> this number of completly inexperienced user is not proven to be as large, if you look at Android or OSX you don't see 51% of users having malware on their machine

> "protecting" an unknown small number of users by limiting the rest makes no sense, what makes more sense is MONEY

For creating policies 51% is a bad measure. Its inherently biased to be regressive. Setting policies at 51% disproportionately hurts the bottom 1%, 10% and 25% of the populations that need our help the most. This is true of all policies and especially laws.

Meanwhile, if you've ever helped your grandma or parents with their computers, you'll realize just how much malware they have already downloaded. I also remember what I was like on Limewire and Kazaa as a kid. There is/was an entire industry built around it for Anti-virus and Malware protection.

iOS doesn't require anti-virus or malware protection because Apple builds protection and privacy into the product as a core feature. Sadly, built into Android is malware but even Android is less susceptible to malware from unknown entities.

I understand your point but we don't even know if the number of this users that need protecting is even 10%. This imaginary group of people must have this properties:

- they are gullible , so bad people can trick them to ignore OS security warnings,create some extra account or security key to unlock the device (Apple can do it hard enough it must not be just 1 click)

- at the same time this users are not that gullible to paste their credit card in random websites or on Apple approved chat messages

- at the same time this users can be trusted with the app permissions for files,contacts, camera, location

For me if I intersect all this sets of users I get void and your argument should be that everything should be locked down, no permissions allowed for this users, there should only Apple approved websites, apple approved contacts, Apple should scan your messages not to send your card details or do stupid things. This people should use an iOS version made for children and adults could use the unlocked version.

> they are gullible , so bad people can trick them to ignore OS security warnings > For me if I intersect all this sets of users I get void

I work at a pretty big company, where we are trusted to make a lot of important decisions but as I understand it even small companies have trainings to identify "phishing, clickbait, social engineering, etc". Every relatively big company also pre-approves devices that can connected and access the internal network. Installing software needs to be pre-approved. Even my browser Firefox or Chrome settings are pre-selected to ensure no compromising behavior can occur.

I know from past-experience, friends and colleagues that my current company is not unique. Because all humans (even the smartest sets) are gullible, it just depends how time constrained, sleep deprived or drunk they are.

Additionally, preventative protections on devices are used often even in personal contexts. When I help my mom set up her computer I pre-install everything and she doesn't have the admin password. This is the general recommendation for and by anyone helping someone under-educated about technology and abuse vectors. I've asked if she would rather me teach her and she just prefers using the computer without worry. Neither her, not this situation is unique.

That said, I have previously and do agree, Apple should make it easier to boot non-iOS iPhones. However, Apple should only provide that to the registered adult owner of the device, in person at an Apple store after delivering the caveats that the device will no longer be supported by Apple (regardless of resale) and any warranty is void.

The issues you describe are happening on computers where by default there is no sandbox, so an evil game or a bad application can do a lot of damage. But in an OS with strong sandbox and a good permission model the fact you add a dude to review your app does not add some extra security, from what I see this review people will check to make sure you follow the GUI /UX guidelines and also make sure you don't give the users information Apple won't like (like you could buy this cheaper from this webpage)

I agree, with a strong enough sandbox I am very happy to use sideloading. Fortunately, iOS provides Safari for such a sandbox.

According to screen time on iOS, I use Safari 2x more than all my other native applications combined. Including to play games. Especially with "Login with Apple", and "Apple Pay" I find that most websites are as easy to use as native applications.

I absolutely resent the implication that protecting the bottom n% of gullible users is mutually exclusive with giving power users the access they desire. they seem to do a decent job of it on their OSX machines, so why not iOS?

You're right! I disagree that the perfectly balanced system is OSX but overall I agree iPhones should have better "hack-ability".

As I've posted elsewhere:

I agree, Apple should make it easier to boot non-iOS iPhones. Even provide some tools to write custom OSes for the iPhone hardware. However, Apple should only provide that service to the registered adult owner of the device, in person at an Apple store after delivering the caveats that the device will no longer be supported by Apple (regardless of resale) and any warranty is void.

> I agree, Apple should make it easier to boot non-iOS iPhones. Even provide some tools to write custom OSes for the iPhone hardware. However, Apple should only provide that service to the registered adult owner of the device, in person at an Apple store after delivering the caveats that the device will no longer be supported by Apple (regardless of resale) and any warranty is void.

this kinda misses the point. I don't want to write my own OS for the phone or run ubuntu or someone else's jailbroken iOS image. I just want to run normal iOS, get updates, and also have the ability to escalate privileges from time to time. why is there not an amount of money I can pay for this?

also, does apple distribute any third party drivers in iOS? if so, they might not be able to make non-iOS iphones possible, even if they wanted to. not as familiar with the apple world but IIRC, this has been a longstanding issue for true alternative OSes on android phones.

I think I'm onboard as long as the procedure is cumbersome enough, and the registered adult owner of the device confirms that they understand and agree the warranty and support is void.

If you want to keep iOS as well... at that point, I do feel Apple is also in its right to remove all trademarked content from the phone running an iOS-like OS. AppStore, applications, remove all reference to words like "iPhone". So it would be a very bare-bones iOS-like.

Because otherwise it could negatively impact their brand. Their brand is built on the premise they build amazing products for customers who want those products. If someone looks at your "modified, uncurated iPhone" and thinks it "feels janky" or "poor UX" or "bad battery life" or ..."" that could result in that person not buying/recommending an iPhone.

Apple clearly values its brand highly and I can see why they would want their brand to be distanced from the type of device you would like.

Can you think of what a bad application can do to a user when side loading but is impossible to do when Apple reviews it, If I am a bad actor I can submit an app for review and activate an evil mode after the application is approved.

Maybe we can stop pretending that the lock is in place to protect the users, most Android users do not root their devices or install random evil applications and then complain to Google about it, can't we just be sincere and say , "yeah is the way Apple keeps control on things for financial reason" . we could focus on the correct stuff then like how we can protect the small set of very gullible users from bad apps(that can be in the store) or bad webpages or evil messages.

> If I am a bad actor I can submit an app for review and activate an evil mode after the application is approved.

While this is of course still possible, the store model allows you to disable the app and remove the store listing to prevent further distribution of the bad app. You would be giving this up ability if you allowed third-party distribution. The fact that review is necessary in the first place also serves as a deterrent, and if a bad actor is caught their developer account can be banned to prevent them from submitting any more apps.

> Maybe we can stop pretending that the lock is in place to protect the users

Not sure why you think this is a pretense. In 2019, Android devices were responsible for 47.15% of malware infections compared to 0.85% of iPhones (https://onestore.nokia.com/asset/205835). There is a clear security benefit to the locked-down store model.

>the store model allows you to disable the app and remove the store listing to prevent further distribution

You do not need a store to blacklist a known bad application, you can have the OS do what OSX is doing now(I read on HN about this, I don't run any newer OSX versions) check an app when it starts against a blacklist.

I agree that a review will catch low level effort of malware and I am not advocating for no official store if is possible users should use applications from the sore or on Linux from the official repositories but if some application is not in the store/repo (maybe you live in one of those countries that ban apps) you can have the option to side load the application.

The statistics for malware on iOS vs Android could be problematic if you don't compare equal user groups, Like a rich kid will buy the games from Steam or Apple store, some poor kid will try to get some free games so IMO we should compare similar population.

Blacklisting may be an appropriate solution for malware but doesn't help with privacy issues because apps distributed outside the App Store by definition won't be subject to the App Store privacy rules.

> The statistics for malware on iOS vs Android could be problematic if you don't compare equal user groups, Like a rich kid will buy the games from Steam or Apple store, some poor kid will try to get some free games so IMO we should compare similar population.

Even within the Android platform Google has reported an 8x difference in malware between devices that use side-loading compared to devices that use only the Google Play Store (https://source.android.com/security/reports/Google_Android_S...). In other words, it is specifically side-loading and third-party app stores that cause the biggest problem.

We've already seen this same story play out on Windows. Why would we expect it to be any different here?

> because apps distributed outside the App Store by definition won't be subject to the App Store privacy rules.

Can you explain? Side loading apps won't disable the sandbox so the app won't have access to your files, sensors or peripherals without permissions. The OS could be even more privacy focused by allowing power users to enable an option to fake private data like contacts,photos,location etc for apps that would refuse to run without this permissions.

Second thing, what extra privacy a manual review of a guy would add to an app that can't be done better on the device by sandboxing and code?

Side loading would be used by power users most of the time or people in countries with censorship. We will not repeat the Windows story , we would repeat the Linux story where we always had trusted apps on trusted repos and only power users would "side load" stuff, on Windows the story wad different, you needed something you used google and run the first thing you find.

Consider, for example, an app that might initially request access to your contacts for a legitimate purpose (like messaging your friends), but secretly scrapes your contacts and sells it to third parties. This is a privacy abuse that is not prevented by sandboxing since the user explicitly granted those permissions. The problem is the user has no control what the developer actually does with the data after the permission is granted.

At least with an app review policy you can say this type of behavior is not acceptable and you will be banned if you abuse it. I'm not saying that will perfectly catch all abuses but at least it serves as a powerful deterrent that otherwise would not exist if all apps were directly distributed with no oversight.

> Side loading would be used by power users most of the time or people in countries with censorship.

Not sure why you think this but it simply doesn't match existing statistics. Side-loading and third-party stores are quite common in certain countries and it leads to large numbers of regular people getting infected by malware. For example, Kaspersky reports that 60% of mobile users in Iran and 38% of mobile users in India have been attacked by mobile malware. (https://securelist.com/mobile-malware-evolution-2019/96280/)

I don't understand your point. Are you actually suggesting that poor people don't count?

If you consider the US alone you're still looking at ~17 million malware infections last year on Android devices.

> The guy that reviews the Apple Store has no idea if the developer sells the data to a third party, the chances that somehow Apple finds this out in time to help you is minimal

The fact that they can ban these developers serves as a deterrent. What you're suggesting is the equivalent of saying there's no point in having laws against stealing because some people will steal anyway. What you should be considering is the net effect of the rules against the overall frequency of the problem, not whether it prevents them 100% of the time (which is impossible anyway).

> Many existing apps are using FB SDKs, other advertising related library in the apps, loot boxes and other dark patterns and Apple is not blocking this because they have a financial interest.

Now imagine how much worse it would be if Facebook (and every other app) was directly distributed and had zero oversight whatsoever.

My stats point is this, let me show a simple example. Say in my small poor country nobody has the latest BMW and most people use some 20 years Renaults. Then you can create some stats to show BMW is perfect and Renault is crap. Where would be fair to compare cars that are in the same price category, same age, same driver category etc.

Is the same statistics shit Apple fanboys use when they want to show that Apple can't be a monopoly/duopoly the use a world wide stat(where in fact in US Apple and Google are around equal (iOS appears on top on this source but who knows how credible it is https://gs.statcounter.com/os-market-share/mobile/united-sta...)

About laws, it is more like because someone is getting hurt with his power tools then we ban power tools and we allow only children friendly tools. This is not how it is sone, we can ask for safer tools but if someone injures himself with his power tools it is his fault. (and now I expect the argument about "Apple branding needs to be protected" dude Apple shipped bad keyboards and refuse to aknowledge the issue until a a lawsuit, Apple fucked witht eh battery behind the users back and a lawsuit had to happen for this to be shown, Apple branding is not something as a user you need to care about because it promotes antiuser behavious.

Sounds like you're reaching for excuses to dismiss the obvious malware problem on Android.

No one is advocating banning power tools. There are plenty of power tools (Android devices) out there for people who want to buy them. What you're advocating is that Apple shouldn't be allowed to sell their own, safer, tools to people who want to buy those instead.

My main point is that:

- if Apple wins vs Epic then Google and Microsoft have precedent and they can lock down their platforms , previous legal precedent was with IE bundling

- because Linux exists that does not mean the Microsoft can do whatever they want, similar because at this moment Android devices exists and some power users can side load and an even small umber of users can root them does not mean that others can lock things down.

Your statistics are misleading and you are avoiding to compare apples to apples. Show me how much malware is on OSX because that platform was not as much locked,

> - if Apple wins vs Epic then Google and Microsoft have precedent and they can lock down their platforms , previous legal precedent was with IE bundling

Bundling IE with Windows was never established to be illegal in the United States, the issue was overturned by the appeals court and precedent was never set. What was found to be illegal was forcing other companies (like OEMs) to include IE on computers they manufactured as a condition of obtaining Windows licenses.

> - because Linux exists that does not mean the Microsoft can do whatever they want, similar because at this moment Android devices exists and some power users can side load and an even small umber of users can root them does not mean that others can lock things down.

The difference is Microsoft had 95% of the market during their antitrust case. If they had 5% of the market the outcome would have been very different.

> Your statistics are misleading and you are avoiding to compare apples to apples. Show me how much malware is on OSX because that platform was not as much locked,

Are you unaware that Mac malware is a growing problem?

https://www.macrumors.com/2020/02/11/malwarebytes-mac-malwar...

30 million adware detections on Mac last year kind of puts a hole in your theory that only poor people get malware, doesn't it?

It is my expectation that Apple verifies the identity of developers submitting to the AppStore. It is my expectation that if the initial review doesn't catch the abuse, and my contacts list is scraped and sold that Apple will eventually find out and ban the app from the store.

It is also my expectation that Apple will file a suit for damages, and help a legal firm file a class action suit against the developer on behalf of the victims.

If you are right and this isn't happening yet, I hope Apple starts doing it.

Yes Apple will terminate a dev account for not respecting the terms but I am not aware of Apple or Google trying to bring to justice developers that sold private data, at least in US there is a big resistance against having a GDPR like law so you could use the courts to punish some developers. Also we know that Apple (like Amazon and others) used contractors to have them listen to private recordings of users without asking consent (like hey user , I do not understand this can I send it to the cloud so strangers can listen and do stuff with it ?) , so for Apple privacy is a tool for making money, it aligns with your interest until a point (but as with Siri example you can see it is not 100% aligned with your interests)

Sure totally!

With sideloading allowed, an application/appstore that is actually a trojan horse could request permissions once to "download X" where X is innocuous. Later the trojan auto-downloads other applications to your phone to mine bitcoin, run a bot net, etc. Basically selling your hardware, bandwidth and battery life to the highest bidder.

With sideloading, alternate APIs could be scraped together into a "new std lib". These APIs would just be some C/asm lib that is a part of any application and accesses hardware without any permission management. At that point every possible bad thing can happen. "Sandbox it!" sure... but that is what Apple is currently doing... its just also auditing source code to ensure no one is maliciously trying to break out of the sandbox. With enough time, people will break the sandbox or people will complain the sandbox is too limiting and not "true sideloading".

All this said, is Apple's auditing system a 100% guarantee? No. But at least I know once the bug/issue is found Apple will close the hole. Meanwhile, its in a company like FB or GOOG's best interest to force ever more tracking onto users, and they know people will continue to use their services regardless of the complaints (like what happens today).

You might argue, "this is where government should step in". I agree! The problem is that the government isn't doing a good enough job protecting users from digital abuse (arguably might make it worse with weaker encryption). So in the meanwhile, I'm happy that at least Apple currently is trying to protect users.

Apple is not reviewing the source code, they probably looking at what system calls you use and maybe they do what anti-virus software do on Windows, check for signatures or something like that. From my limited knowledge you can have your executable very obfuscated and make it impossible for someone to easily understand what is happening.

The thing is nobody would force the normal users to side load things, the number of applications for Android that are not in the store is small and I think only Fortnite was one with popularity and the number of people sideloading it was not that big.

> if you look at Android or OSX you don't see 51% of users having malware on their machine

Have you actually looked up the statistics? According to Kaspersky (https://securelist.com/mobile-malware-evolution-2019/96280/) mobile malware attacks in 2019 affected: 60.64% of users in Iran, 44.43% in Pakistan, 43.17% in Bangladesh, 40.20% in Algeria, 37.98% in India, 35.12% in Indonesia, etc. These are not small numbers.

> - with the amount of money Apple has they could afford to improve the security by adding more sand boxing and making unlocking of the phone by "tricked incompetent users almost impossible"

Sandboxing can protect against system vulnerabilities but does not help protect privacy in the same way App Store review guidelines do. (For example, by disallowing user tracking in games designed for children.)

> - I assume apps and websites can use your microphone and camera on your phone, it is under soem popup/permission prompt, why do you trust the "inexperienced users" with the camera permissions some bad person could trick them.

Temporary access to a microphone or camera is nowhere the same level of security risk as allowing third-party applications to install other applications on your phone.

> - "protecting" an unknown small number of users by limiting the rest makes no sense

Again, these are not small numbers of users, nor are they unknown. Android malware routinely infects millions of devices:

https://www.zdnet.com/article/this-android-malware-has-infec...

https://www.theverge.com/2019/7/10/20688885/agent-smith-andr...