{"id":29305,"date":"2020-06-22T11:08:32","date_gmt":"2020-06-22T15:08:32","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=29305"},"modified":"2021-10-15T15:14:58","modified_gmt":"2021-10-15T19:14:58","slug":"the-app-store-doesnt-make-apps-safe","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2020\/06\/22\/the-app-store-doesnt-make-apps-safe\/","title":{"rendered":"The App Store Doesn’t Make Apps Safe"},"content":{"rendered":"

Brent Simmons<\/a> (tweet<\/a>):<\/p>\n

\n

Otherwise, App Store review is looking for basic functionality and making sure the app follows the guidelines […] the guidelines are about protecting Apple’s interests and not about consumers.<\/p>\n

[…]<\/p>\n

I’d feel secure knowing that the apps, just by virtue of being iOS apps, are sandboxed and have to ask for permissions. (I’m also imagining a Mac-like notarization step, for additional security. I think this is reasonable.)<\/p>\n

In other words: Apple has done a very good job with iOS app security and safety. The fact that we think this has something to do with the App Store is a trick, though.<\/p>\n<\/blockquote>\n\n

As discussed in the comments<\/a> here<\/a> yesterday.<\/p>\n\n

Charles Perry<\/a>:<\/p>\n

\n

@brentsimmons\n is right. Technical restrictions built into the OS (like sandboxing, asking user permission before accessing Contacts, etc.) are what makes iOS secure, not App Review.<\/p>\n<\/blockquote>\n\n

Riley Testut<\/a>:<\/p>\n

\n

This is important! Apps downloaded outside the iOS App Store would be far<\/em> more safe than ones downloaded outside the Mac App Store. Regular iOS protections such as sandboxing apply to sideloaded apps like \n@altstoreio\n and Delta — the only<\/em> difference is Apple doesn’t like them<\/p>\n<\/blockquote>\n\n

Russell Ivanovic<\/a>:<\/p>\n

\n

This whole notion that it’s Apple’s App Store or user privacy hell is pure nonsense. It’s not one or the other. In fact most apps on the current App Store suck up all the data they can already. That’s a toolkit issue not a store issue.<\/p>\n<\/blockquote>\n\n

Dan Held<\/a>:<\/p>\n

\n

I built out and headed up App Store optimization for all of Uber’s mobile products from 2016-2017.<\/p>\n

The “review process” allowed hundreds of fake Uber apps to be approved. The problem got so bad we had to use a 3rd party software to issue takedown requests in mass.<\/p>\n

If they can’t screen at that surface level then I’m not sure what they’re doing with each indie dev.<\/p>\n<\/blockquote>\n\n

I don’t think this is what people expected to happen, but, even without fakes, the App Store does sometimes make it harder<\/a> to find the official app. First, search<\/a> ads<\/a> deliberately make it not the top hit. Second, the organic result for typing the exact name often isn’t right. Outside the store, you’re always going to get the right app if you start at uber.com. And a Google search is unlikely to give you the wrong result because the fake app won’t out-PageRank Uber.<\/p>\n\n

Previously:<\/p>\n