Apple Says Third-Party App Stores Would Open iPhones To Scammers

Apple is raising fears about letting users install applications outside the company's App Store, an issue being targeted by lawmakers and regulators that also played a prominent role in its recent trial against Epic Games. From a report: The company said Wednesday on its website that requiring apps to be downloaded from the App Store protects consumers against scams, keeps their privacy secure and provides developers payment for their work. All those benefits could disappear if apps can be downloaded from third-party app stores with lesser protections or users get an app from a website or PC and "sideload" it onto the phone. The timing of Apple's push back isn't coincidental.

The U.S. House Judiciary Committee Wednesday is scheduled to discuss six proposed antitrust bills, including one sponsored by Rhode Island Democrat Representative David Cicilline, a Democrat from Rhode Island and chairman of the antitrust subcommittee that, if passed into law, could call for Apple to open up to third-party app stores and provide all of its iPhone technologies to third-party software makers. "It shall be unlawful for a person operating a covered platform, in or affecting commerce, to restrict or impede the capacity of a business user to access or interoperate with the same platform, operating system, hardware and software features that are available to the covered platform operator's own products, services, or lines of business," according to an early copy of the bill.

"Allowing sideloading would degrade the security of the iOS platform and expose users to serious security risks not only on third-party app stores, but also on the App Store," the Cupertino, California-based technology giant said on its website. "Because of the large size of the iPhone user base and the sensitive data stored on their phones -- photos, location data, health and financial information -- allowing sideloading would spur a flood of new investment into attacks on the platform."

Yes, 100% correct

[SuperKendall]

You know that if third party app stores are open, they will be more lax than Apple at allowing scammers into the stores they have, and by extension people will download malware from those stores. That is absolutely the case.

Can't we just keep one platform where security is more important than flexibility? Android already exists for those that prefer the extra risk. Leave an option that helps protect the non-technical from harm.

Re:Yes, 100% correct

[houstonbofh]

Yes you can. Simply do not add the third party app stores. Done. What you want is to prevent ME from adding what I want. No.

We already know that's no protection.

[SuperKendall]

Simply do not add the third party app stores.

That's easy for you to say, but we all know deep down in our hearts how easy it is to trick non-technical users to install anything, including other app stores... j

Just look at what scammers already do on desktops with remote access software installation they have people install over the phone. The same would be true of mobile devices if you allow alternate app stores, scammers would simply talk the user through installing an alternate App Store and then load whatever malware laden device comprising applcaitiion they desired.

Again I am saying let's preserve the security of the platform for people who DO NOT know better, who cannot protect themselves the way all of us on Slashdot can.

What you want is to prevent ME from adding what I want.

The opposite, a technical user can already add anything they like - they can crate a free developer account and build any app they like for the device. Technical users ALREADY have free reign on iOS to do what they like. Why do you want to make it easy for non-techncai users to commit device compromising errors?

Re:

[Vancorps]

Or we could actually go after scammers and make it costly for them to peddle their ill goods.

Of course that is also ignoring all the bad software already in Apple's app store which is a thing too. Quite a common thing at that. Yes, its a bigger issue on the Android side but both platforms have their problems with software masquerading as different software in their app stores.

Frankly, the days of the Internet being the wild west are coming swiftly to a close whether we like it or not. When one email can n

Re:How exactly?

[dgatwood]

You mean none of us had to put up with scam calls, malware on desktops, and all sorts of other security nonsense since we could have simply "made it costly" for therm all along?

Yes.

Oh, wait, you needed an explanation of how? Fixing scam calls is easy. It just takes three easy steps. Step 1: Redesign Caller ID. Step 2: Ban telephone companies that don't follow the rules. Step 3: There's no step 3. There's no step 3!

Currently, CID trusts data from trunk line customers blindly. They need to make a few small changes:

• Require that every CID packet be signed with a PK crypto signature identifying the originator.
• Require all phone companies to filter the data from their edge trunk line customers (customers that aren't phone companies that are passing on calls from other other phone companies) based on what phone numbers each particular customer is allowed to send. Drop CID packets from numbers that are not assigned to that customer. Require proof of authorization for number blocks owned by other companies (e.g. for multinational companies that route internally based on destination).
• Require phone companies to re-sign the CID packet at every hop, and require every phone company to verify that the outermost signature matches a network that it expects to talk to. Drop improperly signed packets.
• After the implementation due date, require all phone companies to drop unsigned CID packets.
• Send anything marked "Unknown caller" directly to voice mail.
• If a phone company intentionally ignores their responsibility to check the phone numbers from trunk lines, use a CRL to turn phone calls signed by that phone company into "Unknown caller" calls.

Goodbye, scammers, hello instant traceability.

Malware on desktops? Require that every app be signed by a valid signing cert obtained from one of a handful of trusted certificate authorities. Pass rules that require real evidence of identity when requesting a signing cert. When malware appeals, take the scammer to court. Immediately ban any CAs that provide signing certs for malicious state actors. And you're done.

Preventing scams is all about requiring proof of identity. Apple need not completely throw out all rules for other app stores. It can require sandboxing or prevent apps from one store from sharing data with apps from another store. It can require that any store authorized to operate on the platform conform to minimum rules about proof of identity. It can ban third-party stores that turn into cesspools, or that are filled with pirated copies of apps from their own store. And so on.

Apple's arguments ring hollow. They don't want to do the work required to make it safe, and they don't want to lose the income that they will lose if they actually have to compete with other stores that don't charge extortionate fees. Assuming any other motivation is dubious at best.

Re:

[omnichad]

Goodbye, scammers, hello instant traceability.

Goodbye Google Voice and similar services. Goodbye call forwarding where you know who is trying to call you rather than always seeing what number is being forwarded to you.

And for people like me, goodbye having multiple SIP trunk providers that can all dial out with the same CID for redundancy, because there's no way they'd want to cross-validate each other - it's bad for business.

Re:

[dgatwood]

Goodbye, scammers, hello instant traceability.

Goodbye Google Voice and similar services.

Nope. Try again. Google Voice and similar services have the rights to the numbers that they use, whether by buying blocks or porting in numbers from other carriers. They know who the customers are, and they know what phone numbers are assigned to each customer. So their responsibility, as a phone company, would be exactly the same as for any other phone company:

• For individual customers, generate a CID blob based on what number the customer owns and is using.
• For bulk/business customers (the VoIP equival

Re:

[omnichad]

Nope. Try again. Google Voice and similar services have the rights to the numbers that they use

A call comes in to your Google Voice number. You have it set to forward calls to your personal cell. Google creates an outbound call to your personal cell phone and spoofs the original caller's number (unless you specifically choose for GV to use its number for CID on all forwarded calls.

Why? Call forwarding isn't done by the handset; it's done by the phone company's systems.

This is the more general case of Google Voice. If I run my own PBX and want to forward incoming calls to my extension to my cell, I have to use an outgoing trunk to spoof an outgoing call. There are lots of types of "fo

Re:

[dgatwood]

Nope. Try again. Google Voice and similar services have the rights to the numbers that they use

A call comes in to your Google Voice number. You have it set to forward calls to your personal cell. Google creates an outbound call to your personal cell phone and spoofs the original caller's number (unless you specifically choose for GV to use its number for CID on all forwarded calls.

First, you're assuming that VoIP providers would be treated in the same way as some random trunk line customer. I was assuming that a VoIP provider would be inherently trusted initially, then bulk ignored if they get caught letting people spoof calls via their network.

Second, you're ignoring the "customers that aren't phone companies that are passing on calls from other other phone companies" part. For a VoIP provider to be able to do that, it has to receive the signed CID blob from the original sender.

Re:

[DamnOregonian]

We (my employer, and by extension, me) happen to run a pretty large commercial VOIP network.
The person you're replying to is correct about his concerns. But you're also correct about your solutions.
His concerns can be handled by your solutions, and need to not be an impediment.
Will we hate having to deal with validation? Yes. But ultimately, we will do it because it has to be done, just like we did with BGP.

We have been discussing it for years, because we are consumers as well as operators.
We know jus

Re:

[Vancorps]

Short answer no, we have not even tried to stop them. Putting a stop to scam calling for instance is relatively easy as a control implemented by the actual owners of the phone numbers. When ATT manages a block of phone numbers it should be incumbent upon them to ensure that only authorized users are using that number. My SIP provider requires me to authenticate from a specific IP for instance, I can then set my outgoing DID but it has to match a number on the block I pay for. They do this already because th

Re:

[dgatwood]

Not to mention if a zero day is found Apple can scan the entire App Store for binaries that might have code that would trigger that exploit, a third party App Store adds extra delay for unpublished exploits Apple finds out about.

Apple doesn't have access to source code. It is challenging to scan for a specific blob of binary code that might be emitted by the compiler, because it may vary based on context.

Besides, most zero-day exploits are either A. in code specific to one app, and therefore don't require

Re:

[slack_justyb]

Just look at what scammers already do on desktops with remote access software installation

This literally can be said about anything where scammers exist. You are advocating for public ignorance. The reality is that people need to educate themselves.

Again I am saying let's preserve the security of the platform for people who DO NOT know better, who cannot protect themselves the way all of us on Slashdot can

And you can do that by educating users. And I would stand by your argument, but that "protection" has been actively abused by Apple. Apple ruined this, APPLE did this to you. They have shown no good faith. You are upset about the security implications, go take it up with Apple. Because when it got too late, when they had abused their position s

Wrong

[SuperKendall]

This literally can be said about anything where scammers exist.

It's not true today on Apple iOS devices. Scammers cannot direct you to install malware from outside the store.

Since the base of your argument was wrong, I din't even bothered to read what else you write which Is apparently based on a fundamental flaw in your understanding of iOS.

Re:

[slack_justyb]

I din't even bothered to read what else you write which Is apparently based on a fundamental flaw in your understanding of iOS.

Wow. I had only heard of the crazy fanboi-dom that goes with Apple products but your entire take is a whole new level. Well the entire point is that Apple is the bad guy and everything you hate about this situation is their own making. But you're so drowned in the Kool-Aid, I'll have a better chance at convincing a stone wall that it's a butterfly than convincing you that Apple has done all of this to themselves.

But I assure you. Nobody is going to shed a single tear when the hammer falls on Apple. Exc

Re:

[chispito]

Simply do not add the third party app stores.

That's easy for you to say, but we all know deep down in our hearts how easy it is to trick non-technical users to install anything, including other app stores... j

Just look at what scammers already do on desktops with remote access software

Are you suggesting that not only do you think that iOS should remain locked down but you also think macOS should prevent people from installing software of their choosing?

Re:

[chispito]

I'm talking about iOS. Why are you talking about the Mac, which is utterly distinct and already works the way it does where it lets users easily install apps?

Because you said

Just look at what scammers already do on desktops with remote access software installation they have people install over the phone. The same would be true of mobile devices if you allow alternate app stores, scammers would simply talk the user through installing an alternate App Store and then load whatever malware laden device comprising applcaitiion they desired.

It logically follows that you think an airtight walled garden with Apple as the gatekeeper is preferable to the user freedom that exists on the Mac. Otherwise, if user freedom is tolerable on the Mac why is it not tolerable in iOS? Surely someone out there would not get scammed on their Mac if it were locked down like their iPhone is.

Re:

[chispito]

Eventually we'll be able to replace desktops with the iPad for everything people do today on desktops, we just aren't quite there yet (though we are getting closer than lots of people think).

You mean eventually I'll be able to boot to a different OS on my iPad? I've love that.

Re: We already know that's no protection.

[ArmoredDragon]

Just look at what scammers already do on desktops with remote access software installation they have people install over the phone. The same would be true of mobile devices if you allow alternate app stores, scammers would simply talk the user through installing an alternate App Store and then load whatever malware laden device comprising applcaitiion they desired.

If it's anything like Android, that's a fair bit of steps to walk them through, no less than two warnings to ignore, four+ warnings if it's another app store.

At that point, I don't think they need a third party app store to get what they want. They'll just get right to the point and tell them to drive down to Walmart, buy a gift card, and give them the numbers.

Re:

[sglewis100]

Yes you can. Simply do not add the third party app stores. Done. What you want is to prevent ME from adding what I want. No.

Until Fortnite removes their app from the App Store and my kids lose access to it because I don’t allow them to install third party app stores and bypass the parental controls I have on their phone. Just saying, it’s a little more complex than that.

Re:

[dgatwood]

That's mostly hypothetical. Removing an app pisses off existing users, and is a really bad way to do anything. Announcing that all of your future apps will be in your own store is a different matter, and is far more likely.

Only a few companies are big enough to convince normal people to install a third-party store, though, and most of those companies aren't evil. As long as Apple requires all stores to conform to some basic rules, such as knowing who produced each app, and as long as Apple ensures that

Re:

[sglewis100]

That's mostly hypothetical. Removing an app pisses off existing users, and is a really bad way to do anything. Announcing that all of your future apps will be in your own store is a different matter, and is far more likely.

Only a few companies are big enough to convince normal people to install a third-party store, though, and most of those companies aren't evil. As long as Apple requires all stores to conform to some basic rules, such as knowing who produced each app, and as long as Apple ensures that apps from one store are sandboxed in a way that prevents access to data from the other store, prevents camera, microphone, and location access without permission, etc., I don't see that as a particularly scary future.

It’s not really hypothetical. This is the same Fortnite that literally removed itself from the Google Play store and deliberately antagonized Apple to get kicked off the App Store to kickstart the very lawsuit we’re talking about. Hypothetical would be speculating IF Fortnite would remove themselves from the major phone vendors’ app stores, not discussing how they literally invented the trend of doing so. Regarding the fact that only some companies are big enough to convince people to do a

Re:

[dgatwood]

That's mostly hypothetical. Removing an app pisses off existing users, and is a really bad way to do anything. Announcing that all of your future apps will be in your own store is a different matter, and is far more likely.

Only a few companies are big enough to convince normal people to install a third-party store, though, and most of those companies aren't evil. As long as Apple requires all stores to conform to some basic rules, such as knowing who produced each app, and as long as Apple ensures that apps from one store are sandboxed in a way that prevents access to data from the other store, prevents camera, microphone, and location access without permission, etc., I don't see that as a particularly scary future.

It’s not really hypothetical. This is the same Fortnite that literally removed itself from the Google Play store and deliberately antagonized Apple to get kicked off the App Store to kickstart the very lawsuit we’re talking about.

Let me reword that slightly more clearly. The fear that random companies will do this is mostly hypothetical. Major game publishers are an exception, because they already run their own stores on other platforms. But even they are unlikely to pull existing apps.

Fortnite originally shipped their Android app via side loading, and only later added it into any official stores, so the subsequent removal from those stores and reversion to its original side-loading-only status isn't really comparable to shipping

Re:

[thegarbz]

Yes you can. Simply do not add the third party app stores. Done. What you want is to prevent ME from adding what I want. No.

Except you have a sub million UID. I implicitly trust you far more to know what is and isn't good for you, as opposed to the millions of unwashed masses who just mash the yes / accept button to any warning or any bypass if it thinks it will get them closer to their goal.

If users were reliable and trustworthy we'd have effectively solved malware years ago. The overwhelming majority of it relies on idiots behind the wheel and it's quite clear over the past few decades that users actually need protection from

Re:

[fred6666]

But what if those infected Apple devices infect other Apple devices.

Then the OS is really insecure and must be fixed.

Re:Yes, 100% correct

[jellomizer]

You are really giving a false equivalency argument. Combined with a straw man and sliding scale arguments.

If we live in a Free Country, than why are their any laws at all? Because we need laws and regulations, to help make sure we have an an attempt for optimal levels of freedoms.

Most of us don't want to get sick and die. I want my freedom to Live and survive. Being a wide spreading and vary harmful pandemic I will need to be protected. So I can wear a mask, but the mask isn't the best at protecting yourself from the virus, but it is much better at preventing others from spreading it. So for mine and a good portion of the others who want to not catch the virus, a rule to say others will have to put on a mask, a minor inconvenience, to help protect our freedom of Life, and health a major necessity. Is considered a fair tradeoff.

Now even the most Liberal States, (where many of them are recovering at a faster rate) are getting to levels where the spread of COVID is being contained, and the majority are Vaccinated, they are lifting the Mask Requirements, because the chances of catching COVID are much lowers, so the Freedom lost of the few who Catch Covid is overall less than imposing the masking restriction of freedom.

Now onto the topic of App Stores, We know that there are a bunch of Scammers out there, and in general Apple Devices were able to weather the storm of Malware much better than PC's and even Google Android based products. Not perfect mind you, but much better. Part of this I expect is due to Apple strict control of its platform. Or gated community.

So if you choose an Apple Product, it is like choosing to join a gated community. Where while you often get much nicer things, you also have to follow the rules of the community, some of them very strict, such as never missing a day to mow your lawn, or the color or type of decorations that is in front of your home, even the car you may drive. But it is a community where others too follow the rules, so you don't suffer eye sores from that guy with garish decorations, or is driving a noisy crappy car. If you choose an Apple Product, you know you are limited to the Apple Store, this isn't a loss of freedom, because you chose the Apple Product, and you can go with other options, Including going with an Android Based Phone, with a different tolerance towards software, or you can use your PC/Laptop for most of the Apps. It isn't like you have to use your phone for other features that isn't a phone call.

Re:

[smooth wombat]

Now even the most Liberal States, (where many of them are recovering at a faster rate) are getting to levels where the spread of COVID is being contained,

Glad you mentioned those "liberal" states and how well they're doing in terms of infections and deaths from covid. Right now, nearly all deaths from covid are from unvaccinated people [cnn.com]. 95% of those hospitalized are not vaccinated [bestlifeonline.com]. Even better, those who are getting sick and dying are now the younger crowd [yahoo.com].

So yes, it's amazing how those "libera

Re:

[jellomizer]

I wasn't really trying to go there. I just brought up Liberal States, because Conservative Talking Heads like to point at them and show how much they are taking away peoples rights, while in truth they are just trying to manage that their states often has a higher population density so they need different sets of rules to make sure the population handles itself will.

Re:

[omnichad]

their states often has a higher population density so they need different sets of rules to make sure the population handles itself will.

This is also why we have a house of representatives as well as a Senate. We need major decisions to filter through both lenses to look for problems that wouldn't otherwise be anticipated. I don't believe that's how the house/senate power balance is being used most of the time - but that doesn't negate the ideal.

Re:

[cayenne8]

So let the people that want to wear a mask wear a mask.

And let the people who don't want to wear a mask don't wear a mask?

I don't get the analogy..that's what we naturally have right now, as far as mask wearing choices.

Re:

[aaarrrgggh]

A more realistic situation is things like banking apps will block your access if you have multiple app stores installed for “their own protection.”

Re:

[omnichad]

And they'll still allow access from Windows? Seems more like theatre to me.

Re:

[teg]

And they'll still allow access from Windows? Seems more like theatre to me.

The bank will still work from the browser on the iOS-device.

AFAIK - not having had an Android phone for a long time - the main issue with banking apps (and some other apps) refusing to run isn't if you have a separate App Store installed. They are refusing to run if they detect that the system has been rooted - so it doesn't know if the system it runs on is secure. This minimises attack vectors, e.g. for malware to compromise some of the system calls and play man in the middle, extract encrypted data etc.

Re:

[omnichad]

Implicitly trusting web browsers is yet another point against this behavior. The app is not special. It's not the weakest link, so locking it down extra is just for show.

Re:

[DaFallus]

A more realistic situation is things like banking apps will block your access if you have multiple app stores installed for “their own protection.”

Banking apps run fine on Android. Back when I rooted my phone I might get a message or something but all my banking apps still worked as expected.

Re:

[LostMyAccount]

I think the best compromise is probably somewhere in the middle.

They can keep the app store exclusive, except they have to be far more transparent about why they prohibit some apps from the app store. Make all APIs available, including internal APIs only available to Apple apps, unless there is some specific and transparent security reason for prohibiting them. Eliminate functional prohibitions on apps that Apple doesn't like because it somehow undermines Apple's perception of control of their platform.

I'

and remove webkit lockin + allow emulator with rom

[Joe_Dragon]

and remove webkit lockin + allow emulators with rom

Re:

[CohibaVancouver]

This argument would make sense were it not for the fact you can pretty much run programs in an iPhone web browser these days.

The absence of a Pornhub app does not mean people aren't viewing porn on their phones. It just means it's more difficult than it has to be.

add an adults only area, an open political area

[Joe_Dragon]

add an adults only area, an open political area

Re:

[fulldecent]

Yes you can have a closed platform that restricts competition, just so long as the company doesn't get worth more than half a trillion dollars (the original cost of the US highway system, the formerly largest infrastructure project on Earth).

Re:

[RealNeoMorpheus]

So, if I enable the sideloading option somehow, your phone will also do the same?

Are you that dumb?

Stop being a rabid apple cult member and blindly believing all the bullshit they say.

The real reason why they dont want sideloading is because they wont be able to get money out of the apps installed that way.

Re:

[RealNeoMorpheus]

Stop moving the goalpost, you said it yourself that you are not that dumb.

But clearly you want to play that card.

Re:

[e3m4n]

when I read the headlines my thought went straight to "as opposed to all the scammers in the apple app store now exploiting subscriptions?" I mean seriously, an $5/wk app that prints the exact same info as apple weather app? Id be willing to bet it SOURCES its weather info from the apple weather app. That clearly comprises a scam by which they are selling information created, curated, and processed by apple. Apple better watch how hard they raise this SCAM flag. They arent doing too great of a damn job so l

Re:Yes, 100% correct

[EvilSS]

You know that if third party app stores are open, they will be more lax than Apple at allowing scammers into the stores they have, and by extension people will download malware from those stores. That is absolutely the case.

Can't we just keep one platform where security is more important than flexibility? Android already exists for those that prefer the extra risk. Leave an option that helps protect the non-technical from harm.

I get the argument but no. If someone buys a piece of hardware they should be allowed to do with it as they see fit, whether it's a phone, computer, tablet, game console, car, tractor, toaster, toothbrush, doesn't matter. You own it, it's yours, you shouldn't be locked out of it in any way. Ultimately it needs to be up to the user to protect themselves. This is the way it is in all other parts of life, it's the way it needs to be with tech.

Re:

[sglewis100]

Let’s be very clear Apple’s motive is clearly around protecting the in-app purchasing revenue. They may cite other reasons, and there may be some validity to those claims, but I’m convinced that the bulk of their true desire is to preserve a not-unimpressive revenue stream.

That said, I see two sides to the argument. On the one hand, I could care less if other people can install third party apps so long as I can choose the closed ecosystem of relative security for users like my two daught

Re:

[NicknamesAreStupid]

The title should have been, "Apple says third-party app stores would open iPhone to MORE scammers." Apple has always branded to the elite. It did so against Windows (a.k.a. malware world), and it lost market share, almost going under. Steve Jobs once said that Apple should be the BMW or Mercedes of computing, having about 2% marketshare. Steve is gone, but that business philosophy seems to have remained.

Re:

[phantomfive]

You know that if third party app stores are open, they will be more lax than Apple at allowing scammers into the stores they have

Cydia has less malware than the official Apple app store.

Re:

[Dracos]

But for a disingenuous reason.

This isn't about user security or privacy, this is about Apple maintaining the fortifications around their walled garden.

How is Android not competition?

[SuperKendall]

Apple is arguing that they should not have to compete against anyone on the iOS platform. And, that they should be able to charge whatever they want and set whatever rules they want without any external oversight.

That is correct.

That's anti-competitive.

This is all on APPLE'S OWN PLATFORM. It's not like we are talking about how only the Apple App Store exists across all mobile devices. A platform owner has the right to do whatever they like with that platform, by definition it is not possible for any such action taken within the platform to be anti-competitive. Android competes just fine, with their own App Store on their own devices.

And, without competition Apple can do pretty much whatever they want and charge whatever they want.

So if Apple decided to charge $1million per phone you do not think everyone would just buy Android? The fact is there is competition, that limits what Apple can charge and what they can do.

Again, there is lots of competition, from Android. In fact Apple is not even the leader in marketshare! So just let it exist as it chooses.

Re:How is Android not competition?

[MNNorske]

Does Apple actually own the platform when the platform includes a physical device that we as the end user purchase? In my opinion Apple owns the back end services that currently add much value to the device. But, the device was something I had to physically purchase, and signed no contract with Apple at time of purchase. In fact the only contract I did sign at time of purchase was with my phone carrier.

I can't tell you right now whether I would install a third party App Store or side load apps onto my iPhone if I had the opportunity. But, I can tell you that I think I should be able to on the device that I personally purchased.

You can do anything you like with a device

[SuperKendall]

Does Apple actually own the platform when the platform includes a physical device that we as the end user purchase?

You can make any changes you like to it after purchase, including adding other software - if you have the technical skills. Just as you can install a different engine in a car.

Apple has the right to write IT'S OWN SOFTWARE any way it likes, and that includes no third party app stores. Just as you can't demand Ford install a Ferrari engine or even Ferrari engine mounts in a truck before you purchase.

Re:

[phantomfive]

This is all on APPLE'S OWN PLATFORM.

When I buy the device, it's my device, not Apple's.

Re:

[DaFallus]

This is all on APPLE'S OWN PLATFORM. It's not like we are talking about how only the Apple App Store exists across all mobile devices. A platform owner has the right to do whatever they like with that platform, by definition it is not possible for any such action taken within the platform to be anti-competitive.

Did you miss the whole antitrust thing with Microsoft in the 90s because they included their own browser with the OS? And that was on an operating system where you could install whatever browser you wanted to. And there were alternatives to Windows like Linux and Mac OS.

Apple Thinks Their Users Are Children

[chill]

So, Apple is treating users like little children and not allowing them even the option to make their own choice here.

In Android you can easily stay forever in the walled garden of the Play Store. Sideloading apps is possible only if you take an explicit action to enable that option. Enabling can be turned on and off at willl, so a user could sideload just one app and turn it back off to re-enter the walled garden. It isn't all or nothing.

Re:

[timholman]

So, Apple is treating users like little children and not allowing them even the option to make their own choice here.

On the contrary, every Apple user has a choice - just go buy an Android phone and leave the walled garden.

Apple is not a monopoly, or even close to it, in the smartphone marketplace. The fact that users choose to remain with Apple despite the constant cries of "Android is so much better!" should say something.

Re:

[chill]

That's "our way or the highway", and that isn't a choice.

I wasn't advocating people leave Apple for Android, I was pointing out the Apple's argument was specious and simply using Google's model as an example.

Your argument equates to "Yes, and I want to be treated like a child. Go away."

Re:

[msauve]

>That's "our way or the highway", and that isn't a choice.

No, that's you, being disingenuous. It is a very obvious choice.

Re:

[chispito]

Regulators would often beg to differ.

Re:

[msauve]

You say that as if it's not something you just made up. Citations needed. Perhaps like how Nintendo, Playstation, X-Box, and Roku all had manufacturer controlled walled gardens which were shut down by your regulators, LOL. Good luck getting your app on that new Samsung smart TV.

Re:

[chispito]

The most obvious parallel that comes to mind is Microsoft and IE [bbc.com] and how Apple restricts browsers in iOS. You can use absolutely any web browser you want, as long as it's WebKit.

Re:

[tiananmen tank man]

You are making the false assumption that all iPhone owners were fully informed before buying.

Re:

[houstonbofh]

And I know many Apple users that did exactly this. They would have bought an iPhone but did not. It is a poor business decision.

Re: Apple Thinks Their Users Are Children

[ToasterMonkey]

Poor business decision, aside from happy customers and the iPhone/App Store being licenses to print money?

Re:

[sglewis100]

And I know many Apple users that did exactly this. They would have bought an iPhone but did not. It is a poor business decision.

The iPhone business model is a poor business decision? Apple could have more cash than they already do somehow, or a stock price that’s double? Seriously, companies make choices every day. It’s a head scratcher to claim that Apple’s choices are hurting them financially.

Re:

[chispito]

I do not understand this line of reasoning. Why is it good that macOS lets you install whatever software you want but also good that iOS does not?

Also, claiming that because Android lets people install software of their choosing, Apple is not being anti-consumer is a ridiculous. Does that mean if Android decides to completely lock down that Apple would need to open up? This argument makes no sense. Anti-consumer is anti-consumer regardless of whether there are more pro-consumer options.

Re:

[timholman]

In Android you can easily stay forever in the walled garden of the Play Store. Sideloading apps is possible only if you take an explicit action to enable that option. Enabling can be turned on and off at willl, so a user could sideload just one app and turn it back off to re-enter the walled garden. It isn't all or nothing.

And yet the Android ecosystem is full of malware. Funny how that works.

There's a lot more money in the iOS ecosystem than the Android ecosystem, and the scammers know it. Within a week o

Re:Apple Thinks Their Users Are Children

[_xeno_]

And yet the Android ecosystem is full of malware. Funny how that works.

And so is the App Store.

For example, check out this Twitter thread [twitter.com] about apps that do nothing but wrap legitimate apps while charging money for them.

There's a lot more money in the iOS ecosystem than the Android ecosystem, and the scammers know it.

You're exactly correct, which is why scammers target the App Store for scam apps that are nothing but ways to trick people into making in-app purchases or starting monthly subscriptions. Apple doesn't care, Apple gets a 30% cut of these scams.

If users want "freedom", an Android phone is as close as their nearest cellular provider or Best Buy. If Apple users felt constrained by the walled garden, they'd be voting with their feet, but they're not.

A lot of them would be, but Apple has tricks to lock people into the Apple ecosystem. Their photos by default use a special Apple format. Their text messages are locked into a special Apple system that overrides SMS. Google tries to make it as painless as possible to extract as much data from an iOS device but Apple keeps on finding new ways to lock people in.

Re:

[_xeno_]

The photos format is not a "special Apple format". It's an industry standard format.

It's an "industry standard format" that only Apple supports, making the fact that it's an ISO standard a distinction without difference. Everyone else is using stuff based on WebP, but Apple has to go and use something else for the sake of being incompatible.

iMessage is fully compatible with SMS.

That's not the lock-in trick. I'm sure you know what the trick is - when someone still on iMessage attempts to message someone who used to be on iMessage, it goes through iMessage and iMessage alone. You have to explicitly "disassociate" your phone numb

Re:

[larwe]

This entire "allow alternate app stores on iOS" argument is nothing but a smokescreen by companies like Epic who want to take a bigger cut of the money from the Apple store and put it in their own pockets instead.

Indeed it is a great deal more important than that. Consider:

• Why are you advocating to protect Apple's 30% cut of every app store/in-app purchase made on iOS? This has nothing to do with security and everything to do with Apple's profits.
• Why are you advocating to protect Apple's ability to duplicate and annihilate popular apps on their platform and force people into their own subscription services (which is, I think, the issue that's more important to Apple even than the 30% gravy)?
• Why are you advocatin

Re:

[fred6666]

In Android you can easily stay forever in the walled garden of the Play Store. Sideloading apps is possible only if you take an explicit action to enable that option. Enabling can be turned on and off at willl, so a user could sideload just one app and turn it back off to re-enter the walled garden. It isn't all or nothing.

And yet the Android ecosystem is full of malware. Funny how that works.

If Android's malware is in the play store, what does it have to do with sideloading?
And if Android's malware comes from sideloading, why should users not enabling the sideloading option care?

In all cases, giving the freedom to allow sideloading is a good thing. Apple does it on Mac OS. Microsoft does it on Windows. Google does it on Android. That's how it should be. iOS is the exception here. And we all know the real reason is for Apple to continue to take their 30% cut.

Am I the only person who is...

[tiqui]

tired of being forced to live in a world of guard rails defined by the most incompetent and/or criminals?

When crooks use guns, politicians let even more of them out of jail, reduce their stop-and-frisk type actions, and instead call for more "gun control" policies against the law abiding citizens.

When idiots blow their hands off with fireworks, or die using drugs they cooked up using over-the-counter cold medicines, the politicians pass laws making fireworks illegal for normal people, and requiring cold med

Re:

[AmiMoJo]

Apple could just require app stores to be in the App Store and signed off by Apple as safe. Apple could require business details and periodically check them for malware.

That's pretty much what Google does, it has anti-malware that deletes dodgy apps (including app store apps) even if they are side-loaded. Obviously won't be an issue for Epic since their store will only have legit games.

Re:

[AmazingRuss]

They're right. 90% of people that use any kind of computing device are dangerous morons with it.

Re:Apple Thinks Their Users Are Children

[UnknowingFool]

As someone who has had to be tech support for family members, treating them like children helps me. I cannot tell you how many times I have to scrub the same device multiple times of malware. Even after warnings of not to install anything they want, they still do it. Does Apple limit choice? Yes. But remember the user also has a choice to use Android or whatever they want.

Re: Apple Thinks Their Users Are Children

[RazorSharp]

Many of there users are, in fact, literal children.

Re: Apple Thinks Their Users Are Children

[RazorSharp]

Ugh, embarrassing typo.

Re:

[thegarbz]

So, Apple is treating users like little children and not allowing them even the option to make their own choice here.

You have a low UID so you probably know your way around technology and thus are woefully out of touch. Apple users (as well as Android users, Windows users, etc) ARE children. We have 30 years of data backing up the fact that users are frigging morons who will do anything against their own self interest and are largely clueless about anything even remotely technological.

The overwhelming majority of malware spreads today through direct user interaction, and Android and the massive difference in malware betwe

Re:

[couchslug]

MOST USERS ARE LIKE CHILDREN, and more like stupid children because the OS itself is not a barrier to entry.

Most people are stupid. 100 IQ, roughly that of a fire hydrant, is about average.

Wrong

[ArmoredDragon]

App Store protects consumers against scams

Yeah right

https://www.washingtonpost.com... [washingtonpost.com]

Re:

[phantomfive]

Are you suggesting a 3rd party App Store would be better?

Cydia is better than the official Apple store.

Probably true but so what?

[91degrees]

It is up to me to balance my degree of choice and the level of risk I will take. Perhaps a third party will promise a greater level of security than apple, and use that as a selling point. Is Apple also going to stop me from using those? What would be the moral justification there?

Apple is claiming, without justification, a certain moral superiority here.

Re:

[e3m4n]

since apple maintains a blind eye to all the apple app store scams that yield it 30% profits, the only conclusion one can reasonably draw is that apple's only concern is their 30% fee, not user security.

Like all the scams that are in the App Store?

[_xeno_]

Oh no, apps that are scams? Does that mean it's time to find all the articles about apps that are scams that made it through the App Store? I remember a recent article on Slashdot about someone who downloaded a Bitcoin wallet app from the App Store that turned out to steal the private keys for any wallet you provided private keys for. Somehow Apple's App Store "curation" missed that.

Not to mention the apps that exist on the App Store that don't do anything but charge money. Anyone else remember the $1000 app that made it to the App Store that literally did nothing but show a single screen? Apple got their 30%, they don't care.

Apple's App Store is already a cesspool of broken apps and apps that are flat-out scams that attempt to force you make "in-app purchases" as soon as you launch them. It's been fairly clear for ages that all Apple does in their review process is run a static analysis tool over the binary the developers provided. If your code misses some test that exists, you're denied. Anything else makes it through. The "review" process is a joke and the idea that it "keeps users safe" is an even worse one.

Re:

[thegarbz]

Oh no, apps that are scams? Does that mean it's time to find all the articles about apps that are scams that made it through the App Store?

A negative disproves a claim of absolutes. Apple has made no claim of absolutes. Their claim was directly as follows: "Allowing sideloading would degrade the security of the iOS platform and expose users to serious security risks"

Now to disprove that claim it is not sufficient to point out something got through Apple's filter, instead to disprove that claim you would need to show that Apple's app store is below the industry standard in terms of malware (hint: it's not). Otherwise you're making a strawman ar

Certification program

[dbu]

Apple could very well have a certification program. Certified applications could then be sold in other app stores. Uncertified applications could not be installed on an iPhone. The certification service could be charged by Apple at a fair and appropriate cost.

This would dissociate the security/privacy argument put forward by Apple, from the commercial argument put forward by the plaintiffs.

Re:

[seth_hartbecke]

Apple already does this, half way, for MacOS.

You pay a $100 / year "developer" fee. They issue you a signing cert that you sign all the apps you build with. If apple discovers you are an especially bad actor, they revoke your singing cert, and all the apps you wrote die. There (at least used to be) a way inside the security control panel to ignore even this, but I'm pretty sure the OS yelled every time you tried to start the app.

With the sandboxing, privacy controls, transparency reports (what apps are a

Re:

[dbu]

As you say Apple does it half-way, what you are describing is something different.

I'm talking about the combination of:
a) A new version of iOS that would be open to other stores but would only allow certified programs to be loaded and run.
b) A certification program that would verify that the programs (which could be sold everywhere) are safe and guarantee people's privacy, etc.
This would solve competition and antitrust issues while preserving the security of the platform, as argued by Apple.

Today, on a Mac,

Re:

[seth_hartbecke]

True.

But is not "getting the apple stamp of approval" the core issue with the app store?

Well ... except for Epic games. There the core issue is: we want more money.

But, for you and I, isn't the core issue: it's my device and I should be able to run what I want with it.

Huh?

[DarkRookie2]

1. Apple is already a scammer
2.

Allowing sideloading would degrade the security of the iOS platform...

So, you are telling me that your platform is inherently insecure and that one of the factors in its "security" is just obscurity. That if you had to open it up, people would find all sorts of problems and exploits for it.

Scammers already use the Apple store?

[278MorkandMindy]

"Go to apple store, search for Anydesk, then we get back money you have been scammed of on Ebay."

Get rid of all remote software in the Apple store and then try again?

Apple just tries to keep the vail

[oldgraybeard]

over the fact that as long as they get their 30% scams are OK. You can not run the walled garden, take a cut of scams and claim your clean.

Security slightly weakened, not destroyed

[Mr_Silver]

Whilst it is true that if you sideload an app then you'll avoid any of the checks that the App Store submission process makes, I think it's a bit of a stretch for Apple to suggest the security would be "destroyed".

The reason being that any sideloaded apps would still be constrained by the existing restrictions (enforced by the iOS sandbox and the iOS permissions model) that all other third-party apps have.

It's not like a sideloaded app is going to magically gain full and unfettered access to everything you

More interviews, less PR

[fulldecent]

Because news reporting is uncritical, this discussion has been framed by Apple exactly on the basis of what they want and how they want us to feel.

Instead, we should be asking Apple to make commitments and release information that helps shape public policy.

Like:

- Apple says the proposed legislation would open their platform to scammers. Does Apple commit to stop calling any of its products "secure" or "private" if the legislation is passed?

Fear, uncertainty & doubt

[VeryFluffyBunny]

Otherwise known as FUD. Usually turns out to be hot air. If Apple wanted to be more dramatic, they could adopt the line of, "The children! The poor children! Will nobody thing of the poor vulnerable children! 3rd party apps could be used to distribute child pornography & to groom & trap children into prostitution & trafficking!" or the terrorism arguments often work well too. C'mon Apple. Grow up.

Fixed the title for you

[Comboman]

Apple Says Third-Party App Stores Would Open iPhones To New Scammers That Don't Pay Apple a 30% Cut

Apple store tax

[kippswanson]

If Apple hadn't historically used their walled garden to massively screw everybody over with the 30% tax on *ahem* ...all purchases... then this wouldn't be so much of an issue. They've done this to themselves, and now they should be forced to allow competition. They can make it a multi-step process to enable third party app loading. Splash warnings all over, inform users, make them agree to the risks... etc.

MacOS?!

[sixsixtysix]

Why haven't they locked down MacOS and make all programs be bought from Apple themselves?
Any excuse for one can be used for the other...

Regarding Warranty

[Petersko]

Since Apple controls the hardware and the operating system, and they gatekeep the software that is permitted on the devices, it could be argued that all states of the device constitute "known configurations", and thus warranty coverage should apply in most cases that present as device failures.

If, on the other hand, a device has had an alternate app store and apps are possibly sideloaded, I think it should be Apple's right to deny any and all requests for service or consultation until the device has been re

So don't install them in that case

[bubblyceiling]

No one is forcing users to install non-standard apps or 3rd party app stores. Also with iOS being heavily based on MacOS, I don't see the problem even if they do. Mac can install apps from outside the Appstore, and seems to be just fine.

Re:

[larwe]

You can side-load on MacOS

You can side-load on MacOS _today_. The roadmap for that doesn't look completely sunshine-y, though. For example you can no longer replace OS-provided components with your own versions (this caused problems not too long ago because the OS-provided version of something - maybe git? - was an old version with a security problem and people couldn't overwrite it with an up to date fixed version; they needed to wait for an OS patch from Apple). And the process of installing non-MAS binaries has become less and le