I've never understood this argument. Apple spends billions of dollars vetting their store for high quality apps. You can't even verify the build you get off Github was compiled from the same posted source.
As much as people want to be "leet" and run 3rd party software, it's inherently insecure and that's why Apple shuts it down.
There was a version of Apple at a point in time where I agree with your rhetoric. They have completely lost credibility to uphold that position IMO.
Apple definitely does not spend billions guaranteeing "quality". To prove my point, where does Apple even define what they consider "quality"? How can you quantify such an aubjecrive and ambiguous term?
They spend billions paying out the 70% they don't pocket.
Heck, They don't even adhere to their own HIG nor let us revert to past (objectively higher quality) versions of iOS.
The 30% also covers refunds, legal stuff (not stuff IN your app, but regarding the sale of it), taxes, GDPR and much more.
The infrastructure running the app store probably also isn't cheap.
I'm not saying Apple doesn't profit from it, but they're not just pocketing every penny.
As for "quality", they mostly check that your app isn't using unauthorized APIs, or doing other scetchy stuff, like leeching all of your data. They couldn't care less if your app is bad, thats' between you and your potential users.
Does it work ? apparently so. Apple catches around 2 million apps every year that are rejected for those reasons. Android has about the same amount of apps, but there they're caught by Kaspersky (and others) after they're published.
That doesn't mean that malware isn't making its way through the App Store review, the damage will be somewhat limited if it can't use private APIs.
I should add that here in the EU, where we’ve had 3rd party app stores for over a year, nobody uses them. The absolutely biggest one, Epic Games, has attracted about 29 million users across both iOS and Android, out of a population of 450 million.
> You can't even verify the build you get off Github was compiled from the same posted source
Sure you can: build it and check the hash. If the maintainer prepared for such a check ahead of time it can be as simple as:
wget https://github.com/owner/foo-project/releases/download/.../foo
sha256sum foo # make note of this
nix build github:owner/foo-project
sha256sum result/bin/foo # it should match this
A pinky promise from a corporation can never be more trustworthy than something that we can all verify locally.
Of course there's still the should-you-trust-this-code part of the problem, but at least bad guys in that case must operate in public view, which is--once again--a stronger deterrent to shenanigans than anything that happens behind closed doors at Apple.
This might sound crazy but some people want the freedom to use their belongings however they want instead of having artificial child locks placed on them by trillion dollar corporate daddies.
I could answer "iOS may be shitty but it doesn't phone home every touch and your health data stays local". I really don't want to argue abour iOs vs Android. I used both. They are both shit made to lock their users in an ecosystem that solely benefits Google or Apple. I really couldnt care more about arguing which is worse, I would just want the market to allow something better than both for me, the user.
