I love this idea - I paid a grand for this thing, I should be able to run whatever I like on it.
However, this does make it significantly more difficult for Apple to dictate terms to every random app that your network of friends and colleagues makes you download, and makes it more likely that those apps will be a regression in terms of actual consumer experience.
Regulation of access to your camera roll and contact list is a terrible idea, so I don’t see a solution.
Apple is the only thing stopping WhatsApp (let’s face it, an essential app in 2021) from demanding your location at all times. We don’t notice this on the web, because Mozilla and Google (!) enforce terms for us (and most desktops don’t have GPS receivers).
Take out the gatekeeper on mobile and we might find that the benevolent dictatorship wasn’t so bad after all.
Edit: want to add that replacing Apple’s consumer protection gatekeeper role with a government agency is a non starter. Apple (and to give them credit, Google) know that the data available to the gatekeeper role is toxic and dangerous. Government thinks it’s a big bowl of lollies.
What splitting the app store from the OS does is encourage stores to compete on the basis of quality of the store and not the quality of the store + OS + hardware. Apple and Google will have less leverage, but all the qualities of an aggregator will still apply. Google doesn't own the websites they index or the internet they're served over, but they still have tremendous control over the web.
We see this even in the PC space: people will refuse to buy games not on Steam and many of the stores that sprung up a few years ago (Origin and UPlay) have since conceded and narrowed in scope.
Some apps will bypass the Apple/Google store, advertise themselves, and supply their own infrastructure for distribution. When that happens, Apple and Google will no longer have control. Implicit in the argument that they should have control is the assumption that these two companies are the only two enforcement bodies that can be trusted. As should be evident by now, you do not control Apple or Google and have no recourse if they break your trust. These companies care, first and foremost about their profit margin. It is naïve to think that consumer choice reflects Apple's or Google's stewardship of the store. Not everyone buys a phone because they like the walled garden.
I used to think sideloading was/third-party stores were a problem because of what you describe, but I've come to believe that it's the most free-market solution available to curtail some of the excesses of these gatekeepers while minimizing design-by-government.
The issue is that, now, third-party companies can force you install their store to download their app, and can use ad tracking identifiers outside of the IDFA, or worse, use private APIs (like auto-obtaining your phone number) as much as they want. We saw this with Epic before they went on the Play Store - you had to use their launcher to install Fortnite.
All it does is force "choice" onto users further down the stack - users that don't know what they might be giving up when they install a third-party app store when trying to install "Fortnite" or even "Fortnite VBucks Generator Free iOS".
> The issue is that, now, third-party companies can force you install their store to download their app
And they will have a vastly reduced set of people willing to use their software as a result. Other than a few key things, that's probably more trouble than it's worth for a lot of people, and the requisite "Warning: This app store is handled by someone else to make absolutely sure you trust the company running it" will scare a bunch more off, if it's something new.
If, on the other hand, it's Steam, or Epic, or some other super well known steward of content that has a well known name and reputation, then maybe if users are also lured by lower prices, they might consider it.
You know, exactly the same way you might feel a lot more comfortable buying that watch or toy you really want if it's from your local target and not some random guy with a table on the street.
If Epic/Tencent forces iOS users to use their app store to play Fortnite, there will be no luring of users based on lower prices.
They will just (effectively) all move over and (effectively) none of them will read any warning text.
God only knows what companies like 100% Tencent owned Riot Games will have running on millions of Americans' phones once they get the elevated access an app store requires.
Exactly. There shouldn't be a private API to get your phone number. There should be a public API, and calling it should request permission from the user.
Of course, the app can refuse to function if you deny it...
Exactly. Come in HN. You’re smart. If you give the average user numerous pop up boxes to click they’re going to be conditioned to click allow no matter what the permission is to get where they need to go. It is not an answer and counter productive.
Sure, there's a fine line between users actually reading the prompt and making a real choice vs. just tapping "allow" to get it to go away.
I feel like "do you want to give this app your phone number?" falls under the former, though. Right there along with "do you want to give this app your location?", which is of course already something users have to allow.
When you rely on a gatekeeper for security, it results in problems like the Play Store being the main vector for malware distribution on Android[1], and Apple's App Store distributing 500 million copies of Xcodeghost to users' devices[2].
Xcodeghost was just another analytics API to Apple, so they didn't care until they were alerted that it was added to apps without the consent of these developers. It was not 'malware' in the sense of enrolling users in a botnet or utilizing private APIs to record the screen without permission.
Lookout Security describes it as malware[2] and as malicious, as does Palo Alto Networks[3], Ars[4], Reuters[5] and The NY Times[6].
From here[1]:
> Remote control security risks
> XcodeGhost can be remotely controlled via commands sent by an attacker from a Command and control server through HTTP. This data is encrypted using the DES algorithm in ECB mode. Not only is this encryption mode known to be weak, the encryption keys can also be found using reverse engineering. An attacker could perform a man in the middle attack and transmit fake HTTP traffic to the device (to open a dialog box or open specific app for example).
> Read and write from clipboard
> XcodeGhost is also able, each time an infected app is launched, to store the data written in the iOS clipboard. The malware is also able to modify this data. This can be particularly dangerous if the user uses a password management app.
> Hijack opening specific URLs
> XcodeGhost is also able to open specific URLs when the infected app is launched. Since Apple iOS and OS X work with Inter-App Communication URL mechanism (e.g. 'whatsapp://', 'Facebook://', 'iTunes://'), the attacker can open any apps installed on the compromised phone or computer, in the case of an infected macOS application. Such mechanism could be harmful with password management apps or even on phishing websites.
> Stealing user device information
> When the infected app is launched, either by using an iPhone or the simulator inside Xcode, XcodeGhost will automatically collect device information.*
> Then the malware will encrypt those data and send it to a command and control server. The server differs from version to version of XcodeGhost; Palo Alto Networks was able to find three server URLs:
My point is that these are all things which analytics apis (which, mind you, are also arguably malware) at the time did as well - reading the clipboard was common as many operated their own internal clipboard proxy due to the slowness of pasting in older iOS versions. It's only called malware and not Facebook because it was injected into developers' apps without their knowledge.
And the 'remotely controlled via commands' section is meaningless - apps can't JIT so such C&C was simply turning flags on-and-off to go on different code paths.
The OS layer can be compromised - all recent iOS jailbreaks besides ones that rely on checkm8 use a series of userland exploits to break out of the sandbox and gain rootfs access. Nothing is stopping a seemingly innocuous App Store from installing an app that silently jailbreaks the phone in the background to then bypass the OS whitelists that gatekeep these private APIs to Apple-provided apps.
Also slots nicely under the "failure of an OS" category.
Legislation like this forces Apple to actually maintain a good OS lest it be riddled with malware. They seem to be doing fine on macOS they can do the same for iOS.
Craig Federighi said it himself that the level of malware on MacOS is unacceptable[0]. It's impossible to make a completely secure OS that never has bugs - it's less impossible to create a review system with rules and processes that limits the amount of user-downloaded malware to single-digit numbers.
Craig Federighi is a very powerful executive doing everything in his power to protect his company's business model. That includes lying as he did in that court. Craig uses a Mac everyday he's fine with it's security.
I'm sure his MDM-enforced gatekeeper setting is on "Apps downloaded from the App Store" and not in the default position that includes "and identified developers".
I do think competition will be limited, though, as Apple's and Google's stores will be installed by default when you get the phone. Most people just stick with the default. Consider browser search engine defaults: Google pays Mozilla a lot of money to be the default search engine on Firefox, even with Firefox's small and declining market share. The holder of the default has a huge competitive advantage in that most users won't stray from it, or even think about the possibility of an alternative.
(It's funny, because this just feels like an echo of the 90s, when Microsoft killed Netscape in no small part by bundling Internet Explorer as the default for new OS installs.)
But only Apple and Google are big enough to fight the other bad actors. Sure, their interests may not always be aligned with mine, but we are much more likely to be aligned than mine with the bad actors.
So, I pay my money, and I get Apple to be my Big Brother who protects me from the bad actors. And if I decide that I no longer want Apple to play that role, then I can go buy an Andoproid device, or whatever.
But Apple can’t effectively play Big Brother in that role and protect me from all the other bad actors, if they are forced to allow alternative app stores and sideloading.
It’s like cryptography. Either it’s broken, or it’s not. Or Pregnancy. You are either pregnant or not. You can’t be a little bit pregnant, or have crypto that is only a little bit broken.
> if they are forced to allow alternative app stores and sideloading.
You can not use alternatives.
It's like pregnancy, if you wear protection, you can have safe sex. If you're scared protection isn't enough, you can not have sex and you won't get pregnant.
Ok wait that's a weird example that isn't supposed to be preachy but the point is you can always not use non-apple app stores and apple can still protect you.
The largest part of this protection is major companies not being exclusive on other app stores. If EA says all games must be downloaded from X, people are going to use X even if X doesn’t offer refunds of any kind etc.
For a lot of the world, they will not be able to say ‘no’ to a Facebook App Store. That’s the attack vector. Selling an ad-model based FB app on the FB App Store might have more reach than simply targeting iOS users.
If Zuck’s money is behind this, it’s a really good checkmate.
Where are the real journalists when you need them? We need a list of whoever is funding these lobbyists.
> But only Apple and Google are big enough to fight the other bad actors. Sure, their interests may not always be aligned with mine, but we are much more likely to be aligned than mine with the bad actors.
So, I pay my money, and I get Apple to be my Big Brother who protects me from the bad actors. And if I decide that I no longer want Apple to play that role, then I can go buy an Andoproid device, or whatever.
That's quite a Stockholm syndrome-y view. What protects users, first and foremost, are users themselves.
Take the imaginary scenario of "WhatsApp requiring constant location data".
On an open platform, other users will provide you tools to defeat these requirements, either by modifying the app code itself, adding code around it to provide it fake data, or simply not allow these APIs in the first place.
If WhatsApp is really clever about it and detects all attempts at thwarting the surveillance, then users will develop and distribute an alternative messaging service (see Signal gaining serious traction after a way milder anti-user update by WhatsApp a few months ago).
It's only in the context of a lack of competition that such bad behavior is tolerated by users.
> But only Apple and Google are big enough to fight the other bad actors
"big" is not the deciding factor. Amazon and Microsoft are also big. They do not decide what's on your phone. Apple's and Google's stores are big by default because Apple and Google have control of the platform. It's not the other way around. It's also not binary. If the store is decoupled, they will have less control, but not no control. Influence is weighted by user-base.
> Sure, their interests may not always be aligned with mine, but we are much more likely to be aligned than mine with the bad actors
Their interests are more aligned because they sell you the platform. They have many more ways to do this that aren't dependent on a quality app store. A store that survives on just the store is even more aligned to maximizing loyalty and trust in that store.
> And if I decide that I no longer want Apple to play that role, then I can go buy an Andoproid device, or whatever
Maybe you can, but for most people in the world, a phone is a significant investment and not a choice you can easily switch when you've already spent significant money in the ecosystem.
> It’s like cryptography. Either it’s broken, or it’s not
It's not. Even now, there are practical limits to what Apple can demand of its developers. Less control means less power, not no power. A store filled with bad apps is not a store most people will willingly buy from, unless there is external pressure forcing them. I don't think there's really much of an argument there. What this discussion is really about is the Facebooks of the world that have tremendous influence and also do shady things. Already, we see that Facebook plays by different rules with different stores, with greater tracking on Google platforms. This wouldn't change if Apple's store were still big enough to matter, but if Apple's power were weakened there's a risk that Facebook (for example) might have enough power to not care. So, this is what it's really about: some people trust Apple more than Facebook and want Apple to have total power in that relationship by being bigger than Facebook. This necessarily piggybacks off of the power given by people who do not care about or trust Apple, gained by means that are not the quality of the store. These people will likely stay with Apple regardless of how much Apple abuses its trust, but yet the people that do trust Apple think their trust matters.
> Amazon and Microsoft are also big. They do not decide what's on your phone.
I agree with your point, but just want to point out that Microsoft does similar things on Windows with Defender that Apple does on macOS with Gatekeeper, and both can be described as the companies deciding what does or doesn't get to run on your computers.
Both companies require you to buy certificates and remain in good standing with them if you want your software to run on Windows or macOS without a problem. Microsoft and Apple can revoke certificates whenever they want for any reason they want, and after doing so, Defender and Gatekeeper will prevent apps signed with those certificates from running on either OS.
macOS treats unsigned apps as if they're radioactive, and hides the ability to run them from the user. The switch to the M1 platform brought a new requirement that all apps must be signed as unsigned binaries won't run on M1 Macs. Windows Defender will also treat unsigned apps as if they're radioactive, and prevents users from running them initially.
If you want your apps to actually run on modern macOS or Windows systems without users thinking they're either broken or malicious, you need to pay for certificates and remain in good standing with both companies. Apple goes one step further and requires all apps to be Notarized, which involves uploading the app to Apple's server so it can analyze and approve it to run on macOS.
To truly open up iOS, by my understanding, Apple would need to remove the requirement for notarisation of binaries. This would mean they'd also need to sort out their entitlements system, given an app can use entitlements to say it isn't sandboxed. That was the root cause of a recent exploit, where differing parsing logic allowed an app to get signed while declared as unsandboxed. (https://siguza.github.io/psychicpaper/)
One approach could be to namespace installed apps based on the store ecosystem which installed them. Assuming platform level permissions for access to user data are enforced by the platform and can't be worked around via the manifest file, this would ensure apps can't move around outside of their "store" sandbox and access the data of other apps.
More ideally, Apple would move away from signing a plist that gives an app special access, towards the user prompts like those for contacts access etc. And where possible, use portals to give granular access to selected resources like photos (or selected contacts).
> To truly open up iOS, by my understanding, Apple would need to remove the requirement for notarisation of binaries.
Or extend the notarization system such that adding another store adds another notarization authority to check.
There's no technical reason Apple can't provide a close to seamless experience for other app stores, there have always been incentives to not do so though.
Even if this bill were to pass, I don't think we'd see smooth use of external app stores, but not because it's technically impossible, but because it takes effort and the incentives for Apple are still to not put any effort into it that isn't strictly required, beyond not leaving the perception of their security in shambles.
Absolutely - there's few technical barriers here. I thought about the idea of supporting multiple notaries, but concluded that the current system is too reliant on the notary system for platform security, since the signed app's permissions statement is taken "as-given".
A redesign of this would certainly enable a seamless experience - just namespace apps by their store, and the official app store becomes one of many stores, sitting inside a namespace based on their public key hash.
I regretably concur - the non technical barriers would go up. I could envisage some convoluted process to add a store (that would make installing a provisioning profile seem like a walk in the park, even though actually a provisioning profile might be the best technical example this could be done!), followed by a whole list of restrictions imposed on apps from alternative stores - no Apple pay access clearly, probably no NFC hardware access (wouldn't want someone able to use that hardware they paid for!!), no keychain access (to protect you). Perhaps no photo reel access and no doubt no iCloud access, and no ability to bypass background task restrictions to build your own cross device data sync ecosystem.
Being able to plug in an alternative to iCloud would certainly also be nice (so you don't need their cloud storage to use data sync and other nice-to-have features some people use, like backups), but I just don't envisage it happening. Making that kind of on-device, app-facing API pluggable would be the right technical approach... But no doubt iCloud would remain the "only" storage provider, for non-technical reasons.
> Or extend the notarization system such that adding another store adds another notarization authority to check.
This assumes those App Stores themselves are either audited or verified by Apple to provide a level of verification to prevent such apps from just being submitted unsandboxed and/or the platform notarizing every app without question - which I can assure you is not what the policy makers nor the people behind the funding for this bill (collation for app fairness most likely, Epic second most likely) will accept.
> This assumes those App Stores themselves are either audited or verified by Apple to provide a level of verification to prevent such apps from just being submitted unsandboxed and/or the platform notarizing every app without question
No, it very specifically doesn't. It would be Apple allowing another authority to also shoulder this load, after the user has specifically said they want to also trust that authority.
I have no idea how you could come to the conclusion the Apple would need to verify everything in a discussion about a way in which Apple would not need to be the only entity verifying everything.
Why aren't all apps severely isolated from each other today? Because Apple could pretend that their half-assed draconian oversight is 'good enough' protection for everyone? If this forces them finally to implement real, technical isolation and protection measures for apps and APIs then GREAT. 15 years late is better than never.
To an extent. Maybe the system can still block location access, for example, but it can't force the app to gracefully degrade without it. A future version of WhatsApp could lock you out until you give it location, contacts, calendar, phone call log.
There are lots of soft-rules that Apple enforces around permissions that are still really beneficial. For example: the new "you have to be up-front about all usage of user data" would be nearly impossible to enforce at a technical level.
If all the apps that don't want to comply can just leave, you may find yourself relying on Apple services even more than you do now, because nobody else will respect their rules.
> If all the apps that don't want to comply can just leave, you may find yourself relying on Apple services even more than you do now.
Or more likely what's gonna happen is the 95% of users who care more about having WhatsApp than privacy, will install the Facebook app store and get the apps from there.
Not really. If there’s an alternative App Store, then apps in that store can use private APIs and there’s nothing Apple can do to stop them. If there is only one App Store and it’s run by Apple, then if an app tries to use private APIs, then Apple can kick them out of the App Store.
This really is an all or nothing deal.
Once you jailbreak your device, or allow an alternative App Store, it’s game over for that device.
Arguably an approach that assumes there can be a hostile store operator would create a more secure and private product, as Apple would rely less on private entitlements and APIs in plists, and more on either technical measures to control access to these APIs, or actual security across them.
There's antitrust potential around private APIs and entitlements, like the background video access given to zoom before it was available to other developers. Arguably the "green dot" status bar warning approach helps alert users to abuse of this API, and a permission prompt before first use would let users choose.
Sandboxing binaries more than at present would also improve the general security posture of the device - I'd want my app sandbox to be secure even if a rogue app gets onto the device, and such a security posture would arguably better secure iOS for all users.
I could see a need to namespace keychain and team IDs and similar with a secure identifier (like the public key of an alternative app store's signing CA key), to protect keychain and other information from spoofed apps, but again this kind of change would arguably better harden iOS for everyone. The less that platform security relies on trusting someone else to validate and sign a plist, the safer the more secure the platform will be for users even of the default store.
That’s a good point, but the behaviour I’m talking about is enforcing the optionality of those functions in order for the app to work.
I might be wrong about this (not a dev, just play one on the internet) but Apple has the power to say that in order to submit an app to the App Store, user location/contacts/photos/whatever must not be required to be turned on for the app to work. ie. Apple enforces your ability to use WhatsApp without giving up microphone access.
Without that model, yes, permissions are still granular. But WhatsApp can tell you to turn all of them on, or you can’t use the app. To me, that’s not a meaningful difference to the “just don’t install it” crowd’s preferred suggestion.
This approach sounds a lot like that used by XPrivacy, and its successor, XPrivacy Lua, both for rooted Android with the Xposed framework.
They allowed you to spoof responses to a huge range of API calls that revealed sensitive data, by hooking function calls in the underlying OS, and returning arbitrary or random values, which could be a subset of the full valid set of values.
That approach works pretty well if you test it robustly and ensure your dummy responses are valid according to the API spec.
Something I always feared was that apps would try to detect this and refuse to run if you didn't have any contacts or photos, or had folders on your SD card that they could not access, but I'm not aware of this ever really having materialised, beyond banking apps and some online games using Google's device attestation, which didn't really play nice with the Xposed framework.
> However, this does make it significantly more difficult for Apple to dictate terms to every random app that your network of friends and colleagues makes you download, and makes it more likely that those apps will be a regression in terms of actual consumer experience.
Well, the corollary to "Mussolini made the trains run on time" is that they weren't on time without him.
Also, like how that's actually a myth, perhaps Apple actually doing a good job running their App store isn't really all it's made up to be either.
Finally, even though the initial view of a lot of people is probably that it's unfair to pull a baby Godwin on this, I think there's a lot of parallels that deserve a deeper look and examination, where we piece together why we're okay with strict authoritarian practices in some cases and not others, and possibly whether there's a link as to whether we accept it in a case where we think it benefits us, without considering how it affects everyone overall and the long reaching effects.
Apple still retains full OS level controls and perhaps a good level of controls on what app stores can do. In fact, I expect the OS level protection to become even stronger if this bill gets passed since that is the only way to keep Apple's controls on users.
I’m fine with app restrictions as they are. The problem is even apps which do not do anything special get removed from the App Store for a ToS violation. You can not for example publish an app that lets you download YouTube videos for example even though this does not require much access to anything.
This is a good use case actually - Apple seeks to prevent "thought crimes" from arising around breach of third party terms of service etc, like this. Even if a user may be acting legally around copyright (overwhelming public interest of newsworthy material that's likely to be removed).
They also don't permit GPL-licensed software on their store, since the extra restrictions they impose appear incompatible with the GPL license.
An alternative store ecosystem would no doubt emerge very quickly, which allows GPL software, or perhaps any kind of free/open source software (like F-Droid in the Android ecosystem). That would arguably be a good thing for independent developers and the open source community.
> However, this does make it significantly more difficult for Apple to dictate terms to every random app that your network of friends and colleagues makes you download, and makes it more likely that those apps will be a regression in terms of actual consumer experience.
Don't you think that is something apple should have thought of before doing what they did to cause the outcry that lead to this?
Apple wanted to be the gatekeeper blocking out harmful apps, fine by me.
Apple then wanting to use that gatekeeper status to steal money from app developers, block apps that compete with apple internal apps, and enforce moral choices on what kinds of apps you can install on your phone, evil by me.
They could have done the former without doing the latter, but they fucked it up, and have to pay the piper.
> We don’t notice this on the web, because Mozilla and Google (!) enforce terms for us (and most desktops don’t have GPS receivers).
I still tend to think the technical steering committees, operating out in the open, have done an unbelievably fantastic job of sticking to mission, of growing a user-centric pro-user web. They've abided by fantastically high standards, been unwaveringly unwilling to accept privacy or security compromises. Microsoft and Safari also exist here, and there are countless interested other small parties trying to enhance the web, to make it stronger, to make it more secure, and because this is happening in public, it is very very hard for even the product owners to take advantage.
The web is also Google's home: they exist because of the web, they existed for a decade having virtually no other presence than the web. The rest of public-facing computing remains locked up, truly & genuinely controlled by corporate titans. Their advantage is to grow a healthy competitor, one that is still diverse & ever more competitive, one that is ever more appealing to the user.
Look at the current fights. Current fights about specs are about a seemingly wild & wacky federalized learning algorithm (most hated by the ad industry above all & media outlets second), and then Apple and Mozilla who wage a campaign decrying how horribly bloody awful it is that there are Ambient Light and Web MIDI specifications, and boo hoo look how terrible & bad things are. There is enormous Fear Uncertainty & Doubt, extreme reactionary-ism happening against the web. But to me: the web appears very well protected; it's interests & citizens are extremely vigilant & vocal about what happens to their cherished public internet medium, and change is slow, well planned, & deliberate (ok so the recent cross-frame alert() getting dropped is an unfortunate but perhaps moderately understanding counterexample of that process & deliberation).
Sunshine really has been an incredible disinfectant.
Yeah, I feel like the most likely outcome from this path is that Facebook launches a competing app store and offers developers lower fees than Apple in exchange for their users' data.
Which is kind of a problem, because all this does is provide choice to developers, not to users.
I very much doubt the app would be available on both stores but cheaper on the FB one. Instead, the developer will pocket more money on the FB store, while the apps wont function without all kinds of permissions requires to accept.
> which will give it a bad reputation as a store and that will drive people away.
Which will give it a bad reputation among the HN crowd and drive a tiny fraction of global user population away. The rest will happily grant the permissions requested if it gives them access to the latest Angry Birds game, or to Facebook app itself for example...
I mean, how many millions of users does Facebook still have that either have no idea about the impact of sharing their life with it, or don't care, because their social network interaction is essentially locked into the platform?
How many people have been successful at getting their friends & family to switch from FB Messenger or WhatsApp to something like Signal? Some, sure...
Many people have a bad image of Android and only use iOS because "walled garden = safe family". Those people are not going to suddenly be happy using the FB Store.
> How many people have been successful at getting their friends & family to switch from FB Messenger or WhatsApp to something like Signal? Some, sure.
Maybe it's an americanism, but i know almost no one that doesnt use SMS exclusively on android and SMS + iMessage on iphone. a few techies use signal, but i've never met anyone ask to use any other chat platform.
As long as the Facebook store also maintains a reputation for not having malware, Facebook parents will happing download "Facebook App Store" to download "Facebook".
> I love this idea - I paid a grand for this thing, I should be able to run whatever I like on it.
The price shouldn't matter. If Apple sold it for $1, losing hundreds of dollars in raw materials per purchase, would you still say that? In both price scenarios, Apple expects pay on the back-end in the form of the 30% cut they take from app purchases and in-app purchases. It's the same with consoles - they're basically sold at a loss or very near-cost (eg. the $500 PS5 might have a per-unit COGS of $450) which, with R&D costs, isn't profitable on its own without backend revenue to recoup that loss, ie. from game sales or PSN/Xbox Live.
Sony recently confirmed that the $500 PS5 is no longer selling at a loss, thought the $400 PS5 Digital Edition still is.
I assume they are measuring it by component and manufacturing cost, and not counting amortized costs such as hardware and software R&D, digital infrastructure, marketing, etc., which are probably substantial.
judging by alternate app stores on android, the vast majority of people will probably continue to stick with the apple app store, and only that. I'm not so sure whatsapp could get away with having people download the facebook store to download whatsapp. and I suppose apple can still impose restrictions on apps via other means besides the app store
> those apps will be a regression in terms of actual consumer experience
Current conditions protect and fortify established companies to behave as bad actors. It's impossible to compete as a new product when you're permanently separated from your customers by predatory platforms.
> Apple is the only thing stopping WhatsApp ... from demanding your location at all times.
Nope, I will just disallow it. Or I will feed it random GPS coords. After all I own the device I paid $1000 for, and can run whatever software I like on it, including custom GPS drivers.
I dont know anyone that uses facebook messanger (is that different from facebook?) and I didnt know that there is smartphone client for discord. On the other hand all my contacts have whatsapp and some have signal.
It’s different from Facebook in that you can access it without having to see the Facebook news feed (either using the messenger app, or messenger.com). It’s the same as Facebook in that you need a Facebook account to login to it, and it’s just the messenger part of Facebook.
The discord app is pretty nice, just remember to mute any fast moving servers that you are part of to avoid getting spammed with notifications.
>your network of friends and colleagues makes you download
When you're a child typically you learn to use the word "No." If that's not enough then whatever crap they want you to install is probably non-free software (otherwise it would already be on sane app stores) so you can use that if you need an excuse.
No, grandma does not have an email or even have a concept of an email. 'Grandma'shouls have been a clue that technology literacy of this user is roughly zero.
Also neither email nor phone enable me do a video call and inspect something she is struggling with.
Most social media services actually require an email address to set up in the first place. Also consider that it's not the 1980s. If Grandma is 65 then she was born in 1956. When she was 14 the first email was sent. Computers took off when grandma was 24 and became pervasively including being part of most people's working lives during the time frame when grandma was 34-44.
This grandma and people older than her represent only 15% of the population and at this point 99% of them have emails. In 10 years. In the next 10-15 years half of grandmas confederates will have passed on further shrinking the population of non email users towards virtual insignificance.
However, this does make it significantly more difficult for Apple to dictate terms to every random app that your network of friends and colleagues makes you download, and makes it more likely that those apps will be a regression in terms of actual consumer experience.
Regulation of access to your camera roll and contact list is a terrible idea, so I don’t see a solution.
Apple is the only thing stopping WhatsApp (let’s face it, an essential app in 2021) from demanding your location at all times. We don’t notice this on the web, because Mozilla and Google (!) enforce terms for us (and most desktops don’t have GPS receivers).
Take out the gatekeeper on mobile and we might find that the benevolent dictatorship wasn’t so bad after all.
Edit: want to add that replacing Apple’s consumer protection gatekeeper role with a government agency is a non starter. Apple (and to give them credit, Google) know that the data available to the gatekeeper role is toxic and dangerous. Government thinks it’s a big bowl of lollies.