I'm dreading this. I want privacy hostile companies like Facebook to have to comply with the app store rules and respect system settings relating to privacy. As a user, I'm thrilled when Apple wields its big stick to stop big tech companies from overreaching. Before there was a bit of a compromise, I could use evil apps with some peace of mind that they wouldn't do something egregious. Now I suspect evil apps just won't be available in the App Store, or Apple will be forced to relax their control.
I'm the opposite, as looking at android, where do we see this? All big players are still in the play store, because the average user of those services doesn't want to be bothered going to a website, clicking scary looking buttons to enable third party installs, then manually update their own installed apps.
Basically the risk would be someone like TikTok dropping out of the store, but I find that unlikely. Maybe at the best they will have an "unrestricted" version with bonus features outside the app store. Visibility for indie apps is basically zero on the big platforms, but for the large players, being in the app store is actually important, at least for now, as users are used to going to the app store to search for software, and not just typing something into google.
The other thing is, these apps will still be sandboxed. Being available outside the store just means they can accept their own payments, they aren't going to have full system access to photos/contacts/files/etc. without explicit user permission, same as an app available via the app store.
> I'm the opposite, as looking at android, where do we see this?
1) Android hasn't made things as hard for malware vendors as Apple has, and
2) Android's not as lucrative a market as iOS
Those together mean incentives are significantly different, so we might not see the same behavior on iOS as we have on Android, from companies that are upset about not being able to to distribute as-effective malware as they'd prefer. Like Facebook.
> I'm the opposite, as looking at android, where do we see this?
For one, DJI drone software. It's available in the Apple store but you have to sideload it for Android. DJI isn't a small company, and there is quite a large professional market.
Edit: meant apple app store, not play store...fixed for clarity
It has been several years since I gave Android a try, but my experience was that the Android ecosystem (specifically the Google Play Store in the U.S.) was indeed much worse than iOS with apps distributing malware, destroying battery life and performance with background tasks, sending all your contacts off to their server, using push notifications for spam, etc. (To be clear, these things have also been problems on iOS, and my position continues to be that Apple should be even more restrictive about this stuff).
You already can side load apps. Just buy an Android device. I liken this to people who buy a house near an airport then lobby to get the airport closed because they do not like the noise. I bought into IOS because of the walled garden and without it some app that I would prefer to get through the sanctioned app store will now only be available by side loading.
Some things can be sandboxed in software, some things are only socially-enforceable. For example, look at Apple's requirement to list everything an app does with the user's data. It's impossible to enforce that in software and still have functioning apps (trivial example: an app's back-end sells every single request made to it to some third party), but Apple was able to enforce it anyway via App Store rejections
We already have an example of what Meta would do with sideloading: trick clueless users into installing highly invasive spyware that inspects every traffic going in and out of your device, even MITM-ing TLS connections.
They did this by abusing their enterprise certificate.
As much as I'd like the ability to sideload apps, abuse by commercial vendors is a very real concern. With a few exceptions, commercial software has proven itself to be untrustworthy with the growth of surveillance capitalism. I'd rather that sideloading be reserved for free software.
Google doesn't prevent Meta or TikTok or any other apps from spying on you, as long as they also get to spy on you. So they have no incentive to build a competing store.
Apple, on the other hand, limits what apps are allowed to do.
> Basically the risk would be someone like TikTok dropping out of the store, but I find that unlikely.
Maybe it's the other way around. I don't know the current legislative status of the attempts to ban TikTok, but the most realistic mechanism for doing so would involve banning it from app stores. By enabling sideloading, Apple would be enabling TikTok to circumvent such a ban.
Possibly this is preparation for TikTok being forced out of the store by the US government? But they'd still like to offer it, to avoid losing business to Android if that becomes the only platform with TikTok.
However the solution to overreaching unaccountable private cooperations cannot be to hand all the power to another private unaccountable company.
Apple is venturing into advertising and that'll tempt them to weaken privacy protections sooner or later.
Additionally their app store rules went far beyond enforcing security and privacy. They gave themselves an advantage and removed competitors for commercial reasons.
Given that the mobile market is pretty much a duopoly in Europe there were two (political) realistic alternatives:
- Regulate tightly what apple/google are allowed to do with their stores (e.g. like a common carrier)
- force them to give customers a choice by allowing side loading.
The elected EU legislative took some points from both approaches AFTER the free market failed to implement a meaningful competition for central app stores.
> the free market failed to implement a meaningful competition for central app stores.
I don't want every component of my phone OS broken apart and subject to what some legislator or lobbyist thinks is 'competition'. The competition is between Apple and Google making mobile platforms and we already had a choice.
I chose Apple's approach after a few years with Google. I miss the headphone jack, but having no tacky tracky shit shovelled throughout the OS is nice.
> Apple is venturing into advertising and that'll tempt them to weaken privacy protections sooner or later.
I hope they never become this short-sighted. I buy Apple primarily because I believe that they protect my privacy—or at least that they do a better job of it than everyone else.
> They gave themselves an advantage and removed competitors for commercial reasons.
Which competitor has been “removed”?
> Regulate tightly what apple/google are allowed to do with their stores (e.g. like a common carrier)
So there shouldn’t be any rules are quality controls on what should be allowed?
> The elected EU legislative took some points from both approaches AFTER the free market failed to implement a meaningful competition for central app stores.
Yes, the EU is the model of smart regulations when it comes to tech. That’s the reason that it has such a thriving tech ecosystem.
> However the solution to overreaching unaccountable private cooperations cannot be to hand all the power to another private unaccountable company.
Another way of thinking about this is what we're taking this so-called overreaching, unaccountable private corporate power from one company and giving many companies that same power.
> The elected EU legislative took some points from both approaches AFTER the free market failed to implement a meaningful competition for central app stores.
You are presenting both Android and iOS, and default app stores for each platform as a duopoly, which is a mistake, because on Android you can already install third-party app stores. The mobile OS landscape is a duopoly, but there are many app stores across both platforms so is is not really a duopoly, it's just that the Google Play Store and App Store on iOS are superior products (particularly the iOS App Store).
On the OS side I think instead of premature legislation and stagnation we should let things just play out. It's a mistake to assume that because the state of the world is X today that it'll always be X. You can't have instantaneous change. It also might just be the economic reality that having just a couple of operating systems is the best for consumers and the market.
I don't see a reality where companies like Facebook or Snapchat start distributing their applications outside the App Store. Maybe we see something where e.g. Facebook tries to spin up their own App Store, for them and anyone else who wants to join, but I would bet every dollar I have that this would simply be a failed venture. Because ultimately most people think, intentionally or not, like you do: Apps come from the App Store. Leaving would be suicide.
The company to watch is Epic Games. If they have the opportunity to bring a new gaming-focused App Store to iOS, to get Fortnite and other games back on the platform: I think they'll take it, and its possible it will do rather well. Giving game devs a distribution channel with a far lower cut of revenue is tempting, and may open the door to higher quality games on mobile. That could pivot to companies like Facebook distributing Instagram through something like the EGS for iOS; but again, I wouldn't bet on it.
Three industries will be massively benefited by this change: Gaming, Gambling, and Porn.
You're dreading giving other people the freedom to make one choice, and yourself the freedom to make a different choice (yours being the default option from the factory btw), and everyone gets the privacy/control tradeoff they want?
Meta makes the Facebook app. Currently, the only way to get the Facebook app on iOS is through Apple's App Store. Which means Meta has to follow all of Apple's guidelines.
Once sideloading is allowed, Meta can make a version of their app that does not follow Apple's guidelines.
Now, they can maintain two apps, but last time I checked, the cost of maintaining one app was lower than the cost of maintaining two.
Eventually, the App Store version will no longer work with Facebook's API. Or the iOS version, or a third thing. There will only be the sideloaded option.
I don't have the freedom to choose the version of the app I want. And now I can't actually trust any of the apps out there because none of them are required to follow any of Apple's guidelines.
Software isn't fungible and right now today you have the ability to install facebook with app store restrictions on iOS and without on Android. If FB pulls from the app store that choice is taken away.
> You're dreading giving other people the freedom to make one choice
Users made this choice when they bought an Apple product in the first place. Everybody knows well in advance that this is the current state of things, that is a well-informed choice by the end user.
I agree, and the idea of a sideload-able iOS makes me very uneasy. I like the idea of Apple aligning itself with the user to protect me and, more importantly, my tech-unsavvy friends and family, from scams, data-hoarding apps, and just generally crappy software. I don't mind that they take a portion of revenue in return for providing that platform (30% feels too much, but you can't argue that it should be zero).
Unfortunately, in practice, Apple have proven to be entirely incompetent at achieving that protection. The App Store is 90%+ garbage and scams. It's completely unusable for any form of discovery. Even when you know exactly what app you're looking for, you have to wade through copycats, typo squatters, and even paid adverts trying to distract you from your search.
Sideloading is full of risks, and I don't love it. But it's at least a little bit of competition to push Apple towards make the App Store useful again.
> Sideloading is full of risks, and I don't love it. But it's at least a little bit of competition to push Apple towards make the App Store useful again.
As someone who develops for the platform, I tend to agree, I'll probably never distribute apps with sideloading, but I think ultimately it's a good thing. I'd also be happy if it attracts more interest and developers to the platform who were previously turned off by the App Store process and Apple Tax.
I also build for macOS, which has always allowed sideloading and don't see any major issues with it there.
Why is everyone so worried that Facebook, etc. will pull out of the App Store and require sideloading on iOS just because it'll be possible, when they haven't pulled out of the Play Store or required sideloading on Android where that's already been possible all along?
It's a talking point. I'm sorry that it is negative and it might not fair to the parent commenter, but it's obvious bs. It is a propaganda point that was placed somehow into the discussion and gets repeated again and again. In no world does it make any sense that an app like FB would not try to be in every big store, but here we are, having that "concern" repeated under every Apple sideloading discussion.
Propaganda is fucking awesome in how effective it can be. And equally dangerous.
> when they haven't pulled out of the Play Store or required sideloading on Android where that's already been possible all along?
Has Android restricted spying as much as iOS has? I seem to recall Facebook freaking out pretty hard about iOS policy changes around tracking and blaming that for some serious revenue shortfalls, a while back, and have no such recollection about Android, but maybe I just missed it.
Because Facebook announced publicly that Apple's privacy policy changes would cost them $10 billion[0], putting them on the record as having strong motive to avoid the App Store.
I don't think Apple will diminish their control on the App Store requirement, it's too much of a selling point to them. In fact I hope they keep their requirements the same, and I'm quite happy to see sideloading becoming a thing. More choice is nice.
I'd be so happy to see F-Droid venturing on the iOS side, and distribute open-source apps you can trust that would otherwise not be available on the App Store (emulators, third-party YouTube clients, an actual Mozilla Firefox browser using its own rendering engine, etc).
The only reason I am using an Android phone and not an iOS one is because of F-Droid to install the open-source app I like and need. I would definitely switch to iOS if I could have this freedom there.
I hate that with Android I trust that Google will at some point succeed with a dark pattern in letting me agree to siphon my data without my real agreement.
TBH I'm hoping Apple will use this to actually improve the app store's position and security, get rid of all the garbage spam apps, fake clone games and whatnot. But I doubt they will, given they make a ton of money off the scam subscription apps.
This seems like the wrong target. A better solution might be to break the monopoly control that platform operators like Apple and Google have and impose proper laws and regulations to fight abusive behaviours by app developers (and the platform operators, if necessary).
Even if this set of changes is coming out of the EU and the chances of getting good tech regulation any time soon might not be high it's probably still better than having all of the safeguards for millions of people using a platform depending only on the whims of companies like Apple, whose track record on user-hostile behaviours and issues like privacy has no shortage of concerning events.
Exactly. Recently there was a big drama by the US where they summoned TikTok app's management to answer questions publicly in a Congressional hearing. International media were commenting how America is getting ready to ban TikTok because of privacy concerns that allegedly even allowed spying.
None of the major media in the USA even suggested that a strong data privacy act, and a general privacy regulation, could fix this for every app and be a better long-term solution.
Stop installing "evil apps" and stop believing Apple actually cares about you. Cheering for a corporation to control what you can and can't install on your phone is gross.
App Store review was not stopping evil/scam apps, though. I would expect the system privacy APIs to clamp down on the worst of it (even Facebook can't violate your privacy if it can't identify your device, or access its contents or location).
Normal users don't sideload on Android. Even the (objectively easy) steps for enabling it there are too much for the average user. Why do you think this would be any different?
> I want privacy hostile companies like Facebook to have to comply with the app store rules and respect system settings relating to privacy. As a user, I'm thrilled when Apple wields its big stick to stop big tech companies from overreaching.
> I want privacy hostile companies like Facebook to have to comply with the app store rules and respect system settings relating to privacy.
Just as a general reminder, I heavily recommend that you not install Facebook on your phone even if you have an iPhone. There are good things Apple is doing with enforcing privacy controls, the controls aren't useless, but there are still loopholes: https://arstechnica.com/information-technology/2022/04/a-yea...
To provide a counter silver-lining to the concerns here, I'm hoping that if iOS gets sideloading that maybe apps like NewPipe could start becoming more commonly available for iOS users.
Right now, iOS is sort of stuck in this middle ground where Apple does legitimately do some excellent work reducing the privileges of apps, but also... you still have to use those apps if you want access to the services. It would be good to see more unofficial clients for some of these services like NewPipe or Twire get better support like they have on Android. I'm not knocking Apple here, they're trying to hit a middle ground between accessibility and privacy, but I don't want people thinking that the iOS version of Facebook isn't still tracking them. It's (hopefully) tracking less than it would on Android, but it's still tracking.
Has everyone forgotten that bit where Facebook sent representatives out to college campuses and paid students twenty bucks to install their VPN app (distributed via Apple's beta or testflight or whatever)?
Apps like Instagram are popular enough that, if Meta wants to move them to their own app store (possibly incentivized via exclusive new features), people _will_ follow. And the VPN thing shows that there's no depths to the level of trickery and and violation of privacy that they will indulge in.
You're phrasing that as though paid market research is on the order of living through war. If we don't all remember that continuously in the context of how dangerous app installs are, it might not be warranted.
I kinda like being able to install open source software without agreeing to anyone's terms of service. I'm typing this from an open source browser going through an open source firewall that blocks trackers which both came from an app store that I contributed to, for example. That's a lot more benefit than letting a bigcorp from another continent with a very different culture decide the rules about everything you can do with every unit sold.
There are paths where you can prohibit businesses you deem evil from paying people to study their lives that don't involve letting your device's content rules be set by an undemocratic and profit-oriented company.
It's the OS that enforces privacy and security, not the App Store. They won't be able to do much more than they can now.
Besides, they'll stay on the App Store just like they are still on the Google Play Store on Android where side loading has been possible since version 1.0.
Same. I wish all laptops and all electronics gadgets are totally locked down and only cozintrollable by the manufacturer. Like Lenovo laptop, should only have apps from Lenovo store. I would also say we should have only one editor. I don't see point of many. Like you, i am filled with dread about multiple choices!
Edit: just thought of an idea. Maybe each ISP can provide a store and we can only install from those into our devices. After all, we trust ISP already
In response to Facebook or WhatsApp requiring side-loading, one might remark:
> "Just don't use services provided by Meta"
There are insurmountable network effects.
For example, I must keep WhatsApp on my phone if I want to know when child's swim practice is moved/canceled/etc. There is only one swim team in the area. Getting other parents to use Signal ain't happening unless the head coach requires it. The head coach isn't moving to Signal unless parents already use it. Moreover, I'm a coach, so I have more say/power over this than typical.
Of course, I could always force my kid to find another after school activity... or, I can buy an iPhone. At least with an iPhone I can deny Meta access to my Contacts, which it incessantly requests.
This is just one concrete example. There are plenty of organizations land-locked to Facebook for the same reasons; dropping Facebook is tantamount to collapsing the community they built.
For me, checking the monopoly power of Meta by using an iPhone
is the least worst option. At least Apple has interests that are partially aligned with mine... as they want me to buy my next mobile device from them.
Apple (and Google) blocks all sorts of apps from their stores that even though legal in nature are not allowed for some arbitrary reason that helps their bottomline. E.g. things like gambling, crypto, adult etc are all blocked. On Android you have the choice to side load them on iOS you can't. For this reason alone allowing sideloading will be a generally good thing.
For the average user there will be zero impact and for the power users who wants to still to Apple's guidelines no one is forcing them to install anything they don't want to. If its any similar to Android it will take quite a few clicks to allow the installation which deters the average user from installing unwanted stuff.
How does blocking gambling, crypto, and adult content help their bottom line? Seems to me like these would be a lucrative source of income if they allowed them on the store.
The risk to the average user is that an app they want is removed from the App Store and only available via sideloaidng.
You do realize that the sandbox won’t seize to exist, right? Apple does jackshit at censoring the App Store, they run some routine checks on the code and disallow upload if it has “porn” in the title, the real security is the sandbox.
No such thing really happened on Android. Facebook is still there.
But the opposite happened , apps were pushed out from the Store and if you are using iOS you are screwed but on Android you could decide to take the risk and side load the app from the official website. I just had to do this, I installed solar panels and they are made by Huawei, thx to USA-China wars , Huawei apps are no longer in google Play and Huawei phones do not contain Google Play support anymore (or last time I checked)
The extent to which Apple has hammered the idea that any sort of freedom is unconditionally dangerous and undesirable into its users' heads is legitimately impressive.
To support sideloading do they have to "Relax control" though?
I think the fear is "sideloaded apps can do bad things" and my answer is make the OS better and more clearly manage bad things?
What are the bad things we imagine a sideloaded app could do? Like it still has to follow the platform APIs right? It would have to ask for perms? Sure, it could have egregious tracking or spam, or hostile ads, but app store apps already have this??
The risk of big companies like Meta requiring users to sideload in order to use their service. To me the answer is obvious: don't use services provided by Meta. They can choose to race to the bottom all they want. I welcome the freedom to use my phone the way I want to.
If bad actors choose to misbehave don't blame the medium they're misbehaving on. This line of thinking is similar to negotiating with terrorists.
What? The most meaningful privacy controls are enforced at the OS layer as technical controls. The thing that prevents Facebook from accessing all your contacts is the design of iOS, not the App Store.
Allowing sideloading of apps does nothing to weaken the technical features meant to enable privacy and security that are already in place.
In fact, you shouldn't have been relying on the App Store in the first place, as malware/spyware can and does slip through their very human and very fallible approval process.
This talking point is so common in every thread about sideloading Apple devices that I can't determine whether it's propaganda or ignorance.
I think Apple may not have a choice. This is a move that will leave Apple free (or freer) of liability in various situations. For example, Apple is no longer liable if you sideload an app that is outlawed by your locality, and Apple removing apps from the App Store for violating App Store TOS can no longer be as strongly framed in a censorship debate.
I'm looking forward to it because quite a few apps that feature adult content can exist on iOS now and not have to be clunky web apps.
> The setting that Facebook hates and evidently bet the whole company on - "Ask App Not To Track" - probably wouldn't go away for sideloaded apps.
Apple phrased that as peculiarly as they did for several reasons. "Ask App Not To Track" is not "Force App Not To Track", it relies a lot on self-disclosure from apps and some discovery from App Store testing cycles and apps already currently lie about it and things are missed in App Store certification.
There's less reason for self-disclosure by sideloaded apps and no certification process to spot-check such self-disclosures even if a sideloaded app provided them.
"Ask App Not To Track" does feel like a vulnerable tool if sideloading is allowed and certain major apps create pressure to encourage average users to sideload some common apps.
Whether or not you are looking forward to capabilities that sideloading would grant, it is fair to lament the possible loss of how good "Ask App Not To Track" has been so far and assume it will get worse in a sideloading world.
> I'm thrilled when Apple wields its big stick to stop big tech companies from overreaching.
If Apple did just that, it would have been ok. But they didn't stop at that - they decided to do the very same thing that Google, Meta, Amazon, Microsoft etc. - after partially preventing their competitors from getting hand on some data they started to deliberately invade our privacy and collect as much of our personal data as they can to mine it. They self-appointed and forced themselves to be our conservatorship ( https://medium.com/@tonytyre9/what-is-conservatorship-legal-... ) because we have all been judged too stupid to manage it ourself. And like any abusive conservatorship they also exploit us.
None of this affects you whatsoever. Just don't use a sideloaded apps. I don't see why this would bother you in any way.
Personally if Apple finally allows me to install whatever I want on my phones then I may return to their phones. Until then, I will use Android since I can download and install any .apk I want on my device.
> None of this affects you whatsoever. Just don't use a sideloaded apps. I don't see why this would bother you in any way.
That's unfortunately wrong.
Say you use WhatsApp to keep in touch with your friends. Say Facebook pulls WhatsApp from the app store and makes it only available via side-loading. What do you do? You have to decide between trying to move everyone you know off of WhatsApp, or you side-load.
Apple is only trying to open up how the apps can be distributed to the phone. It’s not removing restrictions around how an app tuns on the phone. From what I guess (reading around so far) these apps might as well have it tougher because the sandbox for these could be more restrictive.
However there could be things like — e.g. TrueCaller might refuse to work without contact permission and call log etc (just like on Android; on iOS it works just fine) but when side-loaded these could demand all those permissions to run. Well that is something we may have to see how such changes pan out.
This reminds me of the "protections" real estate agents provide by taking a "meager" 5% commission on a home sale. Right now it seems practically impossible to sell a house without the involvement of an agency. I wish we could get rid of these overpaid middle men for filling out a bunch of forms and taking zero risk.
I feel what Apple is doing is taking 30% of what you pay to e.g. Spotify as a middle man because they made the device and can dictate whatever terms they please. How are people ok with this is beyond me.
> I'm dreading this. I want privacy hostile companies like Facebook to have to comply with the app store rules
I can't honestly understand this argument.
Are you afraid of yourself?
If you don't trust Facebook, don't install their app.
App store or not, nothing changes, what the app is allowed to do is the exact same thing, they're asking for the exact same permissions, that you can grant or not on a per app/per permission basis.
End of the story.
But if I want to install an app that I completely trust, because I know the developer or I have developed it myself, I can't install it now.
They're got going to have such mainstream apps only available by sideloading. Not enough people do it. See how few people actually use this on Android. It's way too complex and scary for Joe Soap and Facebook won't want to lose all of them.
The only big player I can imagine doing this is TikTok if they really get banned, they'll still lose a ton of users though.
It's a great thing for the ecosystem because at least those who want to sideload can do it.
They could allow side loaded apps with the same notarization requirements as Mac apps. This could prevent the proliferation of outright malware. Even side loaded apps are still subject to the iOS app sandbox. The permissions APIs could still be enforced too. Done correctly, this could be like current side loading but without the need for a developer certificate to make apps last more than 7 days.
I'm less worried about the large companies than the scammers. If we look at Android, the big name apps will stay in the OEM app store and the scammers will trick the young and old into installing their janky app from an untrusted source. Hopefully Apple will have a setting in parental controls that prevents side loading.
I agree with you and I hate that you are being downvoted.
People love to say this is about choice for the consumer but it really is not going to be.
My fear is that the choice will be taken away from my by companies that are no longer able to engage in shady behavior on iOS. Things like trying to collect all my data, forcing me into their billing system, shady subscriptions (like how I can cancel or reminders of it being about to charge).
The Facebooks, TikTok, etc know that many of their users are addicted to their platform and it would not be a stretch for them to push users to download the app through a third party service. I could even see them going so far as to not be on the official store because they know they have the name recognition.
Facebook could even make their own store for other apps that don't want to respect my privacy.
This is a huge concern of mine that this could be a trend that starts small but overtime I no longer have the choice to avoid these alternate stores or to side load to be able to continue to get the full use out of my phone.
Choice is great, but this is giving the choice to developers not consumers.
This doesn't mean that Apple's solution is perfect, but just opening up the flood gates is not the solution either. If you really want to side load get an Android phone.
You can never assume that one company represents your interests better than another: the solution to reducing addictive patterns is to enable other developers to build more privacy-oriented and dark-pattern-busting apps (one sec is a good example of this).
Apple makes certain aspects of the phone addictive as well (i.e. the app tray that can't be disabled, Screen Time is a joke for actually trying to restrict how much time is spent on apps, etc.), and the lack of 3rd party APIs to modify the addictive behavior makes it difficult to control.
The easiest way to reduce addiction to devices is design UX roadblocks that prevent seamless, mindless interaction with the device, and the "digital drug" providers are never going to willingly build that themselves.
>...this could be a trend that starts small but overtime I no longer have the choice to avoid these alternate stores...
You wouldn't lose that choice. Want only Apple-vetted apps? Only use their App Store. Easy. Maybe I'm misunderstanding, but you seem to be saying: 'evil facebook will harvest more data, but I want to keep using evil facebook'. Maybe the conclusion you need to reach is that you should stop using facebook (and the like)?
Think about it this way: any app that refuses to go through Apple's store is telling you that you're not a customer they want. If Facebook makes that choice, it's a great time to give up Facebook!
Maybe it's just me, but I'd rather have my government defending my (and most citizen's) interests (with laws such as GDPR) rather than a private company's rules which, as evidenced by this article's existence, have pretty big "collateral damage".
>I want privacy hostile companies like Facebook to have to comply with the app store rules and respect system settings relating to privacy.
How about you spend 10 minutes looking at what Apple is actually doing and realize they are just as if not more "privacy hostile" as Facebook/Google/etc. They've been on a hiring spree since they announced their "privacy" update in 2020 to build out their own Ad Tech/DSP/Self Service Ad Platform.
Yeah - Apple was pulling a monopolistic move and kneecapping their competition for profits sake. They realized "Hey, we can kneecap these guys and in the near future profit billions like they did with our own ad network".
> they are just as if not more "privacy hostile" as Facebook/Google/etc
You're going to have to back that up. Apple is degrading their privacy value prop for sure, but show me their Cambridge Analytica or their "Incognito mode" that still ties web activity back to user identity.
> How is this good for privacy?
That's a straw man. It is possible to believe that 1) Apple is curbing the worst excesses of abusers like Facebook, AND ALSO 2) Apple is making some mistakes that weaken their own privacy story.
> Apple was pulling a monopolistic move and kneecapping their competition for profits sake.
This is a recurring theme on HN and I find it so strange. Are we really supposed to form opinions on what we imagine faceless committees motives are, rather than the actual corporate actions?
I honestly don't care why Facebook does the things they do. My opinion would not change if it turned out it was from the most noble and altruistic motives. Just like I'll judge Apple for what they do. I don't think it's fruitful to argue about whether individual people are a "good person" or "bad person", and it's even less meaningful for giant multinationals.
> Historically, Apple execs including Tim Cook and Craig Federighi have staunchly opposed sideloading citing privacy and security reasons.
Which is funny to me, because after flipping through the App Store for an email client, I found, on this heavily curated storefront, a single digit number of apps I would trust with my email credentials. Android, with it's option to "sideload" F-Droid, gives me dramatically more options that I trust.
Security and trust do not require locking me out of my own hardware.
Apps you trust is a really poor security mechanism for the general public.
The Apple App Store is a dumpster fire, but there is a perfectly reasonable argument for locking down a device you’re handing to family members who aren’t security conscious.
I don't personally know a single person outside of developers that have side loaded apps on Android. Maybe I am an anomaly, but it just seems very rare.
Developers don't get paid for information, ads, user data, or per-install / purchase on F-Droid. As a very general rule, apps are uploaded to F-Droid because people made something fun or helpful, and they want to share. Their incentives ("I made something fun!") align with my incentives ("I want something made by a dev that can at least pretend to give a shit about the user"). Apps are not inherently user-hostile, or made for an ulterior motive.
Proprietary app stores are... nearly as much of an exact opposite I can think of, regardless of who sponsors them; Microsoft, Amazon, Google, or Apple, devs are putting apps there to get paid. Sometimes it's user data, sometimes it's "Free" with in-app purchases pushed by dark patterns, sometimes it's to push for consumer lock-in, and sometimes it's straight up malware, like most flashlight and cleaner apps on Google Play. Regardless, the incentives don't align, and that is what I'm on about when I use the word trust here.
People don't like it when a UX change is made by and for the company that just so happens to screw lots of users, or break or slow their usage. That's exceedingly rare on apps made by devs in the first category, and depressingly common for the latter group.
For me, it's where the apps send the credentials or usage information off to.
Most apps in the iOS App Store are chock full of spyware that reports on everything you do in the app. Many of the Apple system apps function the same way too (even with analytics disabled).
The problem is that most of the mainstream apps will not be in F-Droid et al. when they are the ones which should be in there.
We lose all transparency for the big players. Meta does not want us to know precisely how much it collects data.
If they can start somehow avoid Apples privacy restrictions and reduce transparency with side loading, they will do it.
There isn’t really problem with the lack of sideloading in iOS.
It is just that costly developer licence and strict requiremets of App store to increase the quality of the apps.
Sideloading just makes it easier to install lower quality software and some random oss projects where maintainers do not have either Apple’s licence or time to maintain app store releases.
Of course, there is the payment fee but that is another story.
What happens when the apps which used to be available on the app store get taken down and made sideload-only, like what Epic did with Fortnite on Android?
If you don't want to sideload, then don't. If companies don't want to be on the platform app store anymore, it's not the end of the world. I ran a windows phone for several years; if there's no app for something, there's usually a website, and Safari is loads more usable than mobile IE or mobile Edge; so you're fine for the most part.
Yeah, you might lose out on playing FPS games on your phone, but is that really a loss?
Epic pulled Fortnite from Google Play Store in 2018 because they wanted to keep more of Google's 30% share and they were back in 18 months because most people aren't that determined to get an app outside of the official app store.
Any company pulling their apps from the App Store must have a pretty good reason to do so, because they're gonna be decimating their download numbers.
I hope Epic does this for the Bandcamp store on iOS (Epic bought Bandcamp recently). The iOS app disallows the purchasing of digital music, but if they can get around the App Store policies then I can purchase digital music from the app without needing to go to the mobile site.
The same thing that happened before: you either chose to install it and side-load it or you don't. Side-loading is something that only a very marginal minority of people do. I don't understand the fearmongering.
Anyway when you sideload an app on an Android phone, the APK is scanned to check if it's secure to install.
Permission wise, nothing changes.
Policy wise, it means no Apple tax and maybe some publisher will be able to cut prices, to the users' benefit.
As dumb as it sounds, I'd buy a second phone for side loading things if I needed to use enough of those apps. Before side loading on my personal phone, I'd want enough real world time to pass to make sure it's not easy to find vulnerabilities that lead to a complete compromise by side loading (they will be found, but it needs to be "zero-click text message for root" levels of rarity).
I look forward to this, not for potentially sketchy third party apps but for my own apps. My phone is the computer, camera, etc. that I always carry with me and I'd like to be able to write my own apps, both for experimenting and for my utility. Just sideload them, no developer program, no yearly license fees, write in languages of my choice, have a VM on my phone if I want.
If nothing else, imagine your own AI assistant that you know respects your privacy because it only communicates with your home server, or fits completely on your phone.
That would still require Apple to open the various APIs. Even though we will be able to sideload apps, it dosent necessarily grant us access to everything we need to compete with let's say Siri (not from a technical standpoint, but from an integration perspective)
> 7. The gatekeeper shall allow providers of services and providers of hardware, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same hardware and software features accessed or controlled via the operating system or virtual assistant listed in the designation decision pursuant to Article 3(9) as are available to services or hardware provided by the gatekeeper. Furthermore, the gatekeeper shall allow business users and alternative providers of services provided together with, or in support of, core platform services, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same operating system, hardware or software features, regardless of whether those features are part of the operating system, as are available to, or used by, that gatekeeper when providing such services.
If you have a free developer account then you need to redeploy the app to your phone every 7 days. You can only add up to 3 devices to your free account, and there's no way to remove them without paying (at least that I could see when I let my subscription lapse), so good luck if you replace your phone too many times or try to share an app with a family member or friend.
It's not impossible, and perhaps it's easy if you've already hit all the pitfalls and know where they are, but I would not describe it as easy.
Having "side loading" -- also known as regular app installation on non-phone platforms -- hasn't caused chaos on desktop platforms or android. No reason to think it will on iOS either.
I beg to differ. How many windows machines were infected in the early 2000's? Would bot-nets exist if Windows had a strict app store back then?
Now: I will agree that freedom to install any software on desktops has been wonderful, and I hope it remains, but I wouldn't say it hasn't caused chaos.
> How many windows machines were infected in the early 2000's?
Great Scott. If you haven't looked at a calendar recently, its not 2001 anymore. The industry has spent the past 23 years improving the security of basically everything. Isolation is better. Filesystem security is better. Anti-virus is better. Browsers are more secure. Everything is more secure. Malware is still around. Its harder and harder for it to cause real damage, unless the user clicks past thirty five warnings.
> How many windows machines were infected in the early 2000's?
Yeah, that's a very bad analogy, it wasn't about side loading, even assuming that MS was able to vet every application out there, which nobody was technologically or had the resources to or wanted to, the infrastructure wasn't there, the OS security was worse than today and based on different assumptions entirely, the responsibility is still in the hands of the user, and, most of all, with good reason users pushed back on the all TPM/Trusted Computing thing.
So they did not want that feature and voted with their money, until they could not vote anymore, because smartphone ruined it for everyone except Google and Apple.
edit:
besides (obviously) RMS [1] being right and opposing to TC/TPM, this BBC article from 2005 [2] summarizes what even users there were not particularly tech savy thought about the topic
A couple of significant quotes
computing base is also used to make digital rights management systems more secure, this will give content providers a lot more control over what we can do with music, movies and books that we have bought from them
We need to ensure that trusted computing remains under the control of the users and is not used to take away the freedoms we enjoy today
Windows had absolutely ZERO security at the time though, appstore or not you could just go into the System32 directory and delete everything. I don't see how any appstore would have solved that, malware would have spread equally with such a poor security model.
Well, my first computer was a Commodore PET, so I was there before, during, and after. Don't you think iOS with "side loading" would be more like MacOS in 2023 than Windows 98?
On the other hand, you can install 3rd party firewalls, virus scanners and more on windows. That also means you can install programs to know what microsoft is doing with your comptuer, and protect yourself.
Currently there is no way on ios to know what an app is really doing, and what it is sending where.
And iOS could by an iMessage [0]. OS bugs are OS bugs. On Windows, non-administrator accounts and GPO restrictions are the way to go, in an enterprise environment.
I can't wait when Apple will stop being a little childish brat about "What obscure rule does this application break and I am not allowed to publish?" when I will have the ability to publish on competing app store and tell Apple to GFY.
Apple users should also rejoice, because browsers coming to iOS will finally support full PWA functionality and Safari will either support all the features as well (not the current neutered one) or it will disappear into obscurity.
From my perspective I just need a PWA browser with working WebBLE API or Apple stop having set of obscure unpublished rules. I am betting that I will get working PWA sooner than Apple will stop being Apple.
This is my plan, I'm super excited about this change.
I plan to sideload exactly 0 non-play-store apps except maybe dolphin or similar big-name open source things.
I DO plan to sideload two apps of my own (currently web apps but they suffer for being so, as opposed to being native), and while I know apple has given some ways previously to let you have "private" apps etc, they still require paying a ton of money AND you still have to get them approved by Apple!!
I was sad when I left android solely for the reason of sideloading apps, but given I'd used android for ages and only sideloaded two apps: dolphin and one of my own custom apps that I had stopped developing, I figured it wouldn't be a big deal. But I'm looking forward to this a lot now.
Apple already lets you sign your own apps, but i will admit the 1 week expiration is very quick and a $99/year developer subscription for 1 year signing is way too expensive for most hobbyists.
It'll be great to see all the neat little apps that macos has come over to ios
I wonder if there will still be two classes. I imagine sideloadable apps will need notarization like they recently implemented for macOS apps delivered outside the mac app store. They can require a developer account for that, or make it behave differently for the separate classes.
That's exactly what I want to do and what I hope this will eventually enable: Run my own apps on my own frigging devices (no distribution involved) without having to bribe Apple for the privilege (if you don't buy a Developer subscription, you have to re-install your apps weekly to keep them functional).
This would eat the app store alive and I could not be happier. So many very basic and simple, frequently cloned, but sometimes necessary apps exist out there that do the whole trial and subscription song and dance to collect rent. This is only because there is no path for open source alternatives. If there were, it would be like the state of affairs with desktop based software, where you have some first party solution, then on github there are typically a couple open source free alternatives if there is any demand for that sort of software, or there are even whole ecosystems like apt, brew, or conda to maintain open source software on your device.
I can't wait for my banking app to ask me to disable sideloading on iOS before I can actually use it. Such idiocy has been rampant on Android with banking apps refusing to launch when Developer Options are enabled.
That aside, I am very happy with this development. I have personal apps that I'd like to sideload without paying for a developer account. I am also looking forward to a more lively open-source ecosystem around iOS apps which has been significantly lackluster compared to that on Android.
I don’t think banking apps will have much reason to do so, given that sideloaded apps will still be sandboxed. This is not like a jailbreak. I would also assume that apps have no way to check what kind of other apps are installed.
I hope that sideloading detection will not be possible for other apps. Enabling Developer Options is not rooting Android devices but that hasn't stopped many banking apps forcing users to completely disable them before they can be opened.
Readit News
Basically the risk would be someone like TikTok dropping out of the store, but I find that unlikely. Maybe at the best they will have an "unrestricted" version with bonus features outside the app store. Visibility for indie apps is basically zero on the big platforms, but for the large players, being in the app store is actually important, at least for now, as users are used to going to the app store to search for software, and not just typing something into google.
The other thing is, these apps will still be sandboxed. Being available outside the store just means they can accept their own payments, they aren't going to have full system access to photos/contacts/files/etc. without explicit user permission, same as an app available via the app store.
1) Android hasn't made things as hard for malware vendors as Apple has, and
2) Android's not as lucrative a market as iOS
Those together mean incentives are significantly different, so we might not see the same behavior on iOS as we have on Android, from companies that are upset about not being able to to distribute as-effective malware as they'd prefer. Like Facebook.
Where do we see Android devices with apps like Facebook preinstalled, unremovable and granted root permissions? All over the ecosystem.
For one, DJI drone software. It's available in the Apple store but you have to sideload it for Android. DJI isn't a small company, and there is quite a large professional market.
Edit: meant apple app store, not play store...fixed for clarity
You already can side load apps. Just buy an Android device. I liken this to people who buy a house near an airport then lobby to get the airport closed because they do not like the noise. I bought into IOS because of the walled garden and without it some app that I would prefer to get through the sanctioned app store will now only be available by side loading.
https://techcrunch.com/2019/01/29/facebook-project-atlas/
They did this by abusing their enterprise certificate.
As much as I'd like the ability to sideload apps, abuse by commercial vendors is a very real concern. With a few exceptions, commercial software has proven itself to be untrustworthy with the growth of surveillance capitalism. I'd rather that sideloading be reserved for free software.
fraud. we'll see lots and lots of fraud. a new avenue will be open.
Google doesn't prevent Meta or TikTok or any other apps from spying on you, as long as they also get to spy on you. So they have no incentive to build a competing store.
Apple, on the other hand, limits what apps are allowed to do.
Maybe it's the other way around. I don't know the current legislative status of the attempts to ban TikTok, but the most realistic mechanism for doing so would involve banning it from app stores. By enabling sideloading, Apple would be enabling TikTok to circumvent such a ban.
However the solution to overreaching unaccountable private cooperations cannot be to hand all the power to another private unaccountable company.
Apple is venturing into advertising and that'll tempt them to weaken privacy protections sooner or later.
Additionally their app store rules went far beyond enforcing security and privacy. They gave themselves an advantage and removed competitors for commercial reasons.
Given that the mobile market is pretty much a duopoly in Europe there were two (political) realistic alternatives:
- Regulate tightly what apple/google are allowed to do with their stores (e.g. like a common carrier)
- force them to give customers a choice by allowing side loading.
The elected EU legislative took some points from both approaches AFTER the free market failed to implement a meaningful competition for central app stores.
I don't want every component of my phone OS broken apart and subject to what some legislator or lobbyist thinks is 'competition'. The competition is between Apple and Google making mobile platforms and we already had a choice.
I chose Apple's approach after a few years with Google. I miss the headphone jack, but having no tacky tracky shit shovelled throughout the OS is nice.
It's not the advertising part that is problematic. It's the part where you relentlessly spy on everyone to make selling ads more profitable.
I hope they never become this short-sighted. I buy Apple primarily because I believe that they protect my privacy—or at least that they do a better job of it than everyone else.
Why is this a worry right now and not 12-13 years ago when they started venturing into advertising with iAd?
Which competitor has been “removed”?
> Regulate tightly what apple/google are allowed to do with their stores (e.g. like a common carrier)
So there shouldn’t be any rules are quality controls on what should be allowed?
> The elected EU legislative took some points from both approaches AFTER the free market failed to implement a meaningful competition for central app stores.
Yes, the EU is the model of smart regulations when it comes to tech. That’s the reason that it has such a thriving tech ecosystem.
Another way of thinking about this is what we're taking this so-called overreaching, unaccountable private corporate power from one company and giving many companies that same power.
> The elected EU legislative took some points from both approaches AFTER the free market failed to implement a meaningful competition for central app stores.
You are presenting both Android and iOS, and default app stores for each platform as a duopoly, which is a mistake, because on Android you can already install third-party app stores. The mobile OS landscape is a duopoly, but there are many app stores across both platforms so is is not really a duopoly, it's just that the Google Play Store and App Store on iOS are superior products (particularly the iOS App Store).
On the OS side I think instead of premature legislation and stagnation we should let things just play out. It's a mistake to assume that because the state of the world is X today that it'll always be X. You can't have instantaneous change. It also might just be the economic reality that having just a couple of operating systems is the best for consumers and the market.
But I have zero power over the EU. And yet they're legislating what my iPhone is going to work like. Talk about unaccountable.
The free market did not deliver competing app stores because that is not a problem for the majority of users and is in fact a huge boon for most.
The company to watch is Epic Games. If they have the opportunity to bring a new gaming-focused App Store to iOS, to get Fortnite and other games back on the platform: I think they'll take it, and its possible it will do rather well. Giving game devs a distribution channel with a far lower cut of revenue is tempting, and may open the door to higher quality games on mobile. That could pivot to companies like Facebook distributing Instagram through something like the EGS for iOS; but again, I wouldn't bet on it.
Three industries will be massively benefited by this change: Gaming, Gambling, and Porn.
Meta makes the Facebook app. Currently, the only way to get the Facebook app on iOS is through Apple's App Store. Which means Meta has to follow all of Apple's guidelines.
Once sideloading is allowed, Meta can make a version of their app that does not follow Apple's guidelines.
Now, they can maintain two apps, but last time I checked, the cost of maintaining one app was lower than the cost of maintaining two.
Eventually, the App Store version will no longer work with Facebook's API. Or the iOS version, or a third thing. There will only be the sideloaded option.
I don't have the freedom to choose the version of the app I want. And now I can't actually trust any of the apps out there because none of them are required to follow any of Apple's guidelines.
Users made this choice when they bought an Apple product in the first place. Everybody knows well in advance that this is the current state of things, that is a well-informed choice by the end user.
Unfortunately, in practice, Apple have proven to be entirely incompetent at achieving that protection. The App Store is 90%+ garbage and scams. It's completely unusable for any form of discovery. Even when you know exactly what app you're looking for, you have to wade through copycats, typo squatters, and even paid adverts trying to distract you from your search.
Sideloading is full of risks, and I don't love it. But it's at least a little bit of competition to push Apple towards make the App Store useful again.
As someone who develops for the platform, I tend to agree, I'll probably never distribute apps with sideloading, but I think ultimately it's a good thing. I'd also be happy if it attracts more interest and developers to the platform who were previously turned off by the App Store process and Apple Tax.
I also build for macOS, which has always allowed sideloading and don't see any major issues with it there.
Luckily, there's very simple solution for you! Just don't use sideloaded apps.
Dead Comment
Propaganda is fucking awesome in how effective it can be. And equally dangerous.
Has Android restricted spying as much as iOS has? I seem to recall Facebook freaking out pretty hard about iOS policy changes around tracking and blaming that for some serious revenue shortfalls, a while back, and have no such recollection about Android, but maybe I just missed it.
0. https://www.cnbc.com/2022/02/02/facebook-says-apple-ios-priv...
I'd be so happy to see F-Droid venturing on the iOS side, and distribute open-source apps you can trust that would otherwise not be available on the App Store (emulators, third-party YouTube clients, an actual Mozilla Firefox browser using its own rendering engine, etc).
I hate that with Android I trust that Google will at some point succeed with a dark pattern in letting me agree to siphon my data without my real agreement.
Even if this set of changes is coming out of the EU and the chances of getting good tech regulation any time soon might not be high it's probably still better than having all of the safeguards for millions of people using a platform depending only on the whims of companies like Apple, whose track record on user-hostile behaviours and issues like privacy has no shortage of concerning events.
None of the major media in the USA even suggested that a strong data privacy act, and a general privacy regulation, could fix this for every app and be a better long-term solution.
Normal users don't sideload on Android. Even the (objectively easy) steps for enabling it there are too much for the average user. Why do you think this would be any different?
Apple is a saint?
The idea that you can tell if somebody's else code is malicious just by looking at it is flawed anyway and it's been shown many time over.
Plus they still can automatically scan binaries of sideloaded apps (maybe that is what this is about, they automated enough)
Just as a general reminder, I heavily recommend that you not install Facebook on your phone even if you have an iPhone. There are good things Apple is doing with enforcing privacy controls, the controls aren't useless, but there are still loopholes: https://arstechnica.com/information-technology/2022/04/a-yea...
To provide a counter silver-lining to the concerns here, I'm hoping that if iOS gets sideloading that maybe apps like NewPipe could start becoming more commonly available for iOS users.
Right now, iOS is sort of stuck in this middle ground where Apple does legitimately do some excellent work reducing the privileges of apps, but also... you still have to use those apps if you want access to the services. It would be good to see more unofficial clients for some of these services like NewPipe or Twire get better support like they have on Android. I'm not knocking Apple here, they're trying to hit a middle ground between accessibility and privacy, but I don't want people thinking that the iOS version of Facebook isn't still tracking them. It's (hopefully) tracking less than it would on Android, but it's still tracking.
Apps like Instagram are popular enough that, if Meta wants to move them to their own app store (possibly incentivized via exclusive new features), people _will_ follow. And the VPN thing shows that there's no depths to the level of trickery and and violation of privacy that they will indulge in.
I kinda like being able to install open source software without agreeing to anyone's terms of service. I'm typing this from an open source browser going through an open source firewall that blocks trackers which both came from an app store that I contributed to, for example. That's a lot more benefit than letting a bigcorp from another continent with a very different culture decide the rules about everything you can do with every unit sold.
There are paths where you can prohibit businesses you deem evil from paying people to study their lives that don't involve letting your device's content rules be set by an undemocratic and profit-oriented company.
Besides, they'll stay on the App Store just like they are still on the Google Play Store on Android where side loading has been possible since version 1.0.
Edit: just thought of an idea. Maybe each ISP can provide a store and we can only install from those into our devices. After all, we trust ISP already
It's not like Facebook can force you to sideload apps on your phone.
If you don't want sideloaded apps, don't sideload them...
The amount of people that try to make choice and freedom seem dystopian amazes me.
Oh, no, others have a choice I disagree with! The end is nigh!
> "Just don't use services provided by Meta"
There are insurmountable network effects.
For example, I must keep WhatsApp on my phone if I want to know when child's swim practice is moved/canceled/etc. There is only one swim team in the area. Getting other parents to use Signal ain't happening unless the head coach requires it. The head coach isn't moving to Signal unless parents already use it. Moreover, I'm a coach, so I have more say/power over this than typical.
Of course, I could always force my kid to find another after school activity... or, I can buy an iPhone. At least with an iPhone I can deny Meta access to my Contacts, which it incessantly requests.
This is just one concrete example. There are plenty of organizations land-locked to Facebook for the same reasons; dropping Facebook is tantamount to collapsing the community they built.
For me, checking the monopoly power of Meta by using an iPhone is the least worst option. At least Apple has interests that are partially aligned with mine... as they want me to buy my next mobile device from them.
For the average user there will be zero impact and for the power users who wants to still to Apple's guidelines no one is forcing them to install anything they don't want to. If its any similar to Android it will take quite a few clicks to allow the installation which deters the average user from installing unwanted stuff.
The risk to the average user is that an app they want is removed from the App Store and only available via sideloaidng.
But the opposite happened , apps were pushed out from the Store and if you are using iOS you are screwed but on Android you could decide to take the risk and side load the app from the official website. I just had to do this, I installed solar panels and they are made by Huawei, thx to USA-China wars , Huawei apps are no longer in google Play and Huawei phones do not contain Google Play support anymore (or last time I checked)
I think the fear is "sideloaded apps can do bad things" and my answer is make the OS better and more clearly manage bad things?
What are the bad things we imagine a sideloaded app could do? Like it still has to follow the platform APIs right? It would have to ask for perms? Sure, it could have egregious tracking or spam, or hostile ads, but app store apps already have this??
I'm genuinely asking: What risk am I missing?
If bad actors choose to misbehave don't blame the medium they're misbehaving on. This line of thinking is similar to negotiating with terrorists.
Allowing sideloading of apps does nothing to weaken the technical features meant to enable privacy and security that are already in place.
In fact, you shouldn't have been relying on the App Store in the first place, as malware/spyware can and does slip through their very human and very fallible approval process.
This talking point is so common in every thread about sideloading Apple devices that I can't determine whether it's propaganda or ignorance.
Deleted Comment
Currently and historically, Facebook’s apps have been provided purely through the App Store and have been following Apple’s privacy guidelines.
Surely then, you can’t criticise their approach to privacy? After all, Apple has always approved their apps.
Honestly, given things like this ...
https://www.msn.com/en-us/news/politics/montana-lawmakers-vo...
I think Apple may not have a choice. This is a move that will leave Apple free (or freer) of liability in various situations. For example, Apple is no longer liable if you sideload an app that is outlawed by your locality, and Apple removing apps from the App Store for violating App Store TOS can no longer be as strongly framed in a censorship debate.
I'm looking forward to it because quite a few apps that feature adult content can exist on iOS now and not have to be clunky web apps.
Apple phrased that as peculiarly as they did for several reasons. "Ask App Not To Track" is not "Force App Not To Track", it relies a lot on self-disclosure from apps and some discovery from App Store testing cycles and apps already currently lie about it and things are missed in App Store certification.
There's less reason for self-disclosure by sideloaded apps and no certification process to spot-check such self-disclosures even if a sideloaded app provided them.
"Ask App Not To Track" does feel like a vulnerable tool if sideloading is allowed and certain major apps create pressure to encourage average users to sideload some common apps.
Whether or not you are looking forward to capabilities that sideloading would grant, it is fair to lament the possible loss of how good "Ask App Not To Track" has been so far and assume it will get worse in a sideloading world.
If Apple did just that, it would have been ok. But they didn't stop at that - they decided to do the very same thing that Google, Meta, Amazon, Microsoft etc. - after partially preventing their competitors from getting hand on some data they started to deliberately invade our privacy and collect as much of our personal data as they can to mine it. They self-appointed and forced themselves to be our conservatorship ( https://medium.com/@tonytyre9/what-is-conservatorship-legal-... ) because we have all been judged too stupid to manage it ourself. And like any abusive conservatorship they also exploit us.
Personally if Apple finally allows me to install whatever I want on my phones then I may return to their phones. Until then, I will use Android since I can download and install any .apk I want on my device.
That's unfortunately wrong.
Say you use WhatsApp to keep in touch with your friends. Say Facebook pulls WhatsApp from the app store and makes it only available via side-loading. What do you do? You have to decide between trying to move everyone you know off of WhatsApp, or you side-load.
However there could be things like — e.g. TrueCaller might refuse to work without contact permission and call log etc (just like on Android; on iOS it works just fine) but when side-loaded these could demand all those permissions to run. Well that is something we may have to see how such changes pan out.
I feel what Apple is doing is taking 30% of what you pay to e.g. Spotify as a middle man because they made the device and can dictate whatever terms they please. How are people ok with this is beyond me.
I can't honestly understand this argument.
Are you afraid of yourself?
If you don't trust Facebook, don't install their app.
App store or not, nothing changes, what the app is allowed to do is the exact same thing, they're asking for the exact same permissions, that you can grant or not on a per app/per permission basis.
End of the story.
But if I want to install an app that I completely trust, because I know the developer or I have developed it myself, I can't install it now.
The only big player I can imagine doing this is TikTok if they really get banned, they'll still lose a ton of users though.
It's a great thing for the ecosystem because at least those who want to sideload can do it.
People love to say this is about choice for the consumer but it really is not going to be.
My fear is that the choice will be taken away from my by companies that are no longer able to engage in shady behavior on iOS. Things like trying to collect all my data, forcing me into their billing system, shady subscriptions (like how I can cancel or reminders of it being about to charge).
The Facebooks, TikTok, etc know that many of their users are addicted to their platform and it would not be a stretch for them to push users to download the app through a third party service. I could even see them going so far as to not be on the official store because they know they have the name recognition.
Facebook could even make their own store for other apps that don't want to respect my privacy.
This is a huge concern of mine that this could be a trend that starts small but overtime I no longer have the choice to avoid these alternate stores or to side load to be able to continue to get the full use out of my phone.
Choice is great, but this is giving the choice to developers not consumers.
This doesn't mean that Apple's solution is perfect, but just opening up the flood gates is not the solution either. If you really want to side load get an Android phone.
Apple makes certain aspects of the phone addictive as well (i.e. the app tray that can't be disabled, Screen Time is a joke for actually trying to restrict how much time is spent on apps, etc.), and the lack of 3rd party APIs to modify the addictive behavior makes it difficult to control.
The easiest way to reduce addiction to devices is design UX roadblocks that prevent seamless, mindless interaction with the device, and the "digital drug" providers are never going to willingly build that themselves.
You wouldn't lose that choice. Want only Apple-vetted apps? Only use their App Store. Easy. Maybe I'm misunderstanding, but you seem to be saying: 'evil facebook will harvest more data, but I want to keep using evil facebook'. Maybe the conclusion you need to reach is that you should stop using facebook (and the like)?
Maybe Apple should update the terms of the App Store to be more competitive/attractive then.
Deleted Comment
Dead Comment
How about you spend 10 minutes looking at what Apple is actually doing and realize they are just as if not more "privacy hostile" as Facebook/Google/etc. They've been on a hiring spree since they announced their "privacy" update in 2020 to build out their own Ad Tech/DSP/Self Service Ad Platform.
Yeah - Apple was pulling a monopolistic move and kneecapping their competition for profits sake. They realized "Hey, we can kneecap these guys and in the near future profit billions like they did with our own ad network".
How is this good for privacy?
You're going to have to back that up. Apple is degrading their privacy value prop for sure, but show me their Cambridge Analytica or their "Incognito mode" that still ties web activity back to user identity.
> How is this good for privacy?
That's a straw man. It is possible to believe that 1) Apple is curbing the worst excesses of abusers like Facebook, AND ALSO 2) Apple is making some mistakes that weaken their own privacy story.
> Apple was pulling a monopolistic move and kneecapping their competition for profits sake.
This is a recurring theme on HN and I find it so strange. Are we really supposed to form opinions on what we imagine faceless committees motives are, rather than the actual corporate actions?
I honestly don't care why Facebook does the things they do. My opinion would not change if it turned out it was from the most noble and altruistic motives. Just like I'll judge Apple for what they do. I don't think it's fruitful to argue about whether individual people are a "good person" or "bad person", and it's even less meaningful for giant multinationals.
Which is funny to me, because after flipping through the App Store for an email client, I found, on this heavily curated storefront, a single digit number of apps I would trust with my email credentials. Android, with it's option to "sideload" F-Droid, gives me dramatically more options that I trust.
Security and trust do not require locking me out of my own hardware.
The Apple App Store is a dumpster fire, but there is a perfectly reasonable argument for locking down a device you’re handing to family members who aren’t security conscious.
Then enable a more limited App Store mode as an opt-in feature.
Deleted Comment
Proprietary app stores are... nearly as much of an exact opposite I can think of, regardless of who sponsors them; Microsoft, Amazon, Google, or Apple, devs are putting apps there to get paid. Sometimes it's user data, sometimes it's "Free" with in-app purchases pushed by dark patterns, sometimes it's to push for consumer lock-in, and sometimes it's straight up malware, like most flashlight and cleaner apps on Google Play. Regardless, the incentives don't align, and that is what I'm on about when I use the word trust here.
People don't like it when a UX change is made by and for the company that just so happens to screw lots of users, or break or slow their usage. That's exceedingly rare on apps made by devs in the first category, and depressingly common for the latter group.
a) open source b) built by fdroid's CI from source without depending on external executable binaries.
Most apps in the iOS App Store are chock full of spyware that reports on everything you do in the app. Many of the Apple system apps function the same way too (even with analytics disabled).
We lose all transparency for the big players. Meta does not want us to know precisely how much it collects data.
If they can start somehow avoid Apples privacy restrictions and reduce transparency with side loading, they will do it.
There isn’t really problem with the lack of sideloading in iOS.
It is just that costly developer licence and strict requiremets of App store to increase the quality of the apps.
Sideloading just makes it easier to install lower quality software and some random oss projects where maintainers do not have either Apple’s licence or time to maintain app store releases.
Of course, there is the payment fee but that is another story.
Could and will people be taking advantage of by side loaded apps? The obvious answer is yes, it's a risk that allows for responsibility and freedom.
Yeah, you might lose out on playing FPS games on your phone, but is that really a loss?
Epic pulled Fortnite from Google Play Store in 2018 because they wanted to keep more of Google's 30% share and they were back in 18 months because most people aren't that determined to get an app outside of the official app store.
Any company pulling their apps from the App Store must have a pretty good reason to do so, because they're gonna be decimating their download numbers.
Anyway when you sideload an app on an Android phone, the APK is scanned to check if it's secure to install.
Permission wise, nothing changes.
Policy wise, it means no Apple tax and maybe some publisher will be able to cut prices, to the users' benefit.
If nothing else, imagine your own AI assistant that you know respects your privacy because it only communicates with your home server, or fits completely on your phone.
> 7. The gatekeeper shall allow providers of services and providers of hardware, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same hardware and software features accessed or controlled via the operating system or virtual assistant listed in the designation decision pursuant to Article 3(9) as are available to services or hardware provided by the gatekeeper. Furthermore, the gatekeeper shall allow business users and alternative providers of services provided together with, or in support of, core platform services, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same operating system, hardware or software features, regardless of whether those features are part of the operating system, as are available to, or used by, that gatekeeper when providing such services.
It's not impossible, and perhaps it's easy if you've already hit all the pitfalls and know where they are, but I would not describe it as easy.
I beg to differ. How many windows machines were infected in the early 2000's? Would bot-nets exist if Windows had a strict app store back then?
Now: I will agree that freedom to install any software on desktops has been wonderful, and I hope it remains, but I wouldn't say it hasn't caused chaos.
Great Scott. If you haven't looked at a calendar recently, its not 2001 anymore. The industry has spent the past 23 years improving the security of basically everything. Isolation is better. Filesystem security is better. Anti-virus is better. Browsers are more secure. Everything is more secure. Malware is still around. Its harder and harder for it to cause real damage, unless the user clicks past thirty five warnings.
This seems too obvious to have to mention, but I guess I do: the comp for iOS with side-loading isn't Windows 98, it's MacOS in 2023.
Yeah, that's a very bad analogy, it wasn't about side loading, even assuming that MS was able to vet every application out there, which nobody was technologically or had the resources to or wanted to, the infrastructure wasn't there, the OS security was worse than today and based on different assumptions entirely, the responsibility is still in the hands of the user, and, most of all, with good reason users pushed back on the all TPM/Trusted Computing thing.
So they did not want that feature and voted with their money, until they could not vote anymore, because smartphone ruined it for everyone except Google and Apple.
edit:
besides (obviously) RMS [1] being right and opposing to TC/TPM, this BBC article from 2005 [2] summarizes what even users there were not particularly tech savy thought about the topic
A couple of significant quotes
computing base is also used to make digital rights management systems more secure, this will give content providers a lot more control over what we can do with music, movies and books that we have bought from them
We need to ensure that trusted computing remains under the control of the users and is not used to take away the freedoms we enjoy today
[1] https://www.gnu.org/philosophy/can-you-trust.html
[2] http://news.bbc.co.uk/2/hi/technology/4360793.stm
Of course it has caused chaos on desktop platforms, especially Windows in the early 2000s, late 90s.
Since that era, it’s slowly dug itself out of that hole.
https://purplesec.us/wp-content/uploads/2019/03/Malware-Infe...
Currently there is no way on ios to know what an app is really doing, and what it is sending where.
[0] https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage...
Deleted Comment
Deleted Comment
Apple users should also rejoice, because browsers coming to iOS will finally support full PWA functionality and Safari will either support all the features as well (not the current neutered one) or it will disappear into obscurity.
They will, at every point, do as little as possible to avoid EU fines, while simultaneously not opening up the platform to developers like you.
I don't care, and don't really imagine, sideloading others' apps... but this could give rise to a hobbyist/customization wave again.
I plan to sideload exactly 0 non-play-store apps except maybe dolphin or similar big-name open source things.
I DO plan to sideload two apps of my own (currently web apps but they suffer for being so, as opposed to being native), and while I know apple has given some ways previously to let you have "private" apps etc, they still require paying a ton of money AND you still have to get them approved by Apple!!
I was sad when I left android solely for the reason of sideloading apps, but given I'd used android for ages and only sideloaded two apps: dolphin and one of my own custom apps that I had stopped developing, I figured it wouldn't be a big deal. But I'm looking forward to this a lot now.
It'll be great to see all the neat little apps that macos has come over to ios
That aside, I am very happy with this development. I have personal apps that I'd like to sideload without paying for a developer account. I am also looking forward to a more lively open-source ecosystem around iOS apps which has been significantly lackluster compared to that on Android.
And you can install three personal apps at most.