undefined | Better HN

0 pointsfauigerzigerk4y ago0 comments

I think you're right when it comes to security, but in order for that to work Apple would have to admit that checking apps for security issues is not inseparable from imposing rules that are supposed to benefit their own business model.

That said, here's a challenge for everybody (including myself) who doesn't like Apple's app store monopoly and side-loading ban:

Apple now requires apps to ask for permission before tracking users. Facebook is _very_ unhappy about that. Imagine what would have happened if alternative app stores were allowed on iOS.

How long would it take before a Facebook/Google sponsored app store would emerge that would carry all ad funded apps? How would you prevent this from happening?

0 comments

fouric4y ago

> How would you prevent this from happening?

Very simply - enforce security permissions at the OS level, rather than the app store level.

There's no technical reason an app store also has to handle permissions. Leave the discoverability/reviews/curation functionality in the app store, and then just move the app installation functionality into the OS - the app store delivers an app package which the OS accepts, parses the manifest file, prompts user for permissions.

Put APIs behind a sane, capabilities-like model where the OS has to approve everything.

Facebook and Google can make their own app stores - but they still won't be able to spy on you by using privileged APIs without your consent.

(yes, they'll still be able to spy on you using data collection and aggregation - but then Apple's App Store privacy labels becomes a differentiating feature that build user trust and add value to the system, and Apple could add a warning when you install another App Store "privacy labels don't transfer, etc.")

CountSessine4y ago

"Facebook wants access to your address book:

In order to view your facebook timeline and newsfeed, we need access to your address book. Please allow access.

Allow/Deny"

There's no automated capabilities-based OS-level permissions model that can protect against this. Accessing the address book is a legitimate app request - just not for Facebook Inc. in my opinion. But they can gate access to your timeline and friends by demanding it. And I guarantee you that 9/10 smartphone users will grant it. This is why you need curation and app store rules.

swiley4y ago

Deny shouldn't break the API, it just means the app gets garbage data instead.

1 more reply

fauigerzigerkOP4y ago

I don't think it's that simple, and relegating the main issue to a bracketed footnote doesn't make it so.

I agree with you that permissions and a sandbox that actually works would have to be part of any solution.

But you can rest assured that Facebook wouldn't have made such a fuss if all that was at stake is losing access to IDFA and getting slapped with some unenforceable privacy warning.

What's creating a real problem for Facebook is the enforceable legal obligation that Apple has put in place as a precondition for being allowed on iOS devices at all.

It works exactly because it is not a technology based solution. It has created a choice that we didn't previously have.

So I wonder how we can keep this choice without making Apple this all powerful, rent seeking, patronising overlord that also happens to be an ideal attack vector for censorship happy authoritarian governments all over the world.

smoldesu4y ago

I think they do have a point though. If Apple's primary concern was security, they would be approaching this from a fundamentally different perspective; their current solution is a pretty dubious stopgap that bridges "human consent" and "your app". A fundamentally secure approach would ultimately let the user audit and manually control their API interfaces to prevent abuse, instead of just hoping Apple has your best intentions at mind.

1 more reply

swiley4y ago

The security comes from the sandbox, Apple's curation is pretty mediocre and they only remove malware once it's popular or if it's extremely obvious during the short review.

iOS malware authors tend to publish their binaries as unsigned dylibs and don't need Apple ID accounts so they aren't even banned when they're caught. instead they convince other developers to ship it in seperate apps (there are various ways, money, convenient APIs, both in the case of Facebook.)

gbanfalvi4y ago

I can guarantee you that the sandbox can be circumvented if you can just run an IPA on the device. iOS has a humongous set of APIs and that attack surface is impossible to protect properly.

Don’t get me wrong, I’d love to have an iPhone I can install anything on - but there is _no_ way I would ever install anything from the open internet on the same device use to read my email or log in to my bank.

swiley4y ago

Most of us don't want to run everything we find on the internet, we want to be able to run one or two apps that Apple doesn't like.

j / k navigate · click thread line to collapse

0 comments

fouric4y ago

> How would you prevent this from happening?

Very simply - enforce security permissions at the OS level, rather than the app store level.

Put APIs behind a sane, capabilities-like model where the OS has to approve everything.

Facebook and Google can make their own app stores - but they still won't be able to spy on you by using privileged APIs without your consent.

CountSessine4y ago

"Facebook wants access to your address book:

In order to view your facebook timeline and newsfeed, we need access to your address book. Please allow access.

Allow/Deny"

swiley4y ago

Deny shouldn't break the API, it just means the app gets garbage data instead.

1 more reply

fauigerzigerkOP4y ago

I don't think it's that simple, and relegating the main issue to a bracketed footnote doesn't make it so.

I agree with you that permissions and a sandbox that actually works would have to be part of any solution.

But you can rest assured that Facebook wouldn't have made such a fuss if all that was at stake is losing access to IDFA and getting slapped with some unenforceable privacy warning.

What's creating a real problem for Facebook is the enforceable legal obligation that Apple has put in place as a precondition for being allowed on iOS devices at all.

It works exactly because it is not a technology based solution. It has created a choice that we didn't previously have.

smoldesu4y ago

1 more reply

swiley4y ago

The security comes from the sandbox, Apple's curation is pretty mediocre and they only remove malware once it's popular or if it's extremely obvious during the short review.

gbanfalvi4y ago

I can guarantee you that the sandbox can be circumvented if you can just run an IPA on the device. iOS has a humongous set of APIs and that attack surface is impossible to protect properly.

swiley4y ago

Most of us don't want to run everything we find on the internet, we want to be able to run one or two apps that Apple doesn't like.

j / k navigate · click thread line to collapse