If I remember correctly, the SCOTUS reference dates back to when Steve Jobs was CEO. I am, um, not at all surprised he put that in the guidelines.
The guidelines also used to say:
> If your App looks like it was cobbled together in a few days, or you're trying to get your first practice App into the store to impress your friends, please brace yourself for rejection. We have lots of serious developers who don't want their quality Apps to be surrounded by amateur hour.
You can tell this was personally written by Steve.
I've heard anecdotally that Steve Jobs helped write those guidelines, and the "amateur hour" line in particular sure sounds like him. I don't mean that in a disparaging way; Jobs could certainly be a jerk, but there are times I wish more CEOs were willing to be that blunt in official communication.
That sounds like a good guideline to be honest. Perhaps not the best-worded one, but gets the point across and avoids becoming another Google Play Store.
I do not want these apps and average Joe doesn't want them either.
Why is it so difficult for people to imagine how insanely powerful and datapacked your phone is?
Allowing sideloading to average people means they will get hacked and ransomwared left and right. Your entire life is on the iPhone.
While I agree with you about sideloading apps for enthusiasts and hackers, but the world is far different than you and me. I really don't understand why these arguments are presented on HN time and again. Jailbreaking your iPhone is a terrible idea. Horrifying even.
I am glad Apple is gate keeping. Privacy > Hackability. You can't have both. The world is full of vultures that will shred your privacy in no time. Just look at what the ad-tech is doing within these sandboxes (browsers). Microsoft got into ad-tech game because they realized "Holyshit, we are actually in a unique position...develop operating system and sell data for millions of users?".
Apple is probably the only company looking after users and yet we've got completely deluded developers on HN complaining about sideloading apps. Sigh.
For amateurs, let them develop stuff on browsers. I don't want these amateurs widely distributing apps to billions of users with system level access with a quick approval popups for billions of idiots that don't care about their privacy and would give access to anything that asks for it.
> Jailbreaking your iPhone is a terrible idea. Horrifying even.
And the fact that I can Jailbreak my phone has not caused your iPhone to to become safer or less private. All I want is for Apple to offer an escape hatch, completely optional. It would not affect your experience in the slightest.
I agree with you if that escape hatch requires explicit permission, warnings and a bunch of precautions.
Hot links, such as reddit.com launching App Store to download their app should not be allowed because some uninformed user might just download bogus apps from 3rd party stores.
Again, I support the idea of an escape hatch, but I feel like that applies to an imposssibly small slice of the total iPhone userbase. People like you and me. I feel like I should write it out: 0.00000001% people.
Do you think executives at Apple look at this feature request and spin the entire ship around so that you and I can hack a phone?
Sorry if this is nitpicky, but since you made a point of saying you were going to write it out..
The world population is ~7.8 billion. 0.00000001% of that is 0.78. If you drop the percentage, it's still only 78 people. And that's assuming every person in the world is an iPhone user.
Sure it would. Some major developer only offers their app as a side load and suddenly your Aunt Edna is giving system level permissions to some developer without any realization that they just gave away keys to their house.
Perhaps Apple could sell a developer edition of the phone that allows side loading.. come to think of it, they do. If you are an Apple developer you can side load apps. Any developer that wants to can post their code on github and let other developers install it on their phone.
Really, if you don’t like the rules, you have an alternative.
I think you massively underestimate the number of people that will click yes to install random packages on their own phones in order get access to free games or porn or whatever.
Even without sideloading, the Google Play Store is so full of trash apps that request dubious permissions and are littered with dark patterns. Not that it doesn't happen on the App Store, but it's significantly worse on Android. I saw the state of my little brother's phone (tween) and it was quite shocking.
> I think you massively overestimate how many people would use that functionality.
I admit that I know very little about Fortnite and am not a regular Android user, but my understanding is that, right now, anyone who wants to play Fortnite on Android is sideloading it. That's a lot of people who are opening up a pretty brutal attack vector to be able to play a game that got kicked out of the official Play Store.
It didn't get kicked out of the store for violating people's privacy or some such, it got kicked out because they didn't want to pay Google money in exchange for absolutely nothing.
Sideloading Fortnite is not opening up an attack vector unless Fortnite itself is malicious, which it's not, because it's a huge game from a huge company. As long as the official download source is known to everybody, I think it's fine.
I know there are fake (malicious) copies of Fortnite out there, but those promise free V-Bucks or some such. You could just as easily run that scam without sideloading and target the user's credit card number of similar.
I think you're understimating the level of risk associated with people attempting to sideload Fortnite. People aren't necessarily intentionally seeking shady versions (but even if they were, I find this kind of victim-blaming counterproductive). They were doing things like searching "how to install Fortnite" on Google or Youtube and getting sent links to fake versions with malware loaded. [1]
How were non-sophisticated users supposed to figure out that the Epic link was the correct link to click among the thousands of search results? How many of the people wanting to play Fortnite for the first time even knew what Epic was?
> As long as the official download source is known to everybody
I guess my question is, is this problem really unique to sideloading, and if not, can it be addressed in the same ways we address other problems?
For example, does everyone know the official source of Facebook? If so, why, and if not, why is there not an epidemic of fake Facebook scams that steal login credentials? I know there are targeted phishing attacks, which is a separate issue, but I haven't heard of significant attacks from people who just didn't know the correct login page.
One way we do deal with this is with targeted blacklists of known-bad sites, particularly Google Safe-browsing. That's certainly a mechanism that could be employed for Android Malware—and I think it already is, actually.
Problems do happen—but I don't see anyone calling on Google to restrict Chrome to a whitelisted set of approved URLs. And I'd posit that gaining access to someone's Facebook account is no less invasive than gaining access to their phone.
Don't the overwhelming majority of people access Facebook via the app these days? So the official source of Facebook for those people is... the App Store or the Google Play Store.
> And I'd posit that gaining access to someone's Facebook account is no less invasive than gaining access to their phone.
I don't think so. Accessing someone's Facebook messages and photos is one thing, gaining access to their phone means gaining access to their email which means potential access to any account linked to that email. Given how many people use mobile banking these days, I'd say there's a lot more potential for damage if your phone is compromised.
I'm really surprised. Did Apple shake up their PR or legal flacks? The language they've used recently (I'm thinking of the Epic stuff, too) feels different than their famously cool, considered tone; looser, more assertive, and much easier to argue with.
I disagree. They have always been this arrogant. You are just noticing it right now. Do you remember when they essentially said don't run to the press if we don't allow your app, it won't help you, which I personally interpreted as or else? Or how almost every time someone criticizes Apple they sandwich a one-sentence criticism between 50 sentences of praise because they know the cost of not doing that could be their entire business? Since the launch of iPhone, Apple has been the 800lb gorilla in the room and has acted like it.
EDIT: From App Store Review Guidelines on September 2014:
> "If your App is rejected, we have a Review Board that you can appeal to. If you run to the press and trash us, it never helps."
Eh, it _can_ be a lie. This is some form of the quandary “if you owe the bank a million dollars, you’re in trouble; if you owe the bank a billion dollars, the bank is in trouble.”
99% of app devs will not benefit from “running to the press.” Those that will will know it for certain.
I've seen apps get their decisions reversed simply due to a post becoming popular on HN or Reddit. You don't have to be a major player for public shaming to work against apple.
It's always been written in an oddly informal way. When I first read it, I did a double take and had to check if I was on the right domain, because I didn't expect it from Apple, of all companies. Over the years, it has been tightened a bit (the famous "If you run to the press and trash us, it never helps" line is gone), but it's still quite relaxed and personal, which is a tone that is somewhat at odds with the strictness of the rules.
Everything is a judgment call. You can no more spell out everything that is considered explicit than your HR department can spell out everything that might constitute harassment.
It's their treehouse; they can do what they want. None of these platforms are your friend. Half the Apple devs I know have some kind of stockholm syndrome, though.
Apple owns the platform. I'm still going to try and change how they do business because that would be better for me. Everyone is allowed to do that and there's nothing wrong with it. If you want to give up your power as a person to try to affect change, that's cool but I'm not giving up any non-immoral tool I have.
The crazy part is the people who fly into fits of rage when you suggest Apple could do something differently. Changing the web browser on iOS was one that would get tons of hate and responses like “you don’t need that! it would confuse people!”
Then Apple lets people do it and now they’re okay with it
with their sandbagged browser that they only bother to update once a year? Firefox is the competition for Chrome, Safari is just a sandbag to hold open the gap between web apps and native apps.
Firefox is losing market share and almost completely dependent on Google for its survival. If Firefox tries not to support something that the rest of the industry is supporting (like the web based DRM) the rest of the industry just yawns.
It just plays into their current "meh, here's some rules but we'll do whatever we want anyway" image.