All Apple has to do to fix this is allow sideloading. They don't need to change the App Store's rules—they can make them more stringent, actually—and you can set up your child's phone to block non-App-Store installations. Heck, Epic would probably cave and accept the cost to keep Fortnite in the App Store; they tried to go around Google Play, and it seemingly didn't work out.
The main reason I use an iPhone is that it doesn’t allow side loading out side of development applications and has a curated closed store.
I want an ecosystem that works and I can rely on including knowing that little to no one can side load a malicious application onto the device.
I’m also very well aware of the fact that while Apple scalps developers it’s also the reason why my devices get security updates for 6 years while Google can’t provide updates after 2.
Sorry but I'm not sure you understand how sideloading works on Android. You have to enable it explicitly for any app you want to sideload from (eg. your browser for a downloaded app, or an alternative app store like F-Droid). Afterwards, every app installation still needs to be manually approved and thus cannot be done hidden in the background. Seems pretty safe to me while still allowing more freedom to power users.
...and then a ton of apps decide "screw the app store, I'm going solo!" and people start enabling sideloading so they can try those apps, then sideloading becomes normalized and malware starts to spread without Apple having the ability to prevent it. Users who have issues with apps start hitting up Apple's support lines, and they start getting pissed off when Apple says "Sorry we can't help you, go talk to the developer. Not that we know who they are, and maybe you actually don't either, but either way you're on your own."
Plus, developers lose access to a lot of Apple's functionality, like the fact that XCode can upload LLVM bytecode so that Apple can re-optimize through new or updated LLVM backends to deliver optimized versions for new platforms, etc.
Suddenly, all the goodness that's "baked in" to the iPhone experience is gone, and the whole system starts looking like an inconsistent mess compared to the way it was before.
I wonder if some kind of hybrid approach would work; for example, a workflow like this:
1. Developers develop locally as usual
2. Developers upload to Apple via XCode as usual
3. Apple does its standard automated checks (private APIs, etc)
4. The developer can file for that app to be held "off the store"; this is rejected by Apple for some reasons (like private API usage, malware, etc.) but generally approved. Apps which do this likely lose access to some system APIs (e.g. iCloud storage, IAP) but it's a tradeoff.
5. The developer can now get an App Store link which they can give to users to find their app on the store. This is the only way to find the app; it doesn't appear in lists, search, "top paid", features, or anything of the sort.
6. Users get an app that isn't (overtly) malicious and won't definitely break in future OS updates, developers get the infrastructure benefits and automatic updates, Apple can wash their hands of any downstream issues because they know for certain that the user arrived via the developer and can make that clear to the user ("if you have problems, go talk to them. If they're misbehaving, come talk to us.")
This would make the value proposition for most developers pretty clear, but for huge entities like Epic or Microsoft, they can just bypass the system because people can come to them directly.
Is what you're describing common on Android though? Among the Android users I know, nobody seems to ever have installed an app outside of Google Play, and in my case there are only a handful of apps that I have installed outside of Google Play or F-Droid, and they are alpha quality FOSS apps that were only distributed from GitHub.
It's not clear to me that what you're describing is actually a problem that happens.
This isn't a problem on Android, at least from what I can see. IMO at the small scale the benefits of the play store (payment processing, discoverability, bandwidth, hosting) outweigh anything you could gain by offering your apk for direct download somewhere else.
Plus, even if you try to deploy malware you still need to get through the regular permission dialogs and other bits of Android security. I have no idea how easy/hard this is but I would be surprised if iOS performs substantially worse here.
You have situations where Samsung Store had a free subscription to the app Lifesum whilst the Play Store you have to pay.
In fact some of the apps could only be found on Samsung Store and it’s bundled in and from my recollection couldn’t be removed easily.
Some apps would even demand your contacts to start on Android to send to China, but on iOS wouldn’t because it’s a breach of the ToS to completely stop working with partial permissions.
I’m happy that the major mobile os is all about choice, but Apple shouldn’t follow in Googles fragmented, “let the user shoot themselves in the foot”-ways.
Would Apple become the most popular mobile os I’d hope they gave more freedom and fragmented the system but until then it’s the garden of eve that I feel comfortable with. I’m happy software companies for once gets some demands that cannot be rounded instead of this wild wild west.
I mean, that hasn’t been a terrible problem on macOS. Require doing a csrutil style procedure to disable code signing requirements, and that’d be enough to scare off 99 percent of people. By default, only allow App Store and Apple registered developers (or even just the App Store).
> You have to enable it explicitly for any app you want to sideload from
Problem is e.g. Facebook will immediately require side loading so they can install all manner of spyware that wouldn’t make it through the App Store’s vetting process.
No they won't. Facebook is in the Play Store on Android, and they used the Windows 10 Store up until they abandoned their desktop client. They want the largest user-base possible, which means they want finding and installing their app to be as frictionless as possible.
No mention of sideloading in that link, instead it mentions a Play Store and an App Store listing. It's almost as if there is a lot of dangerous crap in those stores as well...
I have conflicted feelings about "Facebook Research", but where I always end up is this: if citizens of a free society want to give away their data in exchange for a couple extra dollars a month, they should have that ability in a free society. People can and should be educated of the risks so they can make informed decisions, but trying to stop it is ultimately a fruitless errand (Even as Facebook is a pile a scum, don't misunderstand me.)
And it's all somewhat beside the point, isn't it? Facebook Research was usable on iOS. By the time Apple put an end to it, the backlash had become so significant that Facebook pulled the program from Android anyway.
This assumes that side-loaded applications have less restrictions than store apps. The same sandbox restrictions and permission prompts could be applied to a side-loaded app as a store app.
I have android devices too I know that all you need to do is tick a box, and there are apps on the Google Play Store that literally direct you to do that. Not to mention once that is a possibility the system is less secure, you btw can also side load apps without that tick box if you know what you are doing especially if developer options have been enabled.
When you're stuck being the "computer person" in a family, it means you need to manage things like people's laptops that have somehow associated .exe files with MS Word or a game suddenly starting in the background and making a bunch of noise on Android (I've dealt with these first-hand). There's a market for devices that give power users some access, but not so much they can cause problems. Right now, I somewhat selfishly suggest iPhones/iPads to family members, because they live near enough to Apple stores that I don't have to be the one supporting them, and that the devices are harder to put into a state where the unpredictable starts happening.
>When you're stuck being the "computer person" in a family, it means you need to manage things like people's laptops that have somehow associated .exe files with MS Word or a game suddenly starting in the background and making a bunch of noise on Android (I've dealt with these first-hand).
The things you can do with the phone are already more dangerous and hazardous than say, manually approved, developer-mode sideloading.
Following this logic, why is the phone even allowed to get phone calls from non-Apple approved numbers?, or mail from non-Apple approved email addresses?
Like at what point does this logic actually stop, because for someone who somehow manages to install malware after having to tap on some arcane menu seven times in a row every service on that phone is a minefield
Chromebooks also seem to fill this need fairly well—I know a lot of people in your situation choose them for family members. This appears to work despite the fact that you can unlock a Chromebook's bootloader and do whatever you like.
Presumably because app developers might choose not to go through the curated App Store route and in turn, cut corners or do shady things just because they can. Imagine if Tik Tok was only available to side load -- they'll scrape whatever they want/can and teens aren't going to risk FOMOing for that alone.
I don't think that would happen. You can sideload into Android but as far as I know no one sideloads Tik Tok, you just get it through the store. I'm not saying it can't happen, but I just don't see it as a reason for not owning a device that allows sideloading (unless you mean that one could oppose sideloading in principle and boycott devices that allow it?)
Well yeah, there's no current reason to sideload it because it's available on the store. But imagine they wanted to do something that Google wouldn't allow -- now they can do that thing and offer the app for sideloading only.
If the US ban reasons are valid and Google is forced to remove it from the store for those reasons, then sideloading TikTok would be this exact situation I'm describing.
--
Let me restate it like this. Company A wants access to iOS app market. Their app does X, Y, and Z. Z is frowned upon but X and Y are pretty valuable. In a world with no rules (i.e. sideloading), they'll do X, Y, and Z and consumers will have to put up with Z. In a world with rules (i.e. App Store), they will have to omit Z even though it's good for business because that's the only way they can do business in X and Y.
TikTok already scrapes whatever they want. How does Apple’s review process help?
Also, sideloading doesn’t necessarily mean there’s no access controls or permissions on iOS any more. Though Apple might have to step up security and fixore bugs.
I've been on the Internet a long time and can't say that closed stores have led to any kind of quality of experience improvement for me. the apple store is full of misleading, garbage apps trying to exploit people.
They can, if they exploit an iOS vulnerability, as has been done many times in the past. Is this so different from using vulnerabilities to bypass a permission prompt?
The problem with that is that it is all or nothing. The milder approach I had in mind was that apps require you to register an account outside the app (like amazon) but the purchase is initiated inside the app and outside Apple api.
At the beginning that will be easy to simply not register and not use games that require registration. But well, micro-transaction started that way and nowadays all the major player do it that way.
Platform like XCloud that bundle various games from various studio will be used, and that basically mean you have a single app in your iPhone that can download a variety of content, all outside the control of Apple.
I'm not an idiot, I will whitelist and use the tool available in said platform, but that's one more thing to care about. One problem for which Apple just worked for me and won't anymore.
If i'm not mistaken, Apple doesn't even have a "separate wallet" requirement like Consoles do where, if you have a cross-platform game with virtual currency, you have to keep currency purchases made on one platform separate from currency purchases made on competitor's platform - Eg. in Fortnite, purchasing $10 of VBucks on the Nintendo Switch means you have to spend those VBucks in the in-game store while on the Switch, you can't go to your PC and spend them or combine them with VBucks you've purchased from Epic directly.
Sure, I just don't think Epic has a very strong argument there. I mean, who knows what lawmakers will think, but if I was the one to decide, I would tell Epic tough luck.
Consumers can choose to side-step the Play Store with a few taps. iOS users would need to throw out their phones.
I don't think that Google has the same requirements as apple, vis a vis, all payments need to go through apple app store, which includes subscriptions or coin purchases.
