Tim Cook: Sideloading is a disaster and proposed App Store reforms would harm user privacy and security Tim Cook has claimed that proposed reforms to the App Store are "not in the best interests of the user" and would "destroy the security of the iPhone." Cook was speaking remotely at the Brut. America conference, where he was interviewed by the company's CEO Guillaume Lacroix. Youtube Video "What we do at Apple is always …
This post has been deleted by its author
"Basically, he's asserting a dictatorship is safer than a democracy."
In many ways it is. Violent crime int he Soviet Union was virtually non-existent (if you remove the violent crime perpetrated by the government). I large active police force coupled with very harsh penalties results in an overwhelmingly low crime rate. While safe, it is not the kind of environment most of us would want to live in.
"Sideloading is a disaster [for our revenue streams] and proposed App Store reforms would [remove our monopoly, and err, yeah probably] harm user privacy and security [or something]"
To be fair, sideloading has the distinct potential to be a security threat, but if it's layered in enough warnings (as it seems to be on Android), then it will only be a threat to people who like to tinker anyway, and they should be ready for that sort of thing. I suspect poor control of things in the actual app store is more of a malware problem on Android than sideloading (combined with Android's massive global market share when compared with Apple).
This.
Blocking sideloading is fantastic for some applications like primary education or enterprise where you either don't want users to install software at all, or be restricted to an approved subset of applications.
For private users, there should be a way to enable it, even if you strongly signpost users to the official store and discourage the practice.
MacOS does this to an extent throwing up a bunch of warnings about unsigned software and requiring you to dive into settings to tweak defaults. Equally you can lock it down for untrusted users.
If they want to keep pretending that the iPad Pro in particular is something akin to a real computer, they're going to have to end up loosening the reins at bit.
Cook called out their so called "nutrition labels" in the quote, which is the wrong approach. Allowing the owner of of the device to set the per-app permissions in a granular way provides the same protections regardless of the store/sideload installation method.
Signing is the same, right now your Apple device only accepts Apple signed coded installed from the Apple app store on non-jailbroken devices. The owner of a device should be able to add additions trusted signing sources and installation sources. This isn't magic. And the courts ruled to support Cydia back in the day, but didn't get the ball over the finish line by ruling Apple had to allow users to install it w/o jailbreaking.
On one last point, if the courts are going to address mobile Safari and the other embedded apps, allowing choice is important, but they also need to force the browsers demotion back to an App. You shouldn't have to wait for an OS update to patch a browser. Same should be true for Mail and the other "default" apps.
Don’t forget that smartphone users are idiots who need protecting from themselves. That’s been Apple’s approach for many years. It’s only in recent times, for example, that the concept of a file has been exposed to iPhone users. Prior to the Files app, things were just things, like photos or emails.
smartphone users are idiots who need protecting from themselves
I wouldn't go THAT far. Even the average LUser can be educated.
All you need to do is make the default security as tight as possible, and allow people to turn things off if they don't want them. This MUST include both side-loading AND installing without code-signing, for TRUE freedom for the user.
This way open source and independent developers can more easily distribute their stuff (without paying the 'Apple Tax' or hiding your needle within their ginormous HAY STACK).
But if the end-user doesn't want that, he can just leave all of the security options ON. So simple.
(and if a system reset can wipe everything and restore the phone/slab to factory state from a ROM, so much the better, for dealing with viruses and malware, in case they show up more frequently)
Yeah, PERSONAL CHOICE. Who knew?
It's the value proposition that Apple makes and that many are happy to go along with. Apple has carefully manicured the brand so that people trust it implicitly. Only last weel my brother was crowing about his home camera system using "Apple secure video" (PSK encrypted). Whatever, it means that Apple gets to charge manufacturers so they can slap some kind of label on the packaging and charge a bit more.
but if it's layered in enough warnings (as it seems to be on Android), then it will only be a threat to people who like to tinker anyway
All you need is an app that Apple won't approve for their app store or restricts in functionality that gets sufficient advertising muscle behind it to make people want to ignore the scary warnings get what they want.
Imagine if Facebook decided they didn't want be abide by Apple's privacy enforcing restrictions because they'd make more money being able to collect as much personal information as possible, even what Apple doesn't want them to collect. So they announce that you need to go to the "Facebook App Store" to download the new version of Facebook, because the one you got through Apple's store will stop working in a month. So much for Apple being able to offer a less privacy raping experience for its customers, everyone who deals in data will follow suit once Zuck has shown them the way.
Once people become used to enabling a third party app store they will do it without thinking, just like people who click Yes on the UAC prompt on Windows without even reading what it says anymore. It just becomes automatic.
Three points about that possibility:
1. Privacy under Apple's system is optional. An app can request that a user give them permission to collect data and a user can say yes. It's defaulted to no, but nothing prevents Facebook from running a media campaign telling people to say yes. If such campaigns actually work, Facebook doesn't need this to continue tracking.
2. Apple can still enforce privacy by actual protection. Blocking identifiers, locking down permissions, etc. If they do that as they have done it with the existing permissions, then a sideloaded app won't be able to circumvent privacy protection any more than one signed by Apple. Once again, it will come down to asking the user to allow something, which already is an option. In addition, the OS can institute its own information campaign by way of warning messages at every step of the process: "If you enable external app installations, they may have security risks.", "You are installing an app known to track your activity and weaken your privacy", "The app you have installed could be dangerous, but you have one more chance to delete it before we launch it".
3. If a user wants to run something insecure or just unapproved by Apple, is there a reason we should deny them the right to do it? They bought the device. They own it. Why shouldn't they be allowed to run code on it without Apple's approval?
Let me rephrase this for you.
If a person wants to own a firearm and/or carry it on their person, is there a reason we should deny them the right to do it? They bought the bought the firearm. They own it. Why shouldn't they be allowed to own/carry the firearm without the Government's approval?
Do you still agree? Freedom is freedom
That's completely unrelated and you know it. Firearms have the potential to hurt people and few other uses. The balance between defense uses and attack uses is the only argument involved in whether they should have them. Running code on your personal phone doesn't let you kill people. Please don't waste our time with that.
I can't download a .dmg for macos, I'm done with macos as a personal computer. I know that day is fast approaching, all macos apps will come from the store, I'm guessing Apple is licking their lips on that prospect, 30% of all Adobe installs, LogicX etc... that's a spicy tamale! Somday you will just have a docking station for your iPhone or iPad that has a full sized display maybe some extra storage?
I'm still looking for a linux distro that can pick up where Apple let the cart off the road.
I can't download a .dmg for macos, I'm done with macos as a personal computer.
Agree completely. I need to replace my music studio PC pretty soon. I was briefly tempted by the new Mini, but with Big Sur and Monterey MacOS seems to be on a forced march away from user control.
All of Apple's hoops make it time-consuming and expensive for audio companies to deliver Mac drivers and custom applications to support niche hardware. Several key devices I use still do not have Big Sur updates, and might never get them. However, they all have full Windows 10 x64 support.
The need to validate to the Apple mothership on every app launch is even more disturbing. If Apple and, say, Roland have a business dispute, will Apple disable all of the notarizations for their software? After some of their recent iOS app store developer fights, that can't be ruled out.
From the hardware side, M1 Macs have a lot to offer for music and video editing. Unfortunately, Apple's business decisions are nullifying the hardware benefits. IMHO.
Meanwhile, Microsoft "thinks of Windows as a service," so it's probably only a matter of time before they pull some of the same sh!t.
With the latest macOS I'm no longer allowed to plug my iPod into my MacBook to transfer audio files onto it. 'For my security' I have to pay them for cloud syncing or an Apple Music streaming account. Strangely this isn't a security concern if I plug that same iPod into a Windows PC using iTunes, because that still lets me transfer audiobooks and songs.
Cook "What we do at Apple is always focus intently on the user and what is in their best interests.”
Since when is it in a user’s best interest to restrict competition and adding 30% to the cost of apps. If it was truly about security and privacy, why charge 30% on every sale. The cost for validating and hosting an app is the same whether 1 or a million copies were sold.
If Apple were acting in user’s best interest just charge the app maker a fee to cover the hosting and validation. That way the cost for the app is covered no matter how many copies were sold.
"The cost for validating and hosting an app is the same whether 1 or a million copies were sold."
So you think their bandwidth is free?
There is an incremental cost, and a cost for the hosting, and it's not unreasonable to charge that on a per sale basis - i.e. those who can most afford to support the infrastructure pay most towards it's upkeep.
Whether or not 30% is reasonable is a different question, I think it's very hard to justify when it is for subscriptions or for in-app purchases, stuff that apple don't have anything to do with. Billing simplicity is only worth so much.
Most of the bandwidth is paid by the cell phone user in terms of data. Servers to deliver the apps are just part of the cash printing machine for Apple . it's like for Facebook to say " hey the service is free " when we know dang well that the website is there to collect data about users. The more is put in , the more money they make. So it's in their interest to give what looks like features and all to the user so they fill in more data and them extract more money.
@ John Robson “So you think their bandwidth is free?”
No but really, how much cost is it per download?
“i.e. those who can most afford to support the infrastructure pay most towards it's upkeep.”
Yet Amazon and Facebook pay nothing towards upkeep. I bet they both have more downloads than any single game and are both richer than any game company.
Trivial cost per download, but when you are selling that data to anywhere up to the apparently 1 billion active iPhones in the world today...
It adds up.
I agree that the fact that the "big players" who release free apps aren't paying their way, but that's a different fish for Apple to fry.
Developers pay $99 per year to be able to post apps. Even at the lowest price tier offered by public cloud, that's approximately 1.15 TB of bandwidth, and most apps are small and get compressed even more. Apple moves a lot of data and doesn't have to use public cloud, meaning their bandwidth is a lot cheaper. They're bandwidth bill will be fine.
Discussing sideloading, Cook said its inclusion on the iPhone would "damage privacy and security."
No, he's worried about Apple's totally obscene profit margin. Not about the users.
It increases landfill too! I was able to install archived apps on an Android 2.x gadget last year and specialist direct from Git applications as APK for current Android that are not on Google's PlayStore.
An iOS device feels like it's rented from Apple. I won't get another.
"Since when is it in a user’s best interest ."
Well now. The readers here are a self selecting bunch of folk who know way more than the average purchaser.
So come on - think back to reality - those of us who have had to take support calls - all those funny stories we read elsewhere in Reg about the terminal stupidity of users. Most of that is because computers are not vacuum cleaners - all the systems need a constant effort to understand, to make them work, at all, let alone the way you want.
So the more someone makes computing into a reliable user tool that just works when you turn it on, the better. The dumbest devices will win, because dumb people can use them. Those of us who have the knowledge and the desire, to deal with arcane sequences of key presses, and resets, and hidden configuration settings, and the myriad of pseudo programming languages, will always be disatisfied with dumb machines. But there are few of us, our needs are costly to provide, and we're always complaining - as this thread is doing.
So if Apple can take more money from the masses by giving them fewer options, I'm OK with that. When MAcOS no longer does what I want, then I'l take a breath and use Linux mainstream.
Meanwhile, MacOS gives me a stable system for everything office like I need to do, which is 40-50% of my time.
For other things I Use another box or two. Avoiding Windoze.
Way back in the day when MP3 players were all the rage, I was excited to purchase one of those touch screen iPods with apps that looked more or less like an iPhone without the phone part. It worked great, but one thing really annoyed me: being forced to use iTunes to get MP3 files onto and off of it. There were any number of wannabe collection managers for MP3 files. I found all of them tedious. I was happy enough just to rip my music CD-ROMs into directories organized by artist. It maddened me that I couldn't just drag them onto the iPod via USB cable, but instead had to import them into iTunes and create a playlist for transfer.
For an ecosystem that was supposed to be friendly to non-technical users, it was maddeningly hard to explain to my then girlfriend, who didn't at all understand the concept of syncing a playlist on a computer with her player and was forever needing help.
More than app store, the music store with it's iTunes software represented to me the gatekeeper. The walled garden is one of the reasons I opted for buying my own Android phone, even though my employer would have given me a free iPhone.
Even though I avoid Apple products, opting for Windows or Linux desktop and Android phones, I'm bothered by the idea of other companies wanting to have their cake and eat it too: offer their apps through the app store (profiting off of the reputation Apple has cultivated for being more secure, letting Apple test and host their apps), while going around the T&C to keep all the income generated from their apps.
It looks like free-loading to me.
It looks to me that Apple's modus operandi is complete and total control of everything within their sights - developers, payment processors, media distributors, artists, content creators, employees...even users. Everything within their sights must be controlled to their level of satisfaction.
Your personal preferences simply do not matter. You want an Apple product with an alternative workflow? Too bad, it is ours or nothing at all.
Fundamentally that is being a complete control freak. No level of control is too much, and any option of breaking from that pattern is a "risk".
Risk to WHOM?? is the fundamental question that, just maybe, the politicians will see through the smoke screen and find out the truth - it is a risk to Apple's profit margins. Nothing more. Apple wishes to be a control freak because they believe / see it grants them the greatest ability to place their hands in everyone's pocket. Anything and everything having to do with Apple must play by *their* rules, and those rules *hopefully* means paying Apple in some form or fashion.
Customers have been accepting this well-known "Apple Tax" for a long time. It was a derogatory euphemism for Apple hardware's higher pricing, but with the advent of iDevices and Apple cloud services, it really has become a "tax" on anything you wish to acquire through an Apple portal. That's technically fine, "capitalism" and all that, but not when you make it locked-down yet mandatory.
The walled garden bothers me less on iOS. Google's obsessive user tracking to deliver (mostly ir)relevant ads creeps me out, so I'm willing to put up with Apple's quirks on the iPhone.
That said -- for me a phone is mostly an appliance. I don't care about having the Newest Shiniest or whatever because there's only so much that I'm willing to do on a small screen anyway. I just want something that works and doesn't violate my privacy too badly. I realize this is not everyone's use case.
As noted in a previous comment above, walling in MacOS is a non-starter for me, though.
PS: Scott Pedigo is 100% correct in his criticisms of iTunes -- one of the worst software abominations Apple has ever produced...
I'm no fan of Google or Apple but at least there's a firewall app or two on the Play store. No such luck with the App Store. The one I use (No Root Firewall) blocks almost everything on my phone from accessing the net. I can stop Google and anyone else from tracking me.
The one app it doesn't stop is a work app called Poppulo. It's really odd because despite having blocked it I was still seeing broadcast messages/push notifications. I don't know how it was doing it either which was more annoying than anything else.
There are firewall apps for IOS. I use Lockdown Privacy, which is free, open source, but limited to blocking things (custom blocklists work). If you want more control, there are apps which allow it. As long as you're willing to grant the app VPN privilege, it can inspect and modify your traffic. I disagree with Apple on many things, but this critique isn't correct.
... That there being a single app store has helped keeping malware down on iOS devices, but as El Reg points out, the explicit anti-steering rules, the in some instances excessive cut that Apple demands for payment processing, hosting etc, and a couple of other things are definitely the things the lawsuit could resolve.
Privacy 'nutrition labels' are about as accurate as diet nutrition labels. It's up to the app/book author to write them as they see fit. A number of Apple approved apps have been caught abusing users' privacy.
Side loading apps is a red herring. Google controls it well. If I want to get Android apps on Amazon, it's just a matter of adjusting permissions. If I want to restrict the ability of employees to install apps, it's another permission option.
Security may be better on iOS versus Android but they've both had major security issues.
As everyone knows, and has pointed out, this is all about the money.
If Apple were forced to open up iOS to sideloading apps, I doubt 99% of users would use the option anyway.
I have had Android phones going back 10 years and have only bothered to sideload an app once, and that was the Amazon prime video app back in the days before it was available on Google Play.
"Android has 47 times more malware than iOS does."
So you're ssying the App store does have malware despite you apparently checking it? Which means you don't check properly. So let me fucking decide what I put on the phone I bought then. Unless of course you're suggesting "You don't own the phone, you're just renting it"
Nah, Android opens up the API to allow scanning, so anything that's there has the chance of being detected.
Finding malware on iOS takes more effort as there are no APIs or permissions allowed for any security software and the response from them is awful when something is found.
if you look at the time to Jailbreak a new "impenetrable" version, compared with the similar process on android, or the complexity of issues fixed on AOSP compared to the complexity of the issues on iOS, then you can see it's still full of low hanging fruit.
this is purely down to the single driving factor behind Tim's Apple, the almighty dollar.
I’m guessing the average age of El Reg readers is increasing quite dramatically as there’s an awful lot of ‘grumpy old men’. Windows = meh, hate hate hate, Linux blah blah. Apple = hate hate hate, my Android does XYZ.
Consumer based technology is never going to meet the needs of everyone which is made so obvious by these comments.
Apple make/supply some incredibly user friendly and impressive (although costly) tech. The whole form over function thing is what a lot of people want. I don’t do stats but I’m guessing a lot of Apple fanboys prefer the whole ‘it does what I want when I want’ approach and will sacrifice that extra couple of quid for the privilege.
I have a personal and work phone - one Apple, one Android and I like both equally. The Android suits my business needs and the Apple makes consumption of media enjoyable.
I like Linux, had a MacBook for years (that I loved) and now use Windows for my daily driver. Again, all have positives and negatives and so I use what suits my needs rather than bleat about one is better than the other.
Embrace difference, embrace change = both are the only guarantees we have when it comes to tech.
This comments section is going the same way as a major news organisation and their HYS section.
Cheers up grandad :)
Sorry, children - you don't understand this event will shape what you can do what a computer for years to come. It's not Apple vs. Google vs. Microsoft vs. Linux. This is not a tech issue. This is an antitrust issue. It is about how much power we are willingly to let in hands of a few already too powerful companies.
We saw how letting Google then Facebook hoard data eventually moved Microsoft in the same direction (and Apple too - but trying to block everybody else on its platforms).
If Apple is able to enforce its anti-competitive policies others will follow because there's easy money to be made. Computers (not only the small mobile ones) will become totally walled off and you'll be able to to only what graciously permitted by your overlord of choice.
Unluckily the problem with young people is they see some shiny-shiny colourful fashionable item, and they can't see the devil behind it, or are ready to sell their souls because some imaginary advantage it gives them.
I don't know whether this is sheer greed or utter stupidity, but Apple could so easily turn this situation around, present themselves as "the good guys" and still come out financially ahead... and doing it is really simple, too:
Right now, everyone uses the App Store - because they have to - so people are used to using it. At the same time, this also gives the App Store a reputation for moderation and security (okay, and being a complete pain-in-the-ass walled garden, but that's only really a developer thing)... so even if a whole bunch of new, non-Apple "app stores" were to open up, the vast majority of users would still probably come to the App Store itself for the foreseable future*...
So here's the trick - all Apple need to do is to allow devices to load apps from any source. At the same time, the App Store switches from the defacto app download source to a discovery hub; developers can sell their apps via whatever means they want, but if they want it to be visible on the App Store then it has to pass Apple's moderation and security requirement... okay, and some kind of cut would be needed as well - definitely not 30%, maybe 10% if the developer want Apple to host the App and handle all sales, or 5% if Apple are just providing a link to the developer's own hosting at a stab-in-the-dark guesstimation?
So the App Store is now one of many stores - albeit the one that people still go to through habit, and still maintains the "gold standard" of security. A savvy user would at least check if an app is on the App store and maybe then go on and buy direct from the App Store knowing that the app at least was secure - although it is entirely possible that the store itself, if hosted by another third party, may not be. Which is something Apple could capitalise on by means of a simple press release every time a third party store is compromised - something along the lines of "while we acknowledge that there are other stores out there, only the original App Store provides [x] level of moderation and security..."
Apple wins - okay, they may not make the swingingly large profits they do currently, but they're out of the woods with the courts, and no longer presenting themselves as a walled garden. Developers also win - they have the option of not using the App Store if they want, but also have it as a "trusted" channel, much like you would get a Nintendo Seal of Quality back in the NES era. And consumers win because they can shop around.
And all it would take would be a bit of work and for Apple to admit that their current model is broken... don't know which they'd find harder!
* Except, possibly, if Google opened their own iOS store offering and did the same trick with it as they did with Chrome ie: abusing their monopoly and plastering their search result pages, youtube ads etc, with "use our app store instead!" links...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
