183 comments

[ 3.2 ms ] story [ 231 ms ] thread
Today's average smartphone is a more general computing device than the PC 20 years ago when Microsoft had it's anti-trust case.

And Apple is far more egregious than Microsoft in this case.

Would love to hear other views.

> Would love to hear other views

Literally a court case.

They have successfully marketed that their model is safer than the alternative which MSFT never managed to do. With Android as a counterpoint, that’s not necessarily obviously untrue. The consistent focus maintained around user safety does appear to be their primary motivator with financial and strategic reasons being secondary. With MSFT it seemed the reverse.

It’s also possible they are entirely similar and Apple just has the benefit of a more mature SW development ecosystem and more experience navigating the legal and political systems learning from the missteps of others and themselves.

I don’t think this is a black and white thing though. In fact, the closedness insulates any underperforming engineering teams from competition because competitors are unable to get access to the same APIs and compete on providing alternate implementations of the same thing. That’s a challenge for Apple in terms of continuing to excel in the products they ship. I doubt it’s a big one they care about though.

> Would love to hear other views.

Views heard: [downvote]

>Today's average smartphone is a more general computing device than the PC 20 years ago

I have trouble seeing that. 20 years ago, you even had a choice of operating systems and could execute arbitrary code on a PC so it's hard to see that PC as less general purpose than a smartphone which is generally designed to use only an OS and apps allowed by the app store maintainer.

I’m not sure what your point is. Case details are fuzzy right now, but wasn’t Microsoft accused of anti competition practices. Things like blocking browsers or apps that competed with their apps. They had a solid lock on the desktop operating system and were actively hurting competition

Apple is not competing against Epic games here. They aren’t blocking them to force users to buy their Apple version of whatever. And the Epic games can run on tons of popular platforms.

This is really just about payment transactions? So I don’t see a comparison in any way with the facts of the Microsoft case. Other than two big companies asserting greedy rules on their platform. Is that enough for anti-trust? I can’t argue that case in a post

Apple does compete against and block other apps quite regularly. You can't change your default browser, heck you can't even install a different web rendering engine from the one they provide (which is another way of forcing app distribution to go through the web store since other browser vendors can't push the web forward on iOS).

The crux of the Epic case is that there's no alternative to the app store. If there were an alternative to the app store, Epic would not be subject to Apple's capricious whims or 30% tax. So, yes, Apple is blocking competition with their services on their platform.

I see. So you are expanding the scope from Epic complaining about fees to _everything_.

You make good arguments. Just to play devils advocate, PlayStation and XBox are also closed platforms and I think they take a cut. Amazon Fire devices take a cut by making you buy their virtual currency. I don’t know if Apple is doing anything different.

And the real issue in my mind is Microsoft had a real monopoly. Epic is free to put their games on millions and millions of other devices. They aren’t locked out of “the market” as a whole

>Today's average smartphone is a more general computing device than the PC 20 years ago when Microsoft had it's anti-trust case.

Can I write programs for my smartphone using my smartphone?

> Can I write programs for my smartphone using my smartphone?

Yes; at least if its Android you can develop, package, and deploy apps to your device from the same device (for ergonomic/UX reasons this works better with external keyboard and display, or a tablet, than a bare smartphone) as well as editing code and running it in any one of many available interpreter apps.

(comment deleted)
Also needs to be mentioned that iOS is still locked on the Pro devices so I am not sure how someone could claim that those devices are not computers and so justify a "child mode restriction for all" as per Apple owns world.
This is a good point, and has to be considered very seriously. This is the core trade off that we are making.

I am still against it, but I think Craig did an excellent job explaining what is happening here. Apple is protecting people from themselves, unfortunately this also requires taking away control.

It's a difficult problem and the costs of the security model are passed mostly to devs in the form of their time getting through the review process and being careful to plan features that fit within the subset of allowable behavior.

Concrete example: I have a small Mac utility in the App Store. I've had to can an unreleased feature because of App Store restrictions; specifically, using IOKit to read some device information. It's a shame. I also dread submitting every update; I never know if the reviewer will 'get' what my program does or not, as well as have the necessary equipment on hand to test it.

Cost of doing business, I suppose. It was meant as a learning exercise and has made some money, so it's all good. I may consider selling it via Paddle in the future.

You can mitigate the tradeoffs to some degree but there are always going to be tradeoffs between security and convenience (and sometimes functionality as in your case).
>as well as have the necessary equipment on hand to test it.

It's Apple doing the testing of software on hardware built by Apple. Why would you think that they would not have the equipment to test it?

My app only really makes sense if you have more than two separate audio devices. Many testers probably only have the built-in speakers and maybe some headphones, and thus never have problems with macOS choosing the wrong one.
I honestly have sympathy for the case he makes. I don't take issue with the way that Apple has restricted the ability to get apps on an iPhone. The problem is the 30% cut that they take in the app store. I think the system can largely stay the same, but they're clearly profiting from the cut they take. It's not simply recovering operating costs.

edit: I'm not saying that they're not allowed to profit. I just wanted to point out that the 30% isn't strictly necessary to run the app store.

Smaller shops/indie devs can qualify for the Small Business Program, which reduces Apple's cut to 15%.
I think something like 15% default and 5% for small companies would be much better for the services they provide.

App Store compared to Play Store regarding discovering apps is still much worse in my opinion.

I think it’s one of the biggest gripes I have after I switched to iPhone.

Without robust* competition, how can you put a value on the services they provide? They wrote an entire, very successful, platform, upon which someone's business depends. They employ an army of engineers that are probably more highly skilled than the average app developer to keep this going. They've even done the hard work of attracting almost all the consumers who spend money freely to their platform.

Auction houses such as Christie's take up to 25% for a similar service (connecting sellers with affluent buyers), although one that's probably far easier to replicate.

*robust meaning low switching costs, but it's hard to imagine how one could have low switching costs on smart phone platforms

> Auction houses such as Christie's take up to 25% for a similar service (connecting sellers with affluent buyers), although one that's probably far easier to replicate.

When you want to place an item up for auction, there are more auction houses to use than only Christie's. That might be why their price fixing scandal was discovered in 2000.

Imagine also having to buy a $1,000+ ticket to be able to bid in a Christie's auction.
I understand all that and if I wouldn't like the core of the concept, I wouldn't have switched to the Apple ecosystem.

But they also get money if the software for their hardware is easy to find and browsing the App Store is a fun experience instead of getting the same "few" apps. (No wonder apps like AppRaven exist.)

If the App Store was a different company unrelated to the hardware, I think it would be a different story. But since it's all tied together, it's like their own Sales platform.

This program does not 'reduce apple's cut to 15%'. Under some circumstances, Apple will reduce your cut to 15% for a given year. But if those circumstances cease to apply your cut jumps back up to 30% for that year AND the next year. For products that you buy once and use forever, this can mean that a small business has a great "launch", earning over the threshold for that one year, then stops earning much the following year but still has to pay 30% for both of those years. This might look like '$1 million per year' in income, but what it actually means amortized across two years is '$500k/year before apple's 30% cut', which once you consider taxes and the cost of employee benefits (insurance, etc) is about enough to pay 3-5 salaries.

Note that Apple could have designed it not to work this way - they didn't, they chose this more complex system because they're greedy and want 30%. This program really only benefits lifestyle businesses and businesses with like 1-6 employees. A more "honest" program would be "15% on your first million dollars per year" which would achieve the goal of helping small businesses and be simple.

Also note if your income is largely being passed on to third parties (processing transactions for charities or individual small businesses), this eats into both your margins and the profits of the companies you're passing the revenue on to. The only solution for that is for every customer to create their own developer account and upload bespoke apps for themselves - something Apple prohibits under current policies.

What’s wrong with them making a profit? I don’t think that would be a powerful argument in this case on its own.
Don't you know, we're supposed to martyr ourselves for humanity. Profits bad.
Its not that they are making a profit is that users have no choice, and no choice but to give them 15-30% for no value add (arguable). It's a racket.
(comment deleted)
How many users spend more than a tenner on paid apps? Not many... but Epic made 300 000 000 a year on iOS alone selling in game items. What value is epic selling there?

Epic is targeting kids with Fortnite and its their money that they're after. Impulse- and vanity purchases, much more than anything else.

Whereas, when buying a paid app, one usually gets real value. At least as I see it. But maybe this means i'm old :D

If you're going to argue "most users don't spend more than ten bucks", how do you explain Apple earning 20 billion USD per year off the app store? 20 billion USD divided by 10 dollars is 2 billion customers. But Apple only pockets 3 dollars of that 10, so it's actually 20 billion divided by 3 dollars - around 6.6 billion customers.

Do the math.

That's not true. There are repeat customers, so you probably mean app sales not customers. Even that isn't true, since there are in-app sales that go through Apple.
OK, so you're arguing customers spend <= 10 dollars per app on multiple apps. How many apps? These arguments are being used to make the case that Apple deserves to earn $20 billion USD per year, or even must. I think if you're going that far you should be able to at least support that with napkin math instead of hand-waving.
There are two facts you are not taking into consideration, instead you chose to attack something I didn't write. Those two facts are:

  1. A Customer is not the same as a Sale.  There can be muptiple Sales per Customer.
  2. App Sales * Avg App Cost is not the same as Total Sales.  There are also in-app sales.
> I think if you're going that far you should be able to at least support that with napkin math instead of hand-waving.

I think you are arguing for the sake of arguing.

If I find a game I enjoy, I will usually give them 5-10 and play until it gets ridiculous. I don’t want to play a game for a month, check up on it every day, etc.
Law of skewed distributions. A few apps, like Fortnite, generate huge amounts of revenue for the App Store (and for Epic in this case). Most apps are actually free or ad-funded and don't generate any revenue for Apple apart from the 100 bucks dev fee.

So it's fortnite and a bunch of other apps that make those 20 bn. Again, Fortnite alone made 300 M a year for epic, and 150M a year for Apple.

Actually I'd bet that the largest part of the revenue is generated by in-game purchases. Too easy to trigger addictive gaming with simple tricks like intermittent reward.

Game IAPs definitely have skewed distributions, but I think the exact numbers have significant impact on arguments made about how much of a cut Apple deserves or how much total profit is reasonable. If you're making arguments about that I think you need at least basic numbers to support them, and those numbers aren't here.

Apple and Epic both have those distribution numbers, and I wish those showed up in the trial. The distribution is going to vary wildly from app to app, and games like Fortnite allow you to earn currency in-game. While I know they are skewed from personal industry experience, any claim from me about the actual average would be complete speculation.

Yes, since Apple wouldn't release the numbers required we cannot do a proper analysis.

Personally I don't know anyone who spends huge sums on paid apps, but I know of cases where kids spend huge sums on in-game stuff on iOS.

So yes, it's based on anecdotal evidence, but I have yet to hear an account of someone who regularly spends more than a tenner per month (or even per year) on paid Apps.

Their choice is to buy an android device. The phone market is not a monopoly unless you limit the market to only Iphones, and that's ludicrous.
Apple has made the argument in court that a given app can be essential for work or education, so customers have no choice but to acquire that app any way they can.

On that basis and others, while I think it is appropriate for a company to make a profit, there has to be a thing as "too much".

Apple (according to evidence in this case) currently earns like 20 billion USD per year off the 30% cut. To me, this is absolutely more than necessary, and while it's not exactly the same as how the cost of insulin has gone from $0.05/unit in 1991 to ~$0.30/unit presently, apparently apps are essential, so it's worth asking just how much it's reasonable for Apple to skim off the top. In the end, the cost of that 30% fee will get passed on to the customer one way or another, and Apple allows that to happen as well.

Ok. But consumers aren’t forced to purchase an iPhone. They could pick Android. Presumably they are considering the whole package when they make that decision, including the tradeoff between app expense and app reliability. I certainly tried Android and went back, for reasons which included that the Play store seemed to have a lot of junk and not much good stuff.
If my mom buys an iPhone and then finds out two years later that it was a mistake, at that point she probably has a bunch of apps she'll have to re-buy on Android (Apple gives developers no way to offer cross-buy like this), and she may need to switch providers for things like e-mail or messaging if she was relying on Apple's email service or iMessage. This creates a lock-in effect because not everyone can afford to drop a bunch of money to leave the walled garden.

I think in general people like you or me are savvy enough to not get harmed by these Apple policies, but court cases like this are about protecting everyone.

This could be true, but is there any evidence for it? I have a ton of apps. Very few cost more than $5. Most were free, though sometimes with a paid-for service (e.g. Dropbox, Evernote) - which I would still get if I changed platform. If I claimed this lockin wasn't a serious problem, could you prove me wrong?
"they're clearly profiting"

This is the purpose of for profit corporations.

And the purpose of a market is to force for profit corporations to compete with other actors. Sometimes this requires regulation when a one or a few get too large.
No, that is not the purpose of a market at all.

And no, competition doesn’t mean participants are forced to deliver better value for money.

And no, industry won’t regulate itself.

We need regulation to force market participants to participate in a way that even remotely resembles “fair”. The default mode of operation for suppliers in a market is “extract maximum value.”

and is the reason why I am typing on this iPhone right now
That's maybe fine, but right now there are only two options, Apple with iOS or Google with Android. They can control pricing, the can control what is there and not, they get all the user stats, they decide what the apps can do and not do etc.

Is this it? We are stuck with these two forever?

Many have tried and huge firms at that, to create an operating system and app store for phones, like Microsoft with Windows and Samsung with Bada (and I think they had another OS too). And you can't say they have no resources, money, marketing channels etc.

Who will manage to break this duopoly and when?

I think the only real chance is that web apps/PWAs get up to par with native apps. It's getting there, but Apple is also blocking this with limitations in their Safari browser (and the iOS version of Chrome (which apparently on iOS is just a wrapper around Safari) so also there they are hindering development).

There are many variations of Android. It’s not fair to lump them all together
Should have clarified that it's not an issue that they're profiting. It is sometimes implied that they _have_ to charge 30% to run the app store. My point is that the app store could exist without the 30% charge.
I have issue with both the restrictions AND the cut.

Arguments are made along the lines of "don't like the app store? make a web app"... but because of the restrictions, you are limited to a second-rate Webkit base web browser with limitations on bluetooth, game controller support, etc.

Not only are the profiting an obscene amount for services available elsewhere (And arguably better services across the board for stuff like payment options, ad options, browser options, email client options, etc) but they are doing so BECAUSE the better options are restricted or limited on their platform.

This would be like if Microsoft not only forced you to have IE6 installed... but then forced you to have other browsers simply be an IE6 reskin, forced other companies to not advertise about alternatives and then took a 30% cut of all things installed on Windows.

The level of profit goes beyond simply making 30%... it's making 30% after limiting viable options and then saying "we offer this stuff because it's better than the alternative".

Gotta disagree. I don't care about the cut, the problem is the fact that you can't install whatever you want.
I agree, if a user could check a box saying they are OK leaving Apple's walled garden they should be able to install anything they want on their device. This provides a path around the 30% cut as well.

I think Apple's point is they think users are too dumb to handle that and they don't want to take any chance of user ignorance reflecting poorly on them or their product experience.

> I think Apple's point is they think users are too dumb to handle that and they don't want user ignorance to reflect poorly on them or their product experience.

And I sympathize with this argument, which is why I propose calling the outside-the-garden toggle “Developer Mode.” Apple already has “Pro” phones and headphones. This is just an extension of that.

So when the user toggles the Developer mode they get a dialog box that says we can’t do refunds or offer support until you turn this off, which will delete any 3P apps.

This would align well (Some in Apple may say too well) with the Right To Repair movement.
Couldn't Epic, et. al still have an issue with this? I would see them argue that putting this behind a developer mode is still too restrictive and 'unfair.' Most user's wouldn't know what developer mode implies and Epic would have to have a list of instructions on their install page to show users how to enable it. That is not a small barrier to entry for many users. Not sure what my opinion is, just thinking out loud.
There are alternative App Stores for Android that put up with this, so it's at least better than nothing. If the store requests 'install app' permissions it pops up an allow/deny prompt, which isn't too user-hostile. Apple could do that.

While Epic is suing Google right now, it's mostly for anti-competitive measures other than this, like threatening phone vendors to stop them from bundling Epic's store.

My concern is that once Apple offers it, various companies will tell their customers they have to enable it to install their apps, and customers will do so and blame the fallout on Apple, regardless of any disclaimer.
There's a couple of things Apple can do to dissuade companies from taking this route:

1.) Suspend the device warranty. The warranty on your device is suspended while in "Developer Mode" or whatever it is they want to call it. They can make switching over to "Developer Mode" go through various prompts to make sure you're okay with what you're doing.

2.) When launching the app that's not from the app store they can popup a warning informing you that this application was not obtained from the app store and therefore wasn't inspected by Apple. It may contain malware that dames your device or compromises your data.

3.) Periodically popup a window for a running application that wasn't obtained from the app store. If you leave the app running then maybe you get a daily reminder that the app is still running. Maybe you can get an activity report of sorts for it to - so you can see what the app has been up to.

4.) When disabling "Developer Mode" then list all the applications not obtained from the app store that will be removed from the device. Those applications will be removed when disabling "Developer Mode."

I think there's a way to do this that protect's everyone's interests and allows Apple's customers to make informed choices.

The Xbox consoles have a model that could be followed here that would be interesting:

> Xbox retail consoles can have two modes, Retail Mode (1) and Developer Mode (2). In Retail Mode, the console is in its normal state: you can play games and run apps acquired through the Xbox store. In Developer Mode, you can develop and test software for the console, but you cannot play retail games or run retail apps.

https://docs.microsoft.com/en-us/windows/uwp/xbox-apps/devki...

step 5: Register an app developer account in Partner Center.
Technically I think it's possible to install whatever you want: as part of the developer program, you can pay the dev fees (which you might not care about, if you also don't care about the cut) and run whatever you want to build, and my understanding is that you can install binaries off-app-store with enterprise certificates. It's just a lot more tightly controlled.
You can actually sideload to iOS without a developer account these days.
You don’t need to pay anything to use the Dev Tools. You need to pay to distribute on the App Store. You can develop and put on your own device.
Having to compile the software yourself (then periodically recompile when the license expires) is way too big (small?) of a hoop to jump through imo
I'm with you.

Doesn't matter one whit what the actual cut is, there's absolutely no way to claim it's fair when you don't allow any competition in the space.

I won't buy Apple devices because you don't own that phone, you're just renting it from Apple. They own the phone.

will you refuse to buy an Xbox because there is no competition for the Xbox store on the xbox? will you refuse to buy a Playstation because there is no competition for the Sony store on the Playstation?

(Microsoft is supporting Epic as well, yet argues that their own Xbox store should not have to open up either. Maybe that would be a good place for them to start?)

https://mspoweruser.com/epic-apple-app-store-xbox-playstatio...

it's always funny how Apple is the specific target of this rage and yet nobody makes such a fuss about these platforms, despite their exclusive control of developer freedoms on their own customer base... nobody gets themselves nearly as worked into a lather about the evils of Playstation, and yet these platforms are locked down even tighter than the iphone.

I guess it depends on what you think an iPhone is.

If you think the iPhone + iPad is basically a video game console, then yeah, you probably think Apple's rent-seeking monopoly is ok, because it's not much different than any Nintendo Switch or Sony PlayStation or similar. People generally live with those draconian restrictions, because it's understood to be subsidized by the exclusive titles, and arguably not of high importance (it plays games and media, it's "just for fun").

But if you think the iPhone + iPad is basically a computer/smartphone, then you probably think Apple's rent-seeking monopoly is evil, because it fundamentally breaks the promise those devices imply, and is wildly worse than any Google Android or Microsoft Windows device ever sold. These devices are considered "important", they get used for legal / government / business purposes, and not "just for fun".

So, is the iPhone/iPad a smartphone/computer? Or is the iPhone/iPad a video game console?

Apple's rocking the boat here by trying to have their cake and eat it too -- they want the sell something that is ostensibly a smartphone/computer device, but they want the monopoly control and legal treatment as if it were a video game console.

> it's always funny how Apple is the specific target of this rage. nobody gets themselves nearly as worked into a lather about the evils of Playstation

I mean, people really did get "worked into a lather about the evils of Playstation" too. Notably, for a hot minute, Sony positioned PlayStation 3 as a real smartphone/computer (and not just a video game console) with the release of their Linux setup, and Sony did get exactly the same heat Apple gets today when Sony restricted it, and then later killed it)

https://tedium.co/2020/11/27/sony-linux-otheros-geohot-histo...

why couldn't the Xbox run, let's say, Office applications, if microsoft would allow it to? and why shouldn't it?

the reason it's a "video game console" is precisely because it's so locked down, is it not? why does that starting point of unfreedom justify continued unfreedom for xbox, and yet not for iphone?

do you not have a moral right to the free-as-in-speech usage of the hardware you paid for, when you purchase an xbox? if not, why not apply this logic to the iphone?

would apple's lawyers not argue, in the same sense, that an iphone is a phone first and foremost, a tool that runs a limited selection of utilities that people find useful in their daily life, not a general computing platform?

why should iphone be forced to become an open, general computing platform, if Xbox should not?

if the difference is subsidies, that xbox is being sold below the actual cost of hardware (debatable, but for the sake of argument) - is that not "dumping" (in the anticompetitive sense) to secure a monopoly and then enforce anticompetitive lock-ins in the software marketplace and keep their competitors out? How is that a thing that we should be backing, that hardware sold at cost must allow competitors and yet hardware sold via anticompetitive dumping should be allowed to lock out their competitors?

the logic you very quickly come to is that this suit is actually not about freedom at all, it's about publishers who want to bypass app review so they can siphon data without apple interfering to protect their users, and to bypass the revenue cut so they can substitute their own. Because these publishers have no interest in the freedom of their own users at all, and took the exact same revenue cut themselves until the day they filed the lawsuit (and will raise their fees back up a year or two after the lawsuit is concluded).

again, if Microsoft and others were being forthright, it would be easy for themselves to open up their hardware for third-party app stores. The Zen architecture has great support for encrypted memory virtualization, this is extremely low-risk. They most certainly will not do that because - unlike revenue cuts - that's not a change they can go back on in a year or two once the lawsuit is concluded. Once they open pandora's box they can't close it again, and they have no real intention to actually open it. They will argue for the lines to be drawn exactly where it conveniences them while inconveniencing apple - that xbox is a "console" while iphone is a "general purpose device".

it's merely a convenient argument to exploit pro-software freedom advocates and anti-apple sentiment in order to lever open Apple's fortress while maintaining their own, not actually an honest argument. Tim Sweeny of all people is not actually making a good faith argument here, nor is microsoft.

It’s effectively going to destroy all the permissioning and security that defines the ios experience, for no real gain besides letting Facebook siphon a little more data. They’re going to do the exact same thing they’ve already had their hand slapped for doing, and this time Apple won’t be able to do anything, it’ll be “if you want to use Facebook then side load this and give it full permissions, btw we’re revoking the ability to use the website for iOS users”.

https://arstechnica.com/gadgets/2019/01/facebook-and-google-...

You're out here explicitly arguing for a read-only world.

A world where every person is regulated to the position of "Consumer" and no one has the ability to create.

A world where you're taught to read, but the second you think of picking up a pencil to write, you're breaking the law.

----

No one I know from the software freedom camp is absolving those other companies of violating your privacy or selling your data, but the two issues are orthogonal. You can solve one without having to have the other.

---

Want to know something interesting though? Smart phones are the primary computing device in the majority of global households (Not a laptop, not a desktop - a tablet or phone).

No one gives a flying fuck about xbox because xbox is a niche product for rich Americans and Europeans. It's sold a whopping 200 million devices across all generations (original, 360, one) compared to the 2.2 billion iPhones Apple has shipped.

>it's always funny how Apple......

This has been explained multiple times. Xbox is a specific gaming platform. iPhone is a general computing platform. Where all kind of business from different industry ( Not just Games ) using Apps ( or anything connecting to the internet ) are relying on it in the modern society.

iPhone is not a general computing platform, its a phone. They don’t advertise it as a general computing platform.
It is used as one, where multiple business sector interact. Not just Gaming, aka Xbox.

And one would have a very hard time to argue if iPhone was just a phone, in court or not.

And those who downvoted couldn't understand the difference as Appliance or platform based whether multiple industry interacts.

> Xbox is a specific gaming platform. iPhone is a general computing platform.

You've got it backwards—the only reason the Xbox is a gaming platform and not a computing platform is because Xbox doesn't want to allow other people to sell software on it. It's a distinction without a difference.

> will you refuse to buy an Xbox because there is no competition for the Xbox store on the xbox? will you refuse to buy a Playstation because there is no competition for the Sony store on the Playstation?

Yes. The locked-down-ness of consoles is exactly why I game on a PC and not on them.

Same here. Not exactly "not" care, in the case of unfair / anti competitive treatment. But in the grand scheme of things I am mostly fine.

I have a problem with Apple dictating their World View on me. May have been fine if they were apolitical during Steve Jobs era. But modern days Silicon Valley does not allow anything to be apolitical.

There are three legs to the problem, 1) 30%, 2) TOS 3) Monopoly on app distribution to IOS

If any of those pillars fall I think Apple is off the hook here.

Don't you mean all?
I could see the argument that reducing the cut is still anti-competitive, especially because it's easy to show how the TOS harms both competition and the consumer.

But if they allow alternative distribution channels, that would make the anti-trust case a lot more difficult both in actual court and in the court of legislative opinion. I have no problem with a 30% cut if alternative app distribution channels are allowed (a la Android).

Exactly - there's no reason a 30% is out of line if that's what the market bears. The issue with 30% is its a monopoly with no competitors trying to push the price down. There's a chance no other service is able to provide a comparable user experience to the app store for a 20% or 25% cut, but we can't know that until Apple allows competition.
I think Apple will have good legal grounds to stand on if they get rid of one of those, and will garner a lot of customer goodwill. Right now it really looks like Apple does not respect both their customers and third party developers at all which comes off has pure greed.
There's clearly merit to both arguments.

Is Apple making a fortune by not having a competitive marketplace for software on iOS? Of course they are.

The hardest aspect of this to defend, and it's obviously not a use case that Epic are going to push because it hurts their potential to profit from this, is blocking services like xCloud and Stadia. Those services aren't downloading software to the user's device, and much like Netflix, the user is accessing a content catalogue administered and provided elsewhere.

Epic doesn't want democracy on Android and iOS, it wants its own store on both devices so it has a competitive advantage over both companies everywhere (if I can buy an app or a game from Epic rather than Apple, and know I can take that purchase with me to other platforms like Windows/Playstation or even if I switch phone eco-systems, that's what I'm going to do as a consumer).

A ruling in Epic's favour would almost certainly get the Epic store onto games consoles, too.

Essentially it does boil down to greedy corporation vs. greedy corporation. Part of me hopes that Epic wins both cases if only to force Google and Apple to separate their income streams from the security model, but Apple's not wrong here. Most users wouldn't understand any of what I've just said and won't take the time to learn so they are a danger to themselves. You would also be trusting Epic to curate content to the extent that Apple does when they have no financial incentive to do so, which is IMHO why the Play Store is so full of garbage.

If Epic wins, then consoles are next, and the whole store business will be either in a race to the bottom, or there will be wild mergers with game companies buying hardware makers.

Fortnite was a 5bn/year game that made only 7% of its revenue on iOS, but much more on consoles. This is just a the beginning of a huge fight over a market that has grown incredibly huge, and Epic having realised that access to hardware is crucial to their further growth.

I mean, they could simply make their own, but perhaps that's more risky than suing Apple, Sony, MS for access to their platforms.

I think what Tim Sweeney has noticed is what Steve Jobs realised (by his own admission) far too late.

The money is in the hardware but the value is in the software.

People will buy hardware thinking of that as their investment, without realising that the software is what extracts almost all of the revenue from them as a customer regardless.

Steve Jobs talking about this in 2007: https://www.youtube.com/watch?v=dEeyaAUCyZs

> If Epic wins, then consoles are next, and the whole store business will be either in a race to the bottom

As a customer and developer - yes please.

And so Apple's attack on general computing continues. Just awful.
On cross examination:

"Yet, Google and its Android platform allows additional app stores. Are Android users inherently smarter?"

They're sure inherently more likely to be infested with malware.
If people get malware on Android I doubt it's from side-loading apps or using third party stores. More likely it's from the malicious apps available on the google store, same for Apple.
Not market crippling; nor reputationally harming level. Which is what the witness is inferring as the core reason to disallow the additional app stores. There's limited to no proof additional app stores are major conduits of malware in Android either.
So, I’ve avoided running anti-malware for years, since I’m usually prompt on patching things, and I keep my eye on security news. I’m starting to change that opinion with the rash of supply chain attacks. If some random utility on my machine accepts a bad update, I’m hosed.

Anyone have a recommendation for the least-bad anti-malware on macOS?

I haven't a broad experience with antimalware on Mac. I've only ever ran one and that's Malwarebytes. I haven't needed and wouldn't want to run anything else.
It’s surprising seeing an Apple exec say this, after years of messaging around Mac’s security superiority.

Also, what does this mean!?

> …Mac users … are subject to a way less economically motivated attacker base.

Presumably a much smaller user base than Windows.

ADDED: I read it as less economically interesting than other desktop platforms but, reading another comment, he may have been contrasting MacOS with iOS--which probably makes more sense.

But iPhones have a much higher install base and have less malware than OSX or windows.

Obviously the reason is because it’s locked down- but it belies the point a little to say that something has a large install base therefore it’s attacked more therefor it’s insecure. The opposite should be true but we take it for a given that it can’t be- when we have evidence to the contrary in other areas.

The statement is a bit confusing but I think he's basically saying that: In spite of the fact that the Mac isn't a particular malware target (presumably because of some combination of its market share/security model), it still gets more malware than iOS does--so applying the MacOS security model to iOS wouldn't work."
I assume that means "Since the Mac has less market share, it doesn't have as much focus on hacking it since you will be attacking a smaller slice of the pie (verses something like Windows).
And users are significantly less likely to be doing Engineering/finance/etc... And more likely to be on Facebook during a college lecture.
>And users are significantly less likely to be doing Engineering/finance/etc

Most of Silicon Valley are using macs as well; it’s pretty much the defacto platform for FAANG.

(comment deleted)
Bold claim considering it's for Front end work exclusively. I don't need to tell anyone here backend is all Linux, data is MS or Linux, embedded is never Mac, and (Physical) Engineering is MS.

Still front end FAANG is a tiny sliver of the population.

I mean it’s a not a claim. At Facebook (backend / production engineering) the vast majority of employees used the company provided MacBook Pros running macOS; not just front end. Similar story at Google.

I can’t speak for the rest of the country but most people even at the startups I’ve seen are using MacBook Pros. (FWIW I currently do embedded work on a mac)

Flyover country checking in. Non- or semi-technical bigcos of the sort with big IT departments who take most of a week to get you your laptop when you start, are almost all Windows but may tolerate some macOS. Technical bigcos are mixed Win/macOS, with the business side preferring Windows and the tech people all on Macs. Smaller tech companies are all Mac, pretty much universally. Every now and then you get the one weirdo whose laptop can never connect to the projector and whose screen sharing always fucks up on calls or takes 5 minutes to get their bluetooth headset working, because they're on Linux (disclaimer: many years ago, I've been that weirdo). I've only seen one shop that was mostly Linux + Windows with little or no Mac presence, and they were in hardware (drivers or proprietary libs for embedded devices can be hard to come by Macs).
(comment deleted)
I can firmly say this does not match the United States at all.

Occasionally you have a need for an iOS dev, but outside of that Mac's are not used professionally.

Arduino?

Every embedded job I've had was exclusively Linux and MS.

Even the Apple fanboys at work knew better and accepted the reality of the situation.

Currently doing tools for a f500 and there's not a Mac in the office.

I have a high degree of skepticism. 0 Macs out of 6 companies, yet you say they are abundant? Doubt.

>Arduino?

Largely our own SoC based on Nvidia's Jetson platform. I'm not sure what you mean by the "reality of the situation". macOS is UNIX based platform and, unless you are doing kernel work, I find that doing work on macOS is pretty much what you would expect if you were using a BSD based platform. I'm not sure what limitations there would be that you wouldn't find on Windows or even a separate distro. In fact I'd rather be working on an aarch64 MacBook if I was targeting an aarch64 cloud.

>I have a high degree of skepticism. 0 Macs out of 6 companies, yet you say they are abundant? Doubt.

I'm only speaking of Silicon Valley tech companies. I'm sure a F500 like Target or American Airlines wouldn't want to spend as much on developer hardware.

(comment deleted)
> [...] after years of messaging around Mac’s security superiority.

Just because something may be superior does not mean it's (a) perfect or even (b) as good as it could be.

>It’s surprising seeing an Apple exec say this, after years of messaging around Mac’s security superiority.

Well, the situation is still not nearly as bad as Windows, though it's arguable how much of that is technical and how much is statistical.

>Also, what does this mean!?

iOS users vastly outnumber macOS users, and have a much larger market share of smartphones than Macs have of desktops.

“Dark Caracal is part of a trend we’ve seen mounting over the past year whereby traditional APT actors are moving toward using mobile as a primary target platform,” said Mike Murray, Vice President of Security Intelligence at Lookout.

Phones more reliably have info that attackers are looking for and can exploit or sell, so they are becoming/have become a more coveted target than the desktop. Payment methods, personal info, etc. It's worth pointing out Federighi is comparing Mac users (desktop) to iOS users (mobile). Plus, there are probably more iOS users out there than macOS users.

https://www.eff.org/press/releases/eff-and-lookout-uncover-n...

>Also, what does this mean!? >> …Mac users … are subject to a way less economically motivated attacker base.

It means there are much fewer Mac users than iOS users so there's a bigger economic reward for bypassing iOS security (plus iOS also comes with more ways to exploit hacked devices economically, such as sending texts to for-pay numbers, intercepting security tokens for account take-over, Apple Pay and more)

Ooof, now the (still somewhat) open macOS is thrown under the bus by Apple just to make iOS look good.

FWIW, I never had malware problems, neither on Windows, macOS/OSX nor Linux. I caught a harmless virus on Windows in 1998 or so, but that was it. Of course I'm not a "casual user", but I also didn't take any preventive actions except installing a browser adblocker (which really should be common sense by now).

You never had malware problems that you know of.
- the brain immediately as you turn in for the night
True :D

But my machines were never rendered unusable, and of course I'm keeping the usual security mechanisms switched on (Windows SmartScreen, UAC and Defender).

I'm also not keeping anything really important on my computers though, the simple rule is "if this computer stops working now, I won't loose anything of value") - because this has actually happened a few times to me over the years, but always because of failing hardware.

So the login credentials for your email (and thereby the possibility to reset all your account's passwords) are not stored on your computer (on disk or memory)?

The least useful thing for malware to do is to render your computer unusable. As that would prompt you to reinstall it or investigate the cause.

Perhaps it's a subtle nudge towards "okay we're making macOS just as locked down as iOS from now on... welcome to our new walled garden."
I quite like were macOS is on this topic philosophically with XProtect and Gatekeeper. I don't think Craig is being necessarily fair to macOS in his framing, as they've gone much further than Windows has and Linux realistically can, but I get that he's trying to win the debate in the eyes of the court.

It's a great (if not perfect) way to provide some protection over software from outside the App Store, but he's right in suggesting that it just wouldn't scale to the sheer amount of mobile software people would install on iOS because a shady ad banner told them to.

(Basing this on Linux being free and as a result not coming with a monitoring team for notarisation of software in the wild).

please god no. Imagine having to download everything through the app store. Infantilizing fucks
People have been trying to read these tea leaves for almost 15 years now and it still hasn’t happened.

MacOS and iOS are complementary and expand Apple’s market by addressing different segments. If MacOS worked exactly like iOS, Apple would lose computer customers to Windows or Linux.

Also, a reminder that Apple actually ships 5 different operating systems to deliver their segmentation strategy: MacOS, iOS, iPadOS, tvOS, watchOS.

Gatekeeper has gotten much more aggressive than when it first released. So maybe they're stopping where they are, but I don't think that's the only possibility.
It needs to happen if the health app comes to MacOS.
You are the equivalent of a race car driver in the car analogy he made though. You are not the teenager just learning to drive. His statement that IOS is safe for a child to use is largely correct. macOS can not make the same claim. He isn't throwing it under the bus so much as identifying that they are different platforms with different use cases and arguing that just because macOS doesn't have the same restrictions is an apples and orange comparison.
Sure and if we coddle everyone then there will be no more "race car drivers" in the next generation, because they won't have had the opportunity to use their no-longer-general computers.
Apple coddling it's users is not coddling everyone. You still have Android, Pinephone, Linux laptops, Virtual Machines, and a whole host of other enthusiast platforms.

Even though the vast majority of cars have a plethora of safety features there is is still a thriving amateur racing scene that isn't going away and is a path for those who want to be race car drivers. Meanwhile I get a car that I can turn on cruise control in traffic and not have to think as hard about speed and as a result get a much safer and more enjoyable experience on long car trips.

The affect is the same, it's most apparent in chat apps.

Because of Apple's abuse of its ownership of people's phones there are no popular decentralized chat apps. It's not feasible to maintain a chat app for iOS by volunteers because the app authors must also maintain infrastructure for push notifications (Apple does not allow this to be delegated to, for example, the chat server operators who already have volunteers that can handle this.)

Apple coddling is taken like word from god. The IT them at my work threatened about disabling SIP. Apple can go fuck itself with that crap. I have sudo, I alike be able to shoot myself in the foot. And I have and that made me a better engineer today.

I should be able to disable that

People made the same arguments about introducing/mandating safety features in cars and yet here we are in the future, with plenty of race car drivers.
I have intimate knowledge of the grassroots levels of the sport, and must disagree.

There are still teams so tight on budget they choose their track¹ based on it not requiring fireproof gloves as part of safety equipment, etc.

I have heard similar stories about needing to avoid tracks with safety rules due to unaffordable expense of:

- Safer bladder style fuel tanks - Head-and-neck restraints (to avoid having your head detach from your spine like Dale Sr.) - Fuel line and engine fire-wall sizing - Helmet and firesuit regulatory tag-checks (every additional second in a bad fire matters, old aren't safe, sometimes in more ways than one).

¹Or don't race at all, anymore.

I think you misunderstand, the historical argument was that if we put seat belts, air bags, antilock brakes, power steering, etc. in consumer cars, then the overall level of driving skill and risk-tolerance would decline so far that no one would want to, or be skilled enough to drive race cars anymore.
From my experiences nobody who argues with this point knows how to drive. It’s like asking a cocky jr eng to make a Twitter clone – of course they think it’s simpler than it is. I’ve never had a Lyft or Uber drive properly take a corner. I’ve had one take all four wheels into the shoulder while getting on the freeway because he oversteered and then took his foot off the gas. If you knew, you’d know. You don’t know.

Edit to add the reason no one is afraid of their terrible, awful lack of skill in this apparently dangerous activity is at least in part due to the risk homeostasis effect of increased safety features.

Not everyone has the time, energy or inclination to be a race car driver, even if they possess the capability.

Some people just want to be able to use a computer without having their identity stolen and bank account drained.

i mean..video game consoles are even more closed than iOS in many ways, and that didn't stop me and plenty of others being driven to "become race car drivers" due to them.
You are the equivalent of the soccer mom that thinks Nurburgring should be closed because the people who voluntarily drive on it occasionally get into expensive violent crashes.

Let people do what they want.

I'm not exactly sure where this analogy goes, but I do kinda like the idea that the Nurburgring is a walled garden for those who want to go off and get in expensive violent crashes without harming anybody else.

I'm very happy that the Nurburgring exists, and would be even happier if we could find similar ways to wall off those who like taking certain kinds of risks that have the potential to explode all over other people. Indeed, they should go do what they want... somewhere else.

But this is more like walling off racetracks from anyone who buys specific brands of cars (and in addition not letting people who don't buy those cars ride with people who have ala imessage.)
> Ooof, now the (still somewhat) open macOS is thrown under the bus by Apple just to make iOS look good.

Trojan horses for Macs are a thing.

Just as they are a thing for every other OS that allows users to install anything from anywhere.

Malware scanners can never catch all the new variants, but as they are identified, updates to the malware scanner can remove them.

Is it throwing Android under the bus to note that you are much more likely to install a trojan horse when you sideload apps?

I personally like where macOS is going: immutable base OS tree, accessing user content folders requiring per-application approval (wish I could also just grant per-application read or write access). I am personally a power-user of macOS, compiling a lot of software myself or via macports, and as long as these tools work without requiring root access, narrowing down what any process can do to the bare minimum has my approval. In fact installing software for single account use shouldn't ever have to require elevated privileges at all. Even the model of .app bundles is user friendly in that regard in that any user can install apps under ~/Library instead of installing them system-wide. I'm attempting to do the same on any and all Linux servers I run, using systemd's + selinux's isolation features to constrain any long-running processes as much as possible.

Windows ecosystem is much worse, terribly so: a lot of existing and new installers still require running with elevated privileges for no good reason, oftentimes simply because of the installer framework used, despite being signed by whoever or not, and I keep seeing the UAC prompt way more often than I should. I tend to not use software requiring elevated privileges to install at all --- for example, nearly all "top" vendors of commerical-grade PDF editing software just recently have not gotten my business, simply because their installers --- executed in a VM to test the software --- all required elevated privileges, were very invasive to boot and didn't uninstall cleanly. I also enabled Controlled Folder Access on all my personal data directories -- o boy, you wouldn't believe where shitty software wants to put its hands.

As far as I am concerned, most vendored software of Windows is malware by behaviour, to some degree. It wants to run unconstrained and infests the user profile almost irrecoverably save a fresh install. I recommend all users of Windows enable controlled folder access on any volumes / folders that old personal data...

It is far past time that Desktop OSs stop treating applications like something that can be trusted by default. I hate a lot of things about mobile, but mobile OSs more or less[0] got it right by sandboxing everything unless told otherwise.

[0] The permissions-grating mechanism needs work, but the base concept is sound.

infests the user profile almost irrecoverably

With 'profile' I assume you mean combination of registry and home directory, so Windows has the registry going against it but as far as the home directory is concerned it's the same thing everywhere. Aren't most OS plagued by that, and is it in some way also not logcial? Some software must store things. So if you want to install software for one user (like the ~/Library you mention) and have per-user configuration, and so on, all of that ends up in the user directory. And I don't think there's any OS which manages to go from a full install to a clean install and can clean up the home directory while doing so. Instead leaving a myriad of subdirectories of which it isn't immediately clear whether it's ok to just delete them or not.

> And I don't think there's any OS which manages to go from a full install to a clean install and can clean up the home directory while doing so.

NixOS ;)

Only for applications that are well-behaved. Nixos doesn't enforce any of the isolation, which is something that disappointed me when I tried it the first time. If a program wants to mess up another program's private directory, they can do that without anything stopping it.

I then realised that having actual isolation was never even a goal of the project, so I've never bothered to look at Nixos after that.

The only project on Linux that provides a practical solution to this is Qubes OS. I use it, but there are limitations that prevents it from being used by a lot of people. The fact that applications don't have GPU support is a big one.

One may suggest Flatpak as well, and it's a good solution when using properly packaged software, but if I want to do development and use various tools without necessarily trusting all of them, Qubes OS is really the only way I can do that.

I like the way macOS handles this - .app package files are just folders that the OS treats as an icon; you can introspect if needed and the app can store its preferences etc inside the app container so it’s even portable (for user, not to deploy but mainly backup).

If the app needs access to folders it asks for it (even ~/downloads) otherwise it has nothing by default.

> narrowing down what any process can do to the bare minimum has my approval

Except if the vendor wants to have the ultimate control over access to my machine.

It's like buying a house and leaving a copy of the key with the bank.

My favorite thing as a Windows user who (shocker!) actually keeps my admin account separate from my user account, is when I have to sign in as admin to install something and then... all the data/env/shortcuts get set up for the Admin user instead of my user account. Many Windows installers break in various ways when you're applying the most basic security practice of only signing in as Admin when needed, and not constantly rolling around in an admin account.
Fun story time. I had a manager who used to work for Microsoft. Apparently he had to talk to a bunch of people before he could get Office to install properly when not running as Admin. This is pre-Vista release but it shows that even Microsoft didn't always write their software in way that was the best for their own OS.
Fully agree. I want better sandboxing. I want sandboxing by default, just like my browser. By default you can do nothing, except some networking.

I don't want to give access to complete folders. Want to open a file? Show me an open dialog, or a drop target.

Want to read something from my home directory? Tough luck

but what if _you_ want to do those things?
As a developer you should specify exactly what you’re doing. The entitlements plists should be waaay more strict.

And, I want Apple to enforce a stricter policy on certain capabilities.

Different levels of developers, where they will actually be fined, delisted and reimburse customers if they don’t obey the rules.

There is no need to access so many things. Heck, you can do so much in a browser these days.

Don’t touch my stuff, or go to Apple jail. Simple.

No need to monitor key keystrokes. No need to secretly read my contacts. No need to access full folders. If you need that, I’ll give it to you manually.

(comment deleted)
macOS sandboxing does exactly that. The Mac App Store enforces sandboxing. What you are asking for is applying the App Store model from iOS to macOS.
Sandboxing can do things yes. But it's fairly undocumented. Deprecated. And it's not used nor set up by default.

What I'm asking for is: - Sandboxed applications. Perhaps something similar to containers where __I__ decide what I/O is allowed

- I don't want to rely on manual checks by Apple. It only works partially.

Sandbox and security interfaces should be simple and user friendly. I don't want to create a massive sandbox configuration file by hand.

And this how general computing ends. Only apple holds the keys to the kingdom and decides what a user should be able to do with a device they supposedly own. And that leads to users getting more and more disconnected from their tools and apple telling people how dumb they are or aren't

Having to type "win" to start a Windows system is how I learned stuff

This seems like a stretch. I'd love to see the statistics on this. Anyone know of any datasets of infections by operating system and severity?

It seems incorrect that iOS would be a higher value target for malware. Getting at valuable data would be much harder. Getting at backups would be harder. Encrypting the service for ransom would be harder. Disguising your apps illicit activities would be harder. And businesses are much less likely to store the payroll data (or whatever sensitive info) in their iOS device.

Only things I can think of would be iMessages, and location data, but your likely able to get iMessages of of someone's Mac...

Am I missing something here?

Re: Mac vs. iOS: Personal iOS devices are used to access all sorts of critical business infrastructure, but are rarely locked down and monitored to the same extent as corporate-issued laptops.

I can access Slack, 2FA codes, corporate email, ... on both devices. But my corporate laptop is super locked down and uses a special app store, whereas on my personal device I can install whatever the hell I want (and not just in practice -- I'm not aware of any corporate policy at my employer that prohibits installing arbitrary 3rd party apps on the same device that has access to your corporate slack account... seems like a huge oversight)

Personally, my employer locks down desktop PCs far more than phones, in part because desktop PCs have access to secrets like encryption keys and source code. Phones are just used for 2FA codes, email and video calls (all of which you can also do on your PC).

This is not compatible with an argument that phones are more important to secure.

Cool but apple also restricts apps based on content and enforces their own morality standards on what content is acceptable so I really don't care about the security aspect.
Worse than their morality standards, they have a history of enforcing political restrictions and doing the bidding of other governments - for example, removing an app that allowed Hong Kong residents to track police to avoid getting hurt or killed by them during the widespread protests. So you have to ask, is Apple going to actually protect your privacy or your rights? They've already proven they'll hand all your data over to the Chinese government as a condition of getting access to that market.
> They've already proven they'll hand all your data over to the Chinese government as a condition of getting access to that market.

FTFY: "They've already proven they'll follow the local laws of countries they operate in."

If you want to do business in country X, you must follow the laws of country X. It's that simple.

Apple is a business, not world police.

There's also no need to project your own personal/cultural/morality standards and beliefs on to other countries' and their laws.

Some people disagree for governments to have access to too much data.

Others agree to keep them safe - children, terrorism, national security, personal safety, etc.

Debates around privacy and governments have been happening for decades, especially since Snowden revelations of data hoarding by the 5 eyes, to recent end-to-end encryption bans in messengers.

What you think is "right" is not universal across the world.

This is not an argument of right or wrong, it's purely that they make statements about their priorities and values, like "privacy", but local laws and regulations actually take priority over their values. China's laws are China's laws, but the fact is that there seems to be no value Apple will not sacrifice in order to turn a profit.

Which is capitalism, I suppose. They want that money because their shareholders want that money. That's how it goes.

It doesnt help that many casual computer users will still say something like, "Mac's cant get viruses"
IMO the best argument Apple has made in this case so far was made in the last couple days: In practice, what the App Store protects users from is social attacks - phishing, malicious software, privacy violations, etc. The only way to protect users from social attacks is for Apple to control everything and aggressively reject anything that might threaten customers.

This is, as far as I can tell, probably true. However the data seems to support that Apple isn't doing a great job at it, for example in recent testimony it was argued that they spend an average of 10 minutes per app on review. Given that they don't have access to app source code (and apps are allowed to use interpreters, so they can download new code at run-time), it's questionable how much protection we actually get out of that. I think if they really want to protect users they have to spend more time in review and block downloading of code after review.

Alongside that: I really don't like the idea of Apple having full control over my general-purpose computing devices and deciding what I'm allowed to do with them. I'm no RMS-tier zealot, but I do really find that distasteful. On the other hand... I would prefer for my mom and grandma to be protected from social attacks.

It really sucks. I'm fond of Epic's argument that a 30% cut is too much, but beyond that, Apple's arguments about control have real merit.

All of this can go out the window with a toggle button to allow outside apps. Keep it just the way it is, but allow sideloading or outside apps with a setting toggle. Just like in MacOS Security preference pane.

I don't need Apple to be my gatekeeper. I don't need apple to decide what apps I should be able to use because they are the morality police. You're just so close, allow all the control in the world like they do now, just give me the option to opt out. It has nothing to do with any protection at the end of the day, and everything to do with money.

Is malware really something the average user of any modern desktop OS is concerned with?

OS-level security has been improving dramatically over the last couple decades and I obviously want that trend to continue. But at the same time, most of the things the average user does with their computer has been offloaded to some server which the user has absolutely zero control over.

iOS may have less malware than macOS, but I'd bet anything that the average iOS user stores way more of their personal data on third party servers than the average macOS user. If my macOS device gets infected, I can at least reinstall the OS. If Facebook or whatever get hacked, I'm screwed.

If this is their defense, they could very easily add an "infant safe" option to lock the OS (macOS or iOS or whatever).

This is very weak and a bit pathetic, IMHO.

Didn’t you hear the outcry when they introduced gatekeeper?
Of course he’s making this point to defend the overly restrictive App Store rules, but what he says is correct:

Is macOS safe? “If operated correctly, much like that car, if you know how to operate a car and obey the rules of the road and are very cautious, yes. If not, I’ve had a couple of family members who have gotten some malware on their Macs."

https://twitter.com/thedextriarchy/status/139509277305805619...

I mean, I get what they're trying to say - I've personally had to deal with computers running all sorts of unwanted adware. But it still rustles my jimmies when a security system decides I'm too dumb for my own good and I have to jump through hoops to do things Apple doesn't personally approve of.

For example, there's an app called AltStore that enables iOS sideloading, using the developer account access Apple provides to self-sign an IPA. If you want to sideload, this is your best bet, unless you have an older phone that can be jailbroken on the latest iOS. However, in order to actually get at your developer self-signing key, AltStore needs your iCloud password, which is enough access to completely wipe all of your iPhones. I am basically trusting Riley Testut and Riley Testut alone not to pwn me.

The thing is, Apple used to have app-specific passwords specifically to deal with build tools and other things that need your developer key. However, as far as I can tell that was disabled. (at least for people who don't have active App Store developer registrations.) So AltStore has to grab actual user credentials. This is a situation where Apple's own attempts at security have actually backfired: they don't want people sideloading anything, so they make using developer accounts outright painful. Which means that I need to hand over my whole iCloud account (or, if a jailbreak is available, just outright exploit my phone/tablet) just to use emulators Apple doesn't like.

(There's other odd restrictions on free accounts, BTW - for example, free developer accounts can't install VPN apps at all, presumably so that people in China can't evade the App Store VPN ban by sideloading a VPN app.)

I'm in this juxtaposition where I love that PCs are open, particularly when using FOSS, but use an iPhone.

I accept the risk in return for the openness of my PC.

I have zero passion for mobile devices though and find the iOS experience to be less nonsense.

Looking at the top #100 apps in utilities on iOS there are 3 Roku remote scams in the top 20 alone. These apps scam their customers into paying for features like raising the volume. Apple stands on the ground of it curating the app store when that clearly isn’t the case.
How dishonest. If you can trust the software on the App Store, you don’t need the sand box. If the sand box is good you should be able to install anything.

Multi-layered security is a reasonable argument, but neither should limit the choices an informed user can make.

> “If you took Mac security techniques and applied them to the iOS ecosystem, with all those devices, all that value, it would get run over to a degree dramatically worse than is already happening on the Mac,” Federighi said in the testimony. “And as I say, today, we have a level of malware on the Mac that we don’t find acceptable and is much worse than iOS.”

Even with video editing and photos. If you took Mac QuickTime and compared it with iOS features you’d be shocked…

I didn’t know I was missing a lot until I upgraded from 5SE to XS. As someone who worked on creative content at advertising agencies I was beyond shocked to see the gap between features, particularly in video editing…

I started to use my phone to edit files because it’s it’s a lot faster but my neck hurts :(

The thing is iPad with the M1 cheap is really blurring the lines between Mac and iPad. The only thing that limits the iPad are Apple’s limitations.

Their argument doesn’t make sense when we are considering that they offer Pro versions for the iPad and iPhone. If people getting the professional version of the device they assume that these users are advanced enough to install what they see fit.

I don’t agree with the argument itself that it’s necessarily protects more. Because there were already cases where Apple put apps on the App Store with malware. And there was malware for iOS that bypass the installation process like the famous jailbreak via safari. It’s just makes users wonder even less aware to security issues.

Also I don’t remember every getting any issues with malware on MacOS ever.

One somewhat perverse detail: MacOS is much more limited in terms of userspace sandboxing options than other OS, because Apple hasn't implemented them. Which makes me wonder what the main entry vectors of all this malware are, and how much it could have been reduced with better constructs available to devs?