[HN Gopher] Apple's tightly controlled App Store is teeming with...
___________________________________________________________________
Apple's tightly controlled App Store is teeming with scams
Author : amaBasics
Score : 282 points
Date : 2021-06-06 15:49 UTC (7 hours ago)
(HTM) web link (www.washingtonpost.com)
(TXT) w3m dump (www.washingtonpost.com)
| egocentric wrote:
| Some relevant Apple marketing statements [1]:
|
| "The apps you love. From a place you can trust."
|
| "For over a decade, the App Store has proved to be a safe and
| trusted place to discover and download apps."
|
| "Every day, moderators review worldwide App Store charts for
| quality and accuracy."
|
| "Dedicated to trust and safety."
|
| "Apps must adhere to our guidelines."
|
| "From more videos to rankings and reviews, there are loads of
| ways to help you pick the app that's right for you."
|
| "ensuring that the apps we offer are held to the highest
| standards for privacy, security, and content. Because we offer
| nearly two million apps -- and we want you to feel good about
| using every single one of them."
|
| "When you download an app, it should work as promised. Which is
| why human App Reviewers ensure that the apps on the App Store
| adhere to our strict app review standards. Our App Store Review
| Guidelines require apps to be safe, provide a good user
| experience, comply with our privacy rules, secure devices from
| malware and threats, and use approved business models."
|
| 1: https://www.apple.com/app-store
| Black101 wrote:
| So does that mean that you can sue Apple if an app fails at any
| of these?
|
| Of course not, because lying for Apple is common business
| practice nowadays.
| georgyo wrote:
| "no reasonable person would possibly believe these statements
| as true."
|
| That statement from the courts has allowed all sorts of lying
| in marketing.
| Black101 wrote:
| Marketing is about to become a synonym to lying in the
| legal sense... therefore lying is ok.
| williesleg wrote:
| The internet is one of the greatest scams of our time. By the
| time you realize it, it's too late.
| TradingPlaces wrote:
| FWIW, Apple made $8.3 million with an M off those 18 apps (28.2%
| commission on average). They will make something like $350
| billion with a B this year
| efitz wrote:
| It sounds to me as if Apple is doing a relatively good job.
|
| The article didn't give total volume numbers, but 48M USD seems
| like a drop in the bucket. Only 2% of top 1000 apps? I'd love to
| see the numbers but I doubt the Play store is even in that
| ballpark.
|
| Like everyone, I would love to see a world where no one gets
| scammed. Unfortunately there are humans involved so -\\_(tsu)_/-
| Keyframe wrote:
| If you've spent anywhere near 10 minutes on the app store, you
| can tell that outside of top charting apps, app store is filled
| with shit just as playstore is. From overall nonfunctional
| quickly made pos to blatant copyright infringement evil shit.
| Fine, I get it it's hard to curate, but let's not pretend then it
| actually is curated overall. So, Apple, either do what Nintendo
| did when they started with NES and come hard on QA or stop
| pretending.
| personjerry wrote:
| So there's this "Wrong Button!"[0] in the app store that just
| plays a "Wrong" sound clip when you click it. And also it has 5
| different ads on the screen, an unskippable ad on opening the app
| that forces open Safari to view another ad, and a "Share"
| function presumably so they can bombard your friends with ads
| too.
|
| Now I thought this was crappy, and I wanted the "Wrong" sound
| clip as said by Trump, so last week for fun I made a Wrong button
| that has no ads, plays the actual "Wrong" clip from Trump, and
| costs $1 as a one-time payment.
|
| I got rejected, because the functionality was too minimal, and
| they said that I should add features. Hmm. It feels like their
| approval process is pretty inconsistent, kinda arbitrary. I kinda
| want to write back to them to figure out what exactly the
| existing "Wrong Button!" app has that I'm missing, like is ads
| mandatory? But also I feel like it's not worth my time.
| Frustrating.
|
| [0]: https://apps.apple.com/us/app/wrong-button/id368793118
| swiley wrote:
| That sounds like it really should be a web page.
| personjerry wrote:
| I see what you're getting at. For me, this was a small toy,
| and websites have maintenance costs while this has none, and
| that's the tradeoff I prefer at the moment.
| dkarras wrote:
| The article's premise does not make sense.
|
| This stuff happens despite the tight control, not because of it.
| If it was uncurated, it would be a cesspool like the Google play
| store (or ...shudder... the "competing" stores).
|
| Having a paid app that reads QR codes is not necessarily a scam.
|
| The article admits that 2/3 of the apps they reported were taken
| down.
|
| The article claims: "If consumers were to have access to
| alternative app stores or other methods of distributing software,
| Apple would be a lot more likely to take this problem more
| seriously"
|
| Yet then says: "Apple isn't the only company that struggles with
| this issue: They're also on Google's Play Store, which is
| available on its Android mobile operating system. But unlike
| Apple, Google doesn't claim that its Play Store is curated."
|
| ...so lack of competing stores or presence of (imperfect)
| curation is not the cause, because Google did not even begin to
| attempt to solve this problem. Play store apps, unless proven
| otherwise, are generally malware you carry with yourself every
| day, with potential access to everything in your device because
| the OS is nowhere near locked down compared to Apple counterpart.
| Hell, most Android devices ship with undeletable malware from
| vendors etc.
|
| Apple model is broken, but it is the least broken out there.
| Instead of admitting that, article tries to be a hit piece trying
| to make the Apple model look worse for the ongoing trial.
| veeti wrote:
| > Play store apps, unless proven otherwise, are generally
| malware you carry with yourself every day, with potential
| access to everything in your device because the OS is nowhere
| near locked down compared to Apple counterpart.
|
| Do you have a single fact to back this up, or did you just read
| it from Apple's marketing?
| topkeks wrote:
| How to spot an icuck
| fragileone wrote:
| Competing app stores like F-Droid have far less scams that both
| the iOS and Google Play Stores.
| zepto wrote:
| > The article's premise does not make sense.
|
| It does if you are Epic, or Jeff Bezos.
| echelon wrote:
| Apple's model is the most broken out there.
|
| They've distorted our free market into "Apple's market".
|
| They tax ingress to 50% of Americans and don't let you
| establish a relationship with your customers. Beyond that, they
| make you dance through hoops to build and deploy software.
|
| It's a travesty that they won.
|
| If this continues, businesses will be paying Apple for
| customers brought to them by Apple iCar.
| smoldesu wrote:
| > Apple model is broken, but it is the least broken out there.
|
| This would _almost_ be true if users weren 't forced to use the
| App Store to install native apps in the first place. If I had a
| choice to use a store like F-Droid on my iPhone, I wouldn't be
| complaining. However, being forced to use a broken system is
| still a complaint, even if it's marginally more secure than
| it's competitors.
| katbyte wrote:
| Then go use android? apple isn't the only phone & store combo
| out there and allowing 2rd party app stores takes away a lot
| of the value prop - there is a reason i like having the non
| tech literate and susceptible to scams in my life use
| iphones. its not perfect but it's sure better than the play
| store.
| smoldesu wrote:
| That's a strawman. I'm not criticizing Android here, we're
| talking about Apple's responsibility to the consumer. As
| someone who owns several Apple devices, I can truly and
| honestly say that my life would be unequivocally better if
| I could install custom IPAs to my phone.
|
| Furthermore, Apple trusts the user to decide if Facebook
| can steal their data: why can't they trust the user to
| install third party apps? If they don't effectively
| communicate the danger beforehand, that's their failure.
| Otherwise, Apple is just locking off functionality to me,
| which is insulting considering I pay a premium for their
| devices that I expect to be recouped on the software side
| of things. That's their business model, if you don't like
| it then you should argue with them, not me.
| judge2020 wrote:
| They don't trust their users to not install pirated apps.
| It's part of their revenue scheme - if you could install
| third party IPAs, you could download cracked versions of
| Apple Arcade apps or apps that bypass the in-app purchase
| system and don't give apple their 30% cut of digital
| content. It's the same reason Xbox and Sony restrict you
| to their stores, Apple's revenue model is just set up to
| extract more money overall instead of 99% on the backend
| like consoles do.
| simondotau wrote:
| Just to be clear about your argument, you're saying
| that's a bad thing? Is it wrong for a company to protect
| revenue--and remember 70% of revenue goes to the
| developer--from loss due to piracy?
|
| There are plenty of valid reasons to object to Apple's
| revenue model, but the avoidance of piracy seems like a
| bridge too far.
| echelon wrote:
| I'm glad the choice you're giving me suddenly opens up all
| Apple consumers to my business.
|
| I'm glad I don't have to pay a 30% tax on revenue. Or jump
| though insane hurdles to deploy my software.
|
| It sure feels free.
|
| Thankfully, it's only 50% of Americans, or half the market,
| that's locked up behind this protection racket.
| judge2020 wrote:
| You're forced to use the least broken system... if you choose
| to do so. Apple is only making you use it to the extent that
| you decided to pay money to Apple instead of an Android
| manufacturer with that alternative option.
| Griffinsauce wrote:
| > Play store apps, unless proven otherwise, are generally
| malware you carry with yourself every day, with potential
| access to everything in your device because the OS is nowhere
| near locked down compared to Apple counterpart.
|
| I'm sorry but this is complete bullshit. Your data on Android
| appears to be about a decade old.
| swiley wrote:
| Both link to user hostile libraries like Facebook sdk.
|
| Both platforms push users toward app vendors that really
| don't care about their privacy.
| TwoBit wrote:
| > most Android devices ship with undeletable malware from
| vendors
|
| And how are those vendor app actually malware? Their presence
| can be annoying but they aren't malware.
| MikeDelta wrote:
| Also known as bloatware. Not malicious, just annoying.
| echelon wrote:
| Must. Defend. Apple.
|
| But seriously, Apple postures for _control_. They have a
| death grip on our industry, and it 's up to the DOJ and legal
| system to rend it asunder.
|
| Apple does not deserve to have a singular App store with
| tight controls. It's not their right. And they've proven the
| sort of anticompetitive antics they choose to take when they
| have such power.
|
| Break them open.
| [deleted]
| smoldesu wrote:
| Exactly. By their same logic, Apple also ships all of their
| phones with malware since they are a third party who refuses
| security audits.
| mod50ack wrote:
| To be honest, there is not really competition to Google Play in
| its own niche, but within the FOSS sphere, stuff on
| F-Droid/IzzyOnDroid is on the whole almost always good quality.
| brianberns wrote:
| 18 out of 1000 = "teeming with scams"?
|
| It's a real problem, but the headline is sensationalized.
| swiley wrote:
| When you're promised no scams and 1.8% of apps are scams
| (which is way higher if you search for niche things,
| especially stuff that isn't allowed) then yes that's "teeming
| with scams."
| TaupeRanger wrote:
| The article is arguing that the veneer of safety implied by
| Apple (above and beyond other stores) might make users more
| susceptible to fraud because they are more likely to believe
| the apps are all safe. They might be more cautious with other
| stores that don't offer that protection. Whether this leads to
| more _actual_ cases of fraud would require a real study to be
| done.
| granzymes wrote:
| The reason I disagree with this argument is that it boils
| down to "tons of scams are better than a few sophisticated
| scams because users are more wary."
|
| Users themselves have various levels of sophistication, and
| unsophisticated scams have plenty of victims.
| smoldesu wrote:
| The only reason I disagree with your disagreement is
| because Apple is making money here, and they have every
| incentive to turn the other cheek. Their entire business
| model is based on driving user interaction and spending, so
| I don't think they're the most trustworthy party to audit
| the App Store. That would be like if we let the President
| decide which news channels were allowed to broadcast at the
| beginning of their term.
| simondotau wrote:
| Apple doesn't make money from free apps, so they have no
| financial incentive to turn the other cheek with respect
| to them.
| granzymes wrote:
| If we restrict Apple's incentives to be purely monetary,
| then we have to wonder if the reputational damage is less
| than their cut of users being scammed.
|
| I would argue that the reputational damage is worth more,
| strictly monetarily. Apple is an incredibly valuable
| brand, estimated in the hundereds of billions of
| dollars[0], and they are understandably protective of it.
| If <2% of the top 1000 apps are scams (from the article),
| and Apple periodically catches scams and helps unwind
| them (2/3rds of the apps the Post reported were removed),
| I don't think Apple is making all that much money here.
| Remember that Apple does't keep its 30% cut when a
| transaction is refunded.
|
| [0] https://www.statista.com/statistics/264875/brand-
| value-of-th...
| amaBasics wrote:
| The reputational damage is worth more only if there is
| reputational damage to begin with.
|
| There may have been some smaller isolated stories in the
| past, but the truth about App Store scams is really only
| now coming to light - and so Apple's calculus might be
| changing.
| granzymes wrote:
| https://news.ycombinator.com/item?id=14526156
|
| https://news.ycombinator.com/item?id=16034764
|
| https://news.ycombinator.com/item?id=14274655
|
| https://news.ycombinator.com/item?id=6033822
|
| https://news.ycombinator.com/item?id=18316572
|
| https://news.ycombinator.com/item?id=2296693
|
| https://news.ycombinator.com/item?id=3617730
| amaBasics wrote:
| Those are all valid, but do you have a non-recent example
| that got mainstream attention?
| granzymes wrote:
| Do you consider the New York Times mainstream? This
| article is from 2012:
|
| https://www.nytimes.com/2012/03/16/technology/pressure-
| on-ap...
| amaBasics wrote:
| I do, and I'm not sure why the snark.
|
| Thanks.
| granzymes wrote:
| You're welcome, and I apologize for the snark.
| dumbfounder wrote:
| I don't think it's unreasonable for Apple to know who is
| publishing apps and making money off them in order to
| facilitate law and order in cases of flagrant illegal
| activity such as this, and for users to assume there is
| accountability that deters the behavior.
| granzymes wrote:
| 100% agreed.
|
| https://developer.apple.com/support/identity-
| verification/
| gigatexal wrote:
| I guess they need to scale the team to meet the demand of apps.
| Adding headcount reduces profit but the benefit to brand image
| should compensate enough.
| swiley wrote:
| >This stuff happens despite the tight control, not because of
| it.
|
| The question isn't weather or not happens, it's weather it's
| worth the enormous sacrifice of personal computing:
|
| No self hosting dev environments
|
| The dev environments you can find are pretty terrible (often in
| weird ways you don't notice until you've spent a day working
| around them.)
|
| Apple decides moderation rules for every chat service with push
| notifications on the platform. They kick you off the platform
| if you're not up to their standards.
|
| An extension to the last one is that Apple is able to (and
| does!) silence political ideas on the platform they don't like.
| They've gone as far as _censoring Xscreensaver on iOS_ because
| they don 't like the political thoughts people might have
| watching it. This is a _major threat to democracy_ weather you
| currently agree with their positions or not.
|
| No innovation is allowed. Want to try a WIMP style GUI? Nope,
| Apple will kick you off. Even if you don't explicitly violate
| the rules odd looking GUIs are sometimes assumed to use private
| APIs and can result in a rejection.
|
| There are many (probably infinitely) more major sacrifices but
| I'm tired of listing them.
|
| > but it is the least broken out there.
|
| No! Debian and F-droid work extremely well, the difference here
| is that the _community_ is maintaining the repo and they
| require everything be done out in the open.
| pranau wrote:
| > it would be a cesspool like the Google play store
|
| I would suggest you use an Android smartphone from the last 5
| years before making a comment like this.
|
| I use both iOS and Android devices on a regular basis and both
| the App Store and Play Store are cesspools. I would go even
| further and say that the App Store is more obnoxious in that it
| serves me a half page ad whenever I search for an app.
|
| At least on Android, I have the choice to not use the Play
| Store. That is not even possible when I use iOS.
| [deleted]
| dang wrote:
| Related previous threads:
|
| _Apple store fake app stole man 's life savings in Bitcoin_ -
| https://news.ycombinator.com/item?id=26956568 - April 2021 (89
| comments)
|
| _Apple's $64 billion-a-year App Store isn't catching the most
| egregious scams_ - https://news.ycombinator.com/item?id=26888190
| - April 2021 (6 comments)
|
| _$5M /year VPN scam on the AppStore_ -
| https://news.ycombinator.com/item?id=26807566 - April 2021 (6
| comments)
|
| _A top-grossing scam on the App Store_ -
| https://news.ycombinator.com/item?id=26794228 - April 2021 (269
| comments)
|
| _iOS developer who drew attention to App Store scams is now
| suing Apple_ - https://news.ycombinator.com/item?id=26504158 -
| March 2021 (45 comments)
|
| _Apple cracks down on 'irrationally high prices' as App Store
| scams are exposed_ -
| https://news.ycombinator.com/item?id=26198098 - Feb 2021 (5
| comments)
|
| _Apple's App Store is hosting multi-million dollar scams_ -
| https://news.ycombinator.com/item?id=26069660 - Feb 2021 (8
| comments)
|
| _Developer exposes multiple million-dollar scam apps on the App
| Store_ - https://news.ycombinator.com/item?id=26067364 - Feb 2021
| (8 comments)
|
| _How to spot a $5M /year scam on the App Store, in 5 minutes
| flat_ - https://news.ycombinator.com/item?id=26054673 - Feb 2021
| (13 comments)
|
| _Apple watch keyboard developer put off by app store scammers_ -
| https://news.ycombinator.com/item?id=25986515 - Feb 2021 (320
| comments)
|
| _Apple Pulling High-Grossing Scammy Offer Subscription Apps Off
| the App Store_ - https://news.ycombinator.com/item?id=18260514 -
| Oct 2018 (73 comments)
|
| _How to scam and get 67k all 5 Star reviews on the app store_ -
| https://news.ycombinator.com/item?id=16034764 - Dec 2017 (36
| comments)
|
| _$80k /month App Store Scam_ -
| https://news.ycombinator.com/item?id=14526156 - June 2017 (195
| comments)
|
| _Don't Be Fooled: The Mac App Store Is Full of Scams_ -
| https://news.ycombinator.com/item?id=13052127 - Nov 2016 (16
| comments)
| jollybean wrote:
| If you bought a product from Walmart that was not only unsafe,
| but actively trying to scam you - people would sue Walmart.
|
| The claim that 'every app is reviewed for security' should be a
| giant liability problem.
|
| The store model is a huge winfall of profits precisely because
| they don't have to do any of this.
|
| Realistically, if we use brick-and-mortar as a reference ... it
| might very well be that if you want to do something 'commercial'
| on a platform, literally using Apple's payment infrastructure,
| there's probably going to actually have to be more rigorous
| insight. This will cost Apple a lot, and probably cost sellers a
| lot as well, I can see it costing $X dollars for the review
| process then $Y for every upgrade, possibly Z days delay in
| payments and possibly esceleating % whitheld given market size,
| until AAA+ confidence rating.
|
| All of the ugly things we see in regular finance exist basically
| for this reason (i.e. VISA chargebacks, bank freezes, paypal
| holds) etc. etc..
|
| A lot of profits are raised by ignoring these realities.
|
| Same goes for Amazon.
| perfectstorm wrote:
| A former colleague of mine put out an iPhone battery extender app
| as a joke and surprisingly people paid for the app and wrote
| reviews claiming that this app extended their battery life when
| the app did nothing other than show couple of graphics. I was
| amused at the stupidity of the whole thing and I believe he
| pulled down the app after sometime but the App Store review
| process is a joke.
| bronzeage wrote:
| To realign Apple's incentives with the consumers again, Apple
| should be forced to return at least their 30% commission share
| whenever an App was deemed fraudulent.
| simonw wrote:
| I'm quoted in this! Original Hacker News comment here -
| https://news.ycombinator.com/item?id=26796662 - then I tweeted
| about it and ended up talking to the reporter.
| amaBasics wrote:
| Apple themselves seem to be intentionally breaking the App Store
| at times. From the article:
|
| > Apple used to have a button [1], just under the ratings and
| reviews section in the App Store, that said "report a problem,"
| which allowed users to report inappropriate apps. Based on
| discussions among Apple customers on Apple's own website [2], the
| feature was removed some time around 2016.
|
| Why would they remove the ability for people to easily report
| apps?
|
| 1:
| https://www.google.com/imgres?imgurl=https://www.dummies.com...
|
| 2:
| https://discussions.apple.com/thread/6999097#:~:text=Apple%2...
| granzymes wrote:
| >Why would they remove the ability for people to easily report
| apps?
|
| Presumably for a reason. I don't work at Apple, so to spitball
| some possibilities:
|
| * The "report a problem" button was being misused and had worse
| signal than other metrics Apple added.
|
| * Legal or Public Relations pressed to remove the button
| because only a portion of reports were actioned (possibly
| because of the above point) and it was causing
| legal/reputational damage.
| rchaud wrote:
| Even in this most generous possible explanation, Apple
| removed a quality-control check and didn't replace it with
| anything.
| granzymes wrote:
| My point is that you don't know that they didn't replace it
| with anything.
| smoldesu wrote:
| Maybe if it was something so innocuous they'd have made an
| official statement on it
| Someone wrote:
| > Why would they remove the ability for people to easily report
| apps?
|
| Reasons could be:
|
| - nobody uses that button
|
| - people use the button, but mostly not for its intended
| purpose.
|
| I would guess a fairly generic "report a problem" button would
| attract lots of messages of type 2. I can see people complain
| there about missing features, ask support questions, etc. I
| would bet that, to many, it wasn't clear that button let you
| send a message to Apple.
| Mathnerd314 wrote:
| If the issue was UI they could have changed the text to
| something like "Report scam" or "Flag app".
|
| It's probably a cost thing, they didn't want to pay a team to
| go through the reports.
| travisgriggs wrote:
| What's so tightly controlled about Apple's App Store?
|
| Maybe the headline is meant to be tongue in cheek contradictory,
| but if it's teeming with scams, isn't that saying it's not so
| tightly controlled?
| rawtxapp wrote:
| The worst thing is, people have this belief that Apple is somehow
| protecting them, so they offload the critical thinking to Apple
| and lower their own guards. For example, a person thought he was
| getting a legitimate Bitcoin wallet app, but turns out it was a
| fake and he lost his life savings [1].
|
| edit: to be clear, I'm not blaming Apple for not stopping these
| scams, at their scale, it's just practically _impossible_ to stop
| every scam, but by making their unrealistic promise that
| everything on the app store is safe, they are misleading people
| into this false sense of security.
|
| 1:
| https://www.washingtonpost.com/technology/2021/03/30/trezor-...
| osrec wrote:
| Unfortunately, the Apple army will be ready to downvote you. In
| my experience, they will not hear anything negative about
| Apple, even if it's true.
|
| Disclaimer: I think Apple's products are beautiful, simple and
| well engineered, but they are able to feed some total BS to
| their fans, who just accept it at face value and regurgitate it
| everywhere, and that's annoying.
| tobr wrote:
| "At their scale" excuses are the worst. It's one thing that
| scale will cause a tiny percentage to create a large number of
| cases. But if it makes the percentage go up, it's a sign you
| need to scale back down until you figure out how not to get
| people hurt. No one forced you to be humongous scale.
| tedunangst wrote:
| Why not blame Trezor for allowing a fake app to steal money
| from his hardware wallet? Did he buy the wallet thinking it
| would make scams impossible?
| rawtxapp wrote:
| Because Trezor doesn't control the iOS app store?
| tedunangst wrote:
| What purpose does a hardware wallet serve? What security
| does it offer?
| oarsinsync wrote:
| It provides an electronic and secure mechanism to store
| your private keys and sign transactions, while retaining
| confidence that your private keys will not be compromised
| while using the device. Think of it like a YubiKey. It's
| not all that different.
|
| It also enables you to export those private keys so that
| you can keep a backup in the event of a hardware failure,
| because all hardware eventually fails.
|
| It doesn't lock you into their platform / ecosystem
| exclusively. It doesn't prevent you from using that
| backup elsewhere.
| coding123 wrote:
| This is called blaming the victim. It takes a lot for someone
| that got scammed to come forward publicly with their story.
| And it helps others not get scammed too.
| tedunangst wrote:
| Trezor advertises itself as the most secure way to store
| bitcoins, yet he lost all his bitcoins. Not sure how you
| concluded I'm blaming the victim here.
| matheusmoreira wrote:
| > I'm not blaming Apple for not stopping these scams
|
| Why not? You _should_ blame them. They have positioned
| themselves as the gatekeepers. Why? To extract profit from
| application developers. However, such a powerful position also
| comes with expectations and responsibilities. They should
| absolutely not be allowed to get away with gross negligence.
|
| We absolutely must blame them every single time they fail to
| keep malicious software out. They _are_ responsible for that
| man 's losses and should fully indemnify him. Had they not
| approved that software, it would not have happened.
|
| Nobody cares about their "scale" or how "difficult" it is for
| them to determine what is and isn't malicious. They have
| assumed that responsibility by gatekeeping their devices and
| therefore any failures are directly attributable to them.
| jpalomaki wrote:
| The real solution I see would be to charge money for listing
| apps in the store. And not small money, but significant, non-
| refundable fees. Enough to actually check and verify the
| software by competent humans and also just to make scams more
| expensive (you would need to pay $5-10k upfront, like Google
| requires for certain Gmail apps).
|
| But I don't like that kind of approach, so therefore I would
| be careful in demanding Apple to fix the problem. Any fix
| they come up with, would likely cause troubles for small
| players.
| heavyset_go wrote:
| A solution is to make systems secure enough that any user-
| level code or app either can't do malicious things, or
| needs to be explicitly granted fine-grained permissions to
| access a user's resources.
|
| Sandboxing is a step in the right direction, as are various
| levels of things like code signing and even Windows
| Defender-esque systems that maintain lists of known
| malicious apps, authors etc and prevent them from running.
|
| It also helps not to have an easy monetization scheme for
| malicious actors, either. Making it easy to give them
| money, and even sign you up for fraudulent subscriptions so
| you keep giving them money, is a mistake.
|
| An actually user-friendly system would look at the apps
| that you're making payments with, and ask whether or not
| you want to keep subscriptions that you don't appear to be
| using much. This doesn't happen, though, because it is in
| no one's interests but the users' to help save them money.
| jtbayly wrote:
| So... your solution is no mobile wallets, then?
| matheusmoreira wrote:
| The real solution is to stop being a gatekeeper. Just let
| people install and use whatever they want.
| votepaunchy wrote:
| How does this stop or in any way slow the proliferation
| of scam apps?
| matheusmoreira wrote:
| It doesn't. It absolves Apple of any responsibility in
| the matter.
| dev_tty01 wrote:
| Why does anyone want to help Apple? Shouldn't we be
| focused on user safety?
| matheusmoreira wrote:
| We're not helping Apple. We're holding them accountable
| for what they make available on their store which they
| advertise as "curated and safe".
| [deleted]
| euroderf wrote:
| Apple's 30% cut suggests to an untrained observer that for
| every seven hours of coding you do, they could do three hours
| of verifying that your app is not a scam. What happens
| instead is, I guess, robo-verifier spends 2 milliseconds. Ka-
| ching!
| rawtxapp wrote:
| I agree, I think they should help him, but I also think it
| would open a whole can of worms.
|
| The fact is, no matter how much time/energy/effort they
| spend, they will never eliminate all scams, scams would just
| become more and more sophisticated. This doesn't mean, they
| should just give up, but having been through the review
| process, they are already doing quite a bit.
|
| So that would mean, they will make it much harder for apps to
| get approved in the store (and it's already a very painful
| process), so you'd only end up with apps from large
| developers which is not ideal.
|
| We are seeing a similar dynamic with Youtube which has become
| rather "ban-happy" as in they don't want to take risks, so
| would rather ban content than try to reduce false positives,
| because at a certain scale, you just can't identify content
| with good precision/recall.
| jay_kyburz wrote:
| I think what Apple _could_ do is insure that there is a
| real person that can be held accountable by law enforcement
| in the users jurisdiction. That way a user has some legal
| recourse in the event they are wronged.
|
| Nobody wants Apple to be judge and jury, we have judges and
| juries for that, but it would be nice if they could tell us
| who to go after when we have to.
|
| If they can't do that, I don't think its unreasonable for
| us to ask Apple to be responsible any losses, then let
| Apple seek compensation for their losses from the app
| publisher.
| lozenge wrote:
| > they are already doing quite a bit.
|
| They must be focusing on the wrong things then. Certain
| categories are filled with scam apps at the top ranks,
| including scam subscriptions.
| matheusmoreira wrote:
| > I also think it would open a whole can of worms
|
| Absolutely. Apple should be afraid of holding the
| gatekeeper position. _Anyone_ should.
|
| When people can install and use whatever they want, safety
| becomes their responsibility. They should open up their
| platform and let people do their own due dilligence. If
| they assume that responsibility and then neglect it, they
| absolutely can and should be blamed for any problems.
| enos_feedler wrote:
| If Apple gave up the gatekeeping position, I would be
| afraid to use my phone for the things I do today.
| rawtxapp wrote:
| The point is, you _should_ be afraid today too (or better
| word, more careful). What you have right now is a false
| sense of security.
| matheusmoreira wrote:
| Why aren't you afraid today? Their gatekeeping is clearly
| useless.
| PeterisP wrote:
| Something does not have to be perfect to be useful; a
| filter that throws out 50% or 90% of malicious trash is
| very useful even if a lot of malicious trash gets
| through.
|
| The appropriate metric for safety of an app store is not
| whether you can get attacked, but rather how many users -
| proportional to all users - get attacked every year.
| CharlesW wrote:
| > _Why aren 't you afraid today? Their gatekeeping is
| clearly useless._
|
| You're not perfect at anything you do. Does that make you
| useless? Of course not.
| fsflover wrote:
| You should already be afraid now.
| nwienert wrote:
| Yes and likewise, car manufacturers should remove
| seatbelts and airbags. They simply encourage reckless
| driving, and by giving the false sense of security /
| assuming the gatekeeper role, they should be liable for
| any accident.
| drusepth wrote:
| The big difference between "Apple's app review process"
| and "seatbelts and airbags" is that car companies
| acknowledge the latter are fallible.
|
| It's not about adding layers of protection or not; it's
| about being transparent with your customers about how
| effective those layers actually are.
| nwienert wrote:
| I don't think any one of my less technical friends has
| any belief that the App Store is infallible or even
| mostly secure. Apple doesn't advertise it much, and if
| they did I'd be happy to call that a mistake.
| draugadrotten wrote:
| Car manufacturers are going to face the liability issues
| when they try to sell "self driving" cars. Volvo has for
| example ack'ed this in public years ago.
|
| https://www.theverge.com/2015/10/7/9470551/volvo-self-
| drivin...
| heavyset_go wrote:
| Weird, I can flash whatever code I want to on my car's
| ECU. There's even an entire subculture dedicated to
| modding ECU firmware.
| CharlesW wrote:
| Flashing your car's ECU is illegal. Or more specifically,
| federal and state laws make it illegal to operate an
| automobile on the open road or highway after you've
| altered a vehicle's emission control devices (which
| includes the ECU).
|
| In contrast, it's legal to jailbreak an iPhone.
| [deleted]
| matheusmoreira wrote:
| The Apple review process is not in any way equivalent or
| even similar to seat belts and airbags. Not even the
| government can be fully blamed for bad drivers since
| people don't actually need a driver's license in order to
| drive.
| nwienert wrote:
| Punishing companies for adding protections to their
| products is an insanely backwards incentive. May as well
| turn off sandboxing, and lock screens. If they ever
| break, it'd be a liability!
| matheusmoreira wrote:
| Nah. If you're gonna set yourself up as the ultimate
| arbiter of what I can run on my device, you are
| absolutely to blame for any harm that comes as a result.
|
| Protections? Encryption is protection. Address space
| randomization is protection. This Apple review process?
| This is just humans failing to do what's expected of
| them. Also known as negligence.
| amelius wrote:
| The problem is that Apple loves to claim that they need full
| control over their platform to keep their platform safe.
| plerpin wrote:
| Their PR lets them have it both ways.
| 411111111111111 wrote:
| Their users too, as shown in every other comment here.
| slver wrote:
| They do need full control to keep their platform safe.
|
| Are they managing to keep it safe is independent of that
| claim and we can ask why are those getting through.
| SavantIdiot wrote:
| > For example, a person thought he was getting a legitimate
| Bitcoin wallet app, but turns out it was a fake and he lost his
| life savings [1].
|
| There's a lot more wrong in this scenario than just the app
| store. If someone is going to be so amazingly careless with
| half a million dollars...
| matheusmoreira wrote:
| The man's recklessness was caused by a false sense of
| security created by Apple themselves.
| rawtxapp wrote:
| If someone technical enough to have a hardware wallet and
| "smart" enough to have amassed half a million dollars falls
| for this scam, I think it tells you more about how much
| (misplaced) trust they put in Apple rather than how careless
| they were, but that's just my opinion.
| richardwhiuk wrote:
| The real issue is Bitcoin here.
| bradleykingz wrote:
| I'm surprised too... He had his life savings in Bitcoin?
| rawtxapp wrote:
| A good friend of mine has ~98% of his savings in BTC
| since 2015 and know quite a bit of other people with high
| % of their savings in it. For those that can ignore the
| short term volatility, who have good incomes as safety
| nets (say FAANG jobs) to weather any storms, those who
| don't trust their governments and who are relatively
| young to recover any large losses, it can be an
| acceptable tradeoff (needless to say, a very profitable
| one as well).
| paulpauper wrote:
| Bitcoin makes scamming so much more lucrative . So many
| pple have been scammed such as fake apps and giveaway
| scams.
| craftinator wrote:
| s/Bitcoin/Apple
| ButtSpark69 wrote:
| I don't think this is a good argument at all. They'd have
| to be "technical" enough to write down 13 words when
| instructed, and they'd have to be "smart" enough to happen
| to be early.
|
| So basically no technical or smarts are needed to get to
| this situation. If anything this suggests the person is
| your fairly average "dumb" user.
| WalterBright wrote:
| If I had half a million in bitcoin, I'd divide it up into
| multiple wallets.
| Magodo wrote:
| You know I used to think exactly like this when I was
| younger, but nowadays, I realize that putting the burden of
| understanding technology on the user is very unfair. Just
| because someone is worth half a million dollars doesn't mean
| they should automatically know how to identify scam apps...
| SavantIdiot wrote:
| If you want to play the grown-up card, ok: the grown-up
| thing to do with half a mil would have it be in the hands
| of a registered investment advisor at a reputable and
| insured institution, who is actively growing that money for
| you using reasonable investment principles based on your
| investment horizon, goals, and comfort level; and not
| pissing it away on the latest hype cycle. But that is only
| because I lived through the silver boom & bust, the
| mortgage bond scam, the junk bond scam, the S&L scam, the
| first commercial online investment platforms, the dot com
| bubble, the second mortgage collapse... and Bitcoin* is
| more of the same.
|
| * I said "Bitcoin" and not "cryptocurrency" intentionally.
| Because the jury is still own on the latter, but the former
| most certainly will not be the CC of the future IMHO due to
| its massive privacy shortcomings, among other things.
| yawaworht1978 wrote:
| This makes me wonder, can such thieves easily convert the
| stolen Bitcoin or are these blacklisted everywhere?
| Black101 wrote:
| The problem is that Apple is lying about what they are doing...
| and therefor, they should probably be targeted by dozens of
| class action lawsuits.
| amaBasics wrote:
| And as the article points out, Apple's marketing coupled with
| fake ratings and reviews that plague the App Store can "create
| the perception for the public that they are safe downloading an
| app or buying a product and engaging in content _that other
| people have found valuable_ " (emphasis mine)
| hn_throwaway_99 wrote:
| I have sympathy for the person in this story, but I think
| shifting the blame to Apple in this case is ludicrous. I'm
| still somewhat shaking my head that someone went through all of
| the trouble of using a hardware wallet, and then entered his
| key words into the first app he downloaded.
|
| If anything I think this story is just a prime example of why
| irreversible crypto transactions are an absolute nightmare for
| the general public. With the banking system this person would
| likely have recourse, with crypto it's "Whoops, your wallet key
| words got stolen, sorry, there go your life savings."
| Ericson2314 wrote:
| The problem isn't that Apple _should_ be responsible and isn
| 't, the problem is Apple is extremely paternalistic but in a
| way where it gets all the powers but skirts all the
| responsibilities.
|
| If the responsibility is too impossible (and I'm fine saying
| that it is), then their paternalism shouldn't be called out
| and their reputation knocked down a rung or two. Instead,
| they get to keep a reputation which is far better than the
| other megacorps'.
| akiselev wrote:
| _> their paternalism shouldn 't be called out_
|
| Totally off topic: that phrasing made my brain skip a beat.
| I've always seen "called out" used to convey confrontation,
| especially in a public manner like "He called out Apple on
| Twitter for their paternalism." Turns out a similarly
| common use is the more general "to bring attention to" in a
| positive way.
| actuator wrote:
| > Instead, they get to keep a reputation which is far
| better than the other megacorps'.
|
| I think this is what having a strong marketing gets you.
| You can see from the defence on HN/Twitter where most
| people would be fine with Apple having a control over all
| their devices and aren't afraid of the growing dominance of
| a single company.
| diebeforei485 wrote:
| I think it's reasonable for people to expect Apple to have a
| higher standard of review for financial apps (including
| bitcoin) vs utility apps.
| cmiles74 wrote:
| As ludicrous as it may be to blame Apple, they have said many
| times that the cut they take on apps and in-app sales is part
| of how they keep the platform secure and ensure the privacy
| of their customers.[0] While it's clear to me that they can't
| really do that, I don't think we can expect the average
| purchaser of the iPhone to understand just how far-fetched
| these claims really are. In my opinion, Apple is giving them
| a false sense of security that can be very dangerous.
|
| Perhaps if Apple was held responsible for these kinds of
| expensive mishaps they would be more honest in their
| marketing. Maybe. And that's kind of the point of this
| article. :-P
|
| [0]: https://thehill.com/policy/technology/554790-cook-says-
| apple...
| disabled wrote:
| The issue here is that Apple is facilitating wire fraud,
| which is extremely illegal in the United States. The bad
| actors who created that app are committing wire fraud on an
| Apple platform, which is of course colloquially known as the
| App Store.
|
| The problem is that if you are associated with a crime
| committed in the United States in any way (besides being a
| very distant third-person witness with no associations
| whatsoever to the individual), and you are not a crime victim
| or an individual reporting the crime, you are almost always
| considered to be an _accessory to the crime_ which is a
| misdemeanor (go to jail for up to 365 days) or felony (go to
| prison for over 365 days) state level (has parole for
| prisoners) or federal level (effectively has no parole for
| prisoners) criminal offense, which the police will arrest you
| for and charge you with, while the person committing the
| misdemeanor/felony gets charged with whatever crime they
| perpetrated.
|
| For example, if your "acquaintance" shoplifts at a store and
| gets caught, and you don't stop or report them: you will get
| charged as being an accessory to a crime and you're going to
| jail.
|
| Also, if you are involved in an altercation in any way, the
| cop can put everyone involved in handcuffs and charge them,
| even if you never got physically or verbally violent.
|
| There are also catch-all laws in the US that one can go to
| prison for, basically for acting in "bad faith" but never
| actually doing anything else criminally wrong.
|
| This is why you never talk to the police, ever. They will
| twist your statements in the wildest ways imaginable. If you
| get pulled over by the police, you should practice, every
| single time, saying as little as possible to the officer.
|
| This has never happened to me personally, but, everyone needs
| to know this: If the police in America start questioning you
| and it gets into a detailed discussion, you stop right there
| and say: "No comment: I need to talk to my lawyer first."
| amelius wrote:
| > The issue here is that Apple is facilitating wire fraud
|
| Not just facilitating. They get 30% for it!
| Gene_Parmesan wrote:
| > There are also catch-all laws in the US that one can go
| to prison for, basically for acting in "bad faith" but
| never actually doing anything else criminally wrong.
|
| As someone who used to be a criminal prosecutor in the US,
| I would be very interested in seeing citations to whatever
| statute you are referencing.
|
| As far as being charged as an accessory, you generally need
| to have known that a crime was or would be occurring, and
| to have provided some form of assistance. That doesn't need
| to be direct actions in the act, it could be financial or
| emotional assistance.
|
| And no one is going to prison over shoplifting unless we're
| talking about repeat offenders or large amounts of cash.
| Let alone just happening to know someone who shoplifted and
| failing to report them.
|
| Having said that, definitely don't talk to the police
| without a lawyer present.
| topkai22 wrote:
| There is a well established principle that retailers bear
| some responsibility for what they sell. I doubt Home Depot
| would get away without liability if they sold a dryer that
| caught on fire and burned down a house if it was found they
| had acquired the dryer from a dodgy criminal syndicate.
| jetpackjoe wrote:
| Especially considering there is a review process, and Apple
| takes a 30% cut.
|
| If it was an open market (no review process), and they just
| took enough to cover operations and processing fees, I can
| see them being blameless, but if you are going to review
| apps, you need to actually review them.
| smoldesu wrote:
| Shifting the blame to the world's largest, highest-value
| company is "ludicrous"? I must not keep up with the news.
| rawtxapp wrote:
| They might have think twice if Apple didn't promise to make
| sure the app store was completely secure. A promise which
| they realistically can't keep at their scale no matter how
| hard they try.
|
| Also, this is just one example, the article itself has other
| ones.
| zepto wrote:
| > Apple didn't promise to make sure the app store was
| completely secure. A promise which they realistically can't
| keep at their scale no matter how hard they try.
|
| They don't. This is made up.
| kjksf wrote:
| They did. This was literally their defense in Epic
| lawsuit.
|
| Summarized Apple lawyers said: "We can't offer
| alternative stores because they would be full of scams
| which would be bad for users. Our store is curated and
| safe for users.".
| rudyfink wrote:
| To add to this, the App Store clearly markets security
| and trust.
|
| These are the very first words describing the App Store
| (https://www.apple.com/app-store/):
|
| _" The apps you love. From a place you can trust.
|
| For over a decade, the App Store has proved to be a safe
| and trusted place to discover and download apps....And a
| big part of those experiences is ensuring that the apps
| we offer are held to the highest standards for privacy,
| security, and content."_
|
| The page then says this about security:
|
| _" Security for every app. At every level.
|
| We ensure that apps come from known sources, are free of
| known malware, and haven't been tampered with at the time
| of installation or launch."_
|
| And this about trust:
|
| _" Apps must adhere to our guidelines.
|
| When you download an app, it should work as promised.
| Which is why human App Reviewers ensure that the apps on
| the App Store adhere to our strict app review standards.
| Our App Store Review Guidelines require apps to be safe,
| provide a good user experience, comply with our privacy
| rules, secure devices from malware and threats, and use
| approved business models."*_
| matheusmoreira wrote:
| Yeah. The man who lost his life savings due to malicious
| iOS software bearing Apple's signature of approval should
| directly cite this as evidence that Apple is responsible
| for his losses. Apple should pay back every last penny,
| his lawyers and more for good measure.
| zepto wrote:
| > malicious iOS software bearing Apple's signature of
| approval
|
| Approval doesn't mean what you think it means.
|
| Just because they don't detect a scam doesn't mean they
| approve of what it does - it is still in breach of
| contract with Apple.
| zepto wrote:
| No, nowhere in your summary is a promise to keep users
| perfectly safe.
|
| If they had said anything like that you'd be be able to
| quote them.
| defaultname wrote:
| When has Apple made that promise? Where do they make that
| promise?
|
| No system is perfect, and when you get the realm of people
| submitting privileged information to third parties, all
| bets are always off. There is absolutely no way Apple could
| make guarantees about that. And they don't. Anywhere.
|
| And no, saying that they review apps isn't a promise that
| it is "completely secure". That is absurd.
|
| Trying for some security and confidence is a world removed
| from absolute security. The latter is effectively
| impossible.
|
| This thread is farce. Anything if it gives people an
| opportunity to ply their rhetoric. It is a reminder that
| while HN has some good discussions, it has a lot of people
| who just want to make stupid arguments based on lies.
|
| "But I thought you said TLS was _completely secure_? How
| could someripoffsite.com steal my cash? "
| smoldesu wrote:
| > When has Apple made that promise? Where do they make
| that promise?
|
| From apple.com/privacy:
|
| "Every one of the more than 1.8 million apps on the App
| Store is required to follow strict privacy guidelines and
| report how it uses your data. And every app is rigorously
| reviewed by a team of experts at Apple."
| extra88 wrote:
| Privacy and security are not the same thing. Also, an app
| can follow all the privacy and security guidelines and
| still use dark patterns to mislead and get something from
| you that you wouldn't otherwise give up or outright
| defraud you. I'm sure Apple makes a good faith attempt at
| preventing that as well but they can't catch everything.
| lukifer wrote:
| The words "strict" and "rigorous" do a lot of heavy
| lifting in setting user (and market) expectations. We
| programmers are pre-inclined to think in terms of Boolean
| logic, but the law frequently splits hairs on qualitative
| value judgments; there is no simple rubric for what
| counts as "reckless endangerment" or "gross negligence",
| for instance.
|
| I think it's a given that no one expects _any_ QA or
| security process to perform perfectly. But there 's some
| fuzzy line past which Apple's process fails to be
| "rigorous", and whatever that line is (or should be),
| courts will inevitably contrast the high expectations set
| by Apple's marketing with these real-world results when
| considering claims of negligence, liability, false
| advertising, anti-competitive behavior, etc.
| toast0 wrote:
| How we use your data:
|
| Your private key is used to sign a transaction
| transfering your bitcoin to our account. We do not share
| your private key with anyone and it does not leave your
| phone.
| defaultname wrote:
| Which doesn't say or claim that it's "completely secure".
| The notion is _preposterous_ if third parties are
| involved.
|
| Only a Sith deals in absolutes. Then again, so do people
| making disingenuous arguments online.
| DangitBobby wrote:
| Any reasonable reading of this sentence, while
| technically it does not explicitly say that it's
| "completely secure", is that the review process will
| include security review. It's not without context that
| this sentence is read, and the history of software tells
| us what the _point_ of such a review is for protection of
| the user. Being technically correct is not actually
| useful when deciding how reasonable people will interpret
| a piece of marketing material. They are using strong
| language to give the reader confidence that the apps are
| safe and they should not be afraid to use them.
| delfinom wrote:
| Idk, when I see " rigorously reviewed", I think being
| able to see the app is attempting to masquerade as an
| existing one...
| defaultname wrote:
| We are discussing the claim that Apple guarantees every
| app is "completely secure". Thanks for the comment
| though.
| smoldesu wrote:
| Excuse me, they used the words "every one of" and "every
| app" to describe the purview of their security checks. Is
| that somehow not absolute enough for you?
| defaultname wrote:
| To be clear, you read "we review every app" and from that
| your interpretation is that every app is "completely
| secure".
|
| To be polite, ROFL. Either you're posing a disingenuous
| argument to win a pathetic internet argument (which is
| hilariously dumb, but here we are), or you're stupid.
| Which is it?
| ellenhp wrote:
| Is the idea that a nontechnical person might trust Apple
| really that outlandish to you? Do you have, like, family
| members or nontechnical friends?
| SigmundA wrote:
| What unrealistic promise did Apple make? I am curious when they
| said the app store is "completely secure" because obviously
| nothing can be completely secure.
|
| I know they claim it is "the most secure" app store, which I am
| not sure what they use to back that up, it does seem to be one
| of the most secure platforms, it has my highest trust but I
| don't completely trust it.
|
| As others have said I do believe a curated app is is more
| secure than an un curated one or no app store, but nothing is
| perfect and there is a trade off for that curation and tight
| control.
| ______- wrote:
| > A person thought he was getting a legitimate Bitcoin wallet
| app, but turns out it was a fake and he lost his life savings
|
| I guess I'm victim-shaming here, but using mobile apps for
| large financial arrangements, no matter how trustworthy the app
| claims to be is a bad move. For this type of stuff you would
| use a clean computer with no known malware present, and use a
| privacy-aware browser like Firefox or Brave preferably with
| `HTTPS Everywhere` addon installed with the EASE feature turned
| on to avoid plaintext leaks / traffic going over HTTP.
| rawtxapp wrote:
| People use their bank's apps, their investment institutions
| apps (Robinhood, Fidelity, etc) and a lot of other financial
| apps all the time.
| dumbfounder wrote:
| I can't send a lot of money around with any of my bank
| apps. It has relatively low limits.
| ______- wrote:
| Yes if you are dealing in small amounts that you wouldn't
| mind losing to fraudulent apps, then do it, but read my
| previous comment about locked down machines if dealing
| with very large transactions.
| throwaway3699 wrote:
| I'm not sure that trend holds. Most banking apps let you
| send tens of thousands in one go. They're very aggressive
| with the "are you sure?" question in my experience
| though.
| MomoXenosaga wrote:
| Yes mine let's me put in a limit. I have set it to a low
| EUR500 since I rarely do large purchases in webshops.
|
| At the end of the day people are responsible for not
| doing business with shady stores or people. But the idea
| that a single QR code can empty my entire account is
| sobering...
| ______- wrote:
| Which is why I said: "for large financial arrangements"
|
| Large transactions need extra special care. You need a
| trusted device with a trusted OS and a trusted browser,
| preferably with `EASE` turned on in HTTPS Everywhere so
| plaintext secrets can't leak out of your machine. You also
| need to vet the HTTPS Everywhere extension and ensure it
| came from the official addons site. You would also harden
| the OS. Using Linux is preferable over Windows 10 since
| Windows is targeted heavily by malware gangs.
| umanwizard wrote:
| You don't need to do any of this if you're using the
| traditional financial system. The most you need to do is
| make sure you don't get tricked into wiring to the wrong
| address, which is a much lower bar.
| cmeacham98 wrote:
| Btw, recent versions of Firefox include an "HTTPS only"
| mode[1], so HTTPS Everywhere is actually unnecessary for
| this use case nowadays.
|
| 1: https://support.mozilla.org/en-US/kb/https-only-prefs
| abnercoimbre wrote:
| Huh neat. And I'm guessing enabling both would be
| unnecessary and glitchy? I'll uninstall the plugin now --
| it has served me well.
| jjcm wrote:
| In my eyes the trouble with the App Store is discovery is purely
| via curated lists and search. The problem with surfacing via each
| of these two methods is the user has to put trust into the system
| that what is being displayed is reputable and trustworthy. Apple
| unfortunately has shown that they prioritize monetary return over
| best-fit for content, which leads to scams like this. Let's deep
| dive into the issues with the two formats they display info in.
|
| Curated-list discovery (versus algorithmic discovery such as "top
| of the week") tell the user that these apps have been hand
| selected by Apple for being quality apps. In general though it
| turns out that these lists are more often lists of apps that make
| Apple significant amounts of money, changing what Apple is
| incentivized to display. Take for example the only way they allow
| discovery of highly rated apps - the "Everyone's Favorites
| (highly rated apps)" list: https://i.imgur.com/7D2hvwO.jpg. The
| top spot is held by Tinder, which currently has a 3.8/5 rating.
| This list very clearly isn't a list of highly rated apps, only
| highly used / large money makers for Apple. We see clearly that
| Apple prioritizes monetary return over accurate results.
|
| Search is another example of this. Most search algorithms are
| black boxes - inputs go in, results come out that we expect to be
| able to trust. Searching for "Samsung" should bring up apps from
| Samsung, but instead they return mostly free third party apps
| with IAP up sells rather than the official apps.
|
| Overall the App Store is designed for monetary return, not safety
| or user trust. Until Apple decides that the long term image /
| trustworthiness of the App Store is more important than short
| term gain, I don't see these issues changing.
| joezydeco wrote:
| I'm boggled that Apple lets apps charge a _weekly_ amount for
| features that have no appearance of new content each week, like a
| newspaper or magazine would.
|
| This seems like the simplest thing to fix right away.
| echelon wrote:
| I'm boggled that the US government lets Apple rake in 30% for
| commerce on the app store, despite it being only one of two
| games in town for commerce.
|
| It'd be like only having two options for cars (Ford and Tesla),
| and forcing restaurants, stores, etc. to pay 30% of their gross
| revenue to Tesla for their having brought you.
|
| It's truly bizarro world.
|
| Make no pretense. This isn't about protecting consumers, this
| is about Apple's control. They want to install toll booths onto
| every road to reaching Americans, and they're defending it like
| Omaha beach. No browsers, no runtimes, no relationship with
| your customers.
|
| (I swear to god if I hear the "but Nintendo" argument again...
| These aren't toys. Apple captured 50% of ingress to US
| customers and their commerce, and they tightly control and tax
| it. Illegal af.)
| joezydeco wrote:
| Don't derail. There are other threads about Apple's store and
| their vig.
| echelon wrote:
| Apple is an anticompetitive steam roller and they deserve
| every measure of criticism they receive.
|
| Don't ask for censorship to protect a brand you value.
| Apple is not beyond reproach.
| joezydeco wrote:
| All I said was to take the 'Apple Monopoly' discussion to
| the 'Apple Monopoly' threads, of which there are plenty.
|
| This discussion can be about the shitty App Store
| approval process and the shitty App Store developers
| without getting into the financials.
| perryizgr8 wrote:
| This discussion is definitely about Apple's monopoly on
| Ios app distribution. If Apple were to let others
| distribute apps on the platform, people wouldn't complain
| as much about their broken store. They'd just use the
| store that they liked better.
| joezydeco wrote:
| Soooooo by opening up the store the scammers would
| disappear. Makes sense to me.
| _hyn3 wrote:
| That is not what the parent said. If there were _more_
| stores, then there would be more consumer options to
| choose a more trustworthy store from (like F-droid).
|
| Of course, that wouldn't be good for Apple: Apple would
| inevitably have to throw out some of the legit apps in
| the course of QA and weather more criticism; Apple would
| lose that revenue and their vig; and Apple would no
| longer have as many apps in the app store.
|
| Like Amazon, Apple has demonstrated that they prefer that
| some of their customers get fleeced, as long as they get
| their cut.
|
| "1 million apps and untold billions in revenue, but only
| 2% of the _top_ apps are scammy... you can figure out
| which ones, because we didn 't bother.."
| FriendlyNormie wrote:
| Yes, we heard you the first time in literally every other
| Apple related submission. We all know your opinion already.
| It's time for you to shut the fuck up so other people can be
| heard.
| granzymes wrote:
| Would the number of scams in the top 1000 be higher than 2% if
| the App Store was _not_ tightly controlled?
|
| It doesn't follow that, since some bad things have gotten past
| the gatekeeper, we should get rid of the gatekeeper.
| amaBasics wrote:
| That's unclear. A couple of things to consider, both of which
| are _helping_ scammers currently:
|
| - A lot of users let their guard down because they blindly
| trust Apple's marketing, and scammers take advantage of that.
|
| - The fake ratings and reviews are making this even worse by
| leading people to believe other people have found some of these
| scams valuable.
|
| I can see how a more trustworthy ratings system and a more
| honest marketing of the App Store for what it really is,
| _could_ lead to fewer scams, even if Apple doesn't control the
| App Review process so tightly - or doesn't control it all.
| granzymes wrote:
| > A lot of users let their guard down because they blindly
| trust Apple's marketing, and scammers take advantage of that.
|
| This is the "a lot of scammers are better than a few
| sophisticated scammers" argument, which I disagree with.
| Users themselves have varying levels of sophistication
| (unsophisticated scams work just fine on some people), and
| there are other mechanisms like chargebacks which can unwind
| damage after the fact.
|
| > The fake ratings and reviews are making this even worse by
| leading people to believe other people have found some of
| these scams valuable.
|
| I have no insight into how well Apple is doing combating fake
| reviews, but no anti-abuse system is perfect. There is the
| same question here: would things be worse if Apple didn't
| police reviews at all.
|
| The App Store is broken but it is the least broken of the app
| stores.
| amaBasics wrote:
| Not only is the App Store broken, Apple themselves seem to
| be intentionally breaking it at times. From the article:
|
| > Apple used to have a button, just under the ratings and
| reviews section in the App Store, that said "report a
| problem," which allowed users to report inappropriate apps.
| Based on discussions among Apple customers on Apple's own
| website, the feature was removed some time around 2016.
|
| Why would they remove the ability for people to easily
| report apps?
| [deleted]
| disabled wrote:
| It's called government regulation, with true actionable
| penalties for not enforcing legal mandates. The laws should be
| enforceable even for open-source type App Stores, and
| operations that cannot follow the laws should not be available
| in those countries. Countries must have control over their
| territories, regardless of whether it is in the physical or
| virtual world.
|
| If you "created" the equivalent in real life, in a 3D physical,
| brick-and-mortar sense, the law would generally be strictly
| enforced, and you would be able to get away with far less. That
| is, unless you are FAANG, which lobbies the US government--and
| other governments around the world for laws that give them an
| extremely huge "competitive advantage" over startups and mom-
| and-pop type establishments, along with allowing them to be "in
| compliance" but not adhering to the actual "spirit of the law".
| The actual spirit of the law is what the purpose of the law is
| in the first place. It is about affording people inherent
| rights.
|
| The European Union has halfway decent laws on paper at best,
| that are extremely poorly enforced. Also, FAANG always finds a
| way to evade a penalty, anywhere in the world. The EU needs to
| step up its game, and I think they will, but of course, it will
| never be quite enough.
| granzymes wrote:
| Could you clarify what kinds of regulations you would like to
| see? I can't tell what your proposal is from this comment.
| cageface wrote:
| Apple asks us to relinquish some of our most essential freedoms
| in exchange for the promise of safety. If they're not providing
| that safety it's a rotten bargain.
| smoldesu wrote:
| I'd argue that if they can't _prove_ the safety, you 're
| getting ripped off. Apple can point their finger at every
| third party under the sun, but at the end of the day PRISM
| and the CCP has it's respective index fingers on their iCloud
| servers, quietly (and happily) siphoning information from a
| "completely secure" (unaudited) system.
| catlifeonmars wrote:
| Interesting claim. Source?
| Toutouxc wrote:
| The number of scams and fakes on the Google Play store is off
| the charts.
| [deleted]
| rawtxapp wrote:
| Do you have any numbers to back up that claim?
| Toutouxc wrote:
| Nope, I don't even think such number exists, it's just my
| impression of the amount of "why the fuck would anyone even
| publish this" apps out there.
| rchaud wrote:
| > Simon Willison, a software engineer and a former iOS developer
| [...] owns a Samsung television and went to the App Store on his
| phone to install the accompanying Samsung remote control app
| called "SmartThings." An app called "Smart Things" popped up,
| claiming to be a remote for Samsung televisions. Willison paid
| $19 for the app. It turns out the app was pretending to the be
| the genuine Samsung product. His mistake, he says, was an
| "assumption that the App Store review process was good," he said.
| "I held Apple in higher regard than I did Samsung."
|
| A iOS developer pays $19 for a remote control app on the App
| Store and defaults to blaming Samsung. Steve Jobs should get a
| posthumous award for how well his reality distortion field has
| held up after his death.
| tedunangst wrote:
| Huh? He's clearly blaming Apple for violating his trust. He
| never trusted Samsung.
| rchaud wrote:
| Clearly he did, because he spent several hundred dollars
| buying their smart TV.
| sixstringtheory wrote:
| > His mistake, he says, was an "assumption that the App
| Store review process was good
|
| He said it was a mistake to think the app store review
| process was good. How is that blaming Samsung?
| simonw wrote:
| I inherited the TV when I moved into a new house.
| citizenpaul wrote:
| I've met quite a number of developers that somehow barely have
| the skills of my grandma using a PC outside of their daily
| development tasks. Ive seen multiple help desk tickets back in
| my help desk days where developers got someone to email saying
| their PC was broken when it was just turned off.
|
| My point being a developer does not necessarily make this
| person somehow less susceptible to app store scams.
| meej wrote:
| You're making some rather uncharitable assumptions here.
| Simon is a very skilled and accomplished developer.
|
| https://en.wikipedia.org/wiki/Simon_Willison
| simonw wrote:
| Hello, I'm that developer. I'm pretty savvy! That's why I
| agreed to be interviewed for this piece - I wanted to help
| make the case that even highly sophisticated users can be
| taken in by this stuff.
| haspoken wrote:
| http://archive.is/msY5N
| baking wrote:
| Does anyone else find it ironic that this is in the Washington
| Post?
| Traster wrote:
| Apple's problem with claiming their 30% tax is to do with
| maintaining quality of the appstore is how comically small
| amounts of money they spend policing the appstore. At some point
| one of these lawsuits is going to have to establish how much they
| really spend, I would be amazed if they were spending 0.001% of
| revenue on it.
| userbinator wrote:
| Meanwhile, we hear the honest developers routinely get screwed
| over...
|
| It reminds me of the "pirates vs DRM" thing.
| jdminhbg wrote:
| There are lots of articles like this that report breathlessly on
| the numerator but don't make any kind of effort to find out what
| the denominator is.
| andrewmcwatters wrote:
| "[N]early two million apps" and almost all of them are total junk
| because no one adheres to Apple's Human Interface Guidelines[1].
| It's a sea of garbage. Real quality operation you run, Schiller.
| Every time I browse the App Store I feel like I'm walking through
| a bazaar. No coherency. No taste. Nordstrom my behind.
|
| [1]: https://developer.apple.com/design/human-interface-
| guideline...
| MomoXenosaga wrote:
| iOS apps trying to push subscriptions which is heaven for scams
| and fraud.
| tlogan wrote:
| I got scammed too. I got an app for $14/week for some LG /
| Samsung screen sharing. We were in hotel and I wanted to stream
| something to TV in the hotel room so I quickly downloaded it.
| Wine did not help :( The app was charging me for one month. But
| then it disappeared from the store.
|
| One problem is this weekly schedule: people do not check cc
| statements on weekly schedule. Also they should sent an iMessage
| a couple of days before the change.
| smoldesu wrote:
| You're forgetting that Apple makes money every time you spend
| it. They aren't going to stop serving you drinks inside their
| casino, and they're certainly not going to warn you before you
| fleece their pockets again.
| jackson1442 wrote:
| I get an email receipt each time I get charged by an app, and I
| believe I even get a "trial expiring soon" email before
| something starts charging me.
|
| The few times I've accidentally left a subscription running
| I've been able to go to reportaproblem.apple.com and ask for a
| refund and each time it's worked without any drama.
| rchaud wrote:
| > also they should sent an iMessage a couple of days before the
| change.
|
| But then users might disable the auto-renew, and Apple wouldn't
| get their cut.
___________________________________________________________________
(page generated 2021-06-06 23:01 UTC)