Wednesday, December 14, 2022

Apple Working on Sideloading for Europe

Juli Clover (Hacker News, Ars Technica, Slashdot):

Apple is planning to allow for alternate app stores on iPhones and iPads ahead of European legislation that will require the company to support sideloading, reports Bloomberg.

The change would allow customers to download apps without needing to use the App Store, which would mean developers would not need to pay Apple’s 15 to 30 percent fees, but to start with, Apple is only planning to implement sideloading support in Europe.


To protect users from the aforementioned risks of sideloading, Apple is considering implementing security requirements such as verification, a process that it could charge a fee for in lieu of collecting money from app sales. Apple has a verification system on Mac that allows users to be safe while giving them access to apps outside of the Mac App Store.

M.G. Siegler:

But the larger element here may be that last bit: Apple’s own 15% — 30% cut in the App Store. To me, any changes here beyond the EU mandate would point to Apple’s attempt to hold on to this revenue for dear life. Revenue which can be directly tied to Nintendo creating physical videogame cartridges for Hudson back in the day. I’m serious, that’s where the 30% cut originated. It was a more reasonable 10% licensing fee, which got bumped another 20% for Nintendo taking on this manufacturing work. It should go without saying that Apple does no such work.² Yet 30% it remains. Because the iTunes cut was similar and Steve Jobs thought it made sense to keep it simple in those early days when no one had any idea what the App Store would become. It was meant to be a “loss leader”, remember? Yeah…

Anyway, Apple opening up to third-party app stores would take immediate pressure off of their cut in their own App Store. And assuming they do it the right way — probably naive — that feels like a better deal that what we currently have. In other words, Apple will have to compete on a better product and experience for their cut. Sure, they’ll have inherent advantages — namely, the App Store itself would still be pre-installed on iPhones — but it’s a decent enough first step towards actual competition.

Nick Heer:

It will be interesting to see how Apple frames this shift for its European customers. It has spent years claiming its first-party App Store policies are a reason people buy iPhones. While it can continue to promote its own App Store as the best option, it would look silly if it created the impression of reducing security for European users while rolling this out. The same is true of its privacy stance if, as also reported by Gurman, it makes its Find My network more permissive to third-party trackers. Apple may also want to preserve its existing strategy wherever regulators do not require its software and services to be more interoperable, but that could make it look like European customers have more choices than users in, say, the United States — which they probably will.

Riley Testut (Mastodon):

And it wouldn’t be just Meta — every app store would want exclusive apps to compete. And because literally all iOS apps are currently in the App Store, there’s simply no way to amass a competitive app library fast enough without poaching App Store apps.


So yes, it’s a choice — but the choice is NOT “do I use 3rd party stores to get cool new apps”

Instead it’s: do I use 3rd party stores just to keep using my current apps

This assumes that Apple won’t do something to really discourage the use of alternate app stores and also that the big apps would find it worthwhile to leave the built-in store (which they have not done on Android). It’s fascinating how there’s no consensus on what would happen.

Optimistically, the mere possibility that apps could jump to alternate stores might force Apple to make the App Store better for developers. However, we have nearly 15 years of experience showing a reluctance to do that, and it would be easier to get the same result by making other stores worse.

Rui Carmo:

What I would really like to see is a way for me to install and run my own apps without paying for a developer account and/or having to re-sign them every few days, and I can’t see that clearly spelled out yet.

I know Apple doesn’t really get this, but the inability to develop private applications for the hardware you own without jumping through arbitrary hoops is what keeps people like me from actively developing for the platform (and it is also why I keep dabbling with Android devices).


Update (2022-12-16): Michael Love:

They haven’t on Android, despite increasingly onerous restrictions from Google. They might offer a different or better experience for a new non-App-Store app, but no social network wants to put up an additional barrier for new users or risk losing existing ones.

A good basic assumption for sideloading is that everybody who has a successful business on the App Store will keep their app available there; the difference will be a) new apps / business models Apple doesn’t allow and b) experimental sideloaded versions of existing apps.

I’m as militant an App Store opponent as they come and I would never remove or degrade my App Store app unless Apple forced me to; I might, however, offer better pricing or new exclusive features as an inducement to sideload.

Damien Petrilli:

Facebook, WhatsApp, Instagram, Snapchat, etc didn’t leave the Google Play Store so it’s not going to happen on iOS

Sure but did Google screwed them by restricting ads on Android?

Nope. So I wouldn’t bet the incentives are similar on iOS.

Tim Sweeney:

If developers leave the App Store once they’re free to, it’s because it’s a mediocre store with massively inflated payment processing fees. That’s Apple’s own fault.

Joe Rossignol:

In a research note this week, a trio of analysts at investment bank Morgan Stanley argued that third-party app stores and sideloading would pose a “limited risk” to both App Store revenue and Apple’s overall revenue given that iPhone users have “long prioritized the security, centralization, and convenience that the App Store brings.”

John Gruber:

I think whatever Apple is devising to comply with this law, they’re still going to demand a commission on digital purchases.


I don’t think the DMA requires Apple or Google to allow third-party in-app payment processing from which they don’t require a commission. I say “think” because the DMA is well over 100 pages, and, well, to my eyes, written in opaque bureaucratic language.


The E.U.’s intent, I think, is to say that Apple can still require apps be submitted for approval, whether they’re going to be distributed outside the App Store or not. But doesn’t that defeat the entire point? Anyone who is hoping that the DMA is going to force Apple to allow any and all third-party software you can imagine — more or less requiring Apple to treat iOS like it does MacOS — is, I think, setting themselves up for disappointment. That’s certainly not what Apple wants or thinks would be best for (most) iOS users, and I don’t think it’s what the DMA mandates.


If this comes to pass, I foresee a byzantine approval system imposed by Apple even if Apple comes into it with nothing but the best intentions. That is to say, even if Apple’s attitude is to make third-party app stores as appealing and useful as possible, the approval process would still come with requirements and contractural obligations that very few companies could comply with. And I somehow doubt that Apple’s attitude would be “let’s make third-party app stores as appealing and useful as possible”. What happens if Apple makes both running and using third-party app stores as unappealing as possible under the law?

Jason Snell:

My guess is that Apple will add a switch to the Settings app (probably buried down deep, behind a sign saying Beware of the Leopard) that enables the installation of non-App Store apps. (This is what Android does.) Apple will probably give it a name like “Allow Untrusted Apps” or something similarly scary and will undoubtedly follow any attempt to turn it on with a scary alert on the level of “This App May Kill You”.


I really have a hard time seeing most members of the public turning off App Store protections and installing separate App Stores. Yes, it will happen, but the Play Store is still the place to be on Android, despite its long-time support for sideloading. In fact, Android developers have found that leaving the Play Store and going it alone is quite bad for business. Bet on the status quo.


While so much attention has been given to the squabbling of large tech companies over their cuts of millions of dollars, I’m much more excited about the idea that there are numerous apps that currently can’t exist on iOS because Apple has deemed them unacceptable for policy reasons, many of them inscrutable.


But let’s not forget the chilling effect Apple’s policies have had on iOS software development. How many amazing, groundbreaking, platform-changing apps have simply not been pursued by developers because if they’re rejected by Apple, there’s nowhere for those apps to go?

Michael Love:

Interesting tidbits not in the Gurman piece:

  • Sounds very much like sideloading, not just alternate stores
  • Apple is considering launching this worldwide and not just in Europe (!)

See also: Accidental Tech Podcast.

Update (2022-12-23): Tanner Bennett:

So the takeaway here is that if you have ANY security concerns about third party stores (more data collection, running forever in the background, etc) then those concerns are simply security holes in the OS itself that Apple needs to address.

App stores do not provide security.

David Barnard:

EU Regulation : Apple = App Review : Developers

Apple is getting a taste of its own medicine having to deal with a laundry list of opaque rules that may or may not be enforced, may or may not be interpreted as expected, may or may not be rewritten over time by new precedent, etc

The Sub Club Podcast:

On the podcast we talk with John [Gruber] about the far reaching implications of the European Union’s Digital Markets Act, how app developers should be thinking about the opportunities created, and why Apple making so much money from the App Store might be bad for Apple long-term.

Ryan Jones:

Pretty sure Apple loves DMA.

  1. They’ll charge 27% for IP, require Notarization, and have scary warnings.
  2. No one will use it.
  3. They get to comply while giving up nothing, ensuring it fails, and “prove” regulation and side-loading wrong.

Damien Petrilli:

We have seen 2 interesting things this week end.

  1. 1. Gumroad increased their price to 10% and are seeing creators leaving their service because it’s too high.
  2. 2. Twitter tried to lock users in and pushed a lot of new users to Mastodon as a result.

We just had 2 live experiments of what happens when you apply some of the 2 worst rules of the App Store in a competing market. In both cases, outrage & competition rise.

Apple can still afford to apply those rules because they locked out the competition.

16 Comments RSS · Twitter

I'm with Rui Carmo: I don't care about third party app stores. I just want to be able to load my own apps on to my own devices.

I do have a paid developer account so that at least means that I only have to reload the apps every year rather than every week. But it's a shitty day when I have to do that, because it means I have to go through the work of creating new provisioning profiles and resigning a whole bunch of different apps spread across multiple devices. I call it an "anti-holiday" because it's a day of *more* work and frustration.

I just want a proper way to sideload -- I hate that word, how about just LOAD -- my own apps.

"Instead it’s: do I use 3rd party stores just to keep using my current apps"

While this did happen with PC game launchers, it did not happen to any noticeable degree on Android. For something like this to happen, you need two very specific things:

1. Very high-value apps that will force users to switch. This clearly exists in gaming, where games are not commodities. If I want to play GTA, I'm not going to replace it with Saints Row. But Apple has worked very hard to commoditize apps, so there are very few high-value, unique apps.

2. An extremely rich owner for the app store, because by definition, buying out apps is a losing proposition. You need to pay the app developer more money than they would have made just selling the app, which means that you, also, are going to make less money on the deal than you're spending. Do this for the thousands of apps you'd need to have any measurable impact, and you're suddenly spending a lot of money.

It's also important to point out what the effect of this was on the PC gaming market: after years of stagnation, when competition arrived, Valve suddenly started to make huge improvements to their store.

@plume I agree with your framework, but I'm not sure there aren't apps like that on the App Store today. If Facebook or WhatsApp or TikTok (or Gmail or Youtube, though I'm more doubtful Google would behave this way) tells users that the only way to get their app is to use a different app store, users might switch just for that one app. Other apps that want to bypass Apple's rules could jump to the same store.

Maybe that wouldn't happen. Maybe it would happen and end up a good thing for customers. Or that the threat of it happening could force Apple to make the main store better, as mjtsai suggests, and everybody wins except (arguably) Apple. But that's what I'd be worried about if I were Apple.

WhatsApp is definitely one app that would force users to switch stores. But WhatsApp has another problem: they benefit from the network effect, so the more people install their app, the more powerful they become. It's against their primary interest to make it harder for people to get their app.

Facebook has another issue: people can just open their website in a browser, which is likely what many would do if they couldn't just get the app from the store. This, again, is against Facebook's interest, because they *want* their app on your phone, so they can spy on you more efficiently.

TikTok is one example where it might make sense for them to just move to a different store, because they are probably important enough to make people switch stores, and they'd benefit from being in a store outside of US jurisdiction.

What I actually expect to happen is that companies like Panic, that currently have huge issues with the App Store, would have a company-specific App Store just for their own apps. That, however, seems like a great thing to me.


A new app store only needs to pay its app-selection for what people buy from it. So if an app store can:

a/ give the developer 85% of the purchase price
b/ improve app discovery substantially
c/ provide a great no-crapware experience (actual curation)
d/ potentially provide better security

I see no reason why they wouldn't do really well. Apple is making tons of money, and even if one's profits were half of theirs, one would have a very lucrative business.

I also anticipate more "we-chat" like experiences, where the UI is no longer Apple's but "we-chat"'s... reversing the trend of commoditizing the software by instead commoditizing the phone.

In other words, this could become a very big deal, and I wonder what Apple will do to combat it.

I doubt free apps (Instagram, TikTok etc),will ever bother leaving the Apple Store

I doubt most people will install a 3rd party store

I'm pretty sure epic would rather be on the Apple Store with 3rd party payment processing that skips the Apple tax, then run their own smaller shop.

A very clear summary straight from the horses mouth.

Apple can't force Apple pay on devs

Thanks Kristoffer for the EU link.

As repeated ad infinutum we have that experience available already. On Android. Who wants to dip their toes in that just need to buy from one of the many brands. Also cheaper than Apple. So you have that.

More than boosting competition it appears EU officials are suspiciously open to accept Google marketing stand. Who knows, maybe Apple isn’t willing to shell out enough at the EU commission and parliament.

@Wu Ming: Perhaps the reason you need to repeat it ad infinitum is that you are not getting the point. Have you ever considered that possibility?

@Old Unix Geek perhaps because if I have to choose between company A with 84 bn of free cash flow made from products and services and company G with 52 bn made from advertising and both paying next to nil corporate taxes in the EU, albeit the former much more substantial at sustaining an asset rich economy, I know exactly why you are wrong. But if you will want to express your point for my benefit I will dutifully spend the average 2s internet attention span to acknowledge it’s existence.

@Wu Ming: So you haven't. Your definition of market is wrong, which the EU understands. The Congressional report on the matter also understood it. But you know better, and it's so much easier to make your point in an arrogant and dismissive manner? People on the internet are clearly just here to comfort you in your smugness. Anyway, there's not much point my arguing with someone who can't even spell a three letter word correctly.

@Old Unix Geek my apologies. No matter what the subject is, conversation should stay respectful. The foundation for quality of interaction. I just discovered how easily distance and anonymity allows to vent frustration. Also for a subject with no immediate personal consequences. Apologies again.

Thanks Wu Ming. I apologize for my acidity too. Have a great day!

>So the takeaway here is that if you have ANY security concerns about third party stores (more data collection, running forever in the background, etc) then those concerns are simply security holes in the OS itself that Apple needs to address.
>App stores do not provide security.

I think that's silly. Security works in layers (Apple likes to call them "moats", I guess). Sandboxing, TCC, etc. are some of them. App Review is another.

Apple obviously agrees that rules that can easily be put in an algorithm should be done by the OS. They do it all the time, and have been tightening the screws. But something like "more data collection" is hard to encode that way. What kind of data? How much is too much? Is the intent of the developer considered malicious?

That's why for those aspects, App Review — a human giving the app another look — is, while quite flawed, a perfectly appropriate layer. (To preempt "OK, but Apple is doing a poor job at it" arguments: yeah, but Tanner seems to be arguing that App Review isn't useful for this at all. I'm arguing App Review absolutely could be useful for it in a way an automated process cannot.)

@Sören: Tanner's bio says he works on jailbreaks.

He's certainly right that one can ship apps that use "illegal" APIs in the App Store (or at least one could not that long ago), and the "app reviewer" couldn't notice.

I also don't see how an "App reviewer" would have any clue how to detect unwanted data-collection when entitlements don't work. E.g.: a web browser that collects data from every input field, including passwords, encrypts them all, and then send them to (e.g.) a compromised DNS server as part of the query. Good luck detecting that if it happens couple of months.

So I don't agree with your premise that "security works in layers".

Leave a Comment