home · thoughts · recipes · notes · me

On Apple’s Ecosystem

Epic Games is suing Apple. If they win and Apple is forced to open up iOS to 3rd-party stores, iOS will die. Here’s why.

The Lawsuit

Recently, both Apple and Google kicked Fortnite off of their stores for attempting to skirt their in-app purchase requirements. In essence, Epic Games (developers of Fortnite) aim to bypass the 30% cut that both platforms take from all purchases made in their ecosystems by implementing their own payment mechanism. This was an intentional violation of Apple and Google’s rules and Terms of Service for their app stores and resulted in a ban.

In response, Epic instantly filed a lawsuit claiming unfair competitive practices and antitrust behavior by the mobile platform duopoly. This was clearly a premeditated move, and Epic is ready to open up their warchest to fight these restrictions. There’s been tons of discussion on the Internet about the potential legal implications of this lawsuit; everyone is speculating about how this might impact the mobile marketplace. Obviously nobody knows what will happen, but there are some very interesting possibilities: Will the 30% cut change? Will allowing alternative payment methods be required by platforms?

I don’t want to rehash those topics; there’s plenty of discussion out there already. I want to muse about something I haven’t really seen mentioned in tech circles: What happens if Epic Games succeeds in “unlocking” these platforms? Specifically, what happens if Apple is forced to allow users to sideload apps?

How Sideloading Kills iOS

By “sideloading,” we mean installing apps without going through the AppStore. This means no more “approval process,” no more 30% cut, and, crucially, no more regulation.

Libertarians may rejoice, but users will suffer: if this happens, iOS as a platform is dead.

iOS has always kept people that value ease of use and privacy in mind. Why anyone would choose an operating system created by an advertising empire because it has… better customization? is completely beyond me, but that’s not what this post is about.1 These two pillars have kept me on Apple’s platform since the first iPod Touch: iOS makes privacy features very accessible and maintains conscientious defaults—granular permissions, hardware security, limited fingerprinting, safe APIs, etc.

This last element is the only one that matters here: the lack of an AppStore approval process will enable use of private APIs and completely ruin privacy on iOS.

Private APIs

These are functions that are internal to iOS: they are hidden, undocumented, and made unavailable through the standard SDK. As a developer, you’re not allowed to use them; they’re typically the underpinnings of public APIs except without the extra layers of protection Apple adds on so that their technology isn’t abused. Many apps have been caught finding and using private APIs (including Uber) and have been punished accordingly.

By letting developers distribute apps through their own app stores, Apple will have no way to prevent private API access. This means things like bypassing permissions APIs, uniquely identifying your device by its serial number, tracking devices by their actual hardware MAC address, accessing peripherals like the camera and microphone without notifying the user are all suddenly fair game. In other words, privacy on iOS is dead simply because Apple can’t protect it anymore.

In the current model, apps that get caught obfuscating their apps to use private APIs can be stopped, but in an unregulated app distribution model, anything goes.

The Future

If Epic Games wins the lawsuit and Pandora’s Box is opened, I confidently expect there to be a “Facebook Store” that is required to install or update the social networking giant’s ever-growing suite of apps (Messenger, Instagram, WhatsApp, Oculus, etc.). There will definitely be an Epic Store, and given the reach of Unreal Engine, it may include much of the mobile gaming market. Google already has the infrastructure in place, so there will definitely be a Play Store, and so on and so forth. The iOS platform will break out into a complete Wild West of unregulated applications that will leave any semblance of user privacy in the past. Are we really going to give these companies the “benefit of the doubt” that they’ll behave ethically?

“Pfft, that doesn’t happen on Android,” you might retort, “so why would that suddenly come to iOS?”. I would argue that this is fundamentally because the Android SDK and Google’s approval process does not prioritize user privacy, so there’s no need.2 Developers can already do (basically) whatever they want and harvest a treasure trove of information freely.

It’s a slippery slope, you might say, but I’m not so sure. All it takes is one successful third-party store to overcome user inertia in configuring their device to open the floodgates. I’m completely willing to put up with the 30% cut and pay a premium for Apple’s devices if it means this mobile dystopia can be kept at bay.

  1. I’m honestly not sure what draws people to Android. Sure, apparently you can go completely Google-free, but you need to be incredibly tech savvy and basically completely neuter your device in the process. That’s not exactly an option for the average consumer, but again, that’s not what this post is supposed to be about. ↩︎

  2. Any developer who has worked even a little bit with both mobile platforms will quickly tell you how much more privacy-conscious Apple’s SDKs are. For example, you can’t even get the hardware MAC addresses of devices around you when using Bluetooth APIs on iOS because they add an anonymization layer. ↩︎