Apple witness says company would need to modify software, hardware to support third-party ...
A witness in the Apple v. Epic Games case says that the Cupertino tech giant would need to redesign its software and hardware to allow alternative app stores, though some are doubtful about the claim.
Credit: Epic Games
On Wednesday, Apple filed summaries of its expert witness reports, including a rebuttal from Dr. Daniel L. Rubinfeld that claims that Apple would need to "redesign its hardware and software ... to make the iPhone interoperable with alternative app stores and with apps that would not qualify under Apple's app-review guidelines."
That statement, shared on Twitter by FOSS Patents founder Florian Mueller, elicited a strong reaction from Epic Games founder Tim Sweeney.
Mueller, for his part, added that he has previously used methods to install apps on iOS devices outside of the App Store. While the method works without requiring new hardware, he says that it is "made unnecessarily cumbersome by Apple," noting the company requires developers working with alternative app stores to store a list of unique device IDs (UDIDs) in an app itself.
"In order to find out one's UDID, one has to connect an iPhone or iPad to a MacBook with a USB cable and open the iTunes app; copy the UDID; paste it into a message to the developer; and the developer then has to actually integrate it into the app package. That's obviously not an option for large-scale distribution," Mueller wrote in a blog post.
The requirement to store UDIDs within an app is a policy guideline, which Apple could conceivably lift at any time. Apple also requires developers to build a store app and distribute it via TestFlight, which comes with other limitations.
Mueller also cast doubt on another statement in an Apple witness report provided by James Malackowski that claims the App Store itself is referenced in more than 250 U.S. patents and patent applications.
According to Mueller, that's "meaningless," since references to the App Store don't necessarily indicate that the marketplace is protected by patents.
The Epic Games v. Apple case is set to go to trial on May 3.
Credit: Epic Games
On Wednesday, Apple filed summaries of its expert witness reports, including a rebuttal from Dr. Daniel L. Rubinfeld that claims that Apple would need to "redesign its hardware and software ... to make the iPhone interoperable with alternative app stores and with apps that would not qualify under Apple's app-review guidelines."
That statement, shared on Twitter by FOSS Patents founder Florian Mueller, elicited a strong reaction from Epic Games founder Tim Sweeney.
That's baloney! iOS already has a mechanism for users to install apps from the web - the Apple Enterprise Program. Only contractual limitations prevent it from being used for consumer software distribution.https://t.co/TfUN3rqHTm
-- Tim Sweeney (@TimSweeneyEpic)
Mueller, for his part, added that he has previously used methods to install apps on iOS devices outside of the App Store. While the method works without requiring new hardware, he says that it is "made unnecessarily cumbersome by Apple," noting the company requires developers working with alternative app stores to store a list of unique device IDs (UDIDs) in an app itself.
"In order to find out one's UDID, one has to connect an iPhone or iPad to a MacBook with a USB cable and open the iTunes app; copy the UDID; paste it into a message to the developer; and the developer then has to actually integrate it into the app package. That's obviously not an option for large-scale distribution," Mueller wrote in a blog post.
The requirement to store UDIDs within an app is a policy guideline, which Apple could conceivably lift at any time. Apple also requires developers to build a store app and distribute it via TestFlight, which comes with other limitations.
Mueller also cast doubt on another statement in an Apple witness report provided by James Malackowski that claims the App Store itself is referenced in more than 250 U.S. patents and patent applications.
According to Mueller, that's "meaningless," since references to the App Store don't necessarily indicate that the marketplace is protected by patents.
The Epic Games v. Apple case is set to go to trial on May 3.
Comments
And yes, it prevents developers from directly distributing software, or opening up ‘alternate’ stores. And here again is the disingenuousness —not recognizing that established entities will reproduce their existing store dynamics. That means more malware, more copy-cat apps, more crap-ware, more marketing of questionable content to kids, and a race-to-the-bottom mentality that’s meant to undercut any (especially smaller) competitors until a stranglehold can be established. Game stores in particular are yet another cash grab by these companies — you’ve seen them do it over and over again, so it boggles the mind how these corporate parasites are now re-born as freedom fighters for the common person.
Oh, and one more thing, since Sweeney mentioned MDM distribution without naming it by name … ask him if it’s company policy to allow rank and file members to side-load apps or if it’s closed in order to protect against a corporate data breach. That will tell you all you need to know about how much of a liar he really is.
Another store would have its own security mechanisms and its own keys, which means that Apple would have to make sure that the system supports different app management, keys from different stores, etc! Probably Apple would want to change hardware to make sure that its own keys aren’t compromised.
And, oddly enough, I agree with Tim Sweeney on this single point - it is technically feasible for Apple to allow Third Party App Stores by using the Enterprise Developer Program. But I wouldn't want Apple to be forced to change that Program because of the safeguards it provides - the user must explicitly accept that they do not have full control over their device with respect to the apps that can be installed on it. Ironically, users need to implicitly accept that they don't have full control over their device anyway when they buy it. But the key point is that users make an informed choice, both at point of purchase and at the point of profile installation (although, frankly, for corporate use it's far better to have the corporation own the device and simply make parts of its functionality available to its employees).
Apple would have to completely review the system security to account for these kind of changes, since a lot was done without accounting for this level of flexibility!
A new store for multiple apps would require a new key/certification mechanism. Apple’s key/certification priocess could be used for the new app-store app that provides access to other apps, but a new key/certification process would be required for apps within that new store.
However, at present the Enterprise route does allow developers to create apps that can be distributed via the web to any user in the world - a list of UDIDs is not required - Meuller is wrong. This does of course contravene/break the agreement with Apple - as Enterprise apps are for use within an organisation and not for public distribution.
It does require the person who has downloaded the app to go into settings and “trust” the certification/profile though. Oh, and TestFlight is one option, not the only one, so is actually unnecessary. How do you think people did enterprise development before Apple bought TestFlight? So Sweeney is kind of correct technically but I still think Epic are totally in the wrong morally, hope they lose big-time.
As said above, a totally new key/certification mechanism would be required for a new additional app-store : I guess Epic would be happy to develop and provide that if they are the new owners of the new additional app-store.
No, it couldn’t, because the system only recognises Apple certificates and keys, it would be unable to recognise any new certification process, and with what you are saying all apps from that kind of store "arrangement" would all be using certificates issued to the same developer, and continue to use Apple’s key.
The enterprise developers can deploy their own apps but those apps also get Apple certificates, they are not able to implement an independent certification, nor manage an independent pool of developers that would be created with a new store, nor independently manage whatever security issues might arise with one developer or app.
For any of this to work the app management security would have to be overhauled.
At the moment when Apple makes changes to the system, developers are given a countdown to update their apps, however this is not seen as harmful as it affects Apple’s own app store. Now should Apple levy this kind of change to a 3rd party app store it would be seen as deliberately harming competition. Just look at Steam on macOS, it’s a mess of incompatible mac software and that has absolutely nothing to do with macOS’s ability to run software from any vendor.
For similar reasons the App Store can’t be separated and run by a separate company, the hardware and system are tied together. iOS is not Windows nor macOS, the two work in lockstep.
The difficulty comes when trying to block malware - Apple can only revoke the certificate for the developer that pertains to Apple's App Store; it would then need to rely on the other app stores to revoke the relevant certificate(s) they hold. Certainly achievable, and automation possible, but it would mean Apple surrendering some control and that seems unlikely.
However, based on the reporting from Herr Mueller, it looks like Apple will be forced to comply since an injunction has been awarded by the Court: Full text of the injunction Epic Games is seeking against Apple's App Store terms and policies
So our arguing about the technical details here seems a little pointless.
You can find it on page 361 of Epic Games' Proposed Findings of Fact and Conclusions of Law, basically Appendix 1, which opens with:
It seems rather cheeky of Epic to try and write the court's opinion for it, but IANAL, so I guess that's probably not totally abnormal in cases like these. It's worth noting that Apple's corresponding filing doesn't include such "direct" language in outlining the remedies it's requesting, however.
Then again, maybe we shouldn't be all that surprised at the brass that Epic is showing here, considering that its lobbyists have already been handing pre-drafted legislation to politicians in several states.