DOCSLIB.ORG

Tending the Garden: How to Ensure That App Stores Put Users First

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Tending the Garden: How to Ensure That App Stores Put Users First Tending the Garden: How to Ensure That App Stores Put Users First June 2020 John Bergmayer Acknowledgements The author would like to thank those that provided feedback during the drafting of this paper, including Blake Reid at the University of Colorado Law School, Hal Singer, managing director at Econ One and an adjunct professor at Georgetown’s McDonough School of Business, and Will Jennings, student at the Indiana University McKinney School of Law and intern at Public Knowledge, for editing assistance. This paper, along with other work from Public Knowledge on platform competition, was made possible by the support of the Omidyar Network. The cover image is The Artist’s Garden at Eragny, by Camille Pissarro, oil on canvas, 1898. This public domain image was sourced via the National Gallery of Art. The remainder of the paper is licensed under the Creative Commons Attribution- ShareAlike 4.0 International (CC BY-SA 4.0) license, the terms of which may be found here: https://creativecommons.org/licenses/by-sa/4.0. Table of Contents EXECUTIVE SUMMARY ................................................................................................................................. 1 INTRODUCTION ........................................................................................................................................... 2 EXAMPLES OF APP STORES ......................................................................................................................... 8 APP STORES VS SECURITY ARCHITECTURES ............................................................................................. 11 EXCLUSIVE SOURCE OF SOFTWARE ................................................................................................................ 12 CODE-SIGNING ......................................................................................................................................... 13 SANDBOXING AND PERMISSIONS .................................................................................................................. 14 API RESTRICTIONS ....................................................................................................................................... 15 DRM ....................................................................................................................................................... 16 BENEFITS OF APP STORES .......................................................................................................................... 16 DRAWBACKS OF APP STORES .................................................................................................................. 19 IT IS HARD TO COMPETE WITH A PLATFORM ..................................................................................................... 19 APP STORES PLACE BUSINESS MODEL CONSTRAINTS ON DEVELOPERS ................................................................. 24 CENSORSHIP AND CURATION ....................................................................................................................... 34 CUSTOMER OWNERSHIP, RESALE, AND PRESERVATION ..................................................................................... 36 SINGLE TARGET FOR SCAMS ......................................................................................................................... 38 EXCLUSION OF CERTAIN MARKETS ................................................................................................................. 39 APP STORE TRADEOFFS MAY NOT BE THE BEST FOR ALL USERS ............................................................................. 39 CASE STUDIES ............................................................................................................................................. 40 DUPLICATING BUILT-IN FUNCTIONALITY AND DEFAULTS ..................................................................................... 40 SPOTIFY, AND THE REQUIRED USE OF IN-APP PURCHASE SYSTEM FOR NON-APP CONTENT ...................................... 42 FORTNITE AND THE GOOGLE PLAY STORE ...................................................................................................... 44 EXCLUSIVE ACCESS TO HARDWARE FEATURES ................................................................................................. 44 PREFERENTIAL TREATMENT OF IMPORTANT APPS ............................................................................................... 45 HKMAP.LIVE, AND GOVERNMENT PRESSURE TO CENSOR .................................................................................. 46 APPLE, AT&T, AND THE FCC ...................................................................................................................... 47 MORAL CENSORSHIP .................................................................................................................................. 48 LOCATION DATA IN IOS 13 ......................................................................................................................... 49 PARENTAL CONTROL APPS ........................................................................................................................... 50 SOLUTIONS ................................................................................................................................................. 52 SIDELOADING ............................................................................................................................................ 52 IN-APP PURCHASE REQUIREMENTS SHOULD BE LIMITED TO APP FUNCTIONALITY ..................................................... 56 DEVELOPERS SHOULD BE ABLE TO TRUTHFULLY COMMUNICATE WITH THEIR CUSTOMERS ......................................... 57 ALLOW USERS TO SET AND CHANGE DEFAULTS ................................................................................................ 57 LIMIT PREINSTALLED APPS TO ESSENTIALS ......................................................................................................... 58 APP STORE SEARCH TRANSPARENCY ............................................................................................................. 58 PLATFORMS SHOULD AVOID USING COMPETITORS’ PROPRIETARY DATA TO COMPETE WITH THEM ........................... 59 PROACTIVELY OFFER SECURE APIS TO FOR THIRD-PARTY DEVELOPERS FOR MAJOR NEW FEATURES ......................... 59 OBLIGATION TO ALLOW ARCHIVING / EMULATION OF OLDER SYSTEM VERSIONS .................................................. 61 ALLOW USERS TO TRANSFER AND MERGE ACCOUNTS ....................................................................................... 62 DUE PROCESS FOR DEVELOPERS ................................................................................................................... 63 GREATER BUSINESS MODEL FLEXIBILITY ............................................................................................................ 63 CONCLUSION ............................................................................................................................................ 64 1 Tending the Garden Executive Summary App stores provide security, privacy, and trust for users, while giving platform maintainers significant gatekeeper control over the software that users can access, what that software can do, and how it can be monetized. This gatekeeper control can be used to benefit platforms at the expense of independent software developers as well as users. Switching costs, network effects, and other factors mean that competition between platforms for users and developers cannot be enough to ensure that app stores and their associated software platforms will be operated in a way that promotes consumer rights, the public interest, and broader economic benefits. This paper suggests specific measures that should be implemented by dominant app stores to promote these interests—reducing the gatekeeper control that app stores inherently have, but not eliminating it. These measures are suggested as baseline structural remedies that would apply broadly, and do not fully displace the need for a competition law framework, an individualized, complaint-driven procedure that addresses matters these measures do not address, or other remedies. Specifically, this paper recommends that platforms allow users and developers to bypass the app store entirely through side-loading, but only subject to strict code- signing requirements. Code-signing ensures that only software from known developers can run on a device. At the same time, this paper suggests that code- signing authorities themselves can be decentralized. It also recommends a few measures that app stores can implement to reduce the advantage their first-party apps have over competitors, such as allowing users to change defaults, and proactively providing third-party application programming interfaces, or APIs, for major new features at a more rapid cadence. This paper also calls for app stores to allow greater business model flexibility to developers, such as allowing things like paid upgrades and not requiring the use of in-app purchase systems for media purchases and subscriptions. It calls for due process for developers to ensure consistency in the application of rules. Finally, even older versions of dominant platforms and software that run on them can be of historical and technological interest. Platforms should, therefore, ensure that it remains possible to archive and emulate software that may still be protected by copyright but is of limited commercial
Load more

Recommended publications
  • Brick-And-Mortar Retailers' Survival Strategies Amid the COVID-19 Crisis
    Mitsui & Co. Global Strategic Studies Institute Monthly Report June 2020 BRICK-AND-MORTAR RETAILERS’ SURVIVAL STRATEGIES AMID THE COVID-19 CRISIS Katsuhide Takashima Industrial Research Dept. III, Industrial Studies Div. Mitsui & Co. Global Strategic Studies Institute SUMMARY As the shift in consumer demand towards e-commerce (EC) has taken root amid the COVID-19 crisis, brick-and-mortar retailers will need stronger survival strategies. The first strategy is to respond to consumer needs for infection prevention, such as by adopting cashierless checkout systems and implementing measures to reduce the amount of time customers spend in stores. The second strategy is to enhance the sophistication of EC initiatives by leveraging the advantage of speediness in product delivery that only brick-and-mortar retailers can provide. The third strategy is to expand and monetize the showroom function. Business models providing insight to this end are beginning to emerge. The spread of COVID-19 infections has divided the retail industry, placing companies in stark contrast with each other depending on business format. Most specialty retailers, including department stores, shopping malls, and apparel shops, saw their earnings decline because they closed their stores to prevent infections, or otherwise suffered from operating restrictions. Meanwhile, other retail formats permitted to stay open in to supply consumers with daily necessities marked earnings growth. They include supermarkets, which captured demand from restaurants that had either closed or were avoided by consumers, and drugstores, which saw growth in demand for infection prevention products, e.g., masks and disinfectants (Figure 1). In addition, e-commerce (EC) transactions are increasing sharply, reflecting rapidly expanded usage by consumers who are refraining from going out.
    [Show full text]
  • Managing App Sideloading Threats on Ios Whitepaper
    Whitepaper Enterprise Mobile Security Managing App Sideloading Threats on iOS Whitepaper I. Introduction II. The Path to App Sideloading Through rigorous app review Apple has lowered the risk Signing Certificates of downloading malware from its App Stores to near Apple offers two types of signing certificates for app zero. Companies, however, increasingly rely on an app- distribution outside of their App Stores and both types distribution mechanism called enterprise provisioning allow users to install and execute signed apps on that allows them to distribute apps to employees without non-jailbroken devices: Apple’s review as long as the apps are signed with an Apple-issued enterprise signing certificate. 1) A developer certificate, intended to sign and deploy test apps to a limited number of devices. Unfortunately, attackers have managed to hijack this app-distribution mechanism to sideload apps on 2) An enterprise certificate, intended to sign non-jailbroken devices, as demonstrated in the recent and widely deploy apps to devices within an Wirelurker attack. Organizations today face a real organization. security threat that attackers will continue to abuse To obtain these certificates you must enroll in one of enterprise provisioning and use it to sideload malware, Apple’s two iOS developer programs. Table 1 on the especially since: following page summarizes the enrollment requirements 1) The widespread prevalence of legitimate, for each program and their app provisioning restrictictions. enterprise-provisioned iOS apps in the workplace Both types of signing certificates expire after a year, has conditioned employees to seeing (and ignoring) whereupon developers can apply for new ones. Apple can the security warnings triggered on devices also revoke certificates if it learns of abuse and an app when installing these apps.
    [Show full text]
  • New Insights on Retail E-Commerce (July 26, 2017)
    U.S. Department of Commerce Economics Newand Insights Statistics on Retail Administration E-Commerce Office of the Chief Economist New Insights on Retail E-Commerce Executive Summary The U.S. Census Bureau has been collecting data on retail sales since the 1950s and data on e-commerce retail sales since 1998. As the Internet has become ubiquitous, many retailers have created websites and even entire divisions devoted to fulfilling online orders. Many consumers have By turned to e-commerce as a matter of convenience or to increase the Jessica R. Nicholson variety of goods available to them. Whatever the reason, retail e- commerce sales have skyrocketed and the Internet will undoubtedly continue to influence how consumers shop, underscoring the need for good data to track this increasingly important economic activity. In June 2017, the Census Bureau released a new supplemental data table on retail e-commerce by type of retailer. The Census Bureau developed these estimates by re-categorizing e-commerce sales data from its ESA Issue Brief existing “electronic shopping” sales data according to the primary #04-17 business type of the retailer, such as clothing stores, food stores, or electronics stores. This report examines how the new estimates enhance our understanding of where consumers are shopping online and also provides an overview of trends in retail and e-commerce sales. Findings from this report include: E-commerce sales accounted for 7.2 percent of all retail sales in 2015, up dramatically from 0.2 percent in 1998. July 26, 2017 E-commerce sales have been growing nine times faster than traditional in-store sales since 1998.
    [Show full text]
  • Trademarks, Metatags, and Initial Interest Confusion: a Look to the Past to Re- Conceptualize the Future
    173 TRADEMARKS, METATAGS, AND INITIAL INTEREST CONFUSION: A LOOK TO THE PAST TO RE- CONCEPTUALIZE THE FUTURE CHAD J. DOELLINGER* INTRODUCTION Web sites, through domain names and metatags, have created a new set of problems for trademark owners. A prominent problem is the use of one’s trademarks in the metatags of a competitor’s web site. The initial interest confusion doctrine has been used to combat this problem.1 Initial interest confusion involves infringement based on confusion that creates initial customer interest, even though no transaction takes place.2 Several important questions have currently received little atten- tion: How should initial interest confusion be defined? How should initial interest confusion be conceptualized? How much confusion is enough to justify a remedy? Who needs to be confused, when, and for how long? How should courts determine when initial interest confusion is sufficient to support a finding of trademark infringement? These issues have been glossed over in the current debate by both courts and scholars alike. While the two seminal opinions involving the initial interest confusion doctrine, Brookfield Commun., Inc. v. West Coast Ent. Corp.3 and * B.A., B.S., University of Iowa (1998); J.D., Yale Law School (2001). Mr. Doellinger is an associate with Pattishall, McAuliffe, Newbury, Hilliard & Geraldson, 311 S. Wacker Drive, Chicago, Illinois 60606. The author would like to thank Uli Widmaier for his assistance and insights. The views and opinions in this article are solely those of the author and do not necessarily reflect those of Pattishall, McAuliffe, Newbury, Hilliard & Geraldson. 1 See J. Thomas McCarthy, McCarthy on Trademarks and Unfair Competition, vol.
    [Show full text]
  • Android (Operating System) 1 Android (Operating System)
    Android (operating system) 1 Android (operating system) Android Home screen displayed by Samsung Nexus S with Google running Android 2.3 "Gingerbread" Company / developer Google Inc., Open Handset Alliance [1] Programmed in C (core), C++ (some third-party libraries), Java (UI) Working state Current [2] Source model Free and open source software (3.0 is currently in closed development) Initial release 21 October 2008 Latest stable release Tablets: [3] 3.0.1 (Honeycomb) Phones: [3] 2.3.3 (Gingerbread) / 24 February 2011 [4] Supported platforms ARM, MIPS, Power, x86 Kernel type Monolithic, modified Linux kernel Default user interface Graphical [5] License Apache 2.0, Linux kernel patches are under GPL v2 Official website [www.android.com www.android.com] Android is a software stack for mobile devices that includes an operating system, middleware and key applications.[6] [7] Google Inc. purchased the initial developer of the software, Android Inc., in 2005.[8] Android's mobile operating system is based on a modified version of the Linux kernel. Google and other members of the Open Handset Alliance collaborated on Android's development and release.[9] [10] The Android Open Source Project (AOSP) is tasked with the maintenance and further development of Android.[11] The Android operating system is the world's best-selling Smartphone platform.[12] [13] Android has a large community of developers writing applications ("apps") that extend the functionality of the devices. There are currently over 150,000 apps available for Android.[14] [15] Android Market is the online app store run by Google, though apps can also be downloaded from third-party sites.
    [Show full text]
  • Hidemyapp : Hiding the Presence of Sensitive Apps on Android
    HideMyApp : Hiding the Presence of Sensitive Apps on Android Anh Pham Italo Dacosta Eleonora Losiouk John Stephan EPFL, Switzerland EPFL, Switzerland University of Padova, Italy EPFL, Switzerland Kévin Huguenin Jean-Pierre Hubaux University of Lausanne, Switzerland EPFL, Switzerland Abstract patients [23], and there are around 325,000 mHealth apps available in major mobile app stores.2 Millions of users rely on mobile health (mHealth) apps to Given the sensitivity of medical data, the threats of pri- manage their wellness and medical conditions. Although the vacy leakage are one of the main hindrances to the success of popularity of such apps continues to grow, several privacy and mHealth technologies [37]. In this area, a serious and often security challenges can hinder their potential. In particular, overlooked threat is that an adversary can infer sensitive infor- the simple fact that an mHealth app is installed on a user’s mation simply from the presence of an app on a user’s phone. phone can reveal sensitive information about the user’s health. Previous studies have shown that private information, such as Due to Android’s open design, any app, even without per- age, gender, race, and religion, can be inferred from the list of missions, can easily check for the presence of a specific app installed apps [22,29,47]. With the increasing popularity of or collect the entire list of installed apps on the phone. Our mHealth apps, an adversary can now infer even more sensitive analysis shows that Android apps expose a significant amount information. For example, learning that a user has a diabetes of metadata, which facilitates fingerprinting them.
    [Show full text]
  • Of Epos SDK for Ios Cannot Find the Network Printer on Ios/Ipados 14 Or Later
    Workaround for an issue regarding 'Discovery' of ePOS SDK for iOS cannot find the network printer on iOS/iPadOS 14 Seiko Epson Corporation Dec 14th, 2020 Issue 'Discovery' of ePOS SDK for iOS cannot find the network printer on iOS/iPadOS 14 or later. Cause This issue depends on the specification change of iOS/iPadOS 14. From iOS/iPadOS 14 or later, users have to apply to Apple and change their implementation if the app sends broadcast or multicast messages. Because the ePOS SDK uses broadcast to search for printers. Workaround methods As of now, SEC thinks there are 2 workaround methods. 1. Version down of "Target" on "TARGETS" “General” " Deployment Info" to lower than iOS12.0 (iOS11.4 or before). Also, enable the local network in iOS settings. 1 / 6 2. If customer would like to use new function of iOS14 or later, user has to apply the "Multicast Networking Entitlement" on Apple Developer's site. <Condition: A & B> A. Tablet OS: iOS/iPadOS version is 14.0 or later. B. Using "Deployment Info" on "project" "Target" is iOS 12.0 or later <Procedure> It needs 3 steps. See below. Step1: Apply "Multicast Networking Entitlement" 1.1. Apply on Apple Developer website Link: <https://developer.apple.com/contact/request/networking-multicast> 1.2. Edit the application information as shown below a. App Name e.g. Epson TM Print Assistant b. App Store URL e.g. https://apps.apple.com/jp/app/epson-tm-print c. App Category e.g. business d. Describe the main purpose of your app e.g.
    [Show full text]
  • Apple Business Manager Overview Overview
    Getting Started Guide Apple Business Manager Overview Overview Contents Apple Business Manager is a web-based portal for IT administrators to deploy Overview iPhone, iPad, iPod touch, Apple TV, and Mac all from one place. Working Getting Started seamlessly with your mobile device management (MDM) solution, Apple Configuration Resources Business Manager makes it easy to automate device deployment, purchase apps and distribute content, and create Managed Apple IDs for employees. The Device Enrollment Program (DEP) and the Volume Purchase Program (VPP) are now completely integrated into Apple Business Manager, so organizations can bring together everything needed to deploy Apple devices. These programs will no longer be available starting December 1, 2019. Devices Apple Business Manager enables automated device enrollment, giving organizations a fast, streamlined way to deploy corporate-owned Apple devices and enroll in MDM without having to physically touch or prepare each device. • Simplify the setup process for users by streamlining steps in Setup Assistant, ensuring that employees receive the right configurations immediately upon activation. IT teams can now further customize this experience by providing consent text, corporate branding or modern authentication to employees. • Enable a higher level of control for corporate-owned devices by using supervision, which provides additional device management controls that are not available for other deployment models, including non-removable MDM. • More easily manage default MDM servers by setting a default server that’s based on device type. And you can now manually enroll iPhone, iPad, and Apple TV using Apple Configurator 2, regardless of how you acquired them. Content Apple Business Manager enables organizations to easily buy content in volume.
    [Show full text]
  • Maas360 and Ios
    MaaS360 and iOS A comprehensive guide to Apple iOS Management Table of Contents Introduction Prerequisites Basics and Terminology Integrating MaaS360 with Apple’s Deployment Programs Deployment Settings Enrollment: Manual Enrollment Enrollment: Streamlined Apple Configurator Device View Policy App Management Frequently Asked Questions "Apple’s unified management framework in iOS gives you the best of both worlds: IT is able to configure, manage, and secure devices and control the corporate data flowing through them, while at the same time users are empowered to do great work with the devices they love to use.” -Apple Business “Managing Devices and Corporate Data on iOS” Guide IBM Security / © 2019 IBM Corporation 3 Types of iOS Management “Supervision gives your organization more control iOS supports 3 “styles” of management that will over the iOS, iPadOS, and tvOS devices you own, determine the MDM capabilities on the device. allowing restrictions such as disabling AirDrop or Apple Music, or placing the device in Single App Standard – an out-of-the-box device with no additional Mode. It also provides additional device configurations. Would be enrolled over-the-air via a Safari configurations and features, so you can do things URL or the MaaS360 agent. like silently install apps and filter web usage via a global proxy, to ensure that users’ web traffic stays Supervised – Supervision unlocks the full management within the organization’s guidelines. capabilities available on iOS. Can be automated via the Apple streamlined enrollment program or enabled manually By default, iOS, iPadOS, and tvOS devices are not via Apple configurator. Supervision of an existing device supervised.
    [Show full text]
  • Dropdmg 3.6.2 Manual
    DropDMG 3.6.2 Manual C-Command Software c-command.com February 16, 2021 Contents 1 Introduction 4 1.1 Feature List..............................................4 2 Installing and Updating 6 2.1 Requirements.............................................6 2.2 Installing DropDMG.........................................7 2.3 Updating From a Previous Version.................................7 2.4 Reinstalling a Fresh Copy......................................8 2.5 Uninstalling DropDMG.......................................9 2.6 Security & Privacy Access......................................9 3 Using DropDMG 13 3.1 Basics................................................. 13 3.2 Making a Bootable Device Image of a Hard Drive......................... 14 3.3 Backing Up Your Files to CD/DVD................................ 16 3.4 Burning Backups of CDs/DVDs................................... 17 3.5 Restoring Files and Disks...................................... 18 3.6 Making Images With Background Pictures............................. 19 3.7 Protecting Your Files With Encryption............................... 20 3.8 Transferring Files Securely...................................... 21 3.9 Sharing Licenses and Layouts.................................... 21 3.10 Splitting a File or Folder Into Pieces................................ 22 3.11 Creating a DropDMG Quick Action................................ 22 4 Menus 23 4.1 The DropDMG Menu........................................ 23 4.1.1 About DropDMG...................................... 23 4.1.2 Software
    [Show full text]
  • Notion V Praxi #2 | Anglicky S Ewou Homekit & Siri | Deskové
    124 Apple 2019 #2 | Notion v praxi #2 | Anglicky s Ewou HomeKit & Siri | Deskové hry pro iOS iPure.cz 124/2020, čtvrtý ročník | Šéfredaktor a zakladatel: Filip Brož Redakce: Jan Březina, Jan Pražák, Marek Hajn, Daniel Březina, Jura Ibl, Karel Oprchal, Lukáš Gregor, Michael Vita Editor: Marek Nepožitek | Překlad: Ondřej Pikrt Grafická úprava a sazba: Cinemax, s.r.o., www.cinemax.cz iPurecz, s.r.o., IČ: 06481663 | Kontakt: [email protected] Nepodlehnout panice Editorial Jan Pražák Viry se šíří Evropou, nakažených Proto jsme se podívali na druhou část hodnoce- ní roku 2019 ve světě Apple. Praxe s Notion v podání přibývá, panika stoupá. Je to jako živé Lukáše vám možná ukáže nový způsob, jak lze sys- vyobrazení hry Plague Inc. My v redakci tematizovat a předávat informace. V nejkrizovějším scénáři hermeticky uzavřených měst se bude hodit se připravujeme tím, že vymýšlíme dobré využití času. Proč si nezlepšit svoji angličtinu, způsoby jak se zabavit a myšlenky jak ukazuje Filip? Když už budete trávit více času doma než venku, můžete si užít nastavování chyt- směřovat jinam. rých domácích zařízení. Michal vám v tom může poradit. A to nejlepší na závěr. Ti, kteří mají děti, si mohou užít společné chvíle u deskových her – o nich píše Dan. Jak vidíte, naše redakce panice nepodléhá. Nenakupujeme velké zásoby za desetitisíce, ale při- cházíme se střízlivými pohledy jak využít jakýko- li volný čas. Obecná zásada ale stále platí: pečlivá hygiena a lahev dobré whisky na dosah ruky. 3 C D www.ipure.cz Apple 2019 #2 Magazín Jan Pražák Minule jsme začali s třemi hlavními 2018 Opět nejdřív historické okénko, které nám pomů- kategoriemi, které Apple velmi že podívat se na meziroční změny.
    [Show full text]
  • Compromised Connections
    COMPROMISED CONNECTIONS OVERCOMING PRIVACY CHALLENGES OF THE MOBILE INTERNET The Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and many other international and regional treaties recognize privacy as a fundamental human right. Privacy A WORLD OF INFORMATION underpins key values such as freedom of expression, freedom of association, and freedom of speech, IN YOUR MOBILE PHONE and it is one of the most important, nuanced and complex fundamental rights of contemporary age. For those of us who care deeply about privacy, safety and security, not only for ourselves but also for our development partners and their missions, we need to think of mobile phones as primary computers As mobile phones have transformed from clunky handheld calling devices to nifty touch-screen rather than just calling devices. We need to keep in mind that, as the storage, functionality, and smartphones loaded with apps and supported by cloud access, the networks these phones rely on capability of mobiles increase, so do the risks to users. have become ubiquitous, ferrying vast amounts of data across invisible spectrums and reaching the Can we address these hidden costs to our digital connections? Fortunately, yes! We recommend: most remote corners of the world. • Adopting device, data, network and application safety measures From a technical point-of-view, today’s phones are actually more like compact mobile computers. They are packed with digital intelligence and capable of processing many of the tasks previously confined
    [Show full text]