There are no solutions for suspensions from app stores. The solution is to not use app stores -- build better webapps, use the open web.
We could be living in a world where no open web ever existed, where everything would be filtered through app stores and closed environments like Facebook (AOL).
We need to preserve the open web, it is our most precious ressource.
Due to my phone running low on storage I've had to uninstall some apps lately and switch to the mobile web version. In the process, I realized that many of these webapps effectively worked almost identically to their app counterparts with only very minor differences that didn't impact my usage at all.
Actually for some of them the main difference is that the webapp will push very hard for you to install the app with various popups while the app won't. You're basically being harassed into installing the app.
For everything that works as an app and is good enough in a mobile phone Firefox, I always chose the combo Firefox+Bookmark. This way I can also block half the trackers that are include in the app/webpage.
With this setup though you miss out on the 'benefits' of the notifications :)
I believe that putting everything online is not sustainable. It might be very difficult to believe for people who earn so much that they can afford 24/7 stable and fast internet anywhere they go, but there are places where even good old broadband dsl is unstable, in the west.
The reasoning of "appstore bad -> lets not use any appstores" is flawed. There are "appstores" like the ones on FOSS systems like linux (discover on Arch/Manjaro comes to mind), which show that you can make an appstore yourself.
All we need is to build a cross platform, community managed app store, which allows foss and non-foss apps, with a payment system. Thats the solution, not "make it a webapp".
There's no reason why a web app can't work in offline mode.
Think of a web browser as the ultimate App Store -- you navigate to any "app" by using your search engine of choice or by passing around links to the "apps" via email / messaging. Then, you bookmark your "app" so that it's available with one click.
Offline storage, offline compute, notifications, etc. are all things that we can do via web APIs just as easily as proprietary vendor code.
Sure, some things might need native experiences, but those are definitely the exception, not the rule. Even games and navigation and real-time video can be accomplished via web-only APIs.
You’re overstating the capabilities of web APIs. Good luck trying to make a real web app with 3D graphics, offline storage, offline compute, or push notifications. All of that stuff is totally gimped compared with native iOS and Android APIs. This is no accident; widespread cross-platform app development with no revenue cut would go against the interests of the browser engine vendors.
It's app stores as the single gatekeeper to a platform that's bad. I think it's actually fine if there's an app store where you can get vetted apps that have some official stamp of approval from the store owner, but it's also important that that store doesn't have the monopoly to that platform. It should be possible for users to choose a different app store.
Though I share your sentiments, that pattern worked very well at infecting machines with malware for 20 years because the average user is a bad judge of which sites to trust to install software on their device.
Then again, app stores haven't solved the malware problem, and neither have solutions like trusted publishers / signing executables / etc. I look forward to seeing a solution that isn't worst-of-both-worlds.
I remember installing software before app stores. Everyone was always afraid of malware but very few people I knew ever suffered from it. Most people used anti virus software, asked their friends which programs they recommended, or did some research of their own to figure out what was safe to download. All that was probably at least as effective as the “curation” that app stores provide. The problem is that now a lot of people implicitly trust apps from app stores and there is the added harm that there are now sanctioned forms of malware that serve ads, steal info and try to sell you exploitative in app purchases.
> Everyone was always afraid of malware but very few people I knew ever suffered from it. Most people used anti virus software, asked their friends which programs they recommended, or did some research of their own to figure out what was safe to download. All that was probably at least as effective as the “curation” that app stores provide.
That’s the opposite of my experience. I remember lots of malware - toolbars, search engine defaults, using malware bytes, ccleaner, antivirus programs, and a bunch of other crap I can’t remember to de-malware my older relatives’ computers when I was a kid. There was no way to prevent my elders from getting malware on their Windows computers, because they just had to click on everything.
Then iOS came out and I never spent another minute dealing with uninstalling and scanning for malware. Any software problems were solved by deleting the app, or turning the device off and on.
> code execution evolved to ransomware because cryptocurrency
Cryptocurrency might have made it easier, but such scams are older than that. Just look at the whole range of tech support scams based on voucher codes.
A tech support scam can be unlocked by a competent technician for much less than the amount requested by the crooks. A ransomware attack with asymmetric crypto cannot be unlocked in a similar way, math simply won't let you (bar faulty ransomware that happens to reveal its key).
What fixed that is sandboxing. It's not really clear how much app stores do. And in fairness to Google, their malware scanning system is not tied to their app store. Stuff installed outside the store gets scanned too.
> I look forward to seeing a solution that isn't worst-of-both-worlds
Software repositories? Still not perfect in terms of security but better than manually searching for installer packages, deciding between the official download that requires some account registration or a slightly questionable download site and then hoping for the best. Same for updates - the way many third-party programs on Windows expect me to basically download and reinstall the whole program again unless the developer built their own custom auto-updater is ridiculous.
And for the average user I'd say technologies between flatpak and Snap are a decent step in the right direction - easier installation and updates, less trouble with dependencies(in theory), a bit of isolation and file access limits. Unless you want to explain relatives how to setup Qubes OS this is probably the next best thing within the near future.
You can still do that on android if you want.
I still like to have an option of walled garden platform where everything is vetted so flashlight app wont dump every single thing that I have on the phone just because it can.
That would be a problem if we would have no choice, but that is not the case.
Before smartphones, I was a "tech savvy" computer user. I would install lots of software on my computer from the internet. But I wouldn't necessarily recommend the same for people that looked to me for computer advice. Many people would go to a store and buy a box with a disc in it, which was something you could trust because incentives aligned. Stores would prefer to only carry trustworthy software (in a box) to maintain their reputation as a good store, competitive with other stores. But similarly, I would look to web sites I trusted for my software. The most sophisticated users would look to peer-reviewed, open source software, but this involves knowing either how to review it yourself, or knowing who else to trust as having reviewed it.
Smartphones could've evolved to work like the above, perhaps relying on a USB port for software installs, with options to install directly from developers on the internet, but Apple had already learned from iTunes how to use control to both ensure a pretty good experience for users while also getting a lot of money for it. Google may never have gained enough traction with Android if they didn't build the Play Store and introduce convenience and a sense of trust in that store.
So it's really hard to picture a way that this could've evolved without those stores, such that critical mass was reached on these platforms. It's also hard to envision a strong, competitive alternative. The "masses" choose convenience the vast majority of the time, and they also largely want to trust one source for their software needs. They do not want to figure out whether to trust lots of software providers.
There will always be bad actors who take advantage of concepts like "the open web", so how do you keep things open, but safe and trusted? Can you create a federated system that has "experts you trust" and "peers you trust" and then can go to their recommendations to see which software providers to trust? And wrap that into a pretty tidy interface that everyone can easily adopt? And have the trust system and the device platforms work nicely together to prevent "middle man" attacks?
Sony rootkit springs to mind. The only reason they had the attention it did was that it was so comparatively early in the days of the internet, that consensus on how bad it was was formed by computer literate people. It was also less of an endemic problem. It has nothing to do with aligned incentives.
For a counterexample, Apple has a walled garden that has the properties you want - curated by experts, no sideloading etc. Out and out viruses aren’t common but you still have various kinds of malware that’s hard to remove (and obnoxious in-app adds and dickish dark patterns)
I think web quality sandboxing for installed apps would mitigate security issues sufficiently to make less restrictive discovery and reputation mechanisms viable again.
> We could be living in a world where no open web ever existed, where everything would be filtered through app stores and closed environments like Facebook (AOL).
We could be living in a world where the App Store never existed, where everyone could install the software of their choice on the devices they own. Using the web instead of real apps is not the solution.
Yeah. This is a point I've been hammering for a long time now. The problems here are not technology related and it's a mistake to look for technological fixes. The same companies that can ban apps from an app store can also ban websites at the drop of a hat, and do. However their behaviour currently when banning websites is considered to be a legitimate use of power, so it attracts no attention.
There is nothing anywhere that would stop Google just adding websites it doesn't like to the SafeBrowsing blacklist. It's just a social convention that they don't. Yet, social conventions have been repeatedly ripped up over the last 10 years or so by political activists who abuse the word "safe" to mean "ideologically acceptable to us". SafeBrowsing is thus a very dangerous thing because Google's management has shown no ability so far to get a grip on the activist wing of their workforce.
Fortunately, there are two mitigating factors.
One is that Chrome at least on desktop lets you disable SafeBrowsing. Of course, they can change that just as easily as they can change the social norms around how it's used.
Another is that Microsoft has built a successful fork of Chromium. I'm using new Edge on macOS right now. It's not merely using Blink, it's actually Chrome but modified and is very serviceable indeed. In fact they just added vertical tabs. Microsoft seems, at least so far, to have avoided the worst of the culture wars and suspicions of bias. If Google did start to abuse Chrome, people who understood what was happening could quickly switch to Edge. Of course, iOS users are out of luck, as always.
However it may be too fatalistic to assume Android apps cannot be distributed outside the store. I've been hearing "people don't install apps anymore" for years now and it's never motivated with real data, just intuitions and anecdotes. People install apps all the time. The biggest breakout hit of the last decade was Minecraft which violated every aspect of hacker groupthink at once: desktop-first, no mobile version, distributed outside app stores, written in Java, no VC backing. I think people talk themselves into believing this isn't possible, but if people want to install an app, they'll do it. Companies that believe they can't survive without app store distribution are typically offering something completely undifferentiated. I don't know how many dating services there are for the polyamorous but I guess there can't be that many. All it takes on Android is to tick a single box and you can install apps (I'm not sure how they can self-update, but nothing stops you dynamically downloading code into your app on Android).
>There are no solutions for suspensions from app stores.
You can download apk files and install them. Windows users used (and still do, I suppose) to just download and install programs for decades. It's not ideal, but it works.
That's a solution as a user that wants to use simple apps, not as as an app based company.
The result there is the same for a lot of em.
It cuts their userbase massively and if part of your appeal is your userbase (social media, dating, multiplayer, etc) or depends on it (spotify and the like can only pay out so little and keep their costs low because they capture a sizeable marketshare) you need to be on there.
As for windows it's rather surprising that Microsoft hasn't tried harder to get more of a walled garden going given they were never shy of anticompetitive behaviour and mostly stems from expectations grandfathered in.
We could be living in a world where no open web ever existed, where everything would be filtered through app stores and closed environments like Facebook (AOL).
We need to preserve the open web, it is our most precious ressource.