Superior functionality exclusively in the EU — USB-C, side-loading — is a good thing. It will remind US folks that the law is a powerful mechanism for making simple, non-controversial changes that improve everyone’s quality of life; but which corporations would otherwise refuse to accept. BTW — LAAS (lobbying-as-a-service) should probably exist.
The EU is at the side of the customers as long as the companies making the product are not in the EU. Had the EU a strong phone manufacturer industry that didn't use USB-C, we still wouldn't have that requirement. Companies always maintain closest lobbying ties to the governments they reside in (at least if both economies are equally developed), and countries care less about companies that don't give many jobs to their residents or taxation revenue.
I would like to see some solid proof on this, as I don't buy this claim.
The EU has squeezed telcoms on roaming charges which created a lot of howling. The EU also has rather strict regulation concerning gas use of cars, ICE emissions and so on, probably second only to California. The EU approach to food and pharma security is fundamentally different to that of the USA, and it impacts EU companies. Regulations around green GMOs are so strict they basically killed the European market for GMOs.
Show me example of a thing that would prove it. EU has tons of regulation on cars(most of manufacturers are EU based) - ask any car manufacturer how easy it is to get a car sold in EU(not saying that tons of regulation is good or that difficulty of producing is good, but it is an example that goes well against your argument).
I think you greatly overestimate the importance the average American assigns to "superior functionality" on an iPhone. As important as it is to you or me, the average person doesn't know or care why they should have these features.
Apple made their app store incredibly restrictive and took a massive cut of any profits that anyone was making. Not just app sales, any profits. (This happened to hey.com, they wanted a cut of the subscription that users were getting outside of their app). Sometimes apple would just outright steal developer's apps by making their own version, then blocking the original developers by claiming that they were making rip offs of Apple's apps (you'll find a few stories of that happening here on HN).
Then to really rub salt in the wound, they started telling developers in essence: "If you don't like the way we run our app store then you can always make a web app", despite the fact that they had purposefully hampered web functionality on their devices to force developers to use the app store.
It's really strange how their browser only started getting better all of a sudden when they were getting sued for their anticompetitive behaviour and the EU said they were drafting up legislation to break their monopoly.
It is directly due to the efforts of the EU that Apple has been dragged kicking and screaming to add functionality to their own ecosystem that is objectively demonstrably superior to what was available before.
Side-loading may bite back in nasty ways. Tiny but locally required apps may use it to work around legit limitations. Pay-for-parking apps, shop loyalty systems etc. Yay for more spyware and api exploiting.
No Thanks. Can you tell me how GDPR has made EU life better than US? It's a hot mess. Criminals of EU can now easily hide from the internet, while the innocent click through hundreds of cookie popups
For those replying, I believe the parent was saying that EU phones are stuck with a physical SIM slot because of regulations. In the US, iPhones no longer have a SIM tray.
I've travelled across Europe with eSims bought from Mobimatter, and I've also bought local Vodaphone eSim in Italy and some other operator Montenegro. In fact, I'm writing this from a eSim in my iphone while I wait for Airbnb to resolve issues with check-in on Cyprus. What are you talking about?
We have both esim and physical. Not only this, for people that want more privacy, some can buy physical sims without any documents at simple shops so that there is no risk for govt to track you
Let’s suppose you’re right that USB-C and side-loading are “superior functionality”. There must be some value to that superior functionality; consumers should be willing to pay extra for it if they value it. It seems logically like Apple ought to offer a USB-C iPhone if there is enough demand for it to generate more profit, except that it lowers the cost for customers to switch phones, which likely costs them more than they’d make in additional profit by having a USB-C version. This puts their interests at odds with the customer’s interests. There are a lot of other similar situations, e.g. most people would rather have cars that last longer, not have to deal with advertising, farmers want repairable equipment, etc., but the economics don’t work out well for the company. How does a market economy rectify that?
I’d argue that in theory, new upstarts ought to be able to enter the market and satisfy the demand if it exists. However, in many fields, there are substantial barriers to entry that prevent this. For instance, in the auto industry, it takes huge amounts of capital to reach the necessary scale, gain enough experience and reputation, etc., to be able to compete with existing companies. Similarly, it would be a monumental engineering effort to produce “iPhone with USB-C” due to the amount of intellectual property, goodwill, Silicon deals, integrations, etc., that Apple provides. It would be impossible, really, due to iMessage and FaceTime being proprietary. There could be new cable providers that don’t run ads, but they wouldn’t be able to compete on cost, and they would have trouble dealing with the regulatory environment for infrastructure, striking deals with networks, etc.
Banning companies from engaging in practices that benefit them once they become sufficiently adversarial to consumers isn’t a scalable solution. There are many instances of this across many industries; regulating them all would be like playing Whack-A-Mike. It also provides no recourse to the group of market participants who don’t care if their phone has Lightning or USB-C, and probably prefer Lightning since they already have a charger. It also leaves less room for innovation since companies will have to comply with standards, possibly preventing superior technology from being developed (that’s how we got Lightning to begin with).
I’d love to hear other/better solutions. I’ll throw one idea/observation out myself. A lot of these misalignments are because providing a better consumer experience today reduces the likelihood they will be a customer tomorrow. Either they will leverage the lower switching cost to switch, or they will be more loyal but purchase less in the future due to the increased quality. What’s a way to manipulate company economics to favor shorter-term views of the company, and disregard higher-growth plans? Higher interest rates. Maybe a higher interest rate environment could mitigate some of these issues by ensuring companies care about the business they have today, more than the one that they could have tomorrow.
Regulatory capture is so pervasive in the US that I’m afraid there’s little chance that the law will ever change to benefit consumers in a meaningful way.
They add another common standard, probably allowing manufacturers to choose between "old" and "new" for a little while.
Similar to the switch from microUSB-B to USB-C. Budget phones kept using the cheap option for awhile, but eventually costs came down and people settled into the new standard.
Not sure how it's done in the EU, but their legislature could delegate authority to make such decisions to an executive agency if the process of passing an amendment or new law is too slow.
You mean like when everyone moved from mini-USB to USB-C? It's also good to remember that lightning connectors are USB2 in a different form factor - outdated and slow.
Then industry players would build consensus around a new standard and adopt that into law? Would you prefer a world where browser vendors are all designing their own HTML and JS features independently rather than working off a common spec too?
At a certain scale of adoption/societal impact, having a common set of agreed standards is much more important than fragmented "innovation". I would argue having a general and common way to charge devices qualifies for that level of importance. The incentive on Apple's side to stay off of USB-C can only be one of profit driven customer hostile design... as there's really zero technical or otherwise reason to have stayed on lightning this long.
One of the biggest annoyances in my daily life is having to swap back and forth between USB-C and lightning cables. These lightning cables being sold today are effectively trash to be thrown away in a year or two. Completely unnecessary, and hard to have any respect for the intelligence of people who defend it. There is no slippery slope here. If Apple wants to build a next gen port, then they do it alongside other industry players rather than monopolizing the technology so they can charge 10x markup on cables/accessories/licensing... which imparts zero benefit to the consumer.
I do not see USB-C coming. Apple will rather remove the jack altogether and go full Qi (and make the device 100$ more expensive because wireless loading adapter).
The last time I dropped my phone and broke its screen I took out the SIM and left the phone in a repair shop. I went home, put the SIM in an old phone. If the broken phone had an eSIM, would I been able to use the old one as a backup? Maybe by going to a shop and askig for a physical SIM. That would be slower and less convenient. A physical SIM fits in a Samsung A40 which is probably the smaller and lighter Android phone available today and in much smaller phones of the past so it's definitely not a burden.
Recently moved to a new country (non-EU). The carrier I'm using does not offer eSIM and shipped me a physical SIM card. This is not an outlier, I have a couple of physical SIM cards, some US, that I wouldn't be able to use if the phone was eSIM only, like the recent US iPhone.
Also moving a eSIM from iOS device to non-iOS device (for example to plug into my secondary Android) is a massive PITA. I always have to re-issue the SIM which I often can't do and need to jumps through customer support queries and hoops. My current provider back home doesn't even give me the option to do it while abroad and support told me to come back for a day, then finish the eSIM reissuing application, so I'm stuck with the physical SIM anyway.
eSIMs will be great one day, but that day is not now. I much rather pop the SIM out of phone 1 and move it into phone 2, or iPad when I want, than wait hours (or sometimes days) to get a new eSIM approved, and repeat that process every single time I want to move a connection to another device
I know nothing about esims, what makes them so much better than a physical sim? I can't say I have any major qualms with what I have right now, I just shove it in my phone and forget about it.
If you travel to more than 1 or 2 countries per year, especially less developed countries, you'll learn that your life (connection) depends on picking up cheap $5-15 sim cards at the border for each country.
I couldn't imagine them jumping on the esim train in any useful way in the near term.
Not much. Apple wanted eSIM for years but carriers fought them over it. They like the physical lock-in of SIM cards. Customers can't easily switch because they have to wait for a SIM to ship or go to a carrier's brick and mortar presence to replace it.
Now? People can switch carriers while in their living room. Takes a matter of minutes. Absolutely frictionless.
Physical SIMs are convenient, especially for travellers and facilitate competition through super-easy carrier switching. What are the improvements of e-SIMs for customers? Please don't say size.
In many countries there are zero local carriers that support eSIMs. Maybe in some hypothetical future this is not the case, but at least in this decade a phone that has a physical SIM is essential.
I don't think things will be a problem. Distributing software is fairly easy; for most apps, uploading the app binary to their website as though it's an image file or video will be sufficient. And, then you get 30% more money for your business. It will be quite popular just for the cost savings.
(Distributing software is not always easy, as game companies that have 100GB game downloads on launch day will tell you. But, for most apps, it will be easy enough.)
if you’re nvidia and want to provide a proper cloud gaming app (not browser based, which has resolution limitations), it might be worth it. Apple’s conditions tend to be quite restrictive (which is why they’re having problems in the first place), so I somehow suspect there’s a rather large market, and the eu is very large anyway.
> In addition, developers may have to pay extra if they want their apps to be available outside of the iOS App Store, Gurman says.
The statement is a bit ambiguous. Is it pay Apple extra or pay extra to the 3rd party to have their app listed in the 3rd party app store?
The former doesn't sound right; It is probably FUD.
Logically, a 3rd party app store could compete on significantly reduced fees relative to Apple (as one of the strategies). Those conscious of the quantum of current fees then have options of listing their app on both the Apple app store and the 3rd party store as part of their distribution strategy. Customers who trust the Apple appstore would get their app from there and those who like a 3rd party app store would get it from there. The app developer would have reduced their total fees (for distribution). Even if there are signup fees, the share of revenues that Apple is today taking away from the developer would go down in absolute terms with a 3rd party store.
As far as the consumer is concerned, this becomes an OS setting like 'default browser/default text editor etc.,'.
Apple sticking to only the Apple App Store stance is only raising the cost for consumers. Consumers in other geographies will also wake up. Eventually.
If I were being extremely charitable on the phrasing, I think they might mean, for example, if you pay Apple 30% (or whatever the going rate is) you might have to pay an external app store an additional number.
Or, it might mean Apple will charge higher rates for apps that are also available on other app stores? Not sure if that's entirely legal, but since when have pesky things like the law stopped companies as big as Apple?
I agree. As a dev, if I list my $3/mo subscription app on the Apple App store and they take 30% and I have 100k customers and I double-list the app in the 3rd party store + the Apple app store and gain 20k customers from the 3rd party store and the 3rd party store charges 10%, I have saved (30% - 10%) x 20k x $3/mo = $12k/mo on the new customers.
If I release my next version update and post it to just the 3rd party app store, I could then theoretically move the 120k customers to download the update from the 3rd party store and then save $72k/mo.
> Even if there are signup fees, the share of revenues that Apple is today taking away from the developer would go down in absolute terms with a 3rd party store.
I guarantee you Apple will find a way to still make the same money.
Just like how in the Netherlands dating apps don't have to use IAP, but the apps need to pay Apple a 28% royalty on all in app purchases that don't go through them.
> In addition, developers may have to pay extra if they want their apps to be available outside of the iOS App Store, Gurman says.
How I read this is that they are basically creating a 3rd category of apps. Up until now you could sideload apps on an iPhone via an enterprise cert (though it carries some major restrictions that would make it unsuitable for general distribution). With this they are likely creating something like that enterprise cert but for all app developers.
No, my interpretation is that Apple either increases their fees or decreases prices for an app that is also distributed elsewhere.
I don't see a problem with that.
If a producer grants exclusive distribution rights to a seller, the typical consequence is that the seller gives the producer a greater profit share in return.
On ending those terms, the seller may rightfully reduce the profit share, in my opinion.
The problem is that EU law requires Apple to not restrict sideloading for selected apps. It doesn't matter if they pay or don't pay Apple. You have to be able to sideload them.
A distributor cannot strong arm producers into exclusivity contracts while in a dominant position, this is text book example on how to get fined heavily in most countries, and would not fly at all in Europe.
> ... Apple either increases their fees or decreases prices for an app that is also distributed elsewhere
I don't get why anyone should be paying Apple a rent for using a 3rd party app store (lets say exclusively).
As a hypothetical, lets say Epic Games or Steam launches an Alt App Store for games that can be installed on ios. Why does any gamedev using those stores have to pay Apple any transaction fee?
Just doesn't make any sense and would just be rent-seeking on Apple's part.
Apple being motivated by improving security are BS, and it pains me te see people in this forum falling for it or reapeating this.
There is a great tool to increase security: the browser and its sandbox. You don't need to install anything fishy on your phone, and the sandbox rights coukd be sufficient for many apps.
But as an example, Apple denies the full screen feature for websites and even PWA... only installed ones. There's no good reason except favoring apps/appstore. For security? Works great on Android.
And you cannot use a third party browser, since they forbid that (all are Safari based)
> Apple being motivated by improving security are BS, and it pains me te see people in this forum falling for it or reapeating this.
It's the same with privacy. Forcing app publishers to state what user data is being sucked out of their phones was just a poor PR stunt.
Nothing has changed. Applications still require payments in form of contact lists (which is more or less illegal in Europe if you don't have permission of all people in your address book to share their names and phone numbers), disguised as helping users check if their friends are using a service, or to even allow user to use some app functionality.
Unimaginative accountant that currently leads Apple on one hand bullshits public opinion when disallowing Facebook to steal data from users' devices and, on the other hand, after blocking Zuckerberg's ability to do so, he disgracefully used children protection to announce that Apple will now inspect users' data under the pretense of looking for child porn.
Apple users are being deprived of OS control with most of updates and it's always done under the untruthful pretense of increasing security or protecting users' privacy.
When this little man finally pushes ads to core macOS, he'll state that it's to help users.
>Applications still require payments in form of contact lists
What? It seems like you were trying to make a coherent argument but a list of contacts is in no way comparable to a paid subscription. Microsoft doesn't allow you to buy O365 with your contacts, do they?
Apple's ban of all browsers but Safari turned out to be the main barrier preventing progressive web apps from being viable, deepening the duopoly power of themselves and Google, because Apple refuses to implement basic browser standards that are necessary for PWAs.
And then when they do implement similar browser standards, they don't follow any web standards, they instead make their own proprietary bespoke web standard for Safari[1].
And they also did other fun things like wait until nearly 2021 to support WebP and let Safari be the the #1 source of one-click exploits on iOS.
It's weird to see Safari trotted out in defense of web standards of all things.
Is Apple a significant player in proposing new standards and working with say Mozilla to get consensus as a genuine alternative to Google or are they simply not implementing much? The latter is certainly my impression.
That may well be true, but in my view, upholding a native app monopoly for the sake of preventing a web browser one isn't a sustainable strategy (and never has been a conscious choice by anyone).
Users don’t want crappy PWAs, they want something that follows the platform UI conventions. It’s good that Apple care enough about about UX to actually enforce this.
Games are an obvious example where platform UI conventions aren’t applicable, and where Apple’s restrictions hinder not just UX (see discoverability in the App Store) but also incentivise shitty monetisation practices.
Gaming on mobile friggen sucks and that is primarily because Apple wants to retain control and the biggest piece of the pie.
Gaming in mobile browsers, in 2023, should be as easily accessible as it were in desktop browser in the Flash days. Apple just won’t come to the table to facilitate a decent gaming experience in Safari.
Let’s also not forget Steve Jobs was all for web standards in his letter against Flash. Apple should make good on what was promised in that letter instead of dragging their feet.
I see this argument often, but I'm genuinely curious if it's actually the case - at least in my experience, a huge amount of apps nowadays have custom-designed UIs and very little conformance to "platform UI conventions". And that's even an expectation - if you see an app that uses standard UI controls, navigation etc - it comes off as basic and probably not really polished. I might be completely wrong.
On the other side, if users want standard UI and that's a factor in adoption, wouldn't people making PWAs then just make the apps in such a way - there's nothing stopping them, and there's no lack of UI libraries enabling that.
I want good PWAs. I don’t want borderline spyware-apps with access to all kinds of apis. There is no reason why a messaging app needs my gyro data, or gps, or all of the other stuff they just implicitly get because they are an app. I’m starting to think that some of the worst that ever happened was that Firefox OS failed.
Just some anecdata: I use the Outlook PWA (on an iPhone!) to access my work mail and calendar. It does not have notifications, which I really liked for calendar events (because I’m forgetful), so that’s a bit sad. However, there is a decisive pro: It cannot enforce restrictive device policies. What a great feature!
UX isn’t half bad either. It actually feels pretty native most of the time.
"Users" don't fall in one bucket. Me, I do want some PWA's, not least because Apple's prudish stance disallows anything sexual or adult on the App store.
> There is a great tool to increase security: the browser and its sandbox. You don't need to install anything fishy on your phone, and the sandbox rights coukd be sufficient for many apps.
To this day the browser is still a second-tier experience to native apps. But that's fine, because anything you get from the macOS and iOS app stores are sandboxed too. So are non-App Store apps on macOS that choose to run in sandbox.
Are you sure PWA doesn’t work on iOS? I remember installing websites as apps on my iPhone. According to this SO answer I think one can even make it full screen (with a workaround at least): https://stackoverflow.com/questions/53061258/pwa-not-opening...
>Apple being motivated by improving security are BS
I'm not sure how they are motivated but in a report Apple cited:
>In Nokia’s 2021 threat intelligence report, Android devices made up 50.31% of all infected devices, followed by Windows devices at 23.1%, and macOS devices at 9.2%. iOS devices made up a percentage so small as to not even be singled out, being instead bucketed into “other”.
I personally use iOS and got it for my mum and aunt etc as it seems to suffer much less from malware in normal usage. I'm not sure if there is any evidence to the contrary?
A lot of viruses (and jailbreaks on iOS amongst others) are distributed via this browser / sandbox; it's only secure in theory and it took decades to get to that point.
Sure (before the Rust evangelists swoop in), part of that was due to using unsafe languages; part was due to extension frameworks that had too much power (ActiveX, which was even used to update your operating system, I can't fathom why they thought that was a good idea). But it'll take many more years of zero incidents, jailbreaks, etc before I'd trust the browser over Apple's app sandboxing and app review and distribution approach.
This is funny because by far the most impactful breaches of security on iOS phones have been due to the Apple components, like the messaging app that inexplicably is still written in ObjectiveC as it's ever been, or the image framework found to contain various bits of opensource code they never updated, never audited, or the various terrible magic "serialization" features.
This Apple native crud they force every app to use (up to the whole browser engine, like in the IE days!) is truly the ActiveX of our times. Only you can't even get rid of it.
Chrome and Firefox are as secure as Safari, if not more, banning them is a commercial choice not a technical one.
iOS exploits still exist, there's no real advantage in Apple sandboxing apps, they are routinely leaking users data and being exploited as well.
OTOH Apple refusing to implement certain web standards is proof that they cannot guarantee a safe implementation, which is a reason more to allow better browsers on their platform.
Microsoft thought ActiveX was a good idea because they built Internet Explorer out of OLE and COM. Everything in that era of Windows was built to be embeddable and composable - "compound documents" being the original design goal. If you needed to stick, say, a video into a web page, COM/OLE was the obvious way to do that on Windows in 1996. It's not any different from, say, early Firefox extensions being built out of XUL - in fact, I recall XUL extensions for Firefox that would literally add ActiveX support back in. It wasn't until Chrome came along where extensions didn't get to muck about with browser internals.
You can exploit in both native and browser contexts. Most jailbreaks nowadays are assisted by a native application that you dev-sign to deliberately pwn yourself with. In the past we had websites that you could use to jailbreak with. Both are sandboxed environments with significant attackable surface area, so one is not necessarily more trustworthy than the other purely on measures of exploitability.
A non-app-store web app on iPhone has been able to be full screen since initial release of Home Screen web apps. When you launch from Home Screen, it gets the whole screen.
See the Xbox Cloud Gaming "app" for instance, which is outside the App Store, just launch then "Add to Home Screen", close, and run from Home Screen.
As for what can be done with browsers, see the venerable iCab but also Kagi's Orion browser which runs Firefox and Chrome extensions, even on iOS. Yes, it's WebKit based, but so was Chrome for a long time.
Given you can run Xbox games or arbitrary extensions from other browsers, it's clear the web app and WebKit limits are less restrictive than most discussion acknowledges.
For the last few features that used to be missing, like notifications or other native hooks, notice Microsoft has the sidecar native app for iOS that handles in-game chat, LAN discovery for Xbox setup, and notifications.
To be clear you absolutely cannot run Xbox games in a web browser. The service you’re talking about is just streaming video from a remote Xbox to the phone.
You and the OP are both right about fullscreen. There is a web fullscreen API, which Apple does not support. However, PWAs strip out the browser UI so you’re effectively fullscreen. Though you can’t do anything about the status bar, nor can you lock screen orientation.
But more to the original point, none of this has anything to do with security. Apple disallowed a native Xbox streaming app because they demanded a cut of the revenue and MS wasn’t willing to give it.
I sometimes feel that some HN folks need to consider a job inside EU committees. It's probably boring work, but even if you spend 10% of your time in meetings and the remainder on a secret side project, you will be doing society a great service.
>Apple being motivated by improving security are BS, and it pains me te see people in this forum falling for it or reapeating this.
Genuinely looking for evidence of this counterpoint you're making. As the evidence for the security angle is proven. iOS takes less than 1% of malware, Android takes nearly 50%, in between we have Windows, IoT devices and even MacOS taking more malware than iOS.
So where's the data that this strategy isn't working to protect iOS devices? I want to see it.
PWAs and SPAs are awful. And to think they’re not downloading and executing code is foolish. There is no memory model for a browser. Each browser implants is sandbox however it wants.
>>Apple being motivated by improving security are BS
Their motivation is most definitely money now. Maybe not in the start though. Whatever their motives are though I’m super satisfied as a customer that they haven’t went down the android path of version calamity, an app store that I have zero trust in as an app buyer. Also tell me an android flavor the supports devices purchased 6 years ago? It’s a package deal. Having the wealth that is generated by the things that the EU has mandated will cause cuts in other areas of device support and/r&d. The option is making less profit or bumping prices to offset. In time we will see.
I think it would be great of Apple to just stop selling devices in the EU as a thanks to politicians who voted for this ill advised rule. I’d like to see how long it would take for them to roll it back because you know they would eventually buckle to the people.
To you and those of like thinking just assert your freedom of choice and go buy an android device along with the shit show it is and leave us to our relatively safe walled garden.
wait, so it wasn't money before? when they ran all those ads and did all of that 'we're the only privacy company' marketing? i guess it worked really well. when some of it was kinda just, reframing of lacking features and capabilities, and their 'closed ecosystem/walled garden' structure, as 'more secure'.
The full screen feature works fine on websites for me? Well mostly fine, it's rubbish for games in particular due to a user hostile feature that forbids rapid screen taps, insisting that you might be using an on screen keyboard and denying you the autonomy to tell Safari to please not. But ignoring that, the feature seems to exist. What am I missing?
Interesting. You say it works fine and then in the same breath you make a point to show it isn't and then choose to ignore it. What you're missing is that Safari shouldn't have that bit hard wired in.
The AppStore, in its current incarnation, almost certainly decreases security. And I mean this in a very concrete and demonstrable way. Apple on the one hand insists on touting the safety of the AppStore, and its reliance on app-review for this safety, to people (and Congress!),creating the reasonable expectation that if something has made it onto the AppStore, then it it’s gone through this stringent analysis and should be considered safe by default.
However, they then bizarrely and deliberately refuse to actually police the store, to an alarming and almost cartooninsh level. We’ve seen this time and time again: scan apps remain on the store for months despite being reported. Take just last month when fake Authenticator apps flooded the AppStore to take advantage of Twitter getting rid of mobile phone based 2FA, and not only were those apps allowed on the store, but often managed to get top recommendation.
At least on the web the expectation is that it’s the wild west and you should be careful what you install. On the AppStore it’s as if Apple has purposefully invested effort into creating the perfect mark for von artists: convincing their customers that a shark infested pool is totally safe to swim in.
And this is the undeniably bad stuff, it doesn’t even touch on the “grey area” of these disgusting children’s casino apps that dominate the AppStore, and that Apple shares the profit on to the tune of 15-30%. The incentives are all broken. Apple profits when scam apps buy ad-placement using real apps names for keywords. Apple profits from apps that convince kids to buy garbage IAP.
It would be one thing if the AppStore actually lived up to its supposed principles, at the cost of hurting competition, innovation, and the occasional frustrating developer rejection. There’s actually be a trade-off to discuss, and we’d actually be arguing about principles, and whether safety matters vs. freedom blah blah blah. Hell, as a parent, there’s versions of a well managed AppStore that I’d probably begrudgingly accept.there be a “can’t argue with the results” thinking there.
But that’s not what this is, and I’m tired of pretending toy is in arguments that defend the AppStore. It’s been 15 years, the AppStore isn’t in beta, it’s not “a work in progress”, there’s no room for arguing about its vision vs it’s “current” reality. The AppStore has shown us what it actually is: a supremely lazy and un creative business cudgel that serves neither developers nor customers, and instead serves Apple first and ironically Apple competitors and criminals second. How does it serve Apple competitors you ask? Consider that companies like Amazon are offered special AppStore rates. Little developers don’t get that, big companies do. So not only does the AppStore exhibit monopolistic behavior, it also props up other monopolies.
Also, the search sucks and it’s ugly. It feels like a free samples booth at a Costco. No one at Apple has any taste anymore. Not really relevant to the argument, but just want to point out there’s zero to be proud of in that product.
Hasn't Apple always said the reason they don't allow sideloading was that it'd be impossible without compromising security? So are they claiming their European iDevices won't be secure anymore, or are they admitting they were lying before and that the real reason was nothing but greed?
I suppose it's true in the same way that having knives in your kitchen makes it more likely that you might cut yourself. but a kitchen without knives kind of sucks so
I don't think kitchens should have knives. I want my parents to be able to eat, but with knives in the kitchen they occasionally cut their fingers and I don't want to have to deal with that. You could make it optional but before you know it they'll get knives anyway. Besides, most people eat processed food and don't want to make meals from scratch so this is only a problem for a handful of people.
Or usability of this feature would be so frustrating, that no one will use. Constant security popups on every start, very limited available API for apps, etc...
How they will do it likely is they will charge to install the App store app and assign it a CA and require it to sign the apps downloaded from that app store.
The sideloading of apps will technically be an apple approved app but enforced by another app store. To put it another way you would not be able to randomly download an unsigned app.
It's one thing to provide security in the kindergarden. It's another thing to provide security in the jail. So far Apple's track record is kindergarden security. They do have tech in place, but how that tech would resist big bad world outside the wall remains to be seen. My guess would be that there will be apps breaking the jails in the first years and 10 years later things will settle on and it'll become relatively safe to sideload untrusted apps.
Of course if one's smart enough to only download apps from reputable websites, then the only worry will be privacy issues which are probably not important for most people
Perhaps "has it ever been hacked" is not the best metric, unless you prefer to keep your devices under armed guard, encased in several meters of concrete, without an internet connection.
Even if this is small progress the headlines and framing of the story are still doublespeak. Installing applications on your computer is the normal state of things. Walled gardens and not having control of your computer is the new weird thing. The word "sideloading" is a feudal concept and it's unquestioned use is dangerous for society.
Properly stated this story title is, "Installing applications on iOS 17 might be allowed Europe" which highlights the absurdity intrinsic in the practice of users not being able to install applications on their own computers as a default.
We focus too much on criticizing language instead of ideas. IMHO, this just leads to tiresome and hollow debates. So, I’ll call that out here.
Also, your proposed rewording isn’t correct either because installing applications is already allowed. You can debate the App Store all you want, but it definitely does let you install apps.
On topic: This is silly and Apple should allow sideloading. I don’t buy the security argument because the security comes from the sandbox, not Apple’s poorly-run approval process.
I have no idea how you came to this conclusion. It's obvious that I'm criticising the idea of "sideloading" not the word. You can call it some other arrangement of letters and the concept is still very dangerous.
And in this case it is also definitely true that apple does not let you install applications without someone paying them $100+ and their continued approval. The "let" is the key here.
The issue with such a statement is that the terms can and do mean different things to different people. I probably have a similar definition of computer and application as you, but many people, maybe the majority, may not.
For one thing they might think of a phone as a fundamentally different thing from a 'computer' with a different role. In fact I strongly suspect this is the majority view.
Within that people probably think of an 'application' as fundamentally a pre-screened, pre-approved, piece of software to enable some function specifically on the phone and within the phone's ecosystem. Not as any arbitrary piece of software. In fact that might all be seen as a feature, not a limitation, in the majority of people's eyes. Again I strongly suspect that is the case.
I used to think the same way, but not anymore. The amount and variety of attacks on the devices have increased too much in the last years. The device could be encrypted, money could be stolen, some malware could sit silently and do surveillance for who knows.
I always wanted to install software on my iPhone without the manufacturing company deciding what I can and can not have (according to californian standards!), but would I let my kids do that nowadays? No way! Stay on the app stores, also on Windows and MacOS is the first line of defense. It‘s sad but the safest approach.
Regular users don‘t need to install software on their own anymore, the same as they don‘t need to put processors, storage and Monitors together or install a sound card.
The App Store is a poor line of defense, because it isn't about user security, it's about securing Apple's billion dollar app distribution monopoly moneyhose. User security is just a rhetorical afterthought.
When we forgo real system safety in favor of gatekeeping corporate revenue, that isn't security. In fact, such a scheme is responsible for mass distribution of malware. Apple's App Store is responsible for distributing over half a billion copies of Xcodeghost to iPhone and iPad users[1], and that's just one piece of malware.
So take five minutes to set up the parental controls on your children's devices. The idea that we should eliminate the ability to run arbitrary software "for the children" is completely ridiculous.
And how exactly the AppStore prevents it? By using the OSs sandbox, which will apply the exact same way to user installed programs — you won’t suddenly run as root.
AppStore checking is waaay overhyped as anything meaningful.
I used to think that way, but then I realized the Android/iOS stores are absolute cesspools. I would not trust young kids on there either.
Others are right, sandboxing is the real saving grace (and only if apps dont ask for a bajillion permissions which users will just click through so it will work). Apple is slowly trying to isolate apps even more, like they were in the early iOS days.
I used to think like you, but not anymore. I am not interested in installing random software from other people, I want to install my own software to be able to have full control over my own device.
I don't care about 'regular users'. I care about myself.
> Regular users don‘t need to install software on their own anymore, the same as they don‘t need to put processors, storage and Monitors together or install a sound card.
From a personal-computer-user point of view, installing an app from any source is normal.
For pre-iPhone cellphone users, your cellphone network operator controlled access to what apps were available for installation. This is was the most common, if not the only, method for cellphone app distribution. App makers (mostly java games) paid to get on that first page of downloadable apps. I'd add some references but Google seems to have amnesia about anything cellphone app distribution pre-iPhone.
Apple didn't have an app store initially. How Apple convinced cellphone network operators to cede app approval/control, I don't know. Perhaps it was "apple's way - take it or leave it".
On most pre-iPhone cellphones you could install any .jar file, but there were 2 challenges:
Finding a .jar file that works on your phone was the biggest. Games often only supported a single screen resolution and so there were multiple .jar files for each game and you had to find the right one for your phone. Also sometimes even if you had the right screen resolution the .jar just crashed when you started it without any clue as to what's wrong (probably they needed more RAM or some platform specific code, but I was in high school back then so I didn't know much more about it)
In the early days, there was also the issue of how to get that .jar file to your phone. I distinctly remember old Nokia phones could download them through WAP (which was paid) or receive them through IrDA/Bluetooth, but themselves couldn't send applications through IrDA/Bluetooth (I think Sony Ericssons were the ones which could also send them....), This issue was later solved by microSD cards and USB cable transfers from PC.
It was the most common, but not the only method.
You could (at least on Nokia phones) go to any wap site and download a .jad/.jar straight to your phone.
I did that a lot on my series 30 (3510i).
I think other manufacturers allowed that as well, but I could only use the "free wap browsing trick" on Nokia phones, so I never explored that.
Pre-iPhone phones, for example Nokia phones with Symbian on it, did allow you to install applications. I remember when I was in middle school with a Nokia N70 exchanging games with Bluetooth with my friends. Who had internet at home (that was only a bunch of people) did download games from forums and then send to everyone else, as well as music and videos. Same for other models of cellphones, they all had some sort of application format.
Then the first Android devices arrived, with the Android Market (long before Google Play) that did allow you to download apps. But most people again maybe they didn't have internet, or more simply wanted pay apps but didn't want to pay for them, just exchanged .apk like it was the norm. (Pirating by the way was much more present than these days, for example I don't recall a single person having a PlayStation without the modchip, and burned PS1/PS2 games where the norm).
It's only with the arrival of the iPhone that this was no longer possible. In fact I recall that the criticism of the first iPhones, till the iPhone 4, was that it was an overpriced device and that it did lack of the possibility to install applications and exchange files with bluetooth, like everyone was used to do. The iPhone was a niche product that was not diffused (when I was at high school I recall maybe 1/2 people having iPhones, all other one Android devices).
The thing on cellphone operators is maybe an US specific thing, I don't recall having anything like that in Europe, more specifically in Italy. Quite frankly till 10 years ago using the cellphone network for internet was unthinkable, because the prices where so high. Then arrived the contract that give you 100Gb of data a month for 10 euros, but back in the day internet was expensive, to the fact that just by pressing the internet button on a phone it did consume all your credit. This is probably also the reason why WhatsApp become so popular (you could chat with your home internet connection that now everyone had without consuming expensive SMS)
Personal computers really are the exception which proves the rule. Whether it’s the software in your TV, your pre-smart phone, your car, or your game console, locked down has always been the norm.
That is a good way of looking at it. What's missing is a catchy name to debase store-based installation similar to what was done through "sideloading". Perhaps "lord-loading", "begstalling", "babybiting", etc.
Even on Windows if I send an EXE or MSI of my software to someone they get a scary security warning that prevents them from running it. The only guaranteed way around that is to be a big company (or a big open-source project).
If security really mattered, every OS would run applications in a proper sandbox, but why bother with that when you can just point your Web browser at a program running on someone else's server? Oh, but consent to these tracking cookies first.
>If security really mattered, every OS would run applications in a proper sandbox,
these OSes were designed decades ago, before we really had a good grasp on security. there were other significant concerns as well, such as performance
also, modern OS toolkits, such as on macos and windows 11, are moving towards a permission and API model that will allow sandboxing. In fact, macos is moving quite quickly towards this.
And lastly, there is a widely deployed OS that runs all applications in a proper sandbox: chromeos
I think it's understood at this point by everyone in the industry that sandboxing is the future, but it's taking a while to get there.
Code signing and associated warnings are significantly different from fully prohibiting the execution of unapproved code, I'm not sure why people struggle with the distinction. Windows has been doing this mostly the same way for literal decades.
iOS has a full sandbox which would apply even to "side loaded" applications, which makes the arbitrary constraint even more ridiculous as a "for your own good" measure.
Fun fact: This is the reason google pivoted to the web, after being blocked as an alternative office suite on Windows.
They realized that they need to change the platform for distribution, and hence this is why the web (post-chromium) is now what it is...with all its absurd redundancies of APIs and bloat.
Only because Microsoft can't keep their shit together.
Apple is more complicated, because despite the absolute control they've established (no other browser engine / JIT compiler process allowed for whatever made up reasons) they did not face the European courts that forced Microsoft for the exact same thing to allow to install other Browsers.
And now we are stuck with Safari, repeating the loop, because Apple can't keep their shit together.
If you hate cookies you’re going to be posted when you find out what’s happening in native apps. It’s an order of magnitude worse they just don’t have to ask or inform you first
That is assuming Smartphone is a computer. Not agreeing or disagreeing, but the point is people have different interpretation. Some think it is an Appliance.
Sad that it has to come to this messy stage where the law has to be enforced. But then Apple isn't the same Steve Jobs Apple.
>Installing applications on your computer is the normal state of things.
It really wasn't. It wasn't normal to install arbitrary applications on the computers in your fridge, dishwasher, game consoles, flip phones, washing machines, etc. Platforms have varied over time in how open they are to having other people developing for them. iOS is an example of a more closed platform and has shown that closed platforms can be successful. You can see Windows as a more open platform in comparison which was also successful. How open a platform is comes with different trade offs.
The question is which of these is a general purpose computer and which isn't. IMHO if what people tend to do on a platform is the same as what they do on a PC then that platform should also be forced to be a general-purposed computer and allow (in some roundabout way) arbitrary application installation.
For example, a smartphone replaces a PC for a lot of people. I even know some people in their 20s that don't own a "normal" laptop/desktop and they do most of their general purpose computing on their phones. In the meantime, nobody uses a Nintendo Switch or their dishwasher to do a quick edit of an excel sheet or access their bank account even if they are technically capable of doing so.
Installing whatever you want on your computer is not necessarily the natural state; it’s not even how the industry started and it’s not how any other industry or devices work.
I also prefer to be able to do whatever I want with my own devices, but pretending like it’s an inalienable right, or a natural state, or has no disadvantages is disingenuous and not helpful to the debate.
Of course it's the natural state and an inalienable right to modify or do with the things you own in the way you see fit.
When was the last time you asked the builders association if you could remodel your kitchen?
When was the last time you asked Honda if you could put new mags on your car?
This whole idea that devices aren't owned when you purchase them is asinine and and insult to humanity.
Your counter arguments that it's new in the industry is simply due to the fact they thought they could get away with it. Not because they thought it was their right.
You don't see Klein putting limits on what nails you can use with a hammer but you can bet your ass they would if they could.
> I also prefer to be able to do whatever I want with my own devices, but pretending like it’s an inalienable right, or a natural state, or has no disadvantages is disingenuous and not helpful to the debate.
I think Apple has also done good things with their strict app store policies (from my consumer point of view).
Apple has been for example putting limits on data collection and tracking. The main mechanism is to kick apps out from Apps store if they don't play by the rules.
I'm worried that side loading will be a step back here. Strong players, like Facebook, may just take their app away from the official store and distribute it through other ways. With their strong position I don't have much choice - it's not like there would be five competing apps serving the same purpose (connecting to the people and communities on Facebook).
The prime example is that apple gives apps unfettered access to network connections. And YOU are unable to block this in any meaningful way.
What apple doesn't give you is the ability to manage your own phone. You cannot really manage what apps are doing yourself. You cannot even find out what apps are doing. And you definitely will not be able to manage apple apps, they get a free pass in all ways.
But yes, if there's a sideloaded facebook app, or a facebook store, you will be given more rope to do with as you want.
It shows you per application what data they are accessing, which sensors they are accessing and which domains the app is contacting. It also reports when they were doing this and how often. You can even export this data as a JSON file.
Actually privacy relay is currently in public beta as a part of Apple iCloud subscriptions plans.
Unless I got it wrong when enabled it reroute all Apps trafic through this "limited VPN" to prevent tracking and access to local network.
Apps that require access to local network must ask that permission explicitly. Streaming service (Netflix, Disney+,etc) do that for obvious performance gain. I noticed Microsoft Teams did it also (and I just revoked that thanks to this thread, it's a work app I better keep that out of my home local network).
Defenders of Apple's policies always say you can just use other tech if you don't agree with them. The same principle applies here. If an app requires you to use a third party app store and you don't like it then choose another app.
If you feel compelled to use a product with policies you don't agree with then now you understand how many of us feel about iOS.
But there's no push, you can literally ignore Apple's existence and use none of their products and you'll have no care in the world. Apple's network effect is basically zero. There's always one Android user in the friend group that spoils iMessage and FaceTime so we have to use something else anyway.
If you mean you feel compelled to sell in their store which requires a laptop, a business relationship with Apple, and realistically a phone because emulator only sucks then that's a business decision if the juice is worth the squeeze.
I hope I don't come across as snarky -- I am genuinely curious -- but why don't you have a choice? Are you unable to contact friends, family, etc. any other way outside of FB? The phrasing seems so strong, I am second guessing if I am just privileged/lucky (location, friend/family circumstances, etc?) to be off of social media but still have friends and family that I stay connected to.
I would normally agree with you, but a friend of mine is an immigrant from a south east Asian nation and the only way to easily communicate is through Facebook with the family there. It’s like saying, sure we can take away your phone and you can still write letters, but at some point communication is also about convenience.
Here is an example: we are invited to my kid’s friend’s birthday. They manage the event on facebook. They had to change location and time couple of times already. We don’t want to miss it and alternatives to facebook just aren’t any better. Sometimes it’s just convenient.
Apple will make it annoying enough to sideload that no meaningful amount of users will do it, causing it to be largely irrelevant.
It’s only worth it to app makers to have side loading if they can do it for large numbers of users, bypass the app store’s rules, and bypass apple’s take. I’m expecting apple to set it up in a way they can do none of those things, by making it cumbersome to sideload, not giving entitlements to apps not published through the store, and by taking a cut for sales from sideloaded apps.
You know who's really putting limits on data collecting? F-Droid.
If that's actually your argument, that's what you should use. It's quite practical.
> Strong players, like Facebook, may just take their app away from the official
That argument really has to explain why this has not happened on every other operating system under the sun, including Android. They all suffer pretty strong monopolistic network effects.
> I don't have much choice - it's not like there would be five competing apps serving the same purpose (connecting to the people and communities on Facebook).
The same legislation that is requiring Apple to allow sideloading also requires other large players (like Meta) to open their communication platforms up to other service or application developers.
In this hypothetical case, there actually would be five competing apps, some even still distributed on the App Store.
Every jailbreak ever has been on the magical secure "app store", too. It is really weird that people on here of all places believe in this garbage performative "app phrenology" they are doing over there.
> Strong players, like Facebook, may just take their app away from the official store and distribute it through other ways. With their strong position I don't have much choice - it's not like there would be five competing apps serving the same purpose (connecting to the people and communities on Facebook).
iPhone is THE hottest device on the planet, I can’t believe anyone can seriously consider Facebook challenging its position.
> I think Apple has also done good things with their strict app store policies
Apple could have hidden the settings to enable it behind two levels of menu settings and anyone like you would never get to it. The only reason they have "strict" policies, as has been shown over and over again, is for their commercial benefit.
> Apple has been for example putting limits on data collection and tracking.
I want to be tracked by apps, because it leads to better ads for products that I am actually looking for (than some random garbage that I don't care about)... and better usability in general. Apple put those rules in place so that their ad business has the edge over competitors. If Apple was running in a country that was not corrupt, this would be seen as anti-competitive and they would be sued.
> Strong players, like Facebook, may just take their app away from the official store and distribute it through other ways.
And? If you want clear rules on tracking, go talk to your politician. Apple is blocking competitors from tracking users while it has access to all of users data and uses it for their $5 billion revenue business.
Sideloading should be mandatory and opt-in. Arguing that it should be closed is basically people wanting to control other people's computers (even though that is a popular opinion in this "hacker" forum).
It's going to be interesting when some sideloaded app starts becoming popular and e.g. americans miss out on it. I can already imagine a lot of AI and nsfw stuff in that category
Readit News
The EU has squeezed telcoms on roaming charges which created a lot of howling. The EU also has rather strict regulation concerning gas use of cars, ICE emissions and so on, probably second only to California. The EU approach to food and pharma security is fundamentally different to that of the USA, and it impacts EU companies. Regulations around green GMOs are so strict they basically killed the European market for GMOs.
Apple made their app store incredibly restrictive and took a massive cut of any profits that anyone was making. Not just app sales, any profits. (This happened to hey.com, they wanted a cut of the subscription that users were getting outside of their app). Sometimes apple would just outright steal developer's apps by making their own version, then blocking the original developers by claiming that they were making rip offs of Apple's apps (you'll find a few stories of that happening here on HN).
Then to really rub salt in the wound, they started telling developers in essence: "If you don't like the way we run our app store then you can always make a web app", despite the fact that they had purposefully hampered web functionality on their devices to force developers to use the app store.
It's really strange how their browser only started getting better all of a sudden when they were getting sued for their anticompetitive behaviour and the EU said they were drafting up legislation to break their monopoly.
It is directly due to the efforts of the EU that Apple has been dragged kicking and screaming to add functionality to their own ecosystem that is objectively demonstrably superior to what was available before.
Deleted Comment
[1] https://assistance.orange.fr/objets-connectes/installer-et-u...
I’d argue that in theory, new upstarts ought to be able to enter the market and satisfy the demand if it exists. However, in many fields, there are substantial barriers to entry that prevent this. For instance, in the auto industry, it takes huge amounts of capital to reach the necessary scale, gain enough experience and reputation, etc., to be able to compete with existing companies. Similarly, it would be a monumental engineering effort to produce “iPhone with USB-C” due to the amount of intellectual property, goodwill, Silicon deals, integrations, etc., that Apple provides. It would be impossible, really, due to iMessage and FaceTime being proprietary. There could be new cable providers that don’t run ads, but they wouldn’t be able to compete on cost, and they would have trouble dealing with the regulatory environment for infrastructure, striking deals with networks, etc.
Banning companies from engaging in practices that benefit them once they become sufficiently adversarial to consumers isn’t a scalable solution. There are many instances of this across many industries; regulating them all would be like playing Whack-A-Mike. It also provides no recourse to the group of market participants who don’t care if their phone has Lightning or USB-C, and probably prefer Lightning since they already have a charger. It also leaves less room for innovation since companies will have to comply with standards, possibly preventing superior technology from being developed (that’s how we got Lightning to begin with).
I’d love to hear other/better solutions. I’ll throw one idea/observation out myself. A lot of these misalignments are because providing a better consumer experience today reduces the likelihood they will be a customer tomorrow. Either they will leverage the lower switching cost to switch, or they will be more loyal but purchase less in the future due to the increased quality. What’s a way to manipulate company economics to favor shorter-term views of the company, and disregard higher-growth plans? Higher interest rates. Maybe a higher interest rate environment could mitigate some of these issues by ensuring companies care about the business they have today, more than the one that they could have tomorrow.
It's been a decade since a new port (lightning was 2012, usb-c is 2014). So apparently, they are doing pretty well!
I think my answer here would "enjoy the next decade of benefits and worry about it then?"
Similar to the switch from microUSB-B to USB-C. Budget phones kept using the cheap option for awhile, but eventually costs came down and people settled into the new standard.
Not sure how it's done in the EU, but their legislature could delegate authority to make such decisions to an executive agency if the process of passing an amendment or new law is too slow.
At a certain scale of adoption/societal impact, having a common set of agreed standards is much more important than fragmented "innovation". I would argue having a general and common way to charge devices qualifies for that level of importance. The incentive on Apple's side to stay off of USB-C can only be one of profit driven customer hostile design... as there's really zero technical or otherwise reason to have stayed on lightning this long.
One of the biggest annoyances in my daily life is having to swap back and forth between USB-C and lightning cables. These lightning cables being sold today are effectively trash to be thrown away in a year or two. Completely unnecessary, and hard to have any respect for the intelligence of people who defend it. There is no slippery slope here. If Apple wants to build a next gen port, then they do it alongside other industry players rather than monopolizing the technology so they can charge 10x markup on cables/accessories/licensing... which imparts zero benefit to the consumer.
But somehow we have decided that small computers (aka phones) must only have 1 port.
Also moving a eSIM from iOS device to non-iOS device (for example to plug into my secondary Android) is a massive PITA. I always have to re-issue the SIM which I often can't do and need to jumps through customer support queries and hoops. My current provider back home doesn't even give me the option to do it while abroad and support told me to come back for a day, then finish the eSIM reissuing application, so I'm stuck with the physical SIM anyway.
eSIMs will be great one day, but that day is not now. I much rather pop the SIM out of phone 1 and move it into phone 2, or iPad when I want, than wait hours (or sometimes days) to get a new eSIM approved, and repeat that process every single time I want to move a connection to another device
what's the migration process for eSIMs?
I couldn't imagine them jumping on the esim train in any useful way in the near term.
https://support.apple.com/en-hk/HT209086
Personally I'd love for eSIM to be there in ADDITION but not replacing the nano SIMs.
Now? People can switch carriers while in their living room. Takes a matter of minutes. Absolutely frictionless.
(Distributing software is not always easy, as game companies that have 100GB game downloads on launch day will tell you. But, for most apps, it will be easy enough.)
Dead Comment
> In addition, developers may have to pay extra if they want their apps to be available outside of the iOS App Store, Gurman says.
The statement is a bit ambiguous. Is it pay Apple extra or pay extra to the 3rd party to have their app listed in the 3rd party app store?
The former doesn't sound right; It is probably FUD.
Logically, a 3rd party app store could compete on significantly reduced fees relative to Apple (as one of the strategies). Those conscious of the quantum of current fees then have options of listing their app on both the Apple app store and the 3rd party store as part of their distribution strategy. Customers who trust the Apple appstore would get their app from there and those who like a 3rd party app store would get it from there. The app developer would have reduced their total fees (for distribution). Even if there are signup fees, the share of revenues that Apple is today taking away from the developer would go down in absolute terms with a 3rd party store.
As far as the consumer is concerned, this becomes an OS setting like 'default browser/default text editor etc.,'.
Apple sticking to only the Apple App Store stance is only raising the cost for consumers. Consumers in other geographies will also wake up. Eventually.
Or, it might mean Apple will charge higher rates for apps that are also available on other app stores? Not sure if that's entirely legal, but since when have pesky things like the law stopped companies as big as Apple?
If I release my next version update and post it to just the 3rd party app store, I could then theoretically move the 120k customers to download the update from the 3rd party store and then save $72k/mo.
That is what Apple is afraid of. I think.
I guarantee you Apple will find a way to still make the same money.
Just like how in the Netherlands dating apps don't have to use IAP, but the apps need to pay Apple a 28% royalty on all in app purchases that don't go through them.
Thanks, really interesting
How I read this is that they are basically creating a 3rd category of apps. Up until now you could sideload apps on an iPhone via an enterprise cert (though it carries some major restrictions that would make it unsuitable for general distribution). With this they are likely creating something like that enterprise cert but for all app developers.
I don't see a problem with that.
If a producer grants exclusive distribution rights to a seller, the typical consequence is that the seller gives the producer a greater profit share in return.
On ending those terms, the seller may rightfully reduce the profit share, in my opinion.
I don't get why anyone should be paying Apple a rent for using a 3rd party app store (lets say exclusively).
As a hypothetical, lets say Epic Games or Steam launches an Alt App Store for games that can be installed on ios. Why does any gamedev using those stores have to pay Apple any transaction fee?
Just doesn't make any sense and would just be rent-seeking on Apple's part.
There is a great tool to increase security: the browser and its sandbox. You don't need to install anything fishy on your phone, and the sandbox rights coukd be sufficient for many apps.
But as an example, Apple denies the full screen feature for websites and even PWA... only installed ones. There's no good reason except favoring apps/appstore. For security? Works great on Android.
And you cannot use a third party browser, since they forbid that (all are Safari based)
Thank you, EU!!
It's the same with privacy. Forcing app publishers to state what user data is being sucked out of their phones was just a poor PR stunt.
Nothing has changed. Applications still require payments in form of contact lists (which is more or less illegal in Europe if you don't have permission of all people in your address book to share their names and phone numbers), disguised as helping users check if their friends are using a service, or to even allow user to use some app functionality.
Unimaginative accountant that currently leads Apple on one hand bullshits public opinion when disallowing Facebook to steal data from users' devices and, on the other hand, after blocking Zuckerberg's ability to do so, he disgracefully used children protection to announce that Apple will now inspect users' data under the pretense of looking for child porn.
Apple users are being deprived of OS control with most of updates and it's always done under the untruthful pretense of increasing security or protecting users' privacy.
When this little man finally pushes ads to core macOS, he'll state that it's to help users.
> Nothing has changed. Applications still require payments in form of contact lists
This is actually proof that users don’t make good choices when it comes to privacy and security even when they have the necessary information.
What? It seems like you were trying to make a coherent argument but a list of contacts is in no way comparable to a paid subscription. Microsoft doesn't allow you to buy O365 with your contacts, do they?
[source needed] as GDPR doesn't apply to private individuals and private databases
I think this has turned out to be the current barrier in preventing Google from completing taking over the web standards space.
And then when they do implement similar browser standards, they don't follow any web standards, they instead make their own proprietary bespoke web standard for Safari[1].
And they also did other fun things like wait until nearly 2021 to support WebP and let Safari be the the #1 source of one-click exploits on iOS.
It's weird to see Safari trotted out in defense of web standards of all things.
[1] https://developer.apple.com/notifications/safari-push-notifi...
"I used the monopoly to destroy the monopoly."
Actually I believe you're wrong: if people actually preferred Apple's way of doing it, Apple would have no reason to restrict other ways.
They restrict it because people prefer the other way, and that would harm Apple's profits.
Gaming on mobile friggen sucks and that is primarily because Apple wants to retain control and the biggest piece of the pie.
Gaming in mobile browsers, in 2023, should be as easily accessible as it were in desktop browser in the Flash days. Apple just won’t come to the table to facilitate a decent gaming experience in Safari.
Let’s also not forget Steve Jobs was all for web standards in his letter against Flash. Apple should make good on what was promised in that letter instead of dragging their feet.
https://newslang.ch/wp-content/uploads/2022/06/Thoughts-on-F...
On the other side, if users want standard UI and that's a factor in adoption, wouldn't people making PWAs then just make the apps in such a way - there's nothing stopping them, and there's no lack of UI libraries enabling that.
It should be my choice
It doesn't need Apple to white Knight on behalf of their poor, dim, uninformed users.
Because they're not.
UX isn’t half bad either. It actually feels pretty native most of the time.
To this day the browser is still a second-tier experience to native apps. But that's fine, because anything you get from the macOS and iOS app stores are sandboxed too. So are non-App Store apps on macOS that choose to run in sandbox.
I'm not sure how they are motivated but in a report Apple cited:
>In Nokia’s 2021 threat intelligence report, Android devices made up 50.31% of all infected devices, followed by Windows devices at 23.1%, and macOS devices at 9.2%. iOS devices made up a percentage so small as to not even be singled out, being instead bucketed into “other”.
I personally use iOS and got it for my mum and aunt etc as it seems to suffer much less from malware in normal usage. I'm not sure if there is any evidence to the contrary?
A lot of viruses (and jailbreaks on iOS amongst others) are distributed via this browser / sandbox; it's only secure in theory and it took decades to get to that point.
Sure (before the Rust evangelists swoop in), part of that was due to using unsafe languages; part was due to extension frameworks that had too much power (ActiveX, which was even used to update your operating system, I can't fathom why they thought that was a good idea). But it'll take many more years of zero incidents, jailbreaks, etc before I'd trust the browser over Apple's app sandboxing and app review and distribution approach.
This Apple native crud they force every app to use (up to the whole browser engine, like in the IE days!) is truly the ActiveX of our times. Only you can't even get rid of it.
Chrome and Firefox are as secure as Safari, if not more, banning them is a commercial choice not a technical one.
iOS exploits still exist, there's no real advantage in Apple sandboxing apps, they are routinely leaking users data and being exploited as well.
OTOH Apple refusing to implement certain web standards is proof that they cannot guarantee a safe implementation, which is a reason more to allow better browsers on their platform.
You can exploit in both native and browser contexts. Most jailbreaks nowadays are assisted by a native application that you dev-sign to deliberately pwn yourself with. In the past we had websites that you could use to jailbreak with. Both are sandboxed environments with significant attackable surface area, so one is not necessarily more trustworthy than the other purely on measures of exploitability.
See the Xbox Cloud Gaming "app" for instance, which is outside the App Store, just launch then "Add to Home Screen", close, and run from Home Screen.
https://www.xbox.com/en-us/play
As for what can be done with browsers, see the venerable iCab but also Kagi's Orion browser which runs Firefox and Chrome extensions, even on iOS. Yes, it's WebKit based, but so was Chrome for a long time.
https://help.kagi.com/orion/browser-extensions/macos-extensi...
Given you can run Xbox games or arbitrary extensions from other browsers, it's clear the web app and WebKit limits are less restrictive than most discussion acknowledges.
For the last few features that used to be missing, like notifications or other native hooks, notice Microsoft has the sidecar native app for iOS that handles in-game chat, LAN discovery for Xbox setup, and notifications.
You and the OP are both right about fullscreen. There is a web fullscreen API, which Apple does not support. However, PWAs strip out the browser UI so you’re effectively fullscreen. Though you can’t do anything about the status bar, nor can you lock screen orientation.
But more to the original point, none of this has anything to do with security. Apple disallowed a native Xbox streaming app because they demanded a cut of the revenue and MS wasn’t willing to give it.
Dead Comment
Genuinely looking for evidence of this counterpoint you're making. As the evidence for the security angle is proven. iOS takes less than 1% of malware, Android takes nearly 50%, in between we have Windows, IoT devices and even MacOS taking more malware than iOS.
So where's the data that this strategy isn't working to protect iOS devices? I want to see it.
I think this plan will move forward because of consumer protections afforded in the EU (ie including sideloaded apps) not available elsewhere.
Their motivation is most definitely money now. Maybe not in the start though. Whatever their motives are though I’m super satisfied as a customer that they haven’t went down the android path of version calamity, an app store that I have zero trust in as an app buyer. Also tell me an android flavor the supports devices purchased 6 years ago? It’s a package deal. Having the wealth that is generated by the things that the EU has mandated will cause cuts in other areas of device support and/r&d. The option is making less profit or bumping prices to offset. In time we will see.
I think it would be great of Apple to just stop selling devices in the EU as a thanks to politicians who voted for this ill advised rule. I’d like to see how long it would take for them to roll it back because you know they would eventually buckle to the people.
To you and those of like thinking just assert your freedom of choice and go buy an android device along with the shit show it is and leave us to our relatively safe walled garden.
wait, so it wasn't money before? when they ran all those ads and did all of that 'we're the only privacy company' marketing? i guess it worked really well. when some of it was kinda just, reframing of lacking features and capabilities, and their 'closed ecosystem/walled garden' structure, as 'more secure'.
However, they then bizarrely and deliberately refuse to actually police the store, to an alarming and almost cartooninsh level. We’ve seen this time and time again: scan apps remain on the store for months despite being reported. Take just last month when fake Authenticator apps flooded the AppStore to take advantage of Twitter getting rid of mobile phone based 2FA, and not only were those apps allowed on the store, but often managed to get top recommendation.
At least on the web the expectation is that it’s the wild west and you should be careful what you install. On the AppStore it’s as if Apple has purposefully invested effort into creating the perfect mark for von artists: convincing their customers that a shark infested pool is totally safe to swim in.
And this is the undeniably bad stuff, it doesn’t even touch on the “grey area” of these disgusting children’s casino apps that dominate the AppStore, and that Apple shares the profit on to the tune of 15-30%. The incentives are all broken. Apple profits when scam apps buy ad-placement using real apps names for keywords. Apple profits from apps that convince kids to buy garbage IAP.
It would be one thing if the AppStore actually lived up to its supposed principles, at the cost of hurting competition, innovation, and the occasional frustrating developer rejection. There’s actually be a trade-off to discuss, and we’d actually be arguing about principles, and whether safety matters vs. freedom blah blah blah. Hell, as a parent, there’s versions of a well managed AppStore that I’d probably begrudgingly accept.there be a “can’t argue with the results” thinking there.
But that’s not what this is, and I’m tired of pretending toy is in arguments that defend the AppStore. It’s been 15 years, the AppStore isn’t in beta, it’s not “a work in progress”, there’s no room for arguing about its vision vs it’s “current” reality. The AppStore has shown us what it actually is: a supremely lazy and un creative business cudgel that serves neither developers nor customers, and instead serves Apple first and ironically Apple competitors and criminals second. How does it serve Apple competitors you ask? Consider that companies like Amazon are offered special AppStore rates. Little developers don’t get that, big companies do. So not only does the AppStore exhibit monopolistic behavior, it also props up other monopolies.
Also, the search sucks and it’s ugly. It feels like a free samples booth at a Costco. No one at Apple has any taste anymore. Not really relevant to the argument, but just want to point out there’s zero to be proud of in that product.
(yes yes this is satire)
The sideloading of apps will technically be an apple approved app but enforced by another app store. To put it another way you would not be able to randomly download an unsigned app.
https://nordvpn.com/blog/ios-vs-android-security/
Of course if one's smart enough to only download apps from reputable websites, then the only worry will be privacy issues which are probably not important for most people
Deleted Comment
Dead Comment
IMO, https://zerodium.com/program.html is a good indication of "what would it cost to hack me using a never-before-seen exploit".
Properly stated this story title is, "Installing applications on iOS 17 might be allowed Europe" which highlights the absurdity intrinsic in the practice of users not being able to install applications on their own computers as a default.
Also, your proposed rewording isn’t correct either because installing applications is already allowed. You can debate the App Store all you want, but it definitely does let you install apps.
On topic: This is silly and Apple should allow sideloading. I don’t buy the security argument because the security comes from the sandbox, not Apple’s poorly-run approval process.
I have no idea how you came to this conclusion. It's obvious that I'm criticising the idea of "sideloading" not the word. You can call it some other arrangement of letters and the concept is still very dangerous.
And in this case it is also definitely true that apple does not let you install applications without someone paying them $100+ and their continued approval. The "let" is the key here.
For one thing they might think of a phone as a fundamentally different thing from a 'computer' with a different role. In fact I strongly suspect this is the majority view.
Within that people probably think of an 'application' as fundamentally a pre-screened, pre-approved, piece of software to enable some function specifically on the phone and within the phone's ecosystem. Not as any arbitrary piece of software. In fact that might all be seen as a feature, not a limitation, in the majority of people's eyes. Again I strongly suspect that is the case.
When we forgo real system safety in favor of gatekeeping corporate revenue, that isn't security. In fact, such a scheme is responsible for mass distribution of malware. Apple's App Store is responsible for distributing over half a billion copies of Xcodeghost to iPhone and iPad users[1], and that's just one piece of malware.
[1] https://www.vice.com/en/article/n7bbmz/the-fortnite-trial-is...
It's trivial to get something past app review (eg. look at casino apps that were disguised as games)
On the Mac, staying on the Mac App Store makes sense because it is the easiest way to enforce you only install sandboxed apps.
On iOS, that's not going to be necessary, because every app on iOS is sandboxed.
AppStore checking is waaay overhyped as anything meaningful.
Others are right, sandboxing is the real saving grace (and only if apps dont ask for a bajillion permissions which users will just click through so it will work). Apple is slowly trying to isolate apps even more, like they were in the early iOS days.
I don't care about 'regular users'. I care about myself.
This is pure nonsense... giving user more choices is never a bad thing.
Uhuh, sure.
"Shut your mouth, pay and be happy"
For pre-iPhone cellphone users, your cellphone network operator controlled access to what apps were available for installation. This is was the most common, if not the only, method for cellphone app distribution. App makers (mostly java games) paid to get on that first page of downloadable apps. I'd add some references but Google seems to have amnesia about anything cellphone app distribution pre-iPhone.
Apple didn't have an app store initially. How Apple convinced cellphone network operators to cede app approval/control, I don't know. Perhaps it was "apple's way - take it or leave it".
Finding a .jar file that works on your phone was the biggest. Games often only supported a single screen resolution and so there were multiple .jar files for each game and you had to find the right one for your phone. Also sometimes even if you had the right screen resolution the .jar just crashed when you started it without any clue as to what's wrong (probably they needed more RAM or some platform specific code, but I was in high school back then so I didn't know much more about it)
In the early days, there was also the issue of how to get that .jar file to your phone. I distinctly remember old Nokia phones could download them through WAP (which was paid) or receive them through IrDA/Bluetooth, but themselves couldn't send applications through IrDA/Bluetooth (I think Sony Ericssons were the ones which could also send them....), This issue was later solved by microSD cards and USB cable transfers from PC.
I think other manufacturers allowed that as well, but I could only use the "free wap browsing trick" on Nokia phones, so I never explored that.
Then the first Android devices arrived, with the Android Market (long before Google Play) that did allow you to download apps. But most people again maybe they didn't have internet, or more simply wanted pay apps but didn't want to pay for them, just exchanged .apk like it was the norm. (Pirating by the way was much more present than these days, for example I don't recall a single person having a PlayStation without the modchip, and burned PS1/PS2 games where the norm).
It's only with the arrival of the iPhone that this was no longer possible. In fact I recall that the criticism of the first iPhones, till the iPhone 4, was that it was an overpriced device and that it did lack of the possibility to install applications and exchange files with bluetooth, like everyone was used to do. The iPhone was a niche product that was not diffused (when I was at high school I recall maybe 1/2 people having iPhones, all other one Android devices).
The thing on cellphone operators is maybe an US specific thing, I don't recall having anything like that in Europe, more specifically in Italy. Quite frankly till 10 years ago using the cellphone network for internet was unthinkable, because the prices where so high. Then arrived the contract that give you 100Gb of data a month for 10 euros, but back in the day internet was expensive, to the fact that just by pressing the internet button on a phone it did consume all your credit. This is probably also the reason why WhatsApp become so popular (you could chat with your home internet connection that now everyone had without consuming expensive SMS)
If security really mattered, every OS would run applications in a proper sandbox, but why bother with that when you can just point your Web browser at a program running on someone else's server? Oh, but consent to these tracking cookies first.
The huge difference is that's only a warning, and not a cryptographically locked-down system unlike Apple's.
these OSes were designed decades ago, before we really had a good grasp on security. there were other significant concerns as well, such as performance
also, modern OS toolkits, such as on macos and windows 11, are moving towards a permission and API model that will allow sandboxing. In fact, macos is moving quite quickly towards this.
And lastly, there is a widely deployed OS that runs all applications in a proper sandbox: chromeos
I think it's understood at this point by everyone in the industry that sandboxing is the future, but it's taking a while to get there.
iOS has a full sandbox which would apply even to "side loaded" applications, which makes the arbitrary constraint even more ridiculous as a "for your own good" measure.
They realized that they need to change the platform for distribution, and hence this is why the web (post-chromium) is now what it is...with all its absurd redundancies of APIs and bloat.
Only because Microsoft can't keep their shit together.
Apple is more complicated, because despite the absolute control they've established (no other browser engine / JIT compiler process allowed for whatever made up reasons) they did not face the European courts that forced Microsoft for the exact same thing to allow to install other Browsers.
And now we are stuck with Safari, repeating the loop, because Apple can't keep their shit together.
Sad that it has to come to this messy stage where the law has to be enforced. But then Apple isn't the same Steve Jobs Apple.
Dead Comment
It really wasn't. It wasn't normal to install arbitrary applications on the computers in your fridge, dishwasher, game consoles, flip phones, washing machines, etc. Platforms have varied over time in how open they are to having other people developing for them. iOS is an example of a more closed platform and has shown that closed platforms can be successful. You can see Windows as a more open platform in comparison which was also successful. How open a platform is comes with different trade offs.
For example, a smartphone replaces a PC for a lot of people. I even know some people in their 20s that don't own a "normal" laptop/desktop and they do most of their general purpose computing on their phones. In the meantime, nobody uses a Nintendo Switch or their dishwasher to do a quick edit of an excel sheet or access their bank account even if they are technically capable of doing so.
It is successful despite being closed, not because of it.
Dead Comment
I also prefer to be able to do whatever I want with my own devices, but pretending like it’s an inalienable right, or a natural state, or has no disadvantages is disingenuous and not helpful to the debate.
When was the last time you asked the builders association if you could remodel your kitchen?
When was the last time you asked Honda if you could put new mags on your car?
This whole idea that devices aren't owned when you purchase them is asinine and and insult to humanity.
Your counter arguments that it's new in the industry is simply due to the fact they thought they could get away with it. Not because they thought it was their right.
You don't see Klein putting limits on what nails you can use with a hammer but you can bet your ass they would if they could.
Which industry? The very earliest computers ran software written by end-users.
I own the freaking thing.
Apple has been for example putting limits on data collection and tracking. The main mechanism is to kick apps out from Apps store if they don't play by the rules.
I'm worried that side loading will be a step back here. Strong players, like Facebook, may just take their app away from the official store and distribute it through other ways. With their strong position I don't have much choice - it's not like there would be five competing apps serving the same purpose (connecting to the people and communities on Facebook).
The prime example is that apple gives apps unfettered access to network connections. And YOU are unable to block this in any meaningful way.
What apple doesn't give you is the ability to manage your own phone. You cannot really manage what apps are doing yourself. You cannot even find out what apps are doing. And you definitely will not be able to manage apple apps, they get a free pass in all ways.
But yes, if there's a sideloaded facebook app, or a facebook store, you will be given more rope to do with as you want.
Settings -> Privacy & Security -> App Privacy Report
It shows you per application what data they are accessing, which sensors they are accessing and which domains the app is contacting. It also reports when they were doing this and how often. You can even export this data as a JSON file.
What about:
- Apple’s limiting of advertising identifiers and requiring permission to track users across apps
- increasingly fine grained location access including ‘Only allow once’ and warnings when an app is tracking you in background
- sandboxed photo access so apps don’t get access to all your photos
- requiring developers submit privacy questionnaires with their app updates and showing how data is collected in each app
- supporting creating private email aliases for signing up for services
Just to name a few in the last few years.
Unless I got it wrong when enabled it reroute all Apps trafic through this "limited VPN" to prevent tracking and access to local network.
Apps that require access to local network must ask that permission explicitly. Streaming service (Netflix, Disney+,etc) do that for obvious performance gain. I noticed Microsoft Teams did it also (and I just revoked that thanks to this thread, it's a work app I better keep that out of my home local network).
Wrong. You CAN find out what apps are doing: Settings → Privacy → App Privacy Report
> And you definitely will not be able to manage apple apps, they get a free pass in all ways.
You can outright delete most Apple apps.
> Apple doesn't protect you.
said the wolf about the fence.
Deleted Comment
Apple has no commercial interest in breaking the users privacy and trust. Their business model is not to sell ads or work with 3rd party advertisers.
If you feel compelled to use a product with policies you don't agree with then now you understand how many of us feel about iOS.
If you mean you feel compelled to sell in their store which requires a laptop, a business relationship with Apple, and realistically a phone because emulator only sucks then that's a business decision if the juice is worth the squeeze.
I hope I don't come across as snarky -- I am genuinely curious -- but why don't you have a choice? Are you unable to contact friends, family, etc. any other way outside of FB? The phrasing seems so strong, I am second guessing if I am just privileged/lucky (location, friend/family circumstances, etc?) to be off of social media but still have friends and family that I stay connected to.
EDIT: fixed grammar
Deleted Comment
It’s only worth it to app makers to have side loading if they can do it for large numbers of users, bypass the app store’s rules, and bypass apple’s take. I’m expecting apple to set it up in a way they can do none of those things, by making it cumbersome to sideload, not giving entitlements to apps not published through the store, and by taking a cut for sales from sideloaded apps.
You know who's really putting limits on data collecting? F-Droid.
If that's actually your argument, that's what you should use. It's quite practical.
> Strong players, like Facebook, may just take their app away from the official
That argument really has to explain why this has not happened on every other operating system under the sun, including Android. They all suffer pretty strong monopolistic network effects.
https://www.cnbc.com/2022/02/02/facebook-says-apple-ios-priv...
The same legislation that is requiring Apple to allow sideloading also requires other large players (like Meta) to open their communication platforms up to other service or application developers.
In this hypothetical case, there actually would be five competing apps, some even still distributed on the App Store.
https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa...
They don't look at API calls made by the apps. How can they be your sure of the security then?
Only after this was published were the apps removed.
iPhone is THE hottest device on the planet, I can’t believe anyone can seriously consider Facebook challenging its position.
Apple could have hidden the settings to enable it behind two levels of menu settings and anyone like you would never get to it. The only reason they have "strict" policies, as has been shown over and over again, is for their commercial benefit.
> Apple has been for example putting limits on data collection and tracking.
I want to be tracked by apps, because it leads to better ads for products that I am actually looking for (than some random garbage that I don't care about)... and better usability in general. Apple put those rules in place so that their ad business has the edge over competitors. If Apple was running in a country that was not corrupt, this would be seen as anti-competitive and they would be sued.
> Strong players, like Facebook, may just take their app away from the official store and distribute it through other ways.
And? If you want clear rules on tracking, go talk to your politician. Apple is blocking competitors from tracking users while it has access to all of users data and uses it for their $5 billion revenue business.
It's going to be interesting when some sideloaded app starts becoming popular and e.g. americans miss out on it. I can already imagine a lot of AI and nsfw stuff in that category