On App Approval

There’s been some chatter recently about the whole concept of the app store (as opposed to the ongoing chorus about the failings of the app store), or more specifically, about the concept of reviewing apps. A post by Joe Hewitt, the Facebook app developer, has spurred the conversation. The crux of his argument is that Apple assumes a “guilty until proven innocent” stance on apps. He questions what the internet would look like if every webpage and every update had to be approved. The implication is that the internet doesn’t need approval, so the app store shouldn’t either. There are also some inferences one can make about the state of the internet if everything had to be approved first – less creativity, less content, less dynamism.

There are two flaws with this argument. First, the assumption that the no approval model “works” for the internet. Or, I suppose the flaw is in not defining “works”. Is it true that there are millions of websites out there that provide useful or entertaining content without harming the user’s computer? Yes. Is it true that if the web where to work on the approval model it would stifle creativity, innovation, and quantity of content? Yes, most likely.

But is it also true that there are thousands of websites that are malicious, that surreptitiously install malware, viruses, and trojans on users’ computers? Yes. Are there thousands of websites that do a bait-and-switch, promising users one type of content but then providing something else entirely? Yes. Are there thousands of websites that are designed for the explicit purpose of obtaining your personal information in order to steal your money? Yes.

In a sense, the web no-approval model works because there is no one company responsible for the internet. When the dangerous websites I’ve outlined are talked about, they are not associated with any specific company. It’s just “the internet”. But Apple is explicitly responsible for the app store. Even if they stopped approving apps, the app store in its current form (an applicaton preinstalled on the iPhone, integrated with iTunes, etc.) would declare “I am an Apple product and what you find on here is, directly or indirectly, associated with Apple.” Imagine the PR fallout if users started downloading apps that searched your iPhone for personal information and sent it to a third-party website. Or apps that said they were unit converters but were actually porn. Or apps that infected your iPhone and used your cellular connection to send thousands of spam messages. The response wouldn’t be, “Well, it’s the internet and you’ve got to be careful.” The response would be, “Apple is crap. Apple ruined my phone. Apple stole my information.” That’s a strong argument for an approval process.

However, Joe doesn’t seem to be entirely against Apple controlling what’s in the App store, he just wants it to be an “innocent until proven guilty” system. He suggests a system whereby bad apps, after being discovered, would be removed. But by what means are they discovered? By a user having his data deleted? By a user discovering his personal information was stolen? In other words, by a user having a bad experience? For Apple, a company intensely focused on user experience, that is anathema. Even worse, what if the bad experience affects hundreds or thousands of users, which is then brought to everyone’s attention by a story repeated every two hours on CNN Headline News? No company wants that, but the danger intensifies for Apple because of the media spotlight they have on them.

As a user that follows tech news and is familiar with technology, I would probably benefit from a completely open App Store. I could discern between good and bad apps myself with little effort before downloading them, thus avoiding the bad apps. And the good apps would probably be even better. But Apple has a much larger market than people like me. When you understand that, it becomes very clear why Apple has an approval process.