Illinois Floats Bill That Would Let Developers Skirt Apple's In-App Purchase Rules

[jonblatho]

Why should Apple provide all the backbone, the equipment, the software features that the programs use to enhance their function (Augmented reality etc.) just so some App developer that had none of the investment in that Apple does can get rich without paying their dues?

Last I checked, I paid for the “equipment” with my device purchase. As for the “backbone,” presumably referring to APIs and developer technologies, it can be argued that that’s Apple investing in itself given that they use their own APIs heavily (and frequently don’t implement APIs unless and until they themselves have a use for them), but developers also pay $99 or $299 to Apple annually for a developer program membership. (I would certainly be open to only signed or even only notarized non-App Store apps being allowed to run on iOS, which necessitates an active developer program membership.) If that revenue isn’t sufficient for Apple, they are welcome to increase those fees accordingly or explore other revenue models.

So if you want to see new and exciting platforms and products in the future you better hope this kind of bill gets squashed quickly.

Apple and its Big Tech peers have had ample opportunity to make their platforms less anticompetitive, and thereby stave off legislation like this, over the past few years. Specifically for Apple, I’ve said early and often ever since legislators started beating drums indicating that they were going to head in this direction that Apple would much prefer to fix the issue themselves before governments get tired of waiting and fix it for them. They have thus far declined to do so in any serious fashion.

In other words, Apple has ****ed around and they’re well on their way to finding out.

 

[frenchcamp49er]

I'm guessing no App Store in Illinois

 

[frenchcamp49er]

Last I checked, I paid for the “equipment” with my device purchase. As for the “backbone,” presumably referring to APIs and developer technologies, it can be argued that that’s Apple investing in itself given that they use their own APIs heavily (and frequently don’t implement APIs unless and until they themselves have a use for them), but developers also pay $99 or $299 to Apple annually for a developer program membership. (I would certainly be open to only signed or even only notarized non-App Store apps being allowed to run on iOS, which necessitates an active developer program membership.) If that revenue isn’t sufficient for Apple, they are welcome to increase those fees accordingly or explore other revenue models.

Apple and its Big Tech peers have had ample opportunity to make their platforms less anticompetitive, and thereby stave off legislation like this, over the past few years. Specifically for Apple, I’ve said early and often ever since legislators started beating drums indicating that they were going to head in this direction that Apple would much prefer to fix the issue themselves before governments get tired of waiting and fix it for them. They have thus far declined to do so in any serious fashion.

In other words, Apple has ****ed around and they’re well on their way to finding out.

Buy android

 

[frenchcamp49er]

You clearly do not understand security and how it applies to software and devices. The more open a system is, the more security focused the user and tech savy the user has to be. Even tech savy people sometimes prefer not having to have that extra consideration of paying a ton of attention to their device because it does require that one pay more attention and care for it. That is not being someone without personal responsibility. That is being someone who has made a choice about what platform has the security they want after the prior system they had let them down. These people made a decision after the system they had lead to their probably novice user getting scammed. Even the most careful user on a windows or even mac os computer can easily run afoul of malware due to how prevalent it is and because there are simply way too many easy ways to get it onto a system these days. All it takes is one miss-click on an email these days on a windows system to get infected. You can be reading an email, and your phone rings and you look down and you click without seeing that the link was not to the place it should have been. And while that is your responsibility, if there is an option out there that does allow you to reduce that chance and you chose to take it should it be removed from you for a small vocal minority that feel all devices should be the same because that is how they like it?

The situation of someone chosing today to buy an iPhone, knowing full well that it is a closed environment and then turning around and complaining about that is the very definition of lack of personal responsibility and is a very different situation than someone using a tool that failed to protect them sufficiently.

Nice try though

Your dreaming

 

[frenchcamp49er]

Hopefully the beginning of the end of subscriptions infesting the AppStore. I'm pro-choice and will always be.

You already have a choice.

 

[amartinez1660]

Your view of “people” is amazing, you really think that people want to be educated on security when using a phone? Think again, from that perspective, 90+% of people are “dumb” and frankly, they should be.

I agree with this, and “dumb” I’ll take it lightly… it’s ok to be knowledgeable at some things and not others, we just can’t be good at everything. A surgeon might be a mastermind on a specific section or part of the a human body but be really lost when talking about teeth for example, not his speciality.

My mom she is a lawyer, she knows law and books and all that, yet sucks badly with a phone…

I’m willing to give most people a pass, within reason.

I’m not truly in favor nor against these measures, I have no clue what’s better and the long term consequences but I’m really willing to put the justification statements used to a fire test: let’s go all in, let’s stop enforcing the use of seatbelts, road speed limits, drug use, etc… we should stop babysitting people right? we should let people learn to prevent stupidity on their own, right? how are they going to ever learn critical thinking right?

“What’s that? That in that extreme example that person is also a danger to others you say?” Well, that person might learn critical, common sense, etc even more if the magnitude of the damage extends beyond itself.

And if we are to ignore that a digital-footprint reckless person is also a danger to others in the name of teaching critical thinking, then by all means, let them go all in… let’s just leave a couple of states out of it so I can watch from there.

 

[Aeryn2020]

Last I checked, I paid for the “equipment” with my device purchase. As for the “backbone,” presumably referring to APIs and developer technologies, it can be argued that that’s Apple investing in itself given that they use their own APIs heavily (and frequently don’t implement APIs unless and until they themselves have a use for them), but developers also pay $99 or $299 to Apple annually for a developer program membership. (I would certainly be open to only signed or even only notarized non-App Store apps being allowed to run on iOS, which necessitates an active developer program membership.) If that revenue isn’t sufficient for Apple, they are welcome to increase those fees accordingly or explore other revenue models.

Apple and its Big Tech peers have had ample opportunity to make their platforms less anticompetitive, and thereby stave off legislation like this, over the past few years. Specifically for Apple, I’ve said early and often ever since legislators started beating drums indicating that they were going to head in this direction that Apple would much prefer to fix the issue themselves before governments get tired of waiting and fix it for them. They have thus far declined to do so in any serious fashion.

In other words, Apple has ****ed around and they’re well on their way to finding out.

Um you may want to check what you bought if you are still under the misunderstanding of what ownership you have. Yes you own the physical equipment, however nothing in your purchase gave you ownership or control of the software that runs that equipment. Again if this is news to you I would suggest that you may want to invest some time researching your purchase prior to making it, since clearly you do not seem to know that. And no not all APIs are created solely for their use, though often they too make use of them. There have been multiple instances of companies requesting APIs and Apple has the decision to implement them or not but there is nothing stopping a developer from requesting one. Again something you should research before commenting on.

Again the level of arrogance and self importance in your post is truly astonishing. What gives you any right to impose your will on another company to decide what they are allowed to do with their invention and product. The only power you are given is to chose not to financially support them, that is how free markets work. What right do you have impose your desires on other users who may not want the system to work in that way? I have zero desire for an open platform device, that is precisely why after doing my due diligence and researching my purchase I went with the Apple product. Again you have a perfectly viable option of another device if you do not like the way Apple runs its business. Last i checked there was no Apple Gang going around and holding weapons to peoples head forcing them to buy an Apple product. If you chose to buy a product that clearly is not marked to your desires, that has limitations you do not like that is 10000% on you. Your complaints and attempts to undermine that companies policies only highlight how selfish and frankly how completely self absorbed and self entitled a person you are.

There is nothing anti competitive about Apples platform, they are at most 20% of the smart phone market. You can buy in many parts of the world Samsung, Google, Hauwei, Xiaomi, Motorola, Nokia and other brands of phones. Yes Apple maintains control within their own system and until that system is somehow determined to be essential to the population or becomes the significant 90% or higher market share then there is plenty of competitive options that people can move to. This whole anti-competitive argument is nothing but a farce. No developer is forced to provide their product on the Apple environment. They make the individual choice that access to that market of Apple customers is worth the cost, and like every other business if they do not do enough research and fail in that market that is just the way free commerce works, there are no free rides and there is always risk in entering a market. There are plenty of developers out there that do not make iOS software, just like there are plenty of developers that do not make Xbox software only Nintendo or only PlayStation. Should we now mandate that every software developer out there must make their software available on every platform? After all isn't that truly anti-competitive if to run "X" program I must buy a specific piece of hardware yet I have not seen a single government go after software developers demanding they do this.

Personally I think Apple should simply move their headquarters and register their business in another country not full of corrupt politicians who are doing this only to try and get votes, if you think your elected officials truly care about what Apple is doing you are kidding yourself, it is all drive by special interest and lobbyists and greed.

 

[jonblatho]

The situation of someone chosing today to buy an iPhone, knowing full well that it is a closed environment and then turning around and complaining about that is the very definition of lack of personal responsibility and is a very different situation than someone using a tool that failed to protect them sufficiently.

I don’t think anyone’s advocating for a situation where you’d be able to click a link and instantly 50 malicious non-App Store apps are downloaded and run on an iPhone. I’m certainly not. A solution I would view as ideal is as follows:

• Add a setting to enable running non-App Store apps on iOS. This would be disabled by default and the setting could be hidden altogether via a parental control restriction. Enabling the setting would display a warning of the risks associated with running non-App Store software; the user must confirm at this point to enable sideloading. Forcing users to explicitly opt-in to sideloading in the first place gives the App Store a compelling advantage to encourage — but not force — developers to stay.
• For each non-App Store app, on first run the user would be presented with an alert, again explaining the risks, to confirm that they would like to run that specific app, after which point it would be allowed to open without an alert. The options would be along the lines of “Open App,” “Not Now,” or “Delete App.”
• Apple may choose to only allow signed and notarized apps on iOS, ensuring they still have a revenue stream from non-App Store apps. This would also give Apple a kill switch on known malicious apps, much like they have on macOS currently.

Hard to screw that up and accidentally sideload apps, and if someone manages it, they have far bigger problems than any multitrillion-dollar tech company can solve. If they’re not scammed by an app, they’ll most likely get scammed on a website, which can happen on even the most walled-garden device so long as it has a web browser.

The thing is, I’m actually one of those tech-savvy people who sometimes prefers not to think about these things. I’d probably leave such a sideloading setting off on my iPhone. The absence of that setting on my iPad, however, is 100% of the reason why I had to replace it with a notebook as my life (and use case) changed, despite the device still being in great condition and working wonderfully. It’s phenomenal hardware — when combined with a keyboard I prefer its form factor to a traditional notebook — held back solely by straitjacketed software.

 

[jonblatho]

Um you may want to check what you bought if you are still under the misunderstanding of what ownership you have. Yes you own the physical equipment, however nothing in your purchase gave you ownership or control of the software that runs that equipment. Again if this is news to you I would suggest that you may want to invest some time researching your purchase prior to making it, since clearly you do not seem to know that. And no not all APIs are created solely for their use, though often they too make use of them. There have been multiple instances of companies requesting APIs and Apple has the decision to implement them or not but there is nothing stopping a developer from requesting one. Again something you should research before commenting on.

You’re responding at length to points I didn’t make. I said I purchased the equipment, which you point out is unequivocally true. I did not make any such claim to what you call a “backbone.” I did not claim that all of Apple’s APIs are implemented once they have a use case for them, only that this is “frequently” the case. You appear to agree with that claim as well.

Personally I think Apple should simply move their headquarters and register their business in another country not full of corrupt politicians who are doing this only to try and get votes

You greatly overestimate the number of people who give even the faintest **** about this.

 

[erikkfi]

Apple has vastly underestimated the kind of motivating force they’re producing by pushing developers around so much. At this point Tim Cook should see himself as the employee who told Reed Hastings he needed to pay this late fee or risk losing his Blockbuster membership.

 

[bb9]

And yet you can't, because Apple thinks that's 'unsafe' for you. Classic.

I thought it was Amazon who did not want Apple to profit off of their sales?

 

[Aeryn2020]

I don’t think anyone’s advocating for a situation where you’d be able to click a link and instantly 50 malicious non-App Store apps are downloaded and run on an iPhone. I’m certainly not. A solution I would view as ideal is as follows:

• Add a setting to enable running non-App Store apps on iOS. This would be disabled by default and the setting could be hidden altogether via a parental control restriction. Enabling the setting would display a warning of the risks associated with running non-App Store software; the user must confirm at this point to enable sideloading. Forcing users to explicitly opt-in to sideloading in the first place gives the App Store a compelling advantage to encourage — but not force — developers to stay.
• For each non-App Store app, on first run the user would be presented with an alert, again explaining the risks, to confirm that they would like to run that specific app, after which point it would be allowed to open without an alert. The options would be along the lines of “Open App,” “Not Now,” or “Delete App.”
• Apple may choose to only allow signed and notarized apps on iOS, ensuring they still have a revenue stream from non-App Store apps. This would also give Apple a kill switch on known malicious apps, much like they have on macOS currently.

Hard to screw that up and accidentally sideload apps, and if someone manages it, they have far bigger problems than any multitrillion-dollar tech company can solve. If they’re not scammed by an app, they’ll most likely get scammed on a website, which can happen on even the most walled-garden device so long as it has a web browser.

The thing is, I’m actually one of those tech-savvy people who sometimes prefers not to think about these things. I’d probably leave such a sideloading setting off on my iPhone. The absence of that setting on my iPad, however, is 100% of the reason why I had to replace it with a notebook as my life (and use case) changed, despite the device still being in great condition and working wonderfully. It’s phenomenal hardware — when combined with a keyboard I prefer its form factor to a traditional notebook — held back solely by straitjacketed software.

You have completely zero idea how software works. Your analogy is the exact same thing I explained does not provide the level of security that the current way does.

It makes zero difference if there is an opt in or not. That is what you clearly do not understand. To allow non iApp Store installation of software requires a new access point to be opened in the operating system of the device, or a new door in the wall. That is precisely how Windows and Mac OS on a computer does it now, you are literally advocating for a system already known to not work and was bypassed very quickly. Both currently do give you a warning, but an experienced hacker can often bypass that warning very simply, they can also disguise their install as a very legitimate piece of software and if they hack the site that hosts that software legitimately and replace it with their own corrupted version then you can install from a very official location very unofficial software.

Once the access point is created, there are also many ways to exploit it even if the user does not opt in, or even if they do not download software from another source. Its a door, and it has been proven on every software platform in history that once you add a door someone will find away around whatever lock you put on it. Look at Sony trying to block burned copies of disks or iso loading and their new enhanced security lasted all of a day before a group cracked it. Regardless of how good your software is written there is always going to be someone equally good and capable of getting around your best software defence, that is why critical systems in military and such use hardlines and other closed systems to avoid that very concern and they deal with stuff way more critical, yet if there was such an easy solution software wise do you not think they would take it?

So again your need changed and you had to move to a new device, that has nothing to do with the situation. It is like a family having a new child and all of a sudden needing a bigger car or house, should the car dealer just give them a bigger car because their need changed? And again the arrogance that somehow because you found that it no longer met your needs, which was 100% your own situation, somehow dictates that everyone else should be inconvenienced simply so you can keep doing it the way you want is precisely my point about personal responsibility. You found yourself in a situation, presumably by choice or action of yourself, and think that is somehow unfair and Apple should be forced to change just because you needed to change something. The fault that caused you to change is not Apple's and they should not be held responsible and caused to change their whole business just because of your personal situation.

 

[Aeryn2020]

You’re responding at length to points I didn’t make. I said I purchased the equipment, which you point out is unequivocally true. I did not make any such claim to what you call a “backbone.” I did not claim that all of Apple’s APIs are implemented once they have a use case for them, only that this is “frequently” the case. You appear to agree with that claim as well.


You greatly overestimate the number of people who give even the faintest **** about this.

Um maybe understand what your own comment entails before trying to "correct" someone else. Your claim that somehow owning the device means you have unlimited control over that device is what is factually untrue. You own the physical hardware only. The iOS operating system that runs said device you have zero ownership of, you have a fair use loan to use that system on that device. That means regardless of your physical ownership of the hardware, you in fact do not have the right to do whatever you want with it when it comes to the operation of that device through the included software. So your very incorrect claim of ownership and the implied suggestion that you should therefore be able to do whatever you want with it is invalid because again while hardware wise you may have an argument, how the software works and controls of said device your 1000 dollar or so purchase does not give you license over a multi-million dollar operating system. That is no different than the NFT brothers buying that rare copy of Dune book and somehow thinking they can make movies and stuff based on it without breaching copyright laws.

Again I am not agreeing with your claim, I am stating that yes Apple does create their own APIs, but they also create ones for others upon request, however as the controlling entity behind the iOS they are not obligated to create an API if they do not feel it is in the best interest of their system. There are several APIs that exist only on the system because other developers requested them and Apple agreed they were not harmful or able to be misused which are the two major reasons why Apple may refuse to implement one.

 

[boyarka]

Apple/Apple shareholders/Apple fanboys who believe every Apple decision, policy, product, service ane concept is the revelation on mt. Zion from God himself:

Rrrrrrrrreeeeeee!

 

[Aeryn2020]

I thought it was Amazon who did not want Apple to profit off of their sales?

Amazon did ask for exemption because they were not selling digital content through their Application, only physical items that were shipped from their warehouses. Apple granted them that exception since there was no reasonable reason for Apple to collect on a sale that was not using any of their resources, the payments were not being processed through Apple or any of that. And yes Apps have always had an option of not having in App purchase, however until recently were blocked from giving direct links that take you out of the App and to the required website.

 

[jonblatho]

You have completely zero idea how software works.

Quite a lofty assumption to make about someone who currently writes software for a living.

Once the access point is created, there are also many ways to exploit it

While they’ve had roughly the approach I described above on macOS via Gatekeeper for years and it’s gone quite well — so it’s very much battle-tested — yes, there is some risk of an exploit that would allow an app to bypass not one but two dialogs requiring user interaction to run the app. If such an exploit arises, that’s Apple’s problem, and they should fix it promptly.

Note, however, that there’s really not much stopping a similar exploit from being found today that would allow arbitrary iOS app installations, and such exploits have cropped up before. Thanks to OOP, there’s likely one method somewhere in iOS’s source code that installs apps, and multiple methods — since the App Store isn’t quite the only way to install iOS apps today, just the overwhelming majority — then point at that single method. If an app downloaded from Safari or whatever can exploit that method or any methods that use it, bingo.

And again the arrogance that somehow because you found that it no longer met your needs, which was 100% your own situation, somehow dictates that everyone else should be inconvenienced simply so you can keep doing it the way you want is precisely my point about personal responsibility.

How, pray tell, would it be an inconvenience for you to…ignore a setting and thus keep your device exactly as it is? Does the fact that you can change your iOS device name under Settings > General > About bother you at night even though you statistically probably haven’t done so?

 

[Aeryn2020]

Apple/Apple shareholders/Apple fanboys who believe every Apple decision, policy, product, service ane concept is the revelation on mt. Zion from God himself:

Rrrrrrrrreeeeeee!

Um if you do not like Apple or how they operate, why are you here? I do not agree with every Apple policy but as I am not a part of the company I really have only one say in how that is handled and that is to not buy their product, if their product or service does not meet my need, then as there are multiple options out there that operate differently why should I feel that Apple should change just to appease me? Attempting to use the government to unilaterally force a company to change their business model, to decrease the security of their system and value of their brand to appease a small minority of users that feel they should not be responsible for their choice of buying that companies products is the height of arrogance and entitled behavior.

 

[jonblatho]

Your claim that somehow owning the device means you have unlimited control over that device is what is factually untrue. You own the physical hardware only.

Again, I said nothing to contradict this. I’m done responding to screeds regarding points I didn’t make.

 

[Aeryn2020]

Quite a lofty assumption to make about someone who currently writes software for a living.


While they’ve had roughly the approach I described above on macOS via Gatekeeper for years and it’s gone quite well — so it’s very much battle-tested — yes, there is some risk of an exploit that would allow an app to bypass not one but two dialogs requiring user interaction to run the app. If such an exploit arises, that’s Apple’s problem, and they should fix it promptly.

Note, however, that there’s really not much stopping a similar exploit from being found today that would allow arbitrary iOS app installations, and such exploits have cropped up before. Thanks to OOP, there’s likely one method somewhere in iOS’s source code that installs apps, and multiple methods — since the App Store isn’t quite the only way to install iOS apps today, just the overwhelming majority — then point at that single method. If an app downloaded from Safari or whatever can exploit that method or any methods that use it, bingo.


How, pray tell, would it be an inconvenience for you to…ignore a setting and thus keep your device exactly as it is? Does the fact that you can change your iOS device name under Settings > General > About bother you at night even though you statistically probably haven’t done so?

Again even Apple themselves have stated that MAC OS on MAC computers is not as secure as iOS on iPhone and iPad, for exactly the reason that there are ways to bypass it, is gatekeeper an improvement on how it was, sure, but it is in no way the magical barrier you think it is, and guess what I think I will believe them over you on how secure their own system is. And more importantly however alike a computer today and portable devices have considerably more sensitive information and are used in way more sensitive and life critical situations that a computer never is intended for. If you are in an accident, or having a health emergency do you really want your phone to be compromised and be unable to call emergency systems? Your phone has NFC equipment for paying for things, do you really want that to be easily compromised. More personal email and messages and photos are stored on phones than do you really want that to be compromised?? Again this is not something that is new, and is something that multiple sources have indicated very clearly if you do your own research into it.

And I have zero care about what software you write. There are a lot of software writers who haven't got a clue on how 90% of the system works. Unless you are part of the software development team at Apple or have developed a complete OS for your own device your "expertise" on how their OS works is about equivalent to a use car salesman. I always love when people try to say "oh but I do such as such for a living" as if that somehow means they can not be wrong. I do architecture for a living but that doesn't mean I have unfallable knowledge in how wind force works on high rises.

Again Apple themselves have stated this over and over again and have lamented that they wish they could have implemented as system like we have for iPhone on the computers however despite similarities in capabilities today cellphones and tablets are not in any imaginable form the same as a computer. What works and is an acceptable level of security on a computer is 100% not the same as what is required for a smart phone.

And again you are insisting on the same nonsense concept that a single setting in the OS will somehow magically protect the new vulnerability that is created by allowing a new access point for software. It does not, has not and will never be as secure as single source system.

It is like a building in architecture. If you have 1 door on the building it is 100% more secure than if you have 2 doors. Again regardless of the lock, adding that second door means your building is now 50% as secure as it was prior to having that second door added. This is not rocket science, it simple logic that the more openings that must be guarded make the system that much more attack able.

 

[Aeryn2020]

Last I checked, I paid for the “equipment” with my device purchase.

So what was the meaning of this if not to suggest that your paying for the equipment didn't give you some kind of license to do what you wanted with it. Everyone who bought an iPhone paid for the equipment, so I don't really see the importance of your statement, but feel free to enlighten me on what you were trying to say that clearly was not conveyed in any clear manner from your statement.

 

[wanha]

The people that believe Apple does this for you, the user, for security reasons, are incredibly naive.

Ironically, the fact that you claim to know other people's exact motivations without a sliver of a doubt is also incredible naive.

 

[Blowback]

All this crap is just being pushed by Google to destroy whatever extra security Apple has in their phones. Eventually it’s going to be where you just install whatever apps from whatever place you want to download them. Then people are going to be crying when their data and identity has been stolen 🤦‍♂️😂

Yeah but then the same politicians will ‘fix’ that problem. As they’ve ‘fixed’ so many others they have helped make. Right…..

 

[Blowback]

I think bans that move cities, states, or countries closer to command economies, where elected officials and government bureaucracies dictate every aspect of how private companies and consumers do business, are terrible policy.

In the specific cases of the iOS App Store and, to a lesser extent, Google Play, restricting Apple and Google from setting the participation terms of the marketplaces they built, established a customer base for, and maintain on an ongoing basis does not do anything to protect users or longer-term, developers. Some other payment venue will become the dominant player, raising costs for everybody.

If politicians were serious about helping users and providing choice to developers, legislation requring online marketplaces to accept cash for all transactions might be better. But the best governmental action is this case is really to take no action at all.

WOW. Well thought out and Logical. No comparing Apple or Google to ‘Big Tobacco’ or other nonsense.
Sure you’re on the right site?

 

[Blowback]

Well said. Trying to 'prevent' stupid mistakes by creating baby gates will never allow people to learn common sense and consider things with a critical mind.

So…..by that logic: maybe do away with seat belt and child seat laws? Also…….

 

[0924487]

at the time that Apple and Google "hired almost every lobbyist in town" to kill the bill.

In most countries, this is called corruption. Even in China.