?

I have to say, I’m still on the fence as to whether sideloading would be a problem if it were allowed on iOS. The counter argument is that Android is already a lot more permissive than iOS, so a company like Facebook has a lot less incentive to go to the effort of an alternative distribution method. And of course, once you allow sideloading, it would be near impossible to take it away if things did go badly. The specific implementation would make all the difference. Apple could allow sideloading but make it so onerous to enable that it’s not a viable route for any mass market app.

So… I still don’t know what I think. But the worst case scenario seems unlikely given the state of app distribution on Android.

As the owner of BusyCal, BusyContacts, Omnifocus, and many third party apps with Apple competitors, I think the lack of competition has been overstated.

I suspect that many developers would fight against even those regulations. There’s an assumption that the result of forcing Apple to open up will be [insert this more reasonable solution] rather than [insert some highly unpleasant scenario]. I’m not sure the optimism is justified.

Amazon has had an Android store for a long time. I don’t think it’s all that popular, but it’s there. And apparently you can pay with Amazon Coins. The Amazon App

We may find out how popular third party app stores are. But also, look at the Mac and Windows platforms, where the central stores are less dominant. This won’t be anything new.

I’m not saying there isn’t competition for Apple’s apps, I’m saying that there’s no competition for the iOS App Store. That’s the reason Apple doesn’t need to care about selling iOS users more stuff—there’s nowhere else to get iOS apps. Cydia doesn’t count.

Amazon’s Android Store is a default on all Kindle devices and their Fire TV stick, and it is hugely successful and popular. It will be the default shopping app on Microsoft’s soon to be released Windows 11. What I think is exceptionally creepy is how tightly Windows 11 will mesh with Amazon shopping and very creepy Amazon Coins. I suspect it’s a kind of an admission on Microsoft’s part that Amazon is better at selling a wider variety of stuff to Windows users than they are.

Sure – but focusing on the App Store ignores that Apple makes the vast majority of its profits from hardware, not software. The App Store and the privacy & security emphasis is a way to sell people on buying more Apple iPhones and iPads. And there’s plenty of competition in that space.

Opening the App Store would compromise the privacy and security that Apple touts and thus make the iPhone and iPad less marketable in that regard.

I think this is the point. Even if third-party stores could exist on iOS, I’m not sure they would gain much traction. Is there any (significant?) Android app that is on the Amazon app store but not the Google one?

But success is irrelevant in terms of security. Opening a hole in iOS that allows third-party stores, third-party billing, and/or side-loading would open up a raft of security issues whereby innocent people would be duped into clicking links that would take them to alternate stores/download sites/payment methods and expose them to malware, scamware, viruses, and fraud.

Even if only a tiny fraction of iOS users were so scammed, the breaches would be serious (i.e. financial) and in the hundreds of thousands. It would be a disaster.

I agree the App Store has problems and isn’t perfect, but opening the phone up isn’t the answer. It would create far more problems than it solves.

I agree with this, and I think that Apple should be given credit for creating a growing and thriving retail environment that gives developers the opportunity to reach over a billion iOS device owners. And these iOS owners spend much more per capita in Apple’s App Store than Android owners do in Google’s store.

And there have been some very serious data breeches of Microsoft’s cloud services over the past few months, including Solar Winds, exposing the data of hundreds of millions of users. That doesn’t even count the recent mega zero day hacking of Microsoft owned LinkedIn, which compromised over 90% of its millions of current members around the globe.

I’ve used it. It’s not the end of the world. You do have to configure Android to allow installation from “unknown sources” in order to use it, but you can also revert the setting (to block unknown sources) when you’re not actually installing an app, if you are worried about malware auto-installing something.

Personally, I think there’s a happy medium here. Apple (or Google, for that matter) doesn’t need to remove all access controls in order to permit third-party app stores. You can instead make “install software” another permission that an app needs if it is going to be allowed to install additional apps. With such a feature, legitimate app stores (like Amazon or Samsung or your wireless carrier) can install your purchases without permitting everything in the world access.

Yes, a user might be tricked into installing a malicious app store, but there’s no way to avoid that. It didn’t destroy the Windows platform (where malware is a far bigger problem), it didn’t destroy the Mac platform and it won’t destroy iOS. And those that don’t want to trust third-party app stores can use the existing permission mechanism to block apps from installing additional apps.

And, of course, there is no reason why iOS can’t still require apps to be signed and notarized even if they are distributed by a third-party store. Gatekeeper on macOS does this and it seems to work just fine.

It’s been a while, but I don’t think so. But they don’t cost the same. Amazon offers discounts and promotional pricing that isn’t always mirrored on the Google store. Back when my personal phone was Android (admittedly, several years ago), I used both Google and Amazon for my app purchases.

No different from any other computer platform. Macs aren’t the wild west despite the fact that anyone can install apps from any source. Gatekeeper is sufficient to make sure you really really mean it when you try to run an app that isn’t suitably signed, but it lets you make the final decision.

I see no reason why a similar mechanism couldn’t be done for iOS. Yes, some people will be fooled into installing the mega-virus-spam-adware app, but the only way to protect those people is to block all third party apps completely. Ultimately, you have to treat your customers as adults and your customers need to deal with the consequences of making bad choices.

I think it would be perfectly fine to treat iOS like macOS - allow installation of signed and notarized apps from any source, but require users to jump through a few hoops before they’re allowed to install apps that are unsigned or have self-signed certificates.

But I’m 99% certain that Apple has motivations that go beyond system security. And I’m even OK with that, but I wish they would admit it and stop pretending that their motives are purely altruistic.

Macs are a fraction of the installed user base of iOS. The target for the latter is much bigger and thus much more lucrative.

I don’t really understand this. Apple’s very upfront in its quarterly sales releases about how much money they’re making from services, so they’re not hiding it. But what else should they do? Have Tim Cook roll around in a pile of money laughing on live TV? I’m not sure why companies are expected to fess up to aiming for a profit, as if that revelation will neutralize everything else they do.

No argument. But in this context, we’re talking solely about Apple’s iOS App Store policies and how they may not track with what a normal store would have to do because Apple has ensured that there’s no competition for the App Store.

I tend to agree. I’m not exercised about sideloading; in my ideal world, Apple would compromise on a variety of non-technical issues, such as by lowering the transaction fees, because I think those would cause a lot of the other complaints that could hurt security to go away.

Well, wait. I’m not talking solely about the App Store, because I don’t think you can do that without considering the larger context.

The entire context here is the article Glenn wrote about Apple’s white paper justifying its actions with the App Store.

I don’t think it’s possible to limit it that way.

Then you are certainly welcome to start a new topic which scopes things to your liking.