back to article Apple's macOS is sub-par for security, Apple exec Craig Federighi tells Epic trial

Apple's software supremo Craig Federighi on Wednesday condemned the security of macOS in an astonishing attempt to defend the walled garden that is the iOS App Store. It's the latest twist in the ongoing Epic v Apple bench trial in which Cupertino is accused of illegally monopolizing app distribution and payments for iPhones …

  1. Snake Silver badge

    He does have a point, even if it's draconian

    From a theoretical, absolute security standpoint it is far, far better to curate the programs running on a system for security, than it is to allow all programs and then try to create a bulletproof system that will reign in all types of code violations. That is the basic principle of the centralized IT department: approving before rather than extinguishing fires after.

    But Apple is unilaterally attempting to force that policy on both users and suppliers, without question or alternative. For code it can be debated as valid but once you force that singular method upon purchasing and payment, you dance with the devil of anticompetitive business practices

    Curating code is one thing, forcing every single entity that plays your systems to pay you a slice of the pie just for having the daring gall of working on your systems is something else entirely.

    1. MiguelC Silver badge
      Coat

      Re: He does have a point, even if it's draconian

      They should go a step further, stop just 'curating' and only allow Apple software to run on Apple hardware, it's the only way to be sure!

      1. Dan 55 Silver badge

        Re: He does have a point, even if it's draconian

        Not really.

        This post was brought to you by the words goto and fail and the semicolon.

        1. Kristian Walsh

          Re: He does have a point, even if it's draconian

          Downvoters who assumed that this is an insult aimed at the previous poster, please read this summary of the 'goto fail; goto fail;' bug that left mac and iOS clients vulnerable to HTTPS spoofing (CVE 2014-1266): https://www.imperialviolet.org/2014/02/22/applebug.html

          1. Dan 55 Silver badge

            Re: He does have a point, even if it's draconian

            Oops, perhaps I could have written that post slightly better.

    2. Anonymous Coward
      Anonymous Coward

      Re: He does have a point, even if it's draconian

      In terms of effort required to keep things secure I'd presently go:

      FreeBSD

      Linux

      MacOS

      .

      .

      .

      Windows

      IoT

      .. and that picture hasn't really changed for quite some time now, nor do I expect it will in the near future. The only thing that changes are marketing and excuses, but I repeat myself.

      1. Snake Silver badge

        Re: Keeping things secure

        Is Windows really that problematic...or is does it simply present the largest target footprint, running the most varied code under the largest number of possibly vulnerable circumstances, and therefore present the greatest opportunity for attack?

        1. Kristian Walsh

          Re: Keeping things secure

          Windows is the largest target, and the most lucrative, in that it is most used in businesses to handle money.

          If you gave Linux to your typical office desktop users, you'd have as many, if not more, of the same security breaches. It's not the OS, it's the applications, plus the plugins and scripts necessary to make those applications work together for business tasks, and finally, the users who open anything that comes into their email.

          1. rcxb Silver badge

            Re: Keeping things secure

            If you gave Linux to your typical office desktop users, you'd have as many, if not more, of the same security breaches.

            We have an office full of Linux systems, and never had a single breach. A big part of that is that users are just that. Locked-down user, no privileges to install anything.

            With Windows, you can't even set-up two users on the local system to be able to access the same set of files, without making them administrators. Search for "unable to take ownership". You'll see lots of resolutions options like disabling UAC, which is both a terrible idea, and still doesn't work. You can set all the ACLs on the files and folders correctly to allow two users full access to them, but Windows only recognizes one owner, and won't let you open and modify those files until you're the owner, which you can't make happen unless you're also an administrator...

            Linux is designed to be a sane, multi-user operating system. Windows has only just the basics of multi-user operation tacked-on, poorly.

            And if users were allowed to install software, they would only be doing it from the repos... Careful use of sudo can allow them to do that, without giving them full root permissions. And those Linux software repos are still curated and extremely, without being locked-down with onerous restrictions and fee demands like Apple does with their store. Whereas the very model for Windows software installation has for decades been "download binaries from websites on the internet and run them, and say yes when asked if they should be allowed to do absolutely anything to your system" which is the real security nightmare.

            Linux doesn't let you run exe's or other binaries from files attached to e-mails with a click. Linux doesn't hide (crucially important on Windows) file extensions from you, allowing attackers to mask executable code as innocuous images or other documents.

            And should we talk about auto-run?

            This is just scratching the surface. The list of ways in which Windows is inherently insecure is legion.

            1. katrinab Silver badge
              Meh

              Re: Keeping things secure

              You can't run .exes or other binaries from Windows with a click these days. They tend to be sent as password protected zip files, with instructions on how to open them in the email.

              You could do that in linux as well. The problem is what happens if someone follows those instructions.

              1. rcxb Silver badge

                Re: Keeping things secure

                You can't run .exes or other binaries from Windows with a click these days.

                What? Of course you can.

            2. martyn.hare
              Linux

              Learn Windows before making statements about it.

              Penguin because even Tux is raising an eyebrow!

              Someone dared to say “With Windows, you can't even set-up two users on the local system to be able to access the same set of files” and it really annoys me when people insist Linux is better because they can’t work things properly. I hope nobody lets this poster loose on SELinux, TOMOYO or the like!

              For newbies, Microsoft made a location which works out of the box C:\Users\Public\Documents to share files locally, and it isn’t that hard to replicate those ACLs if you want all local users to have local access.

              If you want users to do your job for you, then you can have your cake and eat it too. If as an administrator you ensure CREATOR OWNER is inherited as Full Control, then whoever creates a new file/folder can add whomever they want to the DACLs for it. Due to Windows default ignoring of traversal permissions, one can then hand out the direct local path to these new folders to the other users even if they otherwise would be denied access by parent folders.

              If you as a sysadmin want to control permissions, then remove CREATOR OWNER and create a group with the users you want to have access and give that group Modify permissions over the files/folders you want to grant access to. For safety, ensure SYSTEM is the owner when you’re done. All of this is very easy.

              Now on to EXE/BAT/DLL files. It takes two minutes to ban unknown executables/scripts from being ran and there are currently four ways you can do it. The most basic way is to use NTFS ACLs to deny execute permissions on all files by default in writable user areas, then you have either WDAC, SRP or AppLocker to use for implementing a proper network-wide policy. SRP has been around since XP. Googling the problem actually results in finding many articles on SRP so I’m 100% sure this is a human sysadmin problem not a Windows one, In terms of software installs, Windows has legion of options for repository-driven installs...from setting up GPO Software Installation as a system administrator to setting up Chocolatey so users can install from a community-supported base or packages akin to how it works on Linux. For large concerns, there is SCCM.

              ...and before anyone asks... No I’m not saying Windows is better than Linux, especially when you have high quality options like Arch and Fedora. I’m just rebutting a bunch of misinformation, that’s all.

        2. bombastic bob Silver badge
          Meh

          Re: Keeping things secure

          Is Windows really that problematic...or is does it simply present the largest target footprint

          Both, when compared to a computer running Linux, BSD, or even Mac OS.

          The problem with Windows is NOT the user's ability to run whatever he wants. The problem is the inherent lack of peer review on the OS itself, certain vulnerabilities that are basically designed into the system itself (through the API), and a security model that encourages you to run with "admin" privileges all of the time using an "in the cloud" identity.

          [and I used to be such a windows fan, too, decades ago, as it was SO much better than DOS]

        3. katrinab Silver badge

          Re: Keeping things secure

          In the server space, Linux is way bigger than Windows, even if you restrict your search to Azure datacentres.

    3. anothercynic Silver badge

      Re: He does have a point, even if it's draconian

      The walled garden might be a security measure, sure, and I am grateful for that, but seriously? Requiring people to spend their money *through* the walled garden only? FTS.

      Curating code is one thing, forcing every single entity that plays your systems to pay you a slice of the pie just for having the daring gall of working on your systems is something else entirely.

      Quite. That's heading for squeezing your nuts while you're down territory!

      Nahhhhh, take Apple down, or, at the very least, break this deadlock of "you must use Apple's payment system" and let people handle their payments through any way they see fit. If Apple doesn't like it, force them to trim their cut down to... oh.... merchant fee territory? 5%? 4%? 3%?

    4. bombastic bob Silver badge
      Childcatcher

      Re: He does have a point, even if it's draconian

      when you read the article looking for it, you find their justification.

      a dramatically higher bar for customer protection

      and

      iOS is something you'd let a child use.

      But rather than having a "child lock" available for PARENTS to decide to use, WE are ALL "children" to them.

      And, that makes it "for the children".

  2. redpawn Silver badge

    Safe for Infants!

    So that's why iOS works the way it does. Thanks for the explanation Apple.

    1. MachDiamond Silver badge

      Re: Safe for Infants!

      Given the sophistication of the average person who will insist and doing critical things on a very insecure device, Apple does need to lock down software. There are countless stories of parents that hand their kids their phone to keep them amused and the kids go out and download/install something that borks the phone or compromises security. The biggest mistake was handing the kid the phone to use as a toy but there's no test to procreate.

  3. MiguelC Silver badge
    Coffee/keyboard

    "For security reasons, not for Epic reasons."

  4. Anonymous Coward
    Anonymous Coward

    Apple's approach to security

    If your country manor (a metaphor for macOS) is designed by Apple there will be a fence around the garden. Not really for security - just to prevent anyone from walking in, vaccinated or not, even with a written invitation. The main gate - but not necessarily the access road - may move from time to time to the other side, but that's just to confuse anyone trying to reach the garden (which is not on Google Maps - no documentation - and the locals in the neighbouring village are as likely as not to remember where the main gate was the last time they visited and wrote a blog post about the experience).

    There are forbidden sections in the garden and in the house itself, even for family members - they can only access parts of their own property if they put on very special Apple-branded shoes ("Full Disk Access", anyone? You can't just open a Terminal and ls(1) in certain directories, such as your own Mail or Downloads folders, even if you are admin, though you can see the contents in Finder). Mind you, some of the staff are required to wear those special shoes even though they never need to access the grounds at all (seems like a security hole to me, but apparently not to the architects).

    The garbage bin ("Trash") will trigger an alarm if you try to retrieve family silverware thrown out by mistake or to arm a bomb in it while wearing special branded shoes (can't double-click on an executable in Finder), but with any other footwear there is no problem (you can execute binaries in Trash, e.g., from a shell - just not from Finder).

    If you find a hole in the fence you can walk around the property unrestricted, and the code to the safe with the family jewels is on a Post-It note on the safe's door. Finding a hole may not be trivial, but if you (or some Aussies, as the case may be) do there will be no other obstacles - the jewellery will be yours for the taking.

    Etc., etc. Dunno about iOS - judging by the article, the principles are the same.

    [AC because developing enterprise security tools for macOS are among my responsibilities - not at Apple, but as putting my employer in El Reg's position will not be terribly professional I am using every layer of obscurity available, consistent with Apple's security principles... This part of my job is not fun at all, and it's not even funny. The cynic in me would just leave those Apple-designed houses unprotected, but our paying customers manage many "properties" of all kinds and insist that everything should be covered.]

    1. Mishak

      You can't just open a Terminal and ls

      Well, not the first time. Once you've approved it, you don't get bothered again. Maybe a minor irritation for a power user / admin, but most users are not in that class.

      1. John Robson Silver badge

        Re: You can't just open a Terminal and ls

        It's a trivial irritation, particularly since I deny more requests for full disk access than I approve.

        The corporate malware scanner gets FDA, but very little else needs it - and the list of things that ask for it is longer than it should be... 24 on my system, and only four have access (three of them are the various tendrils of the malware scanner).

        Then there is a "limited access" request, where more programs get permissions for certain areas of the disk - and can have that access revoked, from a central known point. That actually includes iTerm, which has pretty wide access, but has never needed FDA.

      2. Anonymous Coward
        Anonymous Coward

        Re: You can't just open a Terminal and ls

        Once you've approved it, you don't get bothered again.

        No, you cannot grant FDA to something like ls(1) or other commands - or any scripts that you might write - at all. It can only be done for a properly notarized "app" written in a specific way.

        And you seem to be looking at it from the point of view of a moderately technical (can configure stuff but does not write scripts?) individual Mac user. I did mention I dealt with enterprise. I don't need to tell anyone here that an organization wants to deploy security software to endpoints automatically and transparently. I am not aware of a way to silently grant Full Disk Access (or the right to filter network connections) even to a properly written application or system extension. The relevant boxes don't get checked. The most common escalated customer issue is that after deployment stuff (even stuff that does not look at the disk at all, but must have FDA according to Apple) does not work - at all - because individual Mac users don't check the boxes or press the right buttons - they don't know they need to.

        Yes, it's once per Mac, but you may administer a lot of Macs, and when it does not happen even once on quite a few of them it stops being a minor irritation and becomes a big pain in parts of the anatomy.

        1. Pete B

          Re: You can't just open a Terminal and ls

          I've never thought Apple were that bothered about the Enterprise with MacOS; all the things you take for granted in a Windows Domain are either not available at all, or you have to use Third Party tools to provide them. Seems like Apple offer the absolute minimum that any company will accept and no more.

          1. Anonymous Coward
            Anonymous Coward

            Re: You can't just open a Terminal and ls

            There's a tiny outfit called JamF(.com)..

            1. Pete B

              Re: You can't just open a Terminal and ls

              "There's a tiny outfit called JamF(.com).."

              Exactly my point - Third part software is required to approximate what Windows gives you out of the box with AD.

              1. Anonymous Coward
                Anonymous Coward

                Re: You can't just open a Terminal and ls

                Jamf is complete management for which you need to buy tools for Windows too, AD is well, merely something that wants to be a corporate directory when it grows up.

        2. John Robson Silver badge
          Facepalm

          Re: You can't just open a Terminal and ls

          "I am not aware of a way to silently grant Full Disk Access (or the right to filter network connections) even to a properly written application or system extension"

          GOOD

          That's why the checkboxes exist.

          Our VPN won't connect if you don't have relatively recent acceptable telemetry from the malware scanner.

          Yes, we have to manually enable FDA for it, which is therefore in the instructions for setting up your mac.

          My scripts all work fine, but the same process is followed by accounting, HR, management... anyone with a mac.

        3. Hugh McIntyre

          Re: You can't just open a Terminal and ls

          Re: "No, you cannot grant FDA to something like ls(1) or other commands - or any scripts that you might write - at all. It can only be done for a properly notarized "app" written in a specific way."

          I'm pretty sure you can, at least I was able to do this for a rsync/perl script I use for backups. It looks like I have "cron" and "rsync" in the full disk access list for this.

          Of course this does probably mean that any user of rsync can access the full disk :(

          The end user does need to go in and enable FDA manually, not via app deployment though.

          1. Anonymous Coward
            Anonymous Coward

            Re: You can't just open a Terminal and ls

            You've not been close to MacOS recently then?

            On Big Sur some of the security is approaching MS Vista irritation levels in that there will be multiple questions for permission before an application can gain access to parts of the file system (especially if it wasn't obtained from the curated App Store), and there are segments of the OS itself which you simply cannot access without first going into single user mode - and that's on a user managed system.

            As soon as you deploy the Apple business tools (or jamf and the like), those restrictions (read: already pre-baked in the OS) become controllable at Enterprise level like they should.

  5. Falmari Silver badge

    Think of the children

    ““With iOS, you’re able to create something where children, even infants, can operate an iOS device and be safe in doing so. Really different products.””

    Well it is nice to know that they are really different products and the IPad Pro is not really suitable as a business tool it is just a more expensive version of the IPad toy.

    Seriously how can Federighi keep a straight face on the stand. Children have never been able to operate computers. The Mac has never been marketed for use by children. Never been pushed to schools for education purposes. There has never been software written for the Mac for use by children even infants.

    Think of the children. Because children will be safe using IOS devices, it not like IOS devices can access the internet and visit sites with content not suitable them.

    1. Anonymous Coward
      Anonymous Coward

      Re: Think of the children

      "The Mac has never been marketed for use by children. Never been pushed to schools for education purposes. There has never been software written for the Mac for use by children even infants.

      "

      Wrong in so many ways.

      I was support in 2 schools (ages 4 - 9) fully equipped with networked Macs with children using them all day.

      1. Falmari Silver badge

        Re: Think of the children

        @AC "Wrong in so many ways." Exactly it was sarcasm every never has been done.

        My bad if the sarcasm was not obvious.

        1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Think of the children

      So what they are saying is that children can easily buy stuff on iOS and Apple will take 30% off them as well.

      1. MachDiamond Silver badge

        Re: Think of the children

        "So what they are saying is that children can easily buy stuff on iOS and Apple will take 30% off them as well."

        Call it the stupid parent tax.

    3. TRT Silver badge

      Re: Think of the children

      Somehow I read that as "... Ferengi keep a straight face..."

      See rules 2, 5, 13, 29, 30, 39, 43, 44, 52, 74, 77, 82, 87, 92, 100, 151, 153, 162, 189, 208, 218, 227, 243 & 267.

      1. Falmari Silver badge

        Re: Think of the children

        @TRT after posting even I read it like that. :)

    4. iron Silver badge

      Re: Think of the children

      5 year old me in 1978 operating a Comp/Set typesetting computer with green screen and 5.25" floppies would like to disagree with him. I could put in the disk, boot up the machine and load applications. It came with a games disk, I played Lunar Lander and Solitaire on a Saturday while my dad ran the presses.

      1. Falmari Silver badge

        Re: Think of the children

        @Iron it was sarcasm every never has been done.

    5. DarkRookie

      Re: Think of the children

      I have had access to computer to use since I was 5. I have had my own computer since I was 8.

      My siblings 3 and 5 years younger have had a computer since they were 13.

      My niece who is 9 has had a laptop and has had one since she was 4.

    6. This Side Up

      Re: Think of the children

      "Never been pushed to schools for education purposes. "

      What about Element 14? They did have a go at getting into education.

      Type your comment here — advanced HTML and hotlinks allowed

  6. Potemkine! Silver badge

    Everything in Apple, nothing against Apple, nothing outside Apple

    Do the older ones remember the time when Apple was advertising as being the anti Big Brother?

    Nowadays it's all the opposite, Apple is glad to tell it will control everything.

    1. Snapper

      Re: Everything in Apple, nothing against Apple, nothing outside Apple

      Ye, but perhaps a certain other platform holds a lot of responsibility for the lack of security on their past offerings, which in turn opened the floodgate to the black hats and the growth of the security industry.

      1. Anonymous Coward
        Anonymous Coward

        Re: Everything in Apple, nothing against Apple, nothing outside Apple

        Ah yes, but you can't say that out loud because they have used their ill gotten gains to fill the world with apologists.

        Saying that Windows is a security risk is a bit like saying that Trump caused an insurrection in a room full of Republicans - very unwelcome reality.

        Or, more local, using Windows for security is like putting Boris in charge of a project to promote chastity :)

        1. TRT Silver badge

          Re: Everything in Apple, nothing against Apple, nothing outside Apple

          "putting Boris in charge of a project to promote chastity"

          Have you even ridden one of his bikes on London's potholed roads? That definitely promotes chastity. I was bruised for weeks.

          1. Anonymous Coward
            Anonymous Coward

            Re: Everything in Apple, nothing against Apple, nothing outside Apple

            I think you weren't supposed to take the saddle off, though.

            1. TRT Silver badge

              Re: Everything in Apple, nothing against Apple, nothing outside Apple

              Well I’d never come that way before...

          2. Aussie Doc Bronze badge
            Joke

            Re: Everything in Apple, nothing against Apple, nothing outside Apple

            You were holding it wrong ¯\_(ツ)_/¯

            Note icon ------>

    2. TRT Silver badge

      Re: Everything in Apple, nothing against Apple, nothing outside Apple

      Big Brother in that advert was David Graham of Parker / Brains / Gordon fame in Thunderbirds, and also several Daleks.

      No point made in this post, just a QI fact delivery.

  7. lglethal Silver badge
    Trollface

    This is great news for IT department budgets!!!

    So the next time some Manager comes along demanding the latest iPhone/iPad/iGadget, you can happily turn around and say sorry, but we only provide Tools for Adults here. You can then point out that Apple has now officially and in court (therefore if they're lying they're commiting purgery), declared that iOS devices are purely for children. They therefore have no business being used in a business environment.

    No more wasted IT budget on childrens toys!!! Woohoo!

    1. Ken Moorhouse Silver badge

      Re: purgery

      That is perjury where everyone knows you're talking sh1t.

      (I wasn't aware of this alternative spelling until today).

  8. 45RPM Silver badge

    Optimal security is something like a dumb light or an old Bakelite phone. They don’t do much, and they can’t be hacked - so they’re secure. Maximum insecurity would be a device that lets you do whatever you like to whatever file from wherever. Think something like Windows 95 or classic MacOS. They have a network stack, and very little in the way of permissions.

    Everything else is on a continuum inbetween. I like iOS being secure. It’s a phone for gods sake, and we shouldn’t lose sight of that. For 99% of use case the tight security is not a problem - in fact, it’s a very definite benefit. The same applies to the watch and to the iPod.

    The Mac is another matter. It’s used for myriad use cases - and it’s mostly a tool for professionals. The trade off of security / flexibility therefore errs more on the flexibility end the spectrum - which necessarily causes it to have a malware problem, at least when compared to iOS. The same is equally true of other flexible platforms - including Linux (and Windows 10 even let me absentmindedly delete a system file the other day, so I could argue that the situation is worse there - they’re erred too far toward flexibility)

    The thing is that if the Mac erred further toward secure it would lose users, including me, fast. I think that the balance is about right.

    As to the iPad, much has been made about how the hardware is great but the software is not. I think it’s not a problem with the UI per se - it’s the fundamental issue that the security / flexibility balance of the iPad is wrong. Given what the device is, and what it’s intended to do, I’d argue that the iPad should be a smidge more flexible and a smidge less secure. And it’s a pretty big smidge at that.

    1. John Robson Silver badge

      "Given what the device is, and what it’s intended to do, I’d argue that the iPad should be a smidge more flexible and a smidge less secure. And it’s a pretty big smidge at that."

      Or possibly it should have two 'modes':

      - I'm a big iPhone (for people who are using stuff that is easily available, or for those who need the larger screen for reasons of eyesight).

      - I'm half a laptop (for the rare power user - possibly less rare if this mode existed)

      With the M1 chip in the newest iPads this should be a really easy choice to make... Do I set this up as a big phone, or a laptop? I suspect it could easily run either software stack, and as I understand it macOS on the M1 has access to the app store anyway.

      1. 45RPM Silver badge

        Yeah, I’ve pondered that. The problem is that, by offering a ‘power-user’ mode, inexperienced users are opened up to a new avenue of attack. I can easily imagine my mum being convinced by a con-artist that for reasons of support / improved battery life / insert spurious reason here it’s necessary to enable power-user mode and install one piece of malicous software or another. They’ve tried it before - and failed only because I’ve locked down the security on her desktop computer pretty tightly. Better then, on balance, not to provide the option. If you need a power user mode on your phone, if you are the 1% (and even as a software developer, I’m not in that category), then there are other phones available.

        1. John Robson Silver badge

          Absolutely agree - but it a mode defined by a completely different OS installation.... it's not something that's easily toggleable... You need to go through hoops to enable it, and it's a clean install (basically of MacOS)

          That was what I was thinking about any rate.

          1. 45RPM Silver badge

            In which case, yes. There can be no disagreement that I can see. Additionally, it might prolong the life of the hardware further.

        2. Getmo

          Why not just make the power-user mode password or pin protected? Most older folks I know who aren't technical (like my mom) will coming running to me when they get a new device, to "set it up for them" (install their apps, and hold their hand while they log in to stuff) and to get a bit of training while you're there. That's the perfect opportunity to set a pin.

          Same goes for children as well, I assume as the adult you'll want to lock down the device first before just handing it over to your kids.

    2. ExampleOne

      > It’s a phone for gods sake, and we shouldn’t lose sight of that.

      Except it isn't, and never has been, just a phone. From its very start, it has been a computer in your pocket first and a phone second.

      People don't buy smart phones to make phone calls, they buy them for the apps and flexibility provided by being a computer. Purely as a phone, I find all the smart phones have a far worse user experience than classics like the Nokia 3310.

    3. MachDiamond Silver badge

      "Think something like Windows 95 or classic MacOS. They have a network stack, and very little in the way of permissions."

      Yes, but there was no public internet back then and networking meant being able to connect computers across the room, not the world. Online was mainly AOL.

  9. YetAnotherJoeBlow Bronze badge

    Maybe it is just me, but reading what Federighi said sounds a bit desperate.

    I have a feeling that Apple will regret some of the statements that Federighi was told to say.

    1. 2+2=5 Silver badge

      Not desperate per se but designed to distract. Everything he says about Apple's checking of iOS apps etc is true but that's not what Epic are complaining about.

      Epic are complaining about the margin that Apple take - partly on the initial purchase of the software but mostly the margin on subscriptions and in-app purchases. The key point being that the store provides little or nothing in the way of value add for subscriptions and in-app purchases.

      It's possible Federighi has made a tactical mistake: by highlighting what the store does he's highlighted what it doesn't do, so unless he can somehow claim that they protect iOS users from 'subscription malware' (whatever that might be) then they don't have much of a leg to stand on and they're back to a simple "it's our store and we charge what we like" justification.

      1. TRT Silver badge

        "The key point being that the store provides little or nothing in the way of value add for subscriptions and in-app purchases."

        BUT does it provide ANY kind of value? If it does, then in order to protect the resources that provide that added value, there will have to be some form of monetisation of the product. In other words, in order to offer in-app purchases or subscription models, the app vendor may be required to charge for the app or make some form of payment.

        Out of curiosity, how much does it cost to publish a free app with no revenue generating potential? Presumably those are vetted and screened the same as pay apps in order to keep the platform secure, right? So if there is no fee, or a fee that doesn't cover the actual cost of the vetting, it must be subsidised by either "overpayment" by the paid apps or from the profits of the gatekeeper company, which might be obscene and so arguably they should, but those profits also come from their slice.

        1. doublelayer Silver badge

          "Out of curiosity, how much does it cost to publish a free app with no revenue generating potential?"

          All developers who want to publish apps must pay an annual fee to be part of the developer program. This fee is $99 US or its local equivalent. They also need to give Apple a reasonably good revenue stream by buying Macs, as you can't use any other OS to use their developer tools or publish things.

          1. TRT Silver badge

            And that $99 a year covers how many revisions to an app per year?

            1. 2+2=5 Silver badge

              Unlimited to an unlimited number of apps. (Well obvs I haven't tried uploading a million apps but there's no low limit that would force you up a tier.)

              1. TRT Silver badge

                Pretty cheap then.

                1. doublelayer Silver badge

                  If you actually have a million apps, sure. But most accounts don't. Just pointing out that they do have a revenue stream for free apps in addition to the benefits those apps provide to their user numbers.

  10. Sammy Smalls

    I'd be annoyed if the walled garden is opened up.

    Ok, I get it. Apple is absolutely gouging devs on this, and they could be much fairer - BUT I like the walled garden. I like that I dont have to think too hard about 'will this app rape my device'. I like that someone is curating the apps to make sure that I'll probably be ok. I very much like that they stick 2 fingers up at companies like Facebook.

    If I didnt like it, I'd buy an Android device.

    You could give users the choice to opt in or out of the walled garden, which is probably the best Epic can hope for. I think I know which way most people would go. (see FB privacy choices). Its then a balance of law suit cost vs how many people will opt out.

    1. TRT Silver badge

      Re: I'd be annoyed if the walled garden is opened up.

      Opting out of the walled garden could potentially hurt brand.

      "Yeah, yeah, yeah. So I had a iPhone, right, and now they just emptied my bank account man. I thought Apple was supposed to be secure, you know? I might as well have bought a Samsung or a Google phone."

    2. doublelayer Silver badge

      Re: I'd be annoyed if the walled garden is opened up.

      This is not a problem for you. Lots of OSes have a walled garden mode which you can activate or not as you choose. Mac OS has one. Windows has one. Android has one. If IOS had to allow app sideloading, you just have to turn that off (or likely just not turn it on), and you have the situation you have now. Just as you can ask Windows not to install things unless from the Windows store. Nobody does that, but it's right there in the settings.

      1. Charles 9 Silver badge

        Re: I'd be annoyed if the walled garden is opened up.

        Obvious counter: if there's a way to break the walled garden, social engineering will come up with ways to make Dave turn it off in the name of "enhanced security". So Apple doesn't provide such an option with iOS: no way to turn off something that has no switch, their thinking goes.

        Which leaves a no-win situation: too tight and you tick off power users who complain; too lax and Daves get their devices pwned and complain, and the medium is probably UNhappy as you end up with complaints from BOTH of them at the same time.

  11. Chris G Silver badge

    Ratner effect

    I wonder if Federighi has ever heard of it?

    I also wonder if he actually believes in what he says?

    1. TRT Silver badge

      Re: Ratner effect

      Federighi Rules of Acquisition #267

  12. Jason Hindle Silver badge

    I think there are better ways to make the point

    Including consumer choice and understanding the risks, benefits and drawbacks associated with each OS approach. Anyone can buy a Mac and play Fortnite. Likewise anyone can buy an iPad and play only those games Apple allows. Given Federighi's comments, I'd expect to hear some noises from Jobs's grave....

  13. fpx
    Devil

    A computer that runs the software that I want rather than the software that I am permitted to run, as deciced by Apple? Oh no, think of the children!

    Seriously, the walled garden of iOS makes it hard to develop, distribute and use open source software.

    1. Tessier-Ashpool

      It *should.* be hard. I shudder to think how many evil nuget packages have inveigled their way into development projects.

    2. 45RPM Silver badge

      Not true. There’s plenty of open source available on iOS. You can even install software that Apple won’t permit on the App Store - such as PC Emulators, Console Emulators, you name it. If you want to install such prohibited software on your device though you do need to have sufficient experience to install Xcode and build software (from sourceforge, github and the like) using it.

      It does make it hard to break out of the sandbox and peek at user files or scrobble the memory, or do other nasty malware things. But that’s not a bad thing.

      When Apple first started sandboxing it caused no end of bother. Things I used to do routinely were now prohibited. But you know what? The things I was doing weren’t good programming patterns - they were just lazy. Ultimately, these limitations forced me to think about what I needed to do and to implement the functionality properly. I became a better developer, my users got better software.

      1. doublelayer Silver badge

        About that ... no. You can't do that unless you have a bunch of knowledge and also bought a Mac. Compared to Android, where you can do it on any platform and you don't need to figure out the build process for every tool, or to a desktop OS, where you can compile it directly on your platform if you need to and can use it without restriction. It's not at all comparable and it's difficult for most people.

        It's not the restrictions on apps that I mind. If Apple decides that apps should live in their own sandboxes and have no access to each others' files or system files, that's a security decision that makes sense. It's not always convenient, but it's definitely a feature. There is no reason they can't allow people to add apps that live in such sandboxes but didn't come through their store. Security by having security precautions, not security by hoping they'll catch things.

        1. TRT Silver badge

          The sandboxes...

          have controlled leaks. They have iOS controlled peepholes that let them see the sky.

          So what's to stop one of these Apps-through-a-3rd-party-store asking for permissions to access contacts, camera, microphone, location, network-when-in-background, battery status, bluetooth, scan network...etc etc? Especially when the application is e.g. a collection of granny's tried and trusted recipe cards. Does is need the microphone? No. Location? No / highly unlikely. Contacts? No - if you want to share a recipe there's a function for that which requires no contact sharing. Network in background? Scan the network? Highly unlikely. Possibly camera access for reading barcodes and battery life if it's going to work as a cooking timer. If I presented such an app to the Apple Store, I'd have to justify to them each and every requested permission I'm going to ask of the user. If I loaded it through my own store without such vetting... well, even a slightly tech savvy person might be fooled into thinking I wanted location information in order to set the units of measurement, or suggest recipes to match the weather forecast or calendar information to see if you were planning a get together or a birthday cake... And contact information so I could share a recipe, and microphone access so I could use AI to determine if your smoke alarm was going off, network scanning in case you had a smart fridge...

          There is a danger.

  14. snozdop

    Level of malware

    Federighi: "And as I say, today, we have a level of malware on the Mac that we don’t find acceptable and is much worse than iOS."

    I assume that *ANY* level of malware on the Mac (or iOS) is not acceptable to Apple right? I mean, does anyone (part from scammers) find malware "acceptable"?

    Ok, so realistically, no-one is ever going to completely eradicate all malware from a platform, but it seems Apple is working towards getting it to the absolute minimum level that is technically possible without making the platform unusable - and perhaps only that is what they would "find acceptable".

  15. Peter D

    Tim Cook takes the stand on Friday

    "I swear to tell the truth, the whole truth (subject to 30% retained by Apple) and nothing but the truth."

  16. Wade Burchette Silver badge

    Acceptable risks

    Someone needs to tell this so-called Apple expert about a concept called acceptable risk. Using his analogy of the car, we can virtually eliminate all automobile deaths by imposing a 35 MPH speed limit. But we don't. Why? Is it because we want people to die? No. It is because we, as a society, have deemed there a level of acceptable risk. There are huge benefits when you allow us to drive 70 MPH on the highway.

    And so it should go with our devices. Yes, we can get virtually eliminate all malware by a walled garden. But at what cost? There are huge benefits when you allow us to install our own apps on a phone or computer. This is an acceptable risk.

  17. naive Silver badge

    It is the 30%

    EPIC doesn't care about walled gardens, the 30% apple tax is painful.

    The model to tax sellers for each item sold is nice for people who make and sell in small numbers, since they do not have any upfront costs.

    If a big supplier sells 50 million times its app for $ 1,-, they have to pay Apple over 16 million.

    Apple has some valid points in arguing that a walled garden fits within their view of providing customers an excellent quality experience.

    Charging large sellers millions for use of their walled can however not be justified, since it doesn't bear any relation with the costs Apple incurs to enable the store or to distribute f those apps.

    It seems reasonable that Apple would be forced to introduce different models for use of its app shop if it wants to continue to operate this in a monopolistic fashion.

    1. TRT Silver badge

      Re: It is the 30%

      I can understand recouping part of the cost of sales in order to pay for code review (Ha! Somewhat limited and automated, but improving...) and I can understand a fee for handling payments through your system, I mean EVERY online payment system does something along those lines, doesn't it?

      But 30% on in-app purchases does seem a bit OTT. Is it to avoid companies setting a pricing model which avoids recovering the costs for code vetting and transaction pricing? If they made it 30% and 10%, for example, then we would see even more FREE to buy crippleware that requires an in-app purchase...

      HOWEVER... thinking about it... OS MAPS allows you to buy a digital download code along with a physical map... how does that system work to bypass the Apple gatekeepers? I haven't taken out an OS Maps subscription, but I have bought (admittedly spent far too much, but I love maps) paper maps and entered the digital download codes.

    2. MachDiamond Silver badge

      Re: It is the 30%

      Apple has stated that not every company is charged 30% and not every transaction is the same.

      An in-app purchase for $1 that costs Apple $.20 to process means they net $.10 or 10%. That's assuming that there are no problems such as when a parent rings up to nullify the $300 that little Johnny charged up in a game $1 at a time. It's Apple that has to deal with that, not Epic. Epic also doesn't have a big cost in AR. Apple sends them a payment with a detailed accounting that can be merged into Epic account software rather than having their own people/systems to do it for them.

      1. doublelayer Silver badge

        Re: It is the 30%

        Most of this is misleading or wrong.

        "Apple has stated that not every company is charged 30%"

        Now, but that's very recent. There's now a 15% category for small businesses, but until that, everyone was charged 30%. Now, pretty much everyone is still charged 30% but there's a second option. Not incorrect per se, but misleading.

        "and not every transaction is the same."

        It is, though. Every transaction goes through the same systems that Apple set up.

        "An in-app purchase for $1 that costs Apple $.20 to process means they net $.10 or 10%."

        It doesn't cost them 20 cents to process a transaction. They've processed small transactions for a long time. Their costs are very low.

        "That's assuming that there are no problems such as when a parent rings up to nullify the $300 that little Johnny charged up in a game $1 at a time. It's Apple that has to deal with that, not Epic."

        They have recently changed that to let developers handle it. It was their choice when it was only them who could do that.

        "Epic also doesn't have a big cost in AR. Apple sends them a payment with a detailed accounting that can be merged into Epic account software rather than having their own people/systems to do it for them."

        This is not true. They get receipt information, but it is Epic's responsibility to track who bought what and make that work on their system. They would already have all the necessary data to add to their accounting system because otherwise their in-app items wouldn't work. Their app decides how much the user is charged, their servers receive notification that the purchase was made. Only payment is handled by Apple.

  18. po

    Apple's argument is a little like standing before the court and claiming that you had to turn to crime because you were crap at your job. The great part is that he isn't lying.

    1. Charles 9 Silver badge

      Crap at your job, or simply no one at all will hire you or even let you have an interview? When not even McDonald's (substitute appropriate regional "will hire anyone" place as needed) will hire you, where does that leave you?

  19. John70

    Is it me?

    Reading this story and the comments, every time I see Craig Federighi's name I see Ferengi

    1. TRT Silver badge

      Re: Is it me?

      Ha ha. No, it's not just you. See up.

  20. mevets Bronze badge

    ... the mac is the car ...

    ....

    I think of it as the Mac is the car: you can take it off road if you want, you can drive wherever you want," Federighi said. "As that comes as a driver, you’ve got to be trained, there’s a certain level of responsibility to doing that. But that’s what you wanted to buy, you wanted to buy a car....

    ....

    Have I not been reading persistent rumours about an iCar that is not at all like this sort of car? Well, maybe the off road bit, but not by want.

    Is the reimagined car to be to a car what an i-device is to a computer?

    You want to go to the hardware store, but it insists you go past half a dozen takeouts first, in case you might be hungry.

    You need to pick up the kids, but have to wait through an interactive simulation of local daycare's.

    1. Falmari Silver badge
      Joke

      Re: ... the mac is the car ...

      @mevets Is the reimagined car to be to a car what an i-device is to a computer?

      If it is every purchase for the car (tyres petrol etc) will have to be made using Apple Pay so the 30% markup for Apple can be applied.

  21. Warm Braw Silver badge

    Customer protection

    That's a nice device you have there. Shame if anything were to happen to it...

  22. Tromos

    Further safety measures needed.

    Are they absolutely insane? The iPhone telephone and SMS services are totally unlocked and capable of receiving abusive messages, hate speech, etc. Even worse, they enable telephone banking without allowing Apple a 30% cut!

    These services need to be curated via the official call and message store which will ensure you are kept up to date on the releases of new iShiny products and safe from all these pesky callers like family and friends.

  23. NicX

    App Store

    I'm fine with Apple keeping the walled garden. Thanks to Apple's iOS walled garden, the chances of me mistakenly downloading a malicious app are essentially non-existent.

    Now compare that to Android app stores and Google Play.

    At least I can confidently assume the apps I've installed from my walled garden aren't trying to exfil data and steal my banking credentials.

    1. mevets Bronze badge

      Re: App Store

      Fair enough, but my out of date android phone stuffed with crap ware and dodgy apps is far more secure. I really wouldn't trust it with anything. Its only: a fancy DES calculator, a way to be reminded to pick up broccoli, a collector of pet videos and a mobile hot spot.

      If I trusted it, I might be stupid enough to keep personal, irreplaceable, or valuable information on it, only to find that it is routinely pwned by websites (really, 2021!) and the vendor makes questionable disclosures about it.

      Oh, and I can get a bakers dozen of them for the price of one shiny.

  24. slimshady76
    Gimp

    Time for some Apple fanboi flogging...

    Imma go send this post to a couple apple fanbois and watch them throw their hearts out...

  25. Blackjack Silver badge

    This is hilarious and something people will nag Apple fanboys about forever and ever.

    1. TRT Silver badge

      Forever and ever?

      Nah. About a fortnight.

  26. TheMeerkat Bronze badge

    I have iPad, iPhone and Mac.

    No, I don’t want my Mac to be wall gardened.

    But I prefer my iPhone and iPad to be so.

    Why? Because I use them for completely different purposes.

    1. Blackjack Silver badge

      Funny enough Apple very recently patched very worrysome macOS 0days, hope you were not running Xcode...

  27. MachDiamond Silver badge

    Off the rails

    The arguments seem to be going way off into the weeds. Epic had a contract with Apple that spelled out the terms and conditions. Epic decided later they didn't like those T&C's so went around them and got caught. They could have renegotiated with Apple at the next renewal. It's also come to light that what Apple charges is not out of line with the rest of the industry. Customers could easily get an Android device to play the game if it were no longer available on iOS. I have a stack of fondleslabs right next to me here on the workbench. One works as a phone and the others get used for other tasks.

    If Epic finds it required that they be on iOS for their business to be profitable, they have to pay the piper. eBay is very nasty if there is even a hint that you might arrange a sale outside of their official methodology. They get their cut or you get the boot. Even if a transaction doesn't happen they can delete your account. It's a right PIA when selling something complex/unique/bespoke where it's a good idea to have a chat with the prospective buyer.

    1. Anonymous Coward
      Anonymous Coward

      Re: Off the rails

      That's idiotic and you know it.

      Epic has about as much power negotiating a contract with Apple as you or I do. It's ludicrous to even suggest it.

      Epic had no choice but to break the onerous terms of the contract of adhesion that Apple demanded in order to create a case to sue Apple. I mean, it's not really even a contract by the old legal definition, there's no "meeting of the minds" - there's just a button on a screen that makes stuff start working.

      As far as that goes, Apple probably thinks they have a contract with me. They most assuredly do not, I recited "I do not" before I clicked the make it work button that was labeled "agree" on a screen full of text that on the advice of my attorney I very intentionally didn't read a word of.

  28. EnviableOne Silver badge

    Seems to me

    Apple's defence is we are $h1t at security, so we have to be careful who we let in.

    Which provides no defence to the claim they are a monopoly and no defence to the fact they are exploiting this position to gouge their users/developers.

    At the moment they charge exactly the same as google do, but the choc factory only has an effective monopoly, not a literal one.

    the pair of them need to look hard at the service they are providing and the cost of providing it.

    App purchase fees are listing and distro fees, so should not be more than about 12-15% (like Amazon Marketplace or e-bay selling fees) and as the volume goes up this comes down.

    In-game items are payment processing fees, so any reasonable processor will be working on about 5% (see PayPal, SumUp, WorldPay, Stripe, ....) or less, at the volume they are processing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021