Consumer Rights Wiki

Apple App Store: Difference between revisions

← Older editNewer edit →
VisualWikitext
ClippyFellow47 (talk | contribs)
confirmed
57 edits
Major grammar edits to improve tone.
made a start on the tone, and removed a section on sandboxing which had no references and read in a very blog-y way. in general this article still reads more like a blog than an wiki article, but there's definitely good and valid stuff in here
Line 3: Line 3:


'''[[Apple]]''' uses a range of technical measures to protect its App Store ecosystem and reduce consumer choice. These measures obscure the company's business intentions, creating roadblocks for app developers and users, while typically citing security reasons for their existence. This actively hinders lawmakers' ability to advocate for the rights of consumers and businesses within Apple's ecosystem and prevents apps from being as useful as their customers expect.
'''[[Apple]]''' uses a range of technical measures to protect its App Store ecosystem and reduce consumer choice. These measures obscure the company's business intentions, creating roadblocks for app developers and users, while typically citing security reasons for their existence. This actively hinders lawmakers' ability to advocate for the rights of consumers and businesses within Apple's ecosystem and prevents apps from being as useful as their customers expect.
Apple imposes significant barriers to the running of any apps on iOS devices which were not sourced from the App Store, giving it a practical monopoly on app distribution for iOS devices.


A never-ending demand for a cut of every sale of a digital product, ranging from game currency to supporting content creators<ref name="patreon">{{Cite web |last=Roth |first=Emma |date=12 Aug 2024 |title=Patreon: adding Apple’s 30 percent tax is the price of staying in the App Store |url=https://www.theverge.com/2024/8/12/24218629/patreon-membership-ios-30-percent-apple-tax |url-status=live |access-date=16 Mar 2025 |website=[[The Verge]]}}</ref> to booking a Zoom call with a local business<ref name="facebook">{{Cite web |last=Paul |first=Katie |last2=Nellis |first2=Stephen |date=28 Aug 2020 |title=Exclusive: Facebook says Apple rejected its attempt to tell users about App Store fees |url=https://www.reuters.com/article/us-facebook-apple-exclusive/exclusive-facebook-says-apple-rejected-its-attempt-to-tell-users-about-app-store-fees-idUSKBN25O042/ |url-status=live |access-date=16 Mar 2025 |website=[[Reuters]]}}</ref>, hinders app developers from innovating. These developers, working hard and pulling countless hours to build a quality app, always need to take Apple's (and [[Google]]'s) demands into account - specifically, a fee of between 15% and 30% of all revenue collected via the app. This is revenue that can be reinvested in the app; however, it must be earmarked for the platforms they are '''required''' to use to reach their customers.
A never-ending demand for a cut of every sale of a digital product, ranging from game currency to supporting content creators<ref name="patreon">{{Cite web |last=Roth |first=Emma |date=12 Aug 2024 |title=Patreon: adding Apple’s 30 percent tax is the price of staying in the App Store |url=https://www.theverge.com/2024/8/12/24218629/patreon-membership-ios-30-percent-apple-tax |url-status=live |access-date=16 Mar 2025 |website=[[The Verge]]}}</ref> to booking a Zoom call with a local business<ref name="facebook">{{Cite web |last=Paul |first=Katie |last2=Nellis |first2=Stephen |date=28 Aug 2020 |title=Exclusive: Facebook says Apple rejected its attempt to tell users about App Store fees |url=https://www.reuters.com/article/us-facebook-apple-exclusive/exclusive-facebook-says-apple-rejected-its-attempt-to-tell-users-about-app-store-fees-idUSKBN25O042/ |url-status=live |access-date=16 Mar 2025 |website=[[Reuters]]}}</ref>, hinders app developers from innovating. These developers, working hard and pulling countless hours to build a quality app, always need to take Apple's (and [[Google]]'s) demands into account - specifically, a fee of between 15% and 30% of all revenue collected via the app. This is revenue that can be reinvested in the app; however, it must be earmarked for the platforms they are '''required''' to use to reach their customers.


Because this is a clear problem, several governments, including South Korea,<ref>{{Cite web |date=8 Mar 2022 |title=South Korea approves rules on app store law targeting Apple, Google |url=https://www.reuters.com/technology/skorea-approves-rules-app-store-law-targeting-apple-google-2022-03-08/ |url-status=live |access-date=16 Mar 2025 |website=[[Reuters]]}}</ref> Japan,<ref>{{Cite web |last=Sharwood |first=Simon |date=13 Jun 2024 |title=Japan forces Apple and Google to allow third-party app stores and payments |url=https://www.theregister.com/2024/06/13/japan_smartphone_software_law/ |url-status=live |access-date=16 Mar 2025 |website=[[The Register]]}}</ref> the European Union,<ref>[[wikipedia:Digital Markets Act|Digital Markets Act]]</ref> the United Kingdom,<ref>{{Cite web |last=Competition and Markets Authority |date=4 Mar 2021 |title=Investigation into Apple AppStore |url=https://www.gov.uk/cma-cases/investigation-into-apple-appstore |url-status=live |access-date=16 Mar 2025 |website=[[gov.uk]]}}</ref> Australia,<ref>{{Cite web |date=28 Apr 2021 |title=Dominance of Apple and Google's app stores impacting competition and consumers |url=https://www.accc.gov.au/media-release/dominance-of-apple-and-googles-app-stores-impacting-competition-and-consumers |url-status=live |access-date=16 Mar 2025 |website=[[ACCC]]}}</ref> as well as the US and a handful of states,<ref>[[wikipedia:Open App Markets Act|Open App Markets Act]]</ref><ref>{{Cite web |date=20 Nov 2024 |title=S.5364 - App Store Accountability Act |url=https://www.congress.gov/bill/118th-congress/senate-bill/5364/text/is |url-status=live |access-date=16 Mar 2025 |website=[[congress.gov]]}}</ref><ref name="doj">{{Cite web |last=Balsamo |first=Mike |last2=Liedtke |first2=Mike |last3=Whitehurst |first3=Lindsay |last4=Bajak |first4=Frank |date=21 Mar 2024 |title=Justice Department sues Apple, alleging it illegally monopolized the smartphone market |url=https://apnews.com/article/apple-antitrust-monopoly-app-store-justice-department-822d7e8f5cf53a2636795fcc33ee1fc3 |url-status=live |access-date=16 Mar 2025 |website=[[APNews]]}}</ref><ref>{{Cite web |date=19 Feb 2021 |title=It’s time to free ourselves from ‘Big Tech’ monopoly |url=https://azcapitoltimes.com/news/2021/02/19/its-time-to-free-ourselves-from-big-tech-monopoly/ |url-status=live |access-date=16 Mar 2025 |website=[[Arizona Capitol Times]]}}</ref> have opened investigations into anti-competitive practices, or considered or already passed legislation to force "gatekeeper platforms" such as Apple to be more reasonable with third-party developers.
Because of this, several governments including South Korea,<ref>{{Cite web |date=8 Mar 2022 |title=South Korea approves rules on app store law targeting Apple, Google |url=https://www.reuters.com/technology/skorea-approves-rules-app-store-law-targeting-apple-google-2022-03-08/ |url-status=live |access-date=16 Mar 2025 |website=[[Reuters]]}}</ref> Japan,<ref>{{Cite web |last=Sharwood |first=Simon |date=13 Jun 2024 |title=Japan forces Apple and Google to allow third-party app stores and payments |url=https://www.theregister.com/2024/06/13/japan_smartphone_software_law/ |url-status=live |access-date=16 Mar 2025 |website=[[The Register]]}}</ref> the European Union,<ref>[[wikipedia:Digital Markets Act|Digital Markets Act]]</ref> the United Kingdom,<ref>{{Cite web |last=Competition and Markets Authority |date=4 Mar 2021 |title=Investigation into Apple AppStore |url=https://www.gov.uk/cma-cases/investigation-into-apple-appstore |url-status=live |access-date=16 Mar 2025 |website=[[gov.uk]]}}</ref> Australia,<ref>{{Cite web |date=28 Apr 2021 |title=Dominance of Apple and Google's app stores impacting competition and consumers |url=https://www.accc.gov.au/media-release/dominance-of-apple-and-googles-app-stores-impacting-competition-and-consumers |url-status=live |access-date=16 Mar 2025 |website=[[ACCC]]}}</ref> as well as the US and a handful of US States<ref>[[wikipedia:Open App Markets Act|Open App Markets Act]]</ref><ref>{{Cite web |date=20 Nov 2024 |title=S.5364 - App Store Accountability Act |url=https://www.congress.gov/bill/118th-congress/senate-bill/5364/text/is |url-status=live |access-date=16 Mar 2025 |website=[[congress.gov]]}}</ref><ref name="doj">{{Cite web |last=Balsamo |first=Mike |last2=Liedtke |first2=Mike |last3=Whitehurst |first3=Lindsay |last4=Bajak |first4=Frank |date=21 Mar 2024 |title=Justice Department sues Apple, alleging it illegally monopolized the smartphone market |url=https://apnews.com/article/apple-antitrust-monopoly-app-store-justice-department-822d7e8f5cf53a2636795fcc33ee1fc3 |url-status=live |access-date=16 Mar 2025 |website=[[APNews]]}}</ref><ref>{{Cite web |date=19 Feb 2021 |title=It’s time to free ourselves from ‘Big Tech’ monopoly |url=https://azcapitoltimes.com/news/2021/02/19/its-time-to-free-ourselves-from-big-tech-monopoly/ |url-status=live |access-date=16 Mar 2025 |website=[[Arizona Capitol Times]]}}</ref> have opened investigations into anti-competitive practices, or considered or already passed legislation to force "gatekeeper platforms" such as Apple to be more reasonable with third-party developers.


This being a significant threat to Apple's revenue stream (interestingly, one they claim to be unsure is profitable<ref>{{Cite web |last=Lovejoy |first=Ben |date=17 Apr 2024 |title=Schiller doesn’t know whether the App Store is profitable; there are no minutes of meetings |url=https://9to5mac.com/2024/04/17/app-store-is-profitable-apple-notes/ |url-status=live |access-date=16 Mar 2025 |website=[[9to5Mac]]}}</ref><ref>{{Cite web |last=Lovejoy |first=Ben |date=17 Jan 2025 |title=Apple denies App Store profit margin is 75% – claims to have no clue |url=https://9to5mac.com/2025/01/17/apple-denies-app-store-profit-margin-is-75-claims-to-have-no-clue/ |url-status=live |access-date=16 Mar 2025 |website=[[9t05Mac]]}}</ref>), they have responded with practices such as geo-blocking certain operating system functionality based on physical location,<ref>{{Cite web |title=Eligibility |url=https://theapplewiki.com/wiki/Eligibility |url-status=live |access-date=16 Mar 2025 |website=[[The Apple Wiki]]}}</ref> misrepresenting/overstating risks, and using careful wording with commonly-understood terms to describe unreasonably difficult-to-use systems.
This being a significant threat to Apple's revenue stream (interestingly, one they claim to be unsure is profitable<ref>{{Cite web |last=Lovejoy |first=Ben |date=17 Apr 2024 |title=Schiller doesn’t know whether the App Store is profitable; there are no minutes of meetings |url=https://9to5mac.com/2024/04/17/app-store-is-profitable-apple-notes/ |url-status=live |access-date=16 Mar 2025 |website=[[9to5Mac]]}}</ref><ref>{{Cite web |last=Lovejoy |first=Ben |date=17 Jan 2025 |title=Apple denies App Store profit margin is 75% – claims to have no clue |url=https://9to5mac.com/2025/01/17/apple-denies-app-store-profit-margin-is-75-claims-to-have-no-clue/ |url-status=live |access-date=16 Mar 2025 |website=[[9t05Mac]]}}</ref>), they have responded with practices such as geo-blocking certain operating system functionality based on physical location,<ref>{{Cite web |title=Eligibility |url=https://theapplewiki.com/wiki/Eligibility |url-status=live |access-date=16 Mar 2025 |website=[[The Apple Wiki]]}}</ref> misrepresenting/overstating risks, and using careful wording with commonly-understood terms to describe unreasonably difficult-to-use systems.
Line 35: Line 37:


Despite criticism of Apple forcing its fee into transactions with small businesses and creators on platforms such as [[#Patreon|Patreon]] and [[#Facebook online events|Facebook]], on January 23, 2025, Apple announced the Advanced Commerce API. It "support[s] developers' evolving business models - such as extensive content catalogs, creator experiences, and subscriptions with optional add-ons".<ref>{{Cite web |date=23 Jan 2025 |title=Introducing the Advanced Commerce API |url=https://developer.apple.com/news/?id=yxy958ya |url-status=live |access-date=16 Mar 2025 |website=[[Apple Developer]]}}</ref> While positioned as a way for such businesses to save development time and avoid ongoing costs by building on top of Apple's mature payments platform, its use is, in fact, necessary for these businesses to comply with the App Store guidelines, as seen in the cases outlined below. The feature requires submitting a description of the app's business model to Apple for approval. This continues a trend of requiring Apple's consent to conduct business in a place where users have been trained to expect it.
Despite criticism of Apple forcing its fee into transactions with small businesses and creators on platforms such as [[#Patreon|Patreon]] and [[#Facebook online events|Facebook]], on January 23, 2025, Apple announced the Advanced Commerce API. It "support[s] developers' evolving business models - such as extensive content catalogs, creator experiences, and subscriptions with optional add-ons".<ref>{{Cite web |date=23 Jan 2025 |title=Introducing the Advanced Commerce API |url=https://developer.apple.com/news/?id=yxy958ya |url-status=live |access-date=16 Mar 2025 |website=[[Apple Developer]]}}</ref> While positioned as a way for such businesses to save development time and avoid ongoing costs by building on top of Apple's mature payments platform, its use is, in fact, necessary for these businesses to comply with the App Store guidelines, as seen in the cases outlined below. The feature requires submitting a description of the app's business model to Apple for approval. This continues a trend of requiring Apple's consent to conduct business in a place where users have been trained to expect it.
Given Apple's strong incentives and a ticking clock as legal pressure builds, it is not hard to find stories from app developers regarding poor experiences with Apple's app review process.
:''This list is extremely incomplete. Please add examples if you know of any.''


===Epic Games===
===Epic Games===
Line 124: Line 122:
In the EU, Apple permitted web browsers to use rendering and JavaScript engines other than the built-in with Apple WebKit/JavaScriptCore, with the option for JS engines to use JIT. The browser still needs to be approved by Apple for an entitlement and must then work within the APIs provided by Apple. However, as of January 2025, no browsers using engines different from the built-in ones have been released, primarily due to arbitrarily imposed restrictions intended to discourage the use and development of third-party engines.<ref>{{Cite web |title=Mozilla says Apple’s new browser rules are ‘as painful as possible’ for Firefox |url=https://www.theverge.com/2024/1/26/24052067/mozilla-apple-ios-browser-rules-firefox |url-status=live |access-date=16 Mar 2025 |website=[[The Verge]]}}</ref>
In the EU, Apple permitted web browsers to use rendering and JavaScript engines other than the built-in with Apple WebKit/JavaScriptCore, with the option for JS engines to use JIT. The browser still needs to be approved by Apple for an entitlement and must then work within the APIs provided by Apple. However, as of January 2025, no browsers using engines different from the built-in ones have been released, primarily due to arbitrarily imposed restrictions intended to discourage the use and development of third-party engines.<ref>{{Cite web |title=Mozilla says Apple’s new browser rules are ‘as painful as possible’ for Firefox |url=https://www.theverge.com/2024/1/26/24052067/mozilla-apple-ios-browser-rules-firefox |url-status=live |access-date=16 Mar 2025 |website=[[The Verge]]}}</ref>


However, Apple still does not allow different engines outside of the EU, with or without JIT support.<ref>{{Cite web |title=App Review Guidelines |url=https://developer.apple.com/app-store/review/guidelines/#2.5.6 |url-status=live |access-date=16 Mar 2025 |website=[[Apple Developer]]}}</ref>  
However, Apple still does not allow different engines outside of the EU, with or without JIT support.<ref>{{Cite web |title=App Review Guidelines |url=https://developer.apple.com/app-store/review/guidelines/#2.5.6 |url-status=live |access-date=16 Mar 2025 |website=[[Apple Developer]]}}</ref>
 
==Sandbox==
Sandboxing is a powerful security feature used on all modern platforms, from Windows to iOS, and it's used because most programs need only a few basic permissions. While sandboxing is a great security measure, users may sometimes want to develop or create programs that run outside the sandbox with fewer restrictions. When a program requires additional permissions beyond what the sandbox typically allows, the user is prompted with a permission request, which is particularly useful for basic programs (such as a flashlight app) that need access to sensitive information, like contacts.
 
As established in previous sections, a program can be granted more access to system features through entitlements. These come in different types:
 
*'''Completely safe''': Entitlements any developer can opt into, with little to no risk.
*'''Approval required''': Entitlements that might be more of a security risk to allow, e.g., giving considerably wider access to the system, or that Apple simply doesn't want to hand out to just ''anyone'' for competitive reasons. The developer must submit a request to Apple, accompanied by evidence of why they require the entitlement.
*'''Private''': Entitlements that are never allowed for any app developer to use. Many of these are reasonably fenced off because they handle user data that is highly sensitive, or bypass permission prompts, and so on, but can also be guarding features that Apple wants to keep private.
 
There have been [https://gizmodo.com/researchers-uber-s-ios-app-had-secret-permissions-that-1819177235 exceptions] where Apple quietly granted a company access to private entitlements, which has raised eyebrows.
 
On iOS, you also can't be ''more'' secure than the default, strictest sandbox. On macOS, there are several entitlements you must declare to decide whether you're allowed to access certain types of user data at all. Android has used this design from the very start - you can't even perform fundamental tasks, such as accessing the internet, without declaring it in your manifest. It makes it very explicit what the app's intentions are.
 
iOS has one sandbox used by all App Store apps. System apps and App Store apps developed by Apple are permitted to adjust their sandbox permissions as needed. Third-party apps do not get the right to expand or reduce their sandbox permissions at all. This is clearly less secure. To retake the example of Playgrounds, while it's allowed to run your code from a separate process executing in an ultra-locked-down sandbox with very few permissions, competing apps such as Pythonista must run your code in the same sandbox and address space as the primary app process. The Python interpreter crashing would therefore crash the entire app, possibly losing work. In the worst case, a vulnerability in third-party code could give access to all data stored by/accessible to the app. For example, it would be a nightmare if you accidentally tapped the wrong link in Safari and had a hacker easily steal your cookies from other websites. If that third-party code could run in its own limited sandbox, the risk is significantly reduced.
 
The only known workaround is to execute the code via JavaScript, as Apple's JavaScriptCore engine runs in a heavily sandboxed process. This requires you to port the code to JavaScript, which may be a lot of work or not viable. You wouldn't want to run the Python interpreter inside JavaScript - the performance would be terrible!
 
==In-app browsers==
==In-app browsers==
Safari's in-app browser, which is the minimal version you get when tapping a link from social media, uses an entirely separate data store for each app. The in-app browser isn't aware of cookies in the "full" Safari app, or any other app, and doesn't support Safari extensions. Apple claimed this was to protect users from malicious apps stealing or setting cookies in Safari without their knowledge, which is a fair argument. However, it's hard not to notice that it makes web browsing inconvenient, encouraging users to install native apps where they can make transactions through Apple.<ref>{{Cite web |last=@whitehatguy |date=12 Jun 2017 |title=Impact of iOS 11 no longer providing shared cookies between Safari, Safari View Controller instances |url=https://github.com/openid/AppAuth-iOS/issues/120 |url-status=live |access-date=16 Mar 2025 |website=[[GitHub]]}}</ref>
Safari's in-app browser, which is the minimal version you get when tapping a link from social media, uses an entirely separate data store for each app. The in-app browser isn't aware of cookies in the "full" Safari app, or any other app, and doesn't support Safari extensions. Apple claimed this was to protect users from malicious apps stealing or setting cookies in Safari without their knowledge, which is a fair argument. However, it's hard not to notice that it makes web browsing inconvenient, encouraging users to install native apps where they can make transactions through Apple.<ref>{{Cite web |last=@whitehatguy |date=12 Jun 2017 |title=Impact of iOS 11 no longer providing shared cookies between Safari, Safari View Controller instances |url=https://github.com/openid/AppAuth-iOS/issues/120 |url-status=live |access-date=16 Mar 2025 |website=[[GitHub]]}}</ref>
Retrieved from "https://consumerrights.wiki/w/Apple_App_Store"