The mobile app stores demand we believe that they *must* be trusted exclusively to protect us, to the exclusion of a powerful open web:
The only thing they're protecting is profits:
Discussion
Loading...
@slightlyoff I've been struggling with a parallel problem since I started working on browser extensions. I truly do not like that the only way for users to get extensions is to go through the browser's blessed "store." At the same time, I feel the need to try to protect users from the very real dangers of making extensions installable from arbitrary sites. I believe a better solution is possible, but I haven't yet heard or thought of a way to deliver on it
@dotproto Allow multiple stores! Build reputation systems for the stores, not just the extensions.
@slightlyoff That's the direction I've been leaning, but I don't know how such a system would work in practice
To pull on one thread, currently each major browser engine signs and distributes extensions. I don't think any vendor would seriously consider an option they can't take action against malware in the most extreme cases, but do to that they need to have a way of blocking specific extensions (and specific versions) without distributing a very large list of IDs
@slightlyoff Right now I see a lot of open questions and a dearth interest in even exploring the space. I think the perception is that things aren't great but giving up control will only make things worse. We've moved past the wild west and the folks working on counter abuse during that time are loath to return to anything resembling it
I fear that browser extensions are relatively easy landscape to fight this fight vs native app stores. Similar challenges, but they have real money on the line
@slightlyoff FWIW my current view is that the direction we probably should go is to create an open system where arbitrary third parties should be able to stand up a store, and that these stores should not be directly downstream of the platform provider's signing/notarization mechanisms
Adding any store (including the first) should be a bit onerous and unsettling for users; giving out that kind of power is a BIG DEAL. And we should have more reputation signals for stores and the software in them
