App Store Stopped 1.6 Million 'Risky' and 'Untrustworthy' Apps From Defrauding Users, Says Apple

[citysnaps]

If all you had previously was one choice and suddenly you had a few to several choices.
Then you look, analyze and make a decision.

Kind of a poor comparison.

Nice try. The question I posed was why would Apple go with a brand new app store with a zero demonstrated track record, potentially putting Apple's 1 billion customer's and Apple's reputation at risk.

Analyze what? Good intentions based on verbal assurances and unproven documents?

Similarly, would I engage a brand new home insurance carrier based on zero track record on paying catastrophy claims and rely on verbal assurances and good intentions. You might, and that's OK. I won't. I suspect Apple insures their properties with companies that have demonstrated track records as well.

 

[I7guy]

At times.
Serious difference in scale though.

And at that scale, it could be apple is perfectly accurate. The bigger the scale the harder to condense into a sound byte.

 

[Unregistered 4U]

The old security through obscurity argument. It's utter BS.

Right now, there’s a method users of MacRumors use to secure their domiciles from those that they would rather not have enter their domiciles. A large part of that security is obscurity, as individuals don’t post their addresses in their profiles AND don’t provide instructions on how to replicate their keys.

 

[Beautyspin]

Well, hopefully this app store company will have an accumulated a track record of results metrics that Apple can access along with the company's policies and procedures that have been in place, for some number of years. And Apple would compare their detection ability on a relative percentage basis to see if their results are somewhat consistent with Apples own internal findings. Again, on a relative percentage basis.

For a brand new day zero day alternate app store? Wow, that should give Apple a ton of pause going forward with a company with no experience. I suspect Apple would prudently stay way clear and seek out more experienced app stores with at least a track record to assess.

Would you insure your car or house with an insurance company that has no track record? Should you be required to? Of course not.

Similarly, Apple with super high standards, responsible for the safety of 1 billion+ customers, with their 30+ year reputation at stake should not be required to deal with brand new app stores with no demonstrated track record.

Will it be up to Apple to vet the third-party app stores? I doubt Apple has any say in who operates the alternative app stores. Anybody can come up with an Appstore and Apple would have to allow it. Also, why would the third-party app stores provide data to Apple who is their competitor? Will Apple provide them with their data?

 

[Tagbert]

Out of how many submissions though? Also, couldn’t another third party also moderate?

It is an expensive and laborious process with a lot of complications. I don't see third parties have that much interest in spending that much effort on it. Apple has their issues but overall, in this matter their interests are more closely aligned with their user's interests than most third party organizations.

 

[Tagbert]

So self serving of Apple. Looking forward to the day we can sideload apps.

Yes, that will solve this problem once and for all /s

 

[Tagbert]

Devs can make their own private functions /APIs and apple can't know what the app is doing without souce code.

Apple can do code analysis and detect things like use of prohibited private calls. They can test the code as it run to make sure that it doesn't download unregistered code at runtime. I'm sure there is other profiling they can do.

 

[ironsword]

Not a reason to prohibit side-loading. A lot of users will continue to only use Apple's app store. Having a choice isn't a bad thing.

 

[dk001]

Nice try. The question I posed was why would Apple go with a brand new app store with a zero demonstrated track record, potentially putting Apple's 1 billion customer's and Apple's reputation at risk.

Analyze what? Good intentions based on verbal assurances and unproven documents?

Similarly, would I engage a brand new home insurance carrier based on zero track record on paying catastrophy claims and rely on verbal assurances and good intentions. You might, and that's OK. I won't. I suspect Apple insures their properties with companies that have demonstrated track records as well.

Your premise is kind of lame.
Irrespective of the goods, if you have only ever had one venue and suddenly you have a bunch more you have some checking and some initial risk taking to contemplate. Just because it’s Apple doesn’t change that.

 

[dk001]

And at that scale, it could be apple is perfectly accurate. The bigger the scale the harder to condense into a sound byte.

Could be. Apple’s asking us to take it on faith. ?

 

[johnnytravels]

Oh please. How, pray tell, is a user supposed to know that a bonafide app from a respectable developer hasn't been infected with an upstream supply-chain attack unbeknownst to the dev? Apple may not catch them all but they're going to be a whole lot better at it than pretty much every end user (and as these kinds of attacks become more pervasive -- witness last week's CrateDepression -- probably better than developers themselves).

One can dislike the politics and economics of the situation but the technical reality doesn't care.

So you’re ‘Oh please?’-ing me but then you are describing a totally far-fetched scenario that is already totally prevented by an up to date Xprotect and basic code-signing.

That is the thing: If Apple only used a tenth of the resources that goes into the App Store to keep all the other security measures up to date, the screening process on the App Store would basically be superfluous. Users wouldn’t even see most of those crappy/dodgy/corrupted apps, because the entire presentation of such an app outside of the App Store would already be deterring.

Also, again, the point is not to force people not to use the App Store but to allow for alternatives.

 

[Maximara]

As I pointed out a long time before at the University of Utah in the 1980s we had this sweetheart deal where we got a three meals buffet style for a set per quarter price. Well some vocal 'I want choice' nimrods who were in the minority yelled and stamped their little feet and got the University to change to where the card functioned like a debit card and we got less and spent more.

Much the same thing has happed with streaming services where the big multimillion dollar companies have locked up their streaming programs to point to see what was once available on Netflix you wind up paying more than you did before - all under the guise of "choice".

Allowing sideloaded stores to the iPhone could make a real mess with more exclusives and less real choice and raise more questions about quality and security.

Those who don't learn from history are condemned to repeat it - often with horrid results.

 

[falkon-engine]

Well, hopefully this app store company will have an accumulated a track record of results metrics that Apple can access along with the company's policies and procedures that have been in place, for some number of years. And Apple would compare their detection ability on a relative percentage basis to see if their results are somewhat consistent with Apples own internal findings. Again, on a relative percentage basis.

For a brand new day zero day alternate app store? Wow, that should give Apple a ton of pause going forward with a company with no experience. I suspect Apple would prudently stay way clear and seek out more experienced app stores with at least a track record to assess.

Would you insure your car or house with an insurance company that has no track record? Should you be required to? Of course not.

Similarly, Apple with super high standards, responsible for the safety of 1 billion+ customers, with their 30+ year reputation at stake should not be required to deal with brand new app stores with no demonstrated track record.

I just want apple to support the idea period of alternative app stores. Then we can negotiate the details of the license to operate. But apple won’t budge thinking only it can safely operate an App Store which is not true.

 

[I7guy]

Could be. Apple’s asking us to take it on faith. ?

Im good with taking the numbers on faith. Intentional misrepresentation will come back to bite Apple. Ymmv.

 

[citysnaps]

Your premise is kind of lame.
Irrespective of the goods, if you have only ever had one venue and suddenly you have a bunch more you have some checking and some initial risk taking to contemplate. Just because it’s Apple doesn’t change that.

Sure it does. Apple with a billion+ customers has a 46 year reputation to protect.

The guy running the just launched Fred's App Store, probably not so much.


"and suddenly you have a bunch more you have some checking and some initial risk taking to contemplate."

How would I go about doing that checking and risk assessment? Walk me through the contemplation process.

 

[I7guy]

I just want apple to support the idea period of alternative app stores. Then we can negotiate the details of the license to operate. But apple won’t budge thinking only it can safely operate an App Store which is not true.

It very well could be true. And it's not the honest operators, it's the dishonest operators, likely increase in scamware, malware and copycat apps. Race to the bottom.

 

[Unregistered 4U]

It very well could be true. And it's not the honest operators, it's the dishonest operators, likely increase in scamware, malware and copycat apps. Race to the bottom.

The upshot of all these discussions is #iOSNeedsMoreMalware. It doesn’t matter WHAT spin they put on it, they’re the ground troops for the malware developers.

 

[I7guy]

So you’re ‘Oh please?’-ing me but then you are describing a totally far-fetched scenario that is already totally prevented by an up to date Xprotect and basic code-signing.

Code signing? Who is the trusted entity signing the code? Please elaborate some likely scenario on how code-signing would work in conjunction with side-loading.

That is the thing: If Apple only used a tenth of the resources that goes into the App Store to keep all the other security measures up to date, the screening process on the App Store would basically be superfluous.

In your opinion.

Users wouldn’t even see most of those crappy/dodgy/corrupted apps, because the entire presentation of such an app outside of the App Store would already be deterring.

Microsoft after 40 years of windows, still has patch Tuesday. That should tell one all they need to know regarding software security for the entire industry.

Also, again, the point is not to force people not to use the App Store but to allow for alternatives.

Yes. Race to the bottom.

 

[Unregistered 4U]

Code signing? Who is the trusted entity signing the code? Please elaborate some likely scenario on how code-signing would work in conjunction with side-loading.

In your opinion.

Microsoft after 40 years of windows, still has patch Tuesday. That should tell one all they need to know regarding software security for the entire industry.

Yes. Race to the bottom.

HEY, SIDELOADING COULD WORK BECAUSE (here are words I read once that I’ll use out of context). /s

 

[robbietop]

This is the main reason I will refuse to use any third party app store if Apple is forced by the morons to do so

 

[dk001]

HEY, SIDELOADING COULD WORK BECAUSE (here are words I read once that I’ll use out of context). /s

I find it odd that every other OS / system I use allows "sideloading" yet it appears some including TC feel that this feature for ONLY iOS is verboten.

With everything shown I don't get it. If iOS is that fragile, Apple has some serious design issues.

I have yet to see anything that screams "Danger Will Robinson! Danger!"

 

[Mousse]

Right now, there’s a method users of MacRumors use to secure their domiciles from those that they would rather not have enter their domiciles. A large part of that security is obscurity, as individuals don’t post their addresses in their profiles AND don’t provide instructions on how to replicate their keys.

Actually, it's possible to track you down by your IP address, which can give a fairly accurate geo location.?

The question is: are you worth tracking down?? I know I'm not.?

 

[Maximara]

Code signing? Who is the trusted entity signing the code? Please elaborate some likely scenario on how code-signing would work in conjunction with side-loading.

I think they are looking at the way downloads work on the MacOS where software that is "signed" by the developer being in the Apple developer program only brings up

"<program name>" is an application downloaded from the Internet. Are you sure you want to open it? <browser name> downloaded this file <date and time> from <site name>."

rather than

"<program name>" cannot be opened because the developer cannot be verified. macOS cannot verify that this app is free from malware <browser name> downloaded this file <date and time>" and you have to do the right click select open from dropdown menu twice two step to actually open the app.

Safely open apps on your Mac

 

[I7guy]

I find it odd that every other OS / system I use allows "sideloading" yet it appears some including TC feel that this feature for ONLY iOS is verboten.

With everything shown I don't get it. If iOS is that fragile, Apple has some serious design issues.

After 40 years in the business Microsoft still has to patch windows monthly. Is windows fragile? If the answer is yes, there really isn't any hope for any other operating system. If the answer is no, then it shows that after being in the business for a very long time, it's a cat and mouse game to plug holes before hackers find them.

And the surface vector of attacks is likely to increase with sideloading.

 

[falainber]

Apple can do code analysis and detect things like use of prohibited private calls. They can test the code as it run to make sure that it doesn't download unregistered code at runtime. I'm sure there is other profiling they can do.

Legal APIs can do plenty of damage. What you described mostly helps Apple to eliminate competition from the app developers, that's it.