Thursday, February 11, 2021 [Tweets] [Favorites]

North Dakota Bill on App Stores

Juli Clover (Hacker News):

The North Dakota Senate this week introduced a new bill that would prevent Apple and Google from requiring developers to use their respective app stores and payment methods, paving the way for alternative app store options, reports The Bismarck Tribune.

[…]

Specifically, the bill would prevent Apple from requiring a developer to use a digital application distribution platform as the exclusive mode of distributing a digital product, and it would keep the company from requiring developers to use in-app purchases as the exclusive mode of accepting payment from a user.

Apple Chief Privacy Engineer Erik Neuenschwander spoke out against the bill, saying that it “threatens to destroy the iPhone as you know it” by requiring changes that would “undermine the privacy, security, safety, and performance” of the iPhone.

This argument basically assumes that it’s App Review, not iOS’s security features, that’s protecting users. Yet we have numerous examples of the App Store failing to do so, while at the same time mistakenly blocking good apps and developers. This happens both because the review process doesn’t scale and because it’s technically impossible to completely review how an app will behave. People definitely have more confidence installing software from an app store, but it’s mostly false confidence. Decades of experience with platforms like the Mac and Android that allow sideloading show that a more open approach works just fine. macOS’s anti-malware features have never been better.

See also: David Heinemeier Hansson (tweet).

Previously:

Update (2021-03-02): Juli Clover (Hacker News):

The North Dakota Senate today voted no on a new bill that would have paved the way for third-party app store options by preventing Apple from requiring developers to use its App Store and in-app purchase methods for apps.

Nick Heer:

If this bill had passed, what do you think Apple would have done?

  1. Stop offering products and services in North Dakota

  2. Construct an entirely separate iOS and App Store model for the citizens of North Dakota

  3. Upend its entire App Store business model

I know there are some developers who think the second and third options are likely, but North Dakota has less than a million residents. I think Apple could afford to forego Fargo.

David Heinemeier Hansson:

In my romantic, counterfactual dreams of Steve Jobs, I have him pulling @tim_cook aside and saying: “Do you really want to be a monopolist for the rest of your life, or do you want to change your mind and change the world?”. It’s never too late to choose to be different.

Because I simply refuse to believe that Jobs would have let himself end up in a fight to bully entire states alongside ALEC and the Koch Brothers. Letting the impression fester that Apple could pull a Facebook and cut off an entire state if it dared to govern against it.

Previously:

37 Comments

The security concern is legitimate, but "threatens to destroy the iPhone as you know it" is way overblown.

Decades of experience with platforms like the Mac and Android that allow sideloading show that a more open approach works just fine. macOS’s anti-malware features have never been better.

Those anti-malware features have gotten more obstructive and invasive year over year. I don't find praising a platform policy that is in the process of incrementally adopting iOS's locked-down model a convincing argument.

> “threatens to destroy the iPhone as you know it”

Back in the day when people like this Neuenschwander guy made statements like that, people in Silicon Valley would say his company/platform/industry is "ripe for disruption."

And here we are, the company that thought different is now going to be made obsolete, mostly because everyone except the most least clued enduser or pampered tech blogger is clinging to those pearls of "security"-- mostly for Apple, for everyone else not so much.

I remember when Gruber & his ilk were trying to sell the Big Sur network bypass as "only power users and the overly privacy conscious care about this"... and "power users can secure their network with a PiHole" or something like that, as if Apple was going to sell a RaspPi with every new M1 Mac.

I'm thinking that snark came from Craig Federighi himself or this "chief !privacy engineer"-- long story short I took them at their word (then) and looked into "securing" my LAN with a "DNS sinkhole appliance". And let me tell you, it's great.

What I've discovered via DNS logs is that Apple and Google systems are EXTREMELY chatty with the network. To the point of obnoxiousness, like they think they're entitled to 20% of my bandwidth for their own uses. Big nah.

But thanks to tech blogger (leaked Apple) snark they've inspired me to do this, because bad ideas like feeling entitled to your network for tracking, phoning home, remote killing apps OUTSIDE the MAS just never seem to go away.

But don't worry, "they're no longer logging ip addresses" per their !privacy policy:

https://support.apple.com/en-us/HT202491

I'm frankly tired of Apple getting in the way of me having business with a developer, inside or outside their ratty consignment store. Optional sideloading sounds fine to me.

I'm getting tired of having apps "taken away" from me because of some oopsie via cert revocation or worse. They should have ZERO influence outside their store. Period.

Everyone is "hoping _DEVELOPERS_ win" against Apple. They're now the arrogant bully they used to fight against back in the day, and "ripe for disruption."

I'm cheering the disruptors. It's time. I'm tired of Apple feeling they're entitled to my time and resources. It feels the same way Windows used to feel before I switched back to mac. Is that by design?

I'm sure these remarks will earn no small amount of snark from people "who are not invested in Apple" ¯\_(ツ)_/¯

And yet there still seem to be extremely small pockets of hope at Apple, I really want to see the "App Tracking Transparency" in iOS next. "Safe Browsing" activity all going to Apple instead of Google? Not so much.

Gruber, less than a year ago: "If you must use Zoom or simply want to use it, I highly recommend using it on your iPad and iPhone only. The iOS version is sandboxed and reviewed by the App Store. The Mac version of Zoom is not available through the App Store, which makes me trust it not a bit. Much of the Mac software I rely on every day is not from the App Store — but all of it comes from developers I trust, who have proven reputations."

Doesn't sound "just fine" to me.

Apple Chief Privacy Engineer Erik Neuenschwander spoke out against the bill, saying that it “threatens to destroy the iPhone as you know it” by requiring changes that would “undermine the privacy, security, safety, and performance” of the iPhone.

LOL, Neuenschwander’s claims would sound a lot more convincing if Apple’s own AppStore actually delivered them itself.

@Leo:

I'm tired of Apple feeling they're entitled to my time and resources. It feels the same way Windows used to feel before I switched back to mac. Is that by design?

Sounds like a time to switch again. Apple can’t take anything that you don’t choose to give them. Zero obligations works both ways.

My opinion on people who make the malware argument, or the credit card fraud argument, or the privacy argument as justification for why Google, Apple or any platform vendor should be the exclusive gatekeeper for what people can and cannot see is they are the tech world equivalent of anti-vaxers.

If, and that's a big if, anyone is to have the power to control what people can and cannot see it should be democratically elected governments acting in the interests of their citizens and not a hand full of Silicon Valley executives acting in their own greedy interests.

I'm not familiar with the rhetoric from Google but I am with what Apple dribbles out. In particular the nonsense about Apple being ardent supporters and protectors of human rights and freedoms. The power that Google and Apple are wielding, that they are fighting tooth-and-nail to hold onto, is the antithesis of human rights and freedoms.

This legislation is a good first step but there is still a long way to go. If the interests of people are to be put first, if human rights and freedoms are to be protected then Apple, Google and dominant platform vendors must be prevented from interferring in the distribution of information. That means no app stores, no wall gardens and no financial services.

@vintner The Mac anti-malware features certainly have bugs that cause problems, and they are inconvenient. But I do believe they are better at blocking potential threats. Logically, to show that the App Store is what provides the safety, one would have to show that these technical protections don’t work. Apple obviously doesn’t want to do that, but I also think it’s true that they basically do work.

@Sam Are there any reports of anything bad happening from all the Mac users installing Zoom over the past year?

My opinion on people who make the malware argument, or the credit card fraud argument, or the privacy argument as justification for why Google, Apple or any platform vendor should be the exclusive gatekeeper for what people can and cannot see

That’s not the argument being made. The argument is that Apple, as a private business, has the right to do as it damn well likes, just as long as its actions don’t violate civil or criminal law. If Apple wants to put in its EULA that purchases of its products much stand on their head and sing La Marseillaise every alternate Thursday, then Apple is free to do so. Just as customers are free to declare “Eff this nonsense for a lark!” and go buy products off someone else. Tedious straw men do not advance your cause, only your sense of entitlement; and that should—rightly—get you laughed out the room: by Apple, by the law, by the public, and by myself. Because I’m not 12.

Things do get a bit more complex as companies approach monopoly status, but with Apple holding steady at only a quarter of the global smartphone market I think you’d be very hard pressed to argue that constitutes a monopoly, either in terms of hardware or OS. But feel free to try it and get laughed out of court.

Don’t like Apple’s choices? Don’t buy Apple’s products! Punching yourself in the head and then claiming Apple made you do it is so far beneath Dumb that it’s a miracle you don’t garotte yourself when tying your shoelaces in a morning.

is they are the tech world equivalent of anti-vaxers.

Did I mention Dumb? I believe I did. Because if you will insist on throwing out such ridiculous ad-hom wharrgarbl, you must try harder to hide your own self-righteous overbearing sense of entitlement first; lest that ugly image bounce right back on you.

> Are there any reports of anything bad happening from all the Mac users installing Zoom over the past year

@Michale Tsai Uhh they were installing a web server without telling the user?

As for: “it’s fine in Windows and Android” I can tell you for fact it is not. Android is the wild west of everything. And Windows, well it only works half the time you think it works and not half the way you think it’s working.

Me, as a user of platform, rather prefer Apple watching wye over everything, even when it’s not so watchful as some might want.

@Kohn The Web server was not actually exploited as far as we know, and it was removed in July 2019.

So, I take it, @has, that you are 13 years old? That would explain the incredible sophistication and profundity of your arguments. /s

I don't understand why you are so worked up on this matter, but please be less rude.

Private corporations are not free to do whatever they want. We regulate them. We tried not regulating companies during the Industrial Revolution: children worked, people worked very long hours, rivers were so polluted you could develop photographic film in them or set them on fire.

We learned from experience that simple-minded arguments about individual freedom lead to undesirable outcomes, such as less overall freedom for everyone else. Ayn Rand's books makes her philosophy very clear, and that simplicity might be refreshing in a certain way, but her heroes are always decent people -- those that laws are not designed to restrain.

In fact, one area in which I consider Apple to behave in an evil manner is how they moved their manufacturing from the US to China, to benefit from reduced regulations. (They are rich enough to maintain a complete supply chain in the West, so moving it was choice, not a necessity.) The workers who assemble their products live in conditions similar to those of the Industrial Revolution. Ten years ago, their subcontractor Foxconn installed anti-suicide nets in factories making Apple products. Happy workers in good working conditions rarely commit suicide. Today Apple is lobbying against the forced-Uighur labor bill. To me this hypocrisy is astounding: they project an image of a forward looking, environmentally friendly, and diverse company...

However, your "Don't buy Apple products!" argument is unrealistic. In the real world, if your skill is writing software, then in order to make a living, you have to target devices that people use. In the case of smartphones, which is what most people actually use, there are only two real options, iOS and Android, which both use stores. 80% of all software sales in the US are on iOS devices, which is clearly a monopoly position. But if you don't believe me, take it up with Congress. They concluded last year that Apple has a monopoly position.

We regulate how corporations behave with respect to the natural environment and towards their employees. We are also supposed to regulate their market behavior, although this has been enforced rather laxly in recent years. I also believe we should regulate how much power each company has in our virtual environment, and in this globalised world, enforce our regulations along the entire supply chain. I don't want there to be the option for anyone in the West to buy an iPhone containing minerals mined by a slave in Africa for instance. In my book, "making progress towards this ambitious goal" is not good enough -- there should never have been a choice.

@Michael: That's an impossible standard to prove. How often do we find out about the mechanism of a security exploit? haveibeenpwned.com has over 10 billion pwned accounts, and no idea how most of them were collected.

Besides, for those of us who believe in privacy as an inherent good (like as demonstrated by Apple's commercials), lack of basic security constitutes negligence. I never heard of anyone hurt by the Mac "root with empty password" bug, either, but that doesn't mean it was all fine.

For video chat software, "bad" could be as simple as random spying, which is likely impossible to trace, especially after the fact.

If a landlord tried to rent me a house with no locks, I would consider that outrageous, even if they claimed that there were no reports of any strangers walking in to any of their other properties in the past year. Maybe that's true, but lack of knowledge is awfully weak support of that claim, and it's no excuse for omitting the most basic security measures. That wouldn't make me think locks are unimportant. It would make me think he's terrible at security, and therefore in no position to tell me if any intrusions occurred or not.

@Sam Yes, I agree that it’s negligence, which does not give me confidence in the developer. But if you don’t trust that developer, getting their software through the App Store doesn’t somehow make it safe. Apple can’t protect you from random spying.

I’m not exactly sure what locks represent in this analogy.

@Sam

The basic problem with "App Review" is that it does not, and more importantly cannot verify that software is secure.

Only software that was constructed to be secure, using proof systems, such as SeL4, can be considered secure. And even in that case, "security" is relative, because an abstract model of computation is used. Real hardware does not implement that model exactly. For instance, consider the Row Hammer exploit: reading memory can be used to get out of a sandbox!

As a consequence of the halting problem, there is no way for App Review to determine that any random piece of third party software does what it says on the tin: they can't even verify that it will terminate! https://en.wikipedia.org/wiki/Halting_problem

What does provide some guarantees, albeit it limited ones, is sandboxing. And for that, Apple neither needs to perform App-review, nor have monopoly over what can be distributed in the App store.

> The Web server was not actually exploited as far as we know, and it was removed in July 2019.
@Michael You mean, that we know of. For all we know that's how SolarWinds was hacked.

The fact stands that iOS is more secure, that forcing apps to go through review, whether it works all the time or not, it's extremely good and healthy for the platform, just by the law of the averages, like any quality control in any product line. You test a few, scare the rest. That's a basic security principle.

This is an average problem, most users will benefit from this requirement from Apple in most cases. That's it. Android doesn't have that, nor Windows. I wouldn't hand a phone to my grandmother that would allow her to install stuff from a link in the internet, nor you.

Finally, there's the issue of freedom. It's their platform. I don't see how you can force them to host other apps in their platform. It's like forcing Sony to run Xbox games in a Playstation, no one would think of that. While this is are legals matters that in the end would/should be decided by a jury, it's a pretty common sense argument to see how it's not a very bright idea for "the majority of users" to force Apple for forgo their requirement.

@Kohn I don’t think that’s at all obvious because it leads to a false sense of security and a dearth of tools for users to do their own due diligence. There are also many negative consequences of the review process. I don’t think there’s much scaring going on because a legit company that makes a mistake can simply fix it, and a scammer can just make a new developer account if caught. Security has to be a balance. Otherwise you would conclude that we should have an even more secure platform by forbidding third-party apps entirely.

I don’t understand why the go-to comparison is gaming consoles. I think the situation with the mobile platforms is much more similar to essential utilities like the (old) phone and electric companies. Both of those industries are highly regulated.

@Kohn

If you were talking about checking pots of yoghurt for poison I'd agree. But in this case your test cannot find poison: it cannot detect malicious code. So testing software for something that cannot be tested for will not scare bad actors. However the arbitrariness of Apple's requirements will scare off legitimate businesses.

As to your platform argument: for only crushing Netscape, Microsoft was punished: https://www.investopedia.com/ask/answers/08/microsoft-antitrust.asp
Apple is crushing the entire marketplace. I can imagine a competent DOJ forcing Apple to stop doing that.

No one is asking Sony to redesign its platform to run XBox games. This would be needed to do what you suggest since the two platforms are incompatible. No one is asking Apple to redesign their iOS devices. Developers are only asking to be able to side load code written to work on iOS devices.

> I don’t understand why the go-to comparison is gaming consoles.

What? Sony sells their own hardware, where you can only install the apps they allow. Apple sells their own hardware with app the apps they allow. Whether one is a gaming platform and the other started as a phone is irrelevant. You don't need either to live.

> Otherwise you would conclude that we should have an even more secure platform by forbidding third-party apps entirely.

Yes, of course. It is always more secure, if only by the fact that the surface area is greatly reduced. That doesn't happen because Apple wants to make money, but that would be extremely more secure.

> There are also many negative consequences of the review process

Yes, of course, and, when you add up, the benefits outweigh the problems. While I have no basis for this, it's not too hard conceive that even if you add up all the developers harmed by Apple requirements, you still get considerable less people than the ones benefitted by the same requirements.

I think the main problem is that most of the people who think about this are "kind-of" power users. But I can tell you, me being a software engineer for the last 12 years, I don't want to deal with the concern of who wrote this app, and what are their purposes. The fact that Apple has those requirements in place greatly reduce the universe of "hackers" I have to care about. It's like speed limit laws, you probably drive properly, and everyone knows these laws aren't enforced all the time, and yet, no one would think to get rid of them, because they have a visible effect in road safety.

*Apple sells their own hardware, where you can only install the apps they allow.

12 years being a "software engineer"? And you think you're a power user? How very sweet! That horizon far above you that you think is the top of the mountain, is just one of its lower flanks.

Some of us have been programming 40 years, anything from low-level machine code and verilog, up to computer vision and AI in Haskell. So please don't `"kind-of" power users` us.

Things do get a bit more complex as companies approach monopoly status, but with Apple holding steady at only a quarter of the global smartphone market I think you’d be very hard pressed to argue that constitutes a monopoly, either in terms of hardware or OS. But feel free to try it and get laughed out of court.

It gets a bit more complex if, as Michael does, one argues that smartphones are essential utilities. At that point, the duopoly of iOS and (largely Google-controlled) Android is far more concerning.

The Web server was not actually exploited as far as we know, and it was removed in July 2019.

And, though it was problematic from a security (leaving a web server running) and consent (leaving a web server running even after you’ve uninstalled the app, clearly establishing you no longer want anything to do with it) point of view, I don’t think it was ever malice.

My guess is some manager — perhaps in response to user testing — decided that Safari’s “do you want to launch Zoom” dialogs were annoying, and tasked engineers to figure out a workaround. I’m sure some of them objected on security grounds. They did go on to go through all kinds of crazy hacks to make it work, such as fetching an image from that server and parsing its dimensions into an enum as a result code, in order to work around CORS restrictions.

But, I don’t see the malice. Just the typical way management chains work. I think Gruber’s concern here is misguided or overblown.

(I’d also argue, still, that once an app has passed gates such as translocation, Safari should trust it enough to allow the user to tick a remember this choice checkbox.)

You mean, that we know of. For all we know that’s how SolarWinds was hacked.

Well, it was certainly a security vector, but not a hole per se.

No arbitrary code execution was found. What was found were various ways that you could force someone to install Zoom, join a call, etc.

But yes, to you point, this particular vector wouldn’t have been possible in iOS.

> That horizon far above you that you think is the top of the mountain, is just one of its lower flanks.

@Old Unix Geek gee, you took it the wrong way. I meant that with only 12 years doing this I know enough to know it’s a crazy world out there. I’m not the one who think itself a power user.

@Kohn,

Thanks for the clarification!

I do agree with you that there are bad actors out there, and that we don't want our data stolen. It's not the same world as it was when the internet was that new-fangled thing, that's for sure.

I'm just frustrated in that I don't believe that Apple is doing anything beyond security theatre with its App Review. It convinces users, but just gives them a false sense of security. Apple could instead secure our on-device data with strong technical measures, such as AMD's in-RAM encryption for each OS under control of their hypervisor: even if one OS gets to see the RAM of another OS, all it sees is gibberish. This stuff has to be built in from the ground up, not added on as an afterthought.

OUG:

The basic problem with "App Review" is that it does not, and more importantly cannot verify that software is secure.

Only software that was constructed to be secure, using proof systems, such as SeL4, can be considered secure.

Irrelevant. Preventing code exploits is what sandbox is for, which is why App Store requires all Apps to be sandboxed.

That is not the type of security that App Review is supposed (and too often fails) to provide. The most vulnerable component in the entire iApp system is the user. AR is supposed to stop malicious actors hacking them. Typical example: trivial but (usually) functional Apps that deceptively sign you up to make large repeat payments, and extract as much cash as they can knowing that most folk don’t check their credit card statements very often.

We don’t know how many malicious Apps are successfully detected and rejected by AR. Apple obviously aren’t going to broadcast that information. However, it is Big Business (and sometimes even State-level), so you can bet that those vendors learn by their failures and return more skilled than before.

What’s important is that everyone—Apple included—accepts that there is no way in hell that Apple will ever catch all malware in AR (whether because reviews are rushed, payloads time-delayed, or whatever), which is why AR itself should not be the only tool in making AppStore a trusted source. Which brings us to the great irony: the most powerful and efficient tool for quickly detecting malware is the App users themselves, and yet, as is well documented, the feedback process by which those users can report that malware is virtually non-existent.

There are other things Apple could do as well, e.g. post-AR monitoring to detect suspiciously large payments being made via IAP, beyond the scale you’d expect for a particular size and complexity of app. But above everything else: listening to their users; because if they don’t then eventually the press and other buyers will.

Remember, we’re not talking about brilliant deep hardware exploits such as RowHammer, that no-one could have seen coming from a million miles off. We’re talking about simple, familiar, wetware exploits that are ten-a-penny; parked up against their own door en masse. And Apple is failing to do anything about it, because good old Tim has built an empire of happy Yes Men. They don’t want to hear there’s problems, so everyone within the organization that wants to keep their job knows to keep silent about them, and those who do feel the urge to speak up will quickly self-select their way to a job somewhere else.

This is why Apple AppStore fails to deliver its promised safety. Not because it can’t work, but because it chooses not to. And it all starts with Apple choosing not to listen to its own damn customers when they tell it “look, this App I’ve just downloaded is Bad”. Steve would’ve given them the rocket for that, just for the damage that does to the Brand. Tim just sees that the money is still rolling in, and so the rot continues.

Coming as I do from a family of medics and engineers (at least one of whom was in the line of work where internal process errors typically translated to Fatal Accident Inquiry attendance), Apple’s failure to learn from and adapt its own process failures disgusts me beyond measure. But my sympathy for developers is sorely limited by the knowledge that they’re usually no better: this whole industry is hacks upon hacks upon hacks, by and for the interests of hacks. It’s the end-users I feel for; and let’s not pretend either Apple or App Devs are speaking for the interests of them.

@has

If the App Store only considered whether an app were a scam, and worked with developers to ensure they understood that was unacceptable, I'd agree with you. But they don't. Instead they ban apps for all sorts of other reasons, including speech they don't like, or not giving them enough money.

I personally think that they have encouraged scams, by habituating users to expect apps to be free. That led to in-app-purchases of "diamonds" or "dragon-eggs" in games. And it led to in-app advertisements and sales of user data. An app costs money to develop, and given the amount of rubbish in the store, to advertise. If one can't just sell an app for what it is worth, one has to do something else. They commoditised their complement which leads to a worse complement, something that is obvious if you care to think about it. In other words, they are bad maintainers of the ecosystem.

If one had multiple App Stores, they would compete. Some would offer software that was free-with-catches whereas others would compete on their reputation of providing reliable high quality software without catches. Some would concentrate on software for children, software for education, etc. The better ecosystems would survive.

You are right that there are many people who view developing technology as a get-rich-quick scheme... indeed children are being taught at school that "STEM" is their ticket to wealth, not that it is something intrinsically rewarding. So the industry is littered with incompetents who are just there to make money at any cost.

However there are those of us who aren't just in it to make money, but to practice our craft, and make delightful software. Some of us turn down opportunities that are funded by scamming users. But as Apple convinces the public that developers are simply out to get them, and hatred towards developers grows, all that is left is the monetary motive... which mainly attracts developers who care only for money, and are delighted to sell your data.

At that point good developers go do something else, like making bank infrastructure work. That means less innovation on the software front... which is precisely what I see when I look at the App Store: very little that really takes advantage of the fact that we have tiny supercomputers with tons of sensors in our pockets.

But as Apple convinces the public that developers are simply out to get them, and hatred towards developers grows, all that is left is the monetary motive... which mainly attracts developers who care only for money, and are delighted to sell your data.

Watch me play the world’s smallest violin. It may such but that’s just how life works. Apple’s not your friend, it’s not my friend; it’s not anyone’s friend but its own. If Cook (and his successors) choose to drive it into an iceberg, that’s between him and the board and the Apple shareholders.

(Meanwhile a billion people on the planet don’t know where their next meal is coming from, while the next billion aren’t certain about the meal after that. It’s still first-world problems, especially at the prices Apple charges.)

But please, please, whatever you do; spare us all the white knighting crap. I’ve dealt with enough programmers over the decades to know by and large they’re balls deep in love their own bullshit. (It’s why I finally rolled up my sleeves and taught myself to code, so I wouldn’t be forever completely beholden to those arseholes either.)

Go innovate elsewhere For The Cause if you care about it so much. Go make the Linux platform suck not so much. Dog knows its a stinking tarpit of martinets and egotists (and let’s not get into the incels and AltRight; there’s a reason Silicon Valley’s a fertile recruiting ground) but on the bright side that means it shouldn’t be too hard to go up. Or, hell, cut your own hardware and build a robust, accessible OS on top of Sel4 that targets only that. SINGLE hardware target is how you cut your driver dev and support costs to the bone. Deliberately ignoring POSIX, GNU, *nix shell and userland, *nix WMs, and all the other deadweight garbage anchors that the primadonnas and suckers will invariably insist you MUST saddle yourself with, just to make yourself their bitch. Pick a modern systems language—Rust—to build the OS layer, and find yourself a nice Lispy applications language for everything on top. It’ll take some time and cash, but long term it’ll work out far cheaper on both. You could bootstrap an entire platform in 3 years flat, just by being targeted and refusing to play by anyone’s rules but your own. Pick a market that doesn’t exist yet (or at least everyone else is crap at), target that, make some money, use that money to target your next market, and so on. That’s what Steven Paul Jobs did, more than once, and he just about changed the world doing it. Stop telling Apple how to run its business (ROTFL!), and be the new world builders who bury it in the ground.

And if you don’t have the bottle for that, at least go live your own life well, and keep quiet on the topic of how everyone else should live their.

Or, you know, be noisy needy whiny useless attention-seeking little backbiters, forever cluttering the interweb with your self-aggrandizing witless noise; because, hey, I’m sure there isn’t more than enough of that in the world already.

Who the F invented the internet @has? Certainly wasn't people like you.

It's the sandbox, init? Let's have absolute control, with the app store merely providing default parameters for the sandbox. Different app stores can provide different policies for accepting and assessing apps, and their default parameters for the sandbox. And users can install apps with the sandbox restricted, or not, by default, for preference. The OS should provide tools for inspecting requests, such as network activity.

As things stand right now, the App Store is a fallacy: it doesn't spare users the tough choices, and it doesn't actually impose the controls needed to ensure user privacy, security, or wellbeing. So let's cut Apple no slack, IMNSHO, until such time as Apple can demonstrate good value, by providing users with credible alternatives, sans Apple's added "value", for comparison. There can be no harm in that. And Apple would have a real incentive to do the right thing and review apps properly.

I'm not sold on the Mac's current approach, nor notarisation, though. The latter should at least be optional; it has obvious privacy issues. I have nothing against sandboxing, but it should have been imposed gradually, by consent, and using new APIs; the present situation just leads to breakage and terrible losses of functionality for absolutely no good reason whatsoever. See also helloSystem.

@OUG: “Who the F invented the internet @has?”

That was the US DoD back in the late 1960s, before *nix cowboys were ascendant (or even born). Even then the fix was in—see ALGOL68—but at least it wasn’t (yet) the gold standard going forward.

But what of the World Wide Web, which was invented by amateurs who immediately whiffed it, then quickly hijacked by egotistic martinets and sales sharks in service to themselves?

I’ve just spent the last week trying to get set up on Amazon’s “REST API”† and OAuth2 with virtually no progress, so don’t expect me to be good-tempered right now. The web is a giant stinking read-only (and barely at that) perversion of its original promise, held hijack by those who profit hugely—in ego, money, and power—from wholly controlling (and increasingly owning) all public access to it. Absolutely the last thing to be proud of, ever. Humanitarians you are not.

I’ve spent the last 20 years teaching myself how to program my machines for myself, and the last 10 learning how to build systems that put power back into the hands of end-users. And they thrive on it. The world needs a lot more of that, and a lot less of you.

--

† An oxymoron.

@Sebby: “[Notarization] should at least be optional; it has obvious privacy issues.”

The only privacy issues I can immediately think of is where a business develops Apps for internal use. Sending those .app bundles to Apple for notarization leaks information about that company’s private business. I’d need to go spelunk Apple’s legalese to see what guarantees it provides that it won’t exploit that access for its own purposes.

Less of an issue with software sold B2B, and I can’t think of any obvious B2C problems as software sold to that audience is going to be out in full public view anyhow.

As for notarization itself, Apple really should do a better job of explaining to the public what guarantees/protections that does—and doesn’t—provide. Apple may perform a cursory malware check during the notarization process but it can’t say there’s no malware, only that any malware is semi-competently hidden.

All Apple’s notarization does is generate a hard guarantee that App X was authored by Developer Y† and record that knowledge in a permanent‡ database. That’s what a notary traditionally does: provide a trusted guarantee that a given document is authentic.

Once Developer Y has notarized their App X, if a copy of App X is later found to be doing naughty things, it is a simple matter of comparing signatures to determine if App X has been modified and re-released by someone else, or if the naughty code was in it all along. In the first instance, the malicious version of App X can be quickly blacklisted; in the second, Developer Y and all of their apps can be suspended pending further investigation (or just blacklisted outright as what’s one less, possibly suspect, iApp developer to Apple when it has 10 million more already out there).

Honestly, nowdays “privacy” is mostly a polite fiction we maintain only because we don’t like thinking about how much others know about us now. There’s not much you can do or many places you can go without leaving some sort of identifying electronic trail behind you, short of exiting modern society entirely—and even then you’re recognizable by your lack of recognizability to those systems. (Even Ted Kaczynski was eventually caught; and he predated almost all of what we have now. I keep meaning to watch Person of Interest, but it’d prolly send my neuroses through the roof.)

If you know of other privacy concerns raised over notarization, appreciate some pointers.

--

† Inasmuch as it’s Developer Y’s responsibility not to let their identity be stolen by anyone else.

‡ Well, “permanent” in the sense of “long-term”; as in maybe even a decade or more. I expect even Apple eventually flushes old records out. Not many malware authors creating Apps with decade-long delay triggers, obvs.

@has ignores C2C entirely. The demoscene. The indie-game scene. The precocious 10 year olds who write games but cannot give them to their friends because they can't sign contracts. Napster and other pre-runners of Music distribution over the Internet which led to the creation of the iPod, Spotify, Netflix as an internet service, etc. Many open source projects. Anyone for whom $99 a year is too expensive. And everyone on the planet who has good reason not to trust the government, such as Uighurs, Tibetans, Mongolians, and dissidents in China, Russia, Pakistan, etc. In his world, the first web-browser would have been pulled for insufficient moderation... and Sir Tim Berners Lee quite likely would not have convinced CERN to create a "DUNS number" to distribute WorldWideWeb. But at least Apple's freedom to do whatever it wants to do would have been preserved, and that's all that really matters.

@has: this is the risk of associating apps you launch with your IP address, which as we learned from that OCSP fiasco, is entirely plausible (Apple say now that they won't log and will clean up the existing logs, but you can't know either way, of course). Whether you think this is a concern depends on whether you trust Apple, but I'd prefer there were an option. Apple are the privacy company, after all ...

@has @Sebby Previously discussed here.

Sebby & Michael: Ah, right, thanks. That’s not a problem with the notarization process, however. It’s a problem† with the way macOS checks with Apple that a downloaded app isn’t already known to be bad.

It’s similar to the sort of information Linux users leak every time they run apt install NAME: whoever receives that request knows what software the client is installing. (And apt generally uses HTTP, not HTTPS, so anyone inbetween can see what you’re installing as well.)

At which point the question becomes: is there any PII being explicitly included in those OCSP requests? If not, the recipient might still be identified by their IP and behavior, but that’s true of all internet interactions, not just OCSP checks. (Best engineering practice says to transmit the absolute minimum of information essential to do a job; but you know what it’s like once big business sticks in its non-engineering oars for its own self-serving purposes.) Rest assured Amazon and Facebook know more about you from your interactions with them than Apple will learn from OCSP checks alone.

Again, none of this is an argument against notarization. Saying notarizing apps should be optional is geeks rushing to grasp the wrong end of the stick because they haven’t thought things through (a lamentably common failing). If OCSP checks make you unconfortable, what you should be arguing is that whenever an app is first run, the standard “This app was downloaded…blah blah blah, are you sure you want to run it? [YES/NO]” should give the user three options: run it, don’t run it, or check with Apple to see if it’s a known bad app‡.

...

Look, we can argue all day about how far a vendor should go in providing protections for its customers vs letting those customers fend for themselves. But Apple has already decided it will lean well into the former, so throwing tantrums just because you don’t like that balance will get you nowhere. Most Apple customers do want the safe, curated experience that Apple promises, and those are the customers Apple wants, not you.

Honestly, if I was Apple, I’d be first in encouraging you to flounce out my door and go be some other vendor’s problem instead. That’s the market working: you don’t like product A from vendor X, go buy product B from vendor Y instead. You are free to do so. Apple owes nothing to demoscene, nothing to indie-game scene or to precocious 10 year olds, or to anyone else but itself and its shareholders. Deal.

Demanding that Apple sell you product A “but don’t do it like this, do like that” is absolutely hilarious, and there’s already a website about customers like you. Oh, and Steve Jobs would have been first to tell you precisely where to go, which makes your dishonest attempts to recruit his corpse as your own personal army even funnier and more pathetic. Cook’s product matrix today is a bloated unfocused horror that Steve would’ve nuked in an absolute fury.

...

TL;DR: Don’t tell Apple to sell a product it has already decided it is not going to sell, just because you want that product yourself. Because all you are doing is wasting everyone’s time parading your useless martyr complex. You piss away any credibility you had and bore the balls off everyone else, ensuring no-one will listen to you again in future.

Notarization is here to stay. OCSP is here to stay. Apple can 100% close its entire ecosystem any time it wants. Suck it up, special flower: YOU GET NO SAY IN THAT.

If you genuinely want to make yourselves useful, then go tear Apple a new one every sigle time its own promises come up short.

If you can show OCSP is leaking PII, then you rip Apple for the hypocrisy of promising its customers privacy and security, then compromising that principle behind their backs whenever it suits Apple to do so. And if you can show Apple’s much-vaunted safe curated AppStore is hosting a significant quanity of malware and that, 1. Apple is failing to act on user reports, and 2. Apple is making it damn near impossible for users to quickly and easily submit those reports in the first place, then once again you’ve caught them in a lie and so have a chance to force them to address that.

But understand: the only change you can possibly press on Apple is towards them actually delivering what they claim to do; not away from it just cos that suits you. So when y’all are ready to be big boys and girls, and accept that this is #NotAllAboutYou, go spend $10K on a WSJ ad and do actually achieve something in your lives for once.

STL;SDR: GROW UP ALREADY.

And that is my last word on this here, because my time is not free either and I’ve already squandered far too much.

--

† Well, a possible problem. Jeff Johnson in Michael’s link argues that Macs should periodically download a list of all blacklisted apps, which would avoid leaking any user information beyond "Hey, I’m on my Mac!”, but there are questions of scalability there as that blacklist will grow and grow over time.

‡ The third option should be set to “always on” or “ask each time” in Security Preferences, as macOS already does for other quarantining behavior. Most users, after all, just want everything to work and won’t have a big problem with sharing some data with Apple since they already do that shopping on iTunes and AppStore. They’ve already bought into Apple’s [ostensibly] safe curated model, and trust Apple as they’d trust an IT administrator.

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment