> Then don't do it. Who exactly is forcing you to?
The problem is, when the option exists it opens up an attack vector that I need to defend against, as it will surely be exploited by malware at some point, downloading an app when you visit some scam site, and boom you're now infected.
> Simply having a link in my app to a page where someone pays through Stripe instead of through Apple Payments,
But it hardly stifles competition, except alternative payment methods ?
> costs nothing to Apple and creates no obligation for Apple to do anything.
The problem is, when stuff breaks, people will contact Apple support. Yes, one call is negligible, but Apple has 2.2 billion users, and it all adds up.
Provided you provide your app for free and charge subscriptions, that also has a cost to apple, as they're providing downloads for your app (again, potentially 2.2. billion of them), as well as any legal troubles (app contents excluded).
I guess Apple could enforce a alternate subscription model where they require you to charge for your app and they take their 30% cut off of that, and lets you use whatever payment provider you like for recurring payments.
It would of course either cut into sales, as people aren't as likely to buy an app and then subscribe to it, though something with "first month free" could probably lure some people in. Alternatively a developer would have to develop a free app, and if people want to have the full experience they'd have to purchase the full version.
Except, developers don't want that. They want to be able to give away their app and sell subscriptions, and they expect Apple to foot the bill for the infrastructure required to provide downloads.
> The problem is, when the option exists it opens up an attack vector that I need to defend against, as it will surely be exploited by malware at some point, downloading an app when you visit some scam site, and boom you're now infected.
This makes no sense. There is no "boom". You can't accidentally do it. There are a series of very deliberate steps, with numerous warning signs. Even on Android I have to specifically enable an option to even be able to install apps from alternate sources, and it is a separate permission per source, and this option can be locked down on a managed device (e.g. a work phone).
By your logic, there should be no web browsers on iOS, since someone might visit a scam website and give away all their money.
> They want to be able to give away their app and sell subscriptions, and they expect Apple to foot the bill for the infrastructure required to provide downloads.
Nobody expects that. What the EU wants is, simply let another app store compete. That new app store will host the downloads.
You keep shedding tears for the costs to Apple's infrastructure, yet as I keep repeating - what many developers really want is to NOT use Apple's infrastructure. NOT use Apple's payment processor. If the problem is that we're being a burden to Apple, well then I'm in full agreement with you, let's stop doing that!
> The problem is, when the option exists it opens up an attack vector that I need to defend against, as it will surely be exploited by malware at some point, downloading an app when you visit some scam site, and boom you're now infected.
This is completely fabricated. I've been using Android for more than 15 years, and this has never happened, ever. Nothing even close to it. To be clear, you're advocating to take away people's freedom to install software of their choosing in order to mitigate a hypothetical security problem. It's not a good trade.
Kaspersky detected more than 1.1 million malicious APKs for android in 2024 [^1]
As per Apple, they rejected 2 million app submissions in 2024 [^2]
So from a birds eye perspective there doesn't appear to be much difference, with iOS even taking the lead, but the key difference is that Kaspersky is not Google, and can only detect malicious software after it has been published. Apple has rejected app submissions over privacy issues, meaning those 2 million apps never made it to the public.
According to Zimperium Global Mobile Threat report [^3], 25% of Android devices have sideloaded apps, and 20% are malware infected (correlatoin is not causation, yet).
Zimperium telemetry also reveals that 38% of detected malware attacks could be tracked to sideloaded apps [^4].
So no, it is certainly not some fabricated threat, but a very realistic and probably threat scenario.
I'm also not trying to take away anybodys freedom, you're free to install whatever you want, but you don't need root access to do it. Very few use cases on a phone requires the user to have root access.
iOS has functionality for remote control that is commonly used for security and group policies in large organisations. This is a more likely threat vector, as is rogue state affiliated actors like the infamous israeli malware purveyors.
In any case, generally the threat against most people is fraud, not some technical minutiae.
The problem is, when the option exists it opens up an attack vector that I need to defend against, as it will surely be exploited by malware at some point, downloading an app when you visit some scam site, and boom you're now infected.
> Simply having a link in my app to a page where someone pays through Stripe instead of through Apple Payments,
But it hardly stifles competition, except alternative payment methods ?
> costs nothing to Apple and creates no obligation for Apple to do anything.
The problem is, when stuff breaks, people will contact Apple support. Yes, one call is negligible, but Apple has 2.2 billion users, and it all adds up.
Provided you provide your app for free and charge subscriptions, that also has a cost to apple, as they're providing downloads for your app (again, potentially 2.2. billion of them), as well as any legal troubles (app contents excluded).
I guess Apple could enforce a alternate subscription model where they require you to charge for your app and they take their 30% cut off of that, and lets you use whatever payment provider you like for recurring payments.
It would of course either cut into sales, as people aren't as likely to buy an app and then subscribe to it, though something with "first month free" could probably lure some people in. Alternatively a developer would have to develop a free app, and if people want to have the full experience they'd have to purchase the full version.
Except, developers don't want that. They want to be able to give away their app and sell subscriptions, and they expect Apple to foot the bill for the infrastructure required to provide downloads.