120 comments

[ 0.21 ms ] story [ 565 ms ] thread
The real question here is will it allow you to sideload without an Apple ID?

Right now, to get any app onto an iPhone, you have to use an Apple ID, which requires providing a phone number (verified with sms), an email (verified with a code), and some other stuff that's not verified (name, country, street address, etc). It also sends the serial number of the device when you create the ID (and you can only create so many per device).

There's really no privacy on Apple devices unless you can a) buy a device without providing PII, and b) load apps onto the device without providing PII (including VPN/DNS apps, so that you can block all the phone-home crap it constantly does to Apple).

I'm in the process of a painful switch to Graphene and the no-good, very-bad Android ecosystem as a result. I don't like the approach to solving the problem, here, but if Apple devices become usable again without compromising privacy it would be nice to be able to continue to use them.

Sideloading is sort of enabled already, in that you can use any Apple ID to get signatures for self-built apps (or downloaded apps) to load on to your own device (registered to that Apple ID). If they comply with such legislation by allowing sideloading for ID-identified customers only, it's little comfort for those that care about privacy or freedom/choice. (It also means they can turn off sideloading on a per-person or per-country basis from Central Command during wartime, or if you become persona non grata for some reason.)

(comment deleted)
It sounds like this might apply to Oculus/Meta head-sets as well. I would buy one tomorrow if they didn't require a facebook account in good standing.
> if they didn't require a facebook account in good standing.

They're reverting to letting you create a non-social account. (they're ending oculus branding, but allowing alt logins)

I ordered one, so we will see how the non-social account process goes. They dumped their stock of new unopened 64gb units through Walmart for $200 by labeling them refurbished. Too good of a deal to pass up, and I'll have a month to return it to the store if dissatisfied with the account setup process.
yes, tying sideloading to an apple ID would be a real blow to privacy and freedom, but sideloading at all would be a meaningful improvement.

it'd be a win to be able to install and run an application- & network-level (outbound & inbound) firewall for everything on the phone, not just some subset of web content on safari.

The senators will get their donations from the affected companies, and nothing will come out of it.
I share your cynicism. My suspicion is that it's in the bill specifically to motivate campaign donations. Like you I doubt this survives.

If it does Apple et al. will ensure the mandated sideloading capability is accompanied by scary warnings, unnecessary downsides and any other dark patterns they can get away with inflicting.

Absolutely. Big Tech is already spending a lot, they will just spend more.

However, it is upto the electorate (us) to vote in people who don't make decisions that way, and there are quite a few of them today.

Senators don't get donations for passing laws, companies establish annual donations which then may be revoked if the right laws aren't passed.
Yet laws are passed, and antitrust happens - and has happened for a century.
Very glad to see some consideration of this sort of thing. That said I'd really like a minimally crafted law to start that created new options for consumers while also recognizing the value the existing situation brings, as well as tying corporate power to responsibility which seems like it'd do a better and more flexible job of getting finding the right dynamic balances in the market. Dealing with externalities is always really important as well. Using as Apple as an example:

- In terms of cryptographic chain, I'd like to see it mandated there be an option at buy time to allow owner access to software root key store, hardware root key store, or both. Many people would be best served in their threat models by the current situation of leaving Apple in charge, which also means they can't be socially engineered or pressured into offering access. It also unionizes diffuse buying power into one actor with different incentives than other powerful actors. It is unlikely that Apple's advertising privacy changes vs Facebook say could have happened in a fully open environment for example since Facebook has enough pull to get people to sideload whether they like it or not. Others would really like full stack access. And many would fall into one bucket or the other. Those less technical in areas with poor Apple support options might still want the software side of things as a walled garden but be able to allow arbitrary 3rd party hardware repairs. Conversely, I at least would like full software side control, but I'm more concerned about evil maid attacks than I am about the rare need to go to an Apple store for a hardware repair. There isn't really a one-size-fits-all here, but that doesn't have to be mandated either.

- In terms of power and responsibility, I think that'd be a great way to handle repair, and it has the advantage of not singling out just "big companies". If a product creator wants to maintain full hardware and software control, it should also have to fully support the product. If after X years it no longer wishes to offer support, it should also be required to give up control (in terms of necessary crypto keys and documentation). Then everyone gets to decide where the right balance is in terms of support. An open source startup doing a risky new product also avoids being on the hook for much support if things go pear shaped because everything is fully available to the community. At the opposite end a company like Apple could maintain total control for 10 years if they wanted, but only if they offered 10 years of updates and hardware repair or replacement. At any point they could get off the hook for that, but then they'd have to let owners take it over themselves. No having cake and eating it too. And everything in between. An Android OEM only wants to support a phone for 18 months? Fine (maybe, within below), but no locked bootloader after that, they need to have full docs for it etc. There would be room for all kinds of brands fitting all kinds of needs and price points.

- The above said, I do think there is an externality/information asymmetry situation when it comes to warranty repair. There is a general expectation amongst the public is that there is some tie between buying something decent and how long it will last. Imagine if an iPhone said "this product will break after two years four months" on the label at buy time, that'd pretty radically change the market reaction to it. But some small percentage of people get screwed, and the standard warranty doesn't match expectation at all. Essentially the consumers are all gambling, and the side with the best information on risk keeps it to themselves and gets to sell "extended warranties" at enormous profit. The sticker price doesn't accurately reflect all the potential costs. That shouldn't be allowed. Standard warranty coverage should either be longer period, or have some sort of tie to pricing/tier. If someone wants something ultra dirt ch...

How about standardizing battery replacements as well as standardizing on battery packs for power tools?
I mean, there's always going to be more things.

This one is a huge step and I hope it goes through.

I’m surprised no one has made a series of adapters for this so you can use any battery on any tool.
Some of the modern batteries are electronically controlled by the tool. It's not as simple as just an electrical connection anymore.
I'd rather not. Competition in the power tool market has resulted in very impressive batteries over the last few years. Combined with the new brushless motor tech, consumers of cordless power tools are better off now than they have ever been.

If we had standardized on the old 18v-style batteries, with the stick that goes up into the tool handle, we might still be stuck with them.

Similarly, if the EU had gone through with standardizing on micro-USB plugs for smartphones several years ago, as it threatened to do, I doubt we would now have phones with USB-C which is so much better.

You can innovate in batteries while standardizing on form factor.

I very much don't want to have to buy ten different batteries for devices and have none of them work with each other.

AAA, AA, C, D, 9V... these are all very much handy to have. You can find them with Alkaline, NiCad, NiMH, Li-ion, and the only thing is whether you can, and if so then how often, you can recharge them

Both the battery packs, as well as the sockets, as well as some lights, for the Ryobi 18V one+ system are made by third parties now. I've built a few projects that use the 3p one+ sockets, wired up to buck converters to give 12V, using 3P 9AH batteries. As sibling commenters pointed out, there are also adapters to/from most common tool batteries around.
> Sideloading would "hurt competition and discourage innovation" by making it "much harder" to protect the privacy and security of personal devices in the United States, according to Apple.

Taking Apple at their word here, I still don't get it. Can anyone explain the argument they're trying to make? As written it just sounds so ridiculous (but I'm still trying to understand it).

> Can anyone explain the argument they're trying to make?

If Facebook removes their app from the App Store (or cripples it), and says you have to side load this app, most Americans will do so. Even if that app violates a number of user-friendly policies. The OS, of course, could enforce that at a technical level, which weakens the argument significantly.

Also lots of people will click links and side load spam apps, but that’s par for the course.

What technical restrictions can they do?

It can't be sandboxing, as the entitlements and/or existence of sandboxing for an app is enforced by the App Store, and we've just said we're not using that.

It also removes privacy protections: Facebook is required to ask permission to track you on iOS. It's only required to by platform policy in the App Store license agreement. They're not using that any more, so goodbye opt-in tracking.

Why couldn't they make the entitlements enforced by the operating system with user prompts, rather than the App Store (or both)? Just because that's how it's done right now doesn't mean we're just flipping a switch and suddenly allowing everything. It's still up to Apple on how they implement it. If that's how they choose to implement it, that's on Apple.
Prompt based security has been shown to be a bad "solution" over and over again. The primary goal of which degenerates to "blame the user".

Even if you do want to do that, what do you ask the user? Even the basic entitlements often require some amount of knowledge a regular user simply doesn't have. Then the law itself has rules prohibiting restrictions, and I would bet someone will claim dialog based security counts as a restriction.

The law even makes it hard (impossible?) for a platform to protect even a modicum of user privacy. Section 2 (b) 3&4 explicitly prohibits a platform owner from placing restrictions on collection and use of user data.

As opposed to the current primary goal of giving all the power to Apple to decide what the user gets?

And once again, that's on Apple to implement. If they choose to continue to keep entitlements in the same format, that's on them to explain it to the user. See Android, they handle permissions fine.

That section doesn't place restrictions on the generation of user data, only access to generated data. So don't generate it. In my opinion that's to prevent the platform holder from getting an unfair advantage by keeping the data for themselves. If the user doesn't give permission, the device doesn't generate the data, you're not restricting access to data because it doesn't exist.

You mean the android that has a massive malware problem? That android?

As for the second bit, the "generated information" is things like device ids, location, etc. The stuff that is necessary for a phone.

But clearly you're of the view that requiring malware, people having to give CC information to innumerable other companies, is a good thing, so I doubt we're ever going to agree on this.

I would rather not have to worry about software installing a persistent crypto miner in the background, and not having to worry about software invading my privacy, than installing whatever mysterious apps aren't currently permitted on the App Store, but you do you.

No, it's only "generated through an interaction of a covered platform user with the business's products or services". Device ID and Locations aren't exactly generated through an interaction unless the user decides to give it.

Exactly that's your choice. You can choose to continue being on Apple's App Store where they do check for all of these if you want. No one is forcing you to install give that credit card info. Don't take away my choice to choose otherwise. If I want to pay for something with credit card, shouldn't I be allowed to? Or if I wanted to run background processes on my devices?

You do have a choice, for all of your examples: you can buy an android device. The iOS ecosystem is successful because that is what many people want.

You want the android experience, but rather than getting an android, you want to force that on the people who prefer the iOS model. They like not having to worry about malware. Currently an iOS user can get all the software that they want from the iOS AppStore, and they don’t have to give random companies their CC#, they don’t have to worry about the app subverting their privacy, because they know apple kills software that does that whenever they find it. This law means they have to deal with multiple different stores, that have no incentive to maintain platform security or user privacy. In fact they’re incentivized to abuse user privacy.

As an iOS user I do not want the android experience. This law basically forces ios to have that. Malware and all.

The only things this does is reduce user security, and give scummy publishers the ability to bypass AppStore rules the protect users (like “you must make discounting if subscriptions trivial”, “you don’t get to run a cruptominer in the background”, etc).

Again, if you want to have the android experience, use android. Literally no one is stopping you.

I want a better iOS, not just an Android experience. Those are not the same thing.

> an iOS user can get all the software that they want from the iOS AppStore,

> apple kills software

Which is exactly the problem. That Apple has monopoly power over iOS apps.

> This law means they have to deal with multiple different stores

And in the same way I can choose Android, you can choose to use to continue to use Apple App Store only. Do you think Apple should be the only smartphone manufacturers because you don't want to deal with multiple OSes? No, because you're not being forced to use all of them.

Do you think if google makes google calendar only available from the google store that many people will have a choice?
Yes. You can choose to use Apple Calendar. Can I not go on the Apple App Store and search for Calendar and easily get 10+ results? Are you forced to use Google Calendar? No, but you can choose to.
Nobody is forcing you to delete the Apple app store and sideload apps. Don't want that experience? Don't sideload apps and don't use alternate app stores. Literally no one is forcing you to install apps another way. Just because the feature is there, doesn't mean you have to use it.
Until, for example, google deploys its app through its own App Store, with its own “privacy” rules.

Or epic: another company that has a novel approach to use privacy

Or Facebook

Etc, etc

The only option goes “the AppStore with its various restrictions and protections” or “miscellaneous parties with a vested interest in destroying your privacy and/or complete lack of any review”

I think the best solution here would be to outright disallow (by law) companies from manufacturing devices in a way in which they retain more control over them even after the sale to the end user has been completed.

They can have either the same level of control, less, but never more. As it stands right now, Apple and pretty much all Android manufacturers have more control (Yes, I said Android too. Good luck trying to mod the bootloader itself or gaining access to the TEE)

This would be a great thing because that way you don't force any company to modify their app plattform or change their normal user-facing software in any way, yet those who wish so can do with the device whatever they want in the same fashion the manufacturer could before (and even after) the sale.

This has never been about users having control over their own devices (that ship sailed since proprietary software became a thing). This is about big corps fighting about money trying to influence public opinion and legislation.
In my opinion, proprietary software doesn't mean you don't have control, as long as you can choose to not run that software and still make use of the hardware. It's not proprietariness that is the issue, it's the forced execution of code the owner does not approve, or even worse, the outright refusal to run the code that the owner does approve of.
> You do have a choice, for all of your examples: you can buy an android device. The iOS ecosystem is successful because that is what many people want.

And if they opened up to additional stores or side loading, you would have a choice to stick with only using the Apple one. That choice doesn’t go away. In fact, the vast majority of Android users aren’t installing side stores because the Play Store has what they want. This is why companies like Spotify still distribute there despite fighting Google on fees.

Apple is being extremely dishonest. The App Store changes shouldn't impact sandboxing.

> App Sandbox is an access control technology provided in macOS, enforced at the kernel level.

https://developer.apple.com/library/archive/documentation/Se...

Did Apple claim it would impact sandboxing? I don't think they did.

A realistic example: today if your iOS app wants to track users, it must go through AppTrackingTransparency.framework, which allows the user to opt-out, and use the device’s advertising identifier which the user may reset.

Of course this cannot be enforced by the kernel; it's enforced by App Store review. Sideloaded apps would presumably not be subject to this rule.

> Did Apple claim it would impact sandboxing? I don't think they did.

Apple claims that security would be impacted. They implied that sandbox=app store. Its all FUD marketing, of course, but they heavily implied that the app store review was the safety method for customers.

> if your iOS app wants to track users, it must go through AppTrackingTransparency.framework, which allows the user to opt-out, and use the device’s advertising identifier which the user may reset.

No reason you can't make access to the ATT DeviceID a call to OS. It'd return 000000 in generic case, and prompt the user at OS level to approve. If no approval, then it'd return 0 to app. You can't guarantee what they're doing with the number in-app, but apple barely does that now with review so probably not much loss. Sure some apps could try to access restricted memory or file paths that they aren't supposed to... but thats what the sandbox is for. BUT maybe apple should just kill DeviceId for everyone since im sure most people opted out.

The real loss to apple is that first party apps may have to play by their rules, and lose access to privileged APIs, or open them up to sideloaded apps (since the trust boundary is moved from source of app, to OS calls). They don't want to have to play by their own rules.

No, that is not how it works, Apple is not being dishonest.

The App Sandbox enforces the sandbox rules that are a signed component of the app. The App Store ensures that the entitlements that an app has are valid, necessary, and safe.

If you remove the App Store, a binary can have any entitlements or policies it would like, including not to have one. For example the Facebook, TikTok, or Google apps can give themselves the appropriate permissions to access all your data. The kernel will enforce those sandbox rules, and ensure that the app never accesses more than all of your data.

> The kernel will enforce those sandbox rules, and ensure that the app never accesses more than all of your data.

WTF good is a sandbox if this is the level of sandboxing it does? The app store is not great at catching things before they get released to the public, so this seems like a good reason to not trust apple exclusively if they're the only line of defense.

Why can't the calls to internal APIs still require auth'ing? Sandbox running software from accessing data outside of a specific internal API (via socket, etc), and require a handshake process or something before it returns data via that channel. The user can still get an OS-level prompt to approve use of API. You can literally still require a signed key in this step to identify apps. If an app tries to go around that... sandbox keeps it from seeing the rest of the system.

One thing the App Store does is automatically verify the sandbox rules are valid. If they aren’t the app is auto rejected.

How do you think the kernel knows what an application is allowed to do? Seriously, I want you to think of a way that the kernel of any platform could know what facilities an app should have access to.

> It also removes privacy protections: Facebook is required to ask permission to track you on iOS.

I think they are require to ask permission to track you using iOS API. They still track you based on what you access on Facebook.

They can minimally track you - the only technical restrictions apple can do is block device I’d, etc.

The App Store policies ostensibly also prohibit an app from tracking a user via any other means once that user has said no to tracking.

> The OS, of course, could enforce that at a technical level, which weakens the argument significantly.

This is simply not true. An app can lie about what it does, and nothing at a technical level can prevent that.

> An app can lie about what it does, and nothing at a technical level can prevent that

I was thinking of the tracking restrictions when I wrote this. The OS simply doesn’t give the app the data.

It’s much harder than that to prevent fingerprinting, or the use of legitimate APIs for illegitimate purposes.

In any case the idea that you can achieve privacy and security solely through managing APIs is simply false.

Apple doesn't have the authority to shut down Meta's business. Only our congress, department of justice, and the governments of foreign markets have this power.

You can measure just how big of a monopoly the iPhone App Store is by how many billions of dollars shift with simple changes to Apple policy.

As much as I hate ads and tracking, it's not Apple's right to be the sole defender of the American people. That's what laws are for. (And besides, Apple is already a direct beneficiary of all that tracking themselves. They're absolutely doing business and making decisions based on your behavior.)

Too much economic activity (50+% of American computing) is happening on iPhone for Apple to be afforded the monopolistic privilege of taxing it all. Apple makes so much money from sales of their remarkable hardware, subscription services, and other incredible and highly profitable business units that they won't be at risk by giving this up.

For the health of the broader industry and the enduring benefits of fair competition, Apple must relinquish the App Store monopoly.

Apple will be more than okay. And they'll shift efforts that used to be spent on protectionism into true innovation.

> it's not Apple's right to be the sole defender of the American people

They're not. They are (and want to continue to be) the sole defender of Apple iDevice customers. The American people (and in fact anyone else), can choose a non-Apple device, and therefore non-Apple ecosystem.

To me it all boils down to - is the app ecosystem a public commons or a private commons subject to the owner's T&C's? (for clarity - the owner is not the customer. The customer owns the device, but they do not own the ecosystem).

If I like neither Apple nor Google, how can I realistically choose a non-Apple non-Google ecosystem? It's getting increasingly difficult to find a bank that does not require one of these 2FA apps that are only available from the Play Store or App Store (and which refuse to work on Android phones with non-standard OSs like Lineage).
Great question. Believe me, I too want a non-Apple, non-Google solution. Ideally, we'd figure out a way to support a true "public commons" for phone apps, one that also supports an ecosystem of trust/reputation based "security validators/assessors" that provide independent assessments of apps on the public commons. People would be free to ignore these assessments. Or something.

To be honest, I have been recently looking at trying out an Android phone that supports Lineage, but the 2FA issue would be a deal breaker. Is it just some 2FA, or most/all?

You can’t, but then you can’t choose to ride a genetically engineered unicorn either.

In either case someone would have to make one first.

> Apple doesn't have the authority to shut down Meta's business.

This is a silly statement that has nothing to do with reality.

Apple has the right not to be forced to work for Meta.

If people want Meta so much, they can choose an android device, or Meta can license Android themselves.

> If Facebook removes their app from the App Store (or cripples it), and says you have to side load this app, most Americans will do so.

The primary reason for this is that Facebook itself has a dominant market position (network effect) and is deserving of antitrust scrutiny. "We need this evil monopoly to protect us from that evil monopoly" has a better solution in smashing them both.

Notice that this argument doesn't work anywhere else. If your tetris app which is in competition with many others decides it wants to go out of Apple's store so it can spy more, nobody is following you. They'll just install one of the hundred others.

To gain anyone's trust for any app that isn't a monopolist, an alternate store would have to have a similar reputation for rejecting bad apps. But then the scammers wouldn't be able to make it into any of the stores people trust. The advantage is that some of the non-scammers that Apple rejects for illegitimate reasons, would. (Or competitive pressure would cause Apple to get better at not rejecting them in order to prevent it.)

I don’t think I’d call Angry Birds or FarmVille or Fortnite or any other game a monopoly, but millions would sideload those.
Out of hundreds of millions of users. Is the game going to give up >90% of its user base?

Especially when the reason for the move is obvious. If Facebook leaves the app store, and Facebook is completely free and makes money from advertising, everybody knows why they're doing it and it's to screw you out of your privacy. But you can't say no because Facebook is the only way you have to talk to your grandparents, hence the need for antitrust.

If Epic Games moves Fortnite to another store because the other store charges lower fees but still has a good reputation for not allowing bad apps, likewise the reason they moved is obvious. It's to have lower fees, because Fortnite makes money by selling things in the game. Many users will be fine with that, as well they should be, because that's the point of allowing other stores.

But a game doing it for the same reason as Facebook, well, they're going to lose most of their users. Because nobody needs a game that much, so the company doing it for an adversarial reason will cause large numbers of customers to tell them where to go.

You underestimate Fortnite, that's about the only way to talk to peers when you're 14 years old. (imo exactly the same kind of 'monopoly' that Facebook has)
Assuming you were right that Fortnite was really at the same level as Facebook, you're really just arguing that we should antitrust Fortnite.
Is it what is happening with Android? From what I read it’s not the case, almost every install is done via the play store, sideloading is a power user feature that has almost no impact on the average user security.
It's not happening as much with Android because Google has a vested interest in making it easy for people to be tracked, so it has fewer restrictions on doing so. The "Ask not to track me across apps" feature on Apple is what this is mainly about for Facebook.

But yes, there have been such cases. Epic successfully forced a massive number of Android users to sideload Fortnite to get around Google's policies, and Google wasn't happy and tried to undermine that attempt.

> has almost no impact on the average user security

I don't think that's true.

Google publishes malware stats on the on-play and off-play ecosystems and the malware rates differ. Famous examples like malicious versions of FortNite make news headlines. Play policies also enforce various security-relevant action like updating to near-recent targetSdkVersions and fixing a variety of automatically detectable security vulns. No such enforcement exists in the broader off-play ecosystem so it will be easier to install an app with trivial security flaws.

Whether this is a justification for banning sideloading completely? That's another question.

If it was worth doing this, why aren't they doing that today for Android then?
Epic Games tried side loading Fortnite on Android, and then went back to the Play Store. Here's their statement:

Google puts software downloadable outside of Google Play at a disadvantage, through technical and business measures such as scary, repetitive security pop-ups for downloaded and updated software, restrictive manufacturer and carrier agreements and dealings, Google public relations characterizing third party software sources as malware, and new efforts such as Google Play Protect to outright block software obtained outside the Google Play store.

So basically, the fear mongering about major publishers taking advantage of sideloading is entirely unfounded, which is exactly the point I was trying to make.
I still don’t see what it has to do with hurting competition and innovation.
> If Facebook removes their app from the App Store (or cripples it), and says you have to side load this app, most Americans will do so. Even if that app violates a number of user-friendly policies. The OS, of course, could enforce that at a technical level, which weakens the argument significantly.

The OS, in iOS' case at least, does already do this. So the case is weak right now.

The #1 reason for the app store is to take that sweet cut. The #1 reason to sideload is so those apps can bypass the store's cut. Follow the money.

Apple defends their absolute control over software that runs on their devices by arguing that malicious actors could give instructions for sideloading malware.
Ok it's very simple.

If Facebook says "we're going to put Facebook on a different store", now the majority of americans use Facebook, so now install the second App Store. This App Store fails to maintain the security rules of the real App Store, and now users devices a compromised.

A core part of the security model of iOS is the App Store. The App Store makes sure that all applications have a sandbox, and that the sandbox entitlements are safe.

The reason one app can't build a list of your other apps is because the sandbox prevents it. The reason it can't read your address book is because it lacks the entitlements to do so without your permission.

As far as privacy: The reason Facebook, or any app, is required to ask for your permission before violating your privacy is because of App Store policy.

This legislation explicitly makes restrictions on collecting user data unlawful.

(comment deleted)
>Taking Apple at their word here, I still don't get it. Can anyone explain the argument they're trying to make? As written it just sounds so ridiculous (but I'm still trying to understand it).

There are at least three aspects to this: active attacks, negotiating power between various actors, and platform maintenance.

1. To the first, certain classes of attacks and malware are dramatically harder to execute on locked down platforms like iOS devices than on open systems. Remember, on the PC or Mac enormous amounts of real world risk isn't the result of 0-days but social engineering, pressure, user error or laziness, etc. On iOS, it's simply impossible to just give somebody root access. The user doesn't have it. It's even harder to have a persistent root kit, let alone go down below the kernel. When there are exploits, the owner community as a whole tends to see and have deployed upgrades faster. There are more barriers to the kinds of low effort mass adware and the like that plagued many non-technical (this does not mean stupid or undeserving) people before, like the classic of opening your relative's browser and discovering a hundred competing searchbar and ad injecting add-ons and such. And on and on.

Of course, there are security issues that can arise from this too. And if a player is more powerful than Apple is (like a major government) then the whole thing can go very bad, because now there isn't any way to bypass that either. On balance I think the long term risks are higher with no owner controlled root cert like the current situation, but we shouldn't be blind to the fact that Apple worked to solve a huge problem with computing that the tech community were really assholes about (me included to some extent in the 90s, I remember the BOFH type admin and jokes that went around hell desk quite well). There is some baby amongst the bath water.

2. To the second and per above, that Apple has a secured position as powerful player on the iOS platform shouldn't obscure that there are other very powerful players vs the normal user. Many people find certain things like Facebook effectively indispensable. And individually they lack the weight to negotiate. Facebook and the like do not give a single shit about you individually. If you tell them "you better stop XYZ tracking or no more service from me!" that likely won't even get a reply. But Apple's control means it acts as the focal point of hundreds of millions of very valuable users combined. Apple can say "thou shalt disclose privacy practices and formulate and obey a policy" or "thou shalt not have persistent device traction" and attach an OR ELSE to it and actually have it stick. But if a player of Facebook's scale could then just say to everyone "you must go and sideload Facebook Store and grant it full permissions to keep using our product" that power might well completely dissolve. In principle government could be dealing with some of this, but government is often pretty slow, heavy handed, and faces its own problems with corruption, lobbying etc.

3. To the third, while Apple is obviously making plenty of profit and some of their resources are obviously going into irritating bikeshedding UI-cycle stuff, that shouldn't disguise that upkeep of a modern networked platform isn't free. There really is a major cost to keeping up security, to developing and maintaining system frameworks, infrastructure etc, and then keeping up with that for years after a product has been sold. How that is paid for also has implications for effectiveness. It's not necessarily feasible to build all of it into hardware pricing. If users are asked to pay (remember, paid OS upgrades were once the rule in the proprietary world), lots of them won't, which means the platform becomes more fragmented and more people miss out on critical security updates sooner or later. Having it be part of developer prices might be a least-bad way to do ...

Proof by 1st order corporate brochure logic (CBL): "Hurting security" is a bad thing. "Hurting competition and discouraging innovation" is a bad thing too. One bad thing always leads to another.

QED.

I have some questions about how access to Secure Enclave, and in particular hardware keys, would work in a sideloaded app.

Could one sideloaded app somehow impersonate another sideloaded app, and thereby trick the PKA/SKP into signing a message with a private key that it shouldn't have access to?

If there is no way to securely distinguish between two sideloaded apps, such that one app could impersonate another in getting access to OS- or hardware-level cryptographic services, then that could be a real problem, I think.

I don't yet know enough about how these crypto services are implemented to know whether this would actually be a problem in practice, however.

In the 90s and early 00s people would download all sorts of apps from the internet and would inadvertently be installing viruses, they think their app review process prevents this entirely. Fear of downloading viruses is something a certain subset of computer users no longer worries about because everything is either through the app store or in a browser.
Even if sideloading is a thing, the vast majority of users would still use the App Store.
I take it to mean people like my dad will end up with some “virus scanner” sideloaded app that he thinks he needs on his iPhone because he saw a pop up on one of the NRA related conspiracy websites he visits.

Having just reinstalled everything because he had a ransomware attack on his computer, I can understand the argument…

Sideloading has nothing to do with security. Apple can just use Gatekeeper for iOS like they do for the Mac.

They want the control over distribution via AppStore

Let's say the App Store improve security and privacy ( and in many ways it does ) And now the it is often argued by proponent of going to Android. And let just say this is fair argument.

But no one have suggested how they solve the current issue with App Store, Apple's power of Digital ( App ) distribution. Where it has 50%+ of Smartphone Market in US. When Apple's App Store practice and policy have been found to be Anti- competitive, Unfair ( while at the same time crying foul of 4G/5G agreement ) and inconsistent for years. Rent-Seeking in App Store fees. A Flat 30% on all categories. Did you ever see that in retail? ( The answer is no, considering 99% of HN dont know much about Retail )

Apple wield so much power, that politicians around the world are un-happy. But as far as we are aware, no body at Apple think it is a problem. They are still thinking about it as a money problem.

You might be surprised at how many apps aren't really a "choice" these days.

I and other people I know have to use phone apps for work, mainly for authentication, meetings and integration with the work calendars, and then have to use more apps to access bank accounts (both business and personal), credit cards, and to authorize some payments in real-time. Some of those things don't exist in any form other than as a phone app. Even the desktop browser versions require the phone app for authentication. It is assumed you have one.

No, there is not a sufficiently free market from which to choose alternatives. For example, you may have to "choose" a job, phone-based bank, and credit cards, based on what is available in difficult times, not based on choosing what you'd prefer.

If those essential apps switch to sideload-only because they can, those people have to comply. Not because it's a free choice. The phone is not only a social device, and the constraints are no longer things like Facebook, they are things more like essential utilities which nowadays require a phone. Even an unlocked Android won't do.

In some countries phone apps are now required for access to government services.

Maybe side-loading is the future, and it has some benefits.

But it would be wrong to say there is no security and privacy issue if apps remain essential for access to services, stop being subject to app store curation, and can then require permissions to do whatever they like on the phone in future, such as turning on the microphone and location services, and reading photos, files and messages. Some of them already require too many permissions, and of course we already accept, uncomfortably, if we really need those services. The app store curation keeps this in check to some extent; it is not a technical problem.

I think the headline is wrong. Sideloading or alternate app stores wouldn't be required, thats not the purpose of the bill. Sideloading and alternate app stores is a legitimate privacy/security problem that will be exempted under the bill.

>"unless necessary for the security or functioning of the covered platform," from https://www.congress.gov/bill/117th-congress/senate-bill/299...

I think it would actually be very good for the app store, outlawing a lot of the restriction that Apple places on things like payments.

I really don't know what to think about the bill overall. It would definitely have the largest impact on Amazon, their basics line would pretty much be killed by the law. Google rankings would also be overhauled, no more flights at the top of the page.

The testimony in support of the bill by Sonos [0] and Tile [1] is also a good read.

[0] https://www.judiciary.senate.gov/imo/media/doc/Eddie%20Lazar...

[1] https://www.judiciary.senate.gov/imo/media/doc/04.21.21%20Ki...

Using terms like sideloading is precisely why the vast majority of the public doesn't give a damn about this issue.Free 'social experiment' idea: ask everyone who was a smartphone what is sideloading, what is installing, what's the difference and what's common.

Altering our language to appease companies and somehow pretend like sideloading means something different than installing is why we're losing, precisely because it's a tactic to erase correlation of the word and the meaning.

As part of the general public I feel the same way about these made-up terms. However, I believe if there is an increase in litigation, as a result of new "anti-tech" laws, that is allowed to proceed through to discovery, then lawyers will cut through the BS. The made-up terms will be translated to "plain English" that the general population, including judges, can understand. It is part of the job.

There is an old theory that settlement may actually be averse to justice. In the case of "tech" companies and their nefarious practices, questions have been allowed to remain unanswered and issues to remain unresolved for the general public. This has been going on for a very long time. Uncertainty has been allowed to persist for decades. Who benefits from that uncertainty.

The majority of experts will agree, that restricting sideloading is not 'necessary for the security'.
Depends how tight you want your security to be, risk tolerance varies.
If you don't want apps from outside the store on your phone then don't install any.

External apps should obviously require the device owner to authenticate in order to install. If this can happen without the device owner authenticating, that is a security problem, but so are a thousand other things, like copying your data off the device, that are no problem at all unless they can happen without authenticating.

That's an oversimplification. Lots of people in this thread have mentioned consequences of giving companies like Facebook the option of moving to sideload-only, and how that normalizes not having a quality/policy gatekeeper for installed apps. You can't enforce good app behavior purely from API design.
Facebook is a special case with its own solution:

https://news.ycombinator.com/item?id=30017171

Then you have a truth. The extent to which people want Apple to curate which apps they can install will control the amount of leverage Apple has to do it with. If people really want it, they'll put up a strong resistance to installing apps from other sources, even if Apple isn't forcing them to. Then Apple will have leverage to enforce good behavior. Or people will only switch to other high quality stores that also reject bad apps.

If it turns out hardly anybody cares, they won't. But then the argument that most people are buying Apple products specifically because they want a curated experience would disintegrate against empirical evidence.

No. One of the biggest lie I have always seen is that market moves accordingly to the users wants which, as developers, we must understand is absolute bull crap. Users aren’t binary vessels that act accordingly to if statements. They make compromises and comply with the default until the default inconveniences them extremely. One of the things businesses and we as developers have gotten really good at is hiding this until it’s too late until the Consumer is trapped and locked in.

People will do whatever it takes to use these big apps so long as the friction is perceived to not be to great and by the time the cons are experienced we will all be too entrenched. And no the law will not move to protect consumers, not until it’s far too late, just as this bill is.

You are now arguing that this is the case:

> If it turns out hardly anybody cares, they won't. But then the argument that most people are buying Apple products specifically because they want a curated experience would disintegrate against empirical evidence.

And then it goes both ways. If people go out and buy an iPhone because it's shiny and they're uninformed, without realizing it gives a huge corporation the ability to control what they can do with it while collecting rents on everything they buy and hiding all of that from them, that's at least as much of a problem as some app wants to show you ads for shoes because you did a search for shoes.

The solution for both is to do something about the information problem while still giving people choices, not declaring Apple to be Father and all living under corporate patriarchy.

If nobody cares then convince them to care or lose. Locking them in a gilded cage "for their own good" is not a valid solution.

Eh, even if so, how many years and millions of dollars before that is established in the highest applicable court and actually enforced? Until then Apple can do whatever, really.
You know where else I can side-load apps? Desktop PCs. You know what my in-law's desktop PCs are full of? Spy-ware and search bars and other crap they got tricked into side-loading.

Here's how I think this will go down:

1. Some indie developers and hobbyists will be enabled by not having to pay $99/year and jump through hoops to distribute apps. That will be good.

2. Some mainstream apps will require side-loading to get around the Apple tax for purchases, but they won't lower their prices. That will redirect some money from Apple to Amazon or EA or whoever. Thats bad for Apple, good for those companies, but I don't think it will affect most people very much, except for a better flow for in-app purchases where you're current directed to the web-site.

3. The mainstream apps eventually condition people that side-loading is an okay way to get legitimate app. Then publishers will leave the app-store in mass, and the crapware will be as prolific as on PCs. This will be bad.

4. Side-loading will enable piracy, and so honest users will suddenly become more burdened by software DRM type crap. This will be bad.

I am honestly not convinced the good that comes from #1, and the connivence that come from #2 are worth the costs of #3 and #4.

I'm less convinced that piracy^wcopyright infringement is as much of a problem as the people who stand to profit most from its demonization claim it is.
I don't think copyright infringement is a big problem either, but many software publishers do, and that fear leads them to make the software worse for all of us.
> Senator Dianne Feinstein criticized the bill and said that it targets a "small number of specific companies," and Senator Alex Padilla said that it was difficult to "see the justification for a bill that regulates the behavior of only a handful of companies while allowing everyone else to continue engaging in that exact same behavior."

This bill should pass but that’s also a good point.

More fundamentally there should be a bill that affectively taxes the top 10% of companies in all industries and credits the bottom 25%. Call it an innovation bill. In addition the bottom 25% percent should get discounts on all licensing fees charged by the top.

More generally our government should use financial incentives and disincentives for creating the behaviors we want.

> Call it an innovation bill.

This will result in a boatload of scam and zero innovation.

How so?
Not op, but I can imagine it would be easy to be in the 'bottom' tier of an industry by revenue/sales/etc - if I want to be credited, just make a tiny barely functioning company and collect the credits
A well operated implementation would probably be in the form of reduced taxes, not a check as the point is to help grow smaller competitors, not create zombie companies.
> More fundamentally there should be a bill that affectively taxes the top 10% of companies in all industries and credits the bottom 25%. Call it an innovation bill. In addition the bottom 25% percent should get discounts on all licensing fees charged by the top.

No. How is this at all promoting innovation? The practical effect of this would be to allow crappy companies to stay alive as zombies, doing the opposite of promoting innovation. This would also encourage companies to split into a hojillion shell companies to qualify themselves as what you define "the bottom 25%."

This isn't even speculation. If you look at states' tax credit programs to "encourage innovation" in x industry, you see those tax credits are absorbed by the best of financial engineers.

The more levers, and thus complexity, you create in an economy, the more likely that it's the extreme wealthy who benefit.

I disagree with you. If companies split themselves into smaller companies that wouldn't necessarily be a bad thing. Without having described how exactly the money would be distributed or the specific criteria I'm not sure how you can confidently say it would create zombie companies.

In any case, the point of what I was saying was to help fund strong competitors. You could just as well transfer funds from the top 10% to the third and fourth deciles.

What's your desired outcome of a program like this? The purpose of antitrust is to encourage competition for the benefit of consumers. Improving competition is a necessary, but not sufficient outcome. Creating competition for competition's sake, irrespective of the consumer effect, is against the spirit of antitrust.
I think competition for competition's sake is good. Historically and inherently it will ultimately result in better outcomes for consumers as ultimately that's the purpose of all companies - providing goods and services.
No , Competition should not be for competition sake but for the benefit of the consumer. If competition results in worse conditions for the consumer it should be eliminated. Especially in the tech space where things such as security is sometimes compromised for the sake of competition
How exactly would competition not inherently help the consumers?
I would love taxes or other regulation that encouraged companies to split up, but I think something like an aggressive progressive tax structure on revenue would work better than sending money to the companies at the bottom.

A company dying means the people in it would be available to other companies, where they could potentially find better things to do. Very different from a person suffering from poverty (where welfare and such has its place).

Isn't the very definition of antitrust to target "a handful companies" and prevent them from running an entire industry?
Why do you believe that taking money from the top 10% and gifting it to the bottom would result in innovation?

Is is not possible that the bottom 25% is there for a reason, that they failed or their product is not viewed as innovative by the public?

I fail to see how this wealth redistribution scheme would be effective or produce the stated outcome. Like most wealth redistribution scheme it is lofty on the goal, but unclear on the results with no objective measurements and not real way to assess its value. It is more a "do it and assume it was successful" program like many government program are

Depending on how it's implemented it could result in innovation by reducing the cost for competitors, to well, compete. Tremendously poor companies would still fail, but it would effectively create more breathing room for potentially viable competitors.
> Why do you believe that taking money from the top 10% and gifting it to the bottom would result in innovation?

The economics occurring atop the Apple platform should not belong to Apple. Apple created a great product in the iPhone, they slayed the competition, and they have forever positioned themselves as 50+% of American computing. They're making boat loads of profit on hardware sales, accessory sales, first party services and subscriptions. This should not come with the right to tax almost everything happening in mobile computing.

Apple is not innovating in the dating space, the gaming space, the business management space, or the productivity space. They are taxing these industries simply because they established themselves as the toll keep of the winning platform.

None of these companies cares about Apple. They're only building in Objective-C/Swift/iOS because that's what won the market. They'd be much happier to build for an open web platform, but Apple has artificially knee-capped it. Web apps suck because of Apple.

Apple needs to be told by the government this isn't okay. This won't hurt Apple in the slightest. They have a dragon's hoard of cash, will still have the best mobile platform, and have a ton of other incredible revenue streams.

They need to let their stranglehold go so that others can grow too.

Imagine if the roads were 50% Tesla and Tesla took 30% of every Amazon delivery, every trip to the grocery store, and every date you went on. That's what Apple is doing right now. It sounds absurd because it is.

More poorly defined legislation with no predictable outcomes that will spend decades with judges who never used a computer trying to guess their way through?