Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

DeanL

macrumors 65816
Original poster
May 29, 2014
1,363
1,302
London
I love traveling because it allows me to discover things like this.

In China, most apps are WeChat and AliPay "mini-programs", i.e. apps within apps.
For example if you want to visit the National Museum, you must buy the tickets throught the National Museum app within the WeChat app. Want a "Uber" ride? Open the Didi mini-program, in AliPay.

They are effectively apps (WeChat has even a development kit, framework, components and APIs) and payments for those mini apps also go throught WeChat Pay and AliPay.

More resources
Discuss why Apple is acting like sideloading is bad when those mini-programs do not go through Apple's App Store verification process and yet Apple doesn't cry about it! 😂
 
Last edited:
Discuss! 😂
No! 😂

I don't like it, it disables a lot of OS functionality:
  • I can't search for a specific app anymore
  • I can't determine what app specifically can send notifications, use background refresh etc
  • I can't multitask between the apps
  • etc
 
While I appreciate your point, Apple in China isn't really comparable to Apple outside of China. They operate under vastly different rules and guidelines there.
WeChat and AliPay and their mini programs are available worldwide.

They operate under vastly different rules and guidelines there.
and so you are in fact making my point. If Apple followed the rules and guidelines there, then they should everywhere else.
Therefore if EU law states that everyone must be able to install whatever they want on their phones, the backlash is hypocritical.
 
Discuss why Apple is acting like sideloading is bad when those mini-programs do not go through Apple's App Store verification process and yet Apple doesn't cry about it!
...but that can all be done without 'sideloading'.

"Sideloading" is about installing native iOS Apps that potentially, have less restrictive access to the hardware, and rely partly on Apple's app store rules & validation to enforce security.

Anybody, anywhere, without going through the App Store, can already write a "web app" using HTML5 and javascript, stick it on a https server and include a manifest file so it can be installed as a desktop shortcut with its own icon, which opens up without a browser toolbar and looks for all the world like a "proper" App. That can do anything a website opened in Safari can do - including making purchases using your PayPal/Google Pay/Ali Pay/whatever account, even accessing the camera and location info (try going to the Google maps website instead of the App - location still works) but, again, ultimately using quite restrictive web APIs and - ultimately - going via Safari/Webkit.

Reality is, though, it is still a shortcut to a website being delivered from a third-party server, not a native iOS App installed locally. The "app" is actually being run by Apple's own WebKit and JavaScript engines and subject to all of the security restrictions built into those - for most practical purposes, it is technically the same as browsing a website in Safari. The advantage for the provider is that this method is largely platform-independent.

NB - you can also install "Chrome" and "Firefox" from the iOS/iPadOS App store which can also run web apps - except, whereas the MacOS/Android/Linux/Windows versions of these are complete browsers with their own implementations of HTML rendering and javascript (each with their own set of potential security vulnerabilities), the iOS versions are little more than custom "skins" for iOS's built-in WebKit/JavaScriptCore implementation (which may not be perfect, but are under Apple's control and means they only have one set of bugs/vulnerabilities to worry about!). At a guess, the "WeChat" App is probably a wrapper like "Chrome for iOS" - the docs you linked show that "mini programs" run on WebKit/JavaScriptCore on iOS whereas the Android version uses a customised version of Chromium.

Is it possible that Apple have cut a deal with WeChat and relaxed the App Store rules to make this all a bit more seamless? Absolutely - and you could easily see why it would be in Apple's interest to play nice with them. Making mutually beneficial deals with a few strategically important partners - backed up by legal agreements and security assurances - is a far cry from allowing a free-for-all where anybody could offer side-loadable apps with (intentional or accidental) vulnerabilities or set up their own App Store with no accountability to Apple. I'll leave the question of whether Apple is hypocritical in dealing with WeChat at all while making a big noise about privacy for another place - since this thread is specifically about sideloading and payments.

NB: Payment services and sideloading are different topics, and I believe Apple has made some concessions in allowing "reader" services like Netflix to at least include web links to alternative payment methods. However, without some check on that every App would become "freemium" with payment via the publishers's own payment service, so they got full advantage of the App Store's popularity without contributing a penny to its running.

I don't entirely like my iPad's lack of sideloading. On the other hand, while I might want to hack my tablet, my phone is increasingly used for payment and 2FA, so I really wouldn't want to sideload untrusted apps to it. Currently, I've got an iPad and an Android phone, which is probably the wrong way round - when my iPad expires I'll probably replace it with a hackable Android tablet and maybe one day Apple will make an iPhone that actually appeals to me - in which case I'd see it being securely locked-down as an advantage.

Anyway, I have a free choice between iOS, Android and even a few non-Android Linux options. Attacking Apple for monopoly abuse when Android has a 70% market share and Google have a dominant position that extends across every platform is a bit ridiculous.
 
They are effectively apps (WeChat has even a development kit, framework, components and APIs) and payments for those mini apps also go throught WeChat Pay and AliPay.

I have no experience with WeChat but a couple of thoughts occur:

So how much is WeChat making to have a "mini app" on their platform?

Why would you want all your apps being a subset of another? Seems ripe for skimming user data.

I bought into the "walled garden" and appreciate it for its unique one stop shopping experience and tight integration. Alt-stores will destroy these benefits. If one wants more freedom with their devices there are certainly other options available.
 
  • Like
Reactions: iDaniel88
I guess I'm really lost since Apple created the technology, the platform, the app store, the billing/payment systems, etc. So why does ANYONE think that legislators have a clue about the technology? It's beyond absurd to believe a politician understand the technology and privacy issues that come along with enforcing this type of crap. I even extend this to USB-C mandates. The government of the EU has not determined they know what the best connector type is for all time for all consumer devices. So any company who invents a new type of connecter that is better has been blocked from the market by the very governments claiming to be supporting open markets. That is the hypocrisy.
 
I have no experience with WeChat but a couple of thoughts occur:

So how much is WeChat making to have a "mini app" on their platform?

Why would you want all your apps being a subset of another? Seems ripe for skimming user data.

I bought into the "walled garden" and appreciate it for its unique one stop shopping experience and tight integration. Alt-stores will destroy these benefits. If one wants more freedom with their devices there are certainly other options available.
From my understanding, in many countries huge aspects of life are handled through things like WeChat as just a societal norm. Banking, transactions, rental agreements, etc. it’s basically the platform that commerce happens on in country X or Y.
 
From my understanding, in many countries huge aspects of life are handled through things like WeChat as just a societal norm. Banking, transactions, rental agreements, etc. it’s basically the platform that commerce happens on in country X or Y.

Understood but my question, especially to the OP, is why would you want this? Isn't WeChat just another candidate for monopolistic regulation then if they are the defacto platform? Now, I think this is mostly a Chinese market thing, again don't have any experience with them, so I would guess that it is on purpose as part of spying on their users/populace.
 
Last edited:
Understood but my question, especially to the OP, is why would you want this? Isn't WeChat just another candidate for monopolistic regulation then if they are the defacto platform?
That's a question for China and other countries where WeChat may be dominant. Somehow, I don't think the Chinese authorities are going to go after WeChat for monopoly abuse...

In the US, EU, UK etc. the market dominance question is being asked about Google, Amazon, Apple, Microsoft etc. except its a bit hard to see why anybody worries about Apple out of that lot! Don't get me wrong, I love slagging off Apple when its justified but, ultimately, I see plenty of other viable choices. It's nothing like the bad old days of the 90s when buying and using anything other than Wintel was an uphill struggle. Even today, MS Office/Exchange and Google are far harder to avoid than Apple stuff.
 
  • Like
Reactions: icanhazmac
...but that can all be done without 'sideloading'.

"Sideloading" is about installing native iOS Apps that potentially, have less restrictive access to the hardware, and rely partly on Apple's app store rules & validation to enforce security.
I would let you finish but:
1. The "rules" and "validation to enforce security" is mostly automatic, hence why a lot of apps through the year have snuck in prohibited/malicious software.
2. Because WeChat/AliPay has mini-programs that extend the main app, they can't really enforce the security of these mini-programs since they are extensions of the native app, can they? We now rely on WeChat to have done the verification and not Apple ;)
3. Those mini program have the same access the main WeChat app has.
4. They work offline too,so not exactly a web app

Attacking Apple for monopoly abuse [...]
That's not what the EU and other country are coming after Apple for.
 
  • Like
Reactions: Samplasion
1. The "rules" and "validation to enforce security" is mostly automatic, hence why a lot of apps through the year have snuck in prohibited/malicious software.

Nobody said the security of the App Store was perfect or that Apple never made mistakes. Even if Apple eventually allow sideloading of native apps, you'd be nuts to install anything not signed by a trusted source - but then how does your 'trusted source' check programs?

2. Because WeChat/AliPay has mini-programs that extend the main app, they can't really enforce the security of these mini-programs since they are extensions of the native app, can they?
Anybody can already write "mini programs" in the form of HTML/Javascript WebApps and have users install and run them without any sort of security enforcement beyond what Safari already does when you visit a random website. Under the hood, the "native app" you are using is effectively Safari (Or, more accurately, the underlying WKWebview and JavaScriptCore) doing what it does with any other website.

The iPhone would be pretty useless if you couldn't use web apps on third party websites for shopping and payments at all - and Apple can't enforce the security on those beyond making sure that Safari doesn't have vulnerabilities.

As I said, Apple may have cut WeChat a break (even by letting them ship something that looks like an App Store) - but everything you describe could be done with Safari and web apps without going near the App Store, and the docs you linked to confirm that the mini apps run in WKWebview/JavaScriptCore.

4. They work offline too,so not exactly a web app
Web apps can work offline. iOS is a bit behind the curve in supporting "Progressive Web Apps" but it does support the basics:


Originally, the iPhone wasn't going to have third-party native apps at all and everything not buit-in would be done via the web. The App Store wss a later addition. The capabilities of web apps have increased greatly since then - so by the time all the lawsuits and investigations have finished, the native App Store may be obsolete anyway...
 
the side loading argument has only ever been about money and politics.

apple doesn’t take a cut off my amazon purchases but wants a cut of your fortnite coins.

apple will do whatever they can get away with to make the most money possible and it is always that simple
Apple is entitled to protect its property, while at the same time customers who feel they aren’t getting enough value out of apples hardware, software and services, have competition aplenty to choose from.
 
I don't entirely like my iPad's lack of sideloading. On the other hand, while I might want to hack my tablet, my phone is increasingly used for payment and 2FA, so I really wouldn't want to sideload untrusted apps to it. Currently, I've got an iPad and an Android phone, which is probably the wrong way round - when my iPad expires I'll probably replace it with a hackable Android tablet and maybe one day Apple will make an iPhone that actually appeals to me - in which case I'd see it being securely locked-down as an advantage.

Anyway, I have a free choice between iOS, Android and even a few non-Android Linux options. Attacking Apple for monopoly abuse when Android has a 70% market share and Google have a dominant position that extends across every platform is a bit ridiculous.

Totally agree with this. I don't care about installing all sorts of nonsense, I just want my iPhone to be as secure as possible. Now, I assume that it's going to be as simple as just keep using the official App Store to stay safe, but that obviously doesn't help all the idiots who are going to download all kinds of crap - which naturally will backfire!
 
  • Like
Reactions: Chuckeee
Because China is the largest smartphone market in the world. It's impossible not to play in that market, so Apple follows.

The EU is barely holding together and many members disagree. Apple will try to poke holes where possible. Make sideloading sound like a disaster even though it works in Mac.

Apple Store has their own mini-program in WeChat. So does McDonald's and many others. Apps don't need to pay commissions to Apple.



IMG_9102.PNGIMG_9103.PNG
 
If the EU is barely holding together, I wonder what the US is....

Pretty unified in terms of standards. One third of EU countries don't even use the Euro. Then you have random acts like France banning iPhone 12 because it doesn't meet their standards.
 
  • Like
Reactions: iOS Geek
You wrote "The EU is barely holding together and many members disagree."

a) Not using the euro is sign of neither. It's sign that the EU is working properly and the member states can do what's best for them, including leaving the union if they're unhappy, unlike the US.
b) Bulgaria is joining the Euro zone in 2025; Romania in 2026. Czechia, Hungary, Poland, and Sweden are legally obligated to adopt the euro eventually, but even if they didn't, they are part of SEPA anyway.
c) the US stil have "random acts". States can pass laws that affect product availability or that require businesses to do something differently there to comply with local laws. If "many members disagree", many states do too.

Nice try thought.
 
Not sure about the comparison but these apps within apps are Sandboxed away and can't touch any Apple systems. its an ecosystem within WeChat or whatever. Doesn't Facebook also have "Apps" in a similar way? I think the side loading will work in a similar way. They will be sandboxed and limited.
 
Not sure about the comparison but these apps within apps are Sandboxed away and can't touch any Apple systems. its an ecosystem within WeChat or whatever. Doesn't Facebook also have "Apps" in a similar way? I think the side loading will work in a similar way. They will be sandboxed and limited.
Sandboxing is irrelevant to the discussion. We're not discussing whether "these apps within apps" can get out of their sandbox.
We're discussing the fact that these apps act as an app store within an app, which is supposed to go against Apple's rules since Apple hasn't directly vetted every app within.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.