> Notarization is about protecting users who are not capable of making an informed decision about code safety from developers who refuse to comply with Apple's terms of service.
No, notarization is about preventing malware. That's all. This has been promised to us by Apple many many times. Malware prevention only. Fortnite is not malware.
I'm sorry, it sounds like we're saying the same thing.
Notarization is not a stick-less carrot. Anyone can sign up and agree to the rules and pay the fee begin notarizing apps. If you break the rules you agree to when you sign up, you lose access to notarization.
It seems like we disagree about this basic understanding, so I'll take a couple guesses at it.
Are you, perhaps, arguing that Apple should not be allowed to terminate developer access to notarization under any circumstance — regardless of their behavior? Or are you arguing that Epic's behavior is "acceptable" rule breaking, but other kinds of behavior are "unacceptable" rule breaking?
I'm happy to consider that I could be wrong here, but I'll need a few more sentences from you to do so.
Sure, I'll bite. My mental model of notarization is strictly a means to fight malware (which, yes, is a nebulous word, but I think we can all agree that Unreal Engine games don't blanket qualify).
Since most people are essentially prevented from running non–notarized macOS software, Apple should treat notarization as a rubber stamp. As long as your app is not literally malware, Apple should notarize it.
Apple's use of notarization as a stick for Epic here certainly goes against if not the letter, then the spirit of their developer documentation: [1]
> Notarization gives users more confidence that the Developer ID-signed software you distribute has been checked by Apple for malicious components. Notarization is not App Review. The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly. If there are no issues, the notary service generates a ticket for you to staple to your software; the notary service also publishes that ticket online where Gatekeeper can find it.
Yes, Apple should very obviously not have a completely unchecked right to disable arbitrary software from running on millions of computers for whatever reason they want. This is so obviously an abuse of power that I can't believe I have to spell it out so clearly.
At the very least such decisions should be subject to appeal to an independent board, and failing that the legal system.
The only time in the past decade that I can think of where they used that power to remove anything other than malware on any platform, was to remove the Zoom daemon that Zoom was using to bypass Installer.app permission checks, which made sense to Apple — and to HN, at the time — because it was considered malicious/exploitable.
Should they have not exercised that right, and left us all at risk — even though the daemon itself wasn't malware, nor had it been abused for such purposes by anyone?
That was a bug, Apple worked together with Zoom, and Zoom still distributes software on all of Apple's platforms, including the Mac. Their developer account was not revoked.
The decisions should be transparent and subject to review and appeal by an independent board. Zoom should be free to appeal Apple's decision to the board, yes.
I'm arguing that Developer ID should be entirely separate from the App Store. That they involve the same Apple developer accounts and programs is merely a matter of convenience, but until now we never had the worry that App Store disputes would lead to problems with Mac software distribution outside the App Store. It's clear now that they should be entirely separate developer programs.
If Apple wants to suspend someone's App Store developer account, fine. But you should be able to distribute outside the App Store regardless.
The whole point of distributing outside the App Store is to avoid all that nonsense with Apple's rules.
The problem is that App Store is the only distribution method on iOS, so it's almost inevitable that you butt heads with Apple if you make iOS apps. How many App Store developers haven't had some kind of fight with Apple? So if App Store and Developer ID accounts are tied, you're always risking your Mac distribution if you make iOS apps too.
Or just development on the platform period, iOS won’t let you run code at all unless you sign it with a developer account and macOS makes it somewhat annoying to do so.
An application that suddenly changes behavior due to no action taken by the user, triggered remotely by the developer, is getting very close to the "malware" line in my book.
A one day 10% off sale is a change in behavior due to no action taken by the user triggered remotely by the developer. Is a sale very close to malware?
Does the sale require me to submit payment details to a not-already-trusted platform?
The change remotely triggered by Epic redirects users to a third-party (Epic) payment system, but what if it were, say, a malicious Epic insider? How much user payment info/cash could they grab before they were detected and disabled?
They actually gave 2 options. If you didnt trust the game maker and their discount you could continue paying the premium to Apple directly and continue feeling safe.
It's funny that this choice wasn't "offered" to console users who got the 20% discount even as 30% still went to Sony/Microsoft. The two-tier pricing on iOS was purely a stunt and had nothing to do with Epic's costs.
Seriously. We generally release most of our new features at 10% of the users and then gradually increase the percentage on the server end. If there's any issue we can turn it off immediately rather than potentially waiting days for the app store to approve our fix.
This is a pretty broad brush. It puts a lot of installable desktop or mobile apps into that bucket due to things like code push. And of course every web app falls in this territory.
What is the definition of sufficient when it comes to protecting non-technical users from harmful code?
In old sci-fi books, there's a couple that describe a future where connecting an old device to the Internet without having first installed updates will result in the device being exploited and/or ruined within a few seconds.
I notice that the Xcode worm was reposted again this morning, which seems like the perfect mechanism for covertly preparing for a worldwide hack of all iOS devices through a backdoor that has been compiled into all software. (You could get a similar effect by introducing malware into CocoaPods, and with similar reach.) All of these protections Apple has with Gatekeeper and Notarization would, to many extents, protect end users against that attack.
As you said, it's definitely a broad brush. The risk is absolutely real, though I imagine we all disagree on how important it is. It's the same problem as the risk of Python/Ruby/Node dependency compromises. Any solution that would work for protecting us against an NPM compromise would also work for protecting us against a macOS software compromise. Apple's solutions have a higher total value of protection, in exchange for a higher total value of bothersome.
Is the NPM model (you can ship any code worldwide, have fun!) safe enough for non-technical users, such that Apple could just drop Gatekeeper and let us all go back to the wild west macOS days? If not, what model is acceptable, given that Apple's model isn't?
This behavior is now the norm in my experience, including browser extensions, mobile apps, and websites. I experience breakage through no action of my own, triggered remotely by the developer. While I agree that it's very much like malware, I'm simply pointing out that this is the rule, rather than the exception, with commercial software today.
> Programs are also considered malware if they secretly act against the interests of the computer user.
Is convincing children that they need to spend money to not be a "default" really in the interest of a computer user? Is taking advantage of gambling addictions with lootboxes really in the interest of a computer user (or society at large)?
I get what you really mean, and I'm probably stretching the definition a bit much; Yet it's worth considering if Fortnight is really a good thing in the first place.
It's worth remembering that this is due to Epic, not Apple. Epic broke the TOS (and then some), with the full knowledge that they would be removed from both major app stores.
Apple and Google are hardly faultless, but Epic is is the one who started this dick-measuring contest.
No, notarization is about preventing malware. That's all. This has been promised to us by Apple many many times. Malware prevention only. Fortnite is not malware.