Federighi and Cook on Sideloading
Chance Miller (tweet, video, Slashdot, MacRumors):
Last month, it was announced that Apple senior vice president Craig Federighi would attend and speak at Web Summit 2021, which takes place in Lisbon, Portugal. In a keynote delivered today, Federighi vehemently spoke out against legislation that could force Apple to open the iPhone up to sideloading…
The Digital Markets Act legislation was first unveiled last December in the EU, and it could lead to major changes for the App Store and pre-installed first-party applications on the iPhone. The DMA in Europe would force Apple to allow sideloading on the iPhone, among other changes.
[…]
The Apple executive also warned that the legislation comes as there have “never been more cybercriminals” determined to access the private information on your iPhone. “Sideloading is a cybercriminal’s best friend,” Federighi said. “And requiring that on iPhone would be a gold rush for the malware industry.”
reminder: this is not very accurate. Apple has already solved side-loading in a reasonably smart way with their SRDs.
If your best response to “let people who want to take the risk sideload” is “people might be tricked into sideloading” when YOU WOULD BE THE ONES DESIGNING THE SIDELOADING UI, that’s not a very good response. (also, again, sideloaded != insecure)
People get tricked into subscriptions all the time and yet, despite proclaiming the superiority of App Review, Apple’s attempts to stop that are half-hearted at best. But when it’s a form of trickery that they don’t get a 30% cut of, somehow then it’s an unavoidable disaster.
Also, if you’re really worried about the malware industry you could, y’know, increase + actually pay out security bounties and stop antagonizing security researchers.
[…]
Provisioning profiles are a way bigger security hole than sideloaded apps, and yet Apple accepts that those are necessary + allows them.
You can install a sketchy file from a third party that allows them to more-or-less take total control of your phone, but you can’t install a fully-sandboxed third party app unless it’s from the App Store.
This is so weird and disingenuous. Are they going to lock down the Mac next?
If Apple wanted, it could enable iOS sideloading in a similar manner and require something like the Gatekeeper system on macOS, which allows for Apple to check signed developer IDs to confirm the software is genuine. It’s an argument that Judge Yvonne Gonzalez Rogers noted as well during the Apple / Epic trial, commenting that Federighi may be “stretching the truth” on Mac malware concerns and that Apple could likely make a similar system work on iOS.
Apple doesn’t trot out Federighi to a third-party conference with a highly-produced Keynote deck for the fun of it. They are clearly concerned that European lawmakers are actually going to do something they don’t want; that is, pass laws requiring them to offer sideloading as an option.
[…]
Federighi posits that a social networking app may choose to “avoid the pesky privacy protections of the App Store” and only make their apps available via sideloading. Apple’s customers would then have to leave the ‘safe’ Apple software ecosystem, or lose touch with their family and friends. This is sort of true. But what is omitted is that an app choosing to leave the App Store is not primarily doing so to avoid Apple’s privacy standards, but because it would then be able to avoid Apple’s IAP rules.
Apple benefits financially — measured in the billions of dollars per year — by keeping the App Store as a monopoly. However much it wants to tout the user privacy and safety benefits, Apple’s position would be far stronger if cynics weren’t able to point to the money being accrued by the App Store gravy train.
Apple CEO Tim Cook said today that customers who wish to sideload apps should consider purchasing an Android device as the experience offered by the iPhone maximizes their security and privacy.
[…]
Cook drew the comparison of sideloading to a carmaker selling a car without airbags or seatbelt, saying it would be “too risky.”
[…]
The App Store’s in-app purchase method, which developers are required to use for digital purchases made within apps, gives Apple a 15-30% commission on all purchases made. Cook noted today that Apple has only ever lowered the commission, never increasing it.
He’s said this multiple times, and I still find it misleading because increasing the categories of purchases subject to the commission, which Apple has done several times, is like raising it from 0% to 30%.
It’s kind of a hopeful sign that the pressure regarding sideloading has gotten serious enough that Apple feels the need to keep trotting out various executives to make this same disingenuous point.
Also that it’s gotten serious enough that Tim Cook is actually telling people who want sideloading to buy an Android phone when in the past the’ve tiptoed around even using the word “Android” in product keynotes.
Previously:
- Apple’s Threat Analysis of Sideloading
- Apple Attacks Sideloading
- Epic v. Apple, Day 13
- Epic v. Apple, Day 5
- Tim Cook on Sideloading
- Apple Security Research Device Program
Update (2021-11-12): Nick Heer:
But those are not the arguments these Apple executives are making. They are claiming that people actively choose the iPhone over an Android phone because it is more locked down.
[…]
Apparently, over 40% of Americans want the smartphone equivalent of a car without seatbelts or airbags. This is clearly absurd, and I have to wonder if Apple’s arguments make sense.
I don’t like Apple’s analogy because there’s little potential benefit (lower price, extra space?) to having a car without seatbelts or airbags. So, not only do car safety features likely make much more of a difference than App Store safety features, but Apple is positing giving them up for nothing in return. In the real world, some customers and developers don’t want less safety; they want to trade potentially less safety to get more/better apps and businesses.
Update (2021-11-15): Nilay Patel:
Tim Cook says [allowing] sideloading is like telling a carmaker to “not to put airbags and seatbelts in a car.”
Airbags and seatbelts in cars because of regulations that carmakers lobbied against, of course.
Update (2021-11-17): John Gruber (tweet):
If Apple stopped making it look like they’re running the App Store primarily to maximize their own revenue from it, regulators and lawmakers might stop thinking that Apple is running the App Store primarily to maximize their own revenue from it.
Update (2021-12-03): Riccardo Mori:
I grew up in an era when software was just software, and you could simply start typing a BASIC program into the computer and execute it. Generally speaking, it was an era when tinkering — both in hardware and software terms — was unhampered and even encouraged. Philosophically, I can’t be against sideloading. I actually dislike how the term’s connotation has been hijacked towards negativity. On the contrary, one should think of it in terms of freedom to install any compatible software available for a certain platform.
But what about malware? Yes, in a completely open scenario, malware can indeed be a risk. But the problem, in my opinion, lies elsewhere. It lies in the tradition of treating end users like ignorant idiots instead of training them to separate the wheat from the chaff.
[…]
Instead of teaching users how to fish, Apple decided to position themselves as sole purveyors of the best selection of fish.
[…]
The problem of appointing yourself as the sole guardian and gatekeeper of the software that should or should not reach your users is that you’re expected to be infallible, and rightly so. Especially if you are a tech giant which supposedly has enough money and resources to do such a splendid job that is virtually indistinguishable from infallibility. Instead we know well just how many untrustworthy and scammy apps have been and are plaguing the App Store, and how inconsistent and unpredictable the App Review process generally is.
14 Comments RSS · Twitter
Preface this by saying obviously Federighi is using extreme hyperbole and has been ever since the Epic v. Apple trial about this subject.
> Benjamin Mayo:
> But what is omitted is that an app choosing to leave the App Store is not primarily doing so to avoid Apple’s privacy standards, but because it would then be able to avoid Apple’s IAP rules.
Except the example cited (a social network--let's use Facebook specifically since between it and Twitter, it would be the one absolutely itching to have privacy relaxed) does not pay Apple anything unless they sell non-physical things through the app. Yes, Facebook is pushing into ticket sales and such, but despite their rhetoric around it, that is an absolutely minuscule aspect of their business. Their business is getting eyeballs on ads, and tracking people wherever they go to ensure they can charge the highest possible rates for those ads. Neither of those things involves IAP.
Between the two, the only real benefit to Facebook leaving the App Store for the overwhelming majority of its business is to loosen or eliminate privacy and tracking restrictions, such that they are--not to oversell them, but they're something as opposed to nothing, and apparently materially affecting Facebook's bottom line at the moment. And Facebook is not the only example of an app that is available for free, has little to no IAP, and would benefit tremendously financially from not having some of Apple's restrictions imposed on it, to the detriment of consumers.
@Kevin Yes, I mean I think Federighi chose the social network example because it’s the case that makes Apple look the best. But I think Mayo is right that the typical app is in a different situation. The previous evidence we have of Facebook not leaving the Google Play Store is potentially less applicable to extrapolating what would happen on Apple’s platform to the extent that Apple keeps adding rules that create non-IAP reasons for Facebook to want to leave the App Store. And perhaps Apple is doing this on purpose to strengthen the case for the App Store…
> But I think Mayo is right that the typical app is in a different situation.
I think it depends heavily on what you mean by "the typical app." Do you mean any of the tens or hundreds of thousands of games that are free to download, free to play, and rely solely on highly invasive ads? Or those that are like that, including ads, but also include IAP? In the latter case, maybe it gets closer to IAP reasons, but the changes around ATT are "hurting" those apps, too. Or are you talking about an "indie" type app (not game) developer who wants to do certain things that Apple doesn't allow, like emulation of some kind, or a larger one (i.e. Microsoft) who wants to do streaming gaming? The more cases I think of here, the more I'm convinced that a social network is not the only example of an app that has significant, if not overwhelming, non-IAP reasons to want to leave. Of course there are plenty that have run into problems with IAP, be it the commission or fundamental design problems with it (i.e. the Super Follows or whatever they're called that Twitter is doing individual IAPs for every tweeter they add to it). I'm just not at all convinced by a blanket statement that the "primar[]y" reason for all or even most apps to want to leave is fees.
> The previous evidence we have of Facebook not leaving the Google Play Store is potentially less applicable to extrapolating what would happen on Apple’s platform to the extent that Apple keeps adding rules that create non-IAP reasons for Facebook to want to leave the App Store.
I will say I argued a couple of months ago on this very site that Facebook can and likely will leave, given the opportunity, to create the absurdly invasive app they really want, and I was roundly told there's no reason to believe that would ever happen because they haven't gone to sideloading on Android. As I believe I said then, I don't think their actions on Android to date are particularly relevant to what happens if they get the opportunity to go entirely off the reservation on both platforms, especially if one of those platforms (or both--Google is making baby steps in ATT's direction) continues to try to lock down tracking and privacy leakage.
Oh, look, Apple is being wrapped on the knuckles for bad behaviour yet again.
“This will be the first time Apple has ever allowed live links in an app for digital content. It’s going to take months to figure out the engineering, economic, business, and other issues,” said Apple attorney Mark Perry. “It is exceedingly complicated. There have to be guardrails and guidelines to protect children, to protect developers, to protect consumers, to protect Apple. And they have to be written into guidelines that can be explained and enforced and applied.”
What a load of codswallop. The judge doesn't believe it either.
"I don't think their actions on Android to date are particularly relevant to what happens if they get the opportunity to go entirely off the reservation on both platforms"
You still haven't explained *why* you think that. If it is so unavoidably obvious that Facebook will definitely leave the App Store on iOS as soon as it can, why do they have to wait for iOS to allow sideloading to also do it on Android?
So.. they've dropped the "you can always make a web app" spiel (or is that just because they knew they'd be laughed out of the room trying to pull that lie at a web summit).
Anyway, their next carefully constructed distraction is "What Would Facebook Do?". It's just as irrelevant as a web app on iOS. Better questions
1. Should Apple dictate what its customers are allowed to do?
2. What developers for their platforms are allowed to do?
3. Is it OK to treat iOS and MacOS differently? (Why, why not?)
4. Is 30% tax reasonable?
I think Apple can do whatever they like on their devices. I also think everyone would be better off if they were open. I think it would be great if Safari supported more moder web features.
But as to wether or not Facebook wold open their own AppStore... could't care less.
>He’s said this multiple times, and I still find it misleading because increasing the categories of purchases subject to the commission, which Apple has done several times, is like raising it from 0% to 30%
That is a great take. Those services happily leaved on App Store before being forced 30% commission or forced sign up button.
>I think Apple can do whatever they like on their devices. @Kristoffer
Absolutely agree. They can, not saying it is wrong here. ( They are only wrong in their ways they lied, not what they do ). Just dont cry about it when the law is passed in EU. The EU can also do whatever they want with their market. Along with Japan, South Korea, Australia and UK. But if anyone has been reading MacRumours comments, Apple should definitely pull out of these market as retaliation.
I also hate the way they bring up Facebook because people have Facebook-phobia. It is the most hated company by the media. Trying to diverge the attention. And I keep saying this, Apple doesn't know how to do PR once Katie Cotton "Stepped" Down. It is sad.
>The EU can also do whatever they want with their market.
+1
In my opinion Apple haven't been able to handle the transition from underdog to top dog. Instead of being responsible stewards that lead by example, they keep fighting dirty. Just like Facebook. Not a good look.
I finally got around to watching Craig lie on that stage. He says that the EU will require people to side load things on their iPhone. Repeatedly. That's not even remotely true.
His little story about a town forcing people to keep an unlocked door in their house... not even close. What the EU are starting to talk about is allowing people to keep a door open if they choose to. Or install a Ring doorlock so that Amazon can walk in. OR a Yale lock with a code, or indeed, keep the door unlocked.
Nice to see Apple sweating though.
"He says that the EU will require people to side load things on their iPhone"
Oh, so pretty much like what Russia is ALREADY DOING on iOS. I guess the part I don't understand is that if that's true, why Europe thinks they need to force through sideloading first, before mandating app installations, which they can already do without sideloading.
The talk by Federighi during Websumit was really cringeworthy. So much FUD. I had to force myself to watch it till the end, even though it's only 10 minutes long.
I don't develop for iOS, so my knowledge of the platform is really superficial. What makes me think though, how strong is the iOS security model after all? Is it really so easy to break out of the OS sandbox? Shouldn't the OS prevent any attempts of malicious apps to get access to private data?
@Plume
> You still haven't explained *why* you think that. If it is so unavoidably obvious that Facebook will definitely leave the App Store on iOS as soon as it can, why do they have to wait for iOS to allow sideloading to also do it on Android?
Last time I posited there might be technical implications in shared code at play. I still think that may be true.
At the moment, there isn't a sideloading culture amongst most people on Android. This whole Apple vs sideloading thing, plus the Epic v. Apple trial, is getting enough attention in mainstream media that if and when it becomes a reality on iOS, Facebook won't have to do nearly the amount of education, for lack of a better word, about the topic than if it was a year ago, two years ago, five years ago and they all of a sudden went sideload-only on Android, and only Android.
And if they can have "feature" parity between the platforms for whatever terrible things power the shiny features they put on top to make it palatable to the masses, less people would be angry at them that the iOS version can't do this neat new thing that the sideloaded Android version can do.
Who knows what their actual reasoning is? None of us work there. But anybody who can't foresee them rushing to get off the App Store as soon as possible is burying their head in the sand.
I don't get why Facebook's app is relevant.
a/ Don't use Facebook on your phone if you don't trust it not to invade your privacy...
b/ iOS can prevent Facebook's app from accessing information it should not access, whether or not Facebook is in the App Store. Not being in the App Store doesn't have to grant root access to the App.
>In my opinion Apple haven't been able to handle the transition from underdog to top dog.
+1 . They lack the leadership of knowing what needs to be done. Instead they are relying on the same old strategy Steve left them with.
>The talk by Federighi during Websumit was really cringeworthy. So much FUD. I had to force myself to watch it till the end, even though it's only 10 minutes long.
Again +1. It is like over the past 8 years whenever I question Apple's decision I always gave them a benefits of doubt. They know what they are doing. The people are good. Etc. But it has been disappointment after disappointment. They send Craig because Apple thinks Craig is a popular figure and it would be a easier sell to the public.