64 comments

[ 4.4 ms ] story [ 140 ms ] thread
I think in ~5 years, after all of the fine details shake out and 3rd party app stores are common across the globe, it will be very exciting to be an indie iOS developer. Open source or demo or hobby apps really don't exist on iOS because the barrier to usage is too high (dev must upload to App Store, or user must compile from source / get an .IPA & sign w/ an Apple Developer Certificate, or convoluted sideloading techniques must be used).

Native terminals & package managers & IDEs... the iPad could turn into an amazing development machine, despite Apple's best efforts to the contrary.

Is the virtualization framework available on iOS/iPad? That would make the iPad into a killer dev platform if so.
No, but Apple could enable it in like 10 seconds if they so chose.
It's going to be interesting watching Apple's strategy unfold over the next few years. If third party stores prove wildly popular in the EU, then what? If people worldwide start demanding parity, how will Apple respond? Will they oblige or dig their heels further into the sand?
Given Apple’s recent history, I’m betting dig in their heels—which I think is a bad strategy, so I hope I’m wrong. They’ve brought this regulation on themselves with their unnecessarily ham-handed actions. People—even big Apple fans—have been calling it for years. It’s been frustrating to see so many unforced errors.
Dig in their heels and watch other parts of the business get even more agressive. More ads in iOS settings and the App Store. More notifications for their products and ecosystem.

I can see it in them making the TV app the only way to watch your media. Now I'm subject to their TV+ advertisements whenever I want to watch my iTunes purchases. I can look up a comedy show in their store and the "related" shows are TV+ before everything else.

It's like they're hiring from Amazon Prime TV or something. I honestly don't update my tvOS because it seems to be gets worse in content and having strange UX choices.

I hope they give up on the App Store as a significant income stream. It's a terrible strategy tax, and pretty gross and un-apple-like (the old Apple anyway). Everything is "free" except for predatory in-app purchases, so you can't tell how much anything really costs. It's full of gambling type games that kids play. The apps at the top of searches are often just garbage, and the truly capable apps are very few and far between, or don't exist because of sandboxing.

What I want from apple if they are going to have an App Store is a curated collection of Apps that are good, and aren't scummy, and yes, often expensive. You can chose to use it or not, but if you want the best app, go there.

Just a few thoughts:

1. Are 3rd party stores popular on Android? How about preinstalled vendor-run stores such as the Samsung Galaxy Store?

2. Small developers are the primary beneficiary of unified stores. On the desktop Steam is a good example of that, while large developers can afford the costs of generating direct sales via ATL marketing and support, small developers largely rely on in-store discovery/visibility to reach a larger audience.

3. However a Steam-like store hasn't eventuated on Android likely because Google's store is already good enough. Steam largely benefits from being early and maintains that position despite the numerous copycat stores having compelling offers (e.g. the Epic store is largely a dud despite regularly giving away popular gaming titles.)

4. If the final legislated position for Apple's App Store is simply to be a Steam-esque add-on store, i.e. merely a place of convenience but not at all necessary, Apple will no longer be beholden to accomodating hostile competitors.

5. The EU is still discovering how they can balance strict control versus existing commercial freedoms, and we're about to see this play out with Facebook. Since the EU has suggested that Facebook cannot charge for an Ad-free tier. Which has a few obvious run on implications, i.e. that a company cannot set the price of their own product and ad-supported "free" services (such as Google, etc.) are not in compliance.

6. Don't expect any of the "gatekeepers" to self-regulate their actions, because they can't read the mind of the EU. Instead they'll now sit and wait to be told what to do.

All of these thoughts obviously point in different directions, but there are some themes that apply to all of them.

1. Large software developers are pushing for independent stores because it benefits them, and protects them from disruption from emergent competitors.

2. Small developers will still need to rely on hive/halo visibility (i.e. Steam, Google Play, Apple App Store). Even though this costs them more than direct sales.

3. Either Apple has no control and thus no responsibility, or they have full control and can wield that against hostile competitors. There is no scenario where Apple has no control and full responsibility.

4. People don't like that last point, and that mental disconnect is on display - but that's where all of this takes us. It's a case of careful what you wish for.

Remember the DMA is also targeting Google. I find it interesting that Epic didn't even bother with an Android store until now.
They did do third-party distribution of fortnite already, and still do based on the install flow shown on fortnite.com. (as well as the samsung app store) I have to assume they didn't foresee enough demand for an entire store, especially before android 12 added better support for third party app stores.
It sounds like you're disagreeing with the parent comment, but the information you've provided is in agreement with that parent comment. I.E. that Epic hasn't launched an Android store despite there being never being a technical limitation.
As any corporation, Epic is pursuing its own agenda and cares about their own dominance and their own profits only.

They currently view the spat with Apple as advantageous to them. As soon as this is no longer the case, they will turn around and find someone else to pick a fight with.

> Since the EU has suggested that Facebook cannot charge for an Ad-free tier.

That is not my understanding. They have suggested that you can not offer an Ad-free tier as the way to not have your personal data used for advertising. Fb can offer an ad free tier, but in the tier with ads you need to be able to run off personalization of the ads.

Yes I see that, but that's the source of the problem, because one can sign up for non-DMA services which are based on using the personal data users provide to it to service advertising-based functionality. Since even a song recommendation or touring information falls into advertising marketing.

This means the distinction between being a popular and legally running entity is when the EU makes an arbitrary decision on whether your service is now a "Core Platform Service".

I see how this makes sense for services which can be deemed as an essential service such as obtaining apps for a device, news, and internet search, but I am cynical when it is applied to completely optional services such as "Social Networks", or "Video" platforms. Using such broad arbitrary categorisation "Music" platforms should also be included, I.E. Spotify, but we don't see that and the optics of that don't look good.

I am not pro-tracking whatsoever, I think it is fair for a consumer to be able to opt out of site-to-site tracking (heck out-lawing that would be a better step) but this contradiction exists and it doesn't sit well with me because it doesn't actually look pro-consumer at all, and I have a problem when protectionist legislation is decorated in political marketing for "competition" and "consumer-welfare" wrapping paper, because it leads to two things:

1. Retaliatory legislation: Foreign legislators aren't stupid, they don't buy into that marketing. One can expect the notably absent Music services to be on reciprocal legislation from the USA. Globally this has the run on effect of patch-work inconsistencies in services across the globe - i.e. we're back to protectionism.

2. Vague laws stifle legitimate data-use functionality, but this only applies for services which the rule-maker arbitrarily chooses through specifically tailored criteria. I.E. It's a forced home-advantage to competitors who can use the data to provide new types of services. The vagueness of the laws need to be stamped out and applied to all providers equally: that would be a true consumer protection. Consumers need protection from everyone, not just big entities.

> when the EU makes an arbitrary decision on whether your service is now a "Core Platform Service".

It's not arbitrary.

> but I am cynical when it is applied to completely optional services such as "Social Networks", or "Video" platforms.

These social networks are no longer "optional", and form a huge part of people's lives. Just because they are not running nuclear reactors or sewage plants doesn't absolve them of responsibilities.

> I think it is fair for a consumer to be able to opt out of site-to-site tracking (heck out-lawing that would be a better step) but this contradiction exists and it doesn't sit well with me because it doesn't actually look pro-consumer at al

How is "we don't want Facebook to continue pervasive and invasive tracking of everyone across the entire internet" not prosumer?

Here's what Facbook says about its tracking in the various help and settings pages: https://mastodon.nu/@dmitriid/112180885099177982

How about "For example, if you buy a pair of shoes at your local shopping centre, you might later see an ad for more shoes from that same company or a similar company." Is this really prosumer? Or is this surveillance capitalism that even very few dystopias could imagine?

> i.e. we're back to protectionism.

Yes, EU is about protectionism, but not the one you're thinking about: https://www.baldurbjarnason.com/2024/facing-reality-in-the-e...

> Vague laws stifle legitimate data-use functionality

Laws in general are vague because it's impossible to perfectly describe and encapsulate the entirety of human endeavours in any given field.

That said, there's very little that is vague about European laws curbing the unfettered unregulated unlimited-growth-at-all-costs US-brand of capitalism. For example, here's a look inside DMA: https://ia.net/topics/unraveling-the-digital-markets-act Note how different it is from the bullshit that US corporations spew about it and that gullible people buy into?

I'm not going to engage a reply when your responses are how you personally feel projected as facts. Particularly the comedy around the suggestion that a social network is a requirement (maybe you feel like you need one?)

Also I think you've missed the point as you've pasted in quite a bit of information that confirms or agrees with my views.

> I'm not going to engage a reply when your responses are how you personally feel projected as facts.

Isn't it the exact same that you did?

> Particularly the comedy around the suggestion that a social network is a requirement

I never said it was a requirement. You could try and actually read what I wrote instead of imagining what I wrote.

> Also I think you've missed the point as you've pasted in quite a bit of information that confirms or agrees with my views.

Again, you could try and read that information instead of imagining what this information is.

I make the distinction between what are my opinions. This is a feature of comprehension that you lack and it's why I don't engage in [your] bad faith arguments since it underlines that your objective is not to present facts or opinions for discussion but rather to convey that what you think and feel as factual information - when it is not and you've provided no evidence to suggest that it is.

I'm hope this makes it clear for you. Since I don't see any value in conversations where people can't stand behind their personal ideas.

All the things you listed aren’t blocked by the App Store.

They’re system level restrictions based on the security model (whether or not one agrees with them)

Today you can already find terminals and IDEs in the App Store beholden to those restrictions.

The DMA also prohibits companies from placing restrictions on third-party apps that don't apply to their own apps. So if any first-party Apple apps can ignore these "security restrictions" then Apple may have some compliance issues that force them to remove the restrictions.
But the DMA also requires (not just allows) platform owners to maintain the security of their platform. Many of the security model restrictions for iOS that app developers bump into are unlikely to be lifted by Apple.

Most of the places Apple has given themselves special powers is mostly a shortcut to avoid the hard work of a publicly accessible API and entitlements. Not always, sometimes it really is them favouring themselves, but I'd say that's the exception rather than a rule. I'm guessing Apple will mostly do the legwork to create entitlements and APIs and transition the Apple apps rather than actually remove the restriction.

This will result in some types of apps that are currently not allowed being possible, but I think it's going to be a lot fewer use cases than people think. For example, I don't see side loaded NES emulators being allowed to have a JIT.

> For example, I don't see side loaded NES emulators being allowed to have a JIT.

Why not? If third-party browsers are allowed to have a JIT, why couldn't an emulator?

Apple has a slam dunk case to place a ton of barriers on browser vendors being allowed to JIT code due to the risk to the rest of the platform and the user's data.

Little emulators for NES and Sega Genesis are not going to meet those barriers and Apple will have a pretty easy time excluding them under the security provision.

Dev environments like VS Code will be more interesting. I suspect Apple will choose to build a VM layer to execute complied code inside an even deeper sandbox rather than allowing execution directly inside the iOS layer, thereby severely limiting what a binary complied on device is able to interact with. This would almost certainly be hidden behind an entitlement that Apple will be try to be allowed to gatekeep under the DMA requirement to maintain platform security.

Samsung already offers virtualizations and containerization via KNOX for you to run apps you don't fully trust safely without disk and shared memory access, on their midrange phones.

Surely Apple being wealthier and selling higher priced phones, with even more powerful SoCs can definitely offer similar security functionality for non-IOS appstores. The reason they aren't is they want to push the security boogieman scaremongering to defend their monopoly.

By every measure (go read and told up the CVEs), Chrome has a better security track record than Safari. That means by not allowing users to use Chrome (or a Chromium variant), Apple is forcing users to use a less secure browser and a less secure JavaScript and less secure JIT.
By what possible reasoning would the DMA forbid things in the phone that have always been standard on all major computer operating systems as well as with Android? It’s pretty clear the DMA does not intend for such specious security arguments to allow Apple to avoid the obligation to open up their platform in th EU.
You can read the DMA yourself. In fact, you should read the DMA yourself and not rely on what EC commissioners say on their social media accounts. The EU court of justice can and will throw their rulings and fines out the window when (not if) they overstep their authority to score popularity points.

If Apple were to create an OS from scratch tomorrow, and that OS was subject to the DMA on day 1, they probably would not be allowed to do many of the things that Apple does in iOS. But the DMA can never apply to an OS on day 1 and the DMA cannot force Apple to roll back many of their security features once an OS becomes subject to the DMA. It’s all in the text of the DMA. Read it.

There is a provision in the act that gatekeepers can still restrict access if it that required to maintain the platform's security.

If Apple will continue blocking on device compilation and other app functionality, they may well have their interpretation of what is and isn't a security measure tested in court. If there are competent lawyers involved, it will likely come down to the question of which rules are technically meaningful vs. present only to stifle competition.

But it obviously isn’t required to maintain security of the platform. Apple manages to run MacOS in a more open fashion. Is the argument that MacOS is illegally insecure or something? If the enforcers of the DMA allow a company to simply build their security policy in a way to avoid the rules enforcing the opening of the platform, then what’s the point of the DMA in the first place? Honestly I don’t think Apple will talk their way out of this. EU regulators seem to be much less forgiving of such shenanigans. It’s obvious the point of the DMA is for Apple to open up their platform.

That said only time we’ll tell how this plays out.

I tend to agree with you. But things that seem obvious to us techies may not be that obvious to laymen. Also, legal interpetations of a situation may be abstracted a lot from the underlying facts. So if this goes to court, the likelihood of a very bizarre ruling is not 0.
fwiw, I submitted a DMA interoperability request for JIT access on non-browser apps.

Apple denied it on the grounds that it doesn't fall under Article 6(7) for "multiple reasons". One such reason they gave is that JIT is only used for web browsers on iOS.

Sounds like all you need to do is write a web browser that just so happens to include an emulator...
What is it about JIT that makes it more risky than running non-JIT code?
This is all technically true, but an IDE that cannot compile and run the code on the local device is missing something. The prohibition on JIT or otherwise compiling on device and running the result is a big blocker for a lot of true native dev experiences. I say this as someone who really mostly likes the App Store, but who would really like to be able to compile some code or run a VM with decent efficiency.
Sure, but does side-loading or alternate app stores of notorized apps mean that you'll be able to ship arbitrary JIT-enabled apps and apps which allow arbitrary execution of downloaded native binaries?
Yes. That’s the point. Edit: that’s too glib. The restrictions currently aren’t technical, they’re enforced by what is and isn’t allowed in the App Store. It’s perfectly possible to build the software on iOS today, you just can’t distribute it within apple’s rules
Not a JIT, iirc: from what I understand, without a specific JIT entitlement only Apple can give an app, it’s impossible to mark a memory page writable, write code to it and then mark it executable and run the code. This is a core security feature of the operating system.
That’s correct AFAIK, but assumes a specific kind of JIT. It’s entirely possible for a JIT compiler to produce shared libraries (dyld files in this case) which are then loaded into the process with dlopen. It’s slower to produce a compiled function or module this way, but we actually do it in practice to allow use of compilers that aren’t traditional JIT compilers or to work around similar selinux policies. This means something like luajit wouldn’t work out of the box, but a single-pass JIT binary translation like Rosetta would work fine. Same thing for a JIT like that used in Julia IIRC.
Efficient VMs on iPhone would be great. I experimented with sideloading Jitterbug (1) and using it to launch qemu, but the process currently requires a second device or setting up a VPN - in practice it was annoying.

I just want/need a Linux environment; coming from my laptop, I really miss rsync… FTP/SMB over VPN work but rsync is usually faster!

Fingers crossed that easily sideloading apps becomes a thing here in the US.

1: https://github.com/osy/Jitterbug

I haven't thought much about this, but given the historic failure of alternative app stores to gain traction in Android, what makes you think this will change? Hardly anyone I know outside of tech circles (and some within them) are even aware that alternative web browsers are an option for their phone, let alone alternative app stores.

I think best case is sites like itch.io and Patreon have dedicated app stores that funnel more money to creators and it's easy enough to manage having multiple active app sources on your phone, but they will always have a very small niche market compared to Apple or Google. Even Amazon hasn't been able to eat away at the defaults' market share.

The most viable path I can see to getting alternative app stores as a common scenario and user expectation is basically just... Steam. But mobile gaming is such a flaming shit show, I don't know if that will ever happen. Something like Steam getting traction on smartphones would absolutely help change that problem though.

> Open source or demo or hobby apps really don't exist on iOS because the barrier to usage is too high

Every credible developer I’ve talked to is not hung up on item 1,000 of 10,000 they have to do to develop software. Steam also has a lot of requirements.

The issue is the store is shit, discoverability is the worst of any platform. Steam is great for discoverability. Indie developers can thrive if the stores are better designed.

This might actually drag me into the apple ecosystem. It's a nice ecosystem, it's largely POSIX compliant, but to get the most out of it you should be using IOS devices, and that's just too locked down for me.
This is the first time I've been excited about the future of mobile computing in a while. It's also the first time I've read an article on MacRumors in a while.

I really hope a few of these early experiments work out, and wish them luck!

I'm just not looking forward to the inevitable subscription billing dark patterns that are almost guaranteed to be rife in alternative app stores. Call to unsubscribe, early cancellation fees, unsubscribe "errors", etc. Say what you want about the App Store, but the fact that you can quickly and easily see all your subscriptions in one place along with how much they cost and the ability to cancel them easily is incredibly nice.
The exciting thing will be a real open source repository. An entire app source with no dark patterns of any kind.
If those stores comply with EU law, that shouldn’t be the case. See for example https://ec.europa.eu/commission/presscorner/detail/en/ip_22_.... I can see how stores will pop up that don’t care about laws and regulations, but I would be hesitant to pay for anything there.
have you seen spotify’s new app in europe?

https://newsroom.spotify.com/2024-01-24/the-dma-means-a-bett...

they pushed hard for apple to open up in order push more ads.

It's not "more ads". It's what Spotify has literally been offering forever, but couldn't show to people because Apple's rules literally prevent anyone from linking to any payments/purchases outside of App Store.
Good news is that nobody is forcing you to use the alt stores. You can stay in the Apple App Store all you want.
And hope an app you need to use is always available on the Apple App Store.
Is this not the case on Android?
This is absolutely great and Riley Testut deserves a medal. However, I'm fully expecting Apple to pull some bullshit along the way, like either demanding Riley stop supporting AltStore Server[0] or demanding he not distribute unsigned binaries period.

Apple is hellbent on "containing" third-party distribution by any means necessary. They implemented frameworks for region detection specifically so the iPhone can stop complying and shut off your third-party apps if you travel. They tried to kick Tim Sweeney out of the app distribution market before he even began, for the crime of... opening his mouth[1]. Riley hasn't been as insubordinate as Tim, but he has actively been involved in app distribution, and that is even more of a threat to Apple than mean tweets.

[0] A Windows/macOS application that resigns applications for sideloading and makes remote debugger requests to enable JIT on-device. It notably requires your iCloud password to get your signing certs, which almost certainly already violates something in Apple's terms even if it's otherwise entirely legal.

[1] Casual reminder that the entire tech industry is opposed to freedom of speech, except when it's far-right radicals like Elon Musk trying to redefine freedom of speech as freedom of slurs.

There's an app called reprovision that can do the signing on device. (it also needs to sign itself, so that uses up one of your free slots) IIRC, when I used it any icloud login worked for signing, not just the one tied to the phone.
What Apple wants and what they get are two things. At this point, there's a significant risk that their attempts to contain this will backfire and will result in even more unfavorable rules. The mood here in the EU is not in favor of entertaining their bullshit. There is not a lot of sympathy for Apple here. Rulings against them are fairly uncontroversial.

There's also the notion that the continued negative press around Apple's anti competitive behavior is going to have an effect on their competitive position. Iphone marketshare in the EU is much smaller than that in the US. They don't have as tight a grip on the market. Things like Facetime or Apple messenger aren't widely used because they don't work with other phones and lots of people have those, which makes using these apps impractical.

And this stuff will likely spill over to other regions. Once Apple shows they can grudgingly behave a bit nicer in the EU, other countries are going to insist on the same. China already does that of course. Apple sells iphones there. But with a Chinese appstore, Chinese maps, and under very strict Chinese laws. And of course this stuff might eventually come back to the US where people might rightly wonder why they have to be nannied by Apple.

Is this the return of third-party stores we had back in the days? Remember Tutuapp, Altstore and many others for non-jailbroken devices?
How does it compare from the point of security?

Does an app installed via a non-Apple app store can access more on my device for some reason? E.g. because it uses undocumented APIs that wouldn’t be allowed on the regular App Store?

Yes.

That's why there are several massive warning dialogs when installing apps from alternate stores.

It would be ironic if the open app store would create an european app develoment renaissance. New apps on iOS, Europe only, built for european standards by european developers.
Has this happened for android which has always allowed alt app stores? As far as I know, there is only Fdroid and some piracy app stores.
Web

At times, I feel like I’m only person who makes SaaS app for mobile, but on the Web (no App Store need).

I wonder if/when real versions of Chrome and Firefox will become available through these stores. Or would that still not be allowed without using Safari WebKit as the base?