Apple Does Deep Dive Into Security Protections and Risks With Alternative App Marketplaces

[truthsteve]

Had Apple and Google not tried to squeeze every last cent out of their stores, this would've never happened.
Had Apple approved more types of apps on the AppStore, this would've never happened.

No legislative body loves making complicated laws, but if the market is not working correct due to actors on the market, they'll have to step in.

companies squeezing every last cent is the job of running a for-profit company. lol?

Sony has run a platform where every single software must be approved (and pays a platform cut) by the company before it is allowed on the platform, even those sold in other stores for decades. where's the law for Sony? Nintendo? this point is also lol.

 

[AppliedMicro]

I do hope that Apple in Europe allows users to prevent their devices from being able to download content from that is signed by other stores

You’re free not to use it

Having one place to get all the software for a platform it's much better. It's even better when such a platform censor apps and control developers and put certain demands on them.

Any system which treats developers as second class citizens is a superior system when you value convenience and privacy from developers.

When you value convenience over innovation, it certainly it.

As for privacy, you’ll be giving up privacy from the OS/store operator - in a big way.

 

[Bananir]

Since most iOS devices are continually connected to the internet and Apple and other servers unlike a computer there could be a zero day malicious code with side loading that could spread quickly to all online devices or bringing down networks where each device acts like a robot.

Ah yes, since I develop apps for iphones, that means I can now hack into the mainframe and control every apple device ever. Its not like anyone can just pay apple for a developer license and create their own apps after all.

 

[blotchy-veil]

click on a bad link in an email and you can completely infect your Mac. This cannot happen on iOS or iPadOS

Come on. iOS/iPadOS is more secure than macOS, but your statement is complete bollocks. iOS has vulnerabilities like any system, including zero-click remote code execution vulnerabilities. With how much shared code there is between iOS and macOS, most vulnerabilities are shared, too. Saying "This cannot happen on iOS" is a big fat lie, much like people a couple decades ago would say Macs can't get viruses.

 

[bollman]

companies squeezing every last cent is the job of running a for-profit company. lol?

Sony has run a platform where every single software must be approved (and pays a platform cut) by the company before it is allowed on the platform, even those sold in other stores for decades. where's the law for Sony? Nintendo? this point is also lol.

Europe has 496m mobile users. Apple has a market share of around 33,3%, Android 66,2%
Nintendo Switch has 116m users worldwide
Sony PS5 has 123m users worldwide

Nintendo and Sony run gaming businesses, you know, for entertainment pruposes.
Apple and Google are gatekeepers to essential devices. Most banking and and government interactions require a smartphone in Europe.
If Apple and Google hadn't been so successful, and the smartphone market had been more diverse, this would never have been an issue.
This is the reason Microsoft kept investing in Apple, and continuing to develop Office for Mac during the dark 90s when Apple was close to bankruptcy. Microsoft knew that if Apple went bust, Microsoft would've been regulated hard or even split up.
Apple and Google thought they could get away with a duopoly, but no.

 

[Piggie]

May I suggest something which I don't know would be agreed upon or not:

Apple wish to take 30% cut if you sell an app on their app store.
And for this the review the app to make sure it's safe.

As a guarantee for consumers, and to back up their claims of it being a safe place guaranteed by Apple who take the 30%, Apple is then liable for any losses users may suffer from a bad app being downloaded from Apple's store which Apple has reviewed.

Right now it seems Apple wants the 30% claims it ensures they are safe (the reason for using the app store) but then when a bad app gets downloaded and does bad things, Apple says "not our problem"

Personally I don't feel this is acceptable.

Imagine me opening up a brick and mortar store for child's toys, and if you want me to sell your toy you make, I have my team of people pull it apart and examine it, to ensure it's safe. No sharp edges, so sharp spikes, no lead in the paint etc etc.
For this service I charge you a fee on every toy sold, and tell the public, you must only buy toys here, as I'm the only one that has fully tested the toys (and charged for that).

But then, a toy is proven to be a bad and dangerous toy and some children get hurt.
Then I say, oh dear, but that's not my problem.

This does not feel acceptable to me.

If you are going to insist people use my store and only my store, and I say it's safe as the reason why you need to only use my store, and I charge money to show how safe it is due to me testing.

Then you better have a system of compensation set up when you do allow a bad item thru your system.
Otherwise all your talk is meaningless. You want all of the benefits with non of the responsibility

 

[ct2k7]

I find it interesting that people complain about choice being taken away from them by adding the ability to install apps from other sources.

Can someone clarify how their choice is being taken away if they don’t use it? Is it really a choice being taken away if they have to consciously and actively change their posture?

 

[Manzanito]

They had the nerve to include in the white paper handpicked customers emails sent to Cook to make it look as if EU citizens are siding with Apple on this?

It’s all about money, not safety.

 

[Skyscraperfan]

Apple did not comply with EU regulations at all. They do not understand that in the EU it is not the business of the manufacturer to decide, what a user does with a product.

 

[tobybrut]

Apple did not comply with EU regulations at all. They do not understand that in the EU it is not the business of the manufacturer to decide, what a user does with a product.

They did, and they used a line specifically in the EU law to exploit what all these companies are whining about. There is a line that says that Apple is not restricted from charging fees on companies that use third party app stores. Because of that, Apple is able to charge that 27% fee while at the same time charging a technology fee for apps that download over 1 million copies.

Users will not see any of that stuff, so to a typical user, they’ll have a choice of using a third party app store or not. You say that it’s up to a user to decide. Well none of the dispute about non-compliance actually involves anything the user will see. The inside baseball stuff is on all the behind the scenes issues where companies are trying to freeload off of Apple while Apple is fighting back. You can call it malicious compliance, but users won’t see any of that. If Apple didn’t charge those fees, the user wouldn’t be the wiser, but that is the core of the complaint from these other companies that Apple isn’t being compliant. It’s the EU’s fault that they left Apple a huge window to continue charging fees. The core whine is that these companies were hoping to escape fees, but because of the letter of the law, they can’t. They won the chief complaint that will affect users, the ability to have a third party App Store in the first place. If this were actually about the user, then the user should be satisfied they got what they wanted. The companies who were pushing for this only got half of what they wanted, making it somewhat of a pyrrhic victory. I really dislike freeloaders, so I cheer on the sidelines for this malicious compliance.

 

[hans1972]

You’re free not to use it

When you value convenience over innovation, it certainly it.

As for privacy, you’ll be giving up privacy from the OS/store operator - in a big way.

I certainly value convenience over innovation. Look at an open system like Windows or even macOS. Nothing good and new have happened on the software side there in the last 10 years, rather the opposite.

It's easier to deal with one entity, Apple, when it comes to privacy. Lot's of developers would love to have contact information for their users and send them email or otherwise contact them for offers. I don't want that.

 

[hans1972]

Well you can go without then because things might change.

Yes, but that's not better for me. It's one of the major reasons why I'm against it.

 

[hans1972]

You're making Apple sound more and more like Big Brother from their 1984 Super Bowl commercial.

Aesop's fable The Dog and the Wolf. Some folks prefer being the well fed dog. Some folks--like me--prefer being the hungry wolf. Lean freedom is preferable to fat slavery.

I prefer convenience when it comes to mobile devices. I don't need freedom or lot's of choices with devices I want to be simple to use like iPhones and iPads.

There is already to many choices you have to make when you're using an iPhone, like which apps to download.

 

[hans1972]

And it's pure garbage for the tech savvy. Is ChromeOS better than Linux? Is iPadOS better than MacOS?

ChromeOS and iPadOS is crippled rubbish in my book. You have this amazing and power kit, yet you hobble it with a crippled OS.🙄

It's like giving the keys of an 500hp M3 to a kid with a learner's permit. A skilled driver in a 140 donkey powered econobox would beat him in a race 99.44% of the time.

ChromeOS and iPadOS is much better if you don't want complexity and really don't know what you're doing, but just want to use your computing device.

The purpose of ChromeOS, iPadOS and iOS isn't to support complex users, but to simplify complex tasks by providing apps and services which removes the complexity from the user, so the user doesn't need to deal with complexity.

Use macOS when you as a user needs to do complex things which apps hasn't been able to simplify. iPhones shouldn't be used for things which requires the user to be knowledgable and technical.

 

[hans1972]

My statement still stands. Your choice whether or not to get the app is still there. Your choice of where you get said app is all that's changed.

You like it with only one choice (which is really no choice at all) but why can't developers enjoy choice and sell where they can get the best ROI?

Not having to choose at all is the best thing when the default is the best solution. T
I want 0 choices when it comes to dealing with apps on iOS as long as developers are compelled to be in this one store.

The reason developers shouldn't have any choice, is because a lot of them will make choices which don't benefit me. One obvious choice they might make, is not be in the App Store for one of their apps or not use Apple's payment system.

It's really that simple.

 

[hans1972]

Ample proof that being able to install software from any source does not have to be inherently dangerous if the operating system has security focus.
It just goes to show that Apple has made wrong desicions on how to secure iOS. It's not a very good strategy to try to limit what gets on the operating system, better to secure it against what could get on the system, you know, like macOS.

It doesn't help with OS security if the user lacks it. Most successful attacks on Windows or macOS among consumers are sosial engineering, tricking the user to install.

No OS level security can handle that very well.

Why do you think almost all enterprises locks down their Windows PCs and even their mobile devices? It's because limiting what's gets on the device increases security and lower support costs.

 

[icanhazmac]

There is not a single app that I had installed by searching the AppStore. Every app recommendation has come from subreddits, Google search, or sometimes even through Macrumors forums. I would do well even without the AppStore drama. If the developer can just provide me with a link that leads to an install, I would be more than happy. No need for useless reviews and screenshots in the AppStore.

I have not installed a single app researched via reddit 🤢🤮 or Google 🤢🤮. I would venture to say that you are an outlier in this instance.

 

[bollman]

It doesn't help with OS security if the user lacks it. Most successful attacks on Windows or macOS among consumers are sosial engineering, tricking the user to install.

No OS level security can handle that very well.

Why do you think almost all enterprises locks down their Windows PCs and even their mobile devices? It's because limiting what's gets on the device increases security and lower support costs.

Partly.
I manage 10000 windows/macos computers at work and yes, they are locked down, but it is not only due to malware but also due to licensing issues. Adobe and other big companies are doing constant audits so employees can't be allowed to install software at a whim.
Fishing is as you say usually the biggest threat today, and not even Apple can stop fishing attacks with their AppStore. The fishing attacks are also usually targeted at stealing logins to get access to central systems and start ransomware attacks. A single user client is usually not at risk since backup is in place.

 

[hans1972]

I find it interesting that people complain about choice being taken away from them by adding the ability to install apps from other sources.

Can someone clarify how their choice is being taken away if they don’t use it? Is it really a choice being taken away if they have to consciously and actively change their posture?

The choice not to make choices is taken away. I don't want more choices.

An analogy:

Today we have only one fast-food restaurant. It has all the kinds of fast-foods from all over the world. You only have to make one choice: which fast-food to get.

Tomorrow there might be several fast-food restaurants. And the original restaurant might loose one of their dishes to another restaurant. No I need to make two choices: which fast-food to get and then which restaurant I have to go to.

I don't want to deal with several restaurants like in real life. I only want one restaurant because of the convenience, simplicity and familiarity.

 

[treacher]

I love not having a choice!

 

[hans1972]

They probably have never used Linux, macOS, Windows, etc. Where we always had "sideloading danger".

And they uncritically insist that Apple's "walled garden" keeps them secure and private, while ignoring the reality that Apple never cared and will never really care about people's security and privacy. It's all just a facade for sales and marketing.

Of course we have used other system including MS-DOS which had almost no security.

A locked down system is more secure in practise, especially if it's being used by hundred of millions of users who have little technical knowledge, doesn't want to deal with security and just want to use the device without thinking.

I'm much more careful when downloading from the Internet and installing software on the Mac than on iOS. When using an iPhone I don't really think about security at all beyond not typing password in view of others, which is how it should be.

I consult for enterprises in Norway which have several thousands to tens of thousands of Windows computers. If they were to open up their Windows computers for end-user installs from any source, the security would go way down and the support cost would go way up.

Any IT-security personnel who "unlocked" thousands of Windows computers in such an environment could face being fired. It's that bad.

 

[johnnytravels]

My god, those ‘user comments’ starting on page 16 are probably the most embarrassing thing Apple has ever done, and straight from the ‘Populism 101’ playbook.

I am currently feeling a little ashamed to be typing this on a Macbook with a new iPhone 15 Pro next to me, and that a generally liberal US company that always seemed like a beacon of our progressive society would fall so low.

 

[truthsteve]

Apple and Google are gatekeepers to essential devices.

this is something I hear time and time again and makes zero sense

because someone decided that all essential devices need to be open? what? that's a stupid idea. so you're saying there can never be a closed off, simplified, walled garden essential device where stupid people who don't need all the fancy options that confuse the hell out of them? no thanks. not buying that assertion. that's quite literally reducing consumer choice.

majority of developers applauded apple when they released the App Store with those terms. governments never warned apple "hey this is an essential device, pls make it open". it's not until companies started getting greedy and realized "hey! we want that 30% now, so let's draw the line at general computers. game consoles? you're ok, keep doing what you're doing". so arbitrary.

 

[treacher]

The iPhone is so easy to use.

 

[PortoMavericks]

They're lying that they discussed with the EU:

EPC Statement concerning Apple's compliance plans with the DMA

The European Publishers Council calls upon the EC to take action to bring Apple’s proposals into line with the DMA or face non-compliance proceedingsApple’s current plans to comply with the EU Digital Markets Act (DMA) manifestly contravene the DMA, according to members of the European...

www.epceurope.eu