The multiple app store hype

The issue of multiple app stores, or the absence of an alternative, on iOS and iPadOS has been discussed multiple times already. I have never really thought of how it will work exactly until I went back to using Android - a deGoogled Android to be exact.

I am currently using a secondary test device, a GrapheneOS-powered Pixel 5a, which, by default, does not come with an app store containing third-party applications. The freedom to choose which app store to use to install third-party applications is a refreshing take - only if you know which one to trust, that is. So how is going so far?

First thing I installed is F-Droid.org (straight from the source). An app store that only hosts free, open source software (FOSS). Having the application source code available in the open provides the opportunity for others to examine the code, which provides some sort of peace of mind that malicious code can be caught easily.

The strict curation, I hope, done by the F-Droid team, increases the trustworthiness of the repository. In essence, you need to trust F-Droid developers to install their application by side-loading, i.e., without any protection from any kind of app store.

Once you have F-Droid, you will need to trust their curation to weed out malicious applications, and then ultimately trusting the developer(s) of the third-party applications. Unfortunately, F-Droid does not come without its own issues (see <"https://wonderfall.dev/fdroid-issues/">).

Given the limited choices on F-Droid, I am not familiar with other third-party app stores with a bigger catalogue, except the Google's Play Store really. Installing Google Play Store defeats the purpose of deGoogling your device. Luckily, there are proxy services that act on the user's behalf to download third-party applications straight from the Google Play Store without revealing who they are.

I use the Aurora app store (installed from F-Droid). Applications downloaded via Aurora requires the Google Play Services library (which is not open source) to work properly (yes, the Play Services is where Google does most of their data collection, IMHO). GrapheneOS has its own implementations of these Google libraries, which protects users' data, which is great, right?

That being said, emulating this Google library is not always perfect, so don't expect all third-party applications to work 100% (encountered these crashes myself!). Now that I have applications from F-Droid and Aurora installed on the Pixel, updating the applications means hitting each App store to check for updates. At two app stores, it is still manageable. Imagine having more, and having subscriptions scattered all over different stores. And how about updating side-loaded applications? Whilst there are applications that can prompt you to update, but don't expect all to have this functionality.

With multiple app stores, it means that you will trust each one to make sure that they're doing their job to protect you from malicious actors (or worse, when they're the malicious one!). Imagine, having an app store from Google, Amazon, Microsoft, Meta, and TikTok, for starters. Each one having different standards in terms of curation, security and privacy.

Now you need to monitor each of these stores for updates, paid subscriptions, etc. Good luck with that! The only upside that I can see is that paid apps can have different pricing schemes that translate to potential savings for users (yes, competition!).

Suppose the user signs-up for a one year subscription on store A because it is the cheapest, but when renewal comes up and store B offers a better price, do they uninstall the store A version and get the store B version? Not easy, eh? And that is just one potential scenario users will face. Does it benefit the developers? Maybe, but now they will need to decide which app stores to use, but it is not as simple as choosing the one with the lowest commission.

How about widest distribution? Most trusted? Also, should developers distribute in all stores? IMHO, multiple app stores benefit only the app stores - they can claim to be better at others in curating (Apple is not doing a great job here, it is doing well, but not great!), and have lower prices due to lower commissions, but you have to take their word for it (what is their primary motivation? Profit only, of course!). Don't get me wrong, I am not for a single app store either.

However, there should be a minimum standard for stores when it comes to protecting users' privacy and security, but who will ensure this? Apple has its ecosystem, aka business, to protect, the same way Google does. Third-party app stores only have profit in their sight - forget about provide users a choice!