I hope all of the publicity this gets will somehow bring more attention to how much control Apple exerts over the iOS app ecosystem, and maybe bring change there.
I think developers should be able to distribute their apps outside of the App Store if they want, just like on macOS and Android, but Apple is allowed to have this much control because the iPhone doesn't represent the majority of the market, so they aren't as subject to monopoly/antitrust stuff.
I can still hope that Apple will open up their mobile platform further, one day.
I don't understand how allowing people the option to download things outside of the App Store mitigates the iPhone's ability to enforce privacy measures. It's completely possible to sandbox apps that don't come from the App Store, and they could even default to only allowing you to install apps from the App Store, with a secondary security tier of "allow installation of signed apps" and a third security tier of "allow installation of unsigned apps". If you choose to install things outside of the App Store, you would be in the minority. Very, very few people have ever installed anything outside of the Play Store on Android... with the exception of Fortnite.
This isn't an all-or-nothing proposition... and I'm definitely not suggesting "iOS should run all code encountered on the internet as root".
People could click the checkboxes and give away their privacy, as panelists in these Google and Facebook research programs did.
Some privacy advocates think that people shouldn’t have the freedom to do that, because they can make bad choices. They aren’t wrong that a locked down system like iOS is safer overall for users, as long as you’re ok with Apple controlling what content you can use.
The problem isn't really bad choices, it's uninformed choices. People don't realize how little data is needed to extrapolate a lot.
Then you usually get the "facebook is turning on my microphone without asking me" people. They just can't fathom that the precision with which they get ads could be the result of anything else.
I am considering revising my opinion about uninformed choices.
Mostly, there's a whole bunch of stuff to know. I think i'm on board for things that are transparent and trustworthy. Where did this egg come from? how was the hen cared for? It would be super sweet if the history of every object i interact with (or consider purchasing) was available in a tamper proof way.
So, if your argument is, i can get source for whatever and put it on my phone, i am 100% on board.
But that's a pretty big ask. generally my only option is to rely on the supplier, and whatever regulations/inspections they're subject to.
The other thing that sorta ticks me off is, this is Facebook and Google. This isn't some 419 scam. These are real, grown up businesses that chose to ask children to do these things.
children should be informed, children should be educated. but, uh, how high of a standard do you want to hold a 14 year old to?
If they're willing to download and compile the source, and install the software, ok. i think i'm on board. A one click (oh by the way we're activating the mic when you have your first kiss) install is, unseemly. it's gross.
Taking candy from a baby is easy, but despicable.
I don't mean this to be a THINK OF THE CHILDREN post.
it's just as despicable to manipulate adults like that. children just put a special emotional point on the argument.
feel free to throw all that out and tell me why it's ok to ask a middle aged person that has about 15 free minutes a week to research why this app is 'safe'.
I think you misunderstood; I was in favor of not opening up the floodgates on iOS exactly because most people can't grasp what sharing their data leads to (as seen by their reaction: being creeped out and assuming only listening to them talk would lead to such accurate predictions)
The problem isn't really bad choices, it's uninformed choices.
What difference is there, in practice? The world is getting more complicated every day. The amount of information being created in a single day is more than a person could consume in a lifetime.
At some point we should ask ourselves whether it's possible for anyone to have a fully informed opinion on every issue that could ever effect them.
Asking users to make informed decisions about infosec is something from the Windows XP era. Ever since then it’s become clear that platforms will have to be opinionated about their security choices.
For instance allowing users to side-load apps also allows carriers to install crapware and certain governments to mandate monitoring apps. Platform designers need to figure out if that’s worth it — I’m sure different people will reach different conclusions.
This also feeds into arguments about giving people 'best choice' defaults and the role of government.
Government, in an ideal scenario, takes care of situations where the individual person is likely to make a bad choice and screw themselves over because the ability to understand the problem domain is so much work that they are unlikely to make the effort.
This whole conversation in this thread is basically about the nanny-state vs freedom to make your own choices, even if they're more than likely to end up in a bad situation for the end user.
I think everyone is constantly trying to thread the needle on that tension in a way that is acceptable to the broader culture.
Apple might be a dictator, but so far they've proven to be mostly benevolent. I'm glad my mom doesn't have the ability to sell her privacy to Facebook via a shady VPN in exchange for gift cards.
The problem is that mobile devices can say "This app changes your VPN settings and installs a root cert". The general public says "Whatever, I want my olive garden gift card." It could could maybe say "This app could see everything you do online", but it really needs to explain "This app can see very site you visit, every message you send, every porn link you click, etc". Until the OS can actually inform the user what they're trading, it's not choice, it's deception.
And that brings us back to Apple. Until devices can do this for themselves, someone needs to be the gate keeper. Letting users willingly install some candy-themed clicker game that steals your contacts, location, and photos is _objectively bad_ in the same way that BonzaiBuddy and CometCursor were bad twenty years ago. Right now, the only answer we have to this problem is Apple and Google playing the role of the good guy and working towards better solutions.
So why do you think Apple can't explain its permissions in a way majority of its users can understand (yes, including the clear cautionary messages that you wrote). Guess what, Android does that! When you install any third party keyboard on Android, it clearly tells you in plain text it can read everything you type, including credit card numbers etc. We just need the information about what can be the worst possibilities for each permission an app asks for. Apple doesn't want to do that. It wants control over everything.
Another example of how flexibility can hurt a platform, from the Android world, is Samsung's Knox, which creates a very Command and Control "IT-friendly" layer for work purposes on Android, and in doing so kills the platform's usability because all apps from the mail client to the keyboard were selected by IT with no thought towards usability.
We have Knox on work Android devices, but because our IT team also offer iOS, people just choose iOS, because it results in a nicer experience.
Letting other people root your system to accomplish something is great for flexibility and gives you short-term wins. But it can result in massive damage to the platform if left unchecked -- kind of like how OEMs turned Windows into a hellish experience with pre-installed apps like WildTangent Games and the like. End-users won't blame the IT department or the OEM, they'll blame the platform.
This is already happening on Android today. There's a reason Google's Pixel marketing hardly ever mentions "Android".
Apple can do what they want, I am happy that now we have a good example to show people that iOS devices are more like a console and less like a computer. I would like at least GPL software to be allowed on the store.
That’s the perfect analogy. I use an iPhone and an Xbox for the same reasons... I don’t want to dick around with them. I want them to be special purpose devices. While my PC I will twiddle with endlessly.
Anecdotally, that's why I use PCs (on Linux and Windows depending on the context) and an iPhone. I want my computer to be an open system where I'm not dependent on a single company for either hardware or software.
But I want my phone to just work reliably. I actually don't want it to be a full-fledged computer.
"I just want to make calls reliably with my phone. Don't want color displays and all in it".
"I just want my phone to make calls and send plain text messages reliably. Don't want videos and gifs and camera in it."
"I just want a smartphone to make calls, send sms, basic whatsapp and take average pictures. Don't want it to become a DSLR".
"I want my phone to just work reliably. I actually don't want it to be a full-fledged computer. "
Interesting you say that, because your phone is already much (, much) more powerful than the full-fledged computers from just a few years back. The only reason you don't want it to be like 'traditional' full fledged computers because it doesn't work great that way right now. Once it does, you'll not want your phone to become something else.
I'm not necessarily talking about performance but mostly about features.
For instance a lot of friends using Android phones are shocked about iOS lack of a global filesystem.
But to me, this absence is a feature, not a bug. Having every app sandboxed at the OS level is a great thing to limit what can go wrong. I explicitely don't want a global filesystem on iOS.
To be clear, I would hate a full computer without a global filesystem. But I'm really fine with a phone not having one.
(By the way Apple did take tiny steps towards a public filesystem on iOS and I'm not super happy about that)
So what’s the purpose of a “global filesystem” besides having a repository where you can store files and share them across applications? You’ve been able to use iCloud to do that and install third party storage providers that work across apps since iOS 8.
Yes; and what a lot of people omit is that if you have the full copyright to a GPL'd piece of software (because you don't accept contributions without extra license/assignment), you can publish it to the app store.
> Yes; and what a lot of people omit is that if you have the full copyright to a GPL'd piece of software (because you don't accept contributions without extra license/assignment), you can publish it to the app store.
In this case, you're effectively dual-licensing your software.
That is not related to GPL, yes you can use a different license, that is not the point, the point is there are many libraries and programs under GPL that can't be used on restrictive stores and it is a shame.
No, Apple has to observe regulations. If e.g. a bank wants to do business in the US there are (lots of) regulations. If there were the political will to 'open up' the now closed iOS mobile ecosystem, such laws could be written.
Sorry, that I was not clear. I meant to answer to your 'Apple can do what they want' part.
Regarding console I'm happy with you to have a device like a console. On the other hand I don't like that such an important worldwide ecosystem is closed and in the hand of one company. Would Apple e.g. have restored certificates for a much smaller company than Google? (but this is getting a bit offtopic here)
What I mean by 'Apple can do what they want' was in the limits of the law, if EU or US laws will find Apple guilty I will be happy but I am not sure this will happen since we have the consoles that are also locked.
I also don't like good hardware becoming just bricks because you can't repair it or you can't install a different OS but mentioning this opinion here will cause it getting downvoted (yeah all my post about Apple and right to repair and publishing schematics got downvoted)
>Was anybody ever in any doubt these Apple positions the phone as explicitly not an open computing platform?
I don't think many people think about it, so it6 is not like people are tricked to think is an open computer but they are not even consider the implication. Does average iOS user know that at any moment Apple can brick his device, can remove stuff from his device, can install whatever they want, do they consider that in future this devices will be just briks without the software/cloud part(at least with consoles you may be able to use games on disks for now)
On this topic, the smart speakers and to a larger extent smart displays from Amazon Alexa and Google Assistant (and maybe even the fire TV and Chromecast) are very reliant on connection to the server to deliver anything of value.
I don't think people realize that it can just go away at any time. I'm sure the terms and conditions allow a clause which shows the company to shut down these services at any time without facing a requirement to buy back these (now useless) gadgets.
Do you think that Apple servers will be up forever? That the app you bought today will be there for you to re-install in 20 years?
My point is that incidents show regular people the things that are usually "hidden" in big EULAs, is good to have such big incidents we can link to, like when someone tells ypou that is better to keep your data on Google servers since they have brilliant engineers you can link to incidents like the Google+ leaks to show that even Google can ignore security or make mistakes.
I don’t disagree, though I would say it’s an absurd point. I’m confident enough that Apple’s servers, hosted between GCP, AWS and Azure AFAIK, will outlast my current iPhone and my next few. Also that apps I bought even 10 years ago that are still of use and supported are available to me now.
The EULA that was breached here was an Enterprise agreement between Google and Apple. It will have been poured over by teams of lawyers. An individual at Google had decided, “fuck it, whats the worst that could happen?” and found out.
I’ve seen people frequently be accused of being “Apple apologist” on this site. What I’m reading is the exact opposite. Google are responsible for their actions, no-one else. As is constantly pointed out, there is an alternative to iPhone, where choice and “freedom” exist, but it comes at a non-financial cost.
I am happy with the Apple decision to force their EULAs for the reason more people can see now what is inside the EULAs.
Not all people change their device every 2 years, there should be no reason why you could not use (or give to someone else to continue using) a device(phone,tablet, TV, watch) until it just falls apart.
So let me get this straight - your take away from this is that Apple is bad because they could remove apps from your device, but Google is OK, even though the have actually removed apps and because reasons. We’re done here.
No, I am not on Google camp, Google did not respect the EULA, Apple was right to apply the EULA, so all was legal and fair as per the Apple and Google contract.
My point is that big EULAs are bad, not controlling your hardware is bad (no matter if is Apple,MS or Google), this incident makes it clear what rights you have with this kind of EULAs
That's debatable. While legitimate access has increased, one can make the argument that today's iPhones are much more locked down than their predecessors, some of which had unpatchable bugs in the early stages of their bootloaders that basically rendered Apple's protections useless.
You've identified a partial list of apps which might be bad for user privacy. Could you produce an exhaustive list, though? And specific policy defining what would constitute a violating app?
Forcing VPNs to be installed only via the app store also means that an authoritarian state like China has a single source to clamp down on when they want to restrict citizens' access to information.
Its probably a good idea for grandma to have a phone you can not possibly mess up with but it sucks for everyone else that there is no setting to escape bubblewrap mode. I love how linux distros are set up. I can easily find trusted software in the repos but nothing stops me from running anything I want if needed and I understand the risks of running stuff outside of those repos.
With Android you suffer privacy intrusions. Unfortunately the market has failed with the dominant iOS/Android options. Regulations to protect consumers are required imo. Apple and Google are too big and have no incentive to fix this on their side.
I'm extremely free market but phones are used by practically everyone and 1 of the practically only 2 operating systems won't allow anyone whatsoever to distribute applications in any way outside of their totalitarian system.
I get your point and I'm not for forcing Apple to allow free side loading apps yet (I have an android partially because of this reason) but it is infuriating that when I had an iphone, I could not use any apps not allowed by them and annoying that i don't have that ability if I ever want to go back to an Iphone (and a major blocker for going back to be honest now that phone upgrades don't mean much these days).
This is how macOS works currently. Unfortunately, macOS has also had more aggressive malware because of this: it's easy to socially engineer users into removing security barriers.
More aggressive malware than what? There has been very little malware, and almost all of it gets shutdown within hours by Apple blacklisting the malware. I don't use macOS, so maybe I'm missing something, but I haven't heard of malware ravaging the macOS landscape. Windows has gotten a lot better about malware, and macOS is still not even at the same level of risk as modern Windows.
I'm certain that Apple could do even better with iOS since they have the advantage of not needing to maintain compatibility with an existing ecosystem of software being distributed outside of the App Store.
But again, if it's a non-issue on macOS (which it is, by all accounts of my Mac using friends and coworkers), then it would be even more of a non-issue on iOS, where they have a clean slate to design a security model "the right way" for apps distributed outside of the App Store.
If users willingly choose to give up their information in exchange for a $20 gift card, isn't that their choice? I wouldn't do it, and you wouldn't do it, but as long as they're adults, isn't that their choice, not yours? If apps are trying to steal information without informing the users, those could be blacklisted outside of the App Store just as well as they can be blacklisted inside it if Apple requires centrally managed signing certificates... but I would still favor an option of allowing unsigned software to be installed. The user's choice should be their choice.
Being outside of the App Store wouldn't necessarily be carte blanche, although it would hopefully enable developers to do more and better stuff, as well as make development more accessible to hobbyists who don't want to pay to distribute their stuff on the App Store.
> If users willingly choose to give up their information in exchange for a $20 gift card, isn't that their choice?
My perspective - NO. When I choose to share something personal with someone, there is obviously an implicit understanding that I don't want it shared with others.
Yes, you have the right to share your data. But you do not have the right to share my (or other people's data) without their consent.
(Side note: This is why privacy conscious email providers, like Tutanota and Protonmail, provide you an option to send a password protected email to parasitic providers like Gmail, so that Google / Gmail can't "read" it and create a profile on you even if you don't use their service).
> if it's a non-issue on macOS (which it is, by all accounts of my Mac using friends and coworkers)
It's not quite a non-issue, but it's a small one, mostly due to the small userbase and Apple's efforts to quickly blacklist malware.
> they have a clean slate to design a security model "the right way" for apps distributed outside of the App Store
Apple's solution is very clearly "don't distribute outside the App Store".
> If users willingly choose to give up their information in exchange for a $20 gift card, isn't that their choice? I wouldn't do it, and you wouldn't do it, but as long as they're adults, isn't that kind of their choice?
One argument that I have heard (and am presenting without attaching my views on its validity) is that if anything goes wrong with someone's iPhone, they will blame Apple for their messed-up device rather than themselves. So it's in Apple's best interest to prevent people from being able to do stupid things.
Apple actually have no problem with developers distributing outside the store. But this will issue a notice to the user.
Furthermore if the developer don’t register to them and and don’t sign their Apps, it will require and additional step through system setting and will be qualified as unsafe by the user facing warning.
If developers do sign theirs Apps Apple have no issue with side loading as they’ll have a mean to nuke theses Apps via cert revocation if one of theses App turn out to be a malware.
Maybe it’s that middle ground that is currently missing from iOS.
However one could rightly argue that for the sake of overall system performance on a mobile device preemptive curation is a better choice. It’s would be perceived equally (if not more) harsh is Apple nuked side loaded signed Apps for the reason of "Impairing performance". On MacOS they’re resorted to nuke only for security reason which is more acceptable.
I don't, but it was 2, a fake malware scanner and a browser hijack (changed search, hompage, etc and would reset itself automatically, also stuck a toolbar in at least Chrome, not sure about Safari).
I'm not impressed with Apple walled garden. They will block apps that go against monetization. Apps like DNS66 or blokada will never get in. Its not just about security.
I could never trust an Apple or Google run app store to serve MY interests.
Unless those apps not from the App Store are open source, we have very little means of being able to trust those apps to do the right thing. Apple isn’t perfect, but they do provide a modicum of assurance that the apps you install aren’t going to be malware. Apple’s incentives are aligned with the consumer — if a bunch of malware infects Apple devices, that harms the Apple brand and the consumer. The App Store also rewards developers who do the right thing by providing access to a billion devices in exchange for adhering to certain standards of security.
If their integrity on privacy is true, they why lie about the PRISM program? What assurance do we have that Apple isn't part of PRISM or similar program anymore.
Apple as a hardware company,privacy narrative has worked in its favour & yes the consumers as well; but seeing it as a saviour of our privacy is just naive.
What I respect about Apples approach to this is their commitment to not being able to access your data themselves anyway. That way the NSA can hit them with whatever secret court orders they like, Apple cannot help them. They’re not completely there yet, but they appear to be doing it and nobody else seems to be even trying.
Meanwhile, the Chinese government got Apple to ban VPN apps from the Chinese app store (and block the requisite API in sideloaded applications). So because of Apple's closed system, an entire nation of people is more liable to be spied on by their government.
But yes, let's encourage Apple to keep their system closed, to protect users from purposefully opting in to tracking.
No. I'm not in favor of "corporate data harvesting", but I am in favor of users being able to run whatever software they want on devices they own. I firmly believe that this gives users more self-empowerement in the long run, and that China is a good example of why.
Trying to protect users from themselves is never a good solution. Educate, don't dictate.
The problem has always been, "what if you have users you can't educate?" (Or take too much time / effort to realistically educate, or don't want to be educated, etc.) If you have both groups of users, and they share a platform, and their security needs are at odds with each other, you have to pick either the educated group or the uneducated group, in a way which fundamentally disadvantages the unchosen group. You can't make both happy, ever.
In these debates I often see the educated group advocate for more education of the uneducated group, which many times I think is disingenuous, impractical, and sometimes even a little hostile to the uneducated. It seems to fundamentally misunderstand many of the uneducated group's wants and needs.
It's a bummer to be in the educated group and be subject to this problem, but I think it's fundamentally an intractable problem. If you don't like it, you have to leave for a platform which serves your needs, and that platform is almost certainly going to be a niche platform (at least eventually), because most users are not educated but want to have their needs served anyway.
EDIT: One more thing. There's an implicit assumption about danger here and an appropriate level of education. It's appropriate to ask anyone, regardless of who they are, to undergo a lot of training before operating, say, a car. It's not appropriate, in my book, to ask people to undergo a lot of education before operating a phone.
This isn't about ease of use! If Apple allowed sideloading software on the iPhone, nothing would change for 95+% of users, who would continue to get all their software from the App Store. Sideloaded software would be installed by only those users who were tech-literate enough to use such an option.
I brought up China because I legitimately see this issue as orthogonal to free speech. Here's another example: I'm not a fan of Alex Jones, and I'm glad he got banned from the App Store, but I'm less enthused that it's now impossible for Alex Jones to create an iOS app.
Imagine if we were talking about books instead of apps. If Barnes & Noble decided to ban books written by hate groups from their stores, I would be okay with that! I would not, however, be okay with Barns & Noble preventing hate groups from finding their own publishers and distributors. Software is the medium of our age, and so it needs to be possible for anyone to distribute.
This does not mean that sideloading software needs to be easy. Software is powerful, and users should be guided towards safe and well-vetted distributors. But if sideloading is impossible, you end up with the situation of VPN apps in China. If the alternative is that a handful of users who specifically ask to be tracked by Google and Facebook are in fact tracked by Google and Facebook, so be it.
And this is why I NEVER install anything Google on my iPhones, and I firewall EVERYTHING Google on my Androids (apart from when I want to download/update a new app)(No Root Firewall).
FB and Google just don't give a rat's ... for anything except profit. Unless they start getting fines in the region of $XXm per month, they won't stop.
Apart from that, yes great companies, great services, but next-to-zero ethics.
Is there a body that enforced privacy measures on apt? What about on just random code on GitHub? Or web applications? Is a body enforcing privacy (even preventing people from consenting to give their data away) a good thing?
In grad school I did some research that involved a mobile app and people willingly giving some of their information to me (after a lot of notice and consent forms). This was relevant for legal analysis of some data collection programs. Should my app have been shuttered?
I think it’s the fact that whenever the government has tried to force them to unlock phones for them or install backdoors allow them to do so, they’ve very publicly crashed flat into an Apple brick wall.
It's not so much that anybody has been convinced, but that Apple themselves are incentivized to preserve the privacy of their customers to some degree.
Like the nitro-boosted, high octane, adrenaline pumping privacy they extend to their users in China [1]?
This whole "Apple is so special that thir brutalistic absolutism is warranted" attitude is tiring. More $ flow through Apple in mobile software in the US, than through the competition, effectively making them a monopoly. They need to be subject to the same monopoly regulation as any other monopoly.
Your Linux machine is neither a walled garden nor a gate; it's an unlocked house in the countryside. Its lack of privacy problems is because it's not a target.
Have you built something from source by downloading a tarball and running `make install`? Did you look at the Makefile before you did so?
It's a walled garden because the default way to install apps is from the repository, a trusted source that isn't filled with spyware. The gate is that I can download and run software without it. It's the best of both worlds and has been before app stores existed. An unlocked house in the countryside would be running software without my intent, the only place that happens is inside the browser.
You trust the app store just as I trust the repositories, I just have other choices available as well.
> Have you built something from source by downloading a tarball and running `make install`? Did you look at the Makefile before you did so?
Again, it's all about trust.
Under this model companies like google can even build their own extensions to the garden.
As a Linux user I agree with GP that Linux is only as safe as it is because it's not a target. It's pretty clear that large tech companies cannot be trusted, I definitely wouldn't run a binary provided by Facebook on my machine. I am hesitant about running apps like Slack and Dropbox, and would prefer not to give them full access to my user account[0], but I need to use them so. Desktop container technologies are maturing nicely, so hopefully one day we'll have permission prompts where we can restrict what an app can access.
[0] Yes I understand I could run them as a different user but that's not very user friendly at the moment.
I don't understand. Some Linux machines I'm responsible for are targets. I build what few things I need from source in a sandbox, fetch the source from entities I trust and verify the integrity. And yes, I do read the code, because if I'm building it that usually means I needed to patch it.
So your Linux machines are like military facilities in the middle of nowhere. Guarded and hard to break into.
But most people's Linux machines aren't like that. Most people don't build in a sandbox, don't verify trust chains and integrity, don't read the code. It's configure && make && sudo make install. This works because evildoers and assholes are too busy ruining lives of people using Windows, Android and iOS (and, increasingly, MacOS) to notice the small and tech-savvy Linux crowd.
Most people install from the Ubuntu software centre or the distros equivalent which is vetted software, just like apples store. It's been that way since before there was an Apple app store.
Even for power users configure and make is a last resort or something only developers will do for specific reasons.
You have a strange idea of what desktop Linux is like.
You don't think desktop Linux users use pip or npm?
(Also, speaking as a distro packager, we don't do as much vetting as Apple does and we certainly don't do as much sandboxing. We're generally volunteers.)
> You don't think desktop Linux users use pip or npm?
Most won't, only developers. Even there I'd say linux has an advantage because many of the dependencies in tools like that can be included by the distro itself. It hasn't worked well in practice so far but in theory it's a better solution.
This is also identical across operating systems so it's hardly an example of one being superior to the other.
> Also, speaking as a distro packager, we don't do as much vetting as Apple does and we certainly don't do as much sandboxing.
I'm sure the vetting could be much stricter, but so far in practice it has not been an issue so I continue to trust responsible distros (debian, redhat, not arch). I'd also hope some distros like redhat are doing a lot more vetting.
So you've moved beyond the security on the mechanisms of software installation to just saying you trust Apple and don't trust open source software. That's all this boils down to.
You're looking at the current state and not the model itself.
> The average iOS and Android users don't even know they are in a garden, much less know how to protect it.
If you took those same users and put them on the linux equivalent (ignoring other practicalities) the same will be true, any software they want will be coming from the ubuntu software center or something equivalent and they wouldn't have to protect themselves. Yet they'd still have the freedom to get software from other sources if they wished. Corporate users could build their own repository and have software installed from there without involving anyone else.
Windows didn't have such a malware problem because they gave users the freedom, it was because downloading installers from websites was the default way to install software. Without this history windows could be (I don't know how trusted the windows store should be) in the same position as linux today, with users trained to install what they want from the store but still able to go around it.
The apple desktop is in basically the same situation as windows.
Android isn't a walled garden, you can install apps from elsewhere. Unfortunately the play store isn't a trustworthy source of software like apple store or a linux repository, all sorts of crap ends up there. Google even generates a per device Id to help software track you.
The enforcing of privacy was done at a political level, not at a technical level. Linux (as a group? vague hand-wavy term) focuses hard on the technical merits of its own product, but ignores the ecosystem.
Seems a bit of a double standard around here. When Apple's doing it, "shut up and take my freedom!" When anyone else is doing it, it's "those who would trade freedom for security deserve neither."
Developers are able to distribute their apps outside of the App Store, on Android.
There is a lot about Apple's restrictive approach I don't care for, most notably forcing digital subscriptions to run through App Store billing, but being the single point of entry for apps onto the phone is a feature, not a bug. I trust the content on Apple devices far more than I would those on an Android device.
You should be able to have that. At the same time people should have the freedom to opt-out of this "walled garden".
Just like how you can opt-out of System Integrity Protection on macOS. Most/average people don't even know about SIP's existence, and are protected by it. Those who do know it (developers, etc.), have the freedom to opt-out.
It's not that simple. I just recently switched back from Android to iOS, and it's so much more convenient to have Amazon forced into the App Store than to have it constantly asking for me to temporarily change my security permissions so it can sideload its apps.
I did my best to never upgrade it before, to hopefully send some kind of signal to a PM somewhere inside Amazon, but ¯\_(ツ)_/¯
They’re not subject to antitrust/competition remedies because you have plenty of other choices. Instead of complaining that Apple’s principles aren’t the same as yours, you can support the other platforms that are consistent with your values. Personally, I prefer the centralized control of a trusted company, but i understand it’s not right for everyone. In this case, Apple’s moves against FB and Google were in my personal best interest.
I'm hoping the EU competition commissioner goes after them for their 'no payment methods except ours' policy on iOS. (and to a lesser extent their 'no sideloading' policy, though I'm less certain that would stick)
> I hope all of the publicity this gets will somehow bring more attention to how much control Apple exerts over the iOS app ecosystem...
Me too!
> ...and maybe bring change there.
And that's where you lost me.
I don't want or need to install iOS apps outside of the app store. There's a reason I use iOS devices and what we've seen the past couple days is that reason in full view.
> That's unrelated to what other people might want.
Sure it is. The more capabilities you enable, the more things become supported or expected. Giving more freedom to side load apps means developers would expect more users to do so as well. This threatens the walled garden approach, which some people actually like.
If one wants a more open environment, there's always Android.
I consider Apple's oversight of iOS to be a feature, not a problem to be solved, because so far they have been worthy of my trust. I don't have the time or inclination to vet everything, and I have zero interest in having to sysadmin something else (seriously, creeping sysadmin-ism is the bane of technical folks in 2019 -- your TV, your stereo, your light switches, etc., may all require sysadmin tasks now, which is kind of absurd).
The problem illustrated by this affair is not Apple's control of iOS; it's how far Facebook and Google have gone to quietly betray their users' trust.
> I think developers should be able to distribute their apps outside of the App Store if they want, just like on macOS and Android, but Apple is allowed to have this much control because the iPhone doesn't represent the majority of the market, so they aren't as subject to monopoly/antitrust stuff.
Is there a reason they can't? To the best of my knowledge compiled apps can be shipped as ipa files and side loaded without much difficulty nowadays.
There is, yes. There are only 3 ways to sign apps (ipa files) for iOS:
- using a Dev certificate, which does not require any Apple validation, but you are limited to 100 devices registered on your iOS development account
- using an Enterprise certificate (such as the one the article talk about), which allows you to distribute an app on any device in your business. The "in your business" part is in the conditions, not enforced via code. There is no Apple validation, but if you get caught distributing it elsewhere, your certificate might get revoked (exactly what happened there)
- using an App Store certificate, which allows you to send the app to the App Store/TestFlight, but you won't be able to install it directly on any device. There is an Apple validation for both.
As you can see, there is no way to side-load an iOS app at scale (excluding rooted devices, most people don't root their device).
Apple and iOS users have more to lose than to gain by opening up the app store. Their more tightly controlled ecosystem is a net benefit to users, IMHO.
If you really want to side load apps, can't you do that after signing up for the developer program?
Why? I think it is great that they closely monitor what goes into the App Store to better prevent malicious software. What’s a good case for not doing that?
This is one of the reasons people buy iPhones in the first place. We that want a phone that we can install our own stuff on already bought Android. That is the choices we have, either we buy into the companys way of things or we don't. I'm not happy with Google owning everything but I preffer the little freedom I have with an Android phone compared to iPhone where I can't even change the battery myself. Ofcourse on later Androids I no longer can change battery myself but at least I can insert a cheap micro-sd card if I need more space for my music.
Apple hands companies who sign up for an enterprise signing certificate the equivalent of a "get out of walled garden free" card, on the condition that you not use it to distribute software to people outside your company.
This is made VERY clear when you sign up and Google, at least, made it clear that using it to distribute software to the public violated the agreement they had entered into.
>A Google spokesperson told The Verge, “The Screenwise Meter iOS app should not have operated under Apple’s developer enterprise program — this was a mistake, and we apologize.
Yes, this is why we need to stop supporting companies that run such centralised walled gardens. This includes google, facebook, youtube, instagram, whatsapp etc.
You want to stop people at Google from being able to internally distribute iOS apps permanently? Apple and Google are far too reliant on each other for Apple to follow through with such a large punishment. Businesses skew towards "rational", not "fair".
There really is a blind spot in the app distribution mechanisms. There is no way to distribute your app only to a selected amount of "customer / partners".
Either you put it on the app store, and everybody can download it, or you use an enterprise certificate but you're now at the mercy of apple having a different definition of what you're allowed to do with it and what constitutes a "member of the company".
> There really is a blind spot in the app distribution mechanisms. There is no way to distribute your app only to a selected amount of "customer / partners".
I have a very radical solution for this. I propose to name it "Login". Only the authorized people will get the holy username and password that will grant access to my App and it's functionality.
Sure, ordinary people can download the app, but what are they going to do without the username/password? Nothing.
You’re able to create custom apps for businesses where you can distribute to selected businesses, although you still need to go through the App Store approval process. You can also require a login to your app to restrict who can use it.
TestFlight doesn't work for b2b. You can't sell or give a private customer a software solution then ask them to register for a test to get the iOS software.
You can distribute it on the App Store and only allow customers to use it via a login. This is a solved problem and what my previous company use to do.
Again. There is an existence proof. I worked for a company in the healthcare space that was strictly business to business it was used for secure HIPAA compliant messages between doctors in a hospital network.
You couldn’t use the app unless you were a doctor who belonged to a clients network.
As far as not understanding what app to pick. There are plenty of companies including FB that have apps for the general public and apps for a subset of users.
That's also a thing with app store : the fact that someone else's app works one way doesn't mean a lot. Your app could get accepted for months and then all of the sudden be rejected after an update makes it go through validation again.
But that was the App store's rules, and people more or less learned to go with it. What worries me a lot with the recent news is that the lottery could now affect enterprise certificates as well.
OT: I'm not familiar with the app store details (I develop on Android) but if an Enterprise Cert is the only way, that's embarrassingly poor and I hope they improve it soon for the sake of other devs.
It's trivially easy to have a closed Beta/Alpha channel on the Play Store and updates are handled like with any other app update.
On Topic: it was only a matter of time until Apple restored the cert but I am still glad they revoked it as a very clear and loud warning. This might all just be grand posturing but it's good to see the big shots get a very public warning
Is Apple now also going to ban Square, Sonos, Amazon, DoorDash, Instacart, Postmates, Uber, DBS Bank, Handy, Vseen, Shiphero etc for also misusing their certificates?
If you're going to rule with an iron fist on your walled garden, then you better do it fairly. If they don't then they stand to be ridiculed and lose face.
Worth noting the relationship between these services and the "paid contractors" that use the app is expressly not Employer-Employee. Facebook and Google paid third party personnel, so is Instacart and Uber.
Apple has historically looked the other way at a lot of uses of enterprise certs outside the fuzzy definition of who exactly is in the enterprise. The difference with the Apple and Google cases is that they were using the enterprise cert to distribute apps that were specifically banned from the app store, and they were distributing it to people that clearly did not have any kind of close relationship with the company. In many of your examples, the apps are for gig workers that are arguably part of the "enterprise.", even if they're not technically employees. I think Facebook tried to argue that because they were paying people $20 a month to keep the app on their phone that they were their contractors, but that is a very thin argument.
Come on, let's be real, the difference is that the media blasted Facebook and Google about privacy issues and Apple capitalized on that to play to their privacy marketing play.
Which i guess is _fine_ if the result from that is an increase in privacy for the end user. I get your point - there is something to be said about handling every "breach" of their rules differently. But in the case of Google and Facebook there is a clear distinction between evil and not evil if you factor in your list above, which we all can agree on.
Unless Apple found it sufficient to make an example of Facebook and Google. The statement would be pretty clear: if you think we won't do it to you because you're a big company and a valued partner, just look at the size of the company who tried it on and think again.
Sibling comments says your comment was downvoted? I imagine you’re spot on. I caught my credit union doing this (to deploy a beta version to this customers), and I emailed them asking about their mental health given that Apple takes a dim view on such practices. And that’s just the one I’ve caught. So I could see Apple using this circumstance to fire a warning shot across multiple bows.
Generally if someone earned less than $600 as an independent contractor, the payer does not have to send the contractor a 1099-MISC. Given that Facebook pays $20 per month, it's well below the limit for issuing 1099s.
everyone in the US who is not employed directly (where the employer pays income tax for you) are by default 10-99s if they are paid more than $600 per year...
how the people are paid has nothing to do with why Apple took the action they did.
Uber, DoorDash, and all the others actually issue 1099's to their drivers. I'd be surprised if users of the research apps were issued tax forms that show a similar relationship.
The enterprise agreement itself does not require any showing of an employee-employer relationship as defined by the local jurisdiction.
But if you read the rest of the agreement, you will find more requirements about who these apps may be distributed to, and they make this case pretty much a slam dunk in Apple's favor. For example, Facebook cannot possibly agree that they would be liable for what users of these research apps do, nor can they claim the ability to retrieve these devices if the relationship ends.
So, no - simply issuing a tax form won't solve this for Facebook.
At least the way I'm reading Apple's terms, those cases fall more cleanly into the Employee category (which includes 1099 contractors, as defined in the terms).
The requirement to issue 1099s kicks in at $600/year. The panelists were well below that and weren’t paid in cash. The not-paid-in-cash thing doesn’t matter for reporting requirements, but I would guess it probably gives an extra layer of legal protection if the panelists decided to claim they are in fact employees.
It's blurry but the fact that the payment is solely for them to install the app and give away their privacy is a pretty strong indication. That's quite different from a delivery service where the relationship is that they're delivering food, and the app is just one tool they use to do the job.
I looked at the first two, they both appear to be aimed at people making deliveries for Amazon and Door Dash. It doesn't sound like the apps do anything unrelated to delivery work, much less analyze all web traffic from the mobile device 24/7.
If the only point you're making is about employees vs. contractors, the 24/7 interception of non-work internet traffic seems to be far more important than employment classification.
Google's App did similar ban evasion technique as what Facebook Research put out so its weird that Facebook is still revoked (edit: apparently not they got unbanned) and Google and Amazon are still free to play. TOS has to be enforced less randomly, as that erodes trust.
I do respect Apple's play here on privacy, but they are quite literally trying to police sideloaded apps and that's a hard thing to really do, which is why these apps went on undetected for a long time raising no flags until the recent media spotlight.
Apple’s App Store policies have not been known for being fair to all participants. That’s for public apps.
I’m not sure why they would change that stance - much less for enterprise apps - now. So long as the abuse is not egregious (see FB & G) they probably don’t care.
Apple hasn’t claimed it is banning Facebook or Google from their enterprise program. They are simply revoking the certificate that was spread to consumers. Those certificates can be re-generated.
I once participated in data gathering for Arbitron, which gathers radio stats.
It was very simple. For some period of time (I think it was a week...this was a long time ago so details are fuzzy) I was supposed to write down the time and identity of every radio station I heard (or maybe every station I heard for more than a few minutes?). At the end of the survey period, I mailed that to them.
I forget how much they paid, but I think it was on the order of a few dollars.
This would have been quite a while ago--probably at least 20 years ago.
They still do that kind of survey, I believe, a few times a year in each of several hundred metropolitan areas.
In 2007, they added another data gathering method that they use in a smaller number of major markets where participants wear a small device that can pick up subaudible identification messages embedded in radio broadcasts to tell what radio stations are being played in an area. These devices record that information and periodically send the data back to the company.
In 2012 they were bought by Neilsen and are now called Neilsen Audio, but the data gathering is still as described above.
Last I checked it was way more low tech than you’d expect for a company people put a lot of stock in. Basically, they put scanners on some people’s TV’s (with their permission, which is good but introduces a lot of selection bias) and try to correlate what gets watched with the ages of the people in the house (while not knowing whos watching what and hoping the TV doesn’t just get left on for hours with no one watching).
They give you a remote with toggle buttons labeled with people's names so you can tell it who is watching or if multiple people are watching. They also have software for media pcs but you can hook up an intermediary box if you want. They also pay you per hooked up tv, and have stats on whether a tv is a bedroom / kitchen / family room tv.
Revocation is simple: Apple simply blacklists the certificate, and iOS devices will refuse to run the app. I'm not sure how reversal works, but it's likely that either Google was granted a new certificate to sign their apps with or Apple somehow has a way of "unblacklisting" certificates.
Unjailbroken iOS users, yes - certificates are signed by Apple. That said it's pretty easy to get a developer certificate for yourself. You just have to a) own a Mac and b) agree to not use it externally (which is what both Facebook and Google failed to do), but nothing prevents there being e.g. a community of people running open-source apps that don't abide by the App Store restrictions, all compiling them on their own machines.
> agree to not use it externally (which is what both Facebook and Google failed to do)
It's important to note that the certificates that Facebook and Google had revoked were not developer certificates, they were enterprise certificates, which are have significantly fewer restrictions when distributing outside of the App Store and hence have more rules attached to their use.
> but nothing prevents there being e.g. a community of people running open-source apps that don't abide by the App Store restrictions, all compiling them on their own machines.
My memory could be wrong on this, but I thought this is exactly what the Flux app did and Apple sent them a cease and desist for keeping the self compile and self sign instructions online.
In a sense, you're still right as long as the community stays small enough that it doesn't get the attention of Apple.
f.lux is not open source, and Apple told it to stop because it tried to distribute itself as an opaque binary rather than something that users could compile themselves.
I don't think this is accurate. The original announcement HN thread includes discussion of the source, which is linked and still online on GitHub:
https://news.ycombinator.com/item?id=10550427
It should be noted that (I don't believe) Google nor Apple aknowledged why the certificate stopped working. And shortly after it did stop working both Google and Apple said they were working to get it fixed.
expiring the first cert makes it so the banned app can not be opened anymore and no longer works. givingthe new cert allows google to sign new builds of all their other existing apps meaning in effect they are able to stop the banned app from ever being run again
Right, this is probably techcrunch saving face because they really have no idea what they are talking about, so have to make it seem like whatever happened was in line with what they reported.
Sorry, but why do you think this? The Facebook app was very clearly Onavo rebranded and signed with an enterprise certificate; I have a copy of the file if you'd like to check it yourself.
Facebook and Google engineers have weighed in on Hacker News confirming that their internal apps stopped working. Again, why do you think TechCrunch doesn't know what they're talking about here?
Again, i don't disagree both certs were revoked, and it's been actually confirmed that apple banned facebook .
That doesn't mean apple intentionally banned Google. This has neither been confirmed (and is completely and totally unsourced), nor would it make any sense for them to ban google and then issue friendly press about it.
So I'm suggesting the different reactions from apple and coordinated messaging differences imply there is something different about this case.
Why do these bigcos use native apps for internal tools? I would think a progressive web app would be easier to maintain for multiple platforms and a good-enough user experience for an internal tool.
Native apps have a lot of advantages: it’s defacto behind a login screen that can be highly secured (i.e. biometric identification)
Attack surface is comparitively low from outside.
You get full control to what is accessed how. Phishing is basically impossible, you don’t have to trust the browser going the right place doig the right things.
It can be wiped device per device.
It has primary and bi-directional access to storage and camera.
You can give different people different versions of the app without having to maintain whole different sites.
Give me a real app over a web app any day, the performance, the power and flexibility of native integration and if nothing else - JavaScript is a mess.
But not many web devs that specialize in that device or mobile devices in general. As someone who does both usually the native dev have a much better advantage if given 2 native devs vs 2 web devs. But thats just my experience.
So does this mean Facebook is going to get their restored? Or is this some kind of slap on the wrist for google but also not really. Very confusing messaging from Apple here.
Apple likely wanted to have a nice long chat with some people at each company about their behavior. This was probably meant as a warning not to step out of line again.
Indeed, Apple is known (internally) for sitting down with privacy offenders and having serious conversations where they explain not just the rules they broke but why those rules are in place and that one of Apples business models comes from the value that they place on data and information privacy above all else is both a product and a right that people should have.
Apple banned Facebook. They said nothing in PR about it.
Apple did not in fact ban Google. Instead, one of (Apple, Google) fucked up removing the screenwise app and accidentally revoked the cert.
Techcrunch being techcrunch, they assumed Apple banned Google and published that with literally no supporting evidence.
If that was true, why would anyone publish friendly press so quickly?
and at literally the same time?
All data instead suggests if Apple banned Google, both would shut up about it.
Instead, here, both Apple and Google release press statements stating they are working to fix the issue as soon as possible in a coordinated manner.
Unfortunately, techcrunch/et al can't walk back their statements without looking like idiots, so they go with "Apple banned google and then google must have apologized or something" as their narrative, even though that narrative makes literally no sense given the difference in reactions from Apple.
I said on one of the other posts about this that I wouldn't be surprised if Apple gave Google a heads up to let them know they have to be consistent. Especially given that Google basically apologized. Now I'm more convinced.
So, random people, non-employees, not QA testing, not bound by real business relationships, get a copy of some enterprise FAANG apps...
And that certainly is insteresting, and significant, but what circumstances does this confer to those who get the app? And are normal, ordinary commoners disadvantaged by this and missing out, or are the enterprise randos getting a hyperinvasive, buggy, flakey, nightly, crash prone, hazardous, insecure, warranty voiding piles of garbage?
I guess we can’t know, without seeing what the enterprise distributions look like, and the point is that there are consumers getting special treatment, when that’s not the way the game is supposed to be played, violating franchise rules...
It's not clear whether the Google was given a new certificate, or if their old one was reactivated, but either way it stopped both of them from abusing their enterprise certificates.
The irony is that Apple and Google and most larger tech companies require every single one of their own employees to install these certs on their phone.
I would, in a heartbeat. Facebook was uninstalled the moment the last round of spying was announced on android. I love maps and google music/youtube, but I could live without them, neither are deal breakers.
FB would just make their mobile web version work a bit better to get the users back. It's not like they would just sit there an allow the users to go away. They'd do whatever they can to get their golden gooses back, including just beefing up the website. FB also still works fine on mobile browsers anyway, without all of the unnecessary access to your filesystem, contacts, text messages, images/videos, cameras, microphone and everything else on it.
You don't need apps to live in 2019, although a lot of people seem to think so, or at least act as though they do. Not saying you, just in general. I've gotten rid of most of my apps and just use the web version of everything. I can still bank fine, use fb, instagram, youtube and everything else. No problem. There are very few things on a phone that actually need special hardware (sensors, etc) that would actually require a native app, and most apps that do need that kind of access are mostly just gimicky wastes of time. Most, not all. Who really gives a crap about being able to make your poop emoji animate by using your face. Sure, it can be fun, but not necessary. It adds nothing to my life. Is there an app for that? Yes, but there doesn't need to be an app specifically for that. Most are just glorified websites under a different interface. yipee.
How am I able to click on "messenger" in the upper left menu of the website (2nd option down under News Feed) and able to send/view messages on my mac? I also get an instant email notification if I'm not logged in when someone messages me so I don't need notification alerts.
Well I can’t speak for other people, for me and the three others in the immediate space around me that I just asked: We all stopped used Facebook some time ago as we either found it irrelevant or did not trust the company. As for google, two people in the room with me use Gmail but both just agreed they’d rather start moving away from Google (as they are an Ad and data company) but regardless - neither of those two people use the gmail / google apps on their iPhones so it wouldn’t affect them at all. I moved from gmail years ago as part of a move to distance myself from Google due to the lack of regulation on their business and the fact as the other two said - they’re an Ad company - they make money from information about you - you are literally selling out when using them. Obviously not everyone will agree with me and that’s fine, but that’s my state of play. (I work in Software / Platform Engineering & Security)
I probably would, but only because I have managed to keep my reliance on Google's services to things that follow open protocols, don't use Facebook, and have far too many eggs in the "Apple" basket.
Most people in my bubble - me included - stopped using Facebook a while ago. Some deleted their accounts, most didn’t.
A few are trying to eliminate WhatsApp.
Big fan of Apple products and privacy in general, but this was a really dumb move and to what end? This effort has done some serious damage to the relationships of the companies and caused needless divide. Google and Facebook should have been given a reasonable amount of time to remove the software and/or been denied renewal of their signing certs.
I think developers should be able to distribute their apps outside of the App Store if they want, just like on macOS and Android, but Apple is allowed to have this much control because the iPhone doesn't represent the majority of the market, so they aren't as subject to monopoly/antitrust stuff.
I can still hope that Apple will open up their mobile platform further, one day.