(no title)

> Apple complied but maliciously in the EU making it very difficult and very expensive to offer apps on alt stores. They also made sure to add scary warnings so one can never offer a normal onboarding flow.

Even for web distribution in the EU (which they allowed some time ago) they require you to have had an Apple Developer account for at least 2 years and at least one App with more than 1m annunal downloads in the App Store.

So they're forcing you to have a very successful app in their own store before you can distribute yourself, basically making this impossible to actually use. It's such a blatant case of malicious compliance, it's insane.

> The App Store doesn't do anything to product you in that sense. It's easy to circumvent...

Interesting, their marketing has customers believe otherwise, so I wouldn't have thought that as a noob in cybersecurity.

I've submitted an app to the iOS App Store in the past, and the process is tedious and doesn't seem superficial (unlike the Play Store process, which was completely autonomous at the time), so that's another reason why I wouldn't have thought it.

> It’s easy to circumvent and these days it’s cheaper to just buy an iOS exploit than go through the trouble of making a shady app.

But why is that easier? And is it inevitably so or a result of the fact that the boundaries of the one place to install apps from is aggressively policed?

>The App Store doesn’t do anything to protect you in that sense. It’s easy to circumvent and these days it’s cheaper to just buy an iOS exploit than go through the trouble of making a shady app.

Different threat models. If you're the mossad and want to go after someone in particular, yes the exploit is the way to go, but if you're running some run of the mill scam, you're certainly not going to spend 6+ figures on a ios 0day that'll get patched within days.

> these days it’s cheaper to just buy an iOS exploit than go through the trouble of making a shady app.

"Look, you do not need a front door, and definitely not one with a lock on it. After all anybody could machine-gun you down through your windows."

> They also made sure to add scary warnings so one can never offer a normal onboarding flow.

is this any different from Macs also prompting the user when a downloaded binary is suspicious/not signed properly? or windows when installing it'd flash a screen about trusting what you're installing?

For Setapp, I am kind of forced to pay for it since I use NotePlan and Paste. And I use Timing Tracker sometimes. The first two alone cost the same as a Setapp sub for 4 desktops and 4 iOS devices.

I should try Alt out again with you reminding me.

Sounds grand. I'll have my 80yo grandparent try it tonight.

My employer demands that I have some proprietary 2FA app installed. And while it’s the norm for companies to provide you with a laptop that you install their trojans on, it’s not the norm to provide you with a work phone, so I’m glad there is a middleman limiting the damage I’m exposed to when I install corporate software on my phone. And that’s a device that has access to much more information about me, whom I talk to and what I do with my spare time, when and where.

I dont even get it. Apps require system prompts for access to local network, files, etc. Whats the security issue?

Not put a gun to your head but ring up pretending to be your bank and there’s fraud detected and can you follow these steps to verify your identity and secure your account.