• chiisana@lemmy.chiisana.net
    link
    fedilink
    arrow-up
    4
    arrow-down
    4
    ·
    edit-2
    11 months ago

    It will affect everyone. All it takes is one big company deciding they’re better at distributing their apps via some untrusted channel, or better yet, their own channel, and everyone who uses it are required to install the untrusted store.

    “But it doesn’t affect me!”

    Not true at all. Vast majority of people are forced one way or another to install a third party messenger due to that one older family member who only knows that one app because it’s popular where they live; vast majority of people gets mandated to install something on their phone as required by work place (MFA/VPN/expenses app/HR for PTO etc); vast majority of people are required to install some governmental entity mandated app (passport application/visa exempt entry/social services/etc)….

    List of “mandatory” apps goes on. Even if you only need it for a little bit of time, now you’ve got the store on your phone, ready to open up potential to bring in other not so mandatory and less than desirable apps.

    Apple is not great at vetting apps, there are terrible apps on the App Store that I’d like see removed, but they’ve got decade+ of experience in heuristic detections to prevent most bad apps from making it to our phones. They’ve also got way more resources to act against bad actors than any other company in the world. I can trust that I’m not going to get a fake / modified bank app when I download it from the official App Store. That same guarantee isn’t there with third party untrusted channels.

    It will likely be very unpopular opinion here, given how Lemmy is much more FOSS and self hosted happy (I’d know, I’m self hosting it and spends more time in those communities than anywhere else), but I for one do not want side loading or third party stores to become a thing.

    Edit:

    Ironically, the bad third party stores will be waaaaay more popular to non-tech savvy people, because “Mark says to get apps here for cheaper” or “Mav said this is better”. The actual tech savvy users will have better security awareness, but vast majority of people aren’t, and will end up getting hurt by this.

    Edit 2, after @therealrjp@lemm.ee already downvoted but staying quiet:

    I forgot this earlier. In order to gain access to certain features, such as being allowed to render on CarPlay display, you’d need a special entitlement signed by the App Store, just like IAP receipts etc. – in the current case, that is Apple; in unofficial third party case, that’d be the third party running the store. iOS doesn’t only gate public features like CarPlay rendering using entitlements; many security features are bypassed for official apps using the same mechanism. If you search for security in the extracted entitlement database, you’ll see things like com.apple.private.security.bootpolicy, com.apple.private.security.no-container, com.apple.private.security.no-standbox, com.apple.private.security.storage.CallHistory, com.apple.private.security.storage.Location, com.apple.private.security.storage.Lockdown, com.apple.private.security.storage.Messages, com.apple.security.device.camera, com.apple.security.device.microphone, com.apple.security.personal-information.addressbook,com.apple.security.personal-information.calendars, com.apple.security.personal-information.location,com.apple.security.personal-information.photos-library and many many other fun entitlements that grants things you’d otherwise not want untrusted parties to get access to. We’ve already touched on government entities might require you to install some specific app. It is also well known that Russia runs their own App Store. I wonder how long it would take before any rogue entity running a store start to distribute legitimate spywares?