I don't want to pass judgment on whether Google (or in the previous case, Facebook) was in the wrong, but it doesn't sit well with me that Apple wields so much power on what software their phones can run after it sells them. You may very well think that they're using their power sparingly and benevolently, but who is to say that will be the case next time around?
I used to feel that way, and I used Android for years for that reason. But since switching to an iPhone, I've found that what I really want from my phone is not a totally open platform, but a tool that's simple, secure, and effective. Something I don't have to mess with, something I can trust to do its job and respect my privacy and be pleasant to interact with. They tried going that direction a bit with macOS when they launched its App Store, and there's a reason that pretty much failed. Workstations need to be totally user-controlled, but phones don't.
I'm not sure I quite understand your complaint about the Mac's App Store. I want to have free reign on my workstation, but part of that is I want to be able to limit the amount of access that programs have. The big difference with the App Store, from my perspective, is that I know that the applications are sandboxed, signed, and someone out there can revoke the code signing certificate.
This is basically what I want, most of the time, and it's hard to achieve it outside the App Store.
Fun fact: not all apps on the App Store are sandboxed. Some older apps, that were released before sandboxing was a requirement, were "grandfathered" in.
Things that run on your mac are not required to go through the App Store. I think what the OP means is that the adoption rate has been lower than what they wanted/expected.
It briefly looked like they would move towards requiring software to come from the App Store. They did add the warning you see the first time you open any application that you downloaded from the internet, which is still there. That alone isn't problematic, but if they'd truly locked down macOS they would have alienated all of the programmers who use Macs. Thankfully, they seem to have dropped that idea.
Honestly that's my feeling as well, but even for workstations, it has begun to dawn on me that spending time configuring the minutiae of various settings and flags and plists etc just isn't worth my time. I just want a workstation that's simple, secure, and effective in getting things done.
That pretty much sums up my journey. I used to run Windows 2000 at home and decided to switch to Linux (Slackware) when it was rumoured that XP would have "phone home telemetry". Then after a few years of spending way too many hours on various different distros, decided I wanted a *nix machine that just worked and switched to Apple.
Those are fine defaults, but why is it bad to allow people to explicitly opt out of this and do what they want? Other people being allowed to hack on their machine doesn't stop yours from being locked down.
To a point. I use a Mac for work because it has many of the desirable qualities of Linux, without the hassle. But at the same time I know that if I ever need to just get in there and change something, which does happen occasionally, I can still do that.
Android isn't a "totally open platform". By default you can only install apps from the Play Store and Google exercices a fair amount of editorial control over apps.
On the latest android its a huge pain to install fdroid. The only way I could find was installing the system fdroid package through the recovery thing because android doesn't just allow you to install 3rd party apps, you have to get an existing app to request permission to install 3rd party apps and none of the default ones do so unless you already have fdroid you can't install it. Really unethical.
On my Pixel 3: Settings / Apps & Notifications / Advanced / Special app access. From there you can whitelist, e.g., Chrome to allow the installation of 3rd party apps.
IIRC Chrome even asks you if you want to enable that setting once you download an APK file.
I didn't have chrome on my phone and the default android browser doesn't request permissions. I used to install it from the downloads app thing but that doesn't seem to work anymore because of these new changes.
You can run stock Android without any Play Store and no/minimal/neutered Google services by installing custom ROMs. Apple doesn't allow this with its hardware. More importantly, you can bypass any centralized app store and install your own APKs, such as from repositories like F-Droid. IOS doesn't allow you any such freedom.
There was a point around the iphone 5/galaxy s4 era I really wondered what the hell Apple was doing releasing only a 4" phone, with an os roughly equivalent to androids, with less flexibility in what you could do with the device, at marked up prices. Nowadays I appreciate the things like the relative privacy, far superior OS support, and the more locked down security. I still buy Android but that's largely for value reasons. If cost was no object I would buy iPhone.
>Workstations need to be totally user-controlled,
I believe chromeOS is a good example of a stripped down less tunable OS that works great and is perfect for inexpensive Atom based machines that still have good build quality, battery life, and displays while being simple to use.
I believe trying to push the "store" model to desktops smacks of a solution that generates a lot of $$$ for M$ and Apple in search of a problem.
> I used to feel that way, and I used Android for years for that reason. But since switching to an iPhone, I've found that what I really want from my phone is not a totally open platform, but a tool that's simple, secure, and effective
The problem with that is that the nature of the issue is that it doesn't matter to you ... until it does. Like freedom of speech - you will never notice that your government is censoring you until you have a controversial viewpoint. And then it will matter. But all the people without those viewpoints will still wander around saying they can't see what all the fuss is about freedom of speech. This is intrinsically a problem you have to care about in advance of when you need it.
> Workstations need to be totally user-controlled, but phones don't
And why this extreme generalization, exactly? Don't you suppose you could have privacy, security, and perhaps even simplicity and ease-of-use with a totally free and open phone that grants control to the user? You really don't explain how "a totally open platform" is mutually exclusive, nor how your own personal needs require the inverse of freedom. Further, the distinction between computer and mobile device are irrelevant given so many people depend on the later as their main computing device. They should be offered the same degree of control as someone with a computer has.
Ultimately, you cannot have privacy and security in a closed-source restricted platform, even if it's backed by good intentions. You're at the mercy of a few companies and as soon as they abandon the device, or make a mistake, you're exposed. And as a consumer, you're forced to buy into their ecosystem instead of having the choice to provide your own solutions. This is already true for the hardware, such as the black-box baseband required to connect to cellular networks.
The two forces are, generally, at odds. Apple screens apps for me to see if they're malicious or snoop my data. They ensure the things on the App Store are of a certain quality and safety. If they discover one that got through, I'm glad they can remove it from my device without waiting on my action. I've effectively outsourced my configuration and security to a company that has strong financial incentives to do a good job at those tasks - certainly a better job than I would do if I had to keep tabs on it all myself. They also do far less "abandoning of devices" than most of their competitors, for what it's worth.
While this kind of support doesn't technically preclude open-source code, it's hard to find both in one. Red Hat is one rare exception to this - providing a comprehensive, supported solution that also happens to be open-source. But the economics tend to push it to be one or the other. In this case, I'm perfectly fine making that trade.
At the same time, maintaining that level of control seems to be a central feature of iOS's security and privacy model. It's not just about ensuring that only trusted software can be installed in the first place, it's also about having some sort of mechanism for fixing the problem when software that had previously been approved proves to be malware, or when a publisher who had previously been approved turns out to be a bad player.
For an example of what's possible in environment where you aren't limited to running trusted software, earlier this week I had a conversation with an acquaintance who had recently paid hundreds of dollars to a ransomware scammer. To me, the value of being able to prevent those kinds of abuse is pretty straightforward.
What Apple's doing with Facebook and Google is grayer, but I can see where they're coming from. They have strict privacy rules that they expect to be followed on all apps released to the public, and Facebook and Google were using the enterprise program to circumvent those rules. In light of that, you could argue that they had to follow through on their terms of service in order to demonstrate good faith to their customers who rely on them to enforce those privacy rules.
> it doesn't sit well with me that Apple yields so much power on what software their phones can run after it sells them
At the end of the day, you can compile and run anything on your machine. This is just regulating distribution. Given the specific breaches at hand by Facebook and Google, a balance seems to have been found (acceptable to most users) between freedom and security.
I dont see how you can make this claim when installing whatever you want on your android phone is as easy as tapping the setting for installing from unknown sources.
Google does a decent job w/ non-standard app stores. They have permissions that allow other apps to act as a trusted app store without opening the system up entirely.
I agree that Google Play Services is not competition friendly, but that is a different topic.
It's pretty true. Unless you manage to jailbreak your phone the only way to get it to run code (except for javascript) is by having, at some point up the chain, a certificate that's signed by Apple.
It's free to get one though, but it only lasts for a week or so. You can pay to become a developer and I think you get one that lasts a year instead.
The parent is correct if you're not using the Developer Certificate, but relying on the Free Provisioning Profile - as the name implies, it is free, but it only lasts for 7 days instead of the 1 year you get with a paid developer account / Developer Certificate.
The advantage of the Free Profile is that (afaik) it can't be revoked or censored. Disadvantage is 7 day lifespan.
If you also happen to have a Mac to run XCode, sure. I don’t believe there’s a way to compile and load iOS apps from any other platform? (And you certainly can’t do it from the device itself.)
You can technically compile iOS apps on any platform, but you won't be able to link against the iOS SDK without Xcode. So in practice it's a bit annoying. Loading iOS apps is pretty simple on any platform with Cydia Impactor.
Please correct me if I’m wrong but didn’t this change retroactively prevent installed apps signed with the enterprise license from running on iOS devices?
If the article is correct, you are correct. The article seems quite clear this was about already installed apps that stopped working because Apple revoked their certificate.
Not using any installation mechanism provided by Apple. If you want to crack open the phone and begin trying to pin out the storage controller: then maybe.
The installer is a piece of software made by Apple, to install things that meet certain criteria(ie signed packages). It's not that you can't technically "install" other things, but there doesn't exist a mechanism to do so.
>I don't want to pass judgment on whether Google (or in the previous case, Facebook) was in the wrong
I'll do it for you: both Facebook and Google were crystal clear violations. Like, not anywhere close to the intended use case for Enterprise distribution
There is nothing new about this model, of selling a device with optional software bought later from the vendor. It’s how games consoles have worked, from the Atari 2600 to the Nintendo Switch, even cars work this way with optional after market ‘performance packs’ that are just software tweaks. VTech used sell toys like mini laptops for children, with little software ‘disks’ you could buy with educational games on them.
True, but to be fair, phones are a way bigger market and 1 of the practically only 2 operating systems is doing it which is why it is such a huge complaint.
I don't complain about my Xbox because I can buy a computer that can run most the same games where I can do anything I want (not to say I don't want to be able to do anything but phones are a much bigger market with only 1 real competitor which does allow you to side load apps)
There have been many, many other competitors, some of which had huge market share to start with. The market decided this, not Apple. There has been plenty to choose from over the years. Consumers chose the options that won, because those are the ones they want.
I don’t want to put words in your mouth, but to paraphrase in saying there is ‘only one’ choice in the market that is truly open you seem to be arguing that any second option ought to be too. That competition on openness is more important that there even being a closed option at all. Surely that would give consumers less choice though, not more?
But as I have pointed out, there have been plenty of other options and every now and then a ‘truly’ open phone comes out again.
You buy an iPhone knowing full well that Apple has this control, and for many people is the reason they buy their iPhone.
So far they have used the power sparingly, at the end of the day it could have been a cute cat app and did nothing wrong but it still broke Apple's terms that these companies agreed to and Apple acted accordingly.
I would bet good money that the large majority of iPhone users don't know that Apple has this much control (ie, that they can decide whether you're allowed to install custom apps provided by your employer).
Yes. And for tech savvy people, such as Facebook developers, the fact that you need to install a special certificate before you can use internal company apps should give you a clue about what’s going on.
Operationally, every major tech company has some sort of mechanism for removing software it doesn't like from end-users' devices. Apple, Google (with Google Play Protect), and Microsoft (with Windows Update).
If you don't, we end up going back to the Blaster worm days of 2003, where software gets installed and regular people don't know how to get rid of it.
In the case of Facebook, there's no judgement or moral side to take. They broke the rules Apple set when allowing Facebook to be in the App Store and use internal enterprise certificates. Objectively, Apple's behavior was fair.
I'm wondering if either Apple is in the wrong, or FB needs a better legal team. By FB legal team I mean those people that should point out when things are not legal.
The legal team at FB, at least back when I was there, was meant to prevent us from doing illegal things. So, this means that either Apple is wrong, or FB is wrong - as in their legal team is wrong, so they need a better one
Honestly, as bad as the situation is (having to choose between several profit-focused tech giants) I'm glad that at least one of the players is not dependent on data collection as their way of survival. If I have to side with one of them it's going to be apple.
Everyone on HN seems to be opposed to government mandated backdoors, but want Apple to install one anyway for the sake of some hand-wavey notion that Apple has undue “power”.
This control is a feature and one of the reasons I use iOS. I value a system I can trust to be free of malware. I know that when I recommend iPhone to friends and family, I will never have to field a support call involving a mountain of malware that was installed because they were tricked into clicking “ok”.
I trust my iPhone way more than my desktop, laptop, or any SaaS. Same with my iPad. I can’t wait for the end of the era of bad-guys-win-by-default.
It will cost $500 to ditch Apple and replace them; there’s a 10% chance I will have to switch before I’d make my next purchase anyway; and Apple has to date saved me over $50 in frustration via their control of the ecosystem.
So I’m willing to ride it out and see what happens.
There is really nothing to ride out. I think it's rather refreshing that Apple followed the rules they set forth even when it was large companies breaking them. I would have more issue if Apple shutdown the lone developer, and then did nothing when FB/Google did the exact same thing.
With the above said, we can certainly discuss if Apple should use/have this ability at all. But, IMO it is a different discussion.
> I think it's rather refreshing that Apple followed the rules they set forth even when it was large companies breaking them.
This kind of behavior from executives[0] is precisely why I invested in Apple products in the first place — why I took the risk at all.
I meant that I don’t see this as any reason to get out, from a pure “well, what if they abuse their power?” perspective: the risk is low, given the way they’ve acted until now, and the total possible cost is reasonably bounded — I’ve already had enough upside to eclipse the risk weighted cost, this was a good investment.
So why would I even worry about it until something bad did happen? The homo economis answer is to let your bet ride, until the point you were going to re-evaluate anyway, when buying a new phone.
[0] There is approximately 0% chance Google and Facebook were kicked out of dev programs without running it by senior executives.
With Apple's devices, and to a lesser extent Google's, there isn't a software distribution channel apart from the one sanctioned from up high.
That being said, the official channels are sanctioned and sponsored by Apple (or Google) and so it is their reputation on the line when it comes to malicious or questionable Apps.
So I can completely understand Apple (or Google) removing certs or banning companies for violating the terms of their platform.
And I think this exertion of power might be a bad thing as it demonstrates that users do not really own their devices and are only allowed to do with them what Apple (or Google) permits.
My device is little more to me than something to run a web browser. I despise native apps. Facebook and Googles apps can - and should IMO - be run from a browser without crossing over into my personal contacts and photos.
Apple has zero authority over who I contact or what content I access over the web.
With any luck, this drives development back towards the web. I haven't had Facebook on my phone in years because their mobile layout is unbearable and their apps are invasive.
> there isn't a software distribution channel apart from the one sanctioned from up high.
I'm disagreeing with the premise that you have to develop for their platforms and distribute for it. That's not a fact. That's an opinion. While there may be some apps that _couldnt_ operate on the web, 99% of apps don't fall into this.
Facebook. Instagram. WhatsApp. Gmail. Google maps. Pinterest. These can all be done in a mobile friendly way in browser. They're intentionally not done because of "performance" and the fact that apps want deeper access to the device.
I don't want any or those apps getting access to my GPS. Or my files. Or my contacts. Id rather take additional steps to upload a picture, or type in my "from" address rather than auto-GPS.
I was speaking in specifically about native applications and not Web Browser based applications. Taking what I said out of context to get on your soap box and expose the dangers native applications is disingenuous and doesn't add credence to your opinion.
You're setting your argument up for failure before you even present it when it's foundation is a clear and intentional misinterpretation of someone else's words.
Again, I disagree. You're beginning with the assumption that native is the only, and best solution. As a user, this is simply not true. You may _prefer_ to develop for native, but that doesn't mean its the best choice for the user.
Very, very few apps need to be developed natively.
The vast, vast majority would be better if developed for the browser.
This obviously depends on exactly what you're talking about, I concede there are some specific applications that require it. Maybe _your_ specific app requires in, in which case, _you_ have to live with the trade-off of the gatekeepers.
> You're beginning with the assumption that native is the only, and best solution.
I never said anything of the sort, you're again manipulating what was said to give you an opportunity to stand on your soap box. I said Apple and Google control the distribution channel and have an interest in protecting it.
Web Apps are at a distinct disadvantage on both platforms because Apple and Google control the channel to dissuade them from reaching mass adoption.
If anything I said that these actions might actually help Web Apps.
Drains batteries. Consumes storage space. Requests unnecessary access to my personal files and contacts. Difficult to shut down. Push notifications. I want NONE of this.
The last straw for me was when Facebook messenger pocket dialed a "friend" I hadn't talked to in 7 years. Not only was it something I had no use for, it was outright invasive.
This case has gotten a lot of attention only because of who’s involved, but the Apple App Store is a headache for many businesses. Last year I was working with a company that had a white label app design studio as part of its product. Apple said they had to discontinue it, and that they were only allowed to produce one app for all of their customers to share. The company bit the bullet and spent months re-engineering and redesigning their product, it’s competitors did nothing and just spent months complaining to Apple. Apple eventually caved and reversed the rule, that company had six months of two engineering teams time wasted, their competitors wasted no resources on it at all. On top of that, the rule was already being applied completely arbitrarily by industry. Most of the worlds banking apps are white label, but didn’t receive any problems from Apple.
