Depending on how it's installed (the two ends of the spectrum being either downloading other app stores via Apple's App Store or downloading them from safari) it can cause issues with how Apple's standard of "no malware" stays even when downloading apps via those app stores.
For an example, with alternative app stores it's very likely you could release a jailbreak and have it installable without a computer since most (non-checkm8) jailbreaks break out of the sandbox and exploit their way to root access and installing an dpkg frontend. That's all well and good until someone does the same but hides jailbreak code in an inconspicuous app that initiates the jailbreak in the background, and instead of installing dpkg it installs a keylogger/keychain dumper that sends all passwords to a remote server.
Either Apple will still need to review these, have IPAs notarized, or have contracts in place with each app store developer to ensure the same app review quality. I don't see epic accepting any of these scenarios without a fight.
In your scenario, there's malware in a non-apple app store. So what? It rightfully gets a bad reputation, people presumably avoid it, etc. Those who are more risk averse choose only to use the Apple app store. I'm not seeing the issue here?
If Apple want's to ensure that the platform itself is as secure as possible, that involves patching the underlying vulnerabilities. The presence of a third party app store doesn't affect that one way or the other.
How would mom know about the bad reputation? Download.com included toolbars with their installers (not a vulnerability, just shady) and only in rare blog articles were they called out on it. Multiple sites linked to them as a reputable download source for affiliate money.
The same way she avoids more open ecosystems like android? Presumably, the addition of another app store would be something she would have to actively seek out and do.
> Either Apple will still need to review these, have IPAs notarized, or have contracts in place with each app store developer to ensure the same app review quality. I don't see epic accepting any of these scenarios without a fight.
As Windows shows us, none of these need to be true.
Don’t download random shit from people you shouldn’t trust, and you won’t have malware and/or keyloggers.
"Don’t download random shit from people you shouldn’t trust, and you won’t have malware and/or keyloggers."
If only it was that simple. Apple's audience is not really us. I can't count the number of times, my mother-in-law tried to install random stuff on her PC and me having to deal with it. This is Apple's user.
Ditto for Linux and Android. I'm sure I could find a sketchy closed source kernel module somewhere out there that's actually malware. That's not a problem in practice though because I'd have to leave the confines of the official repositories for my OS and intentionally seek it out.
(I suppose NPM could be an interesting point of discussion here though.)
For an example, with alternative app stores it's very likely you could release a jailbreak and have it installable without a computer since most (non-checkm8) jailbreaks break out of the sandbox and exploit their way to root access and installing an dpkg frontend. That's all well and good until someone does the same but hides jailbreak code in an inconspicuous app that initiates the jailbreak in the background, and instead of installing dpkg it installs a keylogger/keychain dumper that sends all passwords to a remote server.
Either Apple will still need to review these, have IPAs notarized, or have contracts in place with each app store developer to ensure the same app review quality. I don't see epic accepting any of these scenarios without a fight.