Archive for June 25, 2021

Friday, June 25, 2021

Download Full Installer

Armin Briegel:

A while back I wrote up a blog post on deploying the Install macOS Big Sur application. As one of the solutions, I posted a script (based on Greg Neagle’s installinstallmacos.py) which listed the pkgs from Apple’s software update catalogs so you could download them.

During and after WWDC, I wanted to see if I could build a SwiftUI app. I thought that building a user interface for this task would be a nice practice project.

[…]

I put it on GitHub. You can just download the app from the release page and use it, or clone the repo and take a look at the code.

Previously:

More iCloud Calendar Spam

Thomas Reed:

Recently, we have seen an increasing number of reports from iPhone users about their calendars filling up with junk events. These events are most often either pornographic in nature, or claim that the device has been infected or hacked, and in all cases they contain malicious links. This phenomenon is known as “calendar spam.”

[…]

These pages will redirect to a variety of App Store apps. Mostly, these are junk VPNs or supposed security apps. They mostly have high ratings, and have been around for 4+ years, but the total number of ratings given is low. This could be an indication that the ratings have been reset periodically.

Worse, many of these apps have high price, short duration subscriptions. In most cases, prices are around $8.99 or $9.99 per week.

Sami Fathi:

Apple has not publicly commented on what specific measures it has taken to solve the issue, but through a video posted by Apple Support, that has so far garnered more than 97,000 views, it has a solution.

The video advises that users, logically, unsubscribe from these spam calendars. The video doesn’t offer any insight into what proactive measures users can take to not receive the invitations in the first place.

Previously:

Apple Attacks Sideloading

Apple (ArsTechnica, MacRumors, 9to5Mac, Hacker News, 2, 3):

Thanks to all these protections, users can download any app on the App Store with peace of mind. This peace of mind also benefits developers, who are able to reach a wide audience of users who feel confident downloading their apps.

[…]

Allowing sideloading would degrade the security of the iOS platform and expose users to serious security risks not only on third-party app stores, but also on the App Store. Because of the large size of the iPhone user base and the sensitive data stored on their phones – photos, location data, health and financial information – allowing sideloading would spur a flood of new investment into attacks on the platform.

[…]

Studies show that third-party app stores for Android devices, where apps are not subject to review, are much riskier and more likely to contain malware as opposed to official app stores.

[…]

100,000 new apps and updates are reviewed every week on average by a team of over 500 dedicated experts, who review apps in different languages.

[…]

By providing additional distribution channels, changing the threat model, and widening the universe of potential attacks, sideloading on iPhone would put all users at risk, even those who make a deliberate effort to protect themselves by only downloading apps through the App Store.

Needless to say, I do not find this very convincing. Apple’s perspective is certainly valid, but this is, as expected, not trying to be a fair presentation of the different options. Rather, it’s a skewed framing that ignores the downsides of Apple’s approach and the upsides of the alternatives. It assumes that App Review is effective at catching scams and privacy violations. (Try calculating from the numbers above how much review time each app gets.) Apple wants you to think that with sideloading customers would be on their own in determining which apps to trust. And that the different things the App Store does are only possible if bundled together.

Sami Fathi:

Speaking to Fast Company, Apple’s head of user privacy, Erik Neuenschwander, said that opening the doors to sideloading apps on iPhone and iPad, which would enable users to download apps from the web and other app marketplaces besides Apple’s App Store, could lead users to be “tricked or duped” into “some dark alley.”

John Gruber (tweet):

I think it’s good, fair, and cogent. I highly encourage you to read it — it’s not long — then come back for my annotations below.

[…]

What the sideloading arguments ignore are the enormous tradeoffs involved. Yes, there would be benefits — a lot of cool apps that aren’t permitted in the App Store would be installable by as many iOS users as want to install them. But many non-technical users would inevitably wind up installing undesirable apps via work/school requirements or trickery that they could not be required or tricked into installing today.

There are tradeoffs either way, but I just don’t see the basis for these assertions. I don’t hear stories about lots of non-technical Android users doing this. Businesses can already force employees to install certain apps, and these apps can already bypass App Review via Apple’s enterprise program. Centralizing app distribution in the App Store makes it a magnet for fraud and scams, because it’s much easier to game the App Store than traditional marketing and distribution. This, combined with the false sense of security that Apple offers, may actually lead to more users being tricked.

Typical users install more apps on their less capable phones than they do on their far more capable PCs. This is as close as we can get to proof that Apple’s App Store model on iOS hasn’t just worked, but has proven to be wildly successful and popular with users.

Or maybe phones and PCs are just different. Controlling for that by looking at the Mac, where users have a choice between the two models, does it seem like the Mac App Store is wildly more successful?

I’ll admit it: if Mac-style sideloading were added to iOS, I’d enable it, for the same reason I enable installing apps from outside the App Store on my Mac: I trust myself to only install trustworthy software. But it doesn’t make me a hypocrite to say that I think it would be worse for the platform as a whole.

Worse because users would choose to sideload and regret it? Or because they would be forced to sideload to get key apps? I think the benefits far outweigh the downsides in the first case. The second case is I think the strongest argument against sideloading, but I think the evidence from Android is that in practice it’s not much of a concern. Users are not, in fact, sideloading an extra creepy version of the Facebook app. They still have to download it from the Google Play Store. If anything, I think this points to the benefits of sideloading maybe being less than we’d hope. The vast majority of Android users probably don’t sideload at all. With so much inertia behind the App Store, and the fear mongering and user interface nudging that Apple would inevitably apply, it may not be feasible for most businesses to succeed outside the App Store.

The above is a goal of the App Store — and I would argue that [ensuring apps are trustworthy] remains the primary goal. But clearly the App Store serves another goal for Apple: making the company money. […] That’s a conflict of interest, and it detracts significantly from Apple’s entirely legitimate trustworthiness argument defending the App Store model for distribution.

If you were designing a system primarily to protect customers, the last thing you’d want is for the entity reviewing apps to be making money on each one sold. And, just as you’d expect from such an arrangement, we see scammy apps among the top sellers and legitimate apps rejected for business rather than safety reasons.

Guilherme Rambo:

Side loading wouldn’t mean that the sandbox just suddenly goes away. The stuff described here could very well be done by an app in the App Store today with an exploit, we know how good they are at finding scams…

I think the problem is that people read “side loading” and they immediately think of jailbreaking, which allows apps with arbitrary signatures and entitlements to run on the device. That’s very different from just side loading apps as they exist today (and with notarization).

Scott:

Today’s media blitz by @Apple re: #sideloading is nothing short of appalling in the sheer amount of bullshittery.

Riley Testut:

It’s clear Apple’s very concerned w/ antitrust legislation, as this document is effectively just a scare-tactic predicated on some misleading information[…]

Marco Arment:

The best thing Apple could do to protect the safety and security of iOS touted so heavily in that sideloading PDF:

Lift the most anticompetitive IAP rules.

Without them, no government would have enough reason to force larger changes like sideloading or alternative app stores.

Apple’s continuing their gross PR strategy of conflating:

- IAP restrictions
- App Store distribution
- app review
- iOS’s technical security

…to confuse people into thinking they’re all equally required parts of the whole iOS app-security package.

But they’re not.

Nick Heer:

In a parallel universe — one in which Apple cut its commission over a period of several years, as Phil Schiller suggested, and where it was not so prohibitive with its anti-steering rules — would it be getting sued by developers over its App Store rules, investigated by governments around the world, and be facing a battery of proposed legislation that would, if passed, eliminate the most compelling qualities of its products? I cannot imagine the situation would be this heated. But we do not live in that universe; in this one, that is the gamble Apple is making, and customers and developers are left hanging in the balance.

Also — and this is a little thing — but the repeated use of the “locked Apple” privacy graphic in that report is, I think, maybe not the greatest way of disabusing people of the notion that Apple’s ecosystem is so closed-off that it entraps users.

Ryan Jones:

It makes me furious.

Apple has apparently decided it’s worth ~$5B to let politicians rewrite the App Store rules.

Or they are really confident in their lobbying.

Steve Troughton-Smith:

You’d think if Apple actually wanted to avoid regulatory pressure they would reduce their rates across the board, and stop abusing their monopoly position by unjustly interfering in other peoples’ business models, but no, they want to have their cake and eat it too 🤷‍♂️

[…]

All of the malware scenarios Apple lists in its 16 page report could be done on the App Store today. The solution would be to ban the developer’s accounts and revoke the app’s signatures — which would also work in a world where those apps were sideloaded. No change at all.

Apple’s trying to pretend that opening up a little means opening everything up completely. It doesn’t.

Michael Love:

I wish Google would release data on what % of Android users turn on “Allow unknown sources” (system option to allow sideloading), because I bet it’s extremely small and it would completely undercut all of these Apple arguments about sideloading and malware.

nougatmachine:

My favorite part about this latest evolution of the PR push is when they say it’s acceptable on the Mac because so few people try new apps on the Mac, as though this is a natural state that Apple in no way could influence

Previously:

Update (2021-06-29): Michael Love:

“Our phones would be just as insecure as Android phones if it weren’t for App Review [which incidentally Google also has]” is… not the best sales pitch.

You could talk about how great the Secure Element is or benefits of integrated HW/SW design, but nope, gotta be App Review.

The idea that because a small % of Android users click through several very scary warning screens in order to install a small number of non-Google-reviewed apps, Android has 47x as much malware as iOS is quite a take.

Mike Rockwell:

The App Store is holding the platform back. There’s a lot that Apple could do to improve the status quo, but apps would still be rejected for absurd reasons and garbage games designed to separate you from your money will always find their way to the top of the charts.

Update (2021-07-02): Damien Petrilli:

A lot are only seeing the downsides of alternative App Store, but there are a lot of upsides that might emerge.

One of them being cross platform license. Purchase your App on iOS, get the license on Android too. So you can switch without losing your purchases.

This stuff is pretty common on Mac/PC but not on mobile. Google and Apple are far too happy to have this cost of leaving their walled garden (in addition to the loss of all your books / movies / tv shows).

“Just switch” they say.

The anti-steering rule, in addition to keep Apple’s revenue safe, is also clearly targeted toward preventing users to get cross platform accounts.

Forcing “sign with AppleID” is the same. Apple, under the cover of ‘privacy’, want to limit the loss of user market control.

Kosta Eleftheriou:

Apple: Apps may only use public APIs.

Telegram: “VJJoqvuTfuIptuWjfx” 😅

The Washington Post:

He believed Apple’s App Store was safe. Then a fake app stole his life savings in bitcoin.

Update (2021-07-03): Glenn Fleishman (tweet):

While unfettered sideloading might not be what’s best for users, Apple is using a classic motte-and-bailey tactic to push back: instead of advocating for a position unpopular with its critics and that Apple likes (the bailey), the company instead pushes a connected but much more defensible position (the motte). Apple’s goal is total control of its platform and a generous cut of all revenues that pass through. That’s the bailey in this case—what Apple wants but would struggle to defend if stated openly. The motte, Apple’s easily argued position, is that smartphone users want to be safe and secure. The logical fallacy is Apple’s suggestion that if it were to loosen any control, iOS would fall like Rome to the barbarians when, in fact, there are existing counterexamples inside the Apple ecosystem itself.

[…]

Apple and regulators might reach compromises that don’t go as far as my suggestions above, but the paper is convincing only about certain aspects of Apple’s arguments. And there’s something about technology giants that brings politicians in the United States together across the aisle.

[…]

Apple oddly notes that “A study found that devices that run on Android had 15 times more infections from malicious software than iPhone.” The footnote cites Nokia’s 2020 Threat Intelligence Report 2020. That’s an accurate citation, but a bizarre statistic. The report says an average of 0.23% of mobile devices were estimated to be infected each month. Given that a couple billion Android and iOS/iPadOS smartphones and tablets are in use globally, that means roughly 5 million are infected at any given time…and that over 300,000 of those are iPhones. That number seems quite high relative to what we know about iOS security.

Update (2021-07-06): See also: Accidental Tech Podcast.

Ring and the App Store Strategy Tax

Dieter Bohn:

Here is an amazing web page that exists because of and is entirely designed to deal with Apple’s App Store rules. It’s the page the Ring iPhone app takes you to when your subscription to view old footage has expired. Click it, what do you notice?

There are no subscribe buttons. There are no subscribe links.

Apple doesn’t allow apps to indicate to users that there may be ways to pay for things outside the Apple Payment system. Even links to web pages that apps host themselves are apparently reviewed

In fact, there are no links whatsoever that will take you directly to subscription options or even Ring’s homepage, nor is there any text on the page even describing how to do it. The only interactions are watching a video or talking to a chatbot.

[…]

Similarly, the chat bot requires a few extra interactions before you get to a subscribe page.

The user experience is better on Android.

See also: Netflix.