Sideloading abilities will make it far easier for governments to deploy their malicious apps to people’s phones.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 17 to Support App Sideloading to Comply With European Regulations
- Thread starter MacRumors
- Start date
- Sort by reaction score
Exactly, it’s not really doing anyone a favor forcing people to use one particular port, which in ten years or even less may very well be antiquated. It stifles innovation.
Exactly. If you’re a reputable developer, why wouldn’t you want to distribute your app through the App Store where you’ll have much better visibility and reach more users? It’s not like the percentage Apple charges is THAT high, in fact, it’s lower than what Etsy charges. Mainly the multimillion dollar software business that get charged a higher percentage are probably the ones complaining the loudest. Those big software companies are also the ones that would have the resources to make alternate app stores and stuff like that. And companies that are calling for this like Epic Games are just about the money and are acting hypocritical because Epic actually charges a higher percentage for people who want to distribute their games through their store, while complaining about Apple’s fee.It seems like here every week, someone gets scammed of their life savings because they got tricked into downloading some fake app from Facebook. And it’s all happening on android phones.
It’s gotten so bad that one of my banks has designed their android banking app such that it will not load if it detects the presence of sideloaded apps on one’s device.
OCBC’s new anti-scam measure upsets some users; bank clarifies only apps with risky permission settings flagged
The bank's new security feature prevents users from logging onto their Internet banking and OCBC Digital app on their phone if it detects potentially risky apps downloaded from unofficial portals.www.channelnewsasia.com
It will be funny if this too comes to iOS in the future, and basically stops the appetite for sideloading right there and then.
That’s the thing when the more tech savvy users talk about how they are smart enough to not get scammed and such. It’s not always about them, and I wish more of them would acknowledge this.
Great, and no one is forcing you to. Meanwhile the App Store (and Play Store) is full of apps that are borderline scams that Apple (and Google) keep around because they happily make their cut, but we won't talk about that.
The idea that Apple keeps "borderline scams" on the App Store for their cut is laughable. The revenue would certainly be negligible to their bottom line. Any hit to their reputation would certainly cost them more.
…which Apple is preventing from running.
No less hypocritical than Apple - whose monopoly on iOS app sales is no less “just about the money”.
Epic’s 12% are less than Apple’s 15-30.
Etsy’s 6.5 percentage is lower than Apple’s 15-30%.
Even adding their 4% payment processing fees, it’s lower.
Last edited:
https://www.etsy.com/legal/fees/
https://www.theverge.com/2023/3/9/23630864/epic-games-store-self-publish-tools-ratings
That said, at just one word, it‘s not as if you even tried to put any effort into that post.
https://www.theverge.com/2023/3/9/23630864/epic-games-store-self-publish-tools-ratings
You fail to make any statement of fact or argument that would even remotely be supported by online search or sources.
That said, at just one word, it‘s not as if you even tried to put any effort into that post.
Last edited:
It’s not like you put much effort into your response, so why would I? Apple’s charge is perfectly fine. After all, they’re maintaining the store, and your app gains greater exposure and profitability. 👍🏻. Just like when I sell things on Etsy, enjoy their ready-made platform, and so pay a percentage for that privilege. And Etsy’s percentage depends on the type of thing you’re selling. But then again, I actually use Etsy. The main point of my post was that it’s not like all the little Indy developers are being crushed under the thumb of Apple as some would like to paint the situation. In reality, when polled, most Indy developers prefer to be able to make use of the existing App Store on both platforms, after all, even with Apple’s percentage, it’s still actually cheaper than trying to host your own website and storefront, not to mention you stand a much, much higher chance of people actually discovering your app. Most reputable apps want to distribute via the App Store, in most cases it’s either mega corporations that have the resources to do that, or shady software that would be kicked out of the App Store because of it’s data harvesting and scammy nature.
As to Apple’s motivation, even if we assume there’s a financial aspect to it, their’s also the aspect of consumer protection, greater software security, etc. Android is less secure because it supports sideloading, people should have the choice to choose a more secure OS that doesn’t support it.
You claimed that Epic and Etsy are charging a “higher percentage“ than Apple, That is a factual statement contradicted by publicly available figures. We can whether “Apple’s charge (are) perfectly fine”. But we should not do it by citing wrong facts and comparions.
They can absolutely continue to do that. No one is forcing any indy developer to distribute their apps anywhere else (well… except Apple, when they don’t allow certain functionality or business models).
It’s not.
You can host your own website for a couple of dollars a month - fixed price, no commission.
And you can accept payments for less than 5%.
At 5%, you’ll even get someone (e.g. Paddle) to handle toe VAT for you.
It can’t be iOS then, since iOS has supported sideloading for a long time. Apple is just not letting legitimate small developers use it.
First off, like I already said, the percentage that Etsy charges depends on the kind of thing you’re selling. So just finding the lowest percentage Etsy charges and saying “see it’s lower” isn’t a good way of going about it. Besides, whether or not Etsy charges higher percentage than Apple or not isn’t really key to my point, so there’s that too. You just want to go down a rabbit hole with this rather than actually dealing with my main point.
My point about Indy Developers isn’t about whether they could continue to distribute through the App Store or not, it’s to point out that the common representation of this issue which paints poor little Indy Devs as the victims of Apple’s greed or something stupid like that is wrong.
Furthermore, my point about Epic is that they’re not pushing and lobbying for forced sideloading on iOS out of the kindness of their heart, some sense of justice/freedom, or the benefit of the users. They’re lobbying for it because they want to make their own game store where they can gouge game devs to distribute, rather than dealing with Apple’s App Store. They accuse Apple of not allowing sideloading because of greed and other such silly rot, while the reason they want sideloading is their own greed. That makes them hypocritical.
It depends on what you consider “hosting” for your app, and the main thing I said about that is that you wouldn’t have nearly the same visibility. Most legit apps want to be hosted in the App Store, because they know that most people aren’t going to trust sideloaded apps to not be vectors for malware. In fact, look at Android, pretty much all reputable apps on Android are available in the Google Play Store. But a lot, and I do mean a lot, of sideloaded apps on Android aren’t very legit, and mine your data more than reputable apps.
And this leads us to the point about security. The App Store system makes iOS a lot more secure, because apps have to actually be scanned for malicious code. You don’t have a fake Facebook app that you end up sideloading cause you don’t know any better, and then end up with malware infecting your device. With sideloading, this is a very common way to get malware on people’s devices, spoofing legit apps.
And iOS doesn’t actually officially support sideloading, that’s what this whole argument is about! The closest thing to “sideloading” is a tool that allows developers to load their own apps onto their devices for testing, which they’re obviously not worried about malware from their own app infecting their device. That last statement you made that iOS supports sideloading is silly, and undermines your whole argument. If it already supported sideloading, then why would we even be debating about it?
And another point I want to make here is that government shouldn’t be forcing companies to sell services or other such things with their products against their will. Case in point, the EU’s overstep by forcing all companies to adopt USB-C. When government starts getting involved in decisions like this, it stifles innovation. This amounts to forcing by law a Pizza business to serve Macaroni & Cheese in addition. And this is a very slippery slope. What’s to stop government from mandating that all user data must be handed over to them? This is crony capitalism at its finest: company lobby’s government to force other company to support app sideloading, government crafts legislation to force other company to support sideloading. This kind of thing doesn’t pan out well.
I posted a link to Etsy‘s fee schedule above.
It does not indicate a differentiation according to the product sold.
Neither does it lend credence to your claim that they‘d charge more than the 15-30% Apple charge.
The fact that
1. you also claimed „Epic actually charges a higher percentage“ (which they don‘t and haven’t been reported to)
2. when confronted about your misrepresentations, you felt to resort to a cheap one-word denial
3. you are either unwilling or unable, to support your claims
…leaves only one conclusion: You seem to be willfully misrepresenting fees charged by others and seem unwilling to engage in a facts-based discussion
Of course it is a key point in your post above:
I will however address that point about visibility and reach:
They are the ones that need the “visibility” provided by Apple the least. Nor do they their products require much vetting or approval by Apple (customers are trusting Google, Meta and the big game makers, whether that’s justified or not).They do have established products of their own.
I do agree, however, somewhat agree that notion:
For little indy developers (below Apple’s 30% threshold), Apple’s App Store seems to be a quite attrative and competitively priced deal. If the classic distribution model available on macOS (sell through your own website and have your own serial number/activation server or choose from a range of third-party services) were available on iOS, they may save a small percentage in relative costs - but it would probably not be worth it overall.
Last edited:
Not true.
It supports it. The technology and infrastructure is there and operating today.
You can download and install apps from a web site.
No device-enrolment needed.
No Apple App Store.
No app review process.
No scan for malicious code.
The only small (but important) catch: You need an enterprise developer certificate - and that's what Apple is withholding from legitimate developers for public distribution purposes, in order to protect their commission-based app distribution business. The restrictions are merely T&C.
Doesn't stop dodgy companies in China and elsewhere to acquire such certificates and set up their own alternative "App Stores" though - until Apple gets round to finding out and revoking the certificate eventually. Bit of a cat and mouse game. But by then, the damage is likely already done, if you're talking malware and spying on users.
It isn't always just dodgy companies somewhere in Asia though - sometimes they're closer to the U.S. doorstep. (notice how long it took it Apple to revoke that certificate - though they've been (ab)using it right in front of their eyes?).
Last edited:
Again, last I checked, I’m pretty sure Etsy charges at least a 10% charge for physical items. I sell digital items, so maybe I’m wrong, but what I was talking about with varying percentages for Etsy items is that they charge a lower percentage for digital items, at least according to people I know who sell physical items. 🤷🏼♂️. And what I replied Wrong to wasn’t that part of your response. And it really is completely irrelevant to my point and a bunny trail whether or not Etsy and Epic’s percentage is the same or not (btw, I heard a developer who distributes games in Epic say that the percentage is the same or higher, so that’s what I went on with that if that makes you feel any better). Not trying to “misrepresent the situation”, I even said Etsy and Epic are irrelevant to the situation, so there’s that. 🤷🏼♂️
As to your other points, why do I want to have to go to the Meta Store to install the FaceBook app, where Meta can add more data-tracking software into the app that doesn’t have to comply with Apple’s standards in order to be allowed through the App Store? There goes my privacy. The App Store also requires developers to show every type of data an app collects in the description in the App Store, something I’m sure wouldn’t be present in the Meta Store.
If the mega corps would be the main ones that would make use of sideloading (and the main ones that want my private data which Apple’s App Store rules help to protect), then why would it be so beneficial to the user? Surely the mega corps can just use the App Store, play by the rules, respect my privacy, and stop their whining since they are, after all, multi-billion dollar corporations. It’s not like they can barely afford to stay in business, and Apple’s just driving them into the ground, though that’s often how they make it sound with their ridiculous sob stories about Apple’s App Store. 🙄
And that form of “sideloading you’re talking about IS a developer tool! You even said it yourself when you said “you need an enterprise DEVELOPER certificate”…. It’s meant for limited applications where security risk isn’t as great because it’s a tool used by either a team of DEVELOPERS working on the same software, or for internal business software which the business isn’t worried about carrying unknown malicious code, because it’s the business’s own software! 🤦🏼♂️. It’s not a feature accessible to average users who will get duped into installing a “Mario Cart” game for free off “WeSellCoolApps.com” that’s loaded with malware…🤦🏼♂️. Or for that matter, will spoof the App Store like is a common problem for the Google Play Store on Android…
To summarize (regardless whatever Etsy or Epic charges (it’s irrelevant, perhaps I was misinformed, but doesn’t matter to my case and is a total bunny trail), Apple’s App Store percentage charge is perfectly reasonable, not something worth whining over. And many of these megacorps want to skirt the App Store because it will help them collect more user data because they won’t have to follow Apple’s App Store privacy policies in order for their spyware apps to be approved. The Enterprise DEVELOPER Certificate system ISN’T the same as sideloading, it’s meant to be used as an internal tool among developers and/or businesses to make use of in already more secure environments, using their own software. And it isn’t designed to accommodate for the likely problem of people being duped into installing malicious apps. The App Store system IS designed to prevent that.
P.S. And for the record, it really annoys me when people are like “but Apple just wants no sideloading so they can profit from sales in the App Store…” 🙄. As if they don’t have legitimate concerns about the security and privacy of their platform. They have plenty of legitimate reasons to not enable sideloading on iOS, other than profit. Besides, part of that percentage goes towards the transaction fees and other required costs for keeping the App Store running.
Last edited:
You made an argument above that companies complaining fees were “just about the money”, while claiming that Apple’s percentage was “(not) … that high” compared to others.
Yes, of course it’s about the money. So is regulation of competition and antitrust action: whether someone is able to (and does) charge supracompetitive prices is a key determinant in these cases.
That’s why it’s completely relevant.
…which Apple hardly verifies and fails to ensure time and again.
The only robust way to ensure people have control over their data and privacy is on the operating system level: by having properaccess controls in places. It’s not “self-declare and please be honest” as is the current state of affairs.
Ensuring user privacy does neither require an App Store - nor rule out sideloading.
From a technical point, it is sideloading - there’s no difference. It doesn’t require and isn’t restricted to “more secure environments” at all.
Apple are just restrictive who can get such certificates and how they are allowed to be used. But malicious actors will still get them - as alternative App Stores with pirated apps and Facebook have already shown
About as much and many as on macOS.
Which allows for sideloading.
In the end, Apple's legitimate security and privacy concerns are and will be weighed against lawmakers' and regulators' legitimate concerns that Apple is abusing their gatekeeping role in anticompetitive ways.
If Apple charged competitive commissions, didn't prevent app developers from external purchasing options (that don't go through Apple) and didn't compete with media with media distributors/streaming services with their own eBook/video streaming/music streaming options, we wouldn't have this discussion.
Neither would we (probably) have European "gatekeeper" legislation.
If Apple charged competitive commissions, didn't prevent app developers from external purchasing options (that don't go through Apple) and didn't compete with media with media distributors/streaming services with their own eBook/video streaming/music streaming options, we wouldn't have this discussion.
Neither would we (probably) have European "gatekeeper" legislation.
also the webkit lock in
the content censorship issues (in the past they blocked EU magazines)
the blocking of stuff like dosbox (google play has it)
the blocking of other emulators that can load roms from docs / files (google play has it)
If the EU could develop a worthy competitor to apple and ios this legislation wouldn’t exist as the competitor could have free app stores, radiation within limits, support sideloading, open nfc chip, open messaging services and back doors galore. It’s all about regulating American tech.
If they were more competitors, this legislation likely wouldn’t exist, yes.
It’s about regulating gatekeeping tech (and their anticompetitive conduct).
Something that’s not foreign to the U.S. and its Federal Trade Commission either.
So no reason to claim it’s about America.
The companies complaining the loudest are generally multi-billion dollar corporations who absolutely are just whining. Apple’s percentage fee is reasonable, it isn’t that much higher than many other distribution tools people use, and in many cases, it’s actually lower. As I already said, it’s irrelevant whether or not ETSY or EPIC’s percentages are the same, higher, lower, whatever, it completely doesn’t matter, and the fact you can’t seem to move on from that after I’ve explained that repeatedly is just a little ridiculous. I’m not addressing this anymore, you got my answer about that aspect, I said perhaps I had bad information on those particular examples, and I’m not wasting any more time addressing this rabbit trail.
They do verify, and apps are removed when they don’t follow these guidelines.
That’s one way, but ensuring apps that don’t follow the privacy guidelines are removed or aren’t allowed in the App Store is also a good way of ensuring user privacy. And it’s more effective than trying to use system features alone, because apps in the App Store can actually be reviewed by Apple to ensure they aren’t collecting certain kinds of user data, etc. Unless you’re a software security expert, you’re not going to be able to do the same review process Apple can on apps in the App Store. And “self-declare and please be honest” isn’t the current system, the current system is “ok, you’re claiming your app does this, let’s verify that before we allow it into the App Store.”. Which would be gone with sideloading, where apps can claim whatever they want on the web, and there’s no verification process. And the App Store critically helps in ensuring user privacy by holding app developers accountable to be transparent and have to follow guidelines for handling user data. By removing the App Store from the equation, you remove that accountability. They’d be able to do whatever they want with user data, not report it, and not be held accountable with the threat of their spyware apps being removed. That’s a major strike against user privacy.
Even if we assume for a moment that the Enterprise DEVELOPER Certificate is the same thing as sideloading from a technical perspective, the intended use case is really really important. Again, this exception isn’t designed for your average joe to sideload Mario Cart and get attacked by malware, it’s INTENDED use is for ENTERPRISE (literally in the name) for ENTERPRISE use where they’re not as worried about this software being loaded with malware because it’s their own software. This is a completely different use case from average Joe who wants to sideload Mario Cart from we’retotallylegitandnotscammy.com. And any kind of malware that’s trying to use that system is limited to a very niche audience, and most of the people using Enterprise Developer Certificates SHOULD know what they’re doing and how to avoid malware, if they don’t, then they shouldn’t have an Enterprise Developer Certificate.
And, in case you didn’t notice, macOS is different from iOS. It’s not nearly as large as a target for hackers, iOS has a far larger user-base. Also, macOS already allowed sideloading, it would be very difficult to remove that from the system. Instead, they try to do the best they can with macOS‘s sideloading system, but it’s not nearly as secure as iOS is. It’s far easier to hit with malware. So that’s actually a bad comparison for your case, even Apple has said that they do their best to make macOS as secure as they can as it is, but it isn’t nearly as secure as iOS is thanks to it‘s App Store system. So trying to argue that the security considerations for macOS and iOS are the same is completely disingenuous.
There has been no finding of apple being anticompetitive with its nfc chip, messaging or App Store. Epic tried and an the case is still ongoing.
Exactly, Epic has been whining about Apple’s App Store and how “unfair it is”, but several court cases and judges have failed to find any “anti-competitive conduct”.
Oh, and the claims of “anti-competitive conduct“ over the lack of RCS support in Messages is just plain ridiculous. It’s like saying a Pizza company is being “anti-competitive“ by not including kiwis as a topping choice. It’s just silly…
Last edited:
So let's stop pretending Apple is providing "greater exposure and profitability" for them. Those multi-billion dollar corporations like Epic definitely don't need Apple's App Store to that have - the App Store and its 30% commission is in fact their biggest detractor in terms of profitability.
Also, there's good reason they're billion dollar companies: Cause their apps are raking in much more money than your small indy developer. A multi-billion dollar corporation that is stuck with anticompetitive supplier pricing will cost the consumers (as a whole) much more than small developers.
They can do with their user data whatever they want. It's not as if Apple is limiting them them in any serious way. Just declare that you collect - that's it. And more often than not, you're going to get away with not declaring it (unless you access certain system resource out of your sandbox - but again: That's not App Store security, that's OS-level security).
It's limited to use in enterprise to protect Apple's business model of having a monopoly on app distribution to unaffiliated end users/consumers.
Apps signed through enterprise certificates can be installed by the average joe (you just need to trust the developer - pretty much the same as on macOS). That's the point.
Not at all. Apple controls the hardware and can lock bootloaders - the entire system depends on a chain of digital signatures. Just as they can easily remove the ability to run unsigned (unnotarised by Apple) apps from the OS in a heartbeat, they can do the same for non-App-Store apps.
They just aren't doing it for business reasons. There is absolutely nothing preventing Apple from locking down macOS - thereby making it much more secure - tomorrow.
From a technical standpoint they are pretty much the same. The difference is just the degree of freedom Apple is allowing. Which is determined primarily as a business decision and by historical considerations.
So do lawmakers: There's a history of competition and innovation in computer software - which was brought on not by monopolies of app distribution - but by free app distribution.
Not by a court of law, really. But European lawmakers have concluded that there's anticompetitive conduct and/or at least a lack of competition - and of fairness in competition. That's why they passed the Digital Markets Act.
https://www.finextra.com/pressartic...ill-force-apple-to-open-up-access-to-nfc-chip
Who even does claim that, except maybe Google?