>I understand being on them is necessary due to how large their market are, but this is really not where I hoped we would be fifteen years ago.
Depends on who "we" are. Some people also wanted a hassle free device, which only runs curated apps, and that keeps the whole experience more secure, unified, private, etc that a "open for all" environment.
> Depends on who "we" are. Some people also wanted a hassle free device, which only runs curated apps, and that keeps the whole experience more secure, unified, private, etc that a "open for all" environment.
To serve this kind of users I think what Apple does is perhaps all right. What I criticize strongly is that there is no option for experienced users (besides jailbreaking) to free themselves (also completely) from this walled garden - ideally in a way that allows users to free themselves only for certain security aspects so that they still have the security advantages of the prohibitions that they don't deactivate.
I have not looked at Xcode since the time it was a requirement to have a paid account to install apps via Xcode. I know this has changed in the last couple of years.
Are there other restrictions on apps installed via Xcode today? E.g do they work for a limited time? Or work only on devices approved in some way?
I'm glad I'm not the only one who thinks this way - with a few exceptions, like SMS and phone cal handling, you can write an app to do anything on the iPhone if you're so inclined. There are always going to be the Power Users who want more out of the system but won't code, but my experience with my iPhone has been that if I ever ran up against a wall I wanted changed, I could write an app to do so, even if I didn't publish to the store.
> you can write an app to do anything on the iPhone if you're so inclined.
Is it now possible to allocate executable memory (e.g. for development apps or writing a JIT compiler)? Is it now possible to write apps that have root permissions?
If you want to do these things, you need to jailbreak it. But the iPhone is probably the wrong phone for you if you are into these kinds of things.
The iPhone offers a safe environment for you to play in. Root access is fundamentally incompatible with that idea. If you want a device that lets you shoot yourself in the foot, get something else.
Why would I want an app, even one I write, to have root permissions? Do you operate your computer as root all the time? I know I don't, if for no other reasons than I sometimes make mistakes, and I'd to write an app that can wipe out my phone just because I made a mistake.
As a passenger I suspect you would expect different standards from an Aircraft autopilot than a cellphone. But, there is a lot to be learned from system that just work.
"Access to computers—and anything which might teach you something about the way the world works—should be unlimited and total. Always yield to the Hands-On Imperative!
Levy is recounting hackers' abilities to learn and build upon pre-existing ideas and systems. He believes that access gives hackers the opportunity to take things apart, fix, or improve upon them and to learn and understand how they work. This gives them the knowledge to create new and even more interesting things. Access aids the expansion of technology."
There's definitely a vanishingly-small proportion of hackers around here, relative to the reputation the site tries to encourage. Lots of people who might be branded "prescriptive social engineers," but not many hackers.
Besides the usual suspects that you run as root because of the "limitations" of the OS, like installing applications/binaries etc.: All the kinds of debugging/tinkering tools needing special permissions, such as Wireshark, attaching a debugger to a running process, tools for generating and handling raw network frames (a capability that I need surprisingly often), ...
This is what spontaneously comes to my mind. But if I reflected for some time probably more things would come to my mind.
These are the kinds of tasks that I would expect to require root access. I don't want some random rogue application sniffing my network packets or attaching debuggers to other processes. While peoples use cases certainly vary, I've also never needed to or cared to do these things on my phone, so lack of root hasn't bothered me. YMMV.
There are many definitions of hacker and sniffing packets on your phone or attaching debuggers to apps on your phone are only one narrow definition of many.
> There are many definitions of hacker and sniffing packets on your phone or attaching debuggers to apps on your phone are only one narrow definition of many.
The willingness to look under the hood or desire to at least be able to do so is a rather universal property of hackers.
You're putting me into a category (or excluding me from one) based on your own subjective opinion on the meaning of "hacker".
I don't really care for the label, but I think you are probably still wrong. Just because I have no interest in doing this with my phone, doesn't mean I don't elsewhere in my life. For example, you don't know about the time I took a MIDI controller apart and nodded it to add more functionality (both physical hardware and software). Or the time I spent reverse engineering the Diameter protocol with wireshark (yes I have used it) so I could figure out how to talk to another system (technically this was for work, but I didn't have to inspect the packets to learn how to use it), or any time I've stepped through a binary in a debugger to see what it does, or inspected some source code, or the time I tried to fool RF sensors with a home-made EMP device, or written some utility or otherwise hacked the world to do what I wanted it to. Yes, I am willing to look under the hood if it helps achieve my goals or if it's fun to do so.
Yet somehow all of that is irrelevant because I have no desire to do any of that on my cell phone. Or maybe the world isn't as black and white as you're making it out to be.
You can make changes for yourself, but you can't effectively make changes for others. You can improve your immediate environment, but you can't improve the world for everybody.
I can publish an app, and then I can make the world better for other people. The comment I replied to was focused on one user's experience, so I answered it similarly. Look at email clients - Apple ships one, but the market suggested that people wanted alternatives, and we have them. The world was made better for everybody.
If you want to grab the system audio stream to apply DSP effects such as dynamic compression on it, is it allowed by XCode? Last time I checked it was not allowed, presumably because a user could rip music from iTunes to mp3 - yet by banning it they are limiting interesting audio effect apps.
When I first heard it, I thought it was a very big new that finally apple allowed to sign the apps for their devices without $100. Now I don't know why, I see almost no one is using it.
Last time I checked the "free" provisioning profiles it generates are valid for something like 7 days. It's not really convenient for anything but experimenting with iOS development.
I don't know the license terms, but I can imagine that there are some terms that disallow people to distribute apps for users to self-sign them on the web.
I agree, but for me there's Android which will let you load any app you want. The latest Galaxy is also IMHO a much better phone, and even includes a headphone jack.
I wish there were more than two options, but the modern mobile market is still only about 10 years old.
What makes you think our options will increase as time passes? The history of modern operating systems is a decrease in viable operating systems over time. Along with iOS and Android, webOS, BlackBerry OS, and Windows Mobile all used to be major OSes.
Oh of course I'm aware of that, that's why I said the whole thing as my own wishes ("I hoped we would be"). I can also see the value in such a device, my main gripe is the total lack of realistic alternative in the smartphone market right now.
Isn't Android a realistic alternative? Certainly it has its own problems, but the ability to 'side-load' whatever app I want far out weights those, at least for me.
Android's becoming more of a walled garden as well. More and more stuff depends on the opaque blob that is Google Play Services and an increasing number of apps (even games ffs!) only want to run when SafetyNet says the device is save.
The SafetyNet stuff is somewhat understandable for banking apps but it means rooting, Xposed modules and custom Android builds is out of the question, taking away a lot of freedom.
It's a choice of developers, not Android's failure. I suspect that game developers are trying to protect from piracy. I doubt that they implemented those checks just for fun.
I haven't looked into this at all, but isn't the point of Xposed to hook into APIs and fake the result? Or otherwise modifying apps? Isn't there a module that just fakes SafetyNet? Probably not, or this wouldn't be a problem, just curious if anyone knows why not?
Yes, there's modules to fake SafetyNet but Google's really invested in it and it is kind of a losing battle on the side of the Xposed module writers[1][2]. (tl;dr It's quite a hassle to get a workaround on your phone and it's pretty trivial for Google to update SafetyNet.)
Xposed is a bit like torrents, jailbreaking, etc. A lot of people use it to pirate stuff or to cheat in games but there's also genuinly useful usage like:
• why does my banking app not allow me to take a screenshot?
• root permissons for Greenify and Amplify so I can make my battery last for days
• better privacy management than what Google only recently implemented
I don't know about SafetyNet specifically, but it could be that it has to authenticate itself to the apps that call its APIs.
E.g., I guess it could be code-signed and that the apps that use it have to check the signature. That uses a private key that "FakeSafetyNet" couldn't duplicate (well, assuming the SafetyNet people could keep it a secrect). It also incorporates a hash of the binary being signed so that FakeSafetyNet couldn't get away with just swiping the signature from SafetyNet to present as its own (the binary hash of FakeSafetyNet wouldn't match the signature).
I'm running a CopperheadOS that I built myself with microG added, and I've found it implements enough of the Google services (including push and SafetyNet) that everything I care about works well, including banking apps. YMMV.
my main gripe is the total lack of realistic alternative in the smartphone market right now.
That's my main gripe as well. I'm currently using a Nexus 5 with Sailfish OS as my daily driver, but it's hard. I really do not have the time anymore like I did in the past to make it all work.
I'm running it with Alien Dalvik so that I can run WhatsApp and some other Android apps that do not have a native version yet. Without that it wouldn't really be possible.
(The reason I'm testing SFOS out is that Jolla (the developer of Sailfish OS) has a deal with Sony to release it on their Xperia X on the near future. Also Jolla's got a deal with Russia as well, because more entities are worried about the walled gardens.)
You don't need a walled garden to have a hassle free experience. Apple could easily allow sideloading and only the people who enable would be asking for "trouble".
They do 'allow' that 'side loading'... it's already there. You can already do that with a free developer account and free Xcode. Anything you download or write you can then send to your iPhone, iPad, iPod etc. and you can use it.
I don't see the Linux eco-system as being more prone to malware and trash than the so-called curated app-store.
> Or how about it's along the vast majority of the people merely wanting the police to guarantee safe cities?
Which more often than not includes being safe from the police, and that's where the problem lies. This sort of power is bound to be abused.
> "No matter what the context" is BS. I presume you lock your house doors or wear a safety belt -- sacrificing freedom of movement for more security.
Interesting. I've lived in places where unlocked doors were the norm, the village where I live (20 Km from Amsterdam) still has plenty of unlocked doors. People wear safety belts because there are no downsides and because they are required by law so that stretched analogy doesn't hold.
Only developers without Android experience think that.
Android is all about Java.
The NDK is there as layer for implementing Java native methods, games and high performance audio, and general purpose native libraries from other OSes.
This is what you are allowed to call from C and C++ on Android:
"Only developers without Android experience think that."
Think what? That Linux is malware-free? If you're addressing me only, I'm just asking for clarity on the dataset in question, not expressing an opinion about the safety of the platform.
No, that Android having Linux as kernel is actually relevant to Android programming.
Given the OS architecture Google can easily announce a version using other kernel, given that there is very little UNIX specific on what can be done with public NDK APIs.
Only those customising Android builds would be impacted.
The main reason Android has more malware than other kinds of Linux is because Android is extremely popular. Malware writers just target the systems with the most users so they can have the biggest impact.
>I don't see the Linux eco-system as being more prone to malware and trash than the so-called curated app-store.
An estimate 99.99% of the Linux software I use is from a curated repository. Yes, I could just download src.tar.gz and ‘make install‘ but I prefer the safer more convenient alternative.
When you are in a collision with out a seat belt more often than not your body becomes a 100 pound plus projectile going at non trivial speed that could easily kill some one.
Consequently even libertarians might be for seat belt laws (unless of course you are on private roads).
I'm not sure of the accuracy, but I've also heard it argued that you're much more likely to regain control of a vehicle after an evasive maneuver, since you will stay in your seat.
It's not. A federal/state law is a law. You are compelled to do something that may be against your wishes. Whether or not it is a good thing is neither here nor there! To spin the debate, apply the same for drug laws, or substance control.
There is a huge difference between police state and letting dodgy products on some store's 'shelves'. Do you support Amazon allowing sellers of counterfeit goods on Amazon Marketplace?
Besides the walled garden of Apple is not so walled - you can install any app you want on your iDevice, as long as you have access to Xcode (which is free). It is the access to the marketing and reach of App Store that Apple denies.
> There is a huge difference between police state and letting dodgy products on some store's 'shelves'.
Yes, but the point was that people do not always realize the consequences of their choices, not that there were no differences.
> Do you support Amazon allowing sellers of counterfeit goods on Amazon Marketplace?
I don't support the Amazon 'marketplace' at all, Amazon should take full responsibility for anything sold through Amazon.com and if they allow counterfeit merchandise on their store that should be their problem, not the problem of their end users. And there is plenty of counterfeit merchandise on Amazon so I do not get what the point is, unless you wanted to make the point that in spite of being curated Amazon fails horribly at keeping their store in good shape.
> Besides the walled garden of Apple is not so walled - you can install any app you want on your iDevice, as long as you have access to Xcode (which is free).
That's fine, but for your regular end-user this has been made so difficult that it is something only developers will use.
> It is the access to the marketing and reach of App Store that Apple denies.
No, it goes much further than that. To all intents and purposes if your app is not in the app store then it doesn't exist because iDevices users think that that is the only way apps can go on their devices.
I have 100's if not many thousands of options to buy from when it comes to Amazon, but yes, Amazon is ultimately responsible for what they sell and - surprise - we have laws against counterfeit merchandise sold as if it were the original brand. So yes, Amazon has some duty here.
Apple does not have the same kind of duties when it comes to apps in the Apple app-store, they have created a de-facto monopoly on the channel between the people programming applications for ios and their customers.
Apple's duties might be partially self imposed, but that's part of their value proposition. I don't want to sift through reviews to find out whether the app is safe to use, like my friends with Android phones have to do.
And comparisons with police states or monopolies are just ludicrous.
With police state you have no choice, but with app ecosystems you are free to choose another (yes, with a different phone - but you don't buy a $700 phone by mistake or chance). And Apple is not a monopoly, there are plenty of other viable options.
> This is roughly along the lines of the vast majority of the people that would happily vote in a police state
This kind of hyperbole isn't helpful. The differences between voting in a police state and using a walled garden app ecosystem run by a private company should be obvious.
> Freedom is a good thing, even if it comes at the price of some risk, no matter what the context.
What about the freedom to choose an application platform?
Since I'm sure I need to make this disclaimer, I don't own any Apple (or Windows) devices aside from my work-issued macbook.
It is helpful in the sense that it points out that people will often do things that have far reaching consequences out of their free will because they do not realize the long term effects.
> The differences between voting in a police state and using a walled garden app ecosystem run by a private company should be obvious.
Yes, but in the one case people vote with their ballots, in the other the vote with their dollars. In both cases the long term effects are negatives but since those effects are still safely over the horizon we can pretend that they don't exist. By the time those effects are felt it is too late to change course.
> What about the freedom to choose an application platform?
That would be fine with me, but only if the hardware were 'open' enough by default that third party application platforms would have a chance of making it to single digit percentage penetration.
> Since I'm sure I need to make this disclaimer, I don't own any Apple (or Windows) devices aside from my work-issued macbook.
I don't care what you use or why, what matters to me is that there is - at least in the mobile space - the choice between Google on the one side and Apple on the other and that both of those have substantial shortcomings when it comes to the freedoms they afford their users.
With Google you'll be tracked from here to kingdom come and with Apple you're going to be handed a smart terminal. Neither of those choices appeals to me.
Freedom is a good thing, even if it comes at the price of some risk, no matter what the context.
That's a shallow quote, though. You're right, on the face of it – freedom is a good thing. But we accept compromises on absolute, unbridled freedom all the time, in order to trade of some other desirable outcome.
I would be concerned if computers generally were locked-down. But they aren't – competitors to iPhones are freely available, and desktop & laptop computers are ubiquitous. I will continue to oppose restraints on what can be done with them, but the freedom to choose a curated garden is also a freedom that should be respected.
Apple is also removing the freedom developers had to give users the options of track location even when in the background or never track location, but not the option to only track while using the app. They're also restricting the freedom developers had to ask for reviews.
One could argue that no one was forced to install those apps that always tracked them, or that they could manually switch between the options. However the small minority of people who care about the privacy of their location will now have a lot more apps available to them with less hassle, because Apple is deciding to enforce a rule.
I don't think these new guidelines about executable code in education apps will be a problem, but I can imagine dropping the restriction altogether allowing developers to take advantage of users who aren't vigilant, or simply making people have to be much more suspicious about everything they allow on their phone.
I used to advocate a similar philosophy to you on this. Now, I'm in a bit of a transition phase, although I'm not sure exactly where I'm transitioning to.
This article [0] has made points that I'm not certain I completely agree with, but has done enough for me to suggest that my original position might need updating.
The point being, essentially, that at some point we might need to consider the trade off of who we're actually afraid of and where we can get the best protection as part of a trade-off, since things like "freedom", "risk", "security", and "privacy" aren't absolutes in any meaningful way.
Freedom is a trade off, like everything else. For example, more freedom means more responsibility. Also, if everyone is perfectly free, then we're all forced to accommodate the least worthy among us. It's all trade offs all the way down.
It's like playing a game. There's more actual freedom when people follow a defined set of guidelines than there would be if anyone could do whatever they liked.
I see there are similarities, but there are probably also a lot of people fine with using an App Store that are also big advocates of Freedom of Speech, Press, Privacy, etc. when it comes to the government.
Did they? Or did the industry quickly lock hardware devices into little gadgets for generating income?
I don't think most people know what they want. They've never understood the trade-off. Instead they just go to their local electronics supplier and take something off the shelf.
That's plain insulting to the people even on here that use iOS. Some of us have owned competing devices. Some of us ran, and still run, Linux on our main PCs.
What is your suggested alternative: Android? Functionally speaking, how is Android different? That's all consumers care, and should care, about: How does the difference affect my life. They don't care about your grand philosophical argument. If Apple's walled garden actually affected people's lives, they would care. It doesn't. They don't.
I know I did. And I'm a techie. I just don't like fiddling with my hardware.
>Or did the industry quickly lock hardware devices into little gadgets for generating income?
Well, considering that Linux as a Desktop OS is totally open but it's still at very low single digits for desktop use, and that all the "comes with Linux pre-installed" ventures failed to gain any traction, I'd say lots of people don't care for that kind of openness at all over use of use, practicality, polish, etc.
Not to mention that mobile devices are now far less locked than they used to be for the average user. For the first 10 years of mobile phones, they came just with the apps that the vendor offered and no APIs, or very limited crapware (e.g. in mobile Java) -- now there are 1.5 million apps to chose from, many of incredible quality.
For the first 10 years of mobile phones, they came just with the apps that the vendor offered and no APIs, or very limited crapware (e.g. in mobile Java)
The first ten years were 1983 (release of the DynaTAC 8000x) to 1993. I don't think they came with any apps at all.
If you mean pre-iPhone, then it's not true; I was running my own Python scripts (which could use the GPS, camera, etc) on my S60 before that, using an interpreter provided by Nokia itself.
As Nokia owner from several feature phones and having had J2ME dev experience, I did had quite a few useful J2ME applications here in Germany and Switzerland.
One of those mobile crapware Java applications was Google Maps actually.
There is no trade-off for most of the users. Time to drop that notion that the whole world consists of wannabe developers. Peope have other activities they want to spend time on instead of tinkering with their devices.
People buy cars that they are free to repair or modify. We've even guaranteed some of those freedoms in law[1], such as 15 USC § 2302(c) which prohibits[1] warranty conditions that forbid using 3rd party parts or independent repair services. (the FTC even clarified[2] a couple years ago that deceptively implying that such a condition exists is also forbidden).
Having the freedom to repair or modify your car does not mean you are a "wannabe mechanic". It may mean that in rare situations, but most people utilize that freedom when they take their car to for maintenance or repair at an independent mechanic. Locking down a device isn't necessary to provide a curated market. Apple could achieve a similar limited-market by including some kind of warranty with apps purchased through their curated store to increase confidence that their curation guarantees a minimum level of quality/security)
This isn't about people wanting to be developers (or mechanics); it's about property rights. Are you buying your phone, or are you leasing it? Apple says[3] "buy" in the page title (and the URL!). The software industry - and recently John Deere - like to pretend that copyright law and carefully worded contracts of adhesion give them de facto ownership over anything by adding software. This misuse of copyright[4] is an attack on property rights. There are many ways to provide convenience, security. Guaranteeing some amount of quality in products or services does not require giving up your ability to own modern goods.
All economic exchange is some form of trade. The parent was assuming the buyer was making an informed trade. I disagree.
You don't have to be a lawyer to know that if a person enters a contract that's cheating them? They probably wouldn't do it if they knew. You don't have to want the world to all be lawyers. All that's happening here is that one person is saying folks are happy with a trade and another person is saying most folks don't understand the trade. Professions, skillsets, or how I'd like the world to be have nothing to do with it.
Absolutely right. There is an implied trade where the user trades control, configurability, etc to get reliability, simplicity, ease of use. The trade is really one-sided though, since most people don't value the former qualities. Consumers frequently trade away anything that isn't part of "consumption". Things that change the ability to spend, acquire, use, and rely on matter a lot, so when they trade money to get those things most consumers take it as a benefit that it won't be self-service. We've practically all made this choice with cars, bikes (lots of custom tools that keep the cycle shops in business), etc.
I'd agree there is a trade, I disagree that it is uninformed. My experience with consumers says that they just do not value the loss of control within the same order of magnitude as they value convenience and reliability.
What I observe is that in the business if platform vendorship, you either get big players to port or fail. If one of Jolla, Ubuntu Phone or Firefox OS had at least WhatsApp, that would have gained some traction.
This is a chicken and egg problem, though. The big app makers want some guarantees of numbers before they port, but you'll only have those numbers once they've ported.
Yet we saw in a story last week how this protection doesn't amount to much when an app can generate 80k a month fraudulently because Apple isn't policing their store to the level many believe them to be doing.
> Some people also wanted a hassle free device, which only runs curated apps
But Apple fails to meet this wish, too. If the curation consists of barely keeping out the absolutely worst of abysmal stuff, but allows regular crap apps, that does not count as "curated".
In fact, app store is opposite of all these qualities. Secure? It's provided by sandboxing, not app censorship. But almost every popular game in app store will read your contacts and send to its server. Unified? No one, except for top companies are able to follow UI guidelines, and most apps has weird UI. Even good apps have over-use of arcane swipe actions which makes them un-unified. Private? Most apps are very privacy-invasive. Even you are making app as a hobby, you will likely use privacy-invasive ad networks in order to pay back $100/year ad store fee.
Depends on who "we" are. Some people also wanted a hassle free device, which only runs curated apps, and that keeps the whole experience more secure, unified, private, etc that a "open for all" environment.