When it comes to your personal data, Apple loves (correctly) to say "all of our user's data is encrypted, we can't access it even if we wanted to, so we cannot respond to this government request for data"
When it comes to application distribution, all of Apple's courage immediately disappears. They could say "We don't sign or control apps distributed through third party app stores, that's out of our hands, so we cannot respond to this government request". But, they chose not to. It was a choice, and Tim Cook chose an ugly, dishonorable, cowardly path.
To protect their users they chose to include a feature that allows them to remotely kill nefarious apps on all devices, regardless of how they got installed. A consequence of that is that they cannot answer government requests to kill apps with “I'm sorry, Dave. I'm afraid I can't do that”.
Was that the right trade-off? I’m not sure, but AFAIK, they aren’t allowed to add alarming warnings when users add alternative stores, so they can’t put up signs “you’re leaving the safe area”, so I can see why they made this choice.
In this case they didn't remove the app from the users' devices, they “removed Alternative Distribution functionality from iTorrent’s Developer Portal without any warning.”
So they revoked the right of the developer to publish on other stores, and don't allow publishing that app on their own store.
Beside of those apparent "government sanctions-related rules in various jurisdictions" cited as reason by Apple (whatever that means), they now demonstrated that they still have indirect control over the offering of ALL digital markets.
So regardless in which market you want to publish, you still need to remain in good standing with Apple.
Combining that with Apple's ability to observe the install-base of iOS-devices it's quite a conflict of interest. (The least nefarious being Apple courting successful apps from other stores to come over to Apple)
Why can't they add a "this app is not verified by apple, we can't guarantee it's safe" popup? Making people jump through ridiculous hoops (like jailbreaking) would violate the DMA, but surely not a simple matter-of-fact warning? Windows does the same with unsigned apps, as do many version of Android.
It wasn’t their choice to make. The user purposefully installed the app from a 3rd party store. That sounds like user intent. If Apple cared about their users, they would allow a user to use without caveat. Including installing whatever software they wish so long as it worked on the platform.
This is right to repair. This is ownership. When you buy some hardware, you should be allowed to install any software you wish, provided it works and you have the technical know how to do so.
>they chose to include a feature that allows them to remotely kill nefarious apps on all devices, regardless of how they got installed.
Huh, I sideload some pretty nefarious apps all the time on my iPhone and have been doing so for about a decade, and they have never got remotely killed or removed.
It would be trivial for Apple to push out silent targeted OS updates to specific individuals that would log decryption keys and send them to Apple, enabling Apple to decrypt that specific user's data.
Remember, Apple is the same company that cooperated with the NSA to secretly log and feed user data to the NSA starting back in 2012, as revealed by Snowden's heroic disclosure of the PRISM program (which was ruled unconstitutional by a federal judge).
Apple's privacy-protecting image is nothing more than marketing.
Apple is actually far worse at protecting your privacy than Google.
On iOS, you cannot install any apps without an Apple Account, and even some preinstalled apps (like Pages, Numbers, Keynote, GarageBand, iMovie) cannot be used before you assign them to an Apple Account.
On Android, you can install any app from any third-party store without having any accounts. There's a store called Aurora Store that even lets you install apps from Google's Play Store without an account as well, so, you can even install all the mainstream apps, all without any accounts.
Wouldn't Apple have just done exactly that when they faced public and state pressure to unlock the iPhones of mass shooters, such as the San Bernardino shooter or the Pensacola shooter? That was their golden opportunity, but instead they refused, went to court, and forced the FBI to pay third parties to break into the phones. That's the opposite of your espionage scenario.
If Apple never decrypts a user's data, then this debate will never resolve, because there will always be people who insist that Apple's teetering on the precipice of logging decryption keys and decrypting a user's data – or worse, that they've already done it and we're just waiting for another heroic whistleblower to reveal their corruption.
> Remember, Apple is the same company that cooperated with the NSA to secretly log and feed user data to the NSA starting back in 2012, as revealed by Snowden's heroic disclosure of the PRISM program (which was ruled unconstitutional by a federal judge).
PRISM compelled Apple to provide the NSA with access to cloud data they already held under FISA orders. Apple was not installing spyware on people's devices as you seem to be implying.
> It would be trivial for Apple to push out silent targeted OS updates to specific individuals that would log decryption keys and send them to Apple.
I don't think they even need to do that. They are in control of the encryption process and obviously already process the data to create a persona of the user (after which it is no longer considered "user data")
You haven't noticed that the tyrannical agencies, aka "intelligence" agencies in the west no longer white and throw tantrums about "going blind" and "black holes" etc. regarding Apple device encryption?
I do not get the impression that they just forgot and stopped being traitors.
I mean, you can just look it up instead of spreading conspiracies.
Apple put in functionality that makes it impossible for them to unlock phones and added additional controls to make brute forcing infeasible. The fight was fought, they had it out in court, and it's done.
If that wasn't true, literally all iPhones would be backdoored by the Russians and Chinese lol. Law enforcement is utterly incompetent when it comes to technology, you think they wouldn't immediately leak keys or access?
Some more context from the linked github issue[0], the app was removed because of European sanctions against Russia, it seems that the app developer who now lives in Malta, has a Russian background.
What is interesting is that it's Apple enforcing these sanctions, rather than AltStore.
The amount of control that Apple exercises over these alternative app stores, really does seem to be against the spirit of the DMA.
That’s also weird to me. I don’t have current 2025 info on the sanctions, but back in early 2022 I had a colleague with Russian citizenship who was living in Ireland (with proper permission to live and work - I think even permanent residence). He was exempted from the nationality-based sanctions because of his EU residence, although he did have to prove it to e.g. his banks.
Do the sanctions applicable in 2025 apply even to EU residents of Russian nationality or origin without such an exemption, or is this person covered by more narrow sanctions like one which name him individually, or is Apple going beyond the sanctions rules here for a store they don’t even operate?
Edit: reading the linked GitHub discussion more closely, it seems that he expects to benefit from the same exemption as I was describing, with the problem being twofold: one, the developer had neglected to update his personal info in Apple’s dev portal - not Apple’s fault, at least assuming that sanctions enforcement is their job at all in this scenario. But two, Apple has taken a long time to react to this guy providing proof of his Maltese residence, so that’s on them for being an unresponsive bottleneck.
> But two, Apple has taken a long time to react to this guy providing proof of his Maltese residence, so that’s on them for being an unresponsive bottleneck.
Someone I know has Maltese citizenship. From the stories they've told, the unresponsive party might not be Apple.
(At one point, my friend had to show up at the Maltese immigration office in person to get them to respond to an inquiry.)
And 3, Apple asking for a photo of the ID instead of using eID so the entire process can be tap > Face ID (in your country’s eID app) > done.
Also for some reason on App Store Connect, Apple is asking for a country of birth, not citizenship so with that alone, it’s unclear to me how can they make a determination at all.
Once again, our random spawn point (of which we have no control) is interfering with what we can and can’t do in life. Oh and Apple totally not getting how people live and move in the EU.
last time I checked if there are no sanctions against you personally you shouldn't have any troubles?
I believe sancitons lists are public so that has to be verifiable by searching for "Daniil Vinogradov". Quick search on EU sanctions tracker [0] did not yield any results. Neither did [1]. So what's up with that?
That statement cannot be taken at face value. Russian developers and Russian registered entities are freely publishing apps on App Store. EU sanctions do not prevent that.
> What is interesting is that it's Apple enforcing these sanctions, rather than AltStore.
That's quite a red flag. Apple demonstrated that despite their seemingly compliance with the EU DMA, they are still indirectly in control of ALL digital markets.
This is still an uneven playing field, and I hope the EU is not blinded by this "feature demonstration" of Apple now...
Lots of Russian apps and services registered in Malta or Cyprus, but their devs continue to live in Russia. And naive users think they’re using a European app or service. For example Adguard.
It's not the first time I've noticed you spreading this misinformation on HN, so let me respond.
Most of AdGuard's staff relocated in 2022, and I (CTO and co-founder of AdGuard) personally live in Limassol, Cyprus. We commented on that publicly, but it seems that random forum posts often regarded as more reliable sources of information.
I am totally fine with anyone not trusting AdGuard for any reason, but please keep your statements factually correct.
PS: Sorry for sticking a small promo in the comment, but this year we're organizing the annual summit (adfilteringdevsummit.com) for ad blockers' devs on our home turf in Limassol, a perfect opportunity to meet us, other ad blockers and even browsers' devs.
Indeed, I thought the whole point of alternative app stores is that it’s not Apple’s decision any more whether an app can be installed or not. This looks like another case of malicious compliance.
There is a lack of proof that the developer is linked to a sanctioned entity. Not saying it isn't, but The Verge should be at least trying to verify that IMHO (instead of taking the statement at face value); I'd even trust a "we verified it but won't publish to protect the developer".
I believe it was the Apple fee monopoly that was the central thrust of the anti-trust case, not open distribution of apps themselves. The goal was to allow storefronts to compete on fees.
If Apple was banning apps from alt stores but keeping them listed in their own store, then it would be a legal issue.
I personally I think it defeats the purpose as well, but I'm more concerned with the right for people to do what they wish with their own device. These antitrust court cases can get pretty specific with what they are addressing.
You're talking about the US case I believe. Alternative app stores were born out of the EU Digital Markets Act which Apple has been brazenly violating since day 1.
The purpose of the DMA is to eliminate gatekeepers' stranglehold over the market and promote competition by forcing them to compete on equal footing. Apple's compliance strategy thus far has been to create an appearance of compliance (alternative app stores, what more do you want??) while fully retaining their chokehold in strategic areas like notarization and core technology fees which completely undermine the goals of the DMA. They remain a gatekeeper who imposes taxes on competition and retains the ability to kill your project (or business) without a due process.
Aren't they both anti-trust problems? Suppose Apple bans apps that compete with some service they offer themselves. Allowing them to be banned in alternate stores as long as Apple also bans them in their own store is clearly not going to make that better, right?
> I believe it was the Apple fee monopoly that was the central thrust of the anti-trust case, not open distribution of apps themselves.
This was not just subject of the anti-trust case, it's Apple being expected to comply with the EU Digital Markets Act.
(The DMA defined objective criteria to identify a scaled market of digital goods with an uneven playing field for all players. Apple was found to have created such a market and was ordered to rectify this)
Totally, the only ""freedom"" that they have is the free development program... But they can cancel your account at any time if they wish for "abusing" it, and you even have to refresh apps every week.
from torrentfreak > "No further context was provided, but the developer purportedly had a Russian developer account, despite living in Malta."
"seems the issue is related to government sanctions" - so he is still connected to the Russian government then?!
btw, Malta is a good place for Russian agents, Sergey Gorokhovsky is one such and he oversees White House Personnel while telling everyone he's not Russian
I’ve never managed to get this torrent client working myself. I paid money for Altstore, but I’ve only ever found some emulator. I think I just don’t understand how it works.
Just now: I open Altstore, see an ad for the Epic Games Store, I tap it, the install button at the top sends you in a loop back to the same page, nothing happens. Oh, there’s another button (lower on the "page"): Install on iPhone or iPad, I tap that, then another button, Install. I tap it. New screen: Open the Epic Games Store on your home screen. Except that there is no Epic Games Store anywhere on my device.
And that’s basically all my experiences with Altstore.
The idea is really nice, indeed, which is why I paid for it immediately (just 1-2 euros or so I believe) but I never got anything out of it, ah well.
Not to play devil's advocate here and also IANAL but:
If (as as it is) Apple is still controlling apps via notarizarion/digitally signing apps of and recognizing developers, and if the app is developed for something that would land Apple in legal trouble (e.g. it makes it easy to freely and illegally download music and Apple also has legal contracts with record labels as they have Apple Music, and not only legal but it also affects Apple's own music revenue too) as the app has passed explicit notarization of Apple (in other words: Apple "knowlingly" allowed them and greenlighted them by notarizing the app), wouldn't it cause legal trouble for Apple?
For that, it's the logical behavior for a company like Apple to stop allowing the app.
Again, I'm not supporting it, but I can imagine where it's coming from and that makes sense from a business perspective as torrenting on mobile has almost no legal use cases. We all know you have not installed it to download your favorite Linux distro to your iPhone.
If the ability to remove apps obligates them to remove apps, then that is a strong argument for them not to have the ability to remove apps.
It also almost certainly doesn't so obligate them. They aren't acting as an intermediary, they are just incidentally signing the app. The app signing certifies in the first place that they checked the documents of the app devs, and in the second place that they haven't decided to remove the app. But removing the app is an action, not an inaction, they can't be compelled to take it. It would be like the record label saying I had to stop a bootlegger I happened to observe while I was out for a walk.
Legally that sounds about right, but morally, your argument does nothing to defend Apple. They pioneered stealing autonomy from their users. They know governments abuse this [1,2,3]. Yet they prefer to profit off keeping their users prisoner, than give them control of the devices they paid for.
Maybe the first time you chain a man to a tree, you can plead ignorance, that you didn't know wolves would come eat him at night. But by the 100th time, you're as guilty as the wolves.
Actually I didn't mean anything that contradicts your comment. I do agree with what you are saying.
I don't think we should be expecting moral values from any company over a certain size, be it Apple, Google, or anything else. They "care" about privacy as long as they profit from it directly as device/service sales or indirectly with brand value/trust/PR.
And, to clarify, the problem here is not that the company collaborates with governments in policing their own stores, the problem is that they do NOT allow you using any alternative stores.
This is a "have your cake and eat it too" problem.
IMO you can either be a dumb marketplace with common sense moderating and not be responsible for the content on your marketplace, or you can be a curated and secure marketplace, in which case you must necessarily be responsible for the content on it.
1. Not endorsement, but at least a recognition of some sort that Apple recognized the dev and the app and allowed them to publish this app (regardless of which store).
2. AFAIK Apple isn't doing anything illegal by pulling out this app. Malicious compliance? Perhaps. Illegal? Nope. If Apple doesn't do this, then it would indeed attract legal issues due to the first point.
Readit News
When it comes to application distribution, all of Apple's courage immediately disappears. They could say "We don't sign or control apps distributed through third party app stores, that's out of our hands, so we cannot respond to this government request". But, they chose not to. It was a choice, and Tim Cook chose an ugly, dishonorable, cowardly path.
Was that the right trade-off? I’m not sure, but AFAIK, they aren’t allowed to add alarming warnings when users add alternative stores, so they can’t put up signs “you’re leaving the safe area”, so I can see why they made this choice.
So they revoked the right of the developer to publish on other stores, and don't allow publishing that app on their own store.
Beside of those apparent "government sanctions-related rules in various jurisdictions" cited as reason by Apple (whatever that means), they now demonstrated that they still have indirect control over the offering of ALL digital markets.
So regardless in which market you want to publish, you still need to remain in good standing with Apple.
Combining that with Apple's ability to observe the install-base of iOS-devices it's quite a conflict of interest. (The least nefarious being Apple courting successful apps from other stores to come over to Apple)
This feature is part of antivirus solutions for ages.
This is right to repair. This is ownership. When you buy some hardware, you should be allowed to install any software you wish, provided it works and you have the technical know how to do so.
Huh, I sideload some pretty nefarious apps all the time on my iPhone and have been doing so for about a decade, and they have never got remotely killed or removed.
And yet if you refund an app it's not automatically removed from your device. Always thought that was weird.
Remember, Apple is the same company that cooperated with the NSA to secretly log and feed user data to the NSA starting back in 2012, as revealed by Snowden's heroic disclosure of the PRISM program (which was ruled unconstitutional by a federal judge).
Apple's privacy-protecting image is nothing more than marketing.
On iOS, you cannot install any apps without an Apple Account, and even some preinstalled apps (like Pages, Numbers, Keynote, GarageBand, iMovie) cannot be used before you assign them to an Apple Account.
On Android, you can install any app from any third-party store without having any accounts. There's a store called Aurora Store that even lets you install apps from Google's Play Store without an account as well, so, you can even install all the mainstream apps, all without any accounts.
If Apple never decrypts a user's data, then this debate will never resolve, because there will always be people who insist that Apple's teetering on the precipice of logging decryption keys and decrypting a user's data – or worse, that they've already done it and we're just waiting for another heroic whistleblower to reveal their corruption.
> Remember, Apple is the same company that cooperated with the NSA to secretly log and feed user data to the NSA starting back in 2012, as revealed by Snowden's heroic disclosure of the PRISM program (which was ruled unconstitutional by a federal judge).
PRISM compelled Apple to provide the NSA with access to cloud data they already held under FISA orders. Apple was not installing spyware on people's devices as you seem to be implying.
I don't think they even need to do that. They are in control of the encryption process and obviously already process the data to create a persona of the user (after which it is no longer considered "user data")
I do not get the impression that they just forgot and stopped being traitors.
Apple put in functionality that makes it impossible for them to unlock phones and added additional controls to make brute forcing infeasible. The fight was fought, they had it out in court, and it's done.
If that wasn't true, literally all iPhones would be backdoored by the Russians and Chinese lol. Law enforcement is utterly incompetent when it comes to technology, you think they wouldn't immediately leak keys or access?
What is interesting is that it's Apple enforcing these sanctions, rather than AltStore.
The amount of control that Apple exercises over these alternative app stores, really does seem to be against the spirit of the DMA.
[0]: https://github.com/XITRIX/iTorrent/issues/401#issuecomment-3...
Do the sanctions applicable in 2025 apply even to EU residents of Russian nationality or origin without such an exemption, or is this person covered by more narrow sanctions like one which name him individually, or is Apple going beyond the sanctions rules here for a store they don’t even operate?
Edit: reading the linked GitHub discussion more closely, it seems that he expects to benefit from the same exemption as I was describing, with the problem being twofold: one, the developer had neglected to update his personal info in Apple’s dev portal - not Apple’s fault, at least assuming that sanctions enforcement is their job at all in this scenario. But two, Apple has taken a long time to react to this guy providing proof of his Maltese residence, so that’s on them for being an unresponsive bottleneck.
Someone I know has Maltese citizenship. From the stories they've told, the unresponsive party might not be Apple.
(At one point, my friend had to show up at the Maltese immigration office in person to get them to respond to an inquiry.)
Also for some reason on App Store Connect, Apple is asking for a country of birth, not citizenship so with that alone, it’s unclear to me how can they make a determination at all.
Once again, our random spawn point (of which we have no control) is interfering with what we can and can’t do in life. Oh and Apple totally not getting how people live and move in the EU.
last time I checked if there are no sanctions against you personally you shouldn't have any troubles?
I believe sancitons lists are public so that has to be verifiable by searching for "Daniil Vinogradov". Quick search on EU sanctions tracker [0] did not yield any results. Neither did [1]. So what's up with that?
[0]: https://data.europa.eu/apps/eusanctionstracker/
[1]: https://sanctionssearch.ofac.treas.gov/
That's quite a red flag. Apple demonstrated that despite their seemingly compliance with the EU DMA, they are still indirectly in control of ALL digital markets.
This is still an uneven playing field, and I hope the EU is not blinded by this "feature demonstration" of Apple now...
Most of AdGuard's staff relocated in 2022, and I (CTO and co-founder of AdGuard) personally live in Limassol, Cyprus. We commented on that publicly, but it seems that random forum posts often regarded as more reliable sources of information.
I am totally fine with anyone not trusting AdGuard for any reason, but please keep your statements factually correct.
PS: Sorry for sticking a small promo in the comment, but this year we're organizing the annual summit (adfilteringdevsummit.com) for ad blockers' devs on our home turf in Limassol, a perfect opportunity to meet us, other ad blockers and even browsers' devs.
If Apple was banning apps from alt stores but keeping them listed in their own store, then it would be a legal issue.
I personally I think it defeats the purpose as well, but I'm more concerned with the right for people to do what they wish with their own device. These antitrust court cases can get pretty specific with what they are addressing.
The purpose of the DMA is to eliminate gatekeepers' stranglehold over the market and promote competition by forcing them to compete on equal footing. Apple's compliance strategy thus far has been to create an appearance of compliance (alternative app stores, what more do you want??) while fully retaining their chokehold in strategic areas like notarization and core technology fees which completely undermine the goals of the DMA. They remain a gatekeeper who imposes taxes on competition and retains the ability to kill your project (or business) without a due process.
This was not just subject of the anti-trust case, it's Apple being expected to comply with the EU Digital Markets Act.
(The DMA defined objective criteria to identify a scaled market of digital goods with an uneven playing field for all players. Apple was found to have created such a market and was ordered to rectify this)
Deleted Comment
"seems the issue is related to government sanctions" - so he is still connected to the Russian government then?!
btw, Malta is a good place for Russian agents, Sergey Gorokhovsky is one such and he oversees White House Personnel while telling everyone he's not Russian
Just now: I open Altstore, see an ad for the Epic Games Store, I tap it, the install button at the top sends you in a loop back to the same page, nothing happens. Oh, there’s another button (lower on the "page"): Install on iPhone or iPad, I tap that, then another button, Install. I tap it. New screen: Open the Epic Games Store on your home screen. Except that there is no Epic Games Store anywhere on my device.
And that’s basically all my experiences with Altstore.
The idea is really nice, indeed, which is why I paid for it immediately (just 1-2 euros or so I believe) but I never got anything out of it, ah well.
If (as as it is) Apple is still controlling apps via notarizarion/digitally signing apps of and recognizing developers, and if the app is developed for something that would land Apple in legal trouble (e.g. it makes it easy to freely and illegally download music and Apple also has legal contracts with record labels as they have Apple Music, and not only legal but it also affects Apple's own music revenue too) as the app has passed explicit notarization of Apple (in other words: Apple "knowlingly" allowed them and greenlighted them by notarizing the app), wouldn't it cause legal trouble for Apple?
For that, it's the logical behavior for a company like Apple to stop allowing the app.
Again, I'm not supporting it, but I can imagine where it's coming from and that makes sense from a business perspective as torrenting on mobile has almost no legal use cases. We all know you have not installed it to download your favorite Linux distro to your iPhone.
It also almost certainly doesn't so obligate them. They aren't acting as an intermediary, they are just incidentally signing the app. The app signing certifies in the first place that they checked the documents of the app devs, and in the second place that they haven't decided to remove the app. But removing the app is an action, not an inaction, they can't be compelled to take it. It would be like the record label saying I had to stop a bootlegger I happened to observe while I was out for a walk.
Maybe the first time you chain a man to a tree, you can plead ignorance, that you didn't know wolves would come eat him at night. But by the 100th time, you're as guilty as the wolves.
[1] Apple pulls app used to track Hong Kong police, Cook defends move - https://www.reuters.com/article/us-hongkong-protests-apple-i...
[2] Apple removes nearly 100 VPNs used by Russians to bypass censorship - https://news.ycombinator.com/item?id=41712728
[3] Apple's Cooperation with Authoritarian Governments - https://news.ycombinator.com/item?id=26644216
I don't think we should be expecting moral values from any company over a certain size, be it Apple, Google, or anything else. They "care" about privacy as long as they profit from it directly as device/service sales or indirectly with brand value/trust/PR.
2. Apple's obligations under law supersede their agreements with any record labels.
IMO you can either be a dumb marketplace with common sense moderating and not be responsible for the content on your marketplace, or you can be a curated and secure marketplace, in which case you must necessarily be responsible for the content on it.
This is a legal hole.
2. AFAIK Apple isn't doing anything illegal by pulling out this app. Malicious compliance? Perhaps. Illegal? Nope. If Apple doesn't do this, then it would indeed attract legal issues due to the first point.
Deleted Comment