upvote
Well...

Search right now in the App Store for "Morpho" and you'll find a "Morpho: Network" app. That app says it's some sort of TODO/Note taking app. It uses very broad language in the screenshots and assets from morpho.org (a decentralized protocol).

Once you open the app, it immediately downloads another bundle using OTA updates and shows an entirely different app where you "connect your wallet". You can imagine what happens next.

reply
> You can imagine what happens next.

Section 230 immunity baby!

reply
> I have no interest in installing a web app that could look innocuous today and be entirely different every time I hit F5.

Or as I have encountered several times over the years, it turned out to have vanished without a trace for whatever reason (author got bored, became ill, didn’t want to pay for the domain any more, etc) when I reach for it, sending me searching for an alternative in the midst of a task.

Self-contained binaries stored on my personal devices don’t do that, and one can usually find third party copies scattered across the internet long after the author stopped publishing/maintaining them.

reply
This highlights the differences between what developers want vs. what (some) end users want. Developers love the web because they can change things and deploy instantly, they can have a single version of their app "out there" and not have to worry about clients running old software, and they can take their software down when it becomes inconvenient to maintain. Users on the other hand, like apps: They don't want their app changing out from under them suddenly. They want to be allowed to use the old version they are comfortable with and that's not stuffed with ads. And they want the assurance that the software will actually be there the next time they want to use it.

I personally have no love for web apps either. No matter how many well-behaving developers are out there, the median web developer has ruined the web as an app platform to the point where I view web software as generally hostile, ad-filled, spyware, that's under the control of and serves the web developer's interests over the end user's interests.

reply
In addition, it’s a lot easier to seek rent with a web app which is also likely a big factor.

I’m a dev and understand how web apps can be attractive to us, but as a user they irritate me. During my formative years, software by and large served the user over the dev, so flipping the scales entirely in my favor as a dev feels almost wrong.

reply
Interesting. Since we're talking about PWAs, which are essentially apps running in the sandbox of a web client (i.e. browser), the issue you raise could presumably be fixed in an instant with a client-side setting: "Do not update this app".
reply
That improves the situation a little, but the user still doesn’t have an easy way to migrate the app to other browsers on the same machine or to new machines. With a self-contained binary you just copy the executable wherever and you’re done.

The other issue is that web browsers are dynamic environments (much more so than operating systems) and sometimes break/change things. Users who’ve frozen PWA updates don’t have any access to critical fixes. A lot of devs just wouldn’t support frozen versions.

reply
> I have no interest in installing a web app that could look innocuous today and be entirely different every time I hit F5.

That's been the case with native apps for a long time now too.

reply
It's against the App Store rules but if you build an app with React Native/Expo you can OTA update it to do something completely different without going through another review. Enforcement is minimal, especially since you can selectively roll out updates to make it unlikely that a reviewer gets it.

It's such a weird thing to be concerned about though. Your phone automatically updates apps by default so they can suddenly look different later. And even then, so what? If the change was malicious just stop using it? Apps are sandboxed, websites are sandboxed, you'll be fine.

reply
> Enforcement is minimal, especially since you can selectively roll out updates to make it unlikely that a reviewer gets it.

What's worse is that there's practically no process to report any sort of rulebreaking, so someone could be mining crypto or running a residential proxy [1] through the mobile game I've been playing, and I'd be none the wiser.

[1] https://news.ycombinator.com/item?id=48864252

reply
Not really, no.

Not that it doesn’t occasionally happen, but at that point you’re trying to dodge the police… as compared to there being no police in the first place.

reply
In this case the police are not watching. Apple does a cursory review during the approval process but they are not proactively firing up your app to see if anything changed post-review.
reply
My assumption is that 99% of what is on the app store is trash. I never go surfing the app store to find "an app" because I know it will be a waste of time. I'm outright offended that they hide the search in a corner and center a bunch of ads for apps that I know I want nothing to do with. I had to subscribe to Apple Arcade and cancel right away to make the (1) badge go away on a feature that insults me as a "gamer."

All the time I hear that "PhotoSync" is good or I install an app for a business that I deal with like my bank or the local gas station.

On the other hand I feel like it is safe and usually worthwhile to browse the web -- even the sketchy parts, like the web sites that lead me into rabbit holes right out of Videodrome.

reply
I have no interest in installing a web app in almost all cases. I'm happy to visit one though, and I trust the browser sandbox to keep it from doing anything worse than making my device warm until I notice and close the tab.
reply
Exactly. I've published apps. When GP says their actual app is "pretty much garbage" and that there was red tape and nitpicking - Apple is trying to stop garbage!
reply
> When GP says their actual app is "pretty much garbage" and that there was red tape and nitpicking - Apple is trying to stop garbage!

and failing at it, because that garbage got published on the app store.

reply
Yeah, that part was a bummer. I get that Apple has incentives at cross purposes there. Do they have a higher bar than Google? Can we even tell?
reply
From experience doing mobile development at work, natively for both Android and iOS, Apple does test and run your app to make sure it works and that it does what it promises to do. I can see it because we issue both Google and Apple accounts and I can see when they get used. While Apple's app review is harsh, it did make our app higher quality and they are quick to reject when there are bugs. They run our app on every review and go through their checklist. Apple is also quick to question the permissions we ask for and make us justify them. In one instance, whoever did the app review, listened to our justification and actually recommended a better, alternative approach. Android, Google test ran our app when we put it up for the first review and havn't used their test credentials for any subsequent reviews to push app updates. We totally could just completely bust our app, push it to the store or do whatever we want and there seems like little to no oversight.
reply
That's really interesting - thank you for sharing! I've only ever submitted to the App Store, so I didn't know!
reply
It's hard to go look in the app store and see what a dumpster fire it actually is and then claim Apple is trying. They aren't. They're just claiming that as marketing to keep their money making machine.
reply
> It's hard to go look in the app store and see what a dumpster fire it actually is and then claim Apple is trying. They aren't.

You cannot make that claim unless you know how many apps Apple has rejected for being garbage. On one hand, developers complain Apple runs all kinds of checks on their apps before publishing on the App Store. On the other hand, users complain that App Store has too many low-quality apps. Both can be true at the same time if the stream of apps is high volume and low quality.

reply
If they were actually doing a good job this would make sense.

Just weeks ago they published a sanctioned Russian bank's app masquerading as a pomedoro timer lmao.

reply
It's not about a "good job" or a "bad job". It's a continuous game of cat and mouse. They're getting better at it just as some of the best funded bad actors are.
reply
They only have 500 reviewers for the whole App Store, and in fact, they were chastised by the judge in the Epic case for investing very little in the review process six years ago when they also only had 500 reviewers for the whole App Store. This isn't cat and mouse it's theater while they're shielded by section 230 immunity and pocketing enormous profits.
reply
I'm not sure why it matters that they have 500 reviewers, or had six years ago. Is this a "that number seems small" argument?
reply
It matters in the context of trusting their review process, and certainly "seems small" considering these 500 people oversee 2 million apps while scams and fraud have been prolific for years.

I think if they didn't have immunity for all the scams and fraud - and that's being challenged by both the EU regulators and in US courts - they'd probably have a lot more than 500 people. Multiples of it.

reply
How many exactly would they have and why?

BTW, good recent comment on the difference between Apple and Google reviews: https://news.ycombinator.com/item?id=48911599

reply
And it's a long running practice, they've been at it for years now
reply