Superior functionality exclusively in the EU — USB-C, side-loading — is a good thing. It will remind US folks that the law is a powerful mechanism for making simple, non-controversial changes that improve everyone’s quality of life; but which corporations would otherwise refuse to accept. BTW — LAAS (lobbying-as-a-service) should probably exist.
The EU is at the side of the customers as long as the companies making the product are not in the EU. Had the EU a strong phone manufacturer industry that didn't use USB-C, we still wouldn't have that requirement. Companies always maintain closest lobbying ties to the governments they reside in (at least if both economies are equally developed), and countries care less about companies that don't give many jobs to their residents or taxation revenue.
I would like to see some solid proof on this, as I don't buy this claim.
The EU has squeezed telcoms on roaming charges which created a lot of howling. The EU also has rather strict regulation concerning gas use of cars, ICE emissions and so on, probably second only to California. The EU approach to food and pharma security is fundamentally different to that of the USA, and it impacts EU companies. Regulations around green GMOs are so strict they basically killed the European market for GMOs.
This was Germany the government, not the car companies. We're not perfect here in the EU either. But indeed the interests do seem more balanced than in the US in general.
This whole ICE thing is something even most of the German car manufacturers do not want. It was also not part of the coalition contract made by the government.
The smallest party (FDP) in the coalition went on a solo power trip against their partners. The partners relented because they need the FDP to fall in line with more important stuff.
Also worth noting that the FDP is currently getting voted out of more and more state parliaments because people are not happy with their work.
Also regulation to automatically limit speed of cars - the biggest low hanging fruit when it comes to safety and quality of life in cities keeps getting delayed and crippled because of car manufacturers want to sell fast cars.
Is it just car manufacturers who are not keen on the idea? I for one don’t want a computer that has zero situational awareness, interfering with the controls when I’m driving and responsible for the vehicle.
The ability of computers to control the vehicle should be proportional to their perceptive abilities. No output without input.
If you’re concerned about the EU speed limiting directive it’s so permissive you can override the control just by using your gas pedal.
(No comment on the how this is different to e-bike and scooters where hard limits are mandated despite the much lower speeds and masses involved)
Computers don't have zero situational awareness anymore, look at what Tesla is doing.
But even strict limiters without intelligence are commonplace, here in the EU most trucks are fitted with them. Which can be annoying because it causes trucks to overtake each other ridiculously slowly sometimes. It's not something that causes major safety issues though.
Tesla's FSD, despite a decade of promises, is still not ready. Most (non-Tesla) cars have some speed limit display, either based on vision or maps, and it works ~90% of the time. It's okay as a FYI, but not reliable enough to be more than that.
Before we can mandate software to observe the limits, we need proper software-readable signage.
Sometimes signs are placed between two roads running in parallel, and apply to the other one. Humans understand that subtlety in sign position, but computer vision doesn't. Signs can also be obscured by trees, etc.
My car's GPS-based speed detection doesn't understand height, so on crossings with bridges/overpasses it picks one at random. When I drive on a highway it can briefly flip to a speed limit of some ramp, and I wouldn't want this to cause phantom breaking.
It's very easy to make it reliable even if limited. For example detecting if you're within city borders and limiting your speed to 50km/h would improve things immensely. Add to that a complete no-brainer of limiting the top speed to say 140km/h. It still wouldn't be perfect but we don't need perfect. We need a way to stop the terror and danger speeding drivers impose on others.
That we can pass e-bike speed limit in short time without even asking people if they want it while we can't limit cars, which actually cause hundred of thousands of deaths and injuries per year tells you all you need to know about the state of things.
When it comes to limiting speed zero situational awareness is great. Somehow we all accept it for light benign vehicles like e-bikes and e-scooters - 1500+kg metal boxes with limited visibility though? - can't have that!
The situational awareness of humans seems to be the problem here:
It's either "let's make everyone look at me by making a lot of noise" or
"nobody's looking, I'll ignore the speed limit"
Not arguing particulary in favor of AI here. I just happen to hate the perception of private vehicles as extension of one's individual freedom. The restrictions imposed on e.g. pedestrians caused by this thinking tend to be ignored.
Public transit for everyone, cars for goods, services and emergencies, that would be my utopia.
That is hardly the fault of the EU, but one member state. Everyone points to the evil bureaucratic EU, but in reality, member states frequently get in the way of the EU to protect their industry.
In both cases, Germany had to accept rules they would have never accepted if they were outside of the EU - even if they sadly were able to soften them up.
By the way, the way farmers destroyed McDonalds in France in the 2000's created a wake up call for the company to adapt its offers to the local markets. Afterwards France was the fastest growing market and the "recipe" was then exported all over the world. This really interesting to read about it.
Show me example of a thing that would prove it. EU has tons of regulation on cars(most of manufacturers are EU based) - ask any car manufacturer how easy it is to get a car sold in EU(not saying that tons of regulation is good or that difficulty of producing is good, but it is an example that goes well against your argument).
There is an argument that companies in mature sectors (like automobiles) advocate for increased regulation as a moat to keep competitors out since building a mechanism to comply is extremely expensive for new entrants.
That would be a shallow argument. Manufacturing cars, at scale, is a very complex problem that even manufacturers that have jumped over the "moat" in getting a vehicle approved by regulators like Tesla struggle a lot with. Also, car safety and pollution regulations are extremely important given the prevalence of cars so it's not like it's useless regulations just for the sake of it.
Well, yeah but your definition is also kinda recursive "mature" sector is a regulated sector. Well restaurant schtick to me is way more mature if we stick to original vibe.
The thing is most regulation is happening where people actually get hurt. Hey, I am not super pro regulation person, but in comment above, I just tried to disprove something that seemed false. I am not going steelman pro-regulation arguments any more :)
I think you greatly overestimate the importance the average American assigns to "superior functionality" on an iPhone. As important as it is to you or me, the average person doesn't know or care why they should have these features.
Why so shallow? Don’t care for this particular feature, maybe but the broader fight is about ownership and control of the things you paid for.
Sideloading is going to be nice for programmers as it will have to allow for more flexibility in what apps are allowed to execute
>Firefox is my primary brower, but 5x per week I have to switch to Chrome because a website won’t let me login or is acting funky.
I have used firefox and adblock/ublock since literally 2007, and have NEVER experienced this. What websites have given you trouble? What functionality doesn't work in firefox? What functionality is even different in firefox? Is it just servers reading your user-agent and saying no?
> will have to allow for more flexibility in what apps are allowed to execute
Of course it won't. There will be 1% of apps that do something that HN crowd will perhaps care about.
The rest will be apps that try to circumvent privacy and security, and/or chase their own goal. Note how much speculation there is about Meta going the side-loading route.
> You underestimate the size of alternative stores.
We both can both underestimate and overestimate the size
> That lightning cable on iOS is stupid, it only benefits
Apple has had exactly two connector types.
USB has 14 connector types. On top of that USB didn't even have a power delivery standard until after Apple shipped lighting, and didn't have things like fast charges etc. until USB-C.
And USB-C is in itself a big mess of a standard where you can't even be sure if a cable support features you need.
So, no. Lightning benefited Apple's customers immensely.
Ah yes, $20 for a 1 meter cable is so good for the users, so they can get USB 2.0 speeds! Lightening hasn't been a competitive standard for like a decade. High power charging standards were around since 2012 at least.
> Lightening hasn't been a competitive standard for like a decade.
Lightning was introduced in 2012. So you're trying to say that it was competitive for just a year?
Of course that's bullshit.
> High power charging standards were around since 2012 at least.
And those standards (multiple) are? You're probably referring to Power Delivery which was finalised the year Lightning was released? Or the finally upgraded versions of Power Delivery that only appeared with USB-C (that mess of a standard where you don't even know if a cable is capable of doing anything)?
Apple made their app store incredibly restrictive and took a massive cut of any profits that anyone was making. Not just app sales, any profits. (This happened to hey.com, they wanted a cut of the subscription that users were getting outside of their app). Sometimes apple would just outright steal developer's apps by making their own version, then blocking the original developers by claiming that they were making rip offs of Apple's apps (you'll find a few stories of that happening here on HN).
Then to really rub salt in the wound, they started telling developers in essence: "If you don't like the way we run our app store then you can always make a web app", despite the fact that they had purposefully hampered web functionality on their devices to force developers to use the app store.
It's really strange how their browser only started getting better all of a sudden when they were getting sued for their anticompetitive behaviour and the EU said they were drafting up legislation to break their monopoly.
It is directly due to the efforts of the EU that Apple has been dragged kicking and screaming to add functionality to their own ecosystem that is objectively demonstrably superior to what was available before.
Am I the only one who loves the way Apple handles subscriptions and the fact that they manage them and make the rules? I don't know a single other store or offering where getting rid of a subscription is easy. Not one. Netflix, Amazon, every newspaper, it's all complete crap. With Apple you have all subscriptions in one place and there's exactly one way to cancel the subscription and it takes five seconds. It's amazing for the customer. It's easily one of my favorite iOS feature.
sideloading will not mean sidestepping the 30% cut for developers. Mark my words. If you need an example, look at what happened with the Netherlands and dating apps.
As soon as you have sideloading, you have developers who can't get kicked off the app store for not giving a 30% cut because they're not on the app store.
If they don't cave now then they will be forced to follow the law eventually, but this time they will get 10s of billions of dollars of additional fines.
The amount of fines that Apple wants to choose to pay is up to them. Either they cave, or they pay as large of a fine as for however long they keep fighting.
Side-loading may bite back in nasty ways. Tiny but locally required apps may use it to work around legit limitations. Pay-for-parking apps, shop loyalty systems etc. Yay for more spyware and api exploiting.
What if I don't want to sideload, but some app I really want to use it says screw appstore and sideloading is the only way? For example to pay for parking or use a loyalty scheme in some shop. Of course, technically I could use other means or avoid such businesses altogether.
No Thanks. Can you tell me how GDPR has made EU life better than US? It's a hot mess. Criminals of EU can now easily hide from the internet, while the innocent click through hundreds of cookie popups
For those replying, I believe the parent was saying that EU phones are stuck with a physical SIM slot because of regulations. In the US, iPhones no longer have a SIM tray.
Yes, people misread this to read “only physical sims”. The sim tray is useless in 2023 imo, but their phones are stuck w/ them because of laws that aren’t keeping up. We’ll see how well the regulators keep up w/ the next generations of tech.
I understood it but I would definitely want at least one physical SIM on my phone. It has served me well many times (and not limited to remote areas) when my phone is unusable and I can use my SIM on another phone with the lock PIN.
I've had to contact the carrier to get a new phone approved for a SIM here in the states, so in my mind it is a bit of a wash there.
On the flip-side, T-Mobile has an app to add an eSIM to "test drive" their service on your phone for free, and I look forward to the day I can buy travel SIMs in advance on my couch at home.
I've travelled across Europe with eSims bought from Mobimatter, and I've also bought local Vodaphone eSim in Italy and some other operator Montenegro. In fact, I'm writing this from a eSim in my iphone while I wait for Airbnb to resolve issues with check-in on Cyprus. What are you talking about?
Yeah, we have two esims as well. More or less feature parity. No clue why anyone would want a sim card/tray in 2023. I’ve been working remote on 3 continents in the last year across the economic power spectrum and have never thought of using one.
We have both esim and physical. Not only this, for people that want more privacy, some can buy physical sims without any documents at simple shops so that there is no risk for govt to track you
Let’s suppose you’re right that USB-C and side-loading are “superior functionality”. There must be some value to that superior functionality; consumers should be willing to pay extra for it if they value it. It seems logically like Apple ought to offer a USB-C iPhone if there is enough demand for it to generate more profit, except that it lowers the cost for customers to switch phones, which likely costs them more than they’d make in additional profit by having a USB-C version. This puts their interests at odds with the customer’s interests. There are a lot of other similar situations, e.g. most people would rather have cars that last longer, not have to deal with advertising, farmers want repairable equipment, etc., but the economics don’t work out well for the company. How does a market economy rectify that?
I’d argue that in theory, new upstarts ought to be able to enter the market and satisfy the demand if it exists. However, in many fields, there are substantial barriers to entry that prevent this. For instance, in the auto industry, it takes huge amounts of capital to reach the necessary scale, gain enough experience and reputation, etc., to be able to compete with existing companies. Similarly, it would be a monumental engineering effort to produce “iPhone with USB-C” due to the amount of intellectual property, goodwill, Silicon deals, integrations, etc., that Apple provides. It would be impossible, really, due to iMessage and FaceTime being proprietary. There could be new cable providers that don’t run ads, but they wouldn’t be able to compete on cost, and they would have trouble dealing with the regulatory environment for infrastructure, striking deals with networks, etc.
Banning companies from engaging in practices that benefit them once they become sufficiently adversarial to consumers isn’t a scalable solution. There are many instances of this across many industries; regulating them all would be like playing Whack-A-Mike. It also provides no recourse to the group of market participants who don’t care if their phone has Lightning or USB-C, and probably prefer Lightning since they already have a charger. It also leaves less room for innovation since companies will have to comply with standards, possibly preventing superior technology from being developed (that’s how we got Lightning to begin with).
I’d love to hear other/better solutions. I’ll throw one idea/observation out myself. A lot of these misalignments are because providing a better consumer experience today reduces the likelihood they will be a customer tomorrow. Either they will leverage the lower switching cost to switch, or they will be more loyal but purchase less in the future due to the increased quality. What’s a way to manipulate company economics to favor shorter-term views of the company, and disregard higher-growth plans? Higher interest rates. Maybe a higher interest rate environment could mitigate some of these issues by ensuring companies care about the business they have today, more than the one that they could have tomorrow.
Regulatory capture is so pervasive in the US that I’m afraid there’s little chance that the law will ever change to benefit consumers in a meaningful way.
When this was first proposed in the EU, the connected they wanted to mandate was the "standard" at the time. USB Mini-B. Which is now deprecated and a few generations behind.
And the same arguments were made at the time. "Stifle innovation" and "what innovation, this connector is perfect. No need for improvement."
They technically can, but making such update is not like making a correction in google docs, it easyly can take years. And as always in politics there will be some well-established players interested in keeping outdated standard in place.
I like USB-C way more, and frankly don't like Apple that much at all, but let's not pretend lawfare doesn't have collateral damage.
In everything in life, there are trade-offs between different solutions. Personally, I like having just one connector for chargers even if it takes a few extra years to update. I don't think it will, someone else in this thread mentioned the actual connectors aren't in the law but rather a description of a process that the standards org has to perform when updating the approved connector(s) list.
I do like the same thing. That's why I don't buy Apple things for personal use, and it doesn't even feel like a trade-off. I may agree with using blunt and stupidly heavy weapon which is gov't (in this case supragov't) against power of some monopoly. However, charger doesn't look like that case at all. I think it was picked simply because it makes a nice populist move, and not because it has significant impact on a significant number of customers.
I never understood why this law became so important either. what’s so bad of having 2-3 different type of ports? If your senator / deputy has time to spend working on such laws then maybe they need to rethink their career choice.
How long it took to pass it and how long it will take to update it? Meanwhile when a better port comes up, manufacturers will stay away from it because of this limitation.
Well, obviously the EU authorities aren't as ass-backwards as people claim if they switched from mini-USB to USB-C, are they? So why would they be less flexible if USB-SuperNexGen comes out?
USB-C itself was that "magic" new port 10 years ago. EU at the time was recommending standardization on the abomination that was micro-USB. Luckily they didn’t make alternatives illegal, like now, or you’d never have seen your much beloved USB-C.
Luckily, that is exactly what happened! The law explicitly states that it will be reviewed every few years to determine whether USB-C is still the best choice.
And why would a better choice magically appear though when it’s illegal to put it on the market to let it prove itself? Why would anybody who is actually innovative pay to research and risk such a better choice in the first place? To wait for its review in a few years?!
Sounds like you describe how aviation and other critical tech work. Every single piece has to be checked and validated by the administration, and yet planes keep flying.
They add another common standard, probably allowing manufacturers to choose between "old" and "new" for a little while.
Similar to the switch from microUSB-B to USB-C. Budget phones kept using the cheap option for awhile, but eventually costs came down and people settled into the new standard.
Not sure how it's done in the EU, but their legislature could delegate authority to make such decisions to an executive agency if the process of passing an amendment or new law is too slow.
That's how it's done, is my understanding. The actual articles of the "usb-c" law[0] doesn't even mention usb-c. Here's what Article 1 states:
> With respect to radio equipment capable of being recharged by means of wired charging, the Commission is empowered to adopt delegated acts [...] in order to ensure a minimum common interoperability between radio equipment and its charging devices, as well as to improve consumer convenience, to reduce environmental waste and to avoid market fragmentation, by:
> (a) modifying, adding or removing categories or classes of radio equipment;
> (b) modifying, adding or removing technical specifications, including references and descriptions, in relation to the charging receptacle(s) and charging communication protocol(s), for each category or class of radio equipment concerned.
> [...]
> The Commission shall submit a report on the assessment referred to in the third subparagraph to the European Parliament and to the Council, for the first time by 28 December 2025 and every 5 years thereafter, and shall adopt delegated acts pursuant to the second subparagraph, point (a), accordingly.
So the Commission (which is part of Europe's executive branch) can enact delegated acts to add new technical specifications for wired charging. USB-C is not "hardcoded in law". What's hardcoded in law is the Commission's authority to mandate the use of certain ports.
I don’t know why everybody trusts government bodies to act fast and delegate authority as needed when it’s clearly not how things happen in the real world. The nature of government is to be slow, safe and long-term, not enable technological disruption.
For example the cookie law has made most websites significantly less enjoyable and everybody hates it and yet it has been stuck for years, no hope of improvement in sight.
Exactly, standards should be durable and predictable. They need slow, lumbering curators.
When it comes to overbroad laws like the cookies thing, lazy malicious adherence is the name of the game. Simply block JavaScript from domains like "cookielaw.org", and you'll never see the dialogs.
Is it legal that the website doesn't ask for your consent if you block random third parties from executing code on your machine? Who cares!
You mean like when everyone moved from mini-USB to USB-C? It's also good to remember that lightning connectors are USB2 in a different form factor - outdated and slow.
There wasn't a law mandating the use of the old micro-B port. The EU issued a memorandum asking companies nicely to use micro-B, but obviously it wasn't enforced (Apple never complied).
This situation is different. Apple and others are completely unable to upgrade to USB-D when it comes around.
No, they are not. They will be able to use USB-D in parallel with USB-C until USB-D becomes industry standard, at which point it will be adopted by the EU as the new mandatory standard port.
And during that transition, exactly like now with the Lightning to USB-C transition there will be a lot of e-waste generated... unless the connector is identical
Oh you're giving lightning connectors too little credit. They also come with a LOT of logic to prevent people from charging their Apple devices with unapproved chargers. All added on top of USB 2 (and definitely against the standard, one might add)
Like a lot of Apple and huge company stuff in general, it's a flimsy reason to change something and introduce many limitations the huge company thinks will make them more money. It sure as hell is not about reversible connectors.
What? I've plugged lightning cables into pretty much any imaginable sort of USB-A socket over than last decade and have never encountered one that wouldn't supply a charge specifically to a lightning cable. Please, be specific with what limitations you're referring to because this is counter to all evidence I've ever been witness to.
They support Power Delivery 2 and higher just fine. I believe the new phones will use 3.0 PPS as well to more aggressively tune for charging speed vs heat.
USB Power Delivery 1 was a disaster, launched years after Apple had moved beyond 7.5W charging. Android phones typically also ignored it, using Qualcomm's proprietary charging tech.
If you want fast charging, use the bundled USB-C cable to charge your iPhone rather than the USB-A ones from years ago.
To flip it around, what advantage do you think one gets with official Apple iPhone chargers? Do you know of any evidence that Apple promotes their chargers working better than others? And if none exists, why would they sabotage customers who were never educated that hypothetically only Apple chargers charge fast?
Actually having just tested, I have a bunch of "aftermarket" lightning cables, and a few of them some of my iPads (I think the more recent ones) and most of my iPhones refuse to charge. Like at all.
So not fast charging, charging at all. They work on some of the iPads, so they do work.
Why do the phones refuse to charge then? Not fast charging, which I can sort of understand, charging at all.
What you mean to say is: USB Power Delivery as a standard didn't even appear until after Lightning was launched. Any fast charging didn't appear until USB-C specs that only became finalized in 2014.
And Lightning has been charging my iPhones pretty fast
There have been many fast charging standards that are available on way cheaper chargers that apple just ignored. It's not that big a deal, but it did force apple consumers to buy expensive "official" chargers to actually charger quickly.
Then industry players would build consensus around a new standard and adopt that into law? Would you prefer a world where browser vendors are all designing their own HTML and JS features independently rather than working off a common spec too?
At a certain scale of adoption/societal impact, having a common set of agreed standards is much more important than fragmented "innovation". I would argue having a general and common way to charge devices qualifies for that level of importance. The incentive on Apple's side to stay off of USB-C can only be one of profit driven customer hostile design... as there's really zero technical or otherwise reason to have stayed on lightning this long.
One of the biggest annoyances in my daily life is having to swap back and forth between USB-C and lightning cables. These lightning cables being sold today are effectively trash to be thrown away in a year or two. Completely unnecessary, and hard to have any respect for the intelligence of people who defend it. There is no slippery slope here. If Apple wants to build a next gen port, then they do it alongside other industry players rather than monopolizing the technology so they can charge 10x markup on cables/accessories/licensing... which imparts zero benefit to the consumer.
Lightning is a better physical connection than USB-C for phones. It's still reversible, but more importantly, it's more durable as there isn't a tongue inside to get broken. Before you reply saying that you've broken a lighting port, read carefully - I'm not claiming they're indestructible, just more resilient to needing to be cleaned out. If you work near metal and dirt or even just missoportune bits of fluff, they'll get stuck inside the port. Solution is to take a paperclip and jam it in and try pulling out the metal shavings or other foreign debris. USB-C's internal tongue is too breakable and in-the-way.
Now, not everybody works in or near a metal shop or a saw mill, but all the people I know with phones wear clothes, which sometimes has lint, especially in pockets where phones are kept, and so aren't totally immune from this problem.
Thankfully there's wireless charging, and it's decently powerful/quick these days, so the whole port can be taped off - when you remember before you go into the workshop, which hopefully is every time.
I would agree, but i really don't know if this happens. top usbc can endure 120-240W and 40gigabits/s and I am not sure we've even hit the limits, some Chinese brands had mock phones with abnormal charging speeds (at least I'm about sure 120w). Like I can't imagine what new features some port could bring, that we'll want in a phone that fits in our pockets. The only thing changin imo is maybe a new fancy more durable form factor, but I can't say usb-c is that bad in this direction
USB-C is only mandatory for specific classes of devices. Presumably, if some new technology would have a good chance to provide a substantial improvement, it would also make sense to develop it for other devices. In addition, it’s possible to develop compatible extensions to USB-C, meaning technical progress isn’t “frozen” at the current USB-C version.
It doesn't really matter if laws can or can't be changed, the question is whether or not regulations imposing a standard on manufacturers on what kind of connector they put on their phone should exist at all.
Yeah, they could just impose additional tax for nonstandard phones, like +30% the price. This way if a company really wants a fancy port, they technically can do this, but likely will loose market share because of a big price compared to companies that follow standards
I do not see USB-C coming. Apple will rather remove the jack altogether and go full Qi (and make the device 100$ more expensive because wireless loading adapter).
The last time I dropped my phone and broke its screen I took out the SIM and left the phone in a repair shop. I went home, put the SIM in an old phone. If the broken phone had an eSIM, would I been able to use the old one as a backup? Maybe by going to a shop and askig for a physical SIM. That would be slower and less convenient. A physical SIM fits in a Samsung A40 which is probably the smaller and lighter Android phone available today and in much smaller phones of the past so it's definitely not a burden.
If we disregard the fact that many older but still usable phones don’t support e-sim (which was the original point), what do you mean ”just” download the e-sim?
At least in my country, getting an e-sim is a pretty involved process which requires secure authentication, and specifically in my case that authentication would be gone with the now-broken phone if one didn’t have the foresight to have a backup (which many people do not).
If you have a physical sim, you can move it to almost any (unlocked) mobile phone in existence (at least in Europe) and at most you’ll need the PIN/PUK.
Of course, this goes the other way as well if you drop your phone in the ocean for example, provided you have alternate authentication and a compatible phone, e-sim will have you up and running again much faster.
Not everyone has that option. For my carrier I have to call them and ask if they can help me set up esim each time because I can't do it myself. And each time it takes at least 30 minutes. Plus I just don't trust esim yet, it hasn't been able to shine as a technology. Give it a few years, I'm all for esim, but we have to make the switch gradually. Give me both for now and keep physical sims alive for the next 7+ years to get everyone onboard. By then the process for getting an esim will have gotten waaay smoother.
Lucky for you, but I don't have that option. I also like having the ability to move a SIM between my 5G CPE and my phone. Not gonna replace a 2 year old, €700 CPE just to try and chase eSIM dreams.
Oh yeah, it's great that my car has a way to install a saddle on, because if the car breaks I can easily switch back to my horse.
Carriers are the real problem here, not letting you easily switch between a physical SIM and an eSIM in case that happens. Some do, but you usually have to call up, there are delays, etc. Ideally it would be an easy switch in their web admin panel.
But you would need to somehow get in touch with said carrier. Granted, you could probably do that over WiFi but if my phone breaks when, say, I'm out camping I'm SoL.
In the UK most carriers also offer printed QR codes for the eSIM. These can be scanned more than once to activate it. So you can store that somewhere and scan it on another phone.
While I could see how the camping scenario might matter to a few people, I would personally rather have a couple mAh larger battery because of the slight physical space savings that I imagine eSIM brings.
Oh yeah, agreed. If moving an eSIM requires me stowing away a QR code with my backup phone then I'll gladly give up my physical SIM slot for more battery.
Would you bring a spare phone then? Sounds implausible. If you did, and it’s an emergency you can use a phone without a sim at all with the emergency network.
I actually do, it's always good to have a few back up essential things if they don't take up too much space. Every time I go camping/travelling I update my old OnePlus 3T (LineageOS is still up-to-date which is amazing) and bring it with me. If my iPhone breaks I can move the SIM card and still keep at it.
Agreed. Both wife and I need our phones for work connectivity, and it's a lot easier just to carry our old models in case one of ours dies on a trip. I'm not going to buy an iPhone while on a trip out of the country - they won't even have the models that support Verizon in most markets.
My old phone is still logged in to Apple, still works, still holds a charge. I'd like some eSIM system that was as convenient as "phone dies, pull SIM, put in old phone, boot".
The associated esim app has free connectivity to complete the signup flow without wifi. It is obviously more convenient to download an app to your backup phone than futz around with physical sims you just have to remember to do so before you go camping.
Now you might retort aha! See! In a very narrow set of circumstances.. let me cut you off, look, you're going to need to remember to bring a paperclip or sim tool to do it the old fashioned way anyhow. So you're remembering something. If you're an amnesic lost in the woods you got bigger problems.
Besides, those are 2 grams of weight savings in my ultra light backpacking setup!
My carrier don't let you download an eSIM - they have to mail you a physical QR code that has a SIM number then swap them over the phone or in a store. Makes it a week long process at least.
I worry about this so much. I have a Samsung Galaxy S10e that I dread losing or breaking... a family member with a barely more recent Galaxy had to give up a sim slot and a headphone jack. Her phone does add 5G however which anecdotally has not been noticeably faster but has a huge impact on battery life. If I can't keep repairing my phone maybe the next one I get will be an iPhone from Europe.
Recently moved to a new country (non-EU). The carrier I'm using does not offer eSIM and shipped me a physical SIM card. This is not an outlier, I have a couple of physical SIM cards, some US, that I wouldn't be able to use if the phone was eSIM only, like the recent US iPhone.
Also moving a eSIM from iOS device to non-iOS device (for example to plug into my secondary Android) is a massive PITA. I always have to re-issue the SIM which I often can't do and need to jumps through customer support queries and hoops. My current provider back home doesn't even give me the option to do it while abroad and support told me to come back for a day, then finish the eSIM reissuing application, so I'm stuck with the physical SIM anyway.
eSIMs will be great one day, but that day is not now. I much rather pop the SIM out of phone 1 and move it into phone 2, or iPad when I want, than wait hours (or sometimes days) to get a new eSIM approved, and repeat that process every single time I want to move a connection to another device
Dealing with the carrier is usually the worst part of owning a phone. Asking for a new esim is likely to send you down a path of navigating a process where they try to sell you an upgrade, or they send you a QR code that doesn't work, or a million other possible problems.
> Dealing with the carrier is usually the worst part of owning a phone.
It's probably intentional. I was reading an article in the French press the other day [0] on the subject. Some head of something or other in the industry said they were weary of mostly Apple, Samsung, and Google starting to like playing the providers and removing the actual carriers from the users' psyche. "The SIM card is the last physical link between the carrier and the client".
I've also checked my carrier's site for getting an esim. Apparently I'd have to pay the same amount to get one as for a physical one (minus delivery costs). But at least, contrary to some other commenters' situation, they seem to allow you to move it from phone to phone as long as you hold on to your qr code. They, of course, don't offer the option of storing it in the "secure" client area.
When I bought my phone last year at a carrier store, they really, really pushed me to get a physical SIM card. I asked them why they wanted me to install a physical SIM they told me I’ll get higher data speeds.
In my case, it was two clicks in the carrier's web interface and I got the new QR code showed me and even sent by email. No upgrades, no dark patterns, just presented a QR code, I scanned it, worked. It took like 2 minutes
Yes, but what does that tell us? How is that useful? All you've done is point out a situation where the happy path works. If you have a great carrier whose systems are working correctly then it's going to be fine. That's what you'd expect. No one really cares about the cases where things go right. They're boring. They should be boring. The problem is never what happens when it works, but what happens when it doesn't work.
I've spent the past two and a half decades learning that the happy path is the least interesting part of any system. Building a working app is about 10% of the work of building anything. The other 90% is error handling, designing processes to get things back on track, and managing when things change. If you focus on the bit that works, and you assume that things will work, and that any human part of the system works (where code is written by humans) it is bound to break at some point.
The issue here is that taking a physical sim card works and dropping it in a different handset has far fewer moving parts and it's all stuff that's been proven over the past 30 years. There is less to go wrong. As soon as you start adding carriers and their shitty websites into the mix things will screw up for a non-trivial number of users.
How about we wait and see if this actually happens instead of prematurely complaining that the sky is falling?
All indications so far are that eSIMs work quite well. Plus it’s pretty awesome to be able to purchase prepaid service through a company like Airalo when traveling abroad and to be able to use it instantly. Same goes for switching carriers.
How about we wait and see if this actually happens instead of prematurely complaining that the sky is falling?
Generally speaking, leaving something to see if it'll work means it's too late to change things easily if doesn't work. Managing change is one of the hardest things to do in any company, let alone industry, so finding the problems during the testing phase is really important. If it gets to the consumer and things aren't working (which happens a lot) that means people screwed up.
Buying a local sim card and putting it in your phone when you're travelling works fine, and instantly, so eSIMs aren't offering any advantage there besides not needing to go to a local shop.
And that is a huge advantage both for consumers and providers. You’re grossly underrating the benefits to commerce and the reduction of purchase friction.
And then your carrier bills you 3€ for it, because they can. They can also just disable the iPhone-to-iPhone eSIM transfer functionality. Ask me how I know.
eSIMs are incredibly user-hostile because they switch the ownership of a SIM card from the customer to the provider, so you're completely at their mercy if you need to transfer over your SIM card from one device to another. And Apple facilitates this.
eSIM is a potentially smoother setup process if the alternative is getting a card through the mail, but physical SIM switching is better than having to contact your carrier.
Unfortunately, I don't think this is always true for physical SIMs.
I recently bought a temporary SIM in the US during my holidays (StraightTalk) and was surprised that you can only use the physical SIM after you register online with you IMEI.
I haven't checked, but I imagine that after that the card would only work with that IMEI.
Fortunately, I don't think this is a practice in Europe.
To be fair, though, Straight Talk is absolutely hot garbage. I had a fiasco trying to activate two physical SIMs and port numbers to them back in January. Their provisioning system chokes and dies on phones with both eSIM and physical SIM capability (like the factory-unlocked iPhone SE 3rd gen models I was trying to activate). I spent hours on the phone holding and talking to reps, getting disconnected and calling back to start all over again. It was a nightmare.
I'm quite happy to read this, because my experience was also awful - they didn't accept the IMEI of 3 phones I tried and their app is full of ads (not to mention that I kept receiving scam calls).
I really hope that it's because they are awful and this is not the typical American mobile phone experience.
eSIMs also have the advantage of an activation card can be sent instantly from almost anywhere (it’s a QR code) which is great if your phone (and physical sim) are lost or damaged.
> Some carriers support SIM transfers from your previous iPhone to your new iPhone without needing to contact them
“Some” is true afaik. It’s at the providers discretion.
AFAIK it’s also only possible if you’re moving from iPhone to iPhone, not if you’re moving to an Android. I’m not certain moving back and forth between multiple phones is easily supported.
I like e-sims in general, but this is a downside for some use cases.
In theory eSIM allows for self service without going to a store or waiting for shipping. In practice you might be on hold with your phone company for an hour. Some USA MVNOs don’t support eSIM.
As the person managing phone contracts in our company, I really like that part of eSIMs. I can mail a phone or have the employee purchase one and then mail my providers support and I‘m all set. About one hour later, the phone will have connectivity. If you‘re using an MDM solution that supports it, you can even manage the assigned eSIMs there.
Now, we‘re on a business contract and we have a responsive team on the other side, so the comfort of this hinges on the provider obviously.
Not everywhere in Europe..., In Slovakia 3/4 operators have single-use QR codes (and for the 4th you have to first remove your eSIM from your old phone before transferring to new, which wouldn't help in case of broken/stolen phone) and none of them have an easy to use web interface to generate a new one, you have to contact support somehow for them to generate it for you.
One operator even charges 10€ for a new QR code for your eSIM (same price as getting a new physical SIM card).
Reading this comment and others, it sounds to me like legislating the carriers and phone manufacturers to force them to make eSIM more user friendly would work just as well (or better?) as legislation to mandate physical SIM slots.
Yes, definitely. And while we're at it also force them to support eSIM smartwatch profiles. In Slovakia 0 carriers support them, not even Telekom, which supports them in 4/5 neighboring countries..
If the phone breaks it’s much easier to just transfer the card to a different phone though, if a code needs to be sent there’s the identification problems.
You need the carrier to offer eSIM, of course, but then you can just store a bunch of eSIMs on your iPhone and switch which one is active in the Settings app.
I think you’re unnecessarily worried about this. If you don’t trust your carrier to get this process right, perhaps it’s worth choosing a different carrier.
Do you know a carrier which you have any leverage against? I don't. Better get a physical SIM.
Oh, you do? It's still a single point of failure. Customer support servers down? Should have gotten a physical SIM.
Unbeatable servers? Good luck swapping eSIMs when you want to sell/throw away your phone abroad, out of range of internet. Should have gotten a phyical one.
Never out of range? Wonder what you do when your phone breaks and you have no one to babysit you through the process. Should have gotten physical.
Etc.
That's what an additional sigle point of failure means: less control over your own infrastructure.
If this actually happens to people in real life, let’s talk about it. All indications are that this problem isn’t a serious one yet.
New technologies often improve things in some way while introducing concerns and potential drawbacks in other ways. The question is whether, on balance, the new way is worth the risk.
My experience so far is that it is — it’s very convenient to be able to use a service like Airalo to order prepaid eSIMs for data service in foreign countries in advance. It makes traveling a joy now, and my wife is irritated a whole lot less by the prepaid SIM hunt I used to go on when traveling abroad. Plus no more tools or risking losing your SIM tray (or the SIM itself) when you swap it out on an airplane tray table.
It depends on how you define "serious". If it works for 99% people with a net positive and it doesn't work at all for 1%, is it serious enough to keep the old version?
My experience says that it will get steamrolled and the 1% left hanging, looking at significantly worse solutions, or none altogether.
A 1% failure rate would be huge. That's 1 out of every 100 customers. No rational carrier would tolerate that.
I know we all hate telcos and mobile phone carriers -- and a lot of their mistrust is quite frankly deserved -- but this seems like an edge case that most customers won't even run into. First they need to switch devices, which eliminates most customers, and then second, they need to experience some kind of failure on switch. If the failure rate is any higher than before, I would be surprised. But let's wait to see the data before we all go up in arms.
My carrier is currently not doing eSIM. Also some low cost carriers can’t be contacted in any other way than a chat. Which is a problem in many real world situations if you need an eSIM asap. Sometimes there is no one in the chat available at all.
If your carrier doesn’t support eSIM, then this discussion doesn’t apply to you. Carriers aren’t going to make eSIM available until they have the support structure available to make it useful to customers.
I guess eSIM is still a luxury for now so they want to milk it. I have only ever heard of first time activation of a sim. Vodafone in NL requires an activation via their app, or phone, before first use. But I think that is normal. The last time I got a physical sim it was in 2013 and I have transferred the same sim across multiple phones since.
I know nothing about esims, what makes them so much better than a physical sim? I can't say I have any major qualms with what I have right now, I just shove it in my phone and forget about it.
When I landed I made a one off 400 yen payment, like tree fiffdy or something, and immediately had data working right at the airport for the rest of the month. Apple Pay, one off, no contracts, no queues, no diligent service people. It saved probably 1 hour of my life! And it is somehow significantly cheaper (depends on the country, ymmv).
Frankly I pity people who get off a long flight and wait in line to get an overpriced piece of plastic to stick in their phones like it is 1823.
If you travel to more than 1 or 2 countries per year, especially less developed countries, you'll learn that your life (connection) depends on picking up cheap $5-15 sim cards at the border for each country.
I couldn't imagine them jumping on the esim train in any useful way in the near term.
In theory, eSIMs actually make life easier in that scenario.
Easier to get online in a new country if you don’t have to first seek out a physical SIM card. Plus you keep your home SIM secure in the phone where there’s no danger of losing it.
Instead, just get on WiFi when you arrive, take your pick of cheap offers, and download the eSIM directly to your phone.
> ”I couldn't imagine them jumping on the esim train in any useful way in the near term.”
Depends on the country. Thailand, for example, is very eSIM friendly. But there’s plenty of “developed” countries in Europe where eSIMs are almost unheard of.
There are multiple companies like Airalo offering pre-paid $5-15 eSIM cards for most countries in the world. They also offer continental and global eSIM working in multiple countries if you are moving a lot. The offering is a lot better than what you find at the border and you don’t have to get your passport scanned by a random person. Most backpackers I know switched a long time ago.
It’s actually the scenario that finally convinced me that eSIM was a good idea.
I've used Airalo for years as well, but their global sim only supports 84 countries, and is usually 5-15x the price a local sim per GB. If you're spending a considerable amount of time in the country and tethering, it adds up.
I can. I have used them extensively while travelling (always local offers - I never needed a sim for multiple countries but a European one is barely more expensive than a single EU country one for example). Airalo sells local esim for something like 200 countries with prices which are competitive and offering which are often better tailored to travellers.
In plenty of countries if you try buying straight from a local provider you can’t buy low amount of data or have to get voice with it. Meanwhile Airalo allows you to buy 1, 5 or 10GB for very cheap and topping up is pushing a button in their app.
I meant it when I said it was insanely more convenient.
Not much. Apple wanted eSIM for years but carriers fought them over it. They like the physical lock-in of SIM cards. Customers can't easily switch because they have to wait for a SIM to ship or go to a carrier's brick and mortar presence to replace it.
Now? People can switch carriers while in their living room. Takes a matter of minutes. Absolutely frictionless.
Physical SIMs are convenient, especially for travellers and facilitate competition through super-easy carrier switching. What are the improvements of e-SIMs for customers? Please don't say size.
In many countries there are zero local carriers that support eSIMs. Maybe in some hypothetical future this is not the case, but at least in this decade a phone that has a physical SIM is essential.
No digital market has Europe as a larger market. When you substitute revenue for profit Europe is typically less than 10% or even less than 5% of profits if there are any for a company targeting electronic sales. The European customer is far more spend thrift.
I don't think things will be a problem. Distributing software is fairly easy; for most apps, uploading the app binary to their website as though it's an image file or video will be sufficient. And, then you get 30% more money for your business. It will be quite popular just for the cost savings.
(Distributing software is not always easy, as game companies that have 100GB game downloads on launch day will tell you. But, for most apps, it will be easy enough.)
> And, then you get 30% more money for your business. It will be quite popular just for the cost savings.
You are speaking of licensing agreements to get access to the Apple SDKs, not to distribution. These are different things. Side loading on its own does not mean an end to contractual agreements to give Apple a revenue cut.
> You are speaking of licensing agreements to get access to the Apple SDKs, not to distribution. These are different things. Side loading on its own does not mean an end to contractual agreements to give Apple a revenue cut.
Isn't that what developers pay for to get access to?
The issue about distribution is never the technical aspect you are describing, it's about getting people to visit that website/app store in the first place. If it were that aspect aspect companies like T-Mobile, Equinix, Vodafone, Orange would dominate it. Even after the the app store is available in Europe, these companies have no chance of success.
That is what it looks like will be very undesirable because it will be fragmented and competing with an all-world app store that is bundled with iOS. If you were a developer you would prefer 1000 sales at 30% cut, vs 5 sales with a 0% (supposedly still 30% if the chatter is right on Apple charging for sideloading) cut, so that would kind of feedback loop and make less people list on those app stores, which in turn makes them undesirable.
How would "charging for sideloading" work? If I publish an app on my website, I wouldn't have a contract with apple, right? Would they charge the user?
They could try some shenanigans like requiring "certification" to side load anything and that would come with a contract.
It would be struck down by the courts and version 2 of this regulation but for a few years it would be there.
I'm hoping apple doesn't do that but at this point I think they'll try anything they can to protect their golden goose (aka app store) even from minor competition.
I'm not sure if the App Store is the amazing marketing tool that it's sold as. There are millions of apps, nobody is going to find yours.
The biggest problem with Apple's revenue model is that they want the 30% for people that aren't really benefiting from the App Store. Spotify built their brand without Apple, and if you want their app, you just click the link they email you.
Spotify both acquires new customers because of their iPhone app and directly _through_ their app via in-app purchases. That is the value that Apple intended to charge them for, and Spotify has continued to begrudgingly think that value is worth the headaches.
if you’re nvidia and want to provide a proper cloud gaming app (not browser based, which has resolution limitations), it might be worth it. Apple’s conditions tend to be quite restrictive (which is why they’re having problems in the first place), so I somehow suspect there’s a rather large market, and the eu is very large anyway.
> In addition, developers may have to pay extra if they want their apps to be available outside of the iOS App Store, Gurman says.
The statement is a bit ambiguous. Is it pay Apple extra or pay extra to the 3rd party to have their app listed in the 3rd party app store?
The former doesn't sound right; It is probably FUD.
Logically, a 3rd party app store could compete on significantly reduced fees relative to Apple (as one of the strategies). Those conscious of the quantum of current fees then have options of listing their app on both the Apple app store and the 3rd party store as part of their distribution strategy. Customers who trust the Apple appstore would get their app from there and those who like a 3rd party app store would get it from there. The app developer would have reduced their total fees (for distribution). Even if there are signup fees, the share of revenues that Apple is today taking away from the developer would go down in absolute terms with a 3rd party store.
As far as the consumer is concerned, this becomes an OS setting like 'default browser/default text editor etc.,'.
Apple sticking to only the Apple App Store stance is only raising the cost for consumers. Consumers in other geographies will also wake up. Eventually.
If I were being extremely charitable on the phrasing, I think they might mean, for example, if you pay Apple 30% (or whatever the going rate is) you might have to pay an external app store an additional number.
Or, it might mean Apple will charge higher rates for apps that are also available on other app stores? Not sure if that's entirely legal, but since when have pesky things like the law stopped companies as big as Apple?
I agree. As a dev, if I list my $3/mo subscription app on the Apple App store and they take 30% and I have 100k customers and I double-list the app in the 3rd party store + the Apple app store and gain 20k customers from the 3rd party store and the 3rd party store charges 10%, I have saved (30% - 10%) x 20k x $3/mo = $12k/mo on the new customers.
If I release my next version update and post it to just the 3rd party app store, I could then theoretically move the 120k customers to download the update from the 3rd party store and then save $72k/mo.
Just extending the hypothetical, the developer can drop the price to $2.49/mo passing on the savings to customers and perhaps capture a few more customers at that price point.
While it is true that inertia might stop many customers from changing the default, it does give an additional degree of freedom for devs.
Also, in price conscious geographies like India (where Apple just launched their first two retail stores this past week), we have alternate payment mechanisms like UPI (Unified Payment Interface) that are zero cost. So, why should a dev be forced to use only the payment mechanisms offered by Apple?
> Even if there are signup fees, the share of revenues that Apple is today taking away from the developer would go down in absolute terms with a 3rd party store.
I guarantee you Apple will find a way to still make the same money.
Just like how in the Netherlands dating apps don't have to use IAP, but the apps need to pay Apple a 28% royalty on all in app purchases that don't go through them.
> In addition, developers may have to pay extra if they want their apps to be available outside of the iOS App Store, Gurman says.
How I read this is that they are basically creating a 3rd category of apps. Up until now you could sideload apps on an iPhone via an enterprise cert (though it carries some major restrictions that would make it unsuitable for general distribution). With this they are likely creating something like that enterprise cert but for all app developers.
No, my interpretation is that Apple either increases their fees or decreases prices for an app that is also distributed elsewhere.
I don't see a problem with that.
If a producer grants exclusive distribution rights to a seller, the typical consequence is that the seller gives the producer a greater profit share in return.
On ending those terms, the seller may rightfully reduce the profit share, in my opinion.
The problem is that EU law requires Apple to not restrict sideloading for selected apps. It doesn't matter if they pay or don't pay Apple. You have to be able to sideload them.
A distributor cannot strong arm producers into exclusivity contracts while in a dominant position, this is text book example on how to get fined heavily in most countries, and would not fly at all in Europe.
> ... Apple either increases their fees or decreases prices for an app that is also distributed elsewhere
I don't get why anyone should be paying Apple a rent for using a 3rd party app store (lets say exclusively).
As a hypothetical, lets say Epic Games or Steam launches an Alt App Store for games that can be installed on ios. Why does any gamedev using those stores have to pay Apple any transaction fee?
Just doesn't make any sense and would just be rent-seeking on Apple's part.
I don’t think developers should be paying a rent for using a third-party App Store. I meant it like that: if a developer wants to sell both in a third-party store and in the Apple apps store then Apple is not sole distributor. Losing exclusive selling rights, Apple has every right to cash in a higher fee.
Apple can charge whatever fee they want, provided they also allow alt app stores to operate and set their own fees and let the market decide whether they will download the widget from their App store or the 3rd party store.
Putting up anticompetitive defenses for the app store in the garb of security, censorship etc., while hamstringing alternatives for app installation -- It is a matter of time before the antitrust (or equivalent) units of different governments come after Apple.
For reference, Competition Commission of India penalized Google INR 1337 crores (INR 13,370,000,000 ~ $161M USD) for abusing its dominant position. [1]
From that link:
> For this purpose, the CCI delineated following five relevant markets in the present matter:
> - Market for licensable OS for smart mobile devices in India
> - Market for app store for Android smart mobile OS in India
> - Market for general web search services in India
> - Market for non-OS specific mobile web browsers in India
> - Market for online video hosting platform (OVHP) in India.
The second bullet point is pertinent for Apple's current behavior relating to App Stores.
Apple's market share in India is miniscule. But they have just opened up Apple retail in India this week with stores in Mumbai and Delhi. So, with local customers increasing in the next couple of years, this will be something Apple has to contend with.
Apple being motivated by improving security are BS, and it pains me te see people in this forum falling for it or reapeating this.
There is a great tool to increase security: the browser and its sandbox. You don't need to install anything fishy on your phone, and the sandbox rights coukd be sufficient for many apps.
But as an example, Apple denies the full screen feature for websites and even PWA... only installed ones. There's no good reason except favoring apps/appstore. For security? Works great on Android.
And you cannot use a third party browser, since they forbid that (all are Safari based)
> Apple being motivated by improving security are BS, and it pains me te see people in this forum falling for it or reapeating this.
It's the same with privacy. Forcing app publishers to state what user data is being sucked out of their phones was just a poor PR stunt.
Nothing has changed. Applications still require payments in form of contact lists (which is more or less illegal in Europe if you don't have permission of all people in your address book to share their names and phone numbers), disguised as helping users check if their friends are using a service, or to even allow user to use some app functionality.
Unimaginative accountant that currently leads Apple on one hand bullshits public opinion when disallowing Facebook to steal data from users' devices and, on the other hand, after blocking Zuckerberg's ability to do so, he disgracefully used children protection to announce that Apple will now inspect users' data under the pretense of looking for child porn.
Apple users are being deprived of OS control with most of updates and it's always done under the untruthful pretense of increasing security or protecting users' privacy.
When this little man finally pushes ads to core macOS, he'll state that it's to help users.
On the other hand, there's little non privacy-invasive apps of certain types and corporations make good use of users' inability to pick lesser evil.
App Store helps them a lot, too, because to see what invasive practices developer/publisher uses, one has to click on app title to see details, while having a very comfortable "GET" button as the only button and only thing that looks clickable on the list.
>Applications still require payments in form of contact lists
What? It seems like you were trying to make a coherent argument but a list of contacts is in no way comparable to a paid subscription. Microsoft doesn't allow you to buy O365 with your contacts, do they?
No, but some apps require this to unlock functionality. I consider it a form of payment, just like apps sucking up data from one's phone being a form of non-financial payment for an app disguised as "free".
I would report such apps. It is firmly in the App Store guidelines that optional permissions (such as permission to track, geolocation, sharing contact lists) cannot result in a program without functionality or in a penalty for users.
Apple's ban of all browsers but Safari turned out to be the main barrier preventing progressive web apps from being viable, deepening the duopoly power of themselves and Google, because Apple refuses to implement basic browser standards that are necessary for PWAs.
And then when they do implement similar browser standards, they don't follow any web standards, they instead make their own proprietary bespoke web standard for Safari[1].
And they also did other fun things like wait until nearly 2021 to support WebP and let Safari be the the #1 source of one-click exploits on iOS.
It's weird to see Safari trotted out in defense of web standards of all things.
For years Google been stamping "standards" one after another even though other browser vendors were against many of them and they end up being Chrome-only.
No matter what Apple itself does Safari being major non-Chromium browser helps Firefox a lot just by existing and having huge marketshare.
How does Apple dragging their feet on implementing the Web Push notification standard, that is necessary for PWAs, in anyway help in that situation? Literally every browser except Safari implemented the the standard, and not out of some noble anti-Google crusade. PWAs threaten the App Store monopoly's moneyhose.
How does Apple releasing proprietary web standards just for Safari, like Safari Push Notifications, help in anyway with the purported problem of companies stamping out web standards without consensus? It seems like it's only a problem when Google does it, but when Apple does it, it's Safari "helping Firefox just exist".
And so I will be looking forward to the magical era of PWAs replacing all mobile applications because clearly push notifications was what was holding them back all these years.
Even though a tiny fraction of mobile apps use them but I guess we will ignore that.
Every single airline app on my phone is there only because of push notifications (which work more reliably than texts when traveling internationally with different SIMs). The same goes for most food delivery apps.
Food delivery apps seem to immediately abuse any form of push notifications in order to send spam. Lyft uses the same push stream for both driver ETA and 10% off coupons. They are indeed more reliable than SMS, yet I turn them off almost as fast as apps start to use them.
> Food delivery apps seem to immediately abuse any form of push notifications in order to send spam.
Oh, definitely. But if they do (and don't at least give me a way to immediately opt out of that) the app is gone from my phone – and they have no other way of reaching me. Beats the absolute nightmare that is SMS notifications and spam, in my view.
Android provides hooks to filter notifications from apps, while iOS does not, making the notification experience far worse. Allowing web push lets you filter notifications in a browser extension instead.
How do you mean? I can silence or block notifications completely from apps on iOS, and they cannot even send notifications before I approve them to do so.
Are you saying that Android has third party filters that surveil all your notifications in the name of blocking ones you might not want to see?
Yes, Android has a notifications API that lets you process all notifications. (This is in addition to the channels mentioned in the sibling comment.) This is not possible on iOS, except maybe for web notifications with a browser extension. I find that situation untenable for any power user of productivity apps, akin to using email without filter rules.
I'm an android only user, and I think what GP is referring to is that apps can categorise their notifications. In your food example, an app might have categories for "delivery updates" versus "special offers", and you can go into the notification settings for any app and turn on or off categories.
Actually the iphone was planned to use PWAs in the start, but Steve Jobs switched to native apps after realizing that performance and usability was going to be poor.
He was right and still is. Not that it's impossible to implement a good PWA, all you have to do is manage your state and interface in a way that no interaction takes longer than 50ms to compute. But most developers are not able to deliver than, most don't even think about UIs in this sort of way.
And V8 GC behaviour is still terrible and an unbelievable battery hog.
> No matter what Apple itself does Safari being major non-Chromium browser helps Firefox a lot just by existing and having huge marketshare.
That is incorrect because Apple has prevented and still prevents Firefox from properly implementing Gecko on iOS. Apple also restricts Firefox and browsers other than Safari from implementing full WebExtensions. Even though Firefox and browsers other than Safari are required to use WebKit on iOS, they are not allowed to access many of WebKit's iOS-integrated features including content blockers and Safari extensions.
All of these Apple-imposed handicaps make Firefox a much less competitive browser on iOS than it could be, and in no way helps Firefox because users generally prefer to use the same browser across their devices. The EU's upcoming browser choice legislation will prohibit Apple's anticompetitive restrictions to put Firefox on a more level playing field with Safari on iOS.
It's a three player world now, and Google wants a better web, Apple doesn't want a better web, and Mozilla is somewhere in-between, but increasingly playing the "privacy above all else" card too.
In June 2020, Apple declared a bunch of APIs they will not implement (https://www.zdnet.com/article/apple-declined-to-implement-16...), in a big press blitz trying to make it look like they were some noble hero. Web MIDI (incredible fun), Web USB (very useful for Arduino using folk for example, who have excellent web-based tools), Magnetometer/Ambient Light/Battery/Proximity sensors, WebHID, Device Memory, and that's just the half. A week latter Mozilla put out a similar PR using the exact same Fear Uncertainty and Doubt (FUD) to try to make themselves look good, to declare themselves virtuous non-implementors.
Sure, I agree, not every site should have access to these sensors/capabilities. There are privacy risks of turning them on. But they're also excellent capabilities, that really help users do interesting things. Making users use less-secure less-sandboxed native apps is a downgrade. There should be some security regimes where these web techs can be permitted.
For a while Mozilla wasn't even reviewing a sizable chunk of web standards (tracked via the excellent https://mozilla.github.io/standards-positions/), just declaring them unsafe & leaving the convo. They've at least started going back to old Request for Positions & reviewing a good number of them, even if they don't intend to implement. And there's a good number of standards they have about-faced on, have accepted as real asks. In general, I'm encouraged in seeing a much more interested & engaged & progressive Mozilla emerge quite recently, within the past year or so.
I don't know what to do about web standards. Google takes a lot of flak, but who is there to work with? Edge, a Chromium fork, has some pro-web attitude, and indeed drives some new features for Chromium & participates. But there's largely no one but Google+Edge to deal with left in the web standards implementer world. The other browser vendors are broadly against a lot of features, for reasons of malicious-self-interest. Meanwhile Chrome continues to have one of the most open, progressive, interactive, review-seeking, concensus-desiring, most mature & responsible feature-lifecycle processes the world has ever seen. There is nothing else on the planet that gets shipped with such a high bar, such a socially pro-active, such a well planned & democratic process for how the feature gets developed. It's the gold standard of standards.https://www.chromium.org/blink/launching-features/#launch-pr...
What I see is a lot of very sincere dedicated engineers coming up with helpful & rich ideas. Web Engineers seem to have enormous power to suggest & follow & drive forward ideas they seem to think are interesting. I see very few hallmarks signs of top down control. I see far more individual folks promoting & driving ideas, with blink-dev as a great testament to that bottom-up engineering spirit/mentality.
There's been an unmitigated use of Fear Uncertainty & Doubt, played with great effectiveness, against the top player. People keep ascribing to Google the role of platform-controller, like literally everyone else in history has done: IBM, Apple, Microsoft, all of which have used OSes to maintain control & dominance. Google is a search engine; they benefit from a rich healthy powerful competitive web. If Google did have "control" over the web, what would they do? What's the evil mastermind plan here?
Everything Google does goes through the Technical Architecture Group (TAG) and Security review. It's all open process. The checks are very real; even if no one can prevent them from implementing it would look very bad to disregard feedback, and thusfar they have not. Thusfar there seem to be extremely few examples of actual real scary things done. Web MIDI shipping without permissions was the most "egg on face" thing Google's done, and I have a hard time interpreting that as malicious. It has the hallmark of naively hopeful to me, and was easy enough to address.
The desire to see the browser teams as the enemy, as a foe, is a greatly harmful & reductive and alas popular outlook in my view. I don't think it's warranted, I don't think there's real evidence for it, and I stress again, Google has so far set the gold-standard for web standards accountability. They wouldn't have done that, they wouldn't continue that process, if they wanted to take control. The case here for taking-over seems absurd, has no clear outcome & only risk. Taking control is an existential risk, would jeopardize the web's success, could easily kill the Golden Goose that has made Google so wealthy & wise. People's fear here does not make business sense.
> Might be they'll replace actual websites with Google own version to keep people in Google controlled ecosystem?
This just shows that you don't understand AMP. Apple News replaces websites with only Apple News. AMP allows anybody to host the article.
> Or change APIs in their own nearly-monopolistic browser to make ad-blockers less efficient.
Only one browser has done this so far. It's Safari.
Google might not be a good actor, but trading it for a worse actor who won't let you use any other web clients is just cutting off your nose to spite your face.
Make money? That's what companies do. When they get too big and too powerful (at the point where governments don't really have serious leverage over them), a third-party should probably split them.
> Taking control is an existential risk
Why do you think big companies open source code? To help humanity? If Android (AOSP) was not open source, OEMs would probably not take the risk of depending on it. But the Play Services are there for the lock-in. Protobuf being open source is better for Google than having to integrate with other systems out there. Why is Chromium open source? Well most "alternative" browsers are based on it, and Google controls it. And so on. Open sourcing code is a strategic decision. And the strategic decisions in a company are there to make more money, not to help the world. It's all about control.
> What I see is a lot of very sincere dedicated engineers coming up with helpful & rich ideas.
Sure. Because you work for Evil Corp does not mean you are not sincere and dedicated. Many good people work for Philip Morris, for many reason (maybe they have an interesting job, maybe good conditions, whatever the reason). The difference with Google is that most Philip Morris employees probably realize that their company is not a non-profit aiming at making the world a better place.
Things like local hardware access require things like entitlements, ongoing consent, external accountability, and at least rudimentary protections from supply chain attacks - all things the web is historically bad at managing.
Web Extensions for an example have all been pushed into stores for auditing purposes, because otherwise their functionality can and has changed via automatic updates, going from useful functionality to horrible privacy trainwrecks.
> Sure, I agree, not every site should have access to these sensors/capabilities. There are privacy risks of turning them on. But they're also excellent capabilities, that really help users do interesting things.
Sure, but they are still harmful. For instance, there is no body that says which websites are allowed to manage USB because they are Arduino Maker sites dispatching firmwares, and which ones are not allowed to because they'll attempt to zero day some mobile phone OS while it charges. And there is no technical protection against the former site suddenly becoming the latter via acquisition or exploit.
This is why the native app security and privacy models are fundamentally different from the web models - a store can require entry into a private contract by a real-world entity who is accountable (potentially criminally), of software under audit control.
Websites can be by random people outside any legal accountability.
On iOS, one of the major differences is that there is no expectation that people will doing ongoing management of granted permissions to a website. For this reason, things like geolocation access have to be re-granted periodically. This is also a reason why push notifications (as a more durable permission) require the PWA to be "promoted" to an app on the Home Screen on iOS.
I don't have words to describe what a shockingly bad idea this is.
> A week latter Mozilla put out a similar PR using the exact same Fear Uncertainty and Doubt (FUD) to try to make themselves look good, to declare themselves virtuous non-implementors.
Maybe because it's a really fucking stupid idea, and the criticism of those APIs is not FUD.
No. They didn't get back to me in 2006 after I submitted a pretty cool coding challenge project to them as a part of interviewing, & we've had no contact to my knowledge since.
They did support me in Google Summer of Code before that (2005). I believe they gave me $5000 for the summer. I am still working to ship open source software pursuant to those ends, on my own personal time, to this day.
Someone's dislike of PWAs is irrelevant to whether or not someone else should be able to use them if they want to. It's also irrelevant when it comes to users who want to benefit from competition in the app distribution market. If you don't like PWAs, you're free to not use them, and you're even free to benefit from the improvements their competition brings to the whole mobile software ecosystem.
It's also ironic to bring up Apple's hindering of web standards as evidence of anti-monopolization of standards, considering the fact that the lack of PWA support forces users to use the proprietary App Store monopoly to install apps instead.
> If you don't like PWAs, you're free to not use them, and you're even free to benefit from the improvements their competition brings to the whole mobile software ecosystem.
IMHO, that's very naive. Look at ElectronJS apps. I hate ElectronJS, still the most used apps on my Desktop computer are ElectronJS. Why? Because I don't have a choice, because it's cheaper for the developers.
Before ElectronJS, I actually had real desktop apps. So yeah, I see the case against PWAs.
PWAs would be cheaper to develop overall than building 2-3 separate code bases. Which would mean more software available generally, particularly from bootstrapped companies.
I don't think anyone is suggesting that native go away.
> PWAs would be cheaper to develop overall than building 2-3 separate code bases.
But that's my point: that's exactly the promise of every single cross-platform system out there. But in my experience, that's generally not true for non-trivial apps (ever heard "write once, debug everywhere"?). And second, it usually makes for worse UX on all platforms.
I feel like many people consider PWAs as a totally new thing, but at the end of the day, it's a cross-platform system. There are tons of those; just look around, cross-platform is not a silver bullet.
> But that's my point: that's exactly the promise of every single cross-platform system out there.
Every non web cross platform system doesn't have nearly the investment as browsers do for quality and compatibility. It's not even close. Like, orders of magnitude. I don't like the cross platform toolkits either.
Let's not pretend the web as a platform is the same m'kay? People use it every day from all of these devices, like billions of people. This isn't some unknown, where this speculation is reasonable either. There are issues, but it's not equivalent.
My rule of thumb is that for any application that relies on an internet connection for most of its functionality, I'd rather just use a real web browser.
I am aware of that and I hate those apps, because those are worst of both worlds - it works as bad as any overcomplicated web app but they also have access to native apis and information that would be inaccessible through web browser (or at least be blockable)
I hate PWAs not because I like shitty native apps (it seems like it's not obvious, somehow).
I hate PWAs because I like good native apps, and PWAs give an opportunity for developers to replace their native app with a cross-platform web app. And in my experience, cross-platform generally comes at the cost of app quality on a single platform. Instead of hiring developers who know iOS, you now hire web developers who debug their web app on many platforms they don't really know well.
You’re so dead set on “winning” that you’ve completely talked past the point that was being made.
The commenter was not even saying that their point justifies Safari being the only browser engine available on iOS. They were making a specific point. If you don’t want to talk to that point, maybe try another thread.
Depends on your priorities. For people into standards and commoditization, PWAs are awesome because they reduce the ability of HW makers to differentiate.
For people who just want the best possible app/phone experiences, PWAs are awful.
For lots of use cases, you'd be unlikely to notice a difference in quality. For example, I tune my guitar using a PWA, and I doubt anybody would notice the difference.
The real differentiator with native vs pwa is their ability to track the user.
I didn't say they were perfect for every use case. I'm not a gamer, so I'll have to take your word for it. But look at your own phone. You really telling me most of your apps couldn't just be PWA?
Heavens no. I do not want to be forced to install an app for every single little thing - it's wasteful, detrimental to my security and privacy. Small examples from a recent trip: in Andalusia, there's a bunch of cities with very interesting old buildings (cathedrals, castles remaining from the Muslim era converted by the Spanish monarchs later on, etc.). Each and every one has a different app for their audio guide, map, etc. to help you navigate and understand them. It's just stupid, it's a one time thing and it could easily be served by a website; instead you have to download a 30-40 MB app for each one, and then remember to delete it afterwards.
> Apple's ban of all browsers but Safari turned out to be the main barrier preventing progressive web apps from being viable, deepening the duopoly power of themselves and Google, because Apple refuses to implement basic browser standards that are necessary for PWAs.
I don't know if this is substantially true. When I hear of PWA features that people complain about, they are almost always things that Google Chrome as its own app with its own web engine can't add to the underlying OS, such as:
- robust background processing
- background push notifications
- new video codecs (on a power-constrained device)
- system-wide protocol handlers
- web bluetooth/webUSB/webNFC
- adding their own new synthetic "app" representing the PWA to the Home Screen.
Many of the things people talk about with PWAs are not anything close to a web "standard" or even a recommendation - Google implemented them, because they were pressured internally to make a web-based programming environment for Chromebooks.
Is Apple a significant player in proposing new standards and working with say Mozilla to get consensus as a genuine alternative to Google or are they simply not implementing much? The latter is certainly my impression.
That may well be true, but in my view, upholding a native app monopoly for the sake of preventing a web browser one isn't a sustainable strategy (and never has been a conscious choice by anyone).
Users don’t want crappy PWAs, they want something that follows the platform UI conventions. It’s good that Apple care enough about about UX to actually enforce this.
Users don't choose what they use, they use what they must. I can't choose to use Signal if everybody uses WhatsApp. I can't choose a non-ElectronJS Slack client because it doesn't exist.
If PWA is cheaper to make, companies will go there. Whether or not it's better for the users. Companies want to make money, not help users.
I am simply countering back what GP said about other companies cheapening out on features by stating that Apple is also a company. Yes, the point is that no company cares about you. Making customer happy is a side effect of them making money.
Average person does not know what they want. They don’t know how technology works.
They don’t even see difference between PWA and apps.
If everything becomes PWA, there is no transparency for the apps. No indication what data they collect. No control for the quality of the apps.
No moderation over malicious apps.
PWAs need more permissions to provide the functionality people need, it is not just website.
The problem with statements like that, aside from the loftiness, is that you end up with a world where people who think they know better get to decide. I worked in the public sector digitalisation, and while I’m a programmer we were bundled with the rest of IT so I experienced what the supporters had to deal with. This included a lot of employees who genuinely couldn’t tell if the device they needed help for was an iOS or Android device without some guidance. So I’m not going to dispute the claims you make about how it’s nice to protect the “average person” from themselves, but I don’t think any of us will like the what that sort of thinking creates. Well, maybe some people will, but a lot won’t.
I recently wanted something for my two-factor keys and the best all I could find was for Android but not iOS. I ended up filming over a few $ for a Bitwarden subscription, but there are just a lot of little stories like that. I mean, I’m not in the audience for Fortnite, but I’m sure a lot of people were sad when it left iOS. A of which can be avoided if we stop giving all the power to the tech companies.
I’m not sure Apple really has anything to fear from it either in terms of security or usability. Part of the reason they sell so well, at least to me, is that they have the ease of use and tech that works out of the box. It’s very rare that I need side loading. I’m not a huge fan of the Safari enforcement, but it doesn’t really bother me either as I can still use FireFox and the sync. I think Google might have more to fear from it, since they need to peddle commercials inside apps like YouTube, and you can block that if they allow you to side-load app blockers, but for Apple I think almost everyone will just keep on trucking. It will of course hurt their control over payments, like the original poster points out, but that’s not really “my” or the “average persons” problem.
> I’m not sure Apple really has anything to fear from it either in terms of security or usability.
Sideloading will hit hard for Apple's pro-privacy brand.
You lose transparency and quality control for the apps. They don't need to tell you about their data collection practices. They don't have to do actually anything at all, since you can't ban those apps anymore.
Phishing is still a problem of Android and that will become a problem on iOS too.
On Android there is still business for anti-virus engines because of the sideloading and Phishing. On Apple devices, there isn't really need for anti-virus but it will become relevant again.
If the sideloading will become very easy, big players who make money with data collection, will leave the platform. You won't find Meta apps soon from the App store. They are so big that people will download these apps regardless.
If that happens, how many fake Instagram apps we will see after that?
And you can't ban them from the App store anymore.
I'm pretty sure "the average person doesn't know what they want" is a belief that powered everything from eugenics to genocide to our toxic culture around health, happiness and consumerism.
So it appears the non-average person doesn't have a clue what's right for the clueless masses either.
Liberty, choice, community and respect. That's all that is needed.
I was referring into technical implementations and what risks are included. It requires deep undertanding how these things work. Average user does not have it. Many aspects are invisible to the end-users, like the war against malware in App Store.
The end-user knows what they want in terms of end-result. How to to get the job done with a tool (app).
They can compare end-results.
Sometimes, however not all results all there to be compared. Because, they don’t understand what kind of tools can be actually created. They are happy with the current one because they think it is the best what can be.
Or, what else the tool can do besides their advertised functionality. Which can be malicious or harmful to user in another way.
Or tools could work in a better way, but are currently hindered for monetary gain.
What? You can both believe that “people don’t know what’s good for them” and that “liberty and freedom is necessary for a functioning society”. For example, insects is a pretty good source of nutrient and protein but is there anyone within a 100 miles from you that will willingly eat them daily? Even easier, we all know, deep down, that we could be doing something better, but how often do we rise up to that ideal?
Well, for one, this isn’t just a two-party ecosystem. It’s not just the consumer and Apple. It’s also the app developers. App developers are largely the ones pushing things like PWA. Apple’s long-standing heavy handed take on design standards has always been driven by a focus on consumer/end-user experience and it has often been chafed against by developers and more technical types. For instance- Apple rightly refused to allow flash and Java apps on iOS devices and I think my user experience was the better for it.
Too much Kool aid there. Apple values vertical integration and control of the OS. The fact that they do not allow users to set pink text on green background as the system default should not be taken as proof that most users prefer reading pink on green.
They continue to restrict it because look at how much trash was (is?) on the Android store; they restricted it even more in the early days because of the torrent of low effort fart / gag apps.
> They continue to restrict it because look at how much trash was (is?) on the Android store
You're saying this like there isn't any trash on the Apple App Store? Come on... Beyond the top lists or other discovery models, the Apple App Store contains bunch of things that will never even be downloaded by anyone...
It was more exclusive in the beginning, I give you that. But today, it has as much trash as any other app store.
The iOS app store has way more trash than the Android one. Android has lots of open source software. iOS has a bajillion crappy $2 apps instead. I got an iPad from work, and not only does it not have a calculator from Apple, it's really hard to find a lightweight, low-permission, ad-free calculator on the App Store. I eventually had to settle for one designed for iPhones.
That's a problem of having a single app store everyone has to go through. Why would you care about a thousand fart apps existing as PWAs online? They wouldn't affect you at all.
I don't think that they care about not having useless apps. They care about the apps looking "integrated" in their system, right? I am an Android user and an Android developer, and I must admit that iOS apps usually look more consistent (in terms of UX).
And that's one of the values of Apple: this vertical integration that makes the overall thing look more polished (and probably easier to use to some extent).
Of course, they are happy to keep the restriction because they can take 30% commission on the paid apps, I'm not saying they are perfect and that there is nothing to improve. But I am not completely convinced that forcing them to lower their standards of integration (by allowing any kind of apps) is necessarily beneficial for the users.
After all, why do developers want PWAs? Probably mostly because it is cheaper for them, not because it's better for their users, right?
> After all, why do developers want PWAs? Probably mostly because it is cheaper for them, not because it's better for their users, right?
Wrong, PWAs can provide better services for users, and the lack of PWAs and enforcement of the App Store monopoly can hurt them[1]:
> The fact that Apple refuses to implement basic features in mobile Safari that Firefox and Chrome have had for years now, and the fact that they refuse to allow other browser engines on iOS is the reason why we can't have nice things like progressive web apps.
> I recently worked on a health app related to the COVID pandemic. The most common use case would be served really well by a PWA, and as such, there's no reason users would need to install an app on their phones to access the web app's full set of features.
> Despite the web app working perfectly on Android and across Windows, Linux and macOS without native integration, we now must dedicate time and resources to develop an additional iOS app just so iOS users, which over half of Americans are, aren't left out.
> This is an expensive endeavor time-wise and money-wise, during a pandemic where time is of the essence and resources are stretched thin. It shouldn't be this way, but it is.
You start by saying that PWAs provide better services than native apps (I don't believe it), and then you go on giving an example where it does not, but where you would like it to do because it would be cheaper?
A non-profit lowering the amount of capital, labor and time it needs to meet users' needs during an emergency is an example of better benefits users can reap from being able to run PWAs versus being artificially limited from doing so by their phones' manufacturer.
Seems to me that you are generalizing from a far-fetched example.
I am not saying that users can never benefit from PWAs. I am saying that globally, I am not convinced that PWAs will improve the life of iOS users. Just like I don't feel like Electron is improving my life. Slack would maybe have to make a proper app if they did not have Electron, it's not like Salesforce doesn't have the money. I could even go further: if it was actually expensive for such companies to write apps for the platforms they need to support, maybe they would open their APIs. Slack/Discord are glorified IRC messengers, I would love to have a lightweight client to use them (instead of getting a full copy of Chromium for each).
> They continue to restrict it because look at how much trash was (is?) on the Android store; they restricted it even more in the early days because of the torrent of low effort fart / gag apps.
A yet there are a ton of low effort and literal fart apps on the App Store[1].
Games are an obvious example where platform UI conventions aren’t applicable, and where Apple’s restrictions hinder not just UX (see discoverability in the App Store) but also incentivise shitty monetisation practices.
Gaming on mobile friggen sucks and that is primarily because Apple wants to retain control and the biggest piece of the pie.
Gaming in mobile browsers, in 2023, should be as easily accessible as it were in desktop browser in the Flash days. Apple just won’t come to the table to facilitate a decent gaming experience in Safari.
Let’s also not forget Steve Jobs was all for web standards in his letter against Flash. Apple should make good on what was promised in that letter instead of dragging their feet.
I see this argument often, but I'm genuinely curious if it's actually the case - at least in my experience, a huge amount of apps nowadays have custom-designed UIs and very little conformance to "platform UI conventions". And that's even an expectation - if you see an app that uses standard UI controls, navigation etc - it comes off as basic and probably not really polished. I might be completely wrong.
On the other side, if users want standard UI and that's a factor in adoption, wouldn't people making PWAs then just make the apps in such a way - there's nothing stopping them, and there's no lack of UI libraries enabling that.
I want good PWAs. I don’t want borderline spyware-apps with access to all kinds of apis. There is no reason why a messaging app needs my gyro data, or gps, or all of the other stuff they just implicitly get because they are an app. I’m starting to think that some of the worst that ever happened was that Firefox OS failed.
They would be running in a browser, and you can just deny it getting location information, but in general, apps have access to much more raw data than a tab in the browser does. It's also possible, in theory, to run a PWA in a different browser which masks your information.
Apple knows what they think is good. It turns out lots of people agree or they wouldn’t be so successful.
You have a choice, if you don’t like it buy an Android phone. Or a Sailfish phone, or a KDE phone our one of the other open source phones where the only “apps” are low quality PWA crap. Look how successful they are.
> You have a choice, if you don’t like it buy an Android phone. Or a Sailfish phone, or a KDE phone our one of the other open source phones where the only “apps” are low quality PWA crap. Look how successful they are.
Do you think that's because of PWA UX being inherently crappy and not, say, the fact that those projects don't have billion (or trillion) USD companies behind them? I think you're mistaking the effect for the cause.
PWAs are a way of lowering the barrier of entry for new devs and that's important if you want to achieve any scale.
> You have a choice
It's kind of a like a thug saying that I have a choice between being slapped in the face, kicked in the butt or subscribing to his Twilight fanfic podcast. Yes, I do have a choice, but neither of the choices is really something I'm looking forward to. Betamax vs. VHS comes to mind too.
I think the line of thinking in the parent comment is a bit naive. There's nothing inherently wrong with PWAs from the UX pov if we take monopolies and FUD into account. That's the reason it is harder to build a PWA with really good UX now (harder but not impossible).
I think the parent is mistaking the effect for the cause, and our choices as consumers are limited. Hence the choice often is the flavour of the lesser evil we're most comfortable with.
Apple doesn’t know what you want and neither do you. Apple makes you want.
Nobody, least of all oneself, knows what one wants (except in the moment; I want some peanuts) so we have to be told. And you certainly do have a choice, so long as it’s the right one.
Market decisions don’t do anything to prevent the tragedy of the commons - is the general answer. I have mixed opinions on this specific case, but I absolutely see how this could make things worse. If everyone starts releasing their own versions, and not offering the apps in the App Store anymore, than the people who prefer the walled garden (for which there are good reasons to want) then they lose that choice. It’s possible that doesn’t happen - and allowing people that don’t want the walled garden should also have that choice, but you can’t simply boil this complex question down to “free market”. It’s intellectually dishonest, at best.
Counter-example: I don't want crappy ElectronJS apps, but I don't have a choice. Discord/Slack don't have an open API that would allow a good third-party client.
If I don't like PWAs but WhatsApp stops supporting anything else, how can I use WhatsApp without the PWA?
There are definitely too many crappy Electron apps out there, but at least WhatsApp have been working on a native macOS/iPad OS app for more than a year now. Last time I tried the beta, it wasn't really usable yet, but at least there is hope.
Nice! I'm always happy when companies make real native apps (in that case Electron can be kept as a fallback) :-).
What would be great would be for them to have some kind of API to let people write their own clients. Maybe there are big downsides with that (Loss of control? Having to keep backward compatibility?) but I don't really see them.
Because markets sometimes fail so it pays to be sure if that would or wouldn't happen. How many Android customers choose an app based on its API? What is the quality of the Android store? Why would it work differently for an Apple Store?
Just some anecdata: I use the Outlook PWA (on an iPhone!) to access my work mail and calendar. It does not have notifications, which I really liked for calendar events (because I’m forgetful), so that’s a bit sad. However, there is a decisive pro: It cannot enforce restrictive device policies. What a great feature!
UX isn’t half bad either. It actually feels pretty native most of the time.
On the other hand our IT recently blocked external sharing of calendars, which I'd used to gain read-only access to my work calendar on my private phone and I bloody hate it – by the time the browser and Outlook have loaded on my under-powered phone, I could have launched my calendar app ten times over, plus the work calendar is now no longer integrated with the system calendar APIs so it no longer appears on my homescreen calendar widget, I now I have to switch back and forth between separate apps for my private and my work calendar, offline access only works so-so and wastes additional space, etc. etc.
(Plus I don't want to actually deal with full Outlook because I have zero interest in accessing my work mail privately, whereas I do need to take a look at my work calendar in order to avoid accidentally double-booking myself.)
I would certainly think so? The PWA currently does not contain anything about notifications.
Even on your run-off-the-mill desktop web browser, push notifications do not come “for free”. You need a service worker. You need a specific server implementation. It’s not just the Notification API.
"Users" don't fall in one bucket. Me, I do want some PWA's, not least because Apple's prudish stance disallows anything sexual or adult on the App store.
> There is a great tool to increase security: the browser and its sandbox. You don't need to install anything fishy on your phone, and the sandbox rights coukd be sufficient for many apps.
To this day the browser is still a second-tier experience to native apps. But that's fine, because anything you get from the macOS and iOS app stores are sandboxed too. So are non-App Store apps on macOS that choose to run in sandbox.
Are you sure PWA doesn’t work on iOS? I remember installing websites as apps on my iPhone. According to this SO answer I think one can even make it full screen (with a workaround at least): https://stackoverflow.com/questions/53061258/pwa-not-opening...
>Apple being motivated by improving security are BS
I'm not sure how they are motivated but in a report Apple cited:
>In Nokia’s 2021 threat intelligence report, Android devices made up 50.31% of all infected devices, followed by Windows devices at 23.1%, and macOS devices at 9.2%. iOS devices made up a percentage so small as to not even be singled out, being instead bucketed into “other”.
I personally use iOS and got it for my mum and aunt etc as it seems to suffer much less from malware in normal usage. I'm not sure if there is any evidence to the contrary?
A lot of viruses (and jailbreaks on iOS amongst others) are distributed via this browser / sandbox; it's only secure in theory and it took decades to get to that point.
Sure (before the Rust evangelists swoop in), part of that was due to using unsafe languages; part was due to extension frameworks that had too much power (ActiveX, which was even used to update your operating system, I can't fathom why they thought that was a good idea). But it'll take many more years of zero incidents, jailbreaks, etc before I'd trust the browser over Apple's app sandboxing and app review and distribution approach.
This is funny because by far the most impactful breaches of security on iOS phones have been due to the Apple components, like the messaging app that inexplicably is still written in ObjectiveC as it's ever been, or the image framework found to contain various bits of opensource code they never updated, never audited, or the various terrible magic "serialization" features.
This Apple native crud they force every app to use (up to the whole browser engine, like in the IE days!) is truly the ActiveX of our times. Only you can't even get rid of it.
Chrome and Firefox are as secure as Safari, if not more, banning them is a commercial choice not a technical one.
iOS exploits still exist, there's no real advantage in Apple sandboxing apps, they are routinely leaking users data and being exploited as well.
OTOH Apple refusing to implement certain web standards is proof that they cannot guarantee a safe implementation, which is a reason more to allow better browsers on their platform.
Microsoft thought ActiveX was a good idea because they built Internet Explorer out of OLE and COM. Everything in that era of Windows was built to be embeddable and composable - "compound documents" being the original design goal. If you needed to stick, say, a video into a web page, COM/OLE was the obvious way to do that on Windows in 1996. It's not any different from, say, early Firefox extensions being built out of XUL - in fact, I recall XUL extensions for Firefox that would literally add ActiveX support back in. It wasn't until Chrome came along where extensions didn't get to muck about with browser internals.
You can exploit in both native and browser contexts. Most jailbreaks nowadays are assisted by a native application that you dev-sign to deliberately pwn yourself with. In the past we had websites that you could use to jailbreak with. Both are sandboxed environments with significant attackable surface area, so one is not necessarily more trustworthy than the other purely on measures of exploitability.
A non-app-store web app on iPhone has been able to be full screen since initial release of Home Screen web apps. When you launch from Home Screen, it gets the whole screen.
See the Xbox Cloud Gaming "app" for instance, which is outside the App Store, just launch then "Add to Home Screen", close, and run from Home Screen.
As for what can be done with browsers, see the venerable iCab but also Kagi's Orion browser which runs Firefox and Chrome extensions, even on iOS. Yes, it's WebKit based, but so was Chrome for a long time.
Given you can run Xbox games or arbitrary extensions from other browsers, it's clear the web app and WebKit limits are less restrictive than most discussion acknowledges.
For the last few features that used to be missing, like notifications or other native hooks, notice Microsoft has the sidecar native app for iOS that handles in-game chat, LAN discovery for Xbox setup, and notifications.
To be clear you absolutely cannot run Xbox games in a web browser. The service you’re talking about is just streaming video from a remote Xbox to the phone.
You and the OP are both right about fullscreen. There is a web fullscreen API, which Apple does not support. However, PWAs strip out the browser UI so you’re effectively fullscreen. Though you can’t do anything about the status bar, nor can you lock screen orientation.
But more to the original point, none of this has anything to do with security. Apple disallowed a native Xbox streaming app because they demanded a cut of the revenue and MS wasn’t willing to give it.
I sometimes feel that some HN folks need to consider a job inside EU committees. It's probably boring work, but even if you spend 10% of your time in meetings and the remainder on a secret side project, you will be doing society a great service.
>Apple being motivated by improving security are BS, and it pains me te see people in this forum falling for it or reapeating this.
Genuinely looking for evidence of this counterpoint you're making. As the evidence for the security angle is proven. iOS takes less than 1% of malware, Android takes nearly 50%, in between we have Windows, IoT devices and even MacOS taking more malware than iOS.
So where's the data that this strategy isn't working to protect iOS devices? I want to see it.
PWAs and SPAs are awful. And to think they’re not downloading and executing code is foolish. There is no memory model for a browser. Each browser implants is sandbox however it wants.
>>Apple being motivated by improving security are BS
Their motivation is most definitely money now. Maybe not in the start though. Whatever their motives are though I’m super satisfied as a customer that they haven’t went down the android path of version calamity, an app store that I have zero trust in as an app buyer. Also tell me an android flavor the supports devices purchased 6 years ago? It’s a package deal. Having the wealth that is generated by the things that the EU has mandated will cause cuts in other areas of device support and/r&d. The option is making less profit or bumping prices to offset. In time we will see.
I think it would be great of Apple to just stop selling devices in the EU as a thanks to politicians who voted for this ill advised rule. I’d like to see how long it would take for them to roll it back because you know they would eventually buckle to the people.
To you and those of like thinking just assert your freedom of choice and go buy an android device along with the shit show it is and leave us to our relatively safe walled garden.
wait, so it wasn't money before? when they ran all those ads and did all of that 'we're the only privacy company' marketing? i guess it worked really well. when some of it was kinda just, reframing of lacking features and capabilities, and their 'closed ecosystem/walled garden' structure, as 'more secure'.
I think is was more about the customer in the Steve Jobs era. And honestly I’m glad money is a component of it now. A financially healthy Apple is a sign they are meeting the customer’s needs. I bought into the ecosystem coming from Android for all the reasons stated. I honestly miss the ability to sideload apps and firmware but am willing to pay the walled garden price.
If you don’t like IOS in it’s current form don’t buy it but don’t knowingly buy it knowing it’s not what you want. Don’t be the noisy spoiled 1% of our society and try and make the rest conform to your ideals. Go choose something else to ruin.
If enough consumers vote with their wallet Apple will take notice. In this case that is the correct way to pursue change.
The full screen feature works fine on websites for me? Well mostly fine, it's rubbish for games in particular due to a user hostile feature that forbids rapid screen taps, insisting that you might be using an on screen keyboard and denying you the autonomy to tell Safari to please not. But ignoring that, the feature seems to exist. What am I missing?
Interesting. You say it works fine and then in the same breath you make a point to show it isn't and then choose to ignore it. What you're missing is that Safari shouldn't have that bit hard wired in.
The AppStore, in its current incarnation, almost certainly decreases security. And I mean this in a very concrete and demonstrable way. Apple on the one hand insists on touting the safety of the AppStore, and its reliance on app-review for this safety, to people (and Congress!),creating the reasonable expectation that if something has made it onto the AppStore, then it it’s gone through this stringent analysis and should be considered safe by default.
However, they then bizarrely and deliberately refuse to actually police the store, to an alarming and almost cartooninsh level. We’ve seen this time and time again: scan apps remain on the store for months despite being reported. Take just last month when fake Authenticator apps flooded the AppStore to take advantage of Twitter getting rid of mobile phone based 2FA, and not only were those apps allowed on the store, but often managed to get top recommendation.
At least on the web the expectation is that it’s the wild west and you should be careful what you install. On the AppStore it’s as if Apple has purposefully invested effort into creating the perfect mark for von artists: convincing their customers that a shark infested pool is totally safe to swim in.
And this is the undeniably bad stuff, it doesn’t even touch on the “grey area” of these disgusting children’s casino apps that dominate the AppStore, and that Apple shares the profit on to the tune of 15-30%. The incentives are all broken. Apple profits when scam apps buy ad-placement using real apps names for keywords. Apple profits from apps that convince kids to buy garbage IAP.
It would be one thing if the AppStore actually lived up to its supposed principles, at the cost of hurting competition, innovation, and the occasional frustrating developer rejection. There’s actually be a trade-off to discuss, and we’d actually be arguing about principles, and whether safety matters vs. freedom blah blah blah. Hell, as a parent, there’s versions of a well managed AppStore that I’d probably begrudgingly accept.there be a “can’t argue with the results” thinking there.
But that’s not what this is, and I’m tired of pretending toy is in arguments that defend the AppStore. It’s been 15 years, the AppStore isn’t in beta, it’s not “a work in progress”, there’s no room for arguing about its vision vs it’s “current” reality. The AppStore has shown us what it actually is: a supremely lazy and un creative business cudgel that serves neither developers nor customers, and instead serves Apple first and ironically Apple competitors and criminals second. How does it serve Apple competitors you ask? Consider that companies like Amazon are offered special AppStore rates. Little developers don’t get that, big companies do. So not only does the AppStore exhibit monopolistic behavior, it also props up other monopolies.
Also, the search sucks and it’s ugly. It feels like a free samples booth at a Costco. No one at Apple has any taste anymore. Not really relevant to the argument, but just want to point out there’s zero to be proud of in that product.
Hasn't Apple always said the reason they don't allow sideloading was that it'd be impossible without compromising security? So are they claiming their European iDevices won't be secure anymore, or are they admitting they were lying before and that the real reason was nothing but greed?
I suppose it's true in the same way that having knives in your kitchen makes it more likely that you might cut yourself. but a kitchen without knives kind of sucks so
I don't think kitchens should have knives. I want my parents to be able to eat, but with knives in the kitchen they occasionally cut their fingers and I don't want to have to deal with that. You could make it optional but before you know it they'll get knives anyway. Besides, most people eat processed food and don't want to make meals from scratch so this is only a problem for a handful of people.
If Apple's social media team is hiring, you should apply - this is exactly the irritating kind of replies I get when I criticise some Apple product. :)
I find this hard to believe. Don’t get me wrong, freedom to sideload apps is a thing I believe in, but saying ‘it’s because my parents want more freedom’ is certainly a stretch.
Or usability of this feature would be so frustrating, that no one will use. Constant security popups on every start, very limited available API for apps, etc...
Recently I've noticed more sites providing a visible "Deny All" button, rather than the dark pattern of going through and unchecking 5, 10, 50 tracking cookies individually, or having to dig out a button hidden somewhere.
I assume this was how it was intended to function, but the kind people that run internet websites intentionally made it more difficult.
How they will do it likely is they will charge to install the App store app and assign it a CA and require it to sign the apps downloaded from that app store.
The sideloading of apps will technically be an apple approved app but enforced by another app store. To put it another way you would not be able to randomly download an unsigned app.
It's one thing to provide security in the kindergarden. It's another thing to provide security in the jail. So far Apple's track record is kindergarden security. They do have tech in place, but how that tech would resist big bad world outside the wall remains to be seen. My guess would be that there will be apps breaking the jails in the first years and 10 years later things will settle on and it'll become relatively safe to sideload untrusted apps.
Of course if one's smart enough to only download apps from reputable websites, then the only worry will be privacy issues which are probably not important for most people
3rd party apps are validated via OCSP on macOS when the apps are launched.
A few years ago this was an issue, when millions of macOS users found that they couldn't launch any apps at all on their Macs, because Apple's OCSP servers were down[1].
The whole point is that there would be no app review for independent apps.
It's not a technical change in who distributes the software, it's a radical change that results in developers being able to give apps to users without being in a contractual relationship with Apple period.
AppStore pretty much only does a “grep -r porn” on every app, hardly meaningful “security”. If anything, it’s best at mysteriously flagging competitor apps.
Perhaps "has it ever been hacked" is not the best metric, unless you prefer to keep your devices under armed guard, encased in several meters of concrete, without an internet connection.
That limits what they can do, but it doesn't mean they can't do anything malicious. Someone could make a YouTube app which removes ads, but steals your session so that they can viewbot or spam comment sections with legit accounts.
Distribution is centralized and Apple can end distribution if the app gets reported and add the malware to their malware scanning.
While possible, it should be more rare. When working on massive platforms it is typically the goal to minimize metrics like malware installs as opposed to trying to make them 0. The relative probabilities are important.
Scanning apps for malware, preventing them from being installed or run, and warning about malicious apps, doesn't actually require centralized distribution or limiting sideloading. This malware problem with sideloading has already been solved, by Google with Play Protect on mobile, by every other system that allows 'sideloading' and has some kind of antivirus, and by Apple themselves in macOS.
Compared to an antivirus (macos, windows, android, all have protection built-in), that could detect a malicious app, or receive a report about a malicious app and then block it from being run, having an app store in the chain might not even be that much help or be at all different in that process.
If anything, giving potential malware apps a chance to be published on an app store, get that scale, visibility and access to an audience outright, and hang there even if for a little bit before getting taken down, could be kinda worse than if malware apps were distributed across smaller venues. Where, through what channel could a malware app get access to biggest amount of people? Through a centralized app store. (especially if it's the only one on the platform, and the only way to install apps*, forcing all users of the platform to be there.) An app store gives potential malware makers access to an existing audience, ready to be exploited, and a centralized app store ensures that it's the biggest audience possible.
Even if this is small progress the headlines and framing of the story are still doublespeak. Installing applications on your computer is the normal state of things. Walled gardens and not having control of your computer is the new weird thing. The word "sideloading" is a feudal concept and it's unquestioned use is dangerous for society.
Properly stated this story title is, "Installing applications on iOS 17 might be allowed Europe" which highlights the absurdity intrinsic in the practice of users not being able to install applications on their own computers as a default.
We focus too much on criticizing language instead of ideas. IMHO, this just leads to tiresome and hollow debates. So, I’ll call that out here.
Also, your proposed rewording isn’t correct either because installing applications is already allowed. You can debate the App Store all you want, but it definitely does let you install apps.
On topic: This is silly and Apple should allow sideloading. I don’t buy the security argument because the security comes from the sandbox, not Apple’s poorly-run approval process.
Yeah, sure. I get it. But I see a lot of people wasting a lot of time arguing about the definitions of words and how to spin them to try to gain the upper hand in The Discourse. I’m not sure it’s worth it. 1984 may not be a good guide anymore.
I have no idea how you came to this conclusion. It's obvious that I'm criticising the idea of "sideloading" not the word. You can call it some other arrangement of letters and the concept is still very dangerous.
And in this case it is also definitely true that apple does not let you install applications without someone paying them $100+ and their continued approval. The "let" is the key here.
Responding even though I know it’s not going to be fruitful.
The way I came to that conclusion is I read what you wrote, which primarily discusses the language, not the idea. See your references to “doublespeak”, “framing”, “headlines”, and “the word sideloading”.
You claimed “Installing applications on iOS 17 might be allowed in Europe” would be a more accurate headline. It wouldn’t be, because you can install applications via the App Store. If you wanted your headline to be both accurate and to discuss the approval process and fee, you would need to include that, as the original headline does by mentioning “sideloading”, the word that you take issue with but does at least actually raise the issue you’re concerned with.
Yeah, because I’m discussing that with the guy I was critiquing. You may notice I put my opinion on the substance of the conversation in my original reply.
The issue with such a statement is that the terms can and do mean different things to different people. I probably have a similar definition of computer and application as you, but many people, maybe the majority, may not.
For one thing they might think of a phone as a fundamentally different thing from a 'computer' with a different role. In fact I strongly suspect this is the majority view.
Within that people probably think of an 'application' as fundamentally a pre-screened, pre-approved, piece of software to enable some function specifically on the phone and within the phone's ecosystem. Not as any arbitrary piece of software. In fact that might all be seen as a feature, not a limitation, in the majority of people's eyes. Again I strongly suspect that is the case.
I used to think the same way, but not anymore. The amount and variety of attacks on the devices have increased too much in the last years. The device could be encrypted, money could be stolen, some malware could sit silently and do surveillance for who knows.
I always wanted to install software on my iPhone without the manufacturing company deciding what I can and can not have (according to californian standards!), but would I let my kids do that nowadays? No way! Stay on the app stores, also on Windows and MacOS is the first line of defense. It‘s sad but the safest approach.
Regular users don‘t need to install software on their own anymore, the same as they don‘t need to put processors, storage and Monitors together or install a sound card.
The App Store is a poor line of defense, because it isn't about user security, it's about securing Apple's billion dollar app distribution monopoly moneyhose. User security is just a rhetorical afterthought.
When we forgo real system safety in favor of gatekeeping corporate revenue, that isn't security. In fact, such a scheme is responsible for mass distribution of malware. Apple's App Store is responsible for distributing over half a billion copies of Xcodeghost to iPhone and iPad users[1], and that's just one piece of malware.
I think you need to look at the system of incentives and alignment
If apple's billion dollar app distribution monopoly money hose results in security problems for people, then their billion dollar app distribution monopoly money hose will be in jeopardy since it's justification comes into question.
So what you see as a problem is what makes me feel the best about it. Apple is aligned with only secure apps on their store and apple is very unaligned with insecure apps.
To apple security is not just a cost center, but a pillar of the justification for their monopoly position.
It's a poor justification. You can cleanly implement a signing system for trusted developers (they've done it before), and it's obviously possible to distribute iPhone package files. All the pieces are in place, if it weren't for their $80 billion annual hayday then they wouldn't be dying on this hill in particular.
Maybe part of it is this security alignment issue, but upon scrutiny it's clearly a small and solvable piece of the puzzle. Imagine if Keurig tried using user safety to justify a 30% cut off every K-cup sold. Such an ecosystem is doomed to fail, especially at-scale and with completely arbitrary enforcement.
> Why do you care if all your competitors also have to pay it?
Did you ever publish to appstore ? The amount of bullshit you have to go through so that an alternative payment method isn't reachable from mobile is insane, and they want % of a lot of things, not just sales/subscription - a lot of business ideas are unviable because of the policy.
Not to mention that your competitors don't have to pay the same, big players get special deals and exemptions, and Apple has first party advantage on the platform.
> The amount of bullshit you have to go through so that an alternative payment method isn't reachable from mobile is insane, and they want % of a lot of things
You say insane, but you don't say why. Revenue-sharing is the best for content producers; I would definitely not want to go back to the retail model. What exactly are you trying to do?
> a lot of business ideas are unviable because of the policy.
A lot of business ideas are unviable without slavery! So what? I don't want that, and I hope you don't either! So what is it you actually want?
> Not to mention that your competitors don't have to pay the same, big players get special deals and exemptions,
I don't compete with "big players". If Apple didn't make an iPhone and I didn't make an app to put on it, I wouldn't get that money, and pretending otherwise won't make it so. The people I am competing with are in the same situation I'm in, and if they're getting success and I'm not, I think I should worry about what I can do.
> A lot of business ideas are unviable without slavery! So what? I don't want that, and I hope you don't either! So what is it you actually want?
Did you just compare freedom to choose alternative payment method to slavery? What a bizarre world, I don't know why I've even bothered to reply to your comments, lol.
> I don't compete with "big players". If Apple didn't make an iPhone and I didn't make an app to put on it, I wouldn't get that money, and pretending otherwise won't make it so. The people I am competing with are in the same situation I'm in, and if they're getting success and I'm not, I think I should worry about what I can do.
You're dictators wet dream.
"Don't care about unfair system, dig within yourself! If competitor is doing good under dictatorship it means the problem is within you!"
> Did you just compare freedom to choose alternative payment method to slavery?
Not at all. I said some businesses should not be viable and gave the simplest possible example I could think of.
And you did not agree.
Shame on you.
> You're dictators wet dream. "Don't care about unfair system, dig within yourself! If competitor is doing good under dictatorship it means the problem is within you!"
You're still not saying what you want to do and why it is good for society, just that the "dictator" is stopping you from doing it. "Alternative payments" can mean all sorts of things from money laundering to easier-to-steal, and I can't support those things.
> It sounds more like you’re upset about apples revshare model on their channel; Why do you care if all your competitors also have to pay it?
There's a Ukrainian saying
> Хрін з ним, що своя хата згоріла, головне у сусіда корова здохла
Which literally translates to "Who cares if house is burnt down, the most important is that neighbors' cow is dead" - that's you. Ever thought that maybe you and/or your comptetitor shouldn't have to pay in the first place or that shares are unfair?
No actually. I won't ever enter any other kind of business-relationship with a larger company unless they have real competition that affects price because my experience is that larger company will try to mess you up if there's any chance at short-term gain. A joint-venture is ideal protection, but with Apple my size makes that unlikely. Revenue-sharing is a fine alternative to me, and if my product becomes worth more than my share I can always renegotiate, even with a big company like Apple, because we both want the revenue to continue. That's the point.
The pure-play alternative is much harder for small companies and individuals because they need cash up-front to get into the market, but I do understand the advantages for big pockets who don't create value though -- I just don't have any intention of being a company so big that my only purpose in life is to group-together smaller companies that aren't good enough to survive on their own.
That's fine. I'm not arguing for more channels, I just want them to let me use it for things other than the pre-approved and Apple-sponsored channels. This is akin to your TV manufacturer removing your HDMI input to force you to pay for cable.
You are justifying why a monopoly app store is bad by showing a hack that resulted from downloading an app (xcode) from a source other than the app store.
Security firm Palo Alto Networks surmised that because network speeds
were slower in China, developers in the country looked for local
copies of the Apple Xcode development environment, and encountered
altered versions that had been posted on domestic web sites. This
opened the door for the malware to be inserted into high profile apps
used on iOS devices.
I think you are also ignoring that apples app store position made it possible to authoritatively reach out to all who were effected as well as enact other remediation efforts.
This just shows that the App Store model is insufficient for user security, as the the security model was supposed to prevent malware from being distributed to users in the first place, no matter what malicious developers upload to the App Store. If Apple treats Xcode as App Store blessed because it believes it came from blessed sources like the App Store, instead of using real security measures, exploits will continue to be shipped to users. Similarly, if OSes don't implement real security that's independent of the App Store model, users will continue to be exploited in this way.
> I think you are also ignoring that apples app store position made it possible to authoritatively reach out to all who were effected as well as enact other remediation efforts.
Microsoft is able to do the same thing with Windows Defender without using the App Store model at all.
I can't give you a black and white response because I don't think the issue is as black and white as most seem to.
I think the app store is a tool and I think it is a powerful and useful tool. Can the tool be used for good? of course. Can it also be used for bad? most definitely. Can it be wielded poorly? yes.
I've used windows, linux, apple, and android, and I like Apple's environment the best. That environment is a consequence of apples choices. Apple limits my choices and I like that. I like having less choices. I don't want to have to think about software security, I want to think about how to spend time with my friends, and apple is a an environment that lets me think about how best to spend time with friends instead of thinking about software security.
Apple's restriction of my choices benefits me. I want apple to restrict my choices. I want there to be only one way to get apps on my device. That simplifies my life. I will pay more to have a more simple life. I will pay someone else to make better choices than I can make with my limited time. I want to do that.
If you don't like that, then don't use Apple. There is a perfectly working alternative to apple that you can use if you want to experience other choices. Apple has a monopoly on apple devices, but apple by no means has a monopoly on smart phones. I'm not sure there are even any major apps exclusive to apple. Apple is better because apple has more money to spend.
> Microsoft is able to do the same thing with Windows Defender without using the App Store model at all.
If apple scanned the apps I side-loaded and reported information about them to their servers that would upset me, that feels like a privacy violation.
Apple's bullying of companies with monopoly power to force privacy labels won me over greatly. They have a lot of good will for that. If apple continues to do things like that, I will continue to support an app store monopoly.
> Apple limits my choices and I like that. I like having less choices. I don't want to have to think about software security
How does this conflict with other users having a developer mode? Because you want Apple to have more unilateral authority over what other businesses are and aren't allowed to do?
It sounds like you have left the domain of "what's right for the market" and headed into the realm of "what I prefer". That's fine and decent anecdata, but completely useless to regulators who's job is to save the market. If Apple is stifling innovation or competition, even for a good cause, then we must codify the goodness and end the monopoly. That's progress, arbitrary corporate grudges are not.
It's an absurd argument. If you want to only install app store apps, then only install apps from the store. That's still possible you know, even if other people aren't forced to. That's why these arguments always boil down to bullshit about how you will be "forced" to use Facebook from outside the store and that would be terrible because being on Facebook on an iPhone is a human right or something.
If you like Apple telling you what to do, fine. Choose only from their menu.
> Microsoft is able to do the same thing with Windows Defender without using the App Store model at all.
But not for a lack of trying. Windows has tried to retrofit their App Store, just less successfully. One good example is the code signing racket, where it’s pay to play to avoid useless warnings that scare off people who don’t know better.
Look, you can somewhat reasonably prove the origin of a piece of software, but a domain name x509 cert would be better (only difference is validity needs to handle longer time ranges). The issue is all the “trusted” yadda yadda. Doesn’t matter if it’s an App Store, a holy enterprise certificate trafficker or the pope himself doing the blessing, it just doesn’t hold up. Maybe they could have a herd-protection like VSCode extensions: “50M+ users” so when I see an executable called “Facebook” with “35 users” I can stop and make my own judgment that it looks fishy. But that’s about UX for checking the vendor matches who you think it is, not blessing it.
> Similarly, if OSes don't implement real security that's independent of the App Store model, users will continue to be exploited in this way.
Spot on! Here’s the thing: sandboxing software on any of the big operating systems wasn’t there from the beginning, and that’s the billion dollar mistake. Sandboxing is the only real game changer in end-user security with iPhone/android over desktop, not the monopolistic app stores. Tbf, Apple at least has tried really hard to bring sandboxing to desktop but even they are not there yet. These mega corps should imo have seen it coming a decade earlier, when the web became vastly popular platform, much thanks to sandboxing.
So take five minutes to set up the parental controls on your children's devices. The idea that we should eliminate the ability to run arbitrary software "for the children" is completely ridiculous.
Then don’t buy an iPhone. I think it’s ridiculous that we are asking the government to save us from our own choices.
As much as you and I don’t like it, what Apple is doing is perfectly legal. And as much as you or I might support a change in the law, you’re not going to get my support if the legislation is truly universal and not just a narrow-band targeting of a single company for developing an ecosystem which resonated with a large number of people. Write some legislation which applies to ALL platforms which run software and maybe I’ll take it seriously.
And what Apple is doing is actually not perfectly legal. That's the entire reason they're changing their policies. It's not like they enjoy having to compete with app stores that offer other payment providers or allow things like emulators.
I know how to not enable side-loading. There are a dozen friends and family members who I provide tech support to and I don't trust any of them to never follow the clearly written instructions which Epic will provide showing how to sideload Fortnite onto their phone.
Sure, maybe Epic can be trusted. But perhaps Meta decides that the latest/most desirable versions of Facebook, Instagram and WhatsApp have to be side-loaded. Now it's commonplace. Now everyone's phone has sideloaded apps installed.
Sure, maybe Meta can be trusted. But perhaps some new future TikTok-esque craze besets the mainstream, and it's in the form of a sideloaded app, made easy because sideloaded apps aren't unusual, and the company who makes this viral app is dodgy as f***.
Sometimes our choices lead us to results that no one wanted. For a classical example, check out "tragedy of the commons". In those cases, you do want someone to enforce cooperation from outside, and this is what's happening to Apple now.
> what Apple is doing is perfectly legal
Not in the EU starting this summer!
Although I agree with the second point: game consoles being general purpose computers should be treated the same.
Yes it's your device, but it's not your software. You don't own the software. And it's the software which is stopping you from doing what you want.
All software effectively "dictates" how a device works, whether you're talking about an OS or an app. If you buy an app, you don't get to decide how it works. You don't like it? Don't buy it. I don't see a big push for people crying to the government to stop Activision from dictating how to play Call of Duty.
Apple doesn't dictate what software runs on your iPhone, any more than a toaster manufacturer dictates whether you can use it as a space heater, or Toyota dictating whether your car can function as a boat, or Epic Games dictating whether Fortnite can be used to prepare your taxes.
It's true that Apple doesn't make the process of running your own software easy, but you are legally entitled to break whatever barriers you like and replace the OS with a Linux distro. Have at it. It's great. I support it. And if you want legislation that requires hardware manufacturers to provide documented paths for installing alternative operating system software, I'd support that legislation eight days a week.
I like how you say that as though I hadn't already considered that point. Would it be too much to ask to perhaps give me the benefit of the doubt that I'm already aware of all of the major arguments for why Apple should allow sideloading?
Yes it's your device, but it's not your software. You don't own the software. And it's the software which is stopping you from doing what you want.
Really though I'm just saying that I resent arguments that fail to provide anything resembling a modicum of consistency around this. As far as I'm concerned, as long as Sony is allowed to keep the PlayStation locked down, Apple should have equal right to keep the iPhone locked down. And if you, the consumer, doesn't like it, don't buy a PlayStation. I realise this comes across as a trite, throwaway thing to say, but I absolutely mean it. It is, in my opinion, a slam dunk argument.
It's really nothing like your terrible analogy. Bad analogies are bad.
Ownership of software is clear-cut under the law: unless you hold the copyright, it's not yours. You have been granted permission to use the software under the restricted terms of a license. In practice though, the legal perspective isn't a useful one. It's another bad analogy, useful only because it's the one backed by law. What actually matters is what you can do.
It doesn't matter who "owns" it, you don't have the code needed to recompile the OS from source. Much less than sideloading apps, there are thousands of nominally trivial aspects of the OS which you cannot change without source code and a working build environment. Without this you don't have any ownership over the software in any useful sense.
You do own your piece of physical iPhone hardware, and it's yours to muck about with as much as you wish. But don't expect schematics or the ability to manufacture your own parts, or the ability to sideload more processing cores into the A14 chip, or replace the camera with a different module.
> As far as I'm concerned, as long as Sony is allowed to keep the PlayStation locked down.
I'm sure that now that the EU has finally woken up, gaming platforms will be under scrunity too. Mobile phones are a much more critical part of people's lives than game consoles, so it made sense to target them first.
I'm really not sure, because as much as the Hacker News crowd wants to believe otherwise, the entities exerting political pressure on Apple aren't doing so for the reasons you care about. It may result in an outcome you favour, but that's just a coincidence.
I think it's ridiculous that you think it sounds ridiculous. If people actually cared about this stuff, there would be a massive market opportunity for a competitor to make a product that satisfied people's demands. But they don't, so there isn't.
Most of the noise in the community is from people who just enjoy seeing Apple squirm and probably aren't even an Apple customer anyway. Meanwhile the entities spending real money to lobby governments on this issue actually only care about getting around Apple's increasingly consumer-protecting app review process — they tolerated the 30% fee right up until the very same month that Apple started forcing developers to inform users if they were tracking users between apps.
They want side-loading so they can track you, not so they can extract more money from you. Because they know they won't. Yes, entities like Epic might be able to sell apps with a lower marginal cost (not a lot lower, as they'll be handling stuff like fraud and refunds themselves, and Apple is still entitled to a software license fee) but the simple act of requiring consumers to enter their credit card number into an app is going to reduce transaction completion rates. I'd be willing to bet by at least 30%.
And how exactly the AppStore prevents it? By using the OSs sandbox, which will apply the exact same way to user installed programs — you won’t suddenly run as root.
AppStore checking is waaay overhyped as anything meaningful.
I used to think that way, but then I realized the Android/iOS stores are absolute cesspools. I would not trust young kids on there either.
Others are right, sandboxing is the real saving grace (and only if apps dont ask for a bajillion permissions which users will just click through so it will work). Apple is slowly trying to isolate apps even more, like they were in the early iOS days.
I used to think like you, but not anymore. I am not interested in installing random software from other people, I want to install my own software to be able to have full control over my own device.
I don't care about 'regular users'. I care about myself.
Not only do you have to own a mac, you have to keep everything updated to the latest version. This is problematic, considering that the OS gets worse and worse with every release, and some things break with new versions.
You get a license for a week only (without paying for a dev account), and has a limit of concurrently signing at most 7 apps (my parameters might not be exactly correct, but are roughly this), but a single application might require multiple signatures.
The most common way to make all this signing a bit more bearable is to have AltStore installed on your mac, which will automatically re-signs the select few apps you want in some hacky way (needs your Apple id and password).
The most common way is to pay $99 and use Xcode. I think in the long run, limiting the freedom of developers to choose whichever tools they like is actually hurting Apple, but let's not pretend that there is no practical way of running your own software on iOS.
My answers refer to ihatepython's original comment, and own software is understood there as "software I develop myself". I am not talking about own software in the sense of software you obtained from other people, which is what sideloading is about.
> The most common way is to pay $99 and use Xcode.
Don't you find it ridiculous that the "common" way to run software written by you on a $1k device that you bought is via buying $2k machine and paying 99$ yearly?
> Regular users don‘t need to install software on their own anymore, the same as they don‘t need to put processors, storage and Monitors together or install a sound card.
From a personal-computer-user point of view, installing an app from any source is normal.
For pre-iPhone cellphone users, your cellphone network operator controlled access to what apps were available for installation. This is was the most common, if not the only, method for cellphone app distribution. App makers (mostly java games) paid to get on that first page of downloadable apps. I'd add some references but Google seems to have amnesia about anything cellphone app distribution pre-iPhone.
Apple didn't have an app store initially. How Apple convinced cellphone network operators to cede app approval/control, I don't know. Perhaps it was "apple's way - take it or leave it".
On most pre-iPhone cellphones you could install any .jar file, but there were 2 challenges:
Finding a .jar file that works on your phone was the biggest. Games often only supported a single screen resolution and so there were multiple .jar files for each game and you had to find the right one for your phone. Also sometimes even if you had the right screen resolution the .jar just crashed when you started it without any clue as to what's wrong (probably they needed more RAM or some platform specific code, but I was in high school back then so I didn't know much more about it)
In the early days, there was also the issue of how to get that .jar file to your phone. I distinctly remember old Nokia phones could download them through WAP (which was paid) or receive them through IrDA/Bluetooth, but themselves couldn't send applications through IrDA/Bluetooth (I think Sony Ericssons were the ones which could also send them....), This issue was later solved by microSD cards and USB cable transfers from PC.
I've never had much trouble finding compatible JAR/JAD files from legitimate sources. Usually, either your phone's model was auto detected to serve a compatible file, or you could select an appropriate version for apps that had resolution limitations.
Pirated JAR/JAD files were definitely hit and miss, but I don't think those are a great example.
It was the most common, but not the only method.
You could (at least on Nokia phones) go to any wap site and download a .jad/.jar straight to your phone.
I did that a lot on my series 30 (3510i).
I think other manufacturers allowed that as well, but I could only use the "free wap browsing trick" on Nokia phones, so I never explored that.
Pre-iPhone phones, for example Nokia phones with Symbian on it, did allow you to install applications. I remember when I was in middle school with a Nokia N70 exchanging games with Bluetooth with my friends. Who had internet at home (that was only a bunch of people) did download games from forums and then send to everyone else, as well as music and videos. Same for other models of cellphones, they all had some sort of application format.
Then the first Android devices arrived, with the Android Market (long before Google Play) that did allow you to download apps. But most people again maybe they didn't have internet, or more simply wanted pay apps but didn't want to pay for them, just exchanged .apk like it was the norm. (Pirating by the way was much more present than these days, for example I don't recall a single person having a PlayStation without the modchip, and burned PS1/PS2 games where the norm).
It's only with the arrival of the iPhone that this was no longer possible. In fact I recall that the criticism of the first iPhones, till the iPhone 4, was that it was an overpriced device and that it did lack of the possibility to install applications and exchange files with bluetooth, like everyone was used to do. The iPhone was a niche product that was not diffused (when I was at high school I recall maybe 1/2 people having iPhones, all other one Android devices).
The thing on cellphone operators is maybe an US specific thing, I don't recall having anything like that in Europe, more specifically in Italy. Quite frankly till 10 years ago using the cellphone network for internet was unthinkable, because the prices where so high. Then arrived the contract that give you 100Gb of data a month for 10 euros, but back in the day internet was expensive, to the fact that just by pressing the internet button on a phone it did consume all your credit. This is probably also the reason why WhatsApp become so popular (you could chat with your home internet connection that now everyone had without consuming expensive SMS)
Personal computers really are the exception which proves the rule. Whether it’s the software in your TV, your pre-smart phone, your car, or your game console, locked down has always been the norm.
The pc predates all of your examples, so I don't think it makes sense to say "has always been the norm". Has _become_ the norm, perhaps, but thats the entire point. It's not great that it has.
That is a good way of looking at it. What's missing is a catchy name to debase store-based installation similar to what was done through "sideloading". Perhaps "lord-loading", "begstalling", "babybiting", etc.
Even on Windows if I send an EXE or MSI of my software to someone they get a scary security warning that prevents them from running it. The only guaranteed way around that is to be a big company (or a big open-source project).
If security really mattered, every OS would run applications in a proper sandbox, but why bother with that when you can just point your Web browser at a program running on someone else's server? Oh, but consent to these tracking cookies first.
Actually, in a way, it is. All Microsoft has to do is revoke your application's signing certificate and Windows Defender will prevent it from running on Windows computers.
Apple does the same thing with Notarization and Gatekeeper on macOS. If they choose to revoke your signing certificate, Gatekeeper will prevent your software from running on macOS.
That means if you do, say or compete with something that Microsoft or Apple doesn't like, they can prevent your apps from running on their platforms.
Likely because you've either disabled some of the overbearing security mechanisms at some point (smartscreen is a toggle and it's really frustrating if you're setting up a compiler toolchain) or you're running files that were produced on the local computer. If you disable all the privacy invading checkboxes during Windows setup (most don't), you partially neuter smartscreen as well.
Every browser I know uses the Mark of the Web to tell Windows that a file came from the internet. You'll have to store the file on a FAT32/exFAT drive to get rid of it. If a file comes from the internet, smart screen kicks in.
When a file is unsigned, smartscreen essentially prevents you from running the file. You can work around it, but I had to look up a tutorial myself.
If the file is signed, metadata will be extracted and submitted to Microsoft. If that fails or the exact binary hasn't been run on a certain amount of computers, smart screen will show a big scary warning
despite your $500 a year digital signing certificate. This is something developers just have to deal with every time they update their applications, but most people won't be the first x to download the executable and applications using auto updaters download updated in the background can the necessary flags to work around smartscreen.
The restrictions are there, but they're not there for (most) development environments and for most users of popular software.
> If the file is signed, metadata will be extracted and submitted to Microsoft. If that fails or the exact binary hasn't been run on a certain amount of computers, smart screen will show a big scary warning despite your $500 a year digital signing certificate.
This is true and annoying, but only with regular certificates. The more expensive EV certificates bypass this “well known” check.
I don't know what platform you're using, what app distribution method you used, where the code was compiled, if the code was signed, where it was signed and by who, etc.
A generic answer to your question is that the software was signed by whoever compiled or distributed the software, which can include your own machine. Your own key might be in your trust store or your app distribution method might put their key in your trust store. Both macOS and Windows will treat software compiled on the same system it is run on as blessed to run without strict signing checks.
On macOS, ad-hoc certificates can be used, but the OS will treat those binaries as if they're radioactive. If you compiled code on macOS, the system will treat that software specially on that specific system and allow you to run it[1]. On Windows, certificates can be added to trust stores. Chocolatey, for example, has their own signing certificate for all of the compiled open source software they have in their repositories, so Windows allows their software to run.
The biggest issue is what comes with software distribution itself, where your code isn't blessed by default by the system it was compiled on, or doesn't have signing certificates in the users' trust stores, and Gatekeeper and Windows Defender go out of their way to stop your users from running software with signing certificates they don't like.
macOS and Windows treat binaries compiled on the machine they're run on specially. Checkout out the StackOverflow link in my OP, it gives details on how binaries compiled on the same machine they're run on don't have the 'quarantine' bit set on macOS.
> That means if you do, say or compete with something that Microsoft or Apple doesn't like, they can prevent your apps from running on their platforms.
Are there examples of Microsoft actually doing that?
Ability to prevent known malware from being run in the majority of PCs after detection seems like a useful feature from the Internet health point of view.
I learned long ago, and keep it clearly in my mind, that what AV considers "malware" and what the user considers malware are not entirely the same.
and if clearly false could be used in court.
I do wonder if Windows becoming adware, but then the built-in antimalware detecting possible "competitors'" adware and removing it, could be challenged in court as anticompetitive behaviour.
You, personally, can turn off Windows Defender, but your users probably have no idea why the app they're trying to run doesn't work when they double click it. They're also probably shown multiple scary warnings that discourage them from using the app and trick them into thinking it's broken or malicious.
It's a hurdle just to convince users such an app isn't malware, and then it's an entirely other hurdle to help them actually run the software by bypassing Defender.
And for most users that security warning is as good as a cryptographic lockdown anyways.
On the other hand, I find it ironic how a lot of "security professionals" will complain constantly about users accepting security warnings with no thought anyway (and they usually use this argument to justify their increasingly authoritarian measures of controlling them.)
It can be simultaneously true that a warning can be a barrier to adoption of your software product versus a competitor, and that a warning is not an effective barrier for a user who thinks they're installing an unreleased video game or going to receive millions of dollars of crypto from foreign royalty.
>If security really mattered, every OS would run applications in a proper sandbox,
these OSes were designed decades ago, before we really had a good grasp on security. there were other significant concerns as well, such as performance
also, modern OS toolkits, such as on macos and windows 11, are moving towards a permission and API model that will allow sandboxing. In fact, macos is moving quite quickly towards this.
And lastly, there is a widely deployed OS that runs all applications in a proper sandbox: chromeos
I think it's understood at this point by everyone in the industry that sandboxing is the future, but it's taking a while to get there.
Code signing and associated warnings are significantly different from fully prohibiting the execution of unapproved code, I'm not sure why people struggle with the distinction. Windows has been doing this mostly the same way for literal decades.
iOS has a full sandbox which would apply even to "side loaded" applications, which makes the arbitrary constraint even more ridiculous as a "for your own good" measure.
Fun fact: This is the reason google pivoted to the web, after being blocked as an alternative office suite on Windows.
They realized that they need to change the platform for distribution, and hence this is why the web (post-chromium) is now what it is...with all its absurd redundancies of APIs and bloat.
Only because Microsoft can't keep their shit together.
Apple is more complicated, because despite the absolute control they've established (no other browser engine / JIT compiler process allowed for whatever made up reasons) they did not face the European courts that forced Microsoft for the exact same thing to allow to install other Browsers.
And now we are stuck with Safari, repeating the loop, because Apple can't keep their shit together.
If you hate cookies you’re going to be posted when you find out what’s happening in native apps. It’s an order of magnitude worse they just don’t have to ask or inform you first
That is assuming Smartphone is a computer. Not agreeing or disagreeing, but the point is people have different interpretation. Some think it is an Appliance.
Sad that it has to come to this messy stage where the law has to be enforced. But then Apple isn't the same Steve Jobs Apple.
>Installing applications on your computer is the normal state of things.
It really wasn't. It wasn't normal to install arbitrary applications on the computers in your fridge, dishwasher, game consoles, flip phones, washing machines, etc. Platforms have varied over time in how open they are to having other people developing for them. iOS is an example of a more closed platform and has shown that closed platforms can be successful. You can see Windows as a more open platform in comparison which was also successful. How open a platform is comes with different trade offs.
The question is which of these is a general purpose computer and which isn't. IMHO if what people tend to do on a platform is the same as what they do on a PC then that platform should also be forced to be a general-purposed computer and allow (in some roundabout way) arbitrary application installation.
For example, a smartphone replaces a PC for a lot of people. I even know some people in their 20s that don't own a "normal" laptop/desktop and they do most of their general purpose computing on their phones. In the meantime, nobody uses a Nintendo Switch or their dishwasher to do a quick edit of an excel sheet or access their bank account even if they are technically capable of doing so.
What is your definition of "general purpose computer." I would disagree that PCs should allow for arbitrary application installs. Take for example chromebooks. They are one of the most secure PCs out there partly due to not allowing arbitrary apps to be installed.
But they do allow arbitrary code execution inside the Linux VM. You can also write your own extensions which is not arbitrary code but pretty close. Maybe arbitrary userland code is the correct term here.
Do you have any evidence backing this idea? It is reasonable to believe that the closed platform allowed for the platform to be more trust worthy making it grow faster due to more people seeing it as a platform they can trust. Or maybe an open platform would have led to mass piracy of apps meaning there is less motivation for developers to make apps.
You can’t (officially) install arbitrary software on a PlayStation. Explain how describing a PlayStation as “x86” is in any way relevant to anything anyone was talking about.
Your response sounds like a bullshit which, in my opinion, it is. Stop speaking like that please.
If you think they were "extremely commonplace", you were living in a mid-2000s tech bubble. At best they were kinda commonplace among a narrow set of people who gave a shit, knew it was possible, happened to have devices which supported these games, happened to have a revision of the device which wasn't locked down by the carrier, and who had the time and patience to tinker with such unusable junk.
If more than 1 percent of Java-capable handsets ever had third party software downloaded onto them post-purchase, I'd eat my hat.
I wonder if even 1 percent of iPhones manage to get used without ever having at least one app installed from the App Store.
Just because a phone is "unlocked" doesn't mean it's feature complete, or there's any mechanism to use the features which haven't been blocked by a carrier.
Installing whatever you want on your computer is not necessarily the natural state; it’s not even how the industry started and it’s not how any other industry or devices work.
I also prefer to be able to do whatever I want with my own devices, but pretending like it’s an inalienable right, or a natural state, or has no disadvantages is disingenuous and not helpful to the debate.
Of course it's the natural state and an inalienable right to modify or do with the things you own in the way you see fit.
When was the last time you asked the builders association if you could remodel your kitchen?
When was the last time you asked Honda if you could put new mags on your car?
This whole idea that devices aren't owned when you purchase them is asinine and and insult to humanity.
Your counter arguments that it's new in the industry is simply due to the fact they thought they could get away with it. Not because they thought it was their right.
You don't see Klein putting limits on what nails you can use with a hammer but you can bet your ass they would if they could.
> Of course it's the natural state and an inalienable right to modify or do with the things you own in the way you see fit.
I agree. But that's not the same as the right to install whatever you want. It's not illegal to jailbreak a phone if you can and want to, but it's also not illegal for Apple to lock it down if they can and want to. That is and should be the default state. And it's the same for everything else, your car, washing machine, game console, etc. If you want general computers to be explicitly defined to include smartphones and uniquely regulated to force more requirements on manufacturers and more rights to users, then that's great—I agree with that—but at least admit it's a new and unique regulation and not the default state.
It's weird you chose houses and cars as your examples since they're both highly regulated in the opposite direction you’re asking for computers. You're heavily restricted to what you can modify in either of those and, as far as I know, there are no regulations that specifically require manufactures to allow users to modify anything. You can swap out parts on your car if it complies with regulations, but there's no law that you have to be able to install software; it's locked down harder than smartphones. And just like smartphones today, you do own it and can do what you want (excluding other regulations), but there’s no right to installation; it's just a lockdown/jailbreak competition between you and the manufacturer.
I’ve jailbroken my phones for years and love to do all sorts of personal modifications to my computers and other devices. I think regulations to protect device freedom are a great idea; I just want people to be intellectually honest about the debate.
> but it's also not illegal for Apple to lock it down if they can and want to.
That's the problem, it should be.
> It's weird you chose houses and cars as your examples since they're both highly regulated in the opposite direction you’re asking for computers. You're heavily restricted to what you can modify in either of those and, as far as I know, there are no regulations that specifically require manufactures to allow users to modify anything. You can swap out parts on your car if it complies with regulations, but there's no law that you have to be able to install software; it's locked down harder than smartphones. And just like smartphones today, you do own it and can do what you want (excluding other regulations), but there’s no right to installation; it's just a lockdown/jailbreak competition between you and the manufacturer.
That's what OS is for, it prohibits your from installing bomb instead of kitchen appliance. Repeat after me: Store. Does. Not. Dictate. Your. Usage. Of. Device.
i’m sure you can find an o. s. that lets you do whatever you want. but will it be updated regularly with security fixes? will it support the latest connectivity technology like 5g? will it have built in support for the latest compression formats to take high res pics and videos? will it work anywhere in the world?
if it does sure. go use it. i don’t think this exists and i’m happy to pay apple for a new phone that does this and upgrade every 5 years
> but will it be updated regularly with security fixes? will it support the latest connectivity technology like 5g? will it have built in support for the latest compression formats to take high res pics and videos? will it work anywhere in the world?
Er. Yes? To all of those? Trivially? Heck, Android does those, with the FOSS ROMs typically doing better than the closed vendor solutions.
The downsides are the obvious; security and privacy are better protected, malware is much harder to distribute and easier to shut down, fraud is more difficult.
You can absolutely disagree with the trade off, but pretending like it’s purely greed is obviously disingenuous.
> The downsides are the obvious; security and privacy are better protected, malware is much harder to distribute and easier to shut down, fraud is more difficult.
If the App Store had zero impact on the proliferation of malware, finding malware in the App Store wouldn’t be a news story in 2022. It would be well-known and expected to be teeming with just as much malware as the open Internet for the past fifteen years.
The computer industry. Computers were devices that came with predetermined hardware and software for a long time until unbundling took over and became the de facto standard.
for a long time meaning until they were not personal computers?
of course I can't install any other software on a CAT scanner, that's the equivalent of what computers were at the beginning, they were single purpose machines, but they could be programmed by the owners almost immediately after being invented.
The computer industry started with microcomputers in the 70s, by the mid of the decade they were cheap enough that individuals could own them and write software for them.
But starting from the 60s students had the chance of sitting at a computer station and programming them to do whatever they wanted them to do, according to their at the time limited possibilities.
> I also prefer to be able to do whatever I want with my own devices, but pretending like it’s an inalienable right, or a natural state, or has no disadvantages is disingenuous and not helpful to the debate.
Sorry, I phrased that poorly. Actually you already can do whatever you want with it. As long as you’re not breaking other laws, you can do anything you want with your iPhone, including jailbreak it and install your own software.
What people are asking for isn’t the right to do whatever they want with their device—they already have that—they’re asking for the law to force Apple to design their OS in a certain way.
And again, maybe that law is the best idea and should be passed—there are certainly a lot of apparent advantages. But I’d ask people to be honest about what they’re asking for. It’s not granting the user any new freedoms; it’s taking away freedom from manufacturers.
It’s like copyright; most people (or at least a lot of people) consider it a good law that encourages more creative work and supports a healthy industry, but it too is a law that removes freedom rather than grants it.
I think Apple has also done good things with their strict app store policies (from my consumer point of view).
Apple has been for example putting limits on data collection and tracking. The main mechanism is to kick apps out from Apps store if they don't play by the rules.
I'm worried that side loading will be a step back here. Strong players, like Facebook, may just take their app away from the official store and distribute it through other ways. With their strong position I don't have much choice - it's not like there would be five competing apps serving the same purpose (connecting to the people and communities on Facebook).
The prime example is that apple gives apps unfettered access to network connections. And YOU are unable to block this in any meaningful way.
What apple doesn't give you is the ability to manage your own phone. You cannot really manage what apps are doing yourself. You cannot even find out what apps are doing. And you definitely will not be able to manage apple apps, they get a free pass in all ways.
But yes, if there's a sideloaded facebook app, or a facebook store, you will be given more rope to do with as you want.
It shows you per application what data they are accessing, which sensors they are accessing and which domains the app is contacting. It also reports when they were doing this and how often. You can even export this data as a JSON file.
Apparently first one has to turn it on to start gathering the usage data. I just turned it on and it started with no data. So I’ll see how it work’s going forward.
Worth noting maybe that although iOS 15 came out only in 2021, support for iOS 15 goes back to the iPhone 6S from 2015. Not very many people actively using iPhones older than that today.
The original poster asked about _fine-grained permissions_. Not about _runtime permissions_. Details matter.
Android did have very fine-grained permissions since first betas. Yes, they were install-time - a policy was generated at install time by the system, and the app itself was unable to change anything about it. Technically, it was a nice system, but users didn't understand that, they were asking for simplified model from iOS, so they got it in Android's 6.0 _runtime permissions_.
In the end, neither of these system (or: original Android did have it, but the simplified 6.0+ doesn't) has the most important permission: can an app talk to the network?
> Android did have very fine-grained permissions since first betas. Yes, they were install-time
They weren’t really that fine-grained from a user perspective. You could not accept/refuse individual permissions, you either accepted everything or simply not install the app.
iOS always had fine-grained permission in that you could grant/refuse individual permissions. For example: you could allow an app to access the camera but refuse location services. Android only recently gained that capability.
Even more important, iOS always put the permission request in context. If I install an app and it asks for a ton of permissions I have no idea why it needs them and if it makes sense for that app to have them. Why would a chat client need access to my photos ? But on iOS, I get that request the first time I choose to send a photo to someone. I immediately see by the context why it needs that permission and I can make an informed decision.
> They weren’t really that fine-grained from a user perspective. You could not accept/refuse individual permissions, you either accepted everything or simply not install the app.
They were fine grained: apps either had them in their manifest, or not. If not, they could not call the respective APIs without getting an exception.
Because there were so many, it would be a great burden to app developers to check for random mix of required permissions, whether it was granted or not. The complexity would shoot over the roof. When Android switched to runtime permissions, all the detailed permissions were grouped into fewer coarse ones; exactly because so much detail would be unbearable for both users (fatigue from the alerts) and developers (handling the enabled/disabled matrix).
As far as I remember, iOS originally didn't have any permissions. It got them once certain app was stealing users address books, so it got confirmation for accessing contacts, camera/photos and a third thing that escapes me at the moment (location?).
> But on iOS, I get that request the first time I choose to send a photo to someone. I immediately see by the context why it needs that permission and I can make an informed decision.
The app can also remember that it got the permissions and do the nefarious thing behind your back. While it may look better, it is really not; it also won't work if the permission system is fine-grained: too many types of permissions and users will get lost. Also, users accidentally pick the wrong choice and then wonder, why the app doesn't work like they expect, or how to change it.
Actually privacy relay is currently in public beta as a part of Apple iCloud subscriptions plans.
Unless I got it wrong when enabled it reroute all Apps trafic through this "limited VPN" to prevent tracking and access to local network.
Apps that require access to local network must ask that permission explicitly. Streaming service (Netflix, Disney+,etc) do that for obvious performance gain. I noticed Microsoft Teams did it also (and I just revoked that thanks to this thread, it's a work app I better keep that out of my home local network).
Latest moves seem to imply Apple might want a slice of the Ad network pie.
So I wouldn't bet on capitalistic ideals/incentives not overtaking idealistic consumer protections.
Defenders of Apple's policies always say you can just use other tech if you don't agree with them. The same principle applies here. If an app requires you to use a third party app store and you don't like it then choose another app.
If you feel compelled to use a product with policies you don't agree with then now you understand how many of us feel about iOS.
But there's no push, you can literally ignore Apple's existence and use none of their products and you'll have no care in the world. Apple's network effect is basically zero. There's always one Android user in the friend group that spoils iMessage and FaceTime so we have to use something else anyway.
If you mean you feel compelled to sell in their store which requires a laptop, a business relationship with Apple, and realistically a phone because emulator only sucks then that's a business decision if the juice is worth the squeeze.
Yes. That's literally my point. It's really hard for Apple to establish a network effect when any group above a certain size can't use iMessage or FaceTime and have to use a 3rd party app like Discord, Snap, or Messenger.
You can't be the "everyone else is one it" social network when every Apple user uses a 3rd party messenger and video chat app for at least one person. That app ends up being the winner.
No business with a mobile component can afford to ignore iOS.
And a lot of apps launch early on iOS or have better features on iOS or never even launch at all on Android. Less so these days but it's still a thing. I was just in Japan and you can use an iPhone to pay for mass transit but not a non Japanese Android phone, just as one recent example.
I hope I don't come across as snarky -- I am genuinely curious -- but why don't you have a choice? Are you unable to contact friends, family, etc. any other way outside of FB? The phrasing seems so strong, I am second guessing if I am just privileged/lucky (location, friend/family circumstances, etc?) to be off of social media but still have friends and family that I stay connected to.
I would normally agree with you, but a friend of mine is an immigrant from a south east Asian nation and the only way to easily communicate is through Facebook with the family there. It’s like saying, sure we can take away your phone and you can still write letters, but at some point communication is also about convenience.
You just tell your friends that you are not reachable on Facebook anymore and how you can be reached.
You don’t have to "convince" anyone.
Your real fear is that people will stop reaching you if they don’t want to install another app, send you an SMS, send you an email or to call you on the phone.
Well, if your friends stops reaching you because you uninstalled an app, honestly it looks that they are more acquaintances than real friends. And it’s ok. But it’s also ok if they are just an entry in your contacts list.
You’re making an awful lot of assumptions about how people think and behave en masse. When facebook is the primary communication factor for huge family groups, if you’re the only one not participating then you miss out on all those conversations. It’s not just about one on one communication, it’s about a virtual family presence.
I say this as someone who despises facebook but this is the reality we are in. Similarly, in most nations outside United States, you really cannot get rid of WhatsApp. If you don’t use WhatsApp, you are missing out on how much of your society operates.
It's not about being reachable in a 1-1 chat. It's about being excluded from group chats which are very important for keeping up the group and friendship in general. For example, if I deleted FB Messenger right now I would still get invited to the occasional event but there would be way fewer "yo, I'm at X, is anyone free to hang out?" type messages that I will see, or invitations from acquaintances in big group chats, or the current shitpost of the week that will become part of everyone's lexicon for the next 2 months other than yours, etc. For a lot of people (including me) such communication is a majority of their overall communication with their friends and breaking them does break a big part of their life.
By providing Signal with any phone number at which you can receive an SMS or text message, you can register a Signal account at that other phone number. For example, you can create a pseudonymous Google account, register a Google Voice VoIP number, and use that as your Signal number. Or you can even use a free throw-away SMS account and use that number when you sign up for your Signal account instead of your real phone number. The Signal service will happily send the throw-away number a text message with the verification code, letting you complete the account sign-up process.
That makes perfect sense, definitely sheds light on the fortunate circumstance I am in of not needing FB to conveniently communicate with my connections. Because, I agree, you should be able to conveniently communicate if you can.
Here is an example: we are invited to my kid’s friend’s birthday. They manage the event on facebook. They had to change location and time couple of times already. We don’t want to miss it and alternatives to facebook just aren’t any better. Sometimes it’s just convenient.
Calendar invites are cross-platform and reasonably convenient. You don’t even need to subscribe to someone’s calendar, updates are vCalendar files sent over email. At least iOS and Outlook parse your inbox for vCalendar files and may update the accepted event automatically.
Apple will make it annoying enough to sideload that no meaningful amount of users will do it, causing it to be largely irrelevant.
It’s only worth it to app makers to have side loading if they can do it for large numbers of users, bypass the app store’s rules, and bypass apple’s take. I’m expecting apple to set it up in a way they can do none of those things, by making it cumbersome to sideload, not giving entitlements to apps not published through the store, and by taking a cut for sales from sideloaded apps.
That's exactly the point, though: side loading is not something to worry about, since normal users won't and shouldn't care about it at all. It is not a threat to the Apple App Store.
But it does allow for niche applications such as NewPipe and F-Droid, for technical users who know the risks.
Almost everyone in China uses alternative stores, like Huawei or Xiaomi; how else do you think malicious PDD app got on their phones? The same applies to other counties in South-East Asia. I have seen our app for Android repackaged with malware and uploaded to an alternative store and listed there with hundreds of thousands downloads.
> how else do you think malicious PDD app got on their phones?
The malicious PDD app is really, actually, published to the alt stores by PDD Holdings itself. It loads the exploit config and post exploitation modules from PDD's own CDN.
It's not the same repackage-with-malware shit plaguing China/SEA market since forever. It's first party.
And the Google Play version contains the same exploit delivery codes, though no real evidence that it was activated.
You know who's really putting limits on data collecting? F-Droid.
If that's actually your argument, that's what you should use. It's quite practical.
> Strong players, like Facebook, may just take their app away from the official
That argument really has to explain why this has not happened on every other operating system under the sun, including Android. They all suffer pretty strong monopolistic network effects.
> I don't have much choice - it's not like there would be five competing apps serving the same purpose (connecting to the people and communities on Facebook).
The same legislation that is requiring Apple to allow sideloading also requires other large players (like Meta) to open their communication platforms up to other service or application developers.
In this hypothetical case, there actually would be five competing apps, some even still distributed on the App Store.
Every jailbreak ever has been on the magical secure "app store", too. It is really weird that people on here of all places believe in this garbage performative "app phrenology" they are doing over there.
> Strong players, like Facebook, may just take their app away from the official store and distribute it through other ways. With their strong position I don't have much choice - it's not like there would be five competing apps serving the same purpose (connecting to the people and communities on Facebook).
iPhone is THE hottest device on the planet, I can’t believe anyone can seriously consider Facebook challenging its position.
> I think Apple has also done good things with their strict app store policies
Apple could have hidden the settings to enable it behind two levels of menu settings and anyone like you would never get to it. The only reason they have "strict" policies, as has been shown over and over again, is for their commercial benefit.
> Apple has been for example putting limits on data collection and tracking.
I want to be tracked by apps, because it leads to better ads for products that I am actually looking for (than some random garbage that I don't care about)... and better usability in general. Apple put those rules in place so that their ad business has the edge over competitors. If Apple was running in a country that was not corrupt, this would be seen as anti-competitive and they would be sued.
> Strong players, like Facebook, may just take their app away from the official store and distribute it through other ways.
And? If you want clear rules on tracking, go talk to your politician. Apple is blocking competitors from tracking users while it has access to all of users data and uses it for their $5 billion revenue business.
Sideloading should be mandatory and opt-in. Arguing that it should be closed is basically people wanting to control other people's computers (even though that is a popular opinion in this "hacker" forum).
It's going to be interesting when some sideloaded app starts becoming popular and e.g. americans miss out on it. I can already imagine a lot of AI and nsfw stuff in that category
The EU has no jurisdiction over the US. So there will be no legal need for Apple to allow it here. Just like they don’t allow alternate payment methods for dating apps in the US like some other countries required and Apple had to comply with.
The App Store is too critical to the way Apple sees things, they’re not going to just say “oh well”. I bet things are only open for EU residents with EU purchased phones. Buy an EU phone and activate with a US account? Bet it’s locked.
Also expect them to make hay over any security/scam issues with 3rd party stores/side loading. Something WILL happen and when reporters ask Apple they’ll be more than happy to point out how great the App Store is suggest users stick to it and blame bad regulations for making EU users less safe.
> there will be no legal need for Apple to allow it here.
The point is that since Apple had to do the work to allow sideloading at all, most if not all of the lies they came up with for why they can't allow it for everyone won't work anymore.
I don’t believe they ever claimed that it was not possible. The position has always been that it is a compromise in security controls. The counter position to that has never been that it is not a compromise in security controls. I only hope they continue to sell devices that don’t allow it, because that’s what I would choose every time, unless that choice is taken away from me.
Why do you think it's ever better to have a device that doesn't ever allow sideloading apps, over one that lets you, the owner, decide whether or not to allow sideloading apps?
Not GP, and fully agree that having the option for side-loading would be a largely positive thing for users and the software community.
But one counterargument goes like this:
When you relax the rules, larger players will be able to leverage them against individual users.
For example, Meta would be able to release MetaStore, the app with exclusive distribution rights to Meta apps. Now you need a facebook account to install whatsapp.
Meta can currently gate WhatsApp behind logging in with a Facebook account, but they don't; it will alienate users who use it because it doesn't require a Facebook account
Because these restrictions on iOS are legitimately valuable security controls. Apple decides what functionality is exposed to applications, decides who is allowed to publish applications, screens the applications they do publish, and ensures that I have the ability to consent to the permissions they are required to explicitly and in clear language request. I can safely install any application I want off the App Store, and barely put any thought into the security implications of doing so. The only thing I have to consider is whether I want to grant the publisher the permissions they’re requesting.
If Apple created a methodology for circumventing this process, all of a sudden it is something that I have to worry about, and it creates an attack surface that I’d rather not have to consider. It also weakens my ability to demand these standards from publishers. If a publisher has the ability to say “this app is only available outside the walled garden”, then they may refuse to publish it via the system that is designed to ensure my interests are upheld.
If the Apple curated experience happened to curtail the way I wished to use my device, then I would have more to think about. But it doesn’t, I can do everything on my iPhone that I want to do.
I do have sympathy for the developers who sometimes find themselves stuck in a Kafkaesque review process. But I consider my own interests to be much more important than theirs.
I have very little sympathy for the businesses who object to the revenue model. Apple’s system asserts my interests as a consumer above interests of business who frequently engage in anti-consumer behaviour. I don’t care if they have to pay to access me as a customer, this is something I’m intentionally opting into as an Apple user.
The only time I do object to Apple’s curation, is when they use it in a way that I view as prioritising some other agenda above my interests. Such as when Apple pulls and app, or refuses to publish one, for reasons such as it containing “objectionable” content. I view this entirely as them subverting my interests. If that started to interfere with they way I wanted to use my device, I would start to consider an alternative. But so far it hasn’t.
I know there won't be any convincing you, but these types of thoughtless comments are why sensible discussion on this topic doesn't happen very often. Thoughtless anit-Apple comments are no more insightful than thoughtless Apple fanboy comments.
My preference is to have a device where there are no technical means to side load apps (as that is a security control), and to have a device where a publisher cannot attempt to force me to use a side-loaded app store. I explained my reasons for having those preferences, and if you'd like you can respond to that. But this comment simply ignores all of that. You say "my choice", while ignoring all of the reasons I provided for why these changes could potentially undermine my ability to choose entirely.
The parent's comments aren't anti-Apple in the slightest. Please refrain from ad hominem.
The logic is simple: if you don't want sideloaded apps on your device, don't install them. There's no argument against this, which is why the the endless parade of facile handwringing about security is so preposterous.
Your logic is wrong, for the reasons I’ve explained. It creates an attack surface that never existed before. It allows the possibility of an entire category of evil maid attacks that were never possible before. It allows vendors to attempt to force users who don’t want to use 3rd party app stores, to use 3rd party app stores.
You either didn’t read my comment, or you simply don’t understand how these security controls work.
> It allows the possibility of an entire category of evil maid attacks that were never possible before.
No, if an adversary has physical access to your phone and can unlock it, you've already lost.
> It allows vendors to attempt to force users who don’t want to use 3rd party app stores, to use 3rd party app stores.
The refrain from defenders of this policy up until has been "just use a different device". Thus, I'm giddy that I get to turn this around: "just use a different app".
Think about what website you're on, and realize that you're fighting a lost battle.
I’m aware that the prevailing opinions on hacker news support side loading, just as I’m aware the the prevailing opinion among the general public is they don’t care about it, and likely don’t even know what it is.
However these opinions have no influence over the factual compromises that these changes make to security controls. Currently if I gave you my iPhone and my PIN code, and asked you to install malware on it, you wouldn’t be able to. The fact that you’re making some appeal to the opinions of the community rather than engage with these facts shows the strength of your argument (in addition to the general childishness of your comments).
It’s absolutely not as simple as “duh”. Not giving users a feature they want because it’s in your business interests to deny it is a difficult PR move, to put it mildly. Not to mention such a disparity in feature between different regions is pretty huge.
> Not to mention such a disparity in feature between different regions is pretty huge.
And at the same time not at all that uncommon. If you are in a market outside of the US I'm certain you will have experienced this first hand more than once. I have.
Take a look at the “Brussels effect”. The only reason it doesn’t apply in this case is that software changes are easy to made — but Apple might still have to eventually let it go even in the US, if for example people like it enough.
Right. Apple was likely to go USB-C soon on the iPhone anyway, but the EU rule may have pushed it up. It doesn’t make a lot of sense to make two physical versions over the charge port so all iPhones are (allegedly) going USB-C.
They only made things different when they absolutely had two, like the radios. But software featured are really easy to differentiate in different countries.
The big risk, and I agree with you, is that this will prove that sideloading isn't the great evil they’ve been portraying and they’ll be forced to offer it in additional places by more laws until it becomes easier to just give it to everyone.
.) whether you buy a phone as a piece of hardware and then own that hardware - which gives you certain rights regarding the usage of that owned hardware
or
.) whether you are just paying some sort of admission fee to a tightly controlled service, and are basically "lent" a piece of hardware that you have no ownership rights over.
All the other stuff about walled gardens, monopolies and security is related - but still acts as a red herring when discussing what rights a person should get for a piece of hardware they bought.
As far as I'm concerned if you 'bought' something, it should be yours to do as you please, including reselling and destroying it. If you didn't buy something, but rented it - for example a game on Steam or Epic Games store - then it should damned say so. It's a straight up lie to say you purchased something if you didn't.
"If you didn't buy something, but rented it - for example a game on Steam or Epic Games store"
I don't know about the other one, but in the Steam store I see "Buy" buttons, not "Rent".
"Buy <game name>" in the store page, then when you go a "Shopping Cart", where you can "Purchase" the game.
To me (and to the average people, I guess) it doesn't sound as a rental service at all.
I'm sure that their ToS says otherwise, but I wonder how it would fare in a court case...
It won't work because the lawyers will just argue that you are "buying" semi perpetual rights to play the game.
You instead need a judge or jury or law that says: "No, fuck you, this is confusing and we don't care what's in your ToS, you will treat this as a product which has had its ownership changed in return for money".
You are (usually) buying a perpetual licence which is revocable, not renting a licence, so the language is correct.
Common usage of the word 'buy' also applies here - the term 'rent' would be confusing to a customer and would usually imply it being time-limited (often days).
If I'm buying Bastion, the language currently on Steam isn't "buy a license to Bastion", it's "buy Bastion". That's misleading if what I'm actually buying is the license.
I believe "buy" means the same thing as in the sentence "I bought a fork". I can use the forks for as long as I want, I can sell it, I can give it away, I don't have to tell anyone how or when I use it, and if someone doesn't want me to use it any more, they can go fork themselves.
I guess you can believe that, but that's a very narrow definition of "buy" and certinaly more narrow than both the dictionary definition and common usage.
Under your definition you can't buy a ticket to a concert, or buy pharmacuticals if a doctor gives you a perscription, but most people would say that you could buy those things.
It's not very different, both are under law, just one is under contract law.
Of course you can own things that you can't sell anyway, you can own an extended warranty on your flatscreen television, or own non-transferrable bonds in a company.
Most things you own you can sell, but it's a mistake to think that ability to sell is a prereqesite to ownership, and a non-transferable licence is one of those things on the list of 'things you can own but cannot sell'.
And on the 'buy' point - Do you think you can buy a haircut, or buy a pedicure?
If we are happy that you can buy services, I assume we are happy with Steam using “buy” to represent the purchase of the service and licensing offering they have?
Buying something and buying a right to use it are two different things.
If somebody told me that they are selling me a house and then I discover that I only got the right to live in it, I would be pissed off.
Now, with software this is usually not a big issue because the mismatch is not huge. When you buy a retail software, you got not the same but at least similar rights that you get when you buy a physical book: you can use it, you can lend it, you can sell it, you cannot make copies. So, when you say "I bought a game", everybody understand what it means, even those that disagree with the term.
Now in case of something like Steam, not only you get a license, but you cannot lend it, you cannot sell it, one day you may not be able to use it anymore because the DRM servers are taken offline (not Steam's fault this), or Steam may decide that you are a "bad guy" and remove access to your whole library.
At this point, the difference between "buying something" and "buying a license to something" becomes more marked, and in my opinion should warrant a different term on the store.
> Buying something and buying a right to use it are two different things. If somebody told me that they are selling me a house and then I discover that I only got the right to live in it, I would be pissed off.
Probably a bad example - lots of property deals are structured as purchasing the 'leasehold' where you only get the right to live in it and do not own the physical property/land.
Most times when people buy an apartment/flat for example, you aren't actually buying an apartment, you are buying a right to rent an apartment.
This is very common in the UK, and does happen in the USA too (e.g. in New York).
This is distinct from buying a freehold property where you are buying the land and structure, rather than just buying a right to rent for a particular term.
It means it is your forever, unless it is taken back, the reasons for which would be described elsewhere in the contract. The language may not be lay language, but neither was the ream of paper it took to buy my house, but people still do that every day.
Digging into this a little deeper, even "irrevocable" isn't as clear-cut as one might expect.
> An “irrevocable” license, on the other hand, cannot be terminated, although there is some divergence in authority regarding whether this means that the license cannot be terminated for any reason or only that the license cannot be terminated for convenience, but still may be terminated for breach.
It's not quite as simple, the main reason for the 'rent' argument is DRM (e.g. most Steam games will stop working if the Steam client can't phone home for a while), but some games on Steam are actually DRM free - it's a very small minority though.
I agree. Anyone should be allowed to repair, tinker with and modify anything they own - at their own risk.
When it comes to software, that's only possible to do with open source. With closed source you're only ever buying a perpetual usage license. (Unless you are a company buying out another company or it's assets, that is).
It's complicated, because software and digital data is inherently different from physical goods - and all those concepts of "selling" a "copy" are just rather ramshackle attempts at making digital goods compatible with laws designed for physical goods.
I don't think those alternatives are the right ones.
You can sell your iphone without any issue, there are plenty of stores around me offering to buy used models to resell. I'm actually contemplating buying a used model. Can't do that with steam games.
I'm also pretty confident that if apple and their services disappeared tomorrow, my iphone would keep on working just like it does today. Sure, no more updates, no more new apps, it would be frozen in the state it's in.
Therefore, I think the question is whether an iphone is a "general computing device", or "an appliance". I can see the arguments for both, even though I tend to treat mine as the latter.
> I'm also pretty confident that if apple and their services disappeared tomorrow, my iphone would keep on working just like it does today. Sure, no more updates, no more new apps, it would be frozen in the state it's in.
You can hardly call that "working like it does today". It doesn't. When features on it inevitably cease to work or be interoperable, you're screwed. And every day, you're probably more vulnerable to crime.
If I buy a house, I can learn to maintain it and keep it secured. I can't do that with my iPhone.
>If I buy a house, I can learn to maintain it and keep it secured. I can't do that with my iPhone.
For the argument's sake, your ability to do things to your own house is restricted by zoning, by HOA and god forbid you from buying something of historical significance in Europe -- then you can't change anything inside or outside and you are responsible for it.
I think it's important to make a distinction between the restrictions imposed by law and restrictions imposed by the seller.
For pretty much every thing there are restrictions on what you can do with it - if I buy a phone, I'm prohibited from smashing it into my neighbour's face, and grinding it up and baking into the cookies I sell would be a violation of health&safety rules, but that's still full ownership.
Now, if the seller wants to impose extra restrictions above and beyond what the general society does, that's a different issue.
True, and those issues are subjected to the same philosophical debates. Historical buildings are often categorically different, but HOAs (for a product manufactured and sold to you, as well as the land itself) are lambasted for the same reasons.
> god forbid you from buying something of historical significance in Europe -- then you can't change anything inside or outside and you are responsible for it.
What an exaggeration. Do you think such hyperbole strengthens your point? At best it makes you sound ignorant.
> I'm also pretty confident that if apple and their services disappeared tomorrow, my iphone would keep on working just like it does today. Sure, no more updates, no more new apps, it would be frozen in the state it's in.
I think you're underestimating how much of the iPhone's functionality depends on Apple's servers being available beyond just installing & updating apps: Think push notifications, backups, iCloud, iMessage, no more Safari updates (shiver), …
If Apple disappears all push notifications will stop working, even the ones from apps you already installed. This is another restriction of the walled garden.
I am semi-confident that with how anti-stealing feature works in iPhone, if apple servers are permanently down, few thousand phone owners a day will lose access to their phone forever. Not only to data, that is the part of encryption deal. To the device itself.
Otherwise, stealing would be very easy - just connect to wifi without access to apple servers and voila: phone is yours.
Like the sibling comment says, sideloading. Same as how you do it on Android, where other stores exist (e.g. F-droid). It's not as convenient as the Play Store, because Google hasn't made it such, but it's not too inconvenient either.
The fact that you can't even imagine how that might work points to the real problem.
If we were being very pedantic, what would you say is the test of ownership? If you buy an iPhone you can sell it or destroy it, so it meets those requirements of ownership. You can't destroy something you're renting, so you clearly aren't renting an iPhone.
How would I know if I own a device or not?
If you buy an iPhone, but don't think you own it. Why don't you think you own it? If your response is "because I can't run the software I want to on it," is that a problem with the perception of what you bought or is that a violation of the idea of ownership? If that's a violation of the idea of ownership, why?
Property law has been deep on all the various aspects of ownership for millenia, so there's a big "bundle of rights" which any specific type of ownership may or may not have.
One test for "full ownership" is the contractual restrictions that come attached; i.e. whether the law is the only thing that limits what you can do with the thing, or whether there are some extra conditions (which are not that rare in e.g. real estate deals for as long as we have recorded history); that's generally considered ownership but a restricted one. On the other hand, if you aren't prohibited to do that thing but simply aren't capable of doing it, that would still be considered unrestricted ownership.
But something that is a key part of ownership - especially with respect to various "buying" of e.g. games - is the ability to transfer it to others. If you can't give or sell the thing you've purchased to someone else, that clearly indicates that you don't own it.
> If we were being very pedantic, what would you say is the test of ownership?
Here's the concept of ownership for private property in German Law. It's broadly defined as 1) Exclusive Rights, 2) Transferability, 3) Protection against Unlawful Interference, 4) Compensation for Expropriation and 5) Inheritance and Succession.
If you’re required to accept license agreements to be able to use the device and those agreements restrict you in how you use it, then I see this as a restriction to your ownership. Especially if the terms are opaque and not clearly communicated before the purchase.
It's mostly semantics for this context. You purchase the right to use them for an unspecified time, not the game itself. Steam can revoke that access by shutting down your account or the service at any time. DRM will make sure that not even games you have installed will continue to run.
They have no right to delete installed games, do they? How, exactly, is steam going to prevent you from accessing the files on your computer? They are always there and ready to be archived by you and even Steam itself.
Now, some, or even many, new games may refuse if they are somehow extremely dependent on the service. The ones that I have tried run fine. Most old stuff, though.
> How, exactly, is steam going to prevent you from accessing the files on your computer
The vast supermajority of games on steam require steam itself to be operable in order to even run. Valve absolutely can break or turn off steam and (legally!) revoke access to most games on most steam user PCs that way.
The very fact that you say so basically proves the parent's point: you believe that you bought a game (or a Kindle ebook or whatever), whereas in fact you have zero control over it and if the vendor decides you can't use it, you can't. It's not a theory, it's practical reality, already tested by Adobe.
> Laws trump ToS of any kind. Do you disagree with that?
What do you mean by that? The steam ToS (which are enforceable by law) make pretty clear that Valve can revoke your access to any game at any time. Further, your access is dependent on Valve's continued existence. The argument that you are "buying a license" is like saying you "buy a rental contract" at a car rental place. The contract you have with Valve to play the game allows you to play the game for an indefinite period of time, but crucially only while Valve is still in business and while they let you play the game. This is in the ToS and in the USA there is no reason (IANAL) that I see to think the courts won't enforce this contract.
> If things are different in your jurisdiction, please do share how and why
Which law in your jurisdiction makes the Valve ToS feel more like a purchase and less like a rental?
The big difference with the car rental vs a perpetual license is the perpetual aspect of it. Nobody is signing a contract with a car rental place to exchange money once and then have the car for a long, indeterminate time.
Rental contracts have defined time periods. Perpetual licenses don't. That's a massive difference.
Are you seriously arguing that ToS somehow override laws?
Since you're not a lawyer (your words) and seem to care about US laws (I don't), I am not sure what's the point of this response to a topic about digital purchases in the EU.
The confusion in this conversation seems to be centered on the difference between US and EU law. In the EU, Steam may have to change the wording on the "buy" button. It will be interesting to see.
In the US it is legal to have a "buy" button that actually purchases a longterm revocable license. I don't like it, but thats how it works on this side of the pond.
Fair enough. I think the "buy" text issue was somewhat resolved a while ago here in the EU. Yes, you may not own the game but do purchase non-revokable licence. Was it based on German law? Don't remember
I agree (hence the whole topic) however in practice steam has full control. If steam servers shut down tomorrow and the client destroys itself most games will refuse to start.
The hardware and software, in any device, should not be so inextricably linked as to prevent the hardware from working at all without the software. Regardless of whether we are taking about iPhones, computers, cars, or farm equipment.
Looking at Linux and all the devices it powers (including most of the internet infrastructure) - it would seem that it is possible to do pretty good security on very open software that's as separate from the hardware as can be.
That has more to do with boundary defence than the OS itself, and those are more-often-than-not closed. The majority of infrastructure that you are alluding to is also heavily locked-down.
Now you’re saying that—I as somebody that very much appreciates the advantages my…for instance…Apple Silicon MacBook Pro has over a ThinkPad running Ubuntu—should not have the right to purchase the product I like because of your ideology dictating arbitrary restrictions over what’s on the market.
Don’t conflate user freedom with just…being salty that not every product is for you.
That's baloney - virtually no computers these days are "cleanly separate" from their software, at least outside of tiny microcontrollers. Do you have any idea how much software executes before they even get to the point where the operating system beings to boot?
The idea that a CPU is going to come out of reset and start executing instructions that you provide at the reset vector is thirty years out of date.
Now that you mention it, I wonder what non-separable code would run on, say, a Corebooted Thinkpad running Linux with the Intel ME disabled. Surely that would be running 100% code that was not on it when it left the factory.
AFAIK, even fastidiously "liberated" core/libreboot Thinkpads like https://minifree.org/product/libreboot-t440p/ still end up using Intel's memory-reference-code for DRAM training etc.
I don’t think it’s accurate to say you are conferred no ownership in the current model - this reads as typical tech binary thinking.
It’s either fully under my control or I have nothing!
For most people the ownership aspect is covered by being able to buy and sell the devices freely, and decide what apps to put on them.
They are (and before I’m accused of being patronising, I am in this group) happy with a device that is capable but more or less on rails and has the sort of security provided by third party vetting. And we don’t care at all that it’s the device vendor doing it.
I get the arguments about monopolies and the whole thing being damaging to business, which is in the end damaging to consumer choice.
But honestly “I should be able to do whatever I want at all layers of the stack on my phone” is waaaay down the priority list compared to “I want a secure device that does bank stuff, generates tokens and whatever else without me having to be vigilant like I am on an open system”.
So to me the rights argument is the red herring.
And yes, “choice” quickly becomes an avenue of exploitation for the less tech savvy.
I agree. Legal ownership rights do not guarantee a particular feature set. For example your ownership of a car does not entail a right to easily install whatever software you want on all the CPUs in it.
But I don’t think it’s right to call this binary thinking. It’s just incorrect thinking.
Of course you own the hardware; you have the right to do whatever you want to it. If you want to use iPhones for target practice, have at it. You don't have the right to insist the manufacturer make it easy for you: your imagination about the uses to which the hardware could be put doesn't oblige the seller.
No, the iPhone and iPad are appliances, not general computing, forcing division between hardware, firmware, and software is a technical design decision that prevents users from choosing a fully vertically integrated appliance device.
People who choose consoles over building PCs, and pick iPhones over tinkerable Android, have a right to that choice, and corporations have a right to market to them.
>You don't have the right to insist the manufacturer make it easy for you
I do, and it's easy, look: I believe Apple should let me install DOOM on the bootloader and make it easy for me to do so. If I had time to waste, I'd send emails every day, go protest in front of their HQ until I get what I want.
Apple's allowed to not do anything about it, and I'm allowed to lobby my legislators to force Apple to do so. Because Apple's wishes are not law, not in any functioning country that I know of.
No, but they can force Apple to reveal how to write that software, as well as provide the existing and necessary tools to do so.
In the same way, they cannot force Apple to write me a new, alternative app store, but they can force Apple to open the existing APIs to others. Also, making you write software has absolutely nothing to do with free speech.
While that might be the choice we're making and it seems like the first is obviously what owning a device should be like.
What if I actually want to pay a fee to a tightly controlled service? Like what if I do the math and determine that that benefits me more than actually owning the device? Should a regulatory agency be able to come in and tell this tightly controlled service they aren't doing it right when I am a happy customer?
> when discussing what rights a person should get for a piece of hardware they bought.
You already pre-decided that the first answer is correct without actually asking if anyone prefers the second.
> What if I actually want to pay a fee to a tightly controlled service? Like what if I do the math and determine that that benefits me more than actually owning the device? Should a regulatory agency be able to come in and tell this tightly controlled service they aren't doing it right when I am a happy customer?
I think the default should be protection. Just like it is okay for a BDSM-scene to exist where people inflict consensual pain onto each other — the default must still be to protect the individual's right to bodily autonomy and protection from harm — even if some people, sometimes opt to waiver these rights
Signing away those rights should always remain a special case and not the default. Same for ownership rights, because if the only choice is leasing, ownership ceases to exist. While when ownership exists you could still easily enter a lease.
Then Apple should have to call it “Subscribe to iPhone “ or “Gain admission to iPhone” or “Use iPhone” - but not “Buy iPhone” as they very much do. If you buy a piece of hardware, you buy a piece of hardware.
I think that MS and Sony and Nintendo are being misleading with their terminology as well, yes, and I hope this EU legislation applies to them as well unless they change their terminology to make it clearer at the point of sale how little control users will receive when they aren't truly buying ownership of the hardware they buy.
Nothing I am saying is intended to dissuade anyone from engaging in the transactions that we currently label as "buying" these devices; I would love the EU to force the companies to more clearly label what they're selling instead of pretending that you get ownership when you enter a restrictive walled garden, but consumers can and should still be able to knowingly and freely choose a restrictive walled garden if the labelling as such is clear.
However, the "freely" part of "knowingly and freely" is complicated in some cases - people who want to communicate with businesses, groups, and friends that rely on Facebook or WhatsApp may not truly be free to decline to sign up with Facebook or WhatsApp, since those walled gardens have very strong network effects that can unreasonably restrict those who don't wish to opt-in. If the EU forces services like Facebook and WhatsApp to support interoperability with open-source and commercial alternatives, this issue will be mitigated.
I don't think this is a strong restriction on free choice when applied to gaming consoles, since those walled gardens don't have much of an impact on daily life activities, unlike Facebook and WhatsApp in many countries/contexts.
With Xboxes you have dev mode so you are definitely buying the Xbox. The Switch technically doesn't have a web browser so I wouldn't define it as a general-purpose computing device. The PS5 should definitely get a dev mode like the Xbox, otherwise while it can do general computing tasks like email, messaging, document editing by plugging in a mouse and a keyboard and you can't run your own code on it then you don't own it and are simply leasing it.
You own the hardware. You're welcome to keep it on your shelf indefinitely; give it away; set it on fire. You're absolutely free to run your own software on it. Go ahead. Oh, you can't? You don't have the skills? The manufacturer made it difficult for you? The hardware prevents you? Too bad; if you wanted different hardware maybe you should have bought different hardware. Caveat emptor.
I pay a monthly fee for internet - and that's the admission fee I have to pay to access the service. And I get sent a modem/router - a piece of hardware - that I don't own, but that's only being lent to me.
Are other devices allowed on the network though? If your want to rent your modem, that's your perogative. But I don't want to rent my modem. And AT&T being a convicted monopolist set precedent that means they actually are not allowed to stop me from using my own hardware. And if I'm using my own hardware, I don't need to rent their modem, which means I don't need to pay their modem rental fee.
> Are other devices allowed on the network though?
By default yes - but I can switch that to only allowing devices I whitelisted through the web interface. It's not full admin rights - but for my purpose it's sufficient.
> If your want to rent your modem, that's your perogative. But I don't want to rent my modem. And AT&T being a convicted monopolist set precedent that means they actually are not allowed to stop me from using my own hardware. And if I'm using my own hardware, I don't need to rent their modem, which means I don't need to pay their modem rental fee.
I agree that "bring your own modem" should be fully allowed (and obviously free of any rental fee - not that I'm paying any, the modem/router comes pretty much free with the contract).
It'll probably depend on where you live, what type of person you are, and what communities you're a part of; teenagers will see them a lot different from tech bros; others get really excited when seeing a new model. I mean the first people with smartwatches or Google Glasses were the center of attention (positive or negative) for a while.
In my own communities (work), I'm one of the few with an iphone, most have Android.
I do recognise it; large iPhones and Apple Watches are still about twice the price of the competitor. And people with Android phones are considered poor here.
Where is "here"? Wouldn't you say that any party making those sorts of judgements (iPhone users are sheep/Android users are poor) aren't worth listening to? Isn't that more of a reflection of "here's" culture than the individuals choice? Is it not that an individuals choice to buy something is more than just a cost decision?
If you keep your phone 3 years, then that phone costs you a dollar or two per day and that’s within reach of many people. Lots of us keep the phone much longer than that and if you do plan on keeping the phone for a long time, Apple has a better reputation for supporting 5 year old devices than any budget Android maker. Apple’s hardware also has a pretty strong resale value. Apple phones are probably less expensive overall than lots of Android phones.
Yes. The HN crowd is overcomplicating the issue, and Apple has as much a right as an individual to design their platform as they wish. We like to talk about giving businesses the freedom to build the products that they want and keeping regulators out of the picture and instead letting people vote with their money, yet when people actually vote with their money to buy Apple products precisely for how they are built, we want to regulate the crap out of the company. It doesn’t make sense.
I disagree. The mobile OS market is just not open and big enough to vote with my money.
I don’t buy iPhones because I like being unable to side load apps. I miss it a lot.
The point is that when I make my list of pros and cons of buying Android vs iOS, I still prefer iOS because, as much as I dislike Apple commercial policies and artificial lock-ins, I just loathe Google for what they are.
And don’t even call me some sort of "fanboy", I’ve used and loved Android as an OS since basically the first versions.
It’s just that iOS have a quantity of advantages I’m not willing to lose by going back to Android and that there are basically no alternative platform to run apps on.
Putting aesthetics aside, iOS has a better app ecosystem and part of that is driven by Apple hardware (including having fewer devices to support) and software advantages. For example, I’ve read that the iOS audio stack has lower latency.
If you like GarageBand, then you aren’t going to want to go back to Androi because there’s nothing as good.
The integration with Apple desktop computers is pretty compelling as well. It’s part of the reason I wish Microsoft would buy Android from Google. I think they would do something similar for the rest of us.
I recently got an iPhone and I still don't understand the integration bit. If you don't use iMessage (everyone here uses Messenger, Telegram or Signal), barely make phone calls, use OneDrive for cloud storage (because it's way cheaper than iCloud), and use BitWarden for passwords there isn't really anything left. I guess being able to AirDrop a file is nice? But then also my Macbook and my iPhone have different chargers so from a hardware PoV they're less integrated. Is there anything I'm missing here?
Sorry for the analogy but this reminds me joke about the guy who replaced all ingredients in recipe and then said: "I do not get what is so special about this food".
Lots of users (especially in the US) do the things you don't do. They use iCloud, talk on the phone, and use Keychain and iMessage. They use Safari on both platforms and the features that let you send stuff back and forth easily. If they have an iPad some even use Sidecar which lets you use the iPad from your Mac.
Oh yeah, I use SideCar all the time but that's not an iPhone feature. And I get that people in the US use iMessage a lot but I don't see the value proposition of an iPhone if most of your contacts use Androids, even if you've gone fully Apple. Safari integration is nothing special (heck, Brave can do almost the same syncing without an account), OneDrive and Google Photos do just as good of a job as iCloud in my experience, and there are so many better alternatives to Keychain. The only truly handy integration between my MacBook and iPhone is being able to automatically switch which device my Airpods are connected to but even that is sometimes buggy.
I see no moral issue with government regulation to make our lives better.
People would still buy cars if seatbelts weren't a standard feature. They'd still by deodorant if it put holes in the ozone.
Vote with their money only works if companies make a product you can buy. Where's the iPhone "unlocked edition" that costs $20 more that I can buy? They don't make it.
$appliancevendorname also doesn’t make +$20 programmable washers. Arguments like this only appear when there’s an urge for an argument. Just buy an unlocked android phone, they exist with similar or better hw for $500 less.
I mean, even desktops can barely do raytracing so I wouldn't hold my breath on phone SoCs being able to do it competently for a while. Also, afaik there is no high-profile game that uses the RT cores on newer Snapdragons.
The damage the App Store causes is far, far wider than iOS users. The entire online ecosystem is shaped by app store censorship - we've seen again and again massive sites actively discrimate against kink, BDSM and queer communities because Apple requires to do so, and building different moderation for different end user devices is effectively impossible at scale.
How can you "vote with your money" in these cases? Most of the problems here stem from Apple misusing their monopoly against other app makers. Only indirectly harming consumers.
For instance, when purchasing a music subscription through an apple device, they receive 30% and the developer 70%. Apple have their own competing service where they make 100%. This makes it impossible for others to compete on equal terms, hence you as a consumer probably see less choice than you could have.
> and Apple has as much a right as an individual to design their platform as they wish.
Well, no, actually they don’t. The EU just passed a law mandating competition on platforms when it comes to store because as often in a duopoly the ability of people to vote with their money is significantly limited. That decidedly solves this question.
We aren’t overcomplicating the issue. The premise of this question is wrong, and you like it because it has a very obvious “winning side”, which happens to be the “side” that you’re on.
See deeper comment below, but yes, a corporation should have a right to market a curated console experience to mobile device consumers who prefer the fully vertically integrated experience.
Especially thanks to other options and the small share Apple has by volume, it's no more appropriate to crack apart this appliance than it is to force PS5 or Xbox Series X to run PC games or support Steam.
Well, the Series X already is - it is trivial to enable dev mode and it's implemented in a really clever way in which no regular user would dare to touch it. Really wish the PS5 had the same capability.
I more or less agree that most people just don’t care. It surprises me that maybe I don’t care anymore either. It has been years since I was a FSF member, and even though I have 3 Linux laptops that I enjoy occasionally, so much of my digital life is spent on a very nice iPad Pro, with just a few apps, besides Safari, that I use: a Mosh client because I always have a few screens open on a powerful remote server available with a perfect tmux and Emacs setup, the Chess.com app, ProtonMail and Calendar apps, and entertainment: YouTube and YouTube Music apps, and the Disney and many other streaming apps.
Apple’s walled garden is most of my digital life, and at least for now, that is good enough. I can imagine switching to a Samsung foldable phone with a good docking story, but that will probably not happen.
EDIT: another things that keeps me from caring about being in a walled garden is that so much of my Intellectual life is serviced by the cloud: Colab Pro for most deep learning experiments, the web based Leanpub authoring system, etc. Choosing devices and operating systems seems less important. When I travel, it does not matter much if I grab my smallest Linux laptop or my iPad Pro to take on a trip.
I don’t think users really want to have to use 5 different app stores. I’ll probably opt to not buy an app if I first have to download another App Store app.
That's my point, Android can have more than one app store running yet people choose to use one primary app store. The nightmare scenario of having to run multiple app stores that the OP seems to be scared of is a non-issue on platforms with multiple app stores.
In Android you don’t even need an App Store to install an app. All you need is to find an apk and download it. And providing an apk is exactly what many vendors do.
I wouldn't say so. Let power users have their iPhone equivalent of F-Droid or Aurora Store if they care while most users will just use the default App Store. I personally download apps off the Play Store as a last resort if they don't work on the former two.
It's the state of desktop gaming already, why would it not happen on phones once the only barrier has been removed? Epic has been itching to use their own app store for years.
On the one hand it is annoying but on the other it actually promotes competition and Epic tries their damn best to get users on their platform with deals and free games. I also feel like in response the Steam sales have stepped it up a notch recently compared to the absolute snoozefest they were 2-3 years ago.
“If I had asked people what they wanted, they would have said faster horses.” attributed to Henry Ford.
While listening to feedback is not a bad thing, design by focus group rarely works out well. You risk ending up with things like this https://i.imgur.com/IoPkza2.png! While this is obviously a joke, it does contain grains of truth.
The other problem with this argument is how the question is framed? Are the majority of users armed with all the facts and details? While I'd agree many are overstating the issues, there are equally as many dismissing any issues out of hand. IMHO, it behooves any one suggesting what "the majority" want to at least do a thought experiment around the pro's and con's and be honest about what they are. We cannot have this here, sadly. This should extend to any government that are enforcing something like this to transparently lay out the pros and cons and maybe accept some of the liability. That though, is asking too much of politicians...
I'm not sure what I want. I'm not against sideloading, but I very much like how Apple forces the developers to comply to their rules*.
I don't want to download Instagram from Meta store where anything goes. (And yes, perhaps someone is going to tell me to simply not use Instagram. But I _want_ to use Instagram, I just want to do it on terms that Apple negotiates for me.)
*ofc I don't agree with 100% of their rules (especially the way they split revenue), but I'm mostly happy with them.
I disagree. It depends on how you ask the question. “Do you want want to be able to install apps that will have more features/allow you to purchase directly (kindle app), or provide cheaper prices (twitter blue), or cover more usecases (crypto wallets), or offer different browsing experiences (real chrome/firefox), etc.”
I disagree. While this dichotomy might hold true in other examples, in the case of iPhones it was always possible to push custom software to your own device for development purposes. There is a somewhat arbitrary limitation that those apps only work for a week until the process needs to be repeated (unless you enroll in Apple's Developer Program), but that's a different topic.
The main demand in these "sideloading" discussions is therefore that Apple ought to make installing unlisted Apps easier. Personally, I don't understand why this should be of Apple's concern though. They already present a choice to app developers: Either go through their walled garden or impose a technical process on your (non-technical) end-users. Interestingly, there are already projects like AltStore that try to make the latter easier, which should be taken as proof that the whole "sideloading is impossible" argument is not really truthful.
Why this rose up to the highest ranks of the political system is beyond me.
PS: The existence of Jailbreaks further undermines the argument that you cannot control the software on your device.
>>PS: The existence of Jailbreaks further undermines the argument that you cannot control the software on your device.
How? It's like saying car manufacturers aren't really locking down their cars to hardware that only official dealerships own, because after all you can just buy a coding tool from some random AliExpress seller so it's fine. What are people complaining about.
>> in other examples, in the case of iPhones it was always possible to push custom software to your own device for development purposes.
Sure, which is still a process 100% controlled by apple and which they can pull out at any moment. Also let's not pretend it's anywhere near as easy as installing Galaxy Store on android and instantly getting out of Google's restrictions on the play store. Hopefully we'll get legislation that removes that possibility entirely.
>>The main demand in these "sideloading" discussions is therefore that Apple ought to make installing unlisted Apps easier.
I have no idea where you've seen such demands, because it's not true. No one wants apple to host apps which would otherwise be unlisted or outright banned. That wouldn't make any logical sense and would be an unjust cost on apple. I do however want to be able to install an alternative app store and install apps from it without apple butting their nose into it. Like courts have ruled in the past already - if I make some software for iOS and a person wants to buy that software, why should apple control whether I can sell them that software or worse - get a cut of the sale[0]. Because they made the platform? Well, you don't pay anything to Mercedes for making mercedes-compatible wipers, and I really struggle to see how this is any different.
[0] assuming you don't use the app store of course in which case they should absolutely be paid.
Apple's exclusivity on allowing and deciding what goes on the AppStore and on the iOS was their way of controlling the user experience and their way to ensure future sales of iPhones. They didn't want that iOS, AppStore and iPhones get flooded with low quality apps. Similar way of thinking that I know of was Valve and Steam, where Steam users needed to Greenlit a game before it came to the Steam store. Imo Steam had a better approach because it was community based not exclusive like Apple had and has. The story of Jobs' and Apple's skyhigh care for privacy and security was more of a propaganda and a marketing strategy than a true care for users' safety.
I meant Valve didn't want Steam to be flooded with low quality games (back in the day) which would interest nobody and would only turn away people from Steam.
>I'd fine with Apple just curating their App Store; I am not fine with them deciding what software I can run on "my" device.
Yea that's horrible, that's why Microsoft and Windows are great when speaking about PC industry and comparing it to the iOS and iPhones.
I personally only use Android for the same reason why I only use Windows and that is Android and Windows are open operating systems and I can install whatever I want.
The major difference is that I can install whatever the hell I want on my own PC (including my Steam Deck!). Apple has an exclusive store and an exclusive device.
I never used an iPhone and I don't really know how horrible it is but if people are annoyed with iOS and iPhone, they can always use Android devices. Android devices are on a par with iPhones unlike 10 years ago.
I wouldn't be surprised if Google pushes its own iOS marketplace: first by making an exclusive Blink-based Chrome to get people to open up their phones if they want to download "the real Chrome".
Then there is little friction to get people to install more (because the hard part is already done), and they could even merge Android and iOS into a single marketplace for mobile apps.
I think a Play Store on iOS is possible, but unlikely. Google haven’t done it on any of the open platforms they have Chrome on.
[edit] Ultimately, they have almost no incentive. They can install their apps just fine and they don't make their money by users paying them. Epic care because players do pay them directly.
> I wouldn't be surprised if Google pushes its own iOS marketplace: first by making an exclusive Blink-based Chrome to get people to open up their phones if they want to download "the real Chrome".
Sure, you don’t. But Google might say “real Chrome is at the Google Play Store for iOS, the one in Apple’s store is outdated and we’ll kill it off in a few months, because that’s what Google does”.
Chrome is also one app, what's your point though? That Google will come up with more favorable app store on iOS? Hardly unlikely, given how much inertia people have.
I don't know if it's likely but there are a lot of big brands that can't get their apps on the Apple store for whatever reason, just like Fortnite and Chrome. With enough of them, alternative app stores will take off.
I think the biggest category is alternative stores.
Words that should send a chill down every spine. It's obviously just a monopoly. They could easily have an 'allow sideloading' option in the OS, and those that are happy with Apple's curation can leave it off, and everyone else can turn it on.
Monopoly? How about digital feudalism. "We've put ourselves in charge of protecting you, so we're going to help ourselves to a portion of everyone's gold, and make sure none of the serfs are up to anything we don't approve of."
The way they aggressively police things on their app store, including "inappropriate" subversive content like Project Gutenberg, while taking 30% of everyone's revenue definitely sells the feudalism angle.
This is incorrect. Apple doesn’t force you to buy iphone, and there is plenty of alternatives.
Personally, I’d like to take full control over my iphone. And create apps for myself the way I see fit. But I’m afraid that with sideloading allowed, most software vendors will go sideloading-only. That means, nobody will have any control over their app’s privilege requests, behavior and other security related things.
Basically my concern is that when I need a “ruler app”, I just install it and am sure it couldn’t even be published with sms access request. Now with wild-west sideloading this restriction is over, so everyone and their dog will nag you to allow access to AB, calls, mic, etc. All dark patterns will break loose.
> But I’m afraid that with sideloading allowed, most software vendors will go sideloading-only. That means, nobody will have any control over their app’s privilege requests, behavior and other security related things.
There is no reason why side-loading means "not sandboxed". Apps still need to use Apple SDKs to interface with the OS, so there is still an opportunity to request permissions and for the user to deny permissions and for the OS to honor the denied permissions.
…and for an app to refuse to work without this irrelevant permission. This is my exact experience with an android phone and a quest of searching a ruler app. Ended up on lifehacker and a direct link to the app. Play store only suggested the most dark patterned apps in existence.
Random website downloads on Android are as reliable as random website downloads on desktop platforms. Most of them aren't malware, but Google's search is quickly turning into a malware distribution network rather than a search engine.
There are alternative app stores exactly for this reason. Nobody wants a future where you need to download random IPA files from the internet all the time, just having the ability to run F-Droid/Amazon App Store/Epic Games Mobile on your device is enough.
Honestly, I don't even get why Epic hasn't made an app store for Android yet. Mobile appsstores aren't exactly rocket science.
The problem is I didn’t know about f-droid and I believe that my experience in this regard is equivalent to the one of an average user. We simply don’t know which store is good, if not the default.
And the whole “free iphone” movement tries to go this route. We are basically living in a pocket between Apple pursuing their own goals (but thanks for explaining that again, someone bright here), status/rich iphone users, and app vendors who have to obey the rules. Why everyone here wants to destroy this pocket and get android-like situation on iphones when there already is an unlocked hacker-friendly f-droid or whatever is beyond me. I’m fucking sure that after Apple allows sideloading, most of these guys will say “nice, but now that it’s the same, meh” and will not buy an iphone anyway. While everyone who actually cared will suffer the consequences.
That's a fair assessment, but if you can't find the store you need, you'll probably be fine just sticking to Google Play, just like you would be on the app store.
Android and iOS are not the same, and they never will be. For one thing, people bully others for having the wrong colour chat bubbles; there's a whole social problem surrounding the brand and that provides one reason why someone who wants to install an emulator doesn't buy an Android phone.
There's no reason why you can't stick with Apple's app store if others decide they don't want to. In fact, the threat of competition will only drive Apple to make their own platform better. Just look at the way Safari has been improving ever since the threat of Blink coming to iOS became a reality.
What you describe isn't an "Android-like situation". Most Android users don't even know they can install apps from the internet, just like most iOS users don't know that you can just sideload apps over the network already, albeit with some arbitrary restrictions.
Yes this framing makes more sense, especially since many get stuck up on the definition of a monopoly when that doesn't quite keep up with new tactics being utilized (ie keeping competition going but only superficially).
Every time someone justifies something as being for "security", the old Franklin quote comes to mind. I know this wasn't the context he intended, but it's certainly quite appropriate.
> In addition, developers may have to pay extra if they want their apps to be available outside of the iOS App Store
If Apple gets a say in what I "sideload" (it's called installing), that's against the spirit of the law. Hopefully the EU lawmakers were competent enough to also make it against the text of the law. It would be outrageous.
I wonder how the apple store operates in the EU on devices that have sideloaded apps. Theres a bunch of liability apple can effectively shift to the end user everytime without question “sorry you sideloaded this app which may have given your malware, we cant help you”. It’s ridiculous i know but also seems plausible.
Sons of beaches! I'm moving to Europe across the pond. Swims faster
I would expect it to be piloted in one region first and then phase across regions. It's not exactly something you want to YOLO and deploy to the entire world fleet all at once with customer devices and server infrastructure.
I am wondering if I could take a trip to Europe, side-load an app, and return to the states. Would Apple suddenly geo-block my already installed application?
I don't think that will happen, because I expect Apple will do something along the lines of "unless an iDevice is signed in with an account with a verified EU credit card, and/or has been in the EU for more than 50% of the time over the last year, disable the ability to sideload and wipe all existing sideloaded apps".
I don't think Apple will use that system for this, since doing so would let everyone sideload just by setting their region to somewhere in Europe even if they're not actually there.
This will likely be tied to the same region setting that the App Store is currently tied to. If you want to use side loading, you'd be tied to a European region setting, and Apple's services will be restricted to the European versions.
[...](f) refrain from requiring business users or end users to subscribe to or register with any other core platform services identified pursuant to Article 3 or which meets the thresholds in Article 3(2)(b) as a condition to access, sign up or register to any of their core platform services identified pursuant to that Article
"Operating systems" is part of the "core platform services" definition. Locking the use of iOS or sideloading capabilities behind an Apple ID (another "core platform service") would be a violation of the provision.
But that's the European law. Nothing stopping them locking sideloading for US Apple IDs I think? I mean they can't require an EU apple ID in order to access the sideloading feature, but they could deny it to US apple IDs.
Oh that would suck. I've had an iPhone since the week they were first released, but never associated an Apple ID with one. My whole beef with the App Store is it requires telling Apple who I am. If you have to associate your phone with an Apple ID to get sideloading then this is hardly progress for me.
I pay for Premium but creators still include sponsored content, and it's getting egregious. I will continue to pay for Premium, but I want ALL the ads gone. The only way to achieve this is with Sponsorblock.
I use Vinegar to remove ads and SponsorBlock, but just access youtube via the web interface. PIP, background audio, all those native OS features that Apple's developer terms forbid companies from charging for but let YouTube charge for, works.
Linux on mobile is a major step back both in terms of security and usability. Modern smartphone App Sandboxes are immensely better than desktop paradigms. Sideloading should be allowed, tho.
Security and usability are not the only dimensions that matter.
There are people who would like to use devices they own in alternative ways ie. to develop, experiment or simply not to throw perfectly functioning, un-updatable, just few years old hardware to the trash bin.
Apple doesn't want their platform to be polluted with privileged, unsigned code. They don't want next security breach news headline to include their name in it if it originated from code they haven't verified/signed/created - because they put a lot of effort into securing their platform and profit out of it.
Allowing running alternative OSes would make both sides happy, no?
I'm all in for allowing alternate OSes, don't get me wrong :).
I'm just saying that for most people it's a bad idea, especially regarding Linux.
Linux's security is abysmal because the desktop security model is fundamentally flawed.
Take Flatpak for example. While it is a big step forward in terms of portability, ease of use and security, it is still allows applications to pick their permissions themselves. Even dangerous ones like X11 display server access, full file system access or camera access.
However, there already is a number of secure open source alternative mobile OSes based on Android, GrapheneOS for example.
Also, driver blobs for modems are often out-of-date and insecure. Making the phone drivers fully open source will probably not happen.
If you know what you’re doing, installing a different OS onto can be liberating and good for the environment – most of the time the hardware is perfectly fine, just the software becomes more bloated and slower as the device ages. It’s just - in my opinion - more risky.
I would love that option, but even with Ahasi for iPhones you'll still need to deal with the horrific kludge that is the modern modem. Open source networking stacks exist but they're still extremely limited. Just look at how long it took for the Pinephone to receive calls, and they interface with the modem over a standard protocol like USB.
The ability to install your own OS would be a nice end goal, but at this pace it'll take at least another 10 years of government regulation before Apple would even consider allowing that.
It would create incentives to explore and benefit from those efforts creating healthy non-monopoly ecosystem.
It would likely create second market for their devices that Apple doesn't care about (because they don't release new iOS updates for old devices), it would create incentive for vendors to support open source through legacy hardware reuse (what is your hardware legacy reuse score as opposed to destroy-recycle-as-minerals score kind of thing).
We live in times where shoes have longer life span than many billions transistor devices which is mad, non eco friendly status quo where government should be stepping in instead of some cherry picked nonsense that will take endless decades to iron out and at the end of the day will make all parties simply unhappy.
Nobody wants Linux on an iPhone. People want both the Apple ecosystem, but also apps that do not want to participate in it or apps that Apple does not like.
People would also want to bring their own wine to every restaurant and some would love to bring their own eggs and ask kitchen to make it for them at a discount - isn't it better to just put few benches as picnic area outside to make everybody happy?
You can't meet all demands of everybody at the same time because what they think they're entitled to is mutually exclusive.
Let's not kid ourselves - Apple won't give full, unrestricted access for sideloaded code ever. It's going to run in some kind of highly isolated enclave at best, with grayed out icons, warning sign overlay, scary long list of permissions given when installing, untrusted code popups when launching, permission re-confirmations when running, without access to ie. background code execution, limited apis etc. - they must be brainstorming any loopholes left by snail speed EU bureaucracy as we speak to make it as user unfriendly and limited as possible.
All that wasted energy could be channeled into something that actually is good for people, gives them freedom while preserving Apple's deserved profit participation in the market they've created themselves out of thin air.
My argument is that it should be the only step that is fair for both sides, efficient to implement, collapses bureaucratic policy to single sentence, doesn't create "issue created here - must be solved somewhere else" problems, nourishes progress, gives true freedom to purchased item owners, preserves good capitalistic incentives and many more.
Sideloading will be full of complicated very important details sucking out live from all parties involved.
I think we all agree that it should not be possible to unintentionally click or autoload link that downloads some settings app that looks like ie. iOS settings app but is developed by some shady party that has access to ie. your biometric security primitives, can look like/impersonate any built-in app/OS behavior etc.
That's good and all but when can we expect such a revolutionary feature as listening to two apps at the same time? Or at least not having the Podcasts app stop because some video autoplays in the browser. The fact that Apple still stubbornly calls this 30% fee-generator pretext an "operating system", shameless. (Been using an iPhone only for 3-5 core apps, Phone/messaging, Camera, browser, Podcasts, for a decade)
Option 1: one-time cost for EU compliance, applied uniformly in other countries without geo-specific overhead, reducing ecosystem pressure for additional litigation and regulation.
Option 2: minimal EU-only compliance, generate A/B economic data for antitrust lawyers and regulators in other countries to compete on platform neutrality, which can be incorporated by EU in a spiral of regulatory FOMO.
Is something like early days mobile app development gold rush likely to happen? There is likely an enormous market for unofficial clients, foss games, game engines, emulators, and of course torrenting of all kinds.
Will European iPhone sales skyrocket? Will you be able to change region if you move to Europe?
Since this is an example of increasing individual freedom at the cost of corporate freedom, I wonder about the silence of US citizens about the whole topic. I always thought the 'land of the free' slogan is about individuals, not companies ;)
It's the land of the free until you touch the turf of some lobby or the interests of a big company then you can see the average Joe on social media, maybe not on HN, that would fight on the internet ring defending the same companies that are triyng to screw him over
It's amusing to watch
So I have a choice between a walled garden (for my best interests of course) and straight up spyware - unless of course I'm willing to play a game of "where's waldo" where I find the perfect combination of android phone with a model number which does not have a locked bootloader, good prolonged community support, custom ROMs with a good reputation and not just a bunch of modifications thrown together by some random XDA user, no weird hardware attestation shenanigans and then participating in the eternal cat and mouse game of SafetyNet breaking my apps because I am not running on a supported configuration (again for my best interests). How flattering.
I know your reply was meant to be satire but I've heard that argument used legit for this case many times. I just don't know how it can be taken seriously in a duopoly like this - unless they are seriously considering GNU/Linux phones to be ready as a primary daily driver or want me to carry around a dumb phone instead?
You're free to make your own phone company! Just break the duopoly and get rich!
(american voice off)
I'm still on the lookout for an equivalent example of consumer friendly regulation that (even) americans are typically behind or at least indifferent towards.
I imagine the real reason here is that EU companies want to avoid the 30% fee Apple collects on all online purchases with IOS apps. It's doubtful any savings will be passed on to consumers, anyway.
It's likely Apple will do what Google does and instead tie their app store into various apis and services (e.g. Google Play) so that side-loaded apps have a very difficult if not impossible time integrating with the phone in a way that users expect and desire.
Seems like the EU bureaucracy goes after big entrenched US tech companies again and again, but they never really obtain any W's. They spent years fighting against Microsoft's bundling of IE and Media Player, and all that ever happened was that MS released some Euro-only version of a few Windows releases without the bundling. But both IE and Media Player were displaced within a few years anyway, regardless of any EU rules.
Likewise, all the GPDR rules seemed to have accomplished is that every site now has an annoying-as-hell "click here to accept all cookies" button that everyone has learned to just auto accept. I doubt Europeans have anymore actual privacy compared to the rest of us, especially since their own governments are far more interested in tracking their citizens online behavior with regard to tax avoidance, hate speech, etc - they absolutely require US Big Tech to keep track of all this info for them to quietly subpoena as needed.
I hope we are able to develop a jvm for Apple so I can run Java apps. Probably a great thing for old enterprise apps but also for me to use an iPad to tune my ECU. The program runs on anything that runs Java but not iOS
I wonder if security code will now become region-specific too. It would be a terrible pity if stats go on to show EU devices got hacked more than their Apple Store-only equivalents right around the time they opened up.
Not saying they would, but maybe something to watch out for.
Is anybody else upset that people are actively making up stories to prop up Apple on HN? Most of what you said is misleading or false:
> Here in Thailand banking apps fraud is rampant
Citation needed (on the "rampant" part).
> Most of the cases are found to be on android devices
Even if it's true most of the phones in Thailand are Android.
> clicking some link that installs some app
Not possible the way you describe it. You need to go through several system screens and popups to install a third party apk file from browser.
> takes control or mobile banking and transfers money from their account
As an app developer I can say, this is probably false. There is no API to do anything like that. Unless we are talking about a 0 day exploit, like iPhone NSO exploits. In that case you need to provide a source.
They are sending detailed instructions to victims on how to install screen recording apps. Users are always warned if their screen is being recorded on both Android and iOS, sideloaded or not. It's a matter of false trust, not sideloading. It's a phishing attack, those people would fall victim in any OS.
The apps are rarely the problem, the goal is to get the user to install TeamViewer or AnyDesk software that has legitimate uses and then get them to visit their bank's site on the computer.
I did, and you conclusions are completely wrong. I updated my comment. Do you seriously think that iOS has no screen recording apps? It's a phishing attack, you can ask the user to screen record using an app-store app and send you the recording.
I absolutely disagree with your conclusion. It's like forbidding people from working on their own cars because some people are stupid and kill themselves through their work(and that kind of thing is neither rare nor unusual).
And it's not like people with iOS are resistant to being scammed - there are hundreds of ways criminals can dupe you to sending them money, the invoice scam being the simplest example and it doesn't require any special apps.
Also your comparison of people 'working on their own cars' is a bit off here. Most people buy cars to drive, and give the car to the mechanic to 'work on'. It's much much harder to repair your own car than to click a link that can scam you.
No one said anything about repairs - people are currently free to buy and fit their own wipers from 3rd parties because we have specific legislation that says manufacturers can't forbid 3rd parties from making spare parts. I don't see why the same shouldn't apply here.
>>You should read this article[0]. It outlines clearly that victims are downloading .apk files
I feel for the victims but I literally don't see how that's an argument against sideloading.
I'm simply presenting a case in my own country. Where I've seen the negative effects of sideloading playing out. People's livelihoods are being destroyed.
I do understand that sideloading is something desirable for some percentage of people.
Point is every thing has pros / cons. Sideloading is like buying a car and upgrading it with NOS. Yeah it's wonderful. Your going to have a very powerful car. But the risks also increase. Most people don't need NOS in their car.
I'm speaking for most people. In my household I recommend everyone to use Apple devices, it keeps them safe and happy.
Ultimately everyone is entitled to their own choices and have to accept the consequences. I guess we'll have to wait and see how it plays out now that it's coming to iOS 17 in the EU.
> Sideloading is like buying a car and upgrading it with NOS. Yeah it's wonderful. Your going to have a very powerful car. But the risks also increase. Most people don't need NOS in their car.
No, sideloading is freedom. Imagine that car manufacturer put a part in your car that only works if:
* watch ads or pay $ every month
* collects all your information
* has fake freedom to install only parts from their store that follow previous two points
* extorts authors of parts for 30%
The Thai government's Ministry of Digital Economy & Society has made multiple public requests for iOS users[1], mentioning that they need to avoid specific iOS apps[1][2], as well. That means scam apps were being distributed via the App Store.
Also, the government mentions that the scams affect users of both platforms, because the scams propagate via calls, web links and emails that ask for personal information[2].
Google is able to use Play Protect in similar ways as Windows Defender, and the system can prevent malicious apps from installing or running based on signatures, profiling, certificates, etc. Just as iOS uses code signing and signatures to decide if an app was installed via the App Store, Android can do something similar, and more, to prevent malware from running.
> Right, but for Apple to take down those apps, it's much easier than taking down some random link the fraudsters put up.
Seems like the issue here is that the government has to tell iOS users not to install specific apps because Apple hasn't taken them down. I'm sure it's easy for Apple to do what it wants on the App Store, the issue is making them care. They have a history of letting multimillion dollar scams flourish on the App Store[1].
Usually the cases show up on social media in our country. The victims post that they’ve been frauded and generally blame it on the banks.
The banks then reply and say “the fraud transaction originated from customer’s device”. When you look at the screenshots of victims giving example it’s all Android as far as I can see.
Generally after talking to the banks and customers discover that it was their own fault for clicking on a seemingly harmless link they shut up and go quiet.
This is a story that plays out often here.
I don’t particularly have a link because these cases get deleted from social media (by the customer themselves) after the bank has proven that it’s the customers fault.
Edit: You can try searching the internet for “mobile banking fraud Thailand” you’ll find these links, here is one example.
Believe me they’re trying. They’re now mandating biometric authentication, and I don’t mean on device, I mean implemented by the banks app / backend. If you read the articles you’ll see.
Each year the central banks up the ante on security protocols to implement to stop the fraud. I should know I used to work for a finance app here in Thailand.
We have to go through strict security audits, and procedures that costs a lot for any financial institution to implement.
Doing 2 FA is already a mandate for doing transactions. However 2FA in Thailand is mostly done using SMS which is still not that secure.
Forcing everyone to use a token or a 1Password app is also not viable since that’s going to shut a lot of people out of mobile banking.
It’s a complex problem, which I think Apple has already solved. Disabling sideloading reduces so much costs downstream and made things simple and secure for the lay man.
Literally nothing that you've said is a good excuse for forbidding sideloading. It would be actually trivial for a bank to only allow transactions from their apps, if they can't do that then they should be forced to take responsibility for fraud.
Guess what happens currently on iOS instead? Instead of installing a custom app, you are sent a link to log in to a dodgy bank page with all your details with the exact same result.
>>Disabling sideloading reduces so much costs downstream and made things simple and secure for the lay man.
I don't believe this is the case, and I really believe any arguments otherwise are made in bad faith to maintain the status quo because obviously apple could never do any wrong.
What do you mean how? The app has a secure token only the app has, any traffic without that token is invalid. IOS already sandboxes all apps so the token would be impossible to extract. This is basic app security, I can't believe this is even discussed
People extract tokens from apps all the time. Jailbreaks for modern versions of iOS do exist and if they become too hard to pull off, that'll just create a market for pre-jailbroken devices.
Tokens embedded into your app can and will be extracted. You can make life harder for criminals by rapidly updating tokens and invalidating all but the last X updates, but I doubt your users are going to like that, and I doubt criminals will be stopped for long with the amount of money at stake.
There are ways to make it incredibly difficult for hacked apps but if the file ends up at a user's device, you lose control.
I'm not following. So we have to keep to the locked app store-only model because if we allowed sideloading....people could jailbreak their devices and apps could extract secrets? I don't follow.
>>that'll just create a market for pre-jailbroken devices.
I don't understand - people will get pre-jailbroken devices so they can be hacked easier? The whole idea with forcing apple to allow sideloading is that you can be on the very latest, most secure iOS version and sideload apps.
I think you misunderstand. The secure token you mention isn't secure if it's part of your app, like any other API key or password. Fake apps will just extract that token from the real app and insert it into their own code.
And how exactly will they do that on a non-jailbroken fully updated iOS installation?
Not to mention that iOS apps keep those kinds of secrets in the Secure Enclave and you can't get anything out of it unless you are the app that put the secret in there in the first place - that doesn't change whether apple allows sideloading or not. If you need a jailbreak to break that protection then this isn't something that will affect your "normal" user like many here are worried about. Normal iOS protections will be more than enough.
> And how exactly will they do that on a non-jailbroken fully updated iOS installation?
This is irrelevant because banks need to support people using older versions of iOS as well.
> Not to mention that iOS apps keep those kinds of secrets in the Secure Enclave
iOS doesn’t store tokens in the Secure Enclave. It can generate keys and use them to sign things, but keys and tokens are different things. The Secure Enclave isn’t a generic secret store, it has very specific, limited functionality. Are you perhaps mixing it up with the keychain?
Also, you didn’t answer the question:
> What kind of token? How does it obtain it?
It’s still unclear whether you are thinking of a static token bundled with the application or a per-user token obtained during first use. In the former case attackers can just download the IPA and extract it themselves without even thinking about attacking a user’s device. In the latter case, you need a mechanism to distribute tokens to untrusted devices, so that is the most likely entry point for an attack, not trying to obtain an existing token after the fact.
This is how I think it roughly works where I live: You get a per-user token directly at the bank or via mail (not email, but a physical envelope). Your banking app can use this token once to get a secret key. Secret key + user name + password allows you to use the banking app.
Any way to circumvent this requires app isolation to be broken somehow.
Sadly, there’s a far more straightforward way. The phisher says “Sorry, your token has expired! You will need to get a new one…” Plenty of people will fall for it.
Also, I wouldn’t personally describe an out-of-band token delivery / exchange mechanism like that as “actually trivial” for apps to do.
I hate that baks require the phone app, where transactions don’t also require a computer: It enables racket where my aggressor can list my bank accounts; It also reduces the 2FA to 1FA (phone-only transactions with password + fingerprint + SMS only on the phone).
No.
Preventing people from doing something "for their own good" is never the right solution. Instead, we should strive to educate people on proper online safety measures so that they don't fall victim to fraudulent attempts.
Believe me the central bank puts out social media posts to inform the public on a regular basis, however a lot of people still fall for these frauds because the fraudsters prey on their greed and fear.
I’ve seen even the most educated tech savvy people fall for these frauds. So I would say “educating people” is insufficient.
Another problem is because the law works extremely slowly, by the time any legal action can be taken to take down the destination bank accounts the fraudsters have already gained and taken the money.
Sideloading is the thing that works because the legal infrastructure simply can’t keep up with the fraudsters.
I would be inclined to agree with you if I know that the legal system immediately stops fraudsters and returns the money to the people without damange. We’re far from that.
> educate people on proper online safety measures so that they don't fall victim to fraudulent attempts.
This is so inefficient and prone to failure. You think you're an expert, but my mom is not an expert. I don't want to educate my mom, I want to just hand her something that's safe to use.
Your mum would be tech-savvy enough to enable "allow ipa from untrusted sources" buried deep in the settings? That's how it works on Android. I believe the main problem with android is, that there are tons of old devices not receiving any security updates.
It's close to impossible, that my mum figures out how to install an untrusted apk on her Samsung s22.
I guess what I want to say is: Having good security should not prevent you from installing custom software if you want to.
The side-loading debate is an indirect reference and to talk about side loading it must first be decomposed.
Question 1 is should Apple be able to prevent an engineer from running software they want on their phone? Probably not.
Question 2 is should Apple be able to prevent a layman from running software they want on their phone with effort? Debatable.
Question 3 is should Apple be able to prevent a layman from running software they want on their phone easily? I think so.
Question 4 is should Apple be able to prevent an alternative app store? Yes. Definitely.
So should side loading be allowed depends greatly on which question a person is asking and what the "sideloading" reference is pointing to.
Should I be able to choose what medicines I want to take without a pharmacist/MD? I have a hard time with this because I think I should be able to ingest whatever I want and I think I am more intelligent than the average person, on the flip side, I think if I were a pharmacist, I would say absolutely not. If you asked me if anyone should be able to take any medication they want without blessing, I look at the ivermectin debacle and realize "probably not."
Two handed presses are a technical prevention which restricts a person from putting their hands in danger. Education was not enough.
Lockout/tagout is a technical prevention which restricts other people from messing with a system that could endanger you. Education was not enough.
A monopoly app store is a technical prevention that restricts someone from running un-vetted software that could potentially steal your life savings or compromise your entire digital life. Do you think education is enough?
I am not saying that that is true or correct, but I do think that's an argument that someone who disagrees would have to take in good faith and respond to satisfactorily.
> Two handed presses are a technical prevention which restricts a person from putting their hands in danger. Education was not enough.
That's what "Are you sure you want to enable sideloading?" toggle is.
> Lockout/tagout is a technical prevention which restricts other people from messing with a system that could endanger you. Education was not enough.
That's what OS is.
> A monopoly app store is a technical prevention that restricts someone from running un-vetted software that could potentially steal your life savings or compromise your entire digital life. Do you think education is enough?
A monopoly app store is a technical prevention that restricts someone from running un-vetted software that could potentially prevent monopoly app store revenue or god-forbid bypass DRM. So what?
Engineering disagrees. Having safety interlocks on machines is seen as necessary and sensible to prevent accidental harm.
If you want to achieve something that you think sideloading is the only answer for then maybe try and find another solution? Btw. I’m not arguing we shouldn’t educate people about the dangers of phishing etc etc. just that engineers should find better solutions than shortcuts.
Some people will never understand the need to be vigilant. And even vigilant people have momentary lapses of vigilance.
[edit] i think we’re talking about deliberate sideloading but also accidental sideloading in the same breath here. One enables the other? Accidental sideloading is very much undesirable.
Security features should be there to prevent a user from accidentally letting malicious things happen. Key word: accidentally. One does not accidentally enable apk installation from untrusted sources on Android. If you spend the time going deep into the settings of your phone, and dismiss two massive security warnings then I don't really have any sympathies and those users should have some more common sense. It's like wanting to close down a metro system because some people are incapable of reading the warning signs and jump down to the rails.
With these kinds of security problems you need to decide where the restrictiveness is best for society and I would very much argue that in the case of phone security it's on the side of sideloading.
Except when a sideloading switch is so easy to access that naive users are easily manipulated into enabling it or having a security policy installed on their phones that disables it.
I'm surprised that there are many cases as to enable sideboarding on Android you basically have to go to settings and enable option that basically tell you that this isn't a good idea if you don't know what you are doing and then you have to do the same for the application that triggers the install.
but on the other hand I already saw people trying Linux and being surprised that after multiple confirmations "this is probably a terrible idea, are you sure" it broke their systems
That hasn't worked out for the past 30 years and with every passing year there's more to learn. Telling someone they need to spend several hours to learn how to safely use their device is a good way to market the competitor where that's not required.
> Preventing people from doing something "for their own good" is never the right solution.
Never? So, no laws against speeding, no restrictions of the use of DDT, etc?
I think that, to make electronic devices usable for all, we have to restrict what they can do.
> Instead, we should strive to educate people on proper online safety measures
I would say “in addition”, not “instead”. I think it’s a pipe dream we can educate the majority of the population and keep them educated in these things.
Even if we restrict that to the tech savvy, they too grow old, can have periods in their live where they’re so stressed that it limits their thinking, can get mild dementia, etc.
Your comparison seems unsuited: Laws against speeded or ddt are both not primary to protect yourself from your action, but rather to protect others from your actions.
As pointed out in other replies I don't think you're doing a good job to connect bank fraud to sideloading here, and therefore I don't really believe that they are so directly connected. But for the sake of discussion I can assume there's some truth to it. It is true that Apple's restricting freedoms could have some positive side effects, so I'm happy to go along with this gut feeling.
> I suspect that the EU will regret forcing Apple to enabling sideloading when the number of fraud cases go up.
Maybe some degree of that is worth it? The functioning of digital markets and preventing platform monopolies seems very intrinsically valuable for both ethical and economical reasons. Moreover, it's highly unlikely this will be in some cartoon situation with some massive explosion of fraud.
What if this is just a small price worth paying? Something we need to accept in our lives and help further focus education efforts? That seems like a more valuable discussion than most of the discussion going on in this thread.
clicking a dodgy link can download an android installer file (.apk), but installing .apks from unknown sources has to be explicitly enabled in android security settings (twice in latest versions) following warnings about trusting the link source and possible damage
it's not as simple as downloading a dodgy .exe in Windows and clicking 'yes' on the UAC prompt
whereas sideloading is intended for developers when testing and debugging apps. this involves enabling Developer Mode in android security settings, connecting to your phone via USB, and issuing sideload commands from a console
I'm sure they won't make it easy. There will be many warnings and scary prompts about external apps being untrusted. Definitely not installable with a stray click.
Part of the issue with Android is that, despite the fact that application packages are signed, their signatures only guarantee future upgrade tampering isn't a problem.
Meanwhile, Apple is likely still going to require sideloading to have a valid Notary certificate, which is bound to a root CA, meaning that Apple can handle some amount of validation of certificates and revocations.
Agreed. There was a study that almost 100% of virus in computers is because of people installing programs in computers. Imo, all laptops must have an AppStore controlled by the laptop manufacturer. It should all become totally locked down. I am sure eu already regrets computers being so open.
I was going to say it feels like apple "alligned" account. Oh no look at all the fraud happening on android, we have to keep iOS fully locked to prevent people from their own stupidity (and protect our own interests, but please don't talk about that).
Most people I know (European here) use a mobile banking app. For my bank, the mobile app also serves as 2fa for the website, so it’s impossible not to have it.
That was true maybe 10 years ago? Every bank has an app now, even to use normal banking from desktop instead of digital keys everybody is using mobile banking app's 2fa.
that's a textbook example of a punishment that in reality is a long awaited gift.
Edit: funny that people on HN, that should be smart enough to know about the World, imagine that everything that it's not from the USA must be automatically coming from Stalin.
Like no other place in the World has industries, it's either US products or the government making stuff.
If Apple stops selling devices in Europe I will celebrate, for us Europeans that's the opposite of something we are worried about.
We'll buy them from Samsung or some Chinese manufacturer, who cares.
I bet you a tenner Facebook immediately moves out of EU App Store and will be sideload only, with all privacy related permissions required for the app to run.
But you know what is reality and not FUD? App Stores pushing legal apps out, at least people in EU could have an option when this will continue to happen.
It won’t, because the smart voting app was not blocked in eu. The markets where these kinda app would be needed are also the ones where sideloading will likely not arrive.
Given that this is Europe where the GDPR requires consent regardless of how any app is installed you stand to lose that bet (which is why this is not the case on Android).
The Apple cartel protection-racket framing makes only sense in a market without privacy regulations, in the EU choice and privacy aren't mutually exclusive.
Android is another system, and yes, there have been breaches.
Lets say it like that, and I know I am simplifying quite a bit:
Apple checks security at "compile time", during the App Store checks.
Android checks security only (or mostly?) during "run time".
"Compile time" can give good guarantees because the "compile time" can quite long. Then, during program execution, there need to be less run time checks (and a program can be much faster, by the way).
What do you think happens when allowing sideloading on Apple iOS devices? Suppose there are much less run time checks available because compile time checks are expected?
As the developer of a subscription app, if unfettered side-loading is allowed I'd be worried about cracked versions of my app being distributed.
We've done everything in the client for privacy and reliability, but the obvious countermeasure would be to move functionality over to a backend. This would be history echoing the transition from boxed software to SaaS.
Except, side-loading has already existed on Android for... a long time. I regularly install from F-Droid, and it's totally possible to download an .apk from the Internet and install it. If your client was getting "cracked" it could already have been happening on Android for years (assuming you have an Android app). See also: Youtube vanced.
So really what you're saying in this comment is that you've written your backend APIs with the assumption that the only user is a benevolent app which you wrote. If it's possible for somebody to take your app and tweak it to circumvent your subscription's restrictions, then what prevents a person from hooking up their phone to a development HTTPS proxy, intercepting the API requests, and making their own cracked client without side-loading at all?
Side-loading is NOT a problem for subscription apps done properly, and it's NOT a problem for privacy or security, so long as the side-loading implementation is done responsibly.
> what prevents a person from hooking up their phone to a development HTTPS proxy, intercepting the API requests, and making their own cracked client without side-loading at all?
SSL pinning, essentially.
Totally true about Android--it's the smaller platform for us, but the fact we have not seen piracy there yet gives me hope.
To be clear I am in favor of sideloading, and we would benefit from it in several ways.
Isn’t it a bit like the movies and music? Those who will steal will steal and those who will pay will pay anyway.
There are great pirate movie websites where you can watch all the movies at about the same user experience or even better but Netflix etc are doing just fine.
Piracy isn’t what it used to be but I do enjoy these sites.
The real problem is the subscription fatigue and fragmentation. I won’t subscribe to all the services and Even if I have a subscription it’s easier for me to find the movies in one place.
However apps are different, you are expected to open different apps for different things anyway. In apps, the danger could be something like ChatGPT becoming the main UI and doing everything the user wants from there.
>Those who will steal will steal and those who will pay will pay anyway.
That's not been my experience. Every time a crack appeared for my software sales went down. Every time I strengthened the licensing software sales went up. This is for B2B software, god knows what it is like if you sell to consumers.
Could it be the case that B2B software is more susceptible to piracy induced revenue loss? I imagine B2B being completely utilitarian, thus "free" software would mean direct cost cuts.
That's a paid study, it's worthless. You are very disingenuous by providing it.
> It has to be noted that the research was carried out as part of Carnegie Mellon University’s Initiative for Digital Entertainment Analytics (IDEA), which received a generous donation from the MPAA.
I see nothing in this paper which is proving their claim. The worst part is when they talk about the drop of CD sales pre-streaming where the legal options to consume music online ... just didn't exist at all.
If there's no legal option where your customers can pay you, that sure can lead to a revenue drop.
The music industries have been very slow to adapt to the internet and it has cost them some revenue, I'll give you that but that has nothing to do with piracy.
>If there's no legal option where your customers can pay you, that sure can lead to a revenue drop.
But you think that all stopped as soon as there was a legal option? Do you really think there are no people out there who can afford it but chose to pirate anyway?
I don't know why people find it so hard to believe other than they are trying to justify their own activity. Do you think the media industry spent all this money on anti-piracy activities just for the fun of it?
> But you think that all stopped as soon as there was a legal option? Do you really think there are no people out there who can afford it but chose to pirate anyway?
As soon as they added a way to receive money, customers paid, it's visible on the graph.
If customers can't pay you, of course you are going to lose money.
> I don't know why people find it so hard to believe other than they are trying to justify their own activity. Do you think the media industry spent all this money on anti-piracy activities just for the fun of it?
It has more to do about content control than money. Guess who benefits the most of stricter copyright rules? The RIAA, MPAA and similar organisations, it's a conflict of interest. Being harsh on piracy is easier to sell than just "give us more power because we deserve it"
>As soon as they added a way to receive money, customers paid, it's visible on the graph.
Some customers paid. What I'm saying is there are a significant number who could pay but won't and the harder you make the piracy the smaller that number will be.
And this statement is based on what exactly? The overall pie of music revenue even increased since the CD era.
And music piracy isn't any harder than 10 years ago, it's using the exact same tech.
The only thing that changed is that now there's a way to pay for music legally online, which wasn't the case before.
The lesson to learn for the music industries here based on data is that customers will pay if there's realistic service they can pay for, if they don't have a way to pay for music, they won't get any money. That sounds obvious but now we have the figures associated showing that.
Piracy was the funniest part. Originally Apple claimed they needed to control the platform and sign binaries to prevent piracy. Then, someone realized that if the pirated app didn't need to be modified, then the pirates could reuse the original signature. There was still the issue of getting the ipa onto the device, but that wasn't too hard back in the Cydia days.
I personally agree with Apple’s stance. I don’t want developers of popular apps to be able to bypass Apple’s reviews and push dark patterns on users.
Before anyone talks about choice, I see this as akin to minimum wages and union memberships. There are some limitations of choices that often end up being beneficial to the average person. From the point of view of the user (if not the app developer) Apple’s walled garden provides me what I want.
If I wanted something more open, I would have gone with Android.
I am happy that Europe’s short-sightedness will not affect me.
> I personally agree with Apple’s stance. I don’t want developers of popular apps to be able to bypass Apple’s reviews and push dark patterns on users.
They just have to make it hard to install apps outside the store, then apps that don't follow Apple's model won't get much of an install base and will have to comply anyway in the end.
Also, Android users seem to be discriminated in America for some reason (the green/blue bubble BS) , so the choice between Android and iOS is not as free as it seems.
It kind of makes sense. Both are closed systems that place rules what is good or bad for their members. If we cannot trust a person to choose whether a certain salary is good or bad for them, why would we trust them to decide what apps are good or bad for them?
The minimum wage is beneficial because employers tend to have more leverage than employees in the relationship. It's actually similar to the leverage Apple has over its users. And they've used that leverage to control what apps people are allowed to use. So the EU forcing Apple to let users install apps serves a similar purpose as the minimum wage - both are curtailing potential abuses against a group of people with little power in their situation.
The same logic applies. Users have less leverage over popular apps. Hence they rely on someone who has more leverage over the app developers (Apple) to shift the balance on their favor.
Note that most of the complaints about Apple’s ecosystem are from developers, not from actual users.
