As someone who has jailbroken almost every iPhone I've owned I am very familiar with whole categories of apps that can't be distributed through the App Store. That said, how do you handle the FB's of the world or other bad actors who will (ab)use private API's if they no longer have to follow Apple's rules?
I could see Apple offering a new entitlement for payment processing, maybe with defined endpoints for canceling/managing subscriptions but 3rd party app stores open a whole can of worms. Can Apple lock down their private API's? Maybe, but I feel that will lead to a cat and mouse game where apps have lots of code testing to see what they can reach out and access on the OS version they are installed on. Sure, the FB through the official App Store won't be doing that but the FB distributed through Facebook's own App Store will. We've already seen what FB will do when given unchecked ability to distribute apps (see Onavo, FB's VPN to spy on users). Do you really think that end users will care that they installed an app through a seedy 3rd party app store? No, they will blame Apple if their data is stolen/privacy invaded.
I can already see the "promos" apps like FB or scummy games will run to get you to install them via some app store which isn't vetting the apps. "300 free coins if you install via AppStorez".
> they will blame Apple if their data is stolen/privacy invaded
This is something that happens currently because Apple has decided they are the sole distributor of apps, with their explicit approval implying that the app is good and wholesome.
I think you only need to look to Windows and macOS users to understand that people don't hold the platform fully responsible, and rightfully so.
> Do you really think that end users will care that they installed an app through a seedy 3rd party app store?
Apple certainly will care, and they can and have rejected signing certs on Mac. For better or worse (Apple still having final say on what constitutes malware), I think this is fine (for now).
> Can Apple lock down their private API's? Maybe, but I feel that will lead to a cat and mouse game where apps have lots of code testing to see what they can reach out and access on the OS version they are installed on.
Yeah, sounds great. Look at where Windows security is compared to 10 years ago. Things get better over time and that only comes through testing the limits.
Apple has a lot of money and they can certainly hire the experts to work on these hard problems.
>That said, how do you handle the FB's of the world or other bad actors who will (ab)use private API's if they no longer have to follow Apple's rules?
how does Google or Windows handle it? This idea isn't novel, and there are billions already spent on antivirus initiatives, regardless of how open or closed the platform is.
I wouldn't be surprised if people blamed Google for a variety of things they downloaded on Chrome or an android device, but I haven't heard much traction being gained on how responsible google is for what users download from the internet.
I could see Apple offering a new entitlement for payment processing, maybe with defined endpoints for canceling/managing subscriptions but 3rd party app stores open a whole can of worms. Can Apple lock down their private API's? Maybe, but I feel that will lead to a cat and mouse game where apps have lots of code testing to see what they can reach out and access on the OS version they are installed on. Sure, the FB through the official App Store won't be doing that but the FB distributed through Facebook's own App Store will. We've already seen what FB will do when given unchecked ability to distribute apps (see Onavo, FB's VPN to spy on users). Do you really think that end users will care that they installed an app through a seedy 3rd party app store? No, they will blame Apple if their data is stolen/privacy invaded.
I can already see the "promos" apps like FB or scummy games will run to get you to install them via some app store which isn't vetting the apps. "300 free coins if you install via AppStorez".