Monday, June 22, 2020

The App Store Doesn’t Make Apps Safe

Brent Simmons (tweet):

Otherwise, App Store review is looking for basic functionality and making sure the app follows the guidelines […] the guidelines are about protecting Apple’s interests and not about consumers.


I’d feel secure knowing that the apps, just by virtue of being iOS apps, are sandboxed and have to ask for permissions. (I’m also imagining a Mac-like notarization step, for additional security. I think this is reasonable.)

In other words: Apple has done a very good job with iOS app security and safety. The fact that we think this has something to do with the App Store is a trick, though.

As discussed in the comments here yesterday.

Charles Perry:

@brentsimmons is right. Technical restrictions built into the OS (like sandboxing, asking user permission before accessing Contacts, etc.) are what makes iOS secure, not App Review.

Riley Testut:

This is important! Apps downloaded outside the iOS App Store would be far more safe than ones downloaded outside the Mac App Store. Regular iOS protections such as sandboxing apply to sideloaded apps like @altstoreio and Delta — the only difference is Apple doesn’t like them

Russell Ivanovic:

This whole notion that it’s Apple’s App Store or user privacy hell is pure nonsense. It’s not one or the other. In fact most apps on the current App Store suck up all the data they can already. That’s a toolkit issue not a store issue.

Dan Held:

I built out and headed up App Store optimization for all of Uber’s mobile products from 2016-2017.

The “review process” allowed hundreds of fake Uber apps to be approved. The problem got so bad we had to use a 3rd party software to issue takedown requests in mass.

If they can’t screen at that surface level then I’m not sure what they’re doing with each indie dev.

I don’t think this is what people expected to happen, but, even without fakes, the App Store does sometimes make it harder to find the official app. First, search ads deliberately make it not the top hit. Second, the organic result for typing the exact name often isn’t right. Outside the store, you’re always going to get the right app if you start at And a Google search is unlikely to give you the wrong result because the fake app won’t out-PageRank Uber.


4 Comments RSS · Twitter

right, they don't consider to filter scammy apps. there are lot of fake call recorders in app store that do nothing but stealing money.

Niall O'Mara

Yeah I’m amazed Apple don't seem to give a s**t about scam apps in the app store - the amount of trash you have to wade through to find the app you're looking for is depressing and undermines the stance that the app store is well governed.

As for App Store search - you'd have a better chance of finding what you want by blindfolding yourself and sticking a pin in a thesaurus.

[…] Michael Tsai’s blog, a great collection of why the Apple App Store doesn’t make users safer. It’s a tollgate, an […]

Ah but they *have* a rule for “spam apps” but it’s very selectively enforced against harmless “astrology” apps.

If Apple decided to go back to filtering apps for overt FRAUD and not trying to enforce their own shallow view of “culture” the appstore would be a better place. But no, Apple wants to “curate” and be a publisher. And the overt fraud just bleeds thru because their priorities are (still) skewed.

Leave a Comment