콘텐츠로 이동
The App Fair Project
문서 블로그

Blog

Software Freedom Podcast Interview

- 1 min read - 50 words

I was recently interviewed about the App Fair Project for the FSFE’s Software Freedom Podcast. I had a great discussion with Bonnie Mehring about many aspects of the App Fair’s philosophy and mechanics.

Transcript

Section titled “Transcript”

SFP#030: App Fair Project with Marc Prud'hommeaux 

    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">Before we start with the podcast, we would like to say thank you to all of you who support the FSFE's work with money. Working for software freedom and producing podcasts costs money. Please consider supporting us with a donation under fsfe.org/donate and in the show notes.</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">I'd really like to say thank you to the F-Droid project because this project is essentially trying to bring F-Droid to a universal marketplace.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">Welcome to the Software Freedom Podcast. This podcast is brought to you by the Free Software Foundation Europe. We are a charity that works on empowering users to control technology. I'm Bonnie Maring and today I'm here with the developer and maintainer of the App Fair Project, Marc Prud'hommeaux.</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Hello, Bonnie. Thanks for having me.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">Thank you, Marc, for making the time. We are actually here at FOSDEM and it was quite a journey to find this place where we are now recording. But back to the App Fair Project. So the App Fair is a free and open source app marketplace for iOS that we will now talk about a bit more and it is also related to the Digital Markets Act. And I'm really curious to hear the story, how the relationship is there. And yeah, I'm really happy that you made the time to talk to me about it. Thank you very much.</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Well, thank you.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">So, Marc, you are a very technical person as you are also the maintainer and the developer of the App Fair Project. Has it been useful for you to work with the policy and the legal department of the FSFE in the past? Because this is how we got to know each other through our legal department at the FSFE.</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Yeah, definitely. As you say, I don't have a legal or policy background. I'm a software developer. I've been writing software for over 25 years. I've been developing apps for mobile devices, for the iPhone and for Android since around 2008. And that's been primarily my central role for as long as I've been working professionally. And it was really only through happenstance that I came into advising on policy roles, somewhat recently as a result of some of this work around the Digital Markets Act.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">All right. How did you... Before we start with the Digital Markets Act, how did you came up with the idea of the App Fair Project?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Well, it's pretty simple. I've been building and shipping apps for a very long time. I've done dozens and dozens of applications. All that time, I've been frustrated by observing that actually programming, developing the app is not that large a percentage of the work and labor that goes into it. So much of it goes into the distribution of the application, sort of the mechanics of getting it from the developer's hands into the end user's hands. And so for a very long time, I've been thinking over ideas around devops and about how you can facilitate creators to get their works into the hands of end users. And one of the projects that really has inspired me over the years has been the F-Droid project for Android. A lot of my ideas around the App Fair are really inspired by the great work that they've been doing all this time. And for those who might not know, F-Droid is essentially a free app store for Android devices. You create free and open source software, and then you essentially submit the source code to the F-Droid project. They make sure that it is following the guidelines. And then essentially they build your software and they distribute it through their application. It's pretty simple in theory. And I've always thought, why not have something like that for the iPhone? And so that was really the gestation of the idea around the App Fair.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">So can you briefly explain for our listeners what the App Fair Project is and what it does? So as I already mentioned, it's a marketplace for apps and it's on iOS. Is it on iOS only, or is it also available on Android?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">No. So this is where it's recently, somewhat recently expanded. The idea has turned into not just a software marketplace for iPhone devices, but for all devices. And essentially in the world right now, every device is either Android or iPhone. You know, there are some there are some devices that are perhaps experimental, but almost a hundred percent of consumer mobile applications run on either iPhone or Android. So the goal of the App Fair has really become to be able to create applications and distribute it to everyone, a hundred percent of humanity. So that means not only just all devices, but also all languages and all abilities with an emphasis on accessibility technologies. And so the structure of the App Fair project, it's a nonprofit organization. It's based in the United States and in France. In the United States, it's a 501(c)(3) nonprofit charity. And the idea is that the App Fair Project is, consists of maintainers and administrators as part of the volunteers and the staff, as well as translators. And they're the ones that essentially liaise between the creating organizations of the applications and the distribution channels, the mechanism by which the applications get into the hands of the end users. So we don't necessarily create the apps ourselves. The creators of the applications will be individuals, perhaps open source developers, hobbyist students, also organizations. So it can be governmental or nonprofit organizations, or it could be corporations. There's no rule against profit-seeking corporations from building these applications, as long as they follow the guidelines that the apps themselves are free and open source, and that they adhere to a variety of guidelines. For example, there can't be any tracking technologies. There can't be any analytics or surveillance. It has to be 100% open source. So you need to be able to audit and review everything that goes into these applications. And then there will be additional things that you might be able to do, but need to be called out. For example, if you're using a non-free backend service that might not be prohibited, but it also needs to be clearly explained to the users before they install the application.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">Oh my god, I now have a feeling that it's like a really, really huge project, because you have mentioned already so many aspects, the language, the accessibility, and now also, I mean, we all know developing free software can be quite challenging, because a lot of libraries have a lot of different licenses, and you need to make sure that those licenses work together. So I now have the feeling that there's a lot of work behind the project itself, and making sure that the apps in this project actually follow all of those guidelines. How do you manage?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Yeah, well, actually, the technology of building applications has advanced a lot in recent years. It's never been easier to get an application sort of stood up and be able to be installed on a mobile device and use it. A lot of the technologies that rely on like Swift UI on iOS and Jetpack Compose on Android make it much easier to create applications that are localizable into multiple languages and have great support for the system accessibility features. So the technology for creators has really advanced to a great stage where people are able to, in a much shorter amount of time than before, come up with an excellent premier-feeling professional applications. And then in the actual application building stage, the mechanism that takes the application and builds it, those technologies have also advanced quite a bit, so that it's a lot easier to perform scans on the source code for things like licenses and for bad code that you want to make sure doesn't slip through for malware and viruses. And a lot of that, a lot of that ground has been trod by projects like the F-Droid project for building applications for Android and also the Debian free software project and Homebrew for macOS. So a lot of these things will be standing on the shoulders of these giants that have come before us and reusing a lot of the technologies that they've already used. Now that's the technology portion of it. The human portion of it, to be able to review these things, that does require a fair amount of labor because there are aspects to the software that require individual judgment in order to validate whether or not something is going to be an acceptable piece of software to distribute. And that's really where the staff and the volunteers for the App Fair project will come into play and be able to provide that human component for reviewing these things. The technology that we create will facilitate that as much as possible, but there's no, there's no substitute for for humans being able to look over these things.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">So you rely on staff and on volunteers. How can somebody of our listeners, for example, volunteer with you?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">So we're starting to ramp up volunteers. We only have a couple people really right now as the number of applications that go into the project expand. We anticipate that from the pool of creators, we'll also be soliciting volunteers to help come into the project that might be able to use their expertise to review, probably not their own apps, but other apps as part of the project. And so we expect it to be very much a community that is formed up of the creators themselves, as well as independent people who might be end users of the applications. They can help form the pool of the translators to be able to bring applications into the languages that they actually want to use their applications in. Because the translation is a critical component to sort of the principles of universality of these applications so that you can have your application that is created by someone who say only speaks German, have that in the hands of someone who thinks their Cambodian grandmother would find it very useful.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">Is there a central address that people can take a look at?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Yep. https://appfair.org is our main site for the organization. And then the technology is hosted right now, mostly on GitHub. So https://github.com/appfair is the root for the technology.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">This is a short break for our own cause. Thank you for listening to the Software Freedom Podcast. Working for software freedom and producing podcasts costs money. Please consider supporting us with a donation on the fsfe.org/donate and in the show notes. Thank you so much for the introduction to the project. I would now like to ask you, how did Apple react?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Yeah, so basically I mentioned the F-Droid project for Android earlier as being an inspiration. And it's sort of the idea is why not have something like this for Apple products? And the short answer is that there's no mechanism for having third party app stores on Apple devices. You know, Android has always had the ability to install third party app marketplaces F-Droid. And then various vendors, Samsung and T-Mobile, they have their own app stores. And then in China, those are the only app stores available are the ones by Tencent and Baidu, because Google Play services is not available there. So Android very deeply has baked in the capacity to have the ability to install third party app stores, which are basically just apps that install and manage other apps is essentially all that that is from the end user device. Apple has historically never had anything like that until the Digital Markets Act was proposed. And one of the requirements of that act is that they open up their systems enough to be able to have what they term alternative app marketplaces.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">Now we are at the Digital Markets Act. This was also what I was aiming for a bit. Can you briefly explain this to our listeners? Because it is a European law. You are a US citizen. So how does this affect you in the US? And also, can you give us an overview of what it actually is?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Okay. So yeah, the Digital Markets Act was first proposed, I believe, in 2020, signed into law in 2022, came into effect in 2023. And then, and then enforcement began in 2024. You know, the requirements of the regulations started to be enforced. And it's an enormous act. There's a lot of components to it. One of the components is related to app stores. And they basically say, what you need to do is allow third parties to compete on this playing field. You need to enable third party app marketplaces. And that was really the thing that allowed the idea of the App Fair to have a possibility of really existing, was to be able to be able to write one of these applications. Because until then there were mechanisms for getting non-app, official app store apps on your device. But they were always required circumventing features of the system, for example, jailbreaking your phone in order to install the Cydia app store, which is a very old app store from 2008 that allows you to install what they call tweaks and sort of unofficial applications. But it really requires hacking into your phone and doing a lot of things that are just very, very high friction. Very few people really want to go that route. So there's never really been an official way to get applications onto your device, except through the official Apple channels where you submit it to what they call App Store Connect, which is where you upload your apps. And then they review it and they apply their rules, make sure that they are able to get their 30% of any digital transaction that takes place in the application. And then if it all gets approved, then they wind up distributing it. So that's all changing. Now, the mechanisms of compliance that they have undertaken are broadly seen as being very problematic because it is very cumbersome to create one of these stores right now. You mentioned location in the European Union. I'm located in the U.S. One of the requirements was you need to be based in Europe. And that was why we started the App Fair France as a subsidiary nonprofit organization in order to qualify for that. But there are a lot of other hurdles that we have not yet surpassed. One of the main ones being you need to provide a 1 million euro business letter of credit in order to be able to get what they call a marketplace entitlement. And that's obviously for a small project like this, a gigantic barrier and one that until we overcome, we're not going to be able to actually ship an app store.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">Wow, this is like, this sounds like it's not following all of the Digital Markets Act aims because the aim was to level the playing field and to make it more diverse and to have other app stores available, to have other sources available. So how do you handle this?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Yeah, that's our view as well. We have gone back and forth with them. We've requested exemptions from this thus far unsuccessfully. And it's one of the areas where we think that when enforcement comes into play, probably in the coming months, will be an area that they look at very closely. Because until for as long as you have that barrier of a million euros, you're really not facilitating competition. All you're doing is saying that only the very large players are able to afford to get into this area. And it's obviously a big problem for a non-profit, free software-oriented organization to have to come up with that amount of money.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">I can only imagine. Is there crowdfunding or is there something that our listeners can support?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">We've actually just started to accept donations. So on our page, there's a donations link. And also linked in the show notes. And so that's going to be one avenue. We're also seeking sponsorship opportunities for this. You know, actually all we need is a 1 million euro standard business letter of credit, not actually that amount of money. So sponsors could, in theory, pool together and be able to back a letter of credit in order to fulfill this requirement. So that's one area that we're actively an avenue that we're actively researching at the time.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">Oh my god. Okay. I wish you a lot of luck with this. But I still think that, are you also taking some action against Apple? Is there something happening in this area as well?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">We're not taking any direct action ourselves against Apple. We are advising various organizations. One of them being the Free Software Foundation. We participated in various European Commission workshops to provide our feedback on the current state of the compliance in regard to app stores. We are just in general providing advocacy and trying to raise awareness of this particular issue. And various other issues that are also technological difficulties and shortcomings in the way that, that their mechanisms for compliance have been enacted. It's not like on Android where you can just essentially build a app, an APK file, and either hand it off directly to an end consumer or hand it off to an app marketplace like F-Droid or something to redistribute and handle maintenance and updates. Instead, you still need to submit your actual application through Apple regardless. And then when they approve it, then they hand it off in encrypted and DRM'd form to the app marketplace. And then the app marketplace can then redistribute that application to the end user. And that's troubling for a number of reasons, one of which there's still this centralization of control. And one of the goals of the DMA was to open up and sort of decentralize the power of the gatekeepers. And for as long as all avenues are leading through one central point of control, that is going to, in our view, undermine the goals of the Digital Markets Act.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">And generally, do you have the feeling that the Digital Markets Act did at least level some of the playing field? Or is it like, it's a nice gesture, but it's a two-flush tiger?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">No, I think it's definitely making an impact. It really only came into effect in 2023 and enforcement only started in 2024. And there's a lot of leeway for foot dragging and delays and then reviewing compliance and things like that. So we're still really in early days for for how it's going to wind up looking. But thus far, I think it has really made a big impact on not just Apple, but on all of the gatekeepers that it outlines.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">All right, I'm really happy to hear that, because at least it's some impact. Do you think there will be something in the US in the near future, like the Digital Markets Act, or is this not going to happen anytime soon?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Well, you know, I can't tell the future. The United States right now is not in a especially pro-regulatory political phase. I think it's much more likely that other countries step in and have their own legislation enacted. For example, the CMA in the United Kingdom has similar rules that are currently being considered that are somewhat closely follow the Digital Markets Act. There's also activities in South Korea and in Japan that are looking to how the DMA Act affects these marketplaces. And that's why I think that we're in a really important phase right now with the Digital Markets Act and how it winds up being enforced, because a lot of these other countries are going to be using this as a template and a prototype for how they can have effective regulation and how they can open up competition in their own digital marketplaces. And so what winds up working and doesn't wind up working with the DMA as enforced in the European Union, I think will have a very wide impact throughout the world in the coming years. As a template for how they might be able to draft their own legislation, which will be different and distinct and specific to their own needs for their own competitive marketplaces. But everyone looks at how everyone else does these things. And then perhaps the United States, who knows, may wind up following. Now, most of the gatekeepers that have been designated are U.S. companies. And so in the U.S., there's much more of an attitude of everyone's just trying to regulate our companies because they're bitter or upset that we have successful companies and they don't.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">So they feel more offended by those acts.</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Yes, there's the notion of foreigners are trying to regulate our tech companies. And so there's definitely a lot more hostility towards that sort of action as taken by foreign governments. On the other hand, people in the U.S. are just as frustrated as people in Europe and everyone else in the world at the centralization of control. They see that it leads to a very unbalanced playing field. And just having a few companies having complete control over the computers that 90 percent of adults in the world are using as their everyday devices really strikes a lot of people as being unjust.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">I can imagine. So now for my last few questions, OK. In general, do you think that the DMA helped with the implementation of free software? Because I have been curious about this. Like, you with the App Fair Project, and you already mentioned it, gave you some possibility, even so there's still a lot of hurdles, but at least there was now the possibility. So do you think in general that the DMA helped with the implementation of free software in environments that are so closed like Apple's?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Yeah, definitely. There's always been a difficulty with free software on Apple devices. There is plenty of GPL software available on iOS, for example, Signal and Matrix to name a couple of the big ones. There's IceCubes, there's VLC. There's a lot of GPL software that is available, but it's always been troubling because there are extra limitations that are placed by the rules that Apple enforces. For example, they apply DRM to all their applications. That's definitely one of the things that hinders truly free software from being available on these devices. So you generally need things like exemption additional exceptions to something like the GPL to be able to have actual software on the iPhone, which then leads into compatibility problems with other GPL licensed software because if one license has one exception, another license has another exception, then all of a sudden they're not really compatible. So in order to have truly free software available on this device, you really need to have a mechanism for distribution that is itself truly free.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">That's my next question. What are the steps that need to be taken to secure that free software is like that the access gets easier for free software to Apple devices?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Essentially, what you need to be able to do is have unfettered side loading enabled. Side loading is the term that has arisen to mean direct downloading of software straight to the device. Without that, I think that you can never have truly free software available to device because it's impossible for creator A to get their software directly into the hands of consumer B in a way that there is one to one trust, the ability to verify their software. And I think that's really the foundational point that everything needs to be built upon is you need to be able to say, look, I can just go and get your software directly and either build it myself and run it on this device, or, with the binary that you built, I can choose to trust it because I choose to trust those people who have signed it. I download that and I put it on my device. And that's really all you need. It doesn't need to be any more complicated than that. Apple devices are not themselves obviously free and open source, but neither is Windows and neither is Mac OS. And many parts of Android are also not totally free and open source. If you use any of the standard Google builds that has plenty of closed source proprietary software in it. So free software is generally considered to be possible on these devices. It's really the additional restrictions they place around the distribution of that software. That is the thing that I think impedes its ability to really flourish and thrive on iPhone devices.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">All right. And do you think there's something that should be taken to ensure that like marketplaces have a better access to Apple devices?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Well that really comes down to, I think, the economics of them. Apple chooses to market their devices as premium devices. And so they tend to be much more expensive than other devices. And so that really changes the attitudes that people have towards the development of software for the iPhone. The iPhone makes up about 25% of all devices and Android makes up about 75%. But profit wise, those numbers are really flipped. Generally speaking, Apple devices are seen as generating around 75% of the revenue from software, whereas Android devices are seen as generating around 25%. And so those are really opposites of each other. And so the iPhone has really evolved to be much more of a commerce intensive device. People tend to think that people will spend more money on their apps on the iPhone. And so you wind up with a lot more concentration of commercially oriented applications being developed for it. Simply because people think, well, we can make more money on this, especially in the United States, the United Kingdom and Japan, which are the three major countries where the majority of people have iPhone devices. So I think that the attitudes of free software tend to just naturally lean more towards Android than towards the iPhone. And I think that that's fine. The goal of the App Fair Project is to create these universal applications, regardless of what device you use. And again, regardless of the language you speak, and regardless of your level of abilities. And so it doesn't really matter to us. We want to be able to let someone create a piece of software – it could be a weather app, it could be something for paying your parking meter, it could be train timetables – and be able to just get it to every person in the world, regardless of any of these factors.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">All right. Yeah, I know I focused a lot on Apple now, but I thought this was, I find this quite fascinating because also Apple has a lot of relationship with free software, if you look at it from a historical point of view. So do you think that Apple benefited a lot from free software?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Yeah, definitely. I mean, as has Google and Microsoft and every other gatekeeper and every other major technology company in the world has really built themselves off of a foundation of free software. And I think that's fine. I mean, free software is meant to be free, regardless of who you are. I know that a lot of people have an attitude where they owe free software back for what they've taken from it. I don't personally find that compelling. I think that free software should be given freely without any expectation of return. And I think that that's why one of the things that really motivates people to develop free software is this desire to offer, without any expectation of return, their labor and their creativity and give it to everyone in the world. And some of those people will be multi-trillion dollar corporations. And I feel: bless them for that. It's when they have overt hostility towards free software is when you feel a little bit slighted. When the policies and the mechanisms that they put in place actively hamper, enabling more free software from being distributed to the world, that is when I think that some righteous anger is due. I mean, the companies, especially Apple and Google, who make money off of the applications that are distributed, obviously have a strong motivation for those applications not being free. When you can charge a cut of digital transactions that take place, you want transactions to take place. It's just a natural commercial motivation. And so, that's why the notion of competition is so important. If you had, say, a free app store where everything was free to everyone all the time, that would act as a natural counterbalance to these very commerce-heavy application marketplaces like the Apple App Store and the Google Play Store. And it would also put, I believe, some brakes on some of the more nefarious behavior that app development organizations sometimes engage in, in order to indirectly monetize their end users. Barely a week goes by when you don't hear some story about some data broker company being able to siphon off the data that they sneak off of your device, be it your location, your contacts, your calendar, all sorts of either direct or derived information that reveals very personal and intimate details about your life. Those are daily being siphoned off in ways that the end user never agreed to, is never aware of. And because those applications are closed source, there's almost no way to catch them, except eventually through the work of security researchers or people who reverse engineer the applications. But that's often way too late. You've already revealed everywhere you're going, everyone you know, everyone you communicate with, everything you're doing to these organizations that aggregate it and sell it on to anyone who wants to buy it. And that's really one of the areas where I think a free software marketplace would be really compelling, because that acts as a very natural antidote to that sort of behavior. There's no way that can slip through for any amount of time without someone looking at the source code and saying, "Oh, why are you reading all my contacts and uploading it to this random website? That shouldn't be taking place." All right. I like this to take this as a closing word because we have already exceeded our time limit a bit. But before we close the podcast, we have already talked a lot about free software. And usually at the end of the Software Freedom Podcast, I asked our guests if there's a project that they would like to say thank you to.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">So is there a project that you would really like to highlight and say thank you to?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">I'd really like to say thank you to the F-Droid project, because this project is trying to bring F-Droid to a universal marketplace. And so much of the work that they've done has acted as an inspiration to us. And so many of the guidelines that they've put in place are going to be the template for the guidelines that we use. Like, what is the sort of software that we want to be able to distribute? What is the sort of software that we want to prohibit from being distributed on this marketplace? So yeah, if you, any Android users out there, you should definitely check out the FDroid project. They are miles ahead of us in terms of free software for Android devices. And we can only aspire to someday achieving the greatness that they've achieved.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">Thank you very much. I loved our chat. Thank you so much for making it possible. And yeah, for meeting me here at FOSDEM. Is there anything you're going to do at FOSDEM? Is there something you would like to highlight for FOSDEM as well?</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">Well, I'll be speaking this afternoon on the legal track on some of the challenges of building a free software app marketplace. That's the main thing I'm going to do. Other than that, I am probably going to be checking out the Swift dev room, which is Apple's development language that I use heavily. Also the Android dev room seems really interesting to me. And any other, any other really mobile application, application related sessions I can find.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">All right. I wish you good luck with this because usually I also have a full schedule and I hardly manage any of them. So I keep fingers crossed that this works out. And yeah, again, thank you so much, Marc, for making the time and talking to me about the App Fair Project.</div>
    <br>


    <div class="timestamp">Marc</div>
    <div class="transcript-line">And thank you, Bonnie, for having me. It's really been a pleasure chatting with you and on this beautiful day in Brussels.</div>
    <br>


    <div class="timestamp">Bonnie</div>
    <div class="transcript-line">Yeah, that's quite true. Actually, we have sunny weather. This has hardly happened to me in Brussels. I'm really happy about that. All right. This was the Software Freedom Podcast. If you liked this episode, please recommend it to your friends and rate it. The Software Freedom Podcast is brought to you by the Free Software Foundation Europe. We are a charity that depends on your support. Please consider supporting us with a donation. For more information, go to fsfe.org/donate. Thank you so much. Bye.</div>
    <br>


</div>

FOSDEM 2025 Talk: Free App Stores and the Digital Markets Act

- 20 min read - 4260 words

Last weekend I gave a talk at FOSDEM 2025 in Brussels titled: “A Free Software App Store for iOS: the App Fair Project’s perspective on the DMA”. The full description can be found at the FOSDEM overview.

Here is the video and a transcript of the talk. I was overwhelmed by the support I received at FOSDEM, and would especially like to thank the Free Software Foundation Europe (https://fsfe.org) for inviting me and hosting the Legal and Policy track there.

Transcript

Section titled “Transcript”
So, welcome everyone.

For our next talk we have here Marc Prud'hommeaux, who is, I would say, the expert on app stores on iOS.

So I'm very happy that we have him here with us.

Handing over to you, Marc.

Thank you.

Thank you very much.

Thank you everyone for coming.

This is a talk on free software app stores for iOS and how that works with the DMA and how things are going to be moving forward with that.

My name is Marc Prud'hommeaux.

I'm the founder of the project.

I'm a software developer, really.

I'm a programmer.

I've been programming software for 25 or more years.

I've been developing apps since 2008 for both Android and the iPhone.

And I've developed dozens of apps for large companies, for myself, for independent organizations, for startups, all apps, great and small, really.

So I've gone through the process of both designing and building applications, as well as going through the distribution process, actually how to get that through the stores to the end users.

So I really know sort of all the levels of the process.

I will disclaim, since this is a legal track, I'm not a legal expert.

I'm not a lawyer.

I do not have any formal training in law, either American or European or anywhere else.

I do seem to have evolved into somewhat of a policy expert, not necessarily as an aspiration of mine, but just through osmosis of working with some of the aspects of the Digital Markets Act and advising various organizations around that.

The App Fair Project is an app store for free and open source software.

It aspires to make the software available for the iPhone and for Android.

I really first came up with the idea, it's been gestating ever since I started building apps and encountering how difficult it was to get it into the hands of end users.

But I really started to put together the pieces in 2020, and I founded the organization in 2022.

It is a 501(c)(3) nonprofit based in Massachusetts in the United States.

And we also have a branch based in France, App Fair France.

And the mission is to facilitate the creation and distribution of mobile software applications for the public good for everyone.

And that's really a core component of it.

We want to get applications into everyone's hand.

So in general, the sorts of apps that the App Fair aims to distribute will be digital public goods, will be generally useful things that people in their everyday life can get utility from.

And they don't need to be exotic.

They can be weather apps, they can be transit apps, timetables, they could be apps that help you pay for parking.

But they can be social media apps.

But in general, the apps that a broad swath of humanity will find useful and are sometimes underserved by commercial app application creators.

They're to be 100% free and open source software.

So everything that goes into the application, both the top level user interface, as well as all the components that the application uses, needs to be open source.

And it needs to cost zero money.

There needs to be no fees that the user has to pay or subscriptions.

But it also must not have any end user monetization goal whatsoever.

And this leads into the trustworthiness aspect of the project.

So the apps need to be universally accessible.

So on all devices, iPhones and Android, that essentially makes up 100% of all the mobile devices people use.

All languages, one of the goals of the project is to make it so someone can write an app who only speaks English, but have it translated into 50 languages so that a grandmother in Cambodia can use it.

Everyone is able to get the benefit of this labor.

And all abilities.

Wants to reach out to all levels of accessibility needs that people have, built on top of the accessibility technologies that these mobile devices have.

And then they need to be trustworthy.

So there's not going to be any end user monetization.

There's not going to be any built in advertising.

There's not going to be any tracking surveillance.

And no analytics or telemetry.

Basically, they aim to respect the privacy of the end user and ensure that any time the application is collecting data, it's because they actually need to collect the data for the functionality of the application.

For example, a weather application might ask for your location simply so it can tell you what the forecast is in your area, not so it can then ship off your location information to a third party data broker who then packages it up and sells it to some third party.

And the technical outline of how the project works is fairly straightforward.

If you're familiar with, say, the F-Droid project for Android, for Debian, for how they manage their app software repository, or for Homebrew for Mac OS, the idea is generally that you have application developers.

And these might be individuals.

They could be students.

They could be hobbyists.

They could be organizations, non-profit organizations, governmental organizations, schools, universities, or it could be commercial entities, as long as they have a goal of creating something that is not going to be monetizing the end user.

Anyone can create these things.

They form their own organizations.

They build the apps independently of the project.

And then they submit the source code of the application to the App Fair project itself.

And the App Fair project will be made up of a combination of automated mechanisms where you actually take the source code and you build the application and scan it for bad actions, for malware, things like that, make sure that it's truly all open source.

And then it'll have a human component.

There'll be people who will review the applications.

Is this really the kind of application that we want?

There'll be maintainers who help provide feedback to the app creators when there needs to be changes to be made to work on, say, updated versions of the operating systems.

And translators.

And that's a big component.

The App Fair will contribute people who are experts in localizing the applications, each individual language that we support.

And then the App Fair packages, distributes it.

And then the App Fair client application will then be the sort of front-facing mechanism for both iPhone users and Android users to be able to browse, search, review, download, install, and update applications.

So that's more or less an outline of the process.

One of the advantages of using the App Fair project is that you don't need to sign up for anything.

There's no fees.

There's no registration.

You don't need to accept terms and conditions like you do to distribute an application on, say, the Play Store or the App Store.

You don't need a special account.

The App Fair project aims to provide automated distribution for you so that you don't need to go through the manual process for distributing on multiple app stores.

And we will help with translations, accessibility, compliance.

And the big thing is a trustworthiness seal of approval.

One of the problems with free software, or software that is ostensibly free, zero cost on mobile devices, is that you never really know what the motivation of the person who developed the software.

So there's a lot of distrust for, say, free weather applications, for any free application that might be looking at your contacts books and things like that.

There's a saying that if it's free, then you are the product.

That's not true with free and open source software, but the end users don't know about that.

And through the App Fair project, we'll have this seal of approval, this sort of guarantor of trustworthiness that there's no sinister, nefarious money gathering operations going on behind the scenes.

So how do you build an app store?

An app store is really just an app that installs and manages other applications.

It's not really conceptually all that complicated.

It's an app that installs apps.

How do you do it on Android?

On Android, it's very well established.

There's a lot of different app stores on Android.

I mentioned the F-Droid project.

There's Actoid, there's Obtanium.

A lot of companies have their own app stores.

There's Amazon, Samsung Galaxy Apps, T-Mobile.

And in China, every app store is a third-party app store.

It's a non-first-party Google Play app store, because Google Play services is not available in China.

And essentially, the technology behind it is well established.

It's been around since the beginning of Android.

You set a permission in your application's metadata, install packages.

You sign in and distribute your app store application.

They have a published API that you call that says, "Download this application package, validate it, install it, update it." And you don't really need to go through Google at all to do this.

You can just go home today, you can write an app store app, have it start distributing apps.

It's pretty straightforward.

But the iPhone side is an important side.

This is a talk about iOS, and one of the central components of providing universal access is providing access to all devices.

So that's really an essential part of the App Fair project's mission.

And you basically can't build an app store for the iPhone.

Historically, there was something called Cydia.

It's actually from 2008.

It predates the Apple App Store.

They used the ability to access private APIs if you jailbreak your iPhone, which is essentially hacking into your iPhone, bypassing some of the restrictions that are set in place, and then you can talk to private internal APIs.

They've been using that to build and distribute applications for a very long time.

But it's widely considered to be a fairly extreme measure to jailbreak your iPhone, and Apple is always closing the loopholes that enable people to do it every year.

So it's an ongoing cat and mouse game between the development community that brings these jailbreaks to the surface, and Apple is plugging the holes all the time.

It's not really a sustainable way to get a widespread adoption.

And then there are these tethered workarounds in order to do it.

If you sign up as a developer for the iPhone, then you have the ability to launch and run your own applications.

You need that in order to be able to develop and debug your own apps.

And so there are these various tethered workarounds like AltStore until recently, SideStore, TrollStore, that basically take advantage of that.

They say, OK, you can download an application from somewhere else.

You can sign it with your own developer certificate, and then you can install it.

But there are no published APIs like there are on Android for installing or updating applications.

And that's pretty much the roadblock to a project like this.

You can't really get past it.

That is, until the DMA, which is the topic of this conversation.

So in case people haven't heard of it, I imagine most of you have, the Digital Markets Act aims to create a level playing field.

It wants to make the digital market fairer and more responsible, more contestable.

And its history is that it was in 2020, it was proposed.

It got signed into law in 2022.

2023 was when their designation of gatekeepers took place.

And there are five gatekeepers.

The ones that are relevant to this topic are Google and Apple.

And then last year, a little under a year ago, was the deadline for compliance for the various rules that were laid out by the Digital Markets Act.

So the Digital Markets Act is a big act.

A lot of components.

Has eight major sectors.

The one that affects us, my project and this talk, is the last one here, the online intermediation services.

In other words, the Google Play Store and the Apple App Store.

All of these are important.

This is the one that is relevant to us.

And so the online intermediation services has a bunch of requirements.

And generally reading through the articles, the important ones are that they need to allow third-party app stores and side loading.

Side loading is the term that has evolved to mean direct installation of applications straight to your device.

Fair and non-discriminatory access to these services.

No preferential treatment.

They basically can't favor their own services over the services of third parties.

You need to have a lot of interoperability requirements.

Terms and conditions need to be transparent.

And they can't have any anti-steering.

They can't force you to steer people towards their own gatekeeper services and away from competitive services that might be available.

So here's what I thought would happen when the designation was made before the compliance plan came out.

Is essentially that they would do what Android does.

Add the ability to self-sign your own applications.

And the technology exists for this already.

It is a popular misconception that you can't side load on the iPhone.

That's not true.

You just need to have a special enterprise certificate, which Apple only hands out to a select few large corporations that pay a lot of money.

But once you have this certificate, you can develop your application and you can sign it with the certificate and you can email it to your staff.

Or you can put it on a website to upload.

You can distribute it however you want.

And for all intents and purposes, it is side loading.

However, you need the certificate.

If someone gets their hands on a certificate and starts signing apps and just giving them away for free to anyone, which happens actually quite a lot, Apple closes that loophole and they put the kibosh in your certificate, they rescind it, and then all the applications are not allowed.

So it's possible and it's very straightforward.

And then the second thing they'd need to do is actually publish apps to our APIs.

Because the first step allows you to side load things directly.

The second step is what you need to actually build an App Store app, an app that distributes and maintains other applications.

And there are published APIs in Android.

There's something called Package Installer that lets you call functions like install package, uninstall package.

And there exists on Apple as well in this mobile installation framework.

It's what Cydia winds up using.

And they've got functions, mobile application, install, uninstall.

You can figure out what these functions do.

But these are currently private.

So basically, make this so anyone can get it.

Make this so you can make an App Store app.

And that's all you need to do.

That would be fully compliant, make everyone happy, make my life easier.

So here's what actually did happen.

So in order to go through this, you basically have to do all of these things.

The non-fancy stars are the ones that are pre-existing requirements to build and ship an application for the Apple App Store.

The fancy stars are the new things, the new steps you need to do.

So you always need to sign up with Apple, accept their terms and conditions, which are frequently changing.

And you get zero notice when they're about to change.

And if you don't immediately adhere to them, you can no longer issue updates to your applications.

And then await approval.

Hope that they approve your account.

You need to pay an annual fee, $99 US.

You can get an exemption from that if you're a nonprofit or educational institution.

New step is you need to agree to an alternative EU terms addendum, which is quite long and involved and has a lot to say about how you can monetize your apps differently.

Then again, you need to build and upload it to their portal, the App Store Connect portal.

And once you've done that, you need to request a distribution token from an alternative app marketplace.

So say the App Fair is an alternative app marketplace.

You want to distribute an app through me.

What you do is I give you a token, passcode basically.

You build your app, upload it to Apple, and then upload that token to Apple.

And they take those two things and say, OK, this app, if we approve it, is going to wind up being able to be distributed through the App Fair, through me.

You go through app review.

It's what they call notarization, but it's really just a subset of app review.

It's a combination of automated scans and human involvement.

That could take an hour, could take a month.

Once it passes, you get a token for the particular version of the application that was approved.

You hand that back to the alternative app marketplace.

They're able to download your signed and approved application, and then finally they can distribute it.

And then lastly, you have to pay their somewhat notorious core technology fee, which is $0.50 for every download of your application, beyond the first million in a year.

And that's only for monetized applications.

But it is definitely a hindrance to anyone who thinks I'm going to make this hit app that billions of people use.

You're going to be hit with a massive bill.

So this is the process that they consider compliance that is the facts on the ground right now.

The actual app review subset, the notarization guidelines, contain a lot of guidelines around the sort of content that you can have in your application.

It's not just around security.

I won't go through all of these, but there are some fairly ones that should give pause to someone who thinks that this is a sort of clear and objective standard for third parties.

One of them being something like this, where they say if you market your app in a misleading way, your app will be removed, it will be blocked from being installed, and you might have your developer account terminated, meaning you can never make an app again.

What is the definition of misleading?

Is there any adjudication mechanism for this?

Is there any appeal?

No, there's not.

It's just whatever they consider to be misleading.

So these are the sorts of things that we find really deeply problematic with the app review subset that you have to go through.

You can look at all of these guidelines, both the full app review guidelines and the notarization subset app store review guidelines.

There's a nice little picker where you can toggle between the two modes.

So that's in order to create an app.

What does our alternative app marketplace distributor need to do?

In other words, what does the app fair need to do?

They have to, again, register with Apple, agree to terms and conditions.

You need to request a marketplace entitlement, and that has various rules, one of which is that you need to have a base in the European Union, which is why we started the App Fair France.

You need to provide a one million euro annually renewable business letter of credit.

And then you need to actually build the app store app, and then submit that through app review.

In order to actually process the applications that you receive and distribute, you basically need to set up a server that accepts the handoff of the application that Apple passes off to you after the developer signs and uploads it.

And then once you do that, you host the application, and then you can have your application talk to the server and redistribute these things.

So what are the barriers to having a free software app marketplace?

Obviously I mentioned the one million euro letter of credit for marketplace entitlement.

That's a big ask.

The inability to inspect the encrypted app delivery.

So Apple applies DRM to every application.

You can't opt out of it.

And there's a few issues with this.

You can't obviously scan it for malware.

You can't really use reproducible builds in order to verify that the actual source code matches the app that was installed.

The DRM itself, that really runs afoul of free software licenses like the GPL.

So if you want to be able to use the GPL, it would need to have exceptions added to it, which introduce problems with compatibility with other GPL software.

And then Apple themselves have a requirement that you need to have scanning in place in order to be allowed to distribute these apps.

What is completely impossible to do, or at least illegal to do, because they themselves are encrypting the app and you can't decrypt it.

There's analytics that they do.

They track whether you install or uninstall apps.

And it's partly so that they can build up the numbers to know whether you qualify for the core technology fee that you owe.

App review.

As I mentioned, these can take an hour.

They can take a month.

There's really no telling.

There's no service level agreement.

And so if you need an urgent patch to one of your applications for, say, security, you're out of luck.

And the last one is they have a remote kill switch.

They can actually delete your app from your device if you want.

So our view is that the only way forward, really, to comply with both the spirit and the letter of the Digital Markets Act is that you really need to throw all this away.

You need to be able to have direct side loading.

Developers need to, without going through Apple at all, be able to generate their sign-in certificates.

They need to be able to build and distribute these things without any special entitlements.

Marketplaces need to be able to grant entitlements to developers for security-sensitive permissions.

And the app installations need to just be opened up and documented so that you can just do these things directly.

In other words, it needs to become just like Android is right now.

A quick note on security.

There's a lot of outs in the DMA about security, a lot of exemptions that are applied.

And for this reason, Apple is really-- their arguments are heavily hinging on security.

They have an interesting paper, "Building a Trusted Ecosystem for Millions of Apps with Threat Analysis." You can read it on their website.

But there's a lot of discussion in there about why side loading is considered dangerous, why you should never be allowed to do it.

I've always found those fairly hollow because if you go to the page for Apple Music on Android, they have an Android Apple Music APK that you can just download and install.

And they guide you step by step through all the steps that you need to do, including one that says, "Note that you may need to change your Android security settings to complete this installation." So, I've always found those very hollow, but that's really the angle that they're pushing in order to be able to skirt around some of the limitations or requirements that they have.

And I'll note a broader point about security is that security is not just about individual devices.

It's about the insecurity of a monoculture.

If you have one single centralized source, no matter who they are, no matter where they are, you have these issues where you can't understand their decision-making process.

It invites pressure.

A few notorious examples are the removal of the HK Maps Live from Hong Kong in 2019, the removal of Alexei Navalny's smart voting application in 2021 by the behest of the Russian authorities.

And then just last year, WhatsApp, Telegram, Signal, and Threads all just got yanked from the App Store in China.

These were unreviewable, these were unappealable, these were decisions that were made by central authority.

And Apple themselves should be concerned by this because they have invited themselves to be a center of pressure for these things.

If they opened up these App Store APIs and made it so I can just download these things directly, then that would eliminate a lot of the pressure on them.

So the next steps for the App Fair, we're working towards building up a community of volunteers and contributors.

We're looking to raise funds for the standard business level of credit requirement.

And then for the time being, we're probably going to continue to distribute applications through existing channels.

So apologies for going over time, but I want to thank you all for coming.

I'm afraid I don't have time for questions.

I'll be around though in case you have any questions.

And here is my contact information.

[applause]

App Fair Retrospective, 2024

- 3 min read - 457 words

As 2024 draws to a close, we reflect on the activities and progress of the App Fair Project.

The year started out with anticipation of Apple’s compliance with the Digital Markets Act. As we wrote in last year’s retrospective, the expectation was that iOS would be granted the technological capabilities to create a storefront application that can download, install, and update apps independently of Apple’s App Store, similar to how Android has always supported third-party app storefronts. Instead, the actual compliance solution they have offered is merely an extension of the existing app submission workflow, with the additional option of redistributing approved apps through an “alternative app marketplace”. This requires that a marketplace be approved and granted a special entitlement to be able to build and maintain an app store.

We regard this modification of the existing App Store regime as insufficient for the needs of a truly independent app distribution system. However, it is a first step, and we fully expect that the compliance efforts will evolve and expand in the coming months as EU regulators listen to feedback from the community and form their assessment of compliance (as they have recently done with interoperability requirements). So in March we applied for the alternative app marketplace entitlement, which required that we set up a European subsidiary organization. This led to the creation of the App Fair France. Once this was established, we were eventually granted the MarketplaceKit development entitlement, which gives us the ability to start implementing the App Fair client application using the new MarketplaceKit APIs.

However, to actually be able to distribute applications through the marketplace, we must be granted an additional “distribution entitlement”, and we were informed that this requires the posting of a €1,000,000 letter of credit. This sum obviously presents a significant barrier to a project of this nature. We have requested an exemption from this requirement as a non-profit and are hopeful that Apple will eventually grant it.

Other activities throughout the year include participation on various panels and working groups that are assessing the DMA compliance efforts of the gatekeepers. In March I attended the EC Digital Markets Act workshop to assess the current state of compliance, which I wrote about. Throughout the autumn, I participated in a “Workshop on Mobile Ecosystems – Technical & Security Issues” for alternative app installation channels, which is to be published on the European Commission’s website.

None of this wrangling is fun or pleasant, but is is all a prerequisite for the App Fair Project’s mission: to provide a free universal app store to distribute software for the common good. We expect that 2025 will be the year that we will be able to start distributing free apps in a truly independent manner.

Apple DMA Compliance Workshop

- 6 min read - 1093 words

Update: The video for the workshop has been made available at https://webcast.ec.europa.eu/compliance-with-the-dma-apple-2024-03-18. I’ve updated the blog post with timecodes for each of the questions and answers listed herein.

On March 18th I attended an EC-hosted workshop1 in Brussels on Apple’s compliance measures for the Digital Markets Act. It was a grueling 8-hour affair in a hot windowless room. There were around 75 attendees by my count, from a wide cross-section of organizations, few of whom seemed to feel that Apple was upholding the letter and spirit of the law in their compliance efforts.

Apple’s team of three, headed by Kyle Andeer (formerly an FTC trial lawyer), gamely managed to fend off the barrage, mostly by appealing to Apple’s paramount respect for “user security, privacy and safety” over and over again. The questions tended to be hostile and self-serving, and the responses tended to be vacuous, non-committal, and lacking any technical substance. In short, it went as one might expect.

Questioners were selected randomly from the attendees (both in-person and online). I managed to get two in. Following are my questions and their responses (pulled out of a whisper-generated transcript from the video, which can be accessed here).

Section titled “Question (Marc Prud’hommeaux, the App Fair Project) [12:25:41] (transcript link ↗):”

Hi, my name is Marc Prud’hommeaux, and I’m here representing the nonprofit App Fair Project, which is building an app marketplace to create and distribute free and open source apps as non-commercial digital public goods.

To be approved for an iPhone app marketplace entitlement, Apple is currently requiring that an organization, either 1: have been an Apple developer program member for two years and have an app that has been downloaded one million times in the EU in the previous year.

We’ve been a developer program member since April of 2022, but it’s impossible for us to satisfy the download count requirement because the web browser app that we submitted that year was rejected by Apple.

Option number 2: provide a one million euro standby letter of credit from an A-rated institution as has been discussed.

That number presents a discriminatory and insurmountable barrier to a nonprofit organization such as ours.

I’ve requested an exemption from our Apple representative and was denied.

My question is, since nonprofit organizations are exempt from the core technology fee, what is the rationale for requiring any letter of credit at all?

And what is the objective fairness and reasonableness standard that prevents Apple from increasing that number to 10 million euros or 100 million euros or some arbitrarily high amount that would effectively exclude all alternative app marketplaces at some point in the future?

Section titled “Answer (Kyle Andeer, Apple Vice President of Products and Regulatory Law) [12:33:24] (transcript link ↗):”

Again, when we think about alternative marketplaces and this was something we thought about for a long period of time, we wanted to assure that we had credible and accountable operators of stores and we want to have a single set of objective criteria.

We did not want to have special deals.

We did not want to have special assessments because as soon as you do that, you open yourself up to charges of discrimination.

And so what we focused on was what is a set of criteria that we could apply to make sure that the operators of these stores were credible and accountable and responsible.

And those were the two criteria that we established in addition to some of the other things I talked about, which is the other commitments, whether it’s engaged and ongoing monitoring of fraud to comply with laws like the DSA or the GDPR to publishing transparent data collection policies.

All these other things are important, but at the end of the day, if you don’t have an accountable and responsible operator, then those things mean nothing.

And so what we tried to do, and again, I think I answered this in response to an earlier question, we looked to find criteria that would allow us to have some confidence that the operator is someone we can trust to operate a store in the best interest of our users.

There may be others, and so we welcome feedback about what other criteria could we use to accomplish the goal that we’ve set out.

So we’re going to continue and see how things emerge.

Clearly, it hasn’t been an issue for a number of different developers, some of which we’ve heard from today, some of which we know are out there in terms of being able to secure the line of credit to allow them to enter this program.

Section titled “Question (Marc Prud’hommeaux, the App Fair Project) [16:04:26] (transcript link ↗):”

Hi, Marc Prud’hommeaux from the App Fair Project.

The specific apps that people install and run, including where and when they launch them, can be considered sensitive information when it comes to political and social activity, women’s health and free speech.

Does Apple track personally identifiable information about which apps are installed from third-party marketplaces and where and when they are when the apps are launched?

If so, Apple may be compelled to disclose this information to any of the various legal jurisdictions they operate in.

This could jeopardize vulnerable users.

Will this app installation launch activity still be reported to Apple, even when they opt out of sharing analytics with Apple?

Section titled “Answer (Gary Davis, Apple Data Protection Officer) [16:08:24] (transcript link ↗):”

In that instance, I’m going to somewhat highlight Apple track record in relation to responding to requests from law enforcement where we consider that the requests are disproportionate or inappropriate and clearly in such circumstances we have shown that we will raise questions about those requests and where appropriate pushback.

Obviously, if a request is lawful and is proportionate, we do our best to assist law enforcement in those circumstances.

Where we do have personal data associated with the download of an app, it is simply the download of an app.

It doesn’t indicate anything about usage.

We do not collect any information about your individual usage of an app in a personally identifiable way.

Some will come from analytics that is shared with developers, but that’s across the population of users, not individual users.

And the same installed information that we have from the App Store will be available for app marketplace downloads as well.

Footnotes

Section titled “Footnotes”

  1. https://digital-markets-act.ec.europa.eu/events-poolpage/apple-dma-compliance-workshop-2024-03-18_en

App Fair Retrospective, 2023

- 4 min read - 653 words

2023 was the first full year of the App Fair Project’s existence. This post looks back on the year, and towards 2024.

The mission of the App Fair Project — as conceived in the Spring of 2022 — is to nurture and distribute global digital public goods in the form of mobile applications. In other words, we will make free and useful apps, and we will make them global.

“Global” is meant both in consumer terms (apps will be translated and localized for many languages and regions) as well as in hardware terms (apps will be universally available for both iPhone and Android devices: 99% of all smartphones). An App Fair app aims to reach the entire global community of smartphone users, regardless of language, device, or region: a market that encompasses over 75% of the world’s population.1

The year 2023 was spent laying the technological foundations to support the project. We now have the beginnings of a development pipeline to create and contribute apps, and to build and submit those projects – via the App Fair organization – to both the Apple App Store and the Google Play Store. We have shipped a single app through to production on the App Store, and another as a beta to the Play Store. This has served as a proof of concept for us, and we envision this pipeline evolving to support all aspects of the app submission and distribution process.

In 2024 we intend to complete these workflows, to the point where independent projects can start contributing their own apps through the project. This will allow app projects to release their apps through to Android devices that run the Google Play Store and iOS devices that use the Apple App Store. However, this does not cover all the devices: there are numerous Android distributions provided by other organizations, such as Amazon, LineageOS, and most Chinese smartphone vendors, that do not use the Google Play store.

In order to support 100% of the available devices, we will be releasing our own universal “App Store” for both iOS and Android: the App Fair app. This app will be available everywhere, and will act as a transparent and unbiased directory of App Fair projects. It will provide a unified interface for finding, downloading, installing, and updating App Fair apps, but it will be unencumbered by advertisements, tracking or other analytics. The App Fair app will be — like all our other projects — 100% free and open-source software.

Android already has the sufficient technological capabilities to support this sort of app-store app, which is already being utilized by other free software projects such as F-Droid. And while there has historically been no equivalent support for this on the iPhone side, they recently added a new ManagedAppDistribution2 framework to support this as required by the Digital Markets Act (DMA)3. We have taken the first steps to obtain the necessary approvals and entitlements from Apple to utilize this framework. We will be writing articles and technical posts on the process once we have been granted these entitlements, in order assist with other similar projects who may want to create their own app store.

Our goal is to provide a free and ubiquitous source of apps that smartphone users can trust and rely on for everyday needs. App Fair apps will contain no advertisements, no in-app purchases, analytics, or other dark patterns. Contributors to these projects can be confident that their efforts will be available to everyone in the world, in perpetuity.

2024 will be an exciting year for the App Fair. Please follow this blog for progress and updates.

Footnotes

Section titled “Footnotes”

  1. 75.05% as of 2020 according to https://www.statista.com/topics/840/smartphones/#topicOverview

  2. Apple developer documentation: “Provide a consistent app presentation in your organization’s app store” https://developer.apple.com/documentation/managedappdistribution/fetching-and-displaying-managed-apps

  3. Compliance principles for the Digital Markets Act: https://www.bruegel.org/policy-brief/compliance-principles-digital-markets-act