The Apple developer fee has little effect on malicious submissions, what it effectively does is preventing free (open source) software. You aren’t significantly safer, you are merely paying for software that would otherwise be available for free. Note that Google also has a developer fee for the Chrome Web Store, far more moderate however.
What helps is consistent human review, like Mozilla used to have it. But Google established that automated review should be enough, so there you are.
Peer review is the ultimate system here. Agreed so much.
Whats just so frigging sad is that Google rewrote the rules of extensions to require very static capabilities- they broke all the user scripting systems & broke so many interesting systems- because they said they want to secure the users. But the oversight & review has never been that great.
And ultimately, they are just not able to function as both an app store and a critical in depth reviewer. The roles conflict. They can't both make available and tell the truth. It's really the role of peers to really help surface & explain the depths of what extensions do.
> The App Store is full of scam, misleading, data stealing apps.
It’s not. There are certainly apps like that in there, and Apple should certainly be doing a better job removing them, but it’s simply not true that it’s full of them.
Why must everything be taken to such an extreme? It’s okay to tell people that it’s not as good as it’s cracked up to be without exaggerating things like this.
> After I pay $99 for the subscription and share 30% of my revenue, I'm also expected to provide free work for a ~$3 trillion company.
Congrats! If you’re giving them 30% it means you must be earning over a million dollars a year through the App Store. People earning less than that only pay 15%.
Do an experiment: pick one category of apps, whatever category, and look at the top 10-20 apps in that category. Half of them will have misleading data disclosure (as in, they say they don't gather user data or don't track users, when in fact they do), fake reviews (easy to spot 5-star reviews with same/similar text), don't actually have the advertised functionality etc.
The same with search: do a keyword search on the App Store and see how many results actually match the query and how many are ads.
This is not just my opinion - it's fairly easy to find multiple security researchers documenting these cases.
I have spent countless hours (if not days) reporting apps to Apple - basically doing free work - when Apple touts their App Store security and review process.
Also, the parent comment I replied to mentioned the developer fees that make the App Store safer for users - that is what Apple marketing wants us to believe, the reality is very different though (and I say that with a heavy heart, as an iOS/macOS developer).
Apple could and should do better and, until they do, they have no right to pretend the App Store is safe.
I used Charles proxy (basically a "man-in-the-middle") to monitor the network requests and the data transmitted.
Also, some iOS apps support running on an Apple Silicon Mac (with M1/2) and, in a similar fashion, one can use various apps to block or inspect the network traffic.
Yes, it's a bit more work - hence my complaint about doing free work for a ~$3 trillion company - but I like to know what data the apps I'm running are sending home.
I know I'm a bit paranoid but hey, we all have issues, right ...right? :)
A million dollars in revenue (well, $700,000, right?) is a meaningless number in isolation. You have no idea what their costs are. For one thing, there’s the cost of search ads on the App Store, which you have to buy or else searches for your own app name will have your richest competitor on top. Thanks Apple. That’s courage.
As the developer - disclosure - of AKME, an iOS app that uses the OpenAI API, in a fairly private manner, I also noticed the myriad of apps that use misleading descriptions (as in, advertising the use of GPT-4, when, in fact, they use GPT-3.5 - ask me how I know), or don't actually use OpenAI at all (again, ask me how I know), buy reviews etc and charge user exorbitantly priced subscriptions.
Part of the generated profits are then invested in Search Ads, which pushes them to the top and trick more users into downloading ...rinse and repeat.
I made sure my app has no tracking, users that have an OpenAI account can use their own API key (via a Bring-Your-Own-Key model) while those that don't have one can buy in-app tokens (if I may say, decently priced, taking into account the "Apple tax") while also investing a lot of work into crafting dedicated prompts to improve the quality of answers.
That'd be a smart criminal. This is a rare variety because a smart person has a better concept of consequences and better ways of making money than crime.
> ... a smart person has a better concept of consequences and better ways of making money than crime
There are so many examples of smart people disregarding the potential consequences to their actions, I would not know where to start.
Also, are you suggesting that someone with the brains and means to create an app and publish it in an store, will not fathom that their identity must be protected if they were to commit a crime?
You seem to think that all smart people are automatically successful, well-adjusted, moral people. You also seem to be implying that poverty or a failed life is the only incentive to commit crime, which again, is simply not true.
Intelligence is not a guarantee for success, mental health, or pretty much anything other than intelligence itself.
And motivations for crime include money, power, sex, clout, or just a straight up uncontrollable urge to do something.
And there's plenty of evidence of people who are clearly smart pulling off crime on a huge scale for decades without getting caught. As for evidence of the ones who haven't, well, you're not gonna find that information in public...
See Bernie Madoff, Jeffrey Epstein, several serial killers. Many of these have actually been IQ tested as well.
The only reason Madoff was caught was because of the 2008 financial crisis. Otherwise he could have kept running his ponzi scheme indefinitely. He completely played the SEC whenever they came sniffing.
I wouldn't say poverty or failed life is an incentive to commit crime?
> And motivations for crime include money, power, sex, clout, or just a straight up uncontrollable urge to do something.
A true scotsm... uhhh true smart person knows it's not required to commit crime to achieve success. Unless we are talking about some third countries like China or Russia. Actually for these two soon identity/cc theft may be the only way people can even have a developer account because accepting money from them would/should put Tim Cook in jail.
