Game Streaming Apps Now Allowed in iOS

[dada_dave]

Do they? Is software that costs 70 cents instead of a dollar (which is pretty much what we’re talking about here) truly even “optimal” if it comes with much higher risks of security problems, inability to cancel subscriptions without waiting on hold for two hours and sacrificing a goat, etc. etc.?

And are we supposed to believe EU bureaucrats when they say they know what’s optimal? Or should we rely on what experience tells us has already happened?

And once iOS becomes the rank cesspool of malignant apps that Android is, are consumers better off? Did we give them more choice or less in that case?

I guess we’ll find out.

 

[Cmaier]

I guess we’ll find out.

I’m guessing it turns out the same as all the web stuff which has infested everything with interstitial check box forms in Europe already.

 

[dada_dave]

I’m guessing it turns out the same as all the web stuff which has infested everything with interstitial check box forms in Europe already.

Perhaps and, if so, we’ll definitely know what not to do.

 

[Andropov]

No particular disagreement, but unfortunately if they define iOS apps as a market then it follows that browsers on iOS are a market. And then you have Apple pressing its thumb on the scale. Unfortunately they look at it this way: Apple by restricting the web engines are restricting user choice on their platform and therefore harming users by not giving them what might be better options. And that argument has merit.

Their thought process seems clear. It's just short-sighted.

Notice that it’s developers, not customers, who whine about this stuff. Because they want to shift that 30% into their own pocket.

Do they? Is software that costs 70 cents instead of a dollar (which is pretty much what we’re talking about here) truly even “optimal” if it comes with much higher risks of security problems, inability to cancel subscriptions without waiting on hold for two hours and sacrificing a goat, etc. etc.?

It's not even going to result into cheaper software anyway, as you said earlier that 30% is going to shift into greater margins for devs. Apps are priced based on how much the user is willing to pay. That's irrespective of how the margins are internally divided afterwards.

I’m guessing it turns out the same as all the web stuff which has infested everything with interstitial check box forms in Europe already.

While this law is old, it's gotten even more ridiculous over here lately Last week, all major Spanish newspapers agreed to connect their "reject cookies" banner to a paywall (€0.50 to browse the site without cookies for a day). So not only is the cookie banner annoying, it's also completely useless now as the cookies can't realistically be rejected anymore. The status quo is back to needing to accept the site's terms and tracking if I want to see its content. We didn't need the annoying popup for that.

 

[dada_dave]

From Fast Company:

https://www.fastcompany.com/91021439/apple-phil-schiller-iphone-app-store-alternative-eu-risk-security

Schiller notes that Apple has also come up with a number of new protections to help mitigate risks for users who download apps from alternative app stores. These include a notarization process for all iPhone apps regardless of which app store they are available on. Before an app can be installed on the device, developers must submit it to Apple, which will run a selection of automated tasks to scan for malicious code and malware; it will also receive a baseline human review. If no issues are found, Apple will notarize the app, giving it a digital key to enable its installation on an iPhone.

So still not clear what that means in practice, but that sounds good. So this is not just post-facto plug pulling once a program has caused problems. They are going to still be doing automated and human code checks. Maybe it’ll be less than they were doing before but it is not just a free for all.

 

[Cmaier]

From Fast Company:

https://www.fastcompany.com/91021439/apple-phil-schiller-iphone-app-store-alternative-eu-risk-security

So still not clear what that means in practice, but that sounds good. So this is not just post-facto plug pulling once a program has caused problems. They are going to still be doing automated and human code checks. Maybe it’ll be less than they were doing before but it is not just a free for all.

that description exactly matches what they say they do for MacOS notarization. Assuming they are doing nothing different, it will offer very little protection.

 

[dada_dave]

that description exactly matches what they say they do for MacOS notarization. Assuming they are doing nothing different, it will offer very little protection.

That’s the the thing it also matches what they say they do for code review for iOS too. My recollection is that they you guys said that there was no human code review in practice for macOS apps?

 

[dada_dave]

From the Fast Company article, one part of the new regulations I definitely disagree with:

This is true of apps in Apple’s App Store that can also now opt to use alternate payment processors—another requirement of the DMA.

If there are mandated alternative app stores there shouldn’t also be mandatory alternative payment methods inside the App Store. If developers want to use alternative payment options, use alternative app stores. If you want to be in the App Store, the App Store should get to set its own internal rules. If there are no alternative app stores, then I suppose a la what the US Courts decided then that’s one thing but otherwise that’s solving the same “problem” twice.

 

[Cmaier]

That’s the the thing it also matches what they say they do for code review for iOS too. My recollection is that they you guys said that there was no human code review in practice for macOS apps?

I don’t think I said that. I thought I distinguished it from the review they do in iOS. For example, in iOS, if it’s evident that an app is violating somebody else’s trademarks or copyright they will not approve it. In Mac OS they are just looking for malware.

And they aren’t doing human “code review.” No human looks at the code. They look at the operation of the app.

With notarization they have automated checks to look for signatures of malware and to check if the code is calling any private APIs or the like, and a human looks to see if there any obvious indications of malware. That’s it.

If you make an app that masquerades as a legitimate app and harvests passwords for customers of some bank in Italy that nobody in Cupertino ever heard of, notarization won’t catch it.

 

[dada_dave]

I don’t think I said that. I thought I distinguished it from the review they do in iOS. For example, in iOS, if it’s evident that an app is violating somebody else’s trademarks or copyright they will not approve it. In Mac OS they are just looking for malware.

And they aren’t doing human “code review.” No human looks at the code. They look at the operation of the app.

With notarization they have automated checks to look for signatures of malware and to check if the code is calling any private APIs or the like, and a human looks to see if there any obvious indications of malware. That’s it.

If you make an app that masquerades as a legitimate app and harvests passwords for customers of some bank in Italy that nobody in Cupertino ever heard of, notarization won’t catch it.

They claim they will also try to catch apps masquerading as others. What’s the distinction with iOS checks then? Especially for malware? One of Apple’s key arguments is malware would increase but if the checks for malware are identical then it should offer identical protection as far as that goes, no?

Anyway it was jbailey who said he didn’t think there were any actual macOS checks:

As far as I know, notarization isn’t doing any checks. It just allows Apple to revoke access at a later date if they find something malicious but that is after the damage is done. I’ve notarized a few binaries and it usually takes less than a minute.

That doesn’t sound like what they’re doing now … but the proof will be in the pudding …

 

[jbailey]

They claim they will also try to catch apps masquerading as others. What’s the distinction with iOS checks then? Especially for malware? One of Apple’s key arguments is malware would increase but if the checks for malware are identical then it should offer identical protection as far as that goes, no?

Anyway it was jbailey who said he didn’t think there were any actual macOS checks:



That doesn’t sound like what they’re doing now … but the proof will be in the pudding …

I probably should have said, current macOS notarization. Apple has already said that they will do no content moderation/censorship and aren’t allowed to check copyright and trademark violations.

 

[Cmaier]

Somehow I found this story amusing:

Apple makes its own App Store less convenient in EU

In a bug in the iOS 17.4 beta, EU users face an extra security step when buying from Apple's App Store, to give them the same hurdle facing those who buy from the new rival stores.

appleinsider.com

The natural consequence of making sure that nobody has an advantage is that everything ends up enshittified.

 

[Huntn]

The problem will be that notarized apps can still be malicious.

The second problem will be that various apps will be exclusive to various app stores, and mechanisms like centralized unsubscriptions, centralized notice of recurring charges, screen time, etc. won’t work anymore.

My impression is that Apple, checks the apps, at least used to check the apps on the App Store for malware. Is that no longer the case?

 

[Cmaier]

I impression is it, Apple, check the apps, at least used to check the apps on the App Store for malware. Is that no longer the case?

The notarization process is different than App Store review. It’s primarily an automated check for malware, with a cursory human check. But there are lots of ways for an app to be malicious other than it being malware.

 

[Aaronage]

Somehow I found this story amusing:

Apple makes its own App Store less convenient in EU

In a bug in the iOS 17.4 beta, EU users face an extra security step when buying from Apple's App Store, to give them the same hurdle facing those who buy from the new rival stores.

appleinsider.com

The natural consequence of making sure that nobody has an advantage is that everything ends up enshittified.

Turns out it was a bug, but even if it wasn't, it's basically the same as macOS prompting when you run an app from a 3rd party for the first time.
Not the worst thing ever

 

[Huntn]

Turns out it was a bug, but even if it wasn't, it's basically the same as macOS prompting when you run an app from a 3rd party for the first time.
Not the worst thing ever

I get pissed when over and over my Mac refuses to open a file for an app that I’ve opened multiple times before, in this case, Nisus Writer Pro. I would like the MacOS to recognize Nisus as acceptable to open without a warning every freaking time. If I remember correctly, I tried to go through the steps of clearing this application, but can’t remember why I did not succeed. I’ll probably get around to try and get again.

 

[dada_dave]

The notarization process is different than App Store review. It’s primarily an automated check for malware, with a cursory human check. But there are lots of ways for an app to be malicious other than it being malware.

It seems Apple is doing more than a just cursory review for malware. True it doesn’t cover everything iOS review did (nor should it!) but it does cover the worst case scenarios discussed in this thread.

https://developer.apple.com/security/complying-with-the-dma.pdf

Basically it looks like more akin to iOS review with parts stripped out, like content and business practices, than the simpler macOS review. If this isn’t enough then truthfully iOS review isn’t either.

Finally Epic and Spotify apparently hate it so it must be doing something right!

 

[Andropov]

Google is going all-in with promoting Chrome for iOS. Yesterday I got a banner, shown on the Google search results (seen on Mobile Safari), prompting me to install Chrome on iOS. And I get Chrome ads on YouTube on almost every video.

Somehow it's not a monopolistic practice that the company that owns what is, by far, the most used search engine in the world (Google search has 92%+ market share worldwide) is adding a banner *on the search results* for users of a web browser different than the one they also own, which is already the most popular web browser out there (Chrome has 65%+ market share).
But at the same time, Apple requiring a WebKit engine on iOS is considered monopolistic. Even though WebKit browsers have less than 30% market share worldwide.

 

[Cmaier]

It seems Apple is doing more than a just cursory review for malware.

Not anymore! Viel Spaß, meine europäischen Freunde! Und viel Glück mit dieser App-Store-Sache.

European Commission Holds ‘Apple DMA Compliance Workshop’

Link to: https://twitter.com/KayJebelli/status/1769635526062043315

daringfireball.net

Interesting detail: the EC told Apple that they aren’t allowed to notarize apps to protect users. So “government authorities are the ones that are going to have to step up to protect” app developers and users from the risks of these 3rd-party apps.

 

[dada_dave]

Not anymore! Viel Spaß, meine europäischen Freunde! Und viel Glück mit dieser App-Store-Sache.

European Commission Holds ‘Apple DMA Compliance Workshop’

Link to: https://twitter.com/KayJebelli/status/1769635526062043315

daringfireball.net

Yikes. I can't imagine Apple will just cave though - they will likely fight that ... interpretation of the DMA in court all the way up. Letting Epic back in to the App ecosystem after a mere letter of inquiry from the EC is one thing. This is something else entirely. I dunno. As I think I said earlier, maybe in another thread, truly malicious compliance with the DMA would be giving the Spotifys and Epics of the world everything they asked for and watching the results. On this, I'm in strong agreement with Apple: they have the right to charge for access to its developer kit (same as Epic!) and they have the right to app review and to recoup costs. The specific terms of how they recoup and so forth may be up to debate, but this goes waaaay too far and is in direct contradiction to the snippet of the DMA you provided which to my, albeit inexpert, opinion allowed for both and I believe specifically allowed for gatekeepers to protect the integrity of their markets and devices.