At least in Android (not familiar with iOS) you can deny apps access to any and all permissions, the features just won't work. I.e. if you deny Snapchat access to the camera you can still browse the app, read messages etc - you just won't be able to take any photos.
That’s not my point: I’m arguing that apps like TikTok and Facebook are big enough that they could convince non-technical users (who are either ignorant-of, or just don’t care about, app permissions and privacy) to switch to an unofficial app-store where they could list their app without it being denied approval by Apple or Google for unreasonable app permission prompts.
...but the fact that unofficial app-stores for unjailbroken iOS devices do not exist makes this impossible for now.
It’s very easy to imagine a TV ad or movie trailer ad for a TikTok or Facebook app with the cheerfully-voiced narrator saying “Just visit the TikTok Android App Store” or “Just open the Facebook iOS App Store” - then when the app is installed and first-opened the app would use a single “grant everything” permission prompt - or if the OS doesn’t allow that it could bombard the user with many prompts all-at-once and if the user denies any of them then a curtly-worded new messagebox would say “you must grant these permissions to use our app” otherwise the app quits. There’s not much Apple or Google could do to stop this that those app developers couldn’t work-around. Apple’s iOS App Store rejections for privacy reasons is a human solution to a non-technical problem, as it’s well-established that technical solutions to non-technical problems are ineffectual.
It can be argued this is possible on Android - which does allow for other app-stores - and I did wonder why this isn’t already happening with Android users - then I realised that probably most Android users have those horrible carrier and OEM locked-down devices that make it harder (if not impossible) to change system settings or add other app-stores.
The scenario you're speaking of hasn't happened on Android.
As a famous example of a popular app that eventually caved into Google's demands is Fortnite [1] and children are tech savvy (or at least motivated) enough to install from outside the app store. If Fortnite couldn't do it, then no, it's not easy to imagine TikTok doing it, especially given TikTok's market share is made of mobile users mostly, so no PC, no PS 4, no Xbox.
There are indeed alternative app stores from Samsung, Amazon, maybe others, however Google's Play absolutely dominates the Android ecosystem.
I'm an iOS user myself, however this whole reasoning is bullshit. The only reason Apple keeps such a tight control is because they want to keep that 30% commission on all sales, which is highway robbery. And I also suspect them of wanting to have enough reason and leverage to get rid of any app that threatens their own products.
I see grownups and children alike using the web successfully all the time. The web can be secure without a gatekeeper because browsers do a reasonable job at sandboxing. In fact it is the competitive nature of the market that makes it secure, consider that's how extensions and ad blockers happened (in the meantime I still don't have a browser on iOS capable of using uBlock Origin).
And yes the web has dark corners, yet we live with it just fine. Look, we're having this conversation on a web page that's not gated by Apple and we're still alive.
This is true in most parts of the world, but in China where almost all phones are Android and Google apps are not preinstalled on any of them, the alternative app store hijacking definitely happens.
In particular Tencent is notorious for not being the default app store on any phones, but somehow "mysteriously" if you follow links from WeChat or QQ or even certain websites, it will try to make your phone download the Tencent app store to install the app instead of just using your phone's default app store. Even your phone gives a warning not to do it, people still install it. And, sure enough, Tencent app store is now the biggest app store in China, with 25% of the market.
Tiktok is owned by Bytedance, which doesn't even have an app store in China, so i can't see them making a play.
Fortnite, on the other other hand, is owned by Epic who definitely used the popularity and income from Fortnite to leverage their way into the PC gaming marketplace, disrupting the major player (Valve). They might not have won this battle for the phone marketplace, but by the sounds of it they still haven't given up the war.
So, i do think it's fair for the grandparent poster to consider a future where users bypass whatever protections came from their phone manufacturer and end up shooting themselves in the foot. But i also think you're right that it doesn't matter. That's the "price of freedom".
We already see it a little bit now where some people choose Android over iOS (or vice versa) for ideological reasons. Loosening manufacturer restrictions even further seems reasonable to me. Some people would choose ultra-safety through open source, others would choose to use closed source from a company they consider trustworthy. Most would not care and just use whatever environment they are most familiar with, and install whatever plugins and cleaners they need to make them feel more secure. That's basically the PC market right now, and i think it's largely fine.
As extortionate as Apple’s fees are, I’m actually glad that they have a business model that isn’t dependent on invasion of privacy. Without them continually calling attention to it, Google would have little incentive to improve privacy.
Google payed Apple $12 billion in 2019 to remain the default search engine in Safari.
I hear this line about their business model all the time, however it is bullshit. Given the opportunity all companies will take the money. And I fear that it is nothing more than a conspiracy theory, without much evidence, much like anti-vaxxing.
Google these days is a very big target. The EU would love to have reason to slap them with another fine, given all the legal tax evasion they've been doing. Yet they've always been transparent about what they collect and have always been responsible with user data (versus Facebook).
Don't get me wrong, I enjoy the privacy features of my iPhone, it always fared better than Android in that regard, but it has nothing to do with Apple's tight grip of its App Store.
Google payed Apple $12 billion in 2019 to remain the default search engine in Safari.
It's a large amount, even for Apple, but they would survive losing that. Besides that, they are even taunting Google by putting DuckDuckGo in their marketing copy:
I think they are slowly preparing to loosen that tie.
I hear this line about their business model all the time, however it is bullshit. Given the opportunity all companies will take the money.
I agree. Apple's incentives are just temporarily aligned with customer's privacy. Their margins on hardware, services, etc. are so large that they can afford to make privacy a differentiator. If they are not in that comfortable position anymore, they would monetize the vast user data trove.
But while this is the status quo, I am happy to use an iPhone for privacy.
I really think Apple will buy DuckDuckGo at some point. The question is, to what extent will Apple make DuckDuckGo (or whatever they'll rename it to) available for non-Apple platforms?
This is definitely happening already, all the Mac App Store devs that left that store for their various reasons, some of them pushing updates only to their site forcing me to move away from the App Store, and therefore Apples guidelines making them behave properly. So this is happening and it is being abused, see Zoom using preinstall scripts. This wouldn’t have happened if the Mac App Store was the only way to install an app on a mac.
>they could convince non-technical users to switch to an unofficial app-store
They could, but they're absolutely not going to. Every barrier you put between and user and installing your app is a percentage of those installs that you're losing. Doubly so for "non technical" users, who can barely work the app store in the first place. No company of that size is going to lose that many downloads just to steal a few more downloads.
>then I realised that probably most Android users have those horrible carrier and OEM locked-down devices that make it harder (if not impossible) to change system settings or add other app-stores.
Stock android makes you jump through hoops to install third party apps, and for good reason. No, it's not because "OEM locked-down devices", the reason you don't see it on android is because it doesn't make business sense.
This has been my feeling for years, and why I think it'd probably be in Apple's interest to let people sideload apps. They could still require them to be signed, but otherwise be hands-off. The vast majority of users wouldn't go through whatever hoops were necessary to set that up -- even if it's just the single hoop of flipping an "allow non-App Store apps" switch in Settings -- but making it possible to do that gets them out of a lot of the regulatory imbroglio they've been heading toward. (I also can't help but feel it's necessary in the long run if they're serious about the iPad in particular being a general purpose computing device rather than an application console.)
When it comes to a mainstream app like Facebook or TikTok that already has network effects and a critical mass of users, people will put up with significant efforts to alleviate their fear of missing out, including sideloading the app.
You can deny permissions to any runtime permissions beginning with apps built for Marshmallow. You cannot deny other permissions. Some apps will absolutely block you from using them unless the permissions are on (this is by design of the app, not an OS limitation).
Internet is a permission that is required if your app expects to go online. You cannot turn this permission off in the OS. If you modify Android to allow changing this permission (usually via Xposed) or rebuild the app to remove it from the manifest, many apps will actually crash when they try to go online; this is part of the reason why people use a firewall even on devices with Xposed installed. My vague understanding is that this is how Android works when an app tried to do something it can't--it closes the app. IIRC there is an Xposed module that filters by the URL, but I'm guessing it fakes the network response (more complex than simply disabling permission), and it doesn't work with ndk.
With Marshmallow, runtime permissions were introduced for a number of existing permissions, where it would prompt you the first time the app tried to access privileged data. If your app is older than Marshmallow (ie, written for lollipop or KitKat), disabling any of the enabled permissions is liable to crash the app as soon as it tries to use them.
By and large this is true. However, the android Citibank mobile app refuses to do anything useful if you don't give it access to your entire file system upfront.
I don't think Apple would allow that kind of permissions abuse, but apparently Google does.
> However, the android Citibank mobile app refuses to do anything useful if you don't give it access to your entire file system upfront.
Considering Citi’s corporate culture, I’d attribute this to incompetence rather than malice or a desire to spy on users.
I’ll bet they’re using a third-party anti-spyware library to examine the Android FS for keyloggers/etc to protect their users’ security. It’s well-intentioned, but still idiotic.
This is the same Citibank that’s been engaged in an idiotic arms-race with Google about blocking password-safes on their online banking login page for the past 5+ years - while also allowing me to do phone-banking without any real authentication - and STILL haven’t given me an EMV Chip+PIN credit-card, while the EMV Chip+Sign card I do have from them DOES have NFC without a purchase limit... anyone could steal my wallet and “tap” a couple grand off it. Arggghhhhhh.
The “banks who think they’re smarter about security than platform vendors” trope is getting real old.
To the consumer it doesn't really matter if it's malice or ineptitude or laziness. Fact is Apple will remove your app if you try something like that, but it is not uncommon to encounter this on Android.
Oh, of course - I understand most (if not all?) major banks have serious ethics issues from the top-down - but money-laundering is a business-objective and is distinct and separate from online banking security.
The $70m fine (a joke to a multi-billion-dollar company) is insignificant to the potential damages from a class-action lawsuit from a wide-ranging vulnerability in their online banking platform - hence their focus and over-engineering on their online banking security - while the risks from credit-card abuse and individual identity-theft are much more limited in scope - and are a known-quantity.
That model was pioneered by Apple in iOS long before Android started taking it up with Android 6 (runtime permissions instead of collective install time permissions). Android took a few years to catch up and increase the range of runtime permissions, and apps on Android at that time would actually crash if some permission wasn't given.
Even today, there are apps on Android that ask for needless permissions and refuse to continue unless the permissions or granted. That same app on iOS would provide more functionality (that's possible without having the permissions). There seems to be a very different mindset between Android developers compared to iOS developers.
