Apple's Filings in Epic Games Case Argue It Has Reduced Industry Commissions, While Third-Party App Stores Would Compromise Privacy and Security

[I7guy]

You don't have to get all of the content, you choose to. Tim will tell you that there are "millions of apps" on the App store, so if you're afraid to leave the garden, you can find an alternative. But for those that wish to see what life is actually like when they are given choices and not being told what to do like toddlers, they would be able to. If you don't wish to participate, you don't have to. It won't affect you in any way, shape, or form. Period.

This "quality control" and "privacy" and "security" is nothing more than a scare tactic to keep you in the fold. The world exists just fine outside of apple's protection - and dare I even say apple has their own issues they need to worry about before throwing stones.

I don't know who it "We" is that doesn't want more choice, possibly lower prices, etc. . . but I'm going to assume you're just speaking for the majority of MacRumors members. Everyone I know whether they're making 30k a year or 200k are more than happy to go to Target instead of Best Buy if something is cheaper or not available at one of the other storefronts.

Again, this isn't about forcing you or anyone else to leave the garden of eden you've been falsely lead to believe exists, it's about giving people the opportunity to do so. And apple damn well knows it'll hurt their profits or they wouldn't be pushing back so hard.

This is a company that doesn't give a damn about you, me, or anyone else. The only thing they are worried about is profit. The days of apple caring about the customer left long, long ago.

The other side are alternative app stores and sideloading will devalue the entire platform, especially as more malware writers get apps published on alternative apps stores.

It's clear no one has a crystal ball in this regard, and if one really wants to try out side-loading and alternate app stores, there is android. And/or you can jailbreak your iphone and take it from there.

 

[fncd]

The other side are alternative app stores and sideloading will devalue the entire platform, especially as more malware writers get apps published on alternative apps stores.

It's clear no one has a crystal ball in this regard, and if one really wants to try out side-loading and alternate app stores, there is android. And/or you can jailbreak your iphone and take it from there.

Seems to me that being able to buy apps from outside of the walls hasn't hurt the mac platform. . Apple is still commanding a premium for their laptops / desktops.

All it would hurt is their marketing narrative of "privacy" (read: "exclusivity").

 

[I7guy]

Seems to me that being able to buy apps from outside of the walls hasn't hurt the mac platform. . Apple is still commanding a premium for their laptops / desktops.

All it would hurt is their marketing narrative of "privacy" (read: "exclusivity").

That would be because of the niche nature of the mac (imo) Windows would be a better example.

 

[robco74]

You don't think this is a bit of a false equivalency? For example:

If I want to buy a game digitally for the Xbox ON the Xbox or the PS ON the PS, yes, I have to buy it from the MS / Sony Store(s). However, other places (amazon, best buy, etc) can and do sell digital codes, where they can control the price. And they also sell physical media in which again, they control the price.

If best buy is running a promo on Cyberpunk but Amazon isn't, I have the choice to buy from best buy and save money. I'm not stuck buying my apps / games from one and only one store. There are choices. With apple you get. . . well. . .apple.

Digital fulfillment is always through the console maker's store. It is the console maker who issues the digital code sold by third parties. Amazon can't generate their own codes. The console maker always get their cut from physical or digital sales - you can't put the logo on the box for free. You can purchase an Apple gift card almost anywhere and use that to purchase apps, and the retailer selling you the card will get a cut of the purchase. If an app developer wants to put their app on sale, they can do so easily.

What isn't clear is why it should be OK for Sony, MS, and Nintendo to get a cut for console games, but Google and Apple should be forced to allow anyone to distribute apps. Perhaps Epic just doesn't want to fight a war on two fronts, and will go after the consoles if they win in this case.

 

[fncd]

That would be because of the niche nature of the mac (imo) Windows would be a better example.

I would counter that with apple knows if they wall off the mac like the iPhone it would be the end of the line. How many companies would want systems where they only have a single point of purchase for all of the apps that they use?

 

[fncd]

Digital fulfillment is always through the console maker's store. It is the console maker who issues the digital code sold by third parties. Amazon can't generate their own codes. The console maker always get their cut from physical or digital sales - you can't put the logo on the box for free. You can purchase an Apple gift card almost anywhere and use that to purchase apps, and the retailer selling you the card will get a cut of the purchase. If an app developer wants to put their app on sale, they can do so easily.

What isn't clear is why it should be OK for Sony, MS, and Nintendo to get a cut for console games, but Google and Apple should be forced to allow anyone to distribute apps. Perhaps Epic just doesn't want to fight a war on two fronts, and will go after the consoles if they win in this case.

Absolutely correct, and I won't even begin to argue that point. I think what I was trying to get at is that the price of the app on the app store is always the price you pay, whereas with xb and ps, other stores can offer them at a discount should they choose to do so. If that makes sense. It does in my mind anyway

 

[WiseAJ]

Digital fulfillment is always through the console maker's store. It is the console maker who issues the digital code sold by third parties. Amazon can't generate their own codes. The console maker always get their cut from physical or digital sales - you can't put the logo on the box for free. You can purchase an Apple gift card almost anywhere and use that to purchase apps, and the retailer selling you the card will get a cut of the purchase. If an app developer wants to put their app on sale, they can do so easily.

What isn't clear is why it should be OK for Sony, MS, and Nintendo to get a cut for console games, but Google and Apple should be forced to allow anyone to distribute apps. Perhaps Epic just doesn't want to fight a war on two fronts, and will go after the consoles if they win in this case.

Maybe that could be a way out for Apple if they end up having to do something without actually opening up third party stores on iOS. Open up the ability for others to sell App Store digital codes online for their apps via their own website or retailer.

 

[[AUT] Thomas]

The App Store provides improved security and privacy. It doesn't guarantee it nor do I think Apple make such a claim.

Let's say that without an App Store it would exist 1 million apps which had bad privacy policy. Apple with the App Store is able with the App Store to reduce that to 900 000 apps. That would still mean the App Store improved the privacy of the iOS ecosystem.

You seem to be looking for perfection and a principled take on this instead of pragmatism.

The point is, the App-Store probably adds 5% of overall security and privacy. The remaining 95% is iOS sandboxing, firewalling (APIs),... The way Apple sells it in the EPIC case is more like 95% of the security & privacy is delivered by the App-Store, which simply isn't true. The App-Store is not the base of security and privacy on the iPhone, it's just the cherry on the cake.

Security isn't a purely technical field. For practical reasons, third party stores would result in more people getting viruses and stuff. Like how it is on Android.

That's the common misunderstanding. See, since binaries are signed using code-signing certificates it has become quite rare that people install infected binaries. The infections are 99% based on exploits of already installed and trusted software.
Beyond that, the apps are sandboxed. So they can't access anything else on the device except where the user has given permission to. The sandboxing is significantly weaker on Android compared to iOS and it must also be noted Android is often not updated.

Last but not least (and that's off-topic, but just to elaborate why the centralised App-Store Review is not without alternatives), there could be easily an open approach to the app-review: Signing binaries with a code-review certificate could be a business.
If you go to netflix.com, click on download the app, IPA downloads from cdn.netflix.com, user gets prompted with Pop-Up: Do you want to install "Netflix" by "Netflix, Inc." reviewed by "Apple, Inc." retrieved from "cdn.netflix.com" (each with a green tick mark) => Proceed/Cancel
Or, the other example: you go to Sourceforge and download a flashlight app => IPA downloads => user gets prompted "Do you want to install "Flashlight" by "John Doe" NOT reviewed, retrieved from "cdn.sourceforge.net" (red X on NOT reviewed line and a yellow ? on the "retrievewed from" line ) => CANCEL / proceed => proceed results in another prompt that there has been no independent review of the app and that the app has been downloaded from a location that was not listed by the developer as trusted source. While the download location of signed binaries is not really relevant from a security perspective it would reveal any unauthorized hosting of the file by 3rd parties and basically tell the user where he should have downloaded it from in first place (which is also an educational process whereas the App-Store takes all eductional steps away from the user).
If the app is completely unsigned, installation is not possible.

 

[hot-gril]

That's the common misunderstanding. See, since binaries are signed using code-signing certificates it has become quite rare that people install infected binaries. The infections are 99% based on exploits of already installed and trusted software.
Beyond that, the apps are sandboxed. So they can't access anything else on the device except where the user has given permission to. The sandboxing is significantly weaker on Android compared to iOS and it must also be noted Android is often not updated.

I meant malware. Someone code-signs their malware, so all that signature says is "This is the valid (whatever bogus "antivirus" or "phone optimizer" app), not a fake." All the malware on Android is codesigned. Same way phishing websites still have HTTPS.

Last but not least (and that's off-topic, but just to elaborate why the centralised App-Store Review is not without alternatives), there could be easily an open approach to the app-review: Signing binaries with a code-review certificate could be a business.
If you go to netflix.com, click on download the app, IPA downloads from cdn.netflix.com, user gets prompted with Pop-Up: Do you want to install "Netflix" by "Netflix, Inc." reviewed by "Apple, Inc." retrieved from "cdn.netflix.com" (each with a green tick mark) => Proceed/Cancel
Or, the other example: you go to Sourceforge and download a flashlight app => IPA downloads => user gets prompted "Do you want to install "Flashlight" by "John Doe" NOT reviewed, retrieved from "cdn.sourceforge.net" (red X on NOT reviewed line and a yellow ? on the "retrievewed from" line ) => CANCEL / proceed => proceed results in another prompt that there has been no independent review of the app and that the app has been downloaded from a location that was not listed by the developer as trusted source. While the download location of signed binaries is not really relevant from a security perspective it would reveal any unauthorized hosting of the file by 3rd parties and basically tell the user where he should have downloaded it from in first place (which is also an educational process whereas the App-Store takes all eductional steps away from the user).
If the app is completely unsigned, installation is not possible.

There's no way anyone in my family besides myself is going to understand which sources are safe to trust.

 

[hans1972]

You don't have to get all of the content, you choose to. Tim will tell you that there are "millions of apps" on the App store, so if you're afraid to leave the garden, you can find an alternative. But for those that wish to see what life is actually like when they are given choices and not being told what to do like toddlers, they would be able to. If you don't wish to participate, you don't have to. It won't affect you in any way, shape, or form. Period.

Having to make a choice is an effect that affects me!

1. I want only one store to buy stuff from
2. I want to be a Spotify user
3. Spotify creates their own store for their apps
4. Spotify removes their apps from the App Store

In this scenario I have to either give up 1) or 2). Today I don't have to make that choice. Therefore the above change will affect me.

Removing something from one store and putting it in another store are going to affect all the users of the first store and all the users of the second store.

 

[hans1972]

Everyone I know whether they're making 30k a year or 200k are more than happy to go to Target instead of Best Buy if something is cheaper or not available at one of the other storefronts.

My experience is that people who make 30k is much more likely to be concerned about price than people making 200k. People who make more money are more likely to go to more expensive stores, more expensive restaurants and stay at more expensive hotels.

Most people will use other factors in addition to price (or even instead of price) like:

• Convenience
• Travel distance
• Is it easy to park at the store
• Is the shopping experience stressful or not
• Brand
• Selection of goods

For me convenience is important. It would be much better to have Target have everything I needed or Best Buy. I would never go to numerous stores just to save small amounts of money.

I just want one store for everything out of convenience and I trust Apple to provide good quality and censorship.

 

[hans1972]

Again, this isn't about forcing you or anyone else to leave the garden of eden you've been falsely lead to believe exists, it's about giving people the opportunity to do so. And apple damn well knows it'll hurt their profits or they wouldn't be pushing back so hard.

This is a company that doesn't give a damn about you, me, or anyone else. The only thing they are worried about is profit. The days of apple caring about the customer left long, long ago.

Today almost everything is inside the walled garden. If something is moved outside the walled garden I have to make a choice to either go outside and get what I want or stay inside and not get what I want.

I want to stay in the wall garden and get everything from any developer. Thus I don't want more power or freedom to developers. I want them to be treated like second class citizens in the Apple eco system.

I don't care if Apple cares about me or not. I only care about we having approx. the same goals and in this instance Apple and I are aligned.

 

[hans1972]

Signing binaries with a code-review certificate could be a business.
If you go to netflix.com, click on download the app, IPA downloads from cdn.netflix.com, user gets prompted with Pop-Up: Do you want to install "Netflix" by "Netflix, Inc." reviewed by "Apple, Inc." retrieved from "cdn.netflix.com" (each with a green tick mark) => Proceed/Cancel

What you are describing here is a nightmare. Only a tech person would consider this a great system.

I want a system that is frictionless and were I don't have to think or make decisions about this stuff.

 

[hans1972]

I would counter that with apple knows if they wall off the mac like the iPhone it would be the end of the line. How many companies would want systems where they only have a single point of purchase for all of the apps that they use?

The use cases of Macs and iPhones are different.

The same company which would not buy Macs if you could not install software at-will just loves that iPhones are locked down and can be even more locked down with an MDM.

If the Mac App Store had every application available for the Mac and Apple had the power to force every developer to be on the Mac App Store and not just give up on the software, Apple would do it and I would welcome it.

On iOS Apple has that power.

 

[hans1972]

Seems to me that being able to buy apps from outside of the walls hasn't hurt the mac platform. . Apple is still commanding a premium for their laptops / desktops.

All it would hurt is their marketing narrative of "privacy" (read: "exclusivity").

The Mac business is 8% of Apple's revenue. iPhones are 60% and services (much of it connected to iOS devices) is an additional 14%.

The most restricted and locked down consumer operating system in the history of mankind is also the most economically successful one. And I would also argue culturally and in user satisfaction.

 

[[AUT] Thomas]

I meant malware. Someone code-signs their malware, so all that signature says is "This is the valid (whatever bogus "antivirus" or "phone optimizer" app), not a fake." All the malware on Android is codesigned. Same way phishing websites still have HTTPS.

That's why the code-signing certificate. If or not unreviewed apps can be installed would be a design choice of the system.
Enforcing a review would be a valid choice.
Of course, code review entities would be subject to strict procedures and auditing to keep their certificate valid.
=> If a code review entity passes an app with malware due to neglence multiple times they lose their certificate.

What you are describing here is a nightmare. Only a tech person would consider this a great system.

I want a system that is frictionless and were I don't have to think or make decisions about this stuff.

I only stated a system in which external code review was possible in the same way Apple does it.
In above mentioned "reviewed apps only" process there would be no decision to make.
However -no offense- your attitude to not think about it at all is probably worth thinking about because blindly trusting the App-Store Review is a bit naive is as well...

 

[hot-gril]

That's why the code-signing certificate. If or not unreviewed apps can be installed would be a design choice of the system.
Enforcing a review would be a valid choice.
Of course, code review entities would be subject to strict procedures and auditing to keep their certificate valid.
=> If a code review entity passes an app with malware due to neglence multiple times they lose their certificate.

I only stated a system in which external code review was possible in the same way Apple does it.
In above mentioned "reviewed apps only" process there would be no decision to make.
However -no offense- your attitude to not think about it at all is probably worth thinking about because blindly trusting the App-Store Review is a bit naive is as well...

I understand what you're suggesting and have considered it in the past. It's essentially what Apple does except that they can delegate to third-party reviewers. But then there are two ways this can go:

1. It's up to the user which review entities to trust, kinda like how on a PC you can download software from anywhere but trust some sites more than others. That's what I meant when I mentioned non-expert family members. The fact that in this case it'd be code-signing rather than simply trusting the site's TLS cert and its own integrity doesn't make that much of a difference. It's just added protection against rarer attacks where the site itself is hacked without the app signing creds being stolen, like what happened with Handbrake.

2. It's up to Apple which review entities to trust. That's back to square 1 where Apple decides what to allow, except with some tradeoffs between scalability and security.

 

[Abazigal]

The change from 30% to 15% for only apps making less than 1 million $ is a clever PR move for Apple as it incurs very minimal revenue loss. Reason being that the vast majority of the Apple fee revenue (95%) is generated from these mega-apps generating well over 1 million / year, thus not eligible to the 30%. Which in my opinion is arbitrary and unfair, but that's what happens with the Apple store exec mafia determined to extort developers and ready to die over this if needs be.

It makes perfect sense to me, and I wouldn’t have done it any differently.

The App Store needs money to run, and the bill of this money is going to come from the larger developers whom you identified as earning over 1 million.

By reducing the cut from the smaller developers, Apple is increasing its payout to the people who arguably need it the most. To these developers, going from 30% to 15% is going to result in a very significant improvement to their income overall.

And Apple can afford to do this precisely because like you said, they do not derive the majority of their income from this demographic.

Meanwhile, the larger developers continue to pay their 30% because they earn way more and are presumably better able to take the hit. This money goes back into the pot that helps maintain the vitality and viability of the App Store (which I previously estimated at needing about 20% cut to break even).

Which benefits the smaller developers and us consumers.

It’s neither arbitrary nor unfair. People just aren’t seeing this from the proper perspective.

 

[LordVic]

That's absolutely incorrect. It is far more difficult to install malware in OS X as it is also in Linux or FreeBSD than it is in Windows and one can immediately point to the register legacy system of Windows as one of the problems.

One of the reasons Microsoft is investing heavily into Linux is to learn and fix their own stacks.

The issue with Windows, at least windows 10 and security right now really isn't the registry.

It's the spaghetti code, poorly thought out back end administration, and ridiculous amount of AGILE based development without any proper vetting.

I can tell yo as a system administrator and IT Manager. the times that infected or potentially compromised machines, it's not anything that touches the registry.

it's something thats found some stupid bug that Microsoft ludicrously never thought to test for.

They put in about 100 million hoops for administers to jump through in the name of "security" and then leave backdoor shell access to all exposed Exchange servers on the internet.

that's the issue with modern Microsoft. repeating the "registry is why it's so bad" is about 15 years out of date and was the bulk of the issues that infected XP days. Even by Windows 7, the registry itself was mostly locked down to all but administrative access and UAC

Still: I cannot wait to get rid of all microsoft servers and products on my bloody network. Nothing but headaches that have only gotten worse in the last 2 -3 years. Whoever is running the show and making business level decissions there for the development teams is completely incompetent. Even Ballmer wasn't this bad

 

[LordVic]

We are fearing the fragmented world of streaming video services where you have to subscribe to all services to get all of the content.

So the problem arises when a developer choose not to have their apps on the App Store but in another store. Then we have to choose between downloading and registering with another store or not get the app at all.

Today we don't have to make that choice. We get the app and can stay in one store.

We also fear that the control and quality of some of these stores will be terrible.

Look at Android. Probably close to a 1000 stores exist or have existed for that platform. We don't that to happen at all in the iOS ecosystem.

But on the flip side, having one store completely controlled by a singular entity with strict enforcement of rules that they have all authority to create... all while they're often actively competing in the same space.

That's a problem. Lack of competition is not good and allows for an abuse of power of that market.

In a case like this: You have Apple saying they have the right to the monopoly of delivery of games sales on an iPhone, and epic trying to say they should have the right to sell games on iPhones too.

I am not a fan of epic, it's business practices etc. But they're not wrong.

As for Android? there are only really 2 stores that have any traction in most of the market. Play Store and amazons. But hyperbole that there are thousands? Hyperbole that doesn't actually make your point

 

[I7guy]

But on the flip side, having one store completely controlled by a singular entity with strict enforcement of rules that they have all authority to create... all while they're often actively competing in the same space.

That's a problem. Lack of competition is not good and allows for an abuse of power of that market.

That's what will get Apple into trouble, when they abuse their power. But a preponderance of competition, will imo, allow in the worst way, what people criticize about the ios app store to come true. (malware, rock bottom prices for apps, copy cat apps, etc)

In a case like this: You have Apple saying they have the right to the monopoly of delivery of games sales on an iPhone, and epic trying to say they should have the right to sell games on iPhones too.

I am not a fan of epic, it's business practices etc. But they're not wrong.

Isn't that what this upcoming court case is about? We'll see what happens.

As for Android? there are only really 2 stores that have any traction in most of the market. Play Store and amazons. But hyperbole that there are thousands? Hyperbole that doesn't actually make your point

I would think the point is, nobody is stopping a multiple app stores. It's not so easy to do:
1. get a cloud engineer and programmer
2. rent some space from aws on the cheap
3. done

 

[robco74]

As for Android? there are only really 2 stores that have any traction in most of the market. Play Store and amazons. But hyperbole that there are thousands? Hyperbole that doesn't actually make your point

It's getting less press, but bear in mind that Epic is suing Google as well. They tried directing users to download the APK directly, but many were reluctant to enable the settings to allow that, given the security warnings they received.

Given the discount they offered end users during the stunt they pulled to get kicked off both stores, it's clear that this isn't about benefitting consumers consumers. Epic wants to do to iOS and Android what they've done for PC gaming. They want exclusives and they want to be the ones taking the cut.

Many devs are also unhappy about the privacy restrictions, and the fact that Apple limits the amount of user data they share with third-party devs and allow them to collect. Bypassing the App Store bypasses these restrictions. Apple also will process refunds, allows sharing among family accounts, and some devs are unhappy about that as well.

This has absolutely nothing to do with given consumers more choice, since Epic is going to try and make titles exclusive. This is about padding Epic's bottom line, and about circumventing any privacy restrictions imposed by Apple.

 

[theotherphil]

The court filings feature some clear indications why Epic Games wants lowered App Store fees - it's not making money from the Epic Games Store. Epic lost around $181 million in 2019, and was projected to lose $273 million in 2020. Epic committed $444 million in minimum guarantees to developers, but made only $401 million. Epic said that it will lose around $139 million in 2021, but Sweeney has said that it's an investment into growing the business.

If the Epic Store relies on subsidies to offset its massive operating losses, then it’s unrealistic to expect companies who actually want to run a sustainable app store business to match their 12% cut.

 

[Abazigal]

That's a problem. Lack of competition is not good and allows for an abuse of power of that market.

I will say that for me as a consumer, the pros have outweighed the cons.

It’s probably a different story for developers, but that’s precisely the whole point. The App Store does not exist for developers. It exists for us consumers.

And that is where I draw the line. Anything that may be better for developers, but would ultimately come about at the expense of users.

 

[McG2k1]

Clearly we need the government in here to set a mandatory mask and App Store fee policy. I’m thinking triple masks and 5%.