This just shows that the App Store model is insufficient for user security, as the the security model was supposed to prevent malware from being distributed to users in the first place, no matter what malicious developers upload to the App Store. If Apple treats Xcode as App Store blessed because it believes it came from blessed sources like the App Store, instead of using real security measures, exploits will continue to be shipped to users. Similarly, if OSes don't implement real security that's independent of the App Store model, users will continue to be exploited in this way.

> I think you are also ignoring that apples app store position made it possible to authoritatively reach out to all who were effected as well as enact other remediation efforts.

Microsoft is able to do the same thing with Windows Defender without using the App Store model at all.

I can't give you a black and white response because I don't think the issue is as black and white as most seem to.

I think the app store is a tool and I think it is a powerful and useful tool. Can the tool be used for good? of course. Can it also be used for bad? most definitely. Can it be wielded poorly? yes.

I've used windows, linux, apple, and android, and I like Apple's environment the best. That environment is a consequence of apples choices. Apple limits my choices and I like that. I like having less choices. I don't want to have to think about software security, I want to think about how to spend time with my friends, and apple is a an environment that lets me think about how best to spend time with friends instead of thinking about software security.

Apple's restriction of my choices benefits me. I want apple to restrict my choices. I want there to be only one way to get apps on my device. That simplifies my life. I will pay more to have a more simple life. I will pay someone else to make better choices than I can make with my limited time. I want to do that.

If you don't like that, then don't use Apple. There is a perfectly working alternative to apple that you can use if you want to experience other choices. Apple has a monopoly on apple devices, but apple by no means has a monopoly on smart phones. I'm not sure there are even any major apps exclusive to apple. Apple is better because apple has more money to spend.

> Microsoft is able to do the same thing with Windows Defender without using the App Store model at all.

If apple scanned the apps I side-loaded and reported information about them to their servers that would upset me, that feels like a privacy violation.

Apple's bullying of companies with monopoly power to force privacy labels won me over greatly. They have a lot of good will for that. If apple continues to do things like that, I will continue to support an app store monopoly.

> Apple limits my choices and I like that. I like having less choices. I don't want to have to think about software security

How does this conflict with other users having a developer mode? Because you want Apple to have more unilateral authority over what other businesses are and aren't allowed to do?

It sounds like you have left the domain of "what's right for the market" and headed into the realm of "what I prefer". That's fine and decent anecdata, but completely useless to regulators who's job is to save the market. If Apple is stifling innovation or competition, even for a good cause, then we must codify the goodness and end the monopoly. That's progress, arbitrary corporate grudges are not.

It's an absurd argument. If you want to only install app store apps, then only install apps from the store. That's still possible you know, even if other people aren't forced to. That's why these arguments always boil down to bullshit about how you will be "forced" to use Facebook from outside the store and that would be terrible because being on Facebook on an iPhone is a human right or something.

If you like Apple telling you what to do, fine. Choose only from their menu.

If you don't like apple telling you what to do, use Android?

Apple products are the consequences of Apples decisions, you want what Apple produces but reject their decisions.

What if Apple's phone is better because it is a closed ecosystem?

Nobody is saying that. They're saying use an iPhone and then don't sideload apps. Easy!

> Microsoft is able to do the same thing with Windows Defender without using the App Store model at all.

But not for a lack of trying. Windows has tried to retrofit their App Store, just less successfully. One good example is the code signing racket, where it’s pay to play to avoid useless warnings that scare off people who don’t know better.

Look, you can somewhat reasonably prove the origin of a piece of software, but a domain name x509 cert would be better (only difference is validity needs to handle longer time ranges). The issue is all the “trusted” yadda yadda. Doesn’t matter if it’s an App Store, a holy enterprise certificate trafficker or the pope himself doing the blessing, it just doesn’t hold up. Maybe they could have a herd-protection like VSCode extensions: “50M+ users” so when I see an executable called “Facebook” with “35 users” I can stop and make my own judgment that it looks fishy. But that’s about UX for checking the vendor matches who you think it is, not blessing it.

> Similarly, if OSes don't implement real security that's independent of the App Store model, users will continue to be exploited in this way.

Spot on! Here’s the thing: sandboxing software on any of the big operating systems wasn’t there from the beginning, and that’s the billion dollar mistake. Sandboxing is the only real game changer in end-user security with iPhone/android over desktop, not the monopolistic app stores. Tbf, Apple at least has tried really hard to bring sandboxing to desktop but even they are not there yet. These mega corps should imo have seen it coming a decade earlier, when the web became vastly popular platform, much thanks to sandboxing.