With Apple App Store Fail, Who’s Guarding the Guards?

A stunning new report says that Apple’s vaunted App Store approval process is a sham, with hundreds of dangerous apps easily making their way into the store every day.

This is a problem, and it cuts right to the heart of the concession, and the compromise, which users make when agreeing to the many limitations of curated app stores like Apple’s. And that is that we accept whatever collection of apps that the platform maker deems worthy of our consideration. But in return, that platform maker keeps us safe via a stringent approval process and ongoing monitoring of apps, virtually all of which are connected in some way to the outside world.

It’s not working.

We’ve seen it fail brilliantly with Microsoft’s Windows Store, especially the version on Windows phones, which was a worst-possible combination of low numbers and low quality. The running joke in the Windows phone community was that Microsoft was so desperate for apps that they would accept any app that compiled and ran. But it was no joke: We’re still dealing with the after-effects of the spectacularly bad Windows Store, with Microsoft struggling to explain why anyone would trust it in 2016 to deliver basic apps, let alone AAA game titles.

Android is no better, but at least Google can boast of its strong ecosystem and app count. But Android has always been hampered by a steady stream of low-quality apps in the store and an even worse stream of lower-quality apps that users can choose to install from outside the store. Give Google some credit for this innovation: They were the first to allow users to bypass the security and reliability controls of its app store and install any app they wanted.

But Apple? Come on. Not Apple.

Apple, you may recall, was the company that wasn’t going to even allow an app store, or third party apps, on its iPhone. At that device’s launch in 2007, then-CEO Steve Jobs explained that web apps based on Safari would be good enough, and since they couldn’t impact the phone in any meaningful way, they would be safe for users as well.

But this plan came under fire immediately, and for 2008, Jobs and Apple unveiled a development platform for developers and the App Store. The company said that the inclusion of the App Store “on every single iPhone” meant that all developers would have incredible reach, that they could all reach all iPhone users. App updates, too, would be automatically made available to users. Apple 30 percent take, or vig, on each app sale seemed … reasonable. After all, all developers could reach every iPhone user.

Here in 2016, most people probably understand the benefits of such a system. But the downsides are important to remember too. When Steve Jobs said that the App Store was the “exclusive way to distribute apps” to the iPhone in 2007, it seemed magical. But with millions of apps in the store now, getting in front of users is far from automatic, and most iPhone apps never generate any usage at all.

But the central promise of the App Store was security and reliability. By limiting app distribution to its App Store, Apple would ensure that the iPhone would never succumb to the “Wild West” of distribution that users faced (and still face) on Windows and the Mac. Apple would prevent developers from ruining its platform.

It was a bold stand. But Apple wasn’t the first to institute such a plan.

Back in the mid-1980’s, Nintendo, then a maker of arcade video games, want to release a home video game console. But the home video market had collapsed in 1983, because of the irrational exuberance of Atari, especially, but also of its competitors like Coleco and Mattel Electronics. Things were so bad that Atari rushed terrible games like “ET” into stores and then saturated the market with more cartridges than there were consoles on which to play them.Crash.

So Nintendo’s plan was simple, if somewhat controversial: It would single-handedly revive the market for home video games, but do so in such a way that would let it ensure both the quality and the volume of games that were released. So developers had to go through Nintendo, had to deal with Nintendo’s quality-control program, had to even buy cartridges from Nintendo, in set amounts, which would be released on Nintendo’s schedule.

It worked. Nintendo was quickly joined by SEGA and then Sony, each of which in some way aped Nintendo’s approach to their game libraries. But it also engendered some hostility from developers, who felt constrained by a company that hindered its ability to ship as many games as they wanted, and took a big chunk of the profits. Nintendo, as Apple would later, demanded a per-game vig.

(When I spoke to Microsoft in the run-up to the Xbox 360 launch, I was told that the ability to deliver game updates over the Internet changed things dramatically because developers could now fix problems easily, and for everyone, after the fact. When I voiced concern that this system would let developers ship shoddy first versions, I was told that wouldn’t happen, and that Microsoft had quality control measures in place. A decade later, with some games requiring gigabytes of updates fairly routinely, I still wonder about this.)

But back to Apple.

In the years since the original App Store launch, there have been murmurings of discontent. Developers who claimed that Apple unceremoniously and without explanation removed their apps from the store or never allowed them in in the first place. Developers who claimed that Apple examined their apps and then copied them in their own apps. And so on. But the App Store has flourished, and today it stands a testament to what’s possible when you do things the right way. There are now over 2 million apps in the Apple App Store, making it the largest single platform—and target for developers—on earth. It is not the primary reason users choose iPhone, or other i-devices, but it is one of the major reasons.

But what if it’s all a lie? What if the Apple App Store is managed just as poorly as Microsoft’s Windows Store? Wouldn’t that make the App Store the weak link in the chain, the point of weakness by which an audience of over 1 billion users could be attacked?

That’s the claim being made this week by The New York Times. That the Apple App Store is the home of “hundreds of fake apps” that masquerade as real businesses but are designed to steal your online accounts and credit card information. That these apps, mostly from China, are let into the store every week, with nary a question from Apple. That they are made to be more dangerous and then silently updated on iPhones and other devices all around the world. That Apple, in other words, has failed in its central role as a gatekeeper between iPhone users and that ugly, scary world outside.

The New York Times has alerted Apple to this problem several times. Each time, Apple removed the offending apps in question, but each week, hundreds more appear, as if Apple’s gatekeepers are busy watching iTunes movies with their hand hovered over an acceptance button. That the review process is, in other words, a sham.

“Apple does not routinely examine the thousands of apps submitted to the iTunes store every day to see if they are legitimately associated with the brand names listed on them,” the publication claims. “[So] it is up to brands and developers themselves to watch for fakes and report them, much as they scan for fake websites.”

Apple, naturally, says that it has the best App Store in the world.

“We strive to offer customers the best experience possible, and we take their security very seriously,” an Apple statement notes. “We’ve set up ways for customers and developers to flag fraudulent or suspicious apps, which we promptly investigate to ensure the App Store is safe and secure. We’ve removed these offending apps and will continue to be vigilant about looking for apps that might put our users at risk.”

It’s curious to me that this statement says nothing about Apple’s proactive role as gatekeeper, that it will do a better job of ensuring that it will prevent dangerous apps from getting into the store in the first place. Knowing Apple, I’m sure they are in fact working on that too, and simply don’t like to discuss the operational details of a system that is far too non-transparent.

But it should have never reached this point. As I noted, the central promise of Apple’s walled garden—as it is for any app or content ecosystem—is based purely on trust. We trust Apple—or Google, or Microsoft, or Amazon, or whomever—to keep our phones and devices, online accounts, and data safe. And in return, we cede control of those devices to the platform maker. We let them make the decisions for us. Much like a child has to, with their parents.

But in this case, that parent appears to be a bit distracted, if not inebriated. And I have to wonder. When the gatekeeper isn’t doing its job, what entity protects those users? Where can we turn to ensure that our gatekeepers are doing their jobs?

And if we can’t trust Apple to do this right, how can we trust these walled gardens at all? Google, we all know the score there. And Microsoft, crazed by its slow entry into the market and bedeviled by Apple envy, was somewhat understandably lax. But Apple? Really?

But Apple? Really?