30 comments

[ 5.4 ms ] story [ 81.3 ms ] thread
I can almost see how they'd get away with a review process under the guise of security, then add an app's fingerprint to some blacklist and automatically remove it from all devices.

Charging fees for sideloaded apps though? Even ignoring the part where it goes against the Digital Markets Act, how does it even work in practise? If I (as an end user) sideload some file I downloaded from the web, the developer/publisher of the file wasn't involved, possibly hasn't entered into any agreement with Apple, and won't have an account set up to pay whatever ridiculous fees Apple demand - which, of course, was the point of the DMA in the first place (freedom from a monopolistic app store).

You would still need Xcode / an apple developer account/ provisioning profiles etc etc etc all through Apple to develop iOS apps though, so with that there's potential for some apple => dev agreement.

Not saying it's good or bad, just that the distribution channel might change but that doesn't mean the development tools will

That's not the rub though.

I imagine that, as sideloading becomes much more commonplace due to the DMA, community-led FOSS iOS SDKs will pop up that cut all dependency from Apple.

That's not where they get you, however. Apple could very well enforce IPAs to be notarized before being installable by an end-user. They could make a web form for the developer to upload the compiled binary. The form would be contract-gated. That's how, even when assuming a fully Apple-independent dev environment, they could still bind you to their will.

This kind of exists in the iOS side loading world. It’s called TrollStore and it uses a CoreKit vulnerability to trick your side loaded app from expiring by running a spoof-server. It also bypasses the 3 app limit for non-developers. It’s open-source, but Apple patched it on newer iOS versions.
by "FOSS SDK" I meant an equivalent to XCode, libs and headers, scripts, etc. Not the signing stuff.
(comment deleted)
I mean, you're still running on Apple's OS right? So, unless Apple gets forced to open up their OS, all apps, side loaded or otherwise, depend on Apple Licensed software. Licensed software that Apple is free to set whatever terms they wish.
The iOS device that it's sideloaded onto could (and does already, IIRC) contact apple's revocation server after install. They could get numbers about the install base from that.
There are lots of apps sold outside the macOS App Store. I’m unaware whether their vendors have paid a commission on those sales. Are they now affected by that move or is it only limited to iOS? Otherwise it would look like you know sacrificing your knight to capture the rook in chess-speak.
Every time I see articles like this, in the "apple plans to break law" format, I hope that they get prosecuted for it quickly so they stop. I assume the DMA works like the GDPR, in that it would have to be Ireland to bring the case against them.
Nope. The DMA can be enforced by the Commission alone.
At this point they are just asking to get much larger fines, I don't see any other way to put it.

Any other company would have realized that they have to at least make a good faith story believable at that point but not Apple, they always double down.

I wonder if they could required that sideloaded apps be signed by them for installation.

It would be against the _spirit_ of upcoming legislation, but is it against the _wording_ too?

For most European courts, that's a distinction without a difference.
They will absolutely require apps to be signed by Apple/partner-issued certificates, they already do on macOS.
So apps installed on MacOS have to be signed? They don't just give the end user a scary, but by-passable warning message like Windows?
No, you need to know a magic incantation to run unsigned apps on macOS. You can't just double click on them and expect them to run.
This reminds me of the Pirate Bay. They were so sure they could get away with doing what they were doing, because the law didn’t specifically prohibit it. In the end though, it turned out that the judges had common sense and could distinguish between trying to not break the law and trying to circumvent it. I expected Apple to have more mature leadership than that.
I guess they were right but for a different reason. I realize some of the creators were convicted but it seems the Pirate Bay is still around.
The greed is immeasurable and unfathomable. They could lower their cut across the board to a more reasonable 3% (single digit percentages used to be a thing on platforms before Valve moved the Overton window with Steam) and still be the top dog company in the world.

I just don't get it. The people making these decisions are insane in my eyes. Insanely rich.

AFAIK before Steam existed most PC games were sold in boxes in stores and they definitely didn't take a mere 3% cut.
Sure, but that's physical media with physical stores. That's a different beast from digital goods IMO.
> single digit percentages used to be a thing on platforms before Valve moved the Overton window with Steam

I think people really underestimate the customer value of Steam. I have a library of 20 years of game purchases. From numerous different game companies. I can install all of them on any computer, now including my Linux machines, or a Steam Deck. If a device can't run one of those games, I can stream from another machine with Steam Link, including now to my VR headset. If a game uses Steam's multiplayer networking, multiplayer just ... works. No worrying about ports, NAT, anything. It just works every time, unlike every other multiplayer system I've used. If a game uses Steam Workshop, mods are available right in the same program, no extra tools required.

Besides the hardware and the game purchases themselves, all of that was free for me, the consumer. I get that Valve takes a big cut, but the value add of Steam is almost immeasurable from the consumer end. I've bought games from GOG but the experience isn't even close. Every game I've had to buy through Origin or Ubisoft directly had made me grit my teeth at their bloated launchers. Most of the physical games I've bought outside steam have been lost, damaged, or deteriorated with time.

If someone had told me 20 years ago, when I was signing up launch week and it kept crashing, that Steam would be this ubiquitous, useful, and free, I wouldn't have believed you. Steam is an incredible value add that makes PC gaming a tremendously better experience than console.

And more: no game developer is forced to publish on Steam. Anyone can sell directly to customer, directly installing their games. But people choose to publish on Steam because it adds value to gamers and developers. On the contrary, what Apple does is something between racketeering or extortion, only possible thanks to them having the only key to the gate.

Boo, Apple.

A gentle reminder that on operating systems with crippled background functionality we, the users, need not only free and unrestricted sideloading, but also a third-party push notification services that are natively supported by the OS.

Or else your inactive email, chat or bank app will not be able to tell you that you have received something.

IPv6 is getting fairly widely deployed on mobile networks. A server-less push mechanism could be designed using it.

If either Google or apple adopted this mechanism for push, mobile networks would adopt ipv6

I don't think IPv6 is going to be a good solution here. What do we do when the device joins another network and its address changes?
The OS would notify the app that its IP address has changed. The app can then send this new IP to its notification server, for future notification to arrive at the correct IP. No need for an Apple notification server here.

This would still require some cooperation from Apple, for the OS to receive the notifications and dispatch them when the app is not running. A long time ago, when there was no outrageously dominant players, the Internet industry would have produced an open communication protocol for this use case. Using the same protocol and the same notification server for both Android and iOS would be nice. Sadly, this is unlikely in today's Internet.