While not a brand new story by any stretch, the idea that Apple should open up the iOS computing platform has been constantly simmering in my Twitter feed and across my RSS unread queue. I wanted to take a crack at putting down some thoughts.
The impetus to my post here was this post titled “On Sideloading on iPhone — It’s OK, I’m Changing My Mind” by @numericcitizen:
If the App Store was scam-free, entirely free of copycats, I would trust Apple’s review team in its abilities. It’s not the case. Apple can’t honestly defend the App Store as being a secure place. It is not. The App Store today is full of crap. Sideloading has nothing to do with this fact.
The core of Apple’s public argument about why software for my iPhone must come from one (and only one) place, their iOS App Store, is that it is “safe and trusted”. Yet that is not true, and given the number of times it has been repeated borders on being a lie! You can find plenty of examples of scam apps on the iOS App Store, and you can follow Kosta Eleftheriou ( @keleftheriou) on Twitter for new examples near daily.
This is not a case of a few “bad APPles” slipping through from time-to-time; it is a frequent occurrence. Kosta has suggested that a “bunco squad” could and should patrol the iOS App Store, find these apps, and take them down. It is not even that hard, considering one guy on Twitter can do it for free! Apple can hire a team of people right now to take on this work.
Yet that’s not happening.
The iOS App Store opened on July 10, 2008 and as of 2021 contains around 1.8 million apps (thanks for the facts, Wikipedia!). Technology often moves at a breakneck pace, but Apple’s ability to monitor and control quality apps on the App Store has not kept up. Arguably, it is not a “safe and trusted” place to download apps. It is, by current definition, the one and only place to download apps - so you have no choice but to ’trust’ it!1
The App Store is not Your First, Second, or Third Line of Defense
The software which runs on an iPhone is subject to multiple technical barriers that prevent it from doing bad stuff. Downloading an app from the iOS App Store is not what gets you this multi-layered protection; running an app on your iPhone already does that job!
Just because an app has been installed directly [sideloaded], that doesn’t mean that it can do whatever it wants….I can’t access the camera without asking for permission, just to give an example.
App Review is not composed of infosec experts.
“There would be lots of scammy apps that steal from users”. Yeah, like there aren’t any scams in the App Store, made easier by the quick Touch ID or Face ID to pay for in-app purchases.
“But at least if the scam is in the Store, Apple can pull it”. That’s also true of Mac apps distributed outside the App Store. They must be signed and notarized, so Apple can flip the kill switch at any time, they can disable a single app, or all apps from a given developer.2
All of the above protections are what you get today, for free, when sideloading an app3.
If Apple made a decision to create a “safe and trusted” experience out of sideloading, the technical foundation is already in place. And the experience could be so much better!
A quick note about ‘jailbreaking’
Given a jailbroken iPhone, sure, a user can install software which does do some pretty bad stuff. That software could escape its sandbox, interact with other processes, etc etc. However, of the users who have jailbroken their iPhones we should assume they understand those risks. It seems unlikely jailbreaking will ever become so simple and mainstream as to be accessible to the average user and therefore I do not believe it warrants a place in this conversation. Avoid the slippery slope fallacy that opening up the iPhone to sideloading somehow makes jailbreaking devices easier and puts users in the way of greater harm.
What does the iOS App Store get me?
Apple’s App Store gets you App Review, which is a human review system that looks at new app versions submitted by developers. However, there is ample evidence that suggests the team of humans behind App Review is not looking at new or updated apps from 9 to 5 in order to protect user privacy. They are not there to help out developers, either. They are there to make sure Apple’s 30% cut of all digital goods revenue is protected. Is there a link to an external web page where a user can sign up for Netflix? Well, better reject this app update!
There is an argument here which purports that Apple needs this revenue to continue investing in and improving on the overall iOS ecosystem; the reason you love your iPhone is because Apple has spent many years and a vast fortune making it this good! Apple itself, via Tim Cook’s testimony in the Epic Games Trial, believes it is entitled to this percentage of all digital commerce taking place on its platform. The idea is that something has to fund Apple’s efforts and continued investment into the App Store…right?
Well, no. At least it is difficult to draw a clear line from “Apple’s 30% cut funds the development of iOS” and “we must collect this revenue from the App Store”. Jason Snell writing at Six Colors provides charts of Apple’s financial results. Looking at fiscal 2021 and any given quarter (this link for Q2 2021), it’s clear that Services revenue is just a small portion of the overall pie. Apple does make money from the App Store, although Services revenue includes a lot of other line items like Apple Music and the subscription bundle Apple One, but it is not what keeps the lights on. Sales of the iPhone are still king.
It does not have to be this way! The Verge article Eight Things Apple Could Do To Prove It Actually Cares About App Store Users I linked a little earlier in this piece suggests how the current App Store model could be improved, so that the 30% Apple takes actually seems like it is paying for improvements to the experience over time, and is not just rent-seeking behavior.4 I am perhaps amazed these options have not been explored by Apple up to this point, because they seem to be such obvious improvements on the current experience!
Or, Apple could embrace sideloading in some form. From Jason Snell’s recent take on sideloading at Macworld:
Think of all the negative coverage you’ve seen of Apple regarding the App Store–apps being rejected, developers unhappy and complaining. When every app review decision is no longer a death sentence, the gravity of the situation is reduced. What was once a story about Apple ruining someone’s business for capricious reasons is now just Apple declining to be someone’s marketing partner. That makes it a much less juicy story, and that’s good for Apple.
When Apple is no longer the sole arbiter of what apps can be installed on the device you paid for, it greatly reduces the risk of making a wrong decision. The vast majority of users can continue to trust Apple’s judgement and download apps only from the iOS App Store. Apple can market the heck out of their App Store and the advantages it provides. No developer can claim Apple is “keeping me out”, because sideloading is a way for any developer to connect with their audience of users.
Having some sort of competitive force, where Apple’s best judgement is now competing against, and can be iteratively improved by, others in the marketplace would be a good thing.
Why not make a change?
The core of the App Store and App Review has been largely unchanged these past years. Why not make a change now?
An argument I have come across is that the “walled garden” approach is best for a large population of users. Those users chose the iOS platform precisely because it limited their choices.
Suppose a mega-app like Facebook could sideload its app and forgo the Apple App Store. This leads to Facebook overreaching and creating not just a sideloaded version of the Facebook app but their own App Store. Next, Facebook removes their app from Apple’s App Store. Users who wish to use Facebook (and there are a lot of them!) cannot now make the choice to download it from Apple’s App Store and are missing out on the “privacy is a human right” ethos Apple claims to embody.5 User choice remains restricted, although this time by Facebook (the app-maker) instead of Apple (the platform-maker).
Once a user is installing the Facebook app from the Facebook app store they are lured into installing other apps from it, as well. These apps are not bound to the same privacy standards as if they had to be distributed via Apple’s App Store. And this all spirals into a world in which we’re less secure. At the very least, it spirals into a world in which we as users must make conscious choices between which app store we’re downloading our apps from. Facebook is available only on Facebook’s app store, and the New York Times app is available on both Apple’s and Facebook’s - so which to choose?
This argument relies heavily on the belief that each step in that plan would come to pass exactly as we expect it would. Maybe it would? Maybe not?
Regardless, we should not live our lives in fear today because something bad might happen in the future. The Apple App Store has well-documented problems, and apprehension of worse outcomes should not paralyze forward progress on fixing those problems.
Try, fail, improve.
Apple’s App Store needs to start trying.
Update 12 March 2022. From Ian Lynch Smith on 10 March, a dark pattern not only approved by Apple’s App Review, but then promoted as Game of the Day:
Apple needs to do better. Yesterdays “Game of the Day” has a 2022 biz model of $120/year. The “no thanks” is color hidden in upper left, the red “free trial” is actually the same as the “subscribe” button. Appls’s #1 app store push yesterday.
And here’s the image.
Consider if Apple ran an email newsletter where they approved the content, and some days that email newsletter had spam links which if you clicked installed a bitcoin miner on your computer. Is that actively harming you? No. But there’s no world in which we would think it was ok. Same with Apple promoting these apps which are intended to make it as difficult as possible to avoid paying their exorbitant subscription rates.
Update 13 March 2022. Amazing timing as I had updated only yesterday, but today we’re back with Ben Sandofsky, one of the makers of Halide, tweeting:
Our bug fix update has been rejected because of our app preview. It was added 18 months ago with zero complaints from App Review. I am getting extremely tired of this theater.
This rejection is in direct contradiction to Apple’s announced policy change only 18 months prior!
For apps that are already on the App Store, bug fixes will no longer be delayed over guideline violations except for those related to legal issues.
According to 9To5Mac Halide is “one of the most popular professional camera apps for iPhone and iPad.” This is an app with a higher-than-average profile. It is bonkers that Apple cannot expend even the tiniest amount of effort to ensure apps which showcase and amplify the best features of the iPhone are treated better.
One of our employees apps just got banned from the App Store for “trying to deceive users” because we used it to test price change behavior: they created a new SKU, subscribed to it, then raised the price from $4/wk to $9/wk to get screenshots of the flow.
This must have flagged something in the App Store looking for fraudulent price increases (even though it was opt-in) and they got a notice that the app will be removed in 14 days.
They told Apple it was just a test, and that wasn’t a good enough reason for them.
It was ONE PURCHASE. That’s obviously not fraud. The app generates > $1k a month in income, and Apple is just going to kill it because they have absolutely horrid appeal processes for developers.
Fine, Apple, have your 30%, whatever, you invented the phone.
You spend so much money on flashy WWDC swag, and dumb promotional videos.
How about you just RESPECT DEVELOPERS?!
We helped make you the most valuable company in the world. Act like you care for 1 minute.
Regulate the damn thing. I’m over it.
Building a business where you are at the whim of a capricious, faceless bureaucracy is hell.
“Faceless bureaucracy” is the key phrase. Private companies don’t want you to be able to vote with your feet, since it would cause a mass exodus when their faceless bureaucracy begins pissing people off. The core of why Apple wants a locked-down and limited walled garden is to prevent competition and ensure their faceless bureaucracy can survive.
Meanwhile, Disney can make price changes which are default opt-in! Per TechCrunch:
Recently, some developers noticed that the streaming service Disney+ was seemingly only informing users of upcoming price changes then automatically opting them in.
Side note, Apple giving special permission to some developers to enable subscription increases is NOT a bad thing! Businesses can collaborate (Apple + Disney). The thing Apple should absolutely stop doing, however, is falsely claiming they “treat all developers the same” - they do not, and should not.
Update 17 April 2022. And another!
Sure, you could switch to Android. This is not a clean argument. Should I purchase a new vehicle because I don’t like the tires Mazda sold me on my 3? That would be ridiculous! ↩︎
While I have come to appreciate this feature, initially I was rather against it and I think it deserves scrutiny and awareness as a possible avenue of future abuse. ↩︎