The incentives for people to trick grandma and anyone else into downloading malware would outweigh any benefit.
Frankly, Google and Facebook would probably be the first to release their own App Store apps and then use their platforms to tell everyone how this was safe.
Because if you allow apps that haven't been vetted by Apple to be downloaded and executed via the app store, then grandma is inevitably going to run some malware that drains her 401k to a teenager in Russia.
I don't like the grandma analogy, some old people are really smart with computers. But in general, if you're in that situation with someone where you're worried that they'll get scammed if you leave them alone for a second, at some point you need to ask whether they should have access to an app store at all.
How many apps per week does your grandma need to install? It would be better if you set her up a phone with the apps she wants, and then disabled all app installation.
Because if someone is in that position, the unfortunate reality is that the official app store isn't safe either. The article gets into this in more detail, but there's enough malware on the official Apple Store to make it dangerous to randomly install apps. There are apps where their whole design is to set you up with big subscriptions in the background that you don't notice, there are malware apps that slip through Apple's review process, there are phishing apps.
Really, you should install the apps your grandma needs, and if she needs more later, then she can ask you about them (or someone else who's an expert). I think people look at the Apple Store as if it's perfectly safe and that opening it up would suddenly let in malware for the first time. But while the Apple Store might have comparatively less malware than Android, that's not the same thing as being perfectly safe, and it doesn't mean you can let a young kid or a naive adult go wild on it and install whatever they want. That's a recipe for disaster.
I've set people up on Linux and had zero support calls or malware problems with them, not because Linux has good security or perfectly curated software sources, and not because there aren't dangerous ways to get malware on a command line, but because they don't open the command line in the first place. Some people are safer and thrive in a computing environment that's set up to do the things they want and that doesn't change after that point -- but I don't think that has much of anything to do with alternative app stores, that's really a question of whether app stores should be allowed at all for those people.
Let me sketch a scenario for you. Your grandmother receives an email from a trustworthy-sounding man who asks her to follow these easy steps to get a free app. Granny taps "Allow third-party app stores" and then installs whatever garbage the fraudster is hoping she will install.
Multiply this by tens of thousands of vulnerable users and you have the makings of a significant problem that will cost society a lot of money and lead to much misery.
With the locked-down Apple app store, it's very difficult for granny to install malware even if the trustworthy-sounding man in her inbox is being "helpful". But as soon as you allow a switch of any kind, it will be exploited.
Maybe but the vast majority of people have zero issues with malware and don't really care about the perceived advantage of privacy (just Apple marketing because they can't sell ads, if they could they wouldn't give a shit).
I take care of Android devices used by elderly people, and they have just zero issues. Not anymore than they would have with iOS.
All this is nonsense talk trying to help the indefensible position of Apple. Most people also use Windows computers with no monopolistic app store and even though sometimes they are problems they almost always come from user errors. Most of the time it's poor choices, generally from greedy behavior (trying to get stuff for free without knowing much).
If a user doesn't know what it's doing, it can ask someone for help or stick with Apple's App Store if that suits him. Allowing other possibilities for more competent people doesn't change this fact one bit.
Are you seriously implying Apple catching 17 malware apps in 2022 means the App Store isn’t safer than being able to download whatever you want from the internet?
Apple’s position is that the average user isn’t supposed to be installing apps from outside the App Store anyway. Who is the average user, you ask? No one who posts to or reads HN, that’s for sure. Your parents, grandparents, and clueless neighbors are all average users. They will benefit from the decrease in malware and increase in assurance that the app won’t do something fishy.
Everyone else will bypass protections and continue as before.
I don't think that's good enough, unfortunately. People just dismiss the dialogues or malware distributors just learn to provide instructions to bypass any consent dialogues. The benefit of the App Store is that it's impossible to install malware through it. Unless you can provide the better experience while still delivering on that point, it's not much better. As I mentioned above, it's better for techie people but not for the average user and certainly not good enough for my mother to use.
On the other hand, it's far less likely that "a family member of yours will want you to make a personalized app for their iPhone and you'll need Apple's permission" (the problem the App Store creates)
than "the general no tech-savvy population will have problems with malware and/or malicious apps they install without knowing what they are doing" (the problem the App Store is supposed to solve)
It could also help proliferate hacking bank accounts and identity theft. People cannot be trusted with computers. They install everything that crosses their path. History has shown that, and has shown that that is a great way to get your malware onto someone's machine. The App Store, whatever you may think of the pricing, successfully prevents that, and it should not be taken away in the name of fake liberty, or someone's commercial interest.
> ability to install an app off an unsigned IPA file for free
I feel like the thinking is that there must be an entity — somebody running an app store — who could be held legally responsible for any damage caused by malware distributed via their channels. Regular non-tech-savvy users cannot be trusted with such delicate software as apps running on their personal phones.
If apple would limit themselves to keeping malware off their users systems I'm pretty sure that very few people would have an issue with the app store.
But then all the app store gives people is a false sense of security. The willingness of people to trust arbitrary App Store apps should be condemned, not celebrated.
And literally none of it would be allowed on the app store, just like it isn't now. Again, it would change absolutely nothing. Scammers would sooner convince his 80+ year old mother to tell them her bank details than they would walk her through the process of installing a dodgy app through sideloading.
So I think Google is definitely motivated to keep malware off of its app store. It’s bad for business. But we see the malicious apps from time to time anyway.
Likewise Apple is motivated to keep malware off the app store. Again it’s a bad reflection on Apple when they sneak through, but they do.
I just don’t see third parties being more motivated or having more resources than Apple or Google to police an app store. The malware is going to be worse on a third party app store, and they will quickly turn to dark patterns in order to maximize whatever they can squeeze out of the user.
I’m not opposed to opening up competition on app stores. Just don’t come back here to register your shock when the malware situation is kicked into overdrive.
This opens up a wide host of negative side-effects including the extreme ease of malware. I'd say the #1 value proposition for the App Store, and why most iOS users prefer it, is the guarantee of virus-free programs.
This isn't a free or safe choose one scenario. As a platform owner Apple could offer a vetting service for known-safe popular applications, make those easy to install, and create a clear scare-screen when enabling installation from other sources, as well as management profile settings for disabling unvetted or 3rd party app installation all together. Then the only education anyone needs is to not install unvetted apps.
As a bonus, they could make the app curation system extendable, so other groups could run vetting programs. By default your device would only have Apple as a trusted vetter, but as part of a management profile or something you could also trust apps vetter by some security research group, or Epic, or Valve, or whoever. That way security isn't all-or-nothing.
And of course, if anything slips through and your layman user OKs all the warnings and installs a malicious app, it's still operating in a sandbox, and can't do much more harm than clicking a shady link and ending up on a scam website can.
Frankly, Google and Facebook would probably be the first to release their own App Store apps and then use their platforms to tell everyone how this was safe.
To believe otherwise is naive.
reply