Being able to download third party apps onto your device without Apple's permission isn't a security problem, it's what you should be able to do with your device that you purchased. It makes sense...
Being able to download third party apps onto your device without Apple's permission isn't a security problem, it's what you should be able to do with your device that you purchased. It makes sense that Federighi is making this argument in the context of the legal battle with Epic but it's an absurd one. As the article suggests, if downloading third-party apps is a security risk then Apple is selling insecure computers to its own customers, which doesn't make any sense. I'm not a lawyer, but it seems like this argument could have serious implications for privacy and freedom if the judge takes it seriously? Apple would have successfully made the case that people shouldn't have the right to download whatever they like onto devices they purchased and legitimately own because they are too stupid to protect themselves from security risks and need Apple to stop them from hurting themselves. I suppose this already characterizes the situation with the iOS app store, thus why the case is being litigated, but I wouldn't want to see this right strengthened or further legitimated, because it would give Apple more control over what users can do with their own devices and limit their freedom.
The title seems meant to lead readers to a different conclusion than Craig Federighi intended. He is not describing the Mac's ability to run third party apps as a problem, he's describing the Mac...
The title seems meant to lead readers to a different conclusion than Craig Federighi intended. He is not describing the Mac's ability to run third party apps as a problem, he's describing the Mac as a different class of device where users expect to trade some amount of implicit security for that functionality.
To extend his analogy a bit, an iPhone is like a Corolla; it can drive on designated roads safely but cannot really go anywhere else, while a 4Runner can go off-road and climb mountains with all the safety implications that implies.
If you made me choose between saying desktop computers are secure or insecure, I’m going to go with insecure. Downloading third-party apps really is a security risk, depending on where you get...
If you made me choose between saying desktop computers are secure or insecure, I’m going to go with insecure. Downloading third-party apps really is a security risk, depending on where you get them from. The question is whether Apple should try to protect users from this threat or whether it’s simply the user’s fault for installing malware from a dubious source. Saying it’s the user’s responsibility is the traditional approach for desktop systems, but with smartphones and app stores that’s changed.
I like the speed bumps they already have in place on Macs, where you can’t install unsigned software unless you know the workaround. But someone who works in an Apple Store and sees the problems users get themselves into might have a different take on it.
There's a really, really big difference between having a standard warning in place, be like Windows where you can click it away, or macOS where you venture into the system settings and either...
There's a really, really big difference between having a standard warning in place, be like Windows where you can click it away, or macOS where you venture into the system settings and either allow it permanently or for the next install only, and removing the functionality to do so completely.
I can see the security argument - I don't agree with what it implies for user choice and freedom, but it does seem fairly valid. What we can't currently do is separate the security side of things...
I can see the security argument - I don't agree with what it implies for user choice and freedom, but it does seem fairly valid. What we can't currently do is separate the security side of things from the "we take 30% of your revenue and impose our moral values on your app" side.
The fact we're discussing the merits of Federighi's argument at all is kind of a win for him, because it's redirected the conversation away from Epic's point. If it were purely about security, Apple would let developers download the approved and countersigned bundle and distribute it on their own site without the 30% cut they're currently paying for visibility in Apple's window. I'd still have the same concerns about freedom, but Apple's argument would carry a lot more weight.
The Play Store doesn't make nearly as much money though, neither for Google nor the devs. There's a reason the iPhone has a massive proportion of the profit-share in mobile apps despite having a...
The Play Store doesn't make nearly as much money though, neither for Google nor the devs. There's a reason the iPhone has a massive proportion of the profit-share in mobile apps despite having a fraction of the market share.
I agree that “secure or not” is a misleading binary and I was subtly calling attention to that. But I don’t think education is going to do it. This is sort of like saying that the solution to a...
I agree that “secure or not” is a misleading binary and I was subtly calling attention to that.
But I don’t think education is going to do it. This is sort of like saying that the solution to a dangerous cliff is to get people to understand that some cliffs are dangerous. Sometimes you actually do need to put up a guardrail or close the path so people don’t go there.
For many people, a proper education in computer security may mean admitting that malware authors are smarter than you and will get you to install things with tricks you aren’t going to see through, like sending a plausible-looking email that seems to be from your boss.
It means getting people to understand that some things you do on a computer can be dangerous to your account security and installing software on a desktop computer is one of those. You shouldn’t do them when tired or distracted (or drunk). At work we would joke around after a company party about how friends don’t let friends use “sudo” drunk but there was serious intent behind that.
But it’s not that easy to get people to understand that, no really, they aren’t sophisticated enough to handle the freedom to really screw it up. Click-through warnings aren’t going to do it. Everyone clicks through legal notices when they install software and it just looks like more of that.
So I disagree with the notion that everyone must be subjected to the costs of freedom, when often they really would prefer the sandbox. Maybe we would actually be better off if everyone had a locked-down appliance computer for the important stuff, but you can get a Raspberry Pi if you want to screw around with hardware?
I don’t think they need to get charged 30% for apps though. For Apple this is a self-serving argument, sure.
They make most of their revenue from the iphone (ios) which accounts for 40% of their revenue and services which accounts for 22% of their revenue. Thus their argument makes sense for their need...
They make most of their revenue from the iphone (ios) which accounts for 40% of their revenue and services which accounts for 22% of their revenue. Thus their argument makes sense for their need to protect their cash cow.
Most of their "services" revenue is just Google paying them to make Google the default search engine on Safari. It's far from a "cash cow." Apple realizes that the App Store being safe is why...
Most of their "services" revenue is just Google paying them to make Google the default search engine on Safari. It's far from a "cash cow." Apple realizes that the App Store being safe is why people are willing to spend money in it.
I would say $72.3 billion in revenue from the app store in 2020 is a cash cow.
Most of their "services" revenue is just Google paying them to make Google the default search engine on Safari. It's far from a "cash cow." Apple realizes that the App Store being safe is why people are willing to spend money in it.
I would say $72.3 billion in revenue from the app store in 2020 is a cash cow.
The $72Bn figure is the total amount of money spent on in-app purchases through the App store. That even includes all the purchases, like for delivery or physical goods and services, that Apple...
The $72Bn figure is the total amount of money spent on in-app purchases through the App store. That even includes all the purchases, like for delivery or physical goods and services, that Apple doesn't take a cut of.
I'll happily admit that I was just taking @floweringmind's number at face value, but you piqued my curiosity and I've looked up the source. It has the following note at the end: So my...
I'll happily admit that I was just taking @floweringmind's number at face value, but you piqued my curiosity and I've looked up the source. It has the following note at the end:
The revenue estimates contained in this report are not inclusive of local taxes, in-app advertising, or in-app user spending on mobile commerce, e.g., purchases via the Amazon app, rides via the Lyft app, or food deliveries via the DoorDash app. Refunds are also not reflected in the provided figures.
So my understanding is that it really is only talking about revenue that Apple gets a cut of.
Based on my experience in the space that'd make intuitive sense, as well: what we normally think of as in app purchases, for the apps themselves or extras within them, are billed through StoreKit directly to the Apple ID - Apple are the seller of record and they then pass a portion of that back to the "supplier", i.e. the app developer. This is the revenue that gets booked by Apple themselves.
When you're buying things in the real world from the Amazon or Deliveroo app, you're actually paying that company directly instead - the billing relationship exists between you and the app maker, not you and Apple. As far as I understand things, this is also the model that Epic would like to extend to purely digital purchases.
Ah my mistake. I see so many numbers on this bandied around without context it’s hard to keep it straight. I guess the $72Bn is just the total number of which Apple is taking 30% minus whatever...
Ah my mistake. I see so many numbers on this bandied around without context it’s hard to keep it straight. I guess the $72Bn is just the total number of which Apple is taking 30% minus whatever exception cases they made for Netflix and the “under $1M in revenue” crowd. I think my general point, that Apple’s main goal behind the App Store model is the cut of revenue rather than it making the iPhone a more attractive product still stands though.
I believe the “physical goods” thing is a carve out in the restrictive payment processing terms Apple does. I don’t really buy Apple’s argument that it’s fundamentally different in kind from selling digital goods, I think it’s more of a deal where Apple can directly control the customer relationship between you and the buyer when it’s digital in a way they can’t when you can have a person-to-person relationship with the vendor. In other words, they make it sound like it’s a philosophical thing but I think it’s really more of a practical thing.
Being able to download third party apps onto your device without Apple's permission isn't a security problem, it's what you should be able to do with your device that you purchased. It makes sense that Federighi is making this argument in the context of the legal battle with Epic but it's an absurd one. As the article suggests, if downloading third-party apps is a security risk then Apple is selling insecure computers to its own customers, which doesn't make any sense. I'm not a lawyer, but it seems like this argument could have serious implications for privacy and freedom if the judge takes it seriously? Apple would have successfully made the case that people shouldn't have the right to download whatever they like onto devices they purchased and legitimately own because they are too stupid to protect themselves from security risks and need Apple to stop them from hurting themselves. I suppose this already characterizes the situation with the iOS app store, thus why the case is being litigated, but I wouldn't want to see this right strengthened or further legitimated, because it would give Apple more control over what users can do with their own devices and limit their freedom.
The title seems meant to lead readers to a different conclusion than Craig Federighi intended. He is not describing the Mac's ability to run third party apps as a problem, he's describing the Mac as a different class of device where users expect to trade some amount of implicit security for that functionality.
To extend his analogy a bit, an iPhone is like a Corolla; it can drive on designated roads safely but cannot really go anywhere else, while a 4Runner can go off-road and climb mountains with all the safety implications that implies.
If you made me choose between saying desktop computers are secure or insecure, I’m going to go with insecure. Downloading third-party apps really is a security risk, depending on where you get them from. The question is whether Apple should try to protect users from this threat or whether it’s simply the user’s fault for installing malware from a dubious source. Saying it’s the user’s responsibility is the traditional approach for desktop systems, but with smartphones and app stores that’s changed.
I like the speed bumps they already have in place on Macs, where you can’t install unsigned software unless you know the workaround. But someone who works in an Apple Store and sees the problems users get themselves into might have a different take on it.
There's a really, really big difference between having a standard warning in place, be like Windows where you can click it away, or macOS where you venture into the system settings and either allow it permanently or for the next install only, and removing the functionality to do so completely.
I can see the security argument - I don't agree with what it implies for user choice and freedom, but it does seem fairly valid. What we can't currently do is separate the security side of things from the "we take 30% of your revenue and impose our moral values on your app" side.
The fact we're discussing the merits of Federighi's argument at all is kind of a win for him, because it's redirected the conversation away from Epic's point. If it were purely about security, Apple would let developers download the approved and countersigned bundle and distribute it on their own site without the 30% cut they're currently paying for visibility in Apple's window. I'd still have the same concerns about freedom, but Apple's argument would carry a lot more weight.
Yes, I agree that Android has a better approach.
The Play Store doesn't make nearly as much money though, neither for Google nor the devs. There's a reason the iPhone has a massive proportion of the profit-share in mobile apps despite having a fraction of the market share.
I agree that “secure or not” is a misleading binary and I was subtly calling attention to that.
But I don’t think education is going to do it. This is sort of like saying that the solution to a dangerous cliff is to get people to understand that some cliffs are dangerous. Sometimes you actually do need to put up a guardrail or close the path so people don’t go there.
For many people, a proper education in computer security may mean admitting that malware authors are smarter than you and will get you to install things with tricks you aren’t going to see through, like sending a plausible-looking email that seems to be from your boss.
It means getting people to understand that some things you do on a computer can be dangerous to your account security and installing software on a desktop computer is one of those. You shouldn’t do them when tired or distracted (or drunk). At work we would joke around after a company party about how friends don’t let friends use “sudo” drunk but there was serious intent behind that.
But it’s not that easy to get people to understand that, no really, they aren’t sophisticated enough to handle the freedom to really screw it up. Click-through warnings aren’t going to do it. Everyone clicks through legal notices when they install software and it just looks like more of that.
So I disagree with the notion that everyone must be subjected to the costs of freedom, when often they really would prefer the sandbox. Maybe we would actually be better off if everyone had a locked-down appliance computer for the important stuff, but you can get a Raspberry Pi if you want to screw around with hardware?
I don’t think they need to get charged 30% for apps though. For Apple this is a self-serving argument, sure.
They make most of their revenue from the iphone (ios) which accounts for 40% of their revenue and services which accounts for 22% of their revenue. Thus their argument makes sense for their need to protect their cash cow.
Most of their "services" revenue is just Google paying them to make Google the default search engine on Safari. It's far from a "cash cow." Apple realizes that the App Store being safe is why people are willing to spend money in it.
I would say $72.3 billion in revenue from the app store in 2020 is a cash cow.
Apple is a trillion dollar company.
With $274 billion in annual revenue. The app store is a quarter of everything they made last year.
The $72Bn figure is the total amount of money spent on in-app purchases through the App store. That even includes all the purchases, like for delivery or physical goods and services, that Apple doesn't take a cut of.
I'll happily admit that I was just taking @floweringmind's number at face value, but you piqued my curiosity and I've looked up the source. It has the following note at the end:
So my understanding is that it really is only talking about revenue that Apple gets a cut of.
Based on my experience in the space that'd make intuitive sense, as well: what we normally think of as in app purchases, for the apps themselves or extras within them, are billed through StoreKit directly to the Apple ID - Apple are the seller of record and they then pass a portion of that back to the "supplier", i.e. the app developer. This is the revenue that gets booked by Apple themselves.
When you're buying things in the real world from the Amazon or Deliveroo app, you're actually paying that company directly instead - the billing relationship exists between you and the app maker, not you and Apple. As far as I understand things, this is also the model that Epic would like to extend to purely digital purchases.
Ah my mistake. I see so many numbers on this bandied around without context it’s hard to keep it straight. I guess the $72Bn is just the total number of which Apple is taking 30% minus whatever exception cases they made for Netflix and the “under $1M in revenue” crowd. I think my general point, that Apple’s main goal behind the App Store model is the cut of revenue rather than it making the iPhone a more attractive product still stands though.
I believe the “physical goods” thing is a carve out in the restrictive payment processing terms Apple does. I don’t really buy Apple’s argument that it’s fundamentally different in kind from selling digital goods, I think it’s more of a deal where Apple can directly control the customer relationship between you and the buyer when it’s digital in a way they can’t when you can have a person-to-person relationship with the vendor. In other words, they make it sound like it’s a philosophical thing but I think it’s really more of a practical thing.
On pretty much all of that, I think we're in total agreement!