>the store model allows you to disable the app and remove the store listing to prevent further distribution
You do not need a store to blacklist a known bad application, you can have the OS do what OSX is doing now(I read on HN about this, I don't run any newer OSX versions)
check an app when it starts against a blacklist.
I agree that a review will catch low level effort of malware and I am not advocating for no official store if is possible users should use applications from the sore or on Linux from the official repositories but if some application is not in the store/repo (maybe you live in one of those countries that ban apps) you can have the option to side load the application.
The statistics for malware on iOS vs Android could be problematic if you don't compare equal user groups, Like a rich kid will buy the games from Steam or Apple store, some poor kid will try to get some free games so IMO we should compare similar population.
Blacklisting may be an appropriate solution for malware but doesn't help with privacy issues because apps distributed outside the App Store by definition won't be subject to the App Store privacy rules.
> The statistics for malware on iOS vs Android could be problematic if you don't compare equal user groups, Like a rich kid will buy the games from Steam or Apple store, some poor kid will try to get some free games so IMO we should compare similar population.
Even within the Android platform Google has reported an 8x difference in malware between devices that use side-loading compared to devices that use only the Google Play Store (https://source.android.com/security/reports/Google_Android_S...). In other words, it is specifically side-loading and third-party app stores that cause the biggest problem.
We've already seen this same story play out on Windows. Why would we expect it to be any different here?
> because apps distributed outside the App Store by definition won't be subject to the App Store privacy rules.
Can you explain? Side loading apps won't disable the sandbox so the app won't have access to your files, sensors or peripherals without permissions. The OS could be even more privacy focused by allowing power users to enable an option to fake private data like contacts,photos,location etc for apps that would refuse to run without this permissions.
Second thing, what extra privacy a manual review of a guy would add to an app that can't be done better on the device by sandboxing and code?
Side loading would be used by power users most of the time or people in countries with censorship.
We will not repeat the Windows story , we would repeat the Linux story where we always had trusted apps on trusted repos and only power users would "side load" stuff, on Windows the story wad different, you needed something you used google and run the first thing you find.
Consider, for example, an app that might initially request access to your contacts for a legitimate purpose (like messaging your friends), but secretly scrapes your contacts and sells it to third parties. This is a privacy abuse that is not prevented by sandboxing since the user explicitly granted those permissions. The problem is the user has no control what the developer actually does with the data after the permission is granted.
At least with an app review policy you can say this type of behavior is not acceptable and you will be banned if you abuse it. I'm not saying that will perfectly catch all abuses but at least it serves as a powerful deterrent that otherwise would not exist if all apps were directly distributed with no oversight.
> Side loading would be used by power users most of the time or people in countries with censorship.
Not sure why you think this but it simply doesn't match existing statistics. Side-loading and third-party stores are quite common in certain countries and it leads to large numbers of regular people getting infected by malware. For example, Kaspersky reports that 60% of mobile users in Iran and 38% of mobile users in India have been attacked by mobile malware. (https://securelist.com/mobile-malware-evolution-2019/96280/)
Those poor people will never buy an iPhone or expensive phone, you should compare how many Samsung Galaxy or Pixel users in US vs iPhone users in US that have same financial situation get infected, otherwise you could compare iOS users in US with XP users in China it is "lying with statistics".
The guy that reviews the Apple Store has no idea if the developer sells the data to a third party, the chances that somehow Apple finds this out in time to help you is minimal, it would help if Apple would let you give this people fake data or more granular data (like I want to give them a first name, 1 picture, and a city location but not much more details). Many existing apps are using FB SDKs, other advertising related library in the apps, loot boxes and other dark patterns and Apple is not blocking this because they have a financial interest.
I don't understand your point. Are you actually suggesting that poor people don't count?
If you consider the US alone you're still looking at ~17 million malware infections last year on Android devices.
> The guy that reviews the Apple Store has no idea if the developer sells the data to a third party, the chances that somehow Apple finds this out in time to help you is minimal
The fact that they can ban these developers serves as a deterrent. What you're suggesting is the equivalent of saying there's no point in having laws against stealing because some people will steal anyway. What you should be considering is the net effect of the rules against the overall frequency of the problem, not whether it prevents them 100% of the time (which is impossible anyway).
> Many existing apps are using FB SDKs, other advertising related library in the apps, loot boxes and other dark patterns and Apple is not blocking this because they have a financial interest.
Now imagine how much worse it would be if Facebook (and every other app) was directly distributed and had zero oversight whatsoever.
My stats point is this, let me show a simple example. Say in my small poor country nobody has the latest BMW and most people use some 20 years Renaults. Then you can create some stats to show BMW is perfect and Renault is crap. Where would be fair to compare cars that are in the same price category, same age, same driver category etc.
Is the same statistics shit Apple fanboys use when they want to show that Apple can't be a monopoly/duopoly the use a world wide stat(where in fact in US Apple and Google are around equal (iOS appears on top on this source but who knows how credible it is https://gs.statcounter.com/os-market-share/mobile/united-sta...)
About laws, it is more like because someone is getting hurt with his power tools then we ban power tools and we allow only children friendly tools. This is not how it is sone, we can ask for safer tools but if someone injures himself with his power tools it is his fault. (and now I expect the argument about "Apple branding needs to be protected" dude Apple shipped bad keyboards and refuse to aknowledge the issue until a a lawsuit, Apple fucked witht eh battery behind the users back and a lawsuit had to happen for this to be shown, Apple branding is not something as a user you need to care about because it promotes antiuser behavious.
Sounds like you're reaching for excuses to dismiss the obvious malware problem on Android.
No one is advocating banning power tools. There are plenty of power tools (Android devices) out there for people who want to buy them. What you're advocating is that Apple shouldn't be allowed to sell their own, safer, tools to people who want to buy those instead.
- if Apple wins vs Epic then Google and Microsoft have precedent and they can lock down their platforms , previous legal precedent was with IE bundling
- because Linux exists that does not mean the Microsoft can do whatever they want, similar because at this moment Android devices exists and some power users can side load and an even small umber of users can root them does not mean that others can lock things down.
Your statistics are misleading and you are avoiding to compare apples to apples. Show me how much malware is on OSX because that platform was not as much locked,
> - if Apple wins vs Epic then Google and Microsoft have precedent and they can lock down their platforms , previous legal precedent was with IE bundling
Bundling IE with Windows was never established to be illegal in the United States, the issue was overturned by the appeals court and precedent was never set. What was found to be illegal was forcing other companies (like OEMs) to include IE on computers they manufactured as a condition of obtaining Windows licenses.
> - because Linux exists that does not mean the Microsoft can do whatever they want, similar because at this moment Android devices exists and some power users can side load and an even small umber of users can root them does not mean that others can lock things down.
The difference is Microsoft had 95% of the market during their antitrust case. If they had 5% of the market the outcome would have been very different.
> Your statistics are misleading and you are avoiding to compare apples to apples. Show me how much malware is on OSX because that platform was not as much locked,
Are you unaware that Mac malware is a growing problem?
It is my expectation that Apple verifies the identity of developers submitting to the AppStore. It is my expectation that if the initial review doesn't catch the abuse, and my contacts list is scraped and sold that Apple will eventually find out and ban the app from the store.
It is also my expectation that Apple will file a suit for damages, and help a legal firm file a class action suit against the developer on behalf of the victims.
If you are right and this isn't happening yet, I hope Apple starts doing it.
Yes Apple will terminate a dev account for not respecting the terms but I am not aware of Apple or Google trying to bring to justice developers that sold private data, at least in US there is a big resistance against having a GDPR like law so you could use the courts to punish some developers. Also we know that Apple (like Amazon and others) used contractors to have them listen to private recordings of users without asking consent (like hey user , I do not understand this can I send it to the cloud so strangers can listen and do stuff with it ?) , so for Apple privacy is a tool for making money, it aligns with your interest until a point (but as with Siri example you can see it is not 100% aligned with your interests)
You do not need a store to blacklist a known bad application, you can have the OS do what OSX is doing now(I read on HN about this, I don't run any newer OSX versions) check an app when it starts against a blacklist.
I agree that a review will catch low level effort of malware and I am not advocating for no official store if is possible users should use applications from the sore or on Linux from the official repositories but if some application is not in the store/repo (maybe you live in one of those countries that ban apps) you can have the option to side load the application.
The statistics for malware on iOS vs Android could be problematic if you don't compare equal user groups, Like a rich kid will buy the games from Steam or Apple store, some poor kid will try to get some free games so IMO we should compare similar population.