A few days ago Miguel de Icaza blogged about the recent kerfuffle regarding Epic and Apple. Miguel’s reminiscences of the early Internet match largely my own – I loved the utopia, I had high hopes, optimistic dreams about the Internet’s future etc etc. Things, however, have changed and the Internet is what it is now, not going to go back to its previous self. That, in itself, is a problem but one we can’t probably do much about since, like many of our creations, the Internet has a dynamic life of its own and is an outcome of actions, views, opinions of billions of people who create so many ripples, so many actions and reactions that nobody can really control what’s going on there (despite attempts in earnest to do so).
Before getting to the actual point of this post, let me state that I do not like Apple as a company. I used to, in the 90s and early 00s, and after that my opinion had been slowly changing. I also don’t like the walled gardens of the Apple or Google app stores, however…
…however I unfortunately think they are a necessity these days. Personally I like the Linux application distribution model much, much better, and it works very well for millions of people. I don’t mean the technical aspects of it (package formats, package managers, repositories etc) but rather the, effectively, manual process of curating the packages, applying updates, tracking security issues - in other words, making sure that the OS users get software that’s up-to-date, as secure as possible and working as expected.
We put our trust in the hands of thousands of developers maintaining packages, we trust that they won’t put backdoors, malware etc in the code. If we decide to use a computer (in whatever form or shape) we MUST trust somebody, for our own sanity. So far, there haven’t been many cases of supply chain poisoning (if any? I can’t recall anything, but then I haven’t really researched this) but this model cannot and will not scale to the number of applications available for the mobile platforms via the app stores.
The threats, at the same time, are real and not trivial. We all know about them, there’s no reason reiterate that. There must be a way to protect all and any users of the billions of mobile devices from the threats they even don’t realize exist. Both app stores (and probably others as well) do protect people from most of them using automated processes to scan the apps submitted by developers. So yes, even though I don’t like the model, I do recognize that it is, at least currently, the best form of protecting the general population of mobile device users from malicious software.
However… what I don’t see as justified is the Google and Apple cuts from sales. 30% is a bit steep there, even considering that all the protective measures take human labor, hardware and software and is most probably not cheap. I don’t think it should be “free for all” but something much lower than 30% - after all both Google and Apple profit from many applications (ignoring other sources of income here), while most developers profit from a single, perhaps two or three apps. It’s a matter of scale, as simple as that.
Now, if you’re willing to shout obscenities at me, tell me how full of whatever I am - feel free to find my email and drop me a line :D