Comment by dns_snek
2 years ago
This is absolutely not a win by any stretch of the imagination, it's a farce. Every single app will still require Apple's blessings and approval to exist in any app store on iOS.
The moment any app on "f-droid for iOS" does something that Apple disapproves of, they can revoke its notarization and banish its developer from their walled garden.
> does something that Apple disapproves of, they can revoke its notarization and banish its developer from their walled garden.
And the moment that that do that, they can rack up millions or billions of dollars of fines from the EU.
Notarization has been a massive win for iOS and macOS.
If your app store distributes malware, it deserves to get banned.
By that logic, the Apple-provided App Store should also [0] be [1] banned [2].
[0]: https://www.macrumors.com/2022/09/26/ios-app-store-ad-fraud/
[1]: https://lifehacker.com/great-now-the-apple-app-store-has-mal...
[2]: https://www.darkreading.com/cyberattacks-data-breaches/malic...
You can't run any sort of marketplace in any sort of industry without bad actors slipping through every once and again.
Yeah but why are we doing "the trial" (of Kafka) already? Where is it written that they will take away their license if one app doesn't pass?
I see a lot of negativity. Some of it is justified, some it's not.
I see only good things: finally after this, other countries will move ASAP to do something similar.
EU gave Apple a vague and open legislation. Apple's response was "okayish" and acceptable up to a certain point. Let's see what happens in the next 5 years.
Notarization has added nothing but another mandatory fee to develop for Apple's platforms. Your app can also get banned if it doesn't distribute malware. It will be abused as means of censorship (porn, drugs, gambling, etc.)
https://news.ycombinator.com/item?id=29569561
So should Apple’s own app store be banned?
You are confusing apple review with notarization.
Notarization is literally to check malware and other small things.
You can probably still use private APIs and weird things that wouldn't pass the app review.
"Notarization involves a combination of automated checks and human review." From the article. Human review means apple staff reviews it.
Yeah but that's not THE apple review that everyone complains about online. Notarization is a faster process. I know because I did it on my personal project without submitting it to the app store.
And it's notarized and can be used on other people's computers.
This is already the case with the official apple app store. Apple is very strict, so yeah, they should read carefully what to allow and what disallow.
They shouldn't have to be careful because apple's gatekeeping is what the legislation is trying to stop.
The legislation is not trying to stop it but it's trying to regulate it, because it got wild lately.
You can read it here[0] and for the entire content here[1] (this I didn't read yet).
Gatekeepers are allowed to exist, but they need to loosen up a bit. It's not an option that you are the only one able to distribute apps on a phone.
Right now on Mac OSX you can still install apps from outside the App Store - if the developer didn't notarise the app, your OSX will shout at you before letting you install it, but you can still do that.
On iOS you just can't (unless you root it, I think). That's where the law came in. And, arguably, I am not sure if the same can be done on Android (getting stuff from F-droid doesn't seem something that average Joe knows how to do).
On the other hand, the way I imagine Apple wants to do it:
- The user clicks on a link (from whatever App Store out there)
- Downloads the app
- Gatekeeper on iOS (behind the scenes) checks if the app was notarized
The user flow seems similar to what we currently have on OSX as well, but with a mix with Apple Store: you can only install an app if it was notarised by Apple to prevent malware and tampering. This is not an app review, so you can still have private API calls (as far as I know).
This is also why the responsibility falls on the external store: it's with the certificate from the external store that the notarisation will be done (on the app), as individual developers might not want anything to do with Apple Store at all. But someone has to - and this someone is the new marketplace.
To be honest: I am not worried at all about the notarisation, it typically takes not too long, and it's a very basic step to prevent malware - can you still do ugly things? Probably yes, but this is really to set a minimum standard of what's allowed to have on the phone. If you question this step "why shouldn't I be allowed to have anything that I want on the phone", I even agree with you, maybe EU will tell apple to disable entirely the OS gatekeeping process (?).
[0]: https://digital-markets-act.ec.europa.eu/about-dma_en [1]: https://eur-lex.europa.eu/legal-content/EN/TXT/?toc=OJ%3AL%3...
2 replies →