WEBVTT

00:00.000 --> 00:14.160
So, welcome everyone. For our next talk, we have here Mark Brudemon, who is, I would say,

00:14.160 --> 00:20.760
the expert on AppStores on iOS. So, I'm very happy that we have him here with us,

00:21.640 --> 00:24.840
heading over to you, Mark. Thank you very much.

00:29.080 --> 00:35.160
Thank you, everyone, for coming. This is a talk on Free Software AppStores for iOS and how

00:35.160 --> 00:41.080
that works with the DMA and how things are going to be moving forward to that. My name is Mark Brudemon,

00:41.080 --> 00:45.320
the founder of the project. I'm a software developer, really, I'm a programmer. I've been

00:45.400 --> 00:52.840
software for 25 or more years. I've been developing apps since 2008 for both Android and the

00:52.840 --> 00:59.080
iPhone. I've developed dozens of apps for large companies, for myself, for independent

00:59.080 --> 01:05.080
organizations, for startups, all apps, great and small, really. So, I've gone through the process

01:05.080 --> 01:09.080
of both designing and building applications, as well as going through the distribution process.

01:09.080 --> 01:14.280
Actually, I had to get that through the stores to the end users. So, I really know sort of

01:14.280 --> 01:20.760
all the levels of the process. I will disclaim since this is a legal track. I'm not a legal expert.

01:20.760 --> 01:26.920
I'm not a lawyer. I do not have any formal training in law either American or European or anywhere else.

01:27.880 --> 01:34.840
I do seem to have evolved into somewhat of a policy expert, not necessarily as an aspiration

01:34.840 --> 01:41.480
of mine, but just through us, Moses, of working with some of the aspects of the digital

01:41.480 --> 01:48.280
market's act and advising various organizations around that. The App Fair Project is a

01:48.280 --> 01:54.360
app store for a free and open source software. It aspires to make the software available for the

01:54.360 --> 02:00.600
iPhone and for Android. I really first came up with the idea. It's been justating ever since I

02:00.600 --> 02:05.480
started building apps and encountering how difficult it was to get it into the hands of end users.

02:06.120 --> 02:12.600
But I really started putting together the pieces in 2020 and I found the organization in 2022.

02:13.160 --> 02:19.560
It is a 501C3 nonprofit based in Massachusetts in the United States and we also have a branch

02:19.560 --> 02:25.880
based in France, map fair friends. The mission is to facilitate the creation and distribution

02:25.880 --> 02:30.680
and mobile software applications for the public good for everyone. That's really a core

02:30.680 --> 02:36.840
component that we want to get applications into everyone's hand. In general, this sorts of

02:36.840 --> 02:41.720
apps that the App Fair aims to distribute will be digital public goods. We'll be generally

02:41.720 --> 02:49.480
useful things that people in their everyday life can get utility from. They don't need to be exotic.

02:49.480 --> 02:54.680
They can be weather apps. They can be transit apps. Time tables. They could be absolutely

02:54.680 --> 03:02.520
paid for parking. They can be social media apps. In general, the apps have a broad swath of humanity

03:02.520 --> 03:08.440
will find useful and are sometimes underserved by commercial application creators.

03:09.960 --> 03:15.400
There are to be 100% free and open source software. Everything that goes into the application

03:15.400 --> 03:21.160
both the top level user interface as well as all the components that the application uses

03:21.160 --> 03:27.400
needs to be open source. It needs to cost zero money. There needs to be no fees to the

03:27.400 --> 03:35.160
user's pay or subscriptions. But it must not have any end user monetization goal whatsoever.

03:35.160 --> 03:46.600
This leads into the trustworthy aspect of the project. That's in the universally accessible.

03:46.600 --> 03:52.120
On all devices, iPhones and Android that essentially makes up 100% of all the mobile devices

03:52.120 --> 03:57.800
people use. All languages, one of the goals of the project is to make it so someone can

03:57.800 --> 04:03.640
write an app when he speaks English but have a translated into 50 languages so that a grandmother

04:03.640 --> 04:10.920
and Cambodia can use it. Everyone is able to get the benefit of this labor. All abilities

04:10.920 --> 04:18.200
want to reach out to all levels of accessibility needs that people have based built on top of

04:18.200 --> 04:25.160
the accessibility technologies that these mobile devices have. And then they need to be trustworthy.

04:25.160 --> 04:30.760
So there's not going to be end user monetization. There's not going to be any built-in advertising.

04:31.480 --> 04:36.040
There's not going to be any tracking surveillance. And no analytics or telemetry. Basically,

04:36.040 --> 04:44.520
they aim to respect the privacy of the end user and ensure that any time the application

04:44.520 --> 04:48.760
is collecting data. It's because they actually need to collect the data for the functionality of the

04:48.760 --> 04:55.000
application. For example, whether application might ask for your location. Simply so it can tell you

04:55.000 --> 05:01.000
what the forecast does in your area. Not so it can then ship off your location information to a third

05:01.000 --> 05:04.760
party, a data broker who then packages it up and sells it to some third party.

05:06.840 --> 05:11.880
And the technical outline of how the project works is fairly straightforward.

05:11.880 --> 05:18.520
If you're familiar with, say, the app Android project for Android, for Debian, for how they manage

05:18.520 --> 05:23.560
their app, software repository, or for HomeBrew for Mac OS, the idea is generally that you

05:23.560 --> 05:28.200
have application developers. And these might be individuals. They could be students. They could be

05:28.200 --> 05:33.800
obvious. They could be organizations, nonprofit organizations, governmental organizations,

05:34.840 --> 05:41.320
schools, universities, or it could be commercial entities. As long as they have a goal of creating

05:41.320 --> 05:47.160
something that is not going to be monetizing the end user, anyone can create these things. They

05:47.160 --> 05:52.520
form their own organizations. They build the apps independently of the project and then they submit

05:52.600 --> 05:58.600
the source code of the application to the app to their project itself. And the app to their project

05:58.600 --> 06:05.480
will be made up of a combination of automated mechanisms where you actually take this source code

06:05.480 --> 06:13.160
and you build the application and scan it for bad actions from malware, things like that,

06:13.160 --> 06:17.400
make sure that it's truly all open source. And then I'll have a human component. It'll be,

06:17.400 --> 06:20.920
you know, people will review the applications. You know, is this really the kind of application

06:20.920 --> 06:26.920
that we want. It'll be maintainers who help provide feedback to the app creators when they're

06:26.920 --> 06:32.760
needs to be changes to be made to work on, say, updated versions of the, of the operating systems.

06:32.760 --> 06:38.200
And translators, and that's a big component. The app fair will contribute people who are experts

06:38.200 --> 06:44.200
in localizing the applications each individual, each individual, you know, language that we support.

06:44.440 --> 06:50.600
And then the app fair packages the distributes it and then the app fair client application

06:50.600 --> 06:58.040
will then be the sort of front facing mechanism for both iPhone users and Android users to be able

06:58.040 --> 07:05.480
to browse, search, review, download, install, and update applications. So that's more less

07:05.480 --> 07:12.040
in outline of the project process. One of the advantages of using the app fair project is that

07:12.120 --> 07:15.880
you don't need to sign up for anything. There's no fees, there's no registration.

07:15.880 --> 07:20.520
You know, you don't need to accept terms and conditions like you do to distribute an application

07:20.520 --> 07:26.920
on, say, the place door or the app store, you don't need a special account. The app fair project aims

07:26.920 --> 07:32.200
to provide automated distribution for you so that you don't need to go through the manual process

07:32.200 --> 07:38.040
for distributing on multiple app stores. And, you know, we'll help with translations,

07:38.040 --> 07:42.440
accessibility compliance. And the big thing is a trustworthy and a seal of approval. One of the

07:42.440 --> 07:48.760
problems is free software or software that is ostensibly free zero cost on mobile devices is that

07:48.760 --> 07:53.000
you never really know what the motivation of the person who developed this software. So there's

07:53.000 --> 07:57.880
a lot of distress for, say, free weather applications for any free application that might be looking

07:57.880 --> 08:03.480
at your contacts, books and things like that. There's just saying that if it's free, then you are the

08:03.560 --> 08:08.760
product. That's not true with free end opens for software, but the end users don't know about that.

08:08.760 --> 08:13.080
So things distributed through the app fair project will have the seal of approval,

08:13.080 --> 08:18.440
this sort of guarantor of trustworthiness that there's no sinister nefarious money

08:19.160 --> 08:25.080
gathering operations going on behind the scenes. So how do you build an app store?

08:26.120 --> 08:30.760
An app store is really just an app that installs advantages of their applications. It's not really

08:31.400 --> 08:37.400
conceptually all that complicated. It's an app that installs apps. How do you do it on Android?

08:37.400 --> 08:42.520
On Android is very well established. There's a lot of different app stores on Android. I mentioned

08:42.520 --> 08:49.480
the app to write project. There's a lot of companies have their own app stores as Amazon,

08:50.200 --> 08:55.960
Samsung Galaxy app team mobile. And in China, every app store is third party app stores. And

08:55.960 --> 09:01.640
on first party Google Play app store, because Google Play services is not available in China.

09:03.480 --> 09:08.440
And essentially the technology behind it is well established. It's been around since the beginning

09:08.440 --> 09:12.680
of Android. You've set a permission in your applications metadata and install packages.

09:13.160 --> 09:18.200
You've signed in and distribute your app store application. They have a published API that you

09:18.200 --> 09:24.280
call that says download this application package, validate it, install it, update it. And you don't

09:24.280 --> 09:28.840
really need to go through Google at all to do this. You can just go home today. You could write an

09:28.840 --> 09:36.280
app store app. App is start distributing apps. It's pretty straightforward. But the iPhone side

09:36.280 --> 09:42.920
is an important side. This is a talk about iOS and one of the central components of providing

09:42.920 --> 09:48.040
universal access is providing access to all devices. So that's really an essential part of the

09:48.040 --> 09:53.400
App Fair Project's mission. And you basically can't build an app store for the iPhone.

09:55.400 --> 09:59.960
Historically, there was something called citya. It's actually from 2008. It predates the Apple

09:59.960 --> 10:09.560
App Store. They used the ability to access private APIs if you jailbreak your iPhone, which is essentially

10:10.120 --> 10:17.000
hacking into your iPhone by passing some of the restrictions that are set in place. And then you can

10:17.080 --> 10:23.080
talk to private internal APIs. They've been using that to build and distribute applications for

10:23.080 --> 10:29.080
a very long time. But it's a widely considered be a fairly extreme measure to jailbreak your iPhone.

10:29.080 --> 10:33.080
And Apple is always closing the loop holes that enable people to do it every year. So it's an

10:33.080 --> 10:40.040
ongoing cat and mouse game between the development community that brings these jailbreaks to the

10:40.040 --> 10:44.280
surface. And Apple is plugging the holes all the time. It's not really a sustainable way to get a

10:44.280 --> 10:50.920
widespread adoption. And then there's these tethered workarounds in order to do it. If you are

10:50.920 --> 10:55.400
trying to up as a developer for the iPhone, then you have the ability to launch and run your

10:55.400 --> 11:03.000
own applications. You need that in order to be able to develop and debug your own app. And so

11:03.000 --> 11:08.040
that these various tethered workarounds like all store until recently, size store, trolls store.

11:08.040 --> 11:11.640
That basically take advantage of that. They say, okay, you can download an application for

11:11.720 --> 11:15.800
somewhere else. You can sign it with your own developer certificate and then you can install it.

11:16.680 --> 11:22.120
But there are no published APIs like there are on Android for installing or updating applications.

11:22.920 --> 11:27.320
And that's pretty much the roadblock to project like this. You can't really get past it.

11:28.200 --> 11:32.120
That is until the DMA, which is the top topic of this conversation.

11:33.000 --> 11:37.320
So in case people haven't heard of it, I mentioned most of you have the Digital Markets Act,

11:37.320 --> 11:43.240
aims to create a level playing field. It wants to make the digital market fair and more

11:43.240 --> 11:51.320
responsible, more contestable. And its history is that it was in 2020, it was proposed. It got

11:51.320 --> 12:00.200
signed into law in 2022. 2023 was when their designation of gatekeepers took place and there are

12:00.200 --> 12:04.120
five gatekeepers. The ones that are relevant to this topic are Google and Apple.

12:05.080 --> 12:11.560
And then last year, a little longer a year ago, was a deadline for compliance for the various rules

12:11.560 --> 12:13.800
that were laid out by the Digital Markets Act.

12:15.400 --> 12:23.080
So the Digital Markets Act is a big act. A lot of components has eight major sectors.

12:23.080 --> 12:28.520
The one that affects us, my project and this talk is the last one here, the online

12:28.520 --> 12:32.600
Intermediation Services. In other words, the Google Play Store and the Apple App Store.

12:34.280 --> 12:37.000
All of these are important. This is the one that is relevant to us.

12:38.440 --> 12:46.120
And so the online Intermediation Services has a bunch of requirements and generally reading through

12:46.120 --> 12:53.400
the articles, the important ones are that they need to allow third-party app stores and side-loading.

12:54.280 --> 12:59.640
Side-loading is the term that has evolved to mean direct installation of applications

12:59.640 --> 13:04.200
straight to your device. Fair and non-discriminatory access to these services.

13:05.480 --> 13:10.520
No preferential treatment. They basically can't favor their own services over the services of third-party.

13:11.400 --> 13:16.120
You need to have a lot of interoperability requirements. Terms of conditions need to be transparent.

13:16.920 --> 13:23.720
And they can't have any anti-steering. They can't force you to steer people towards their own

13:23.720 --> 13:28.680
gatekeeper services and away from competitive services that might be available.

13:30.840 --> 13:38.040
So here's what I thought would happen when the designation was made before the compliance plan,

13:38.040 --> 13:42.200
you know, came out is essentially that they would do what Android does.

13:42.920 --> 13:48.280
Add the ability to self-sign your own applications. And the technology exists for this already

13:49.000 --> 13:55.000
is a popular misconception that you can't side-load on the iPhone. That's not true.

13:55.000 --> 14:01.720
You just need to have a special enterprise certificate, which Apple only hands out to a select few

14:01.720 --> 14:06.920
large corporations that pay a lot of money. But once you have this certificate, you can

14:07.720 --> 14:12.760
develop your application and you can sign it with a certificate and you can email it to your staff

14:12.760 --> 14:16.120
or you can put it on a website to upload. You can distribute it however you want.

14:17.240 --> 14:22.360
And it is for all intents and purposes, it is side-loading. However, you need the certificate.

14:23.080 --> 14:26.440
If someone gets their hands on a certificate and starts signing apps and just giving them away

14:26.440 --> 14:32.280
for free at anyone, which happens actually quite a lot, Apple closes that loophole and they

14:33.080 --> 14:38.200
put the kibosh in or certificate they resend it and then all the applications are not allowed.

14:39.000 --> 14:43.640
So it is possible and it is very straightforward. And then the second thing they need to do is

14:43.640 --> 14:49.320
actually publish app store APIs because the first step allows you to side-load things directly.

14:49.320 --> 14:53.480
The second step is what you need to actually build an app store app and app that distributes and

14:53.480 --> 14:59.640
maintains other applications. And there are publish APIs in Android, there is something called

14:59.640 --> 15:05.800
package installer that lets you call functions, they can install package, and they exist on Apple

15:05.800 --> 15:09.720
as well in this mobile installation framework. It is what city airlines are using. And they have

15:09.720 --> 15:16.200
got functions, mobile application, install, and install. You can figure out what these functions do,

15:16.200 --> 15:21.880
but these are currently private. So basically make this, so anyone can get it, make this, so

15:21.880 --> 15:26.840
you can make an app store app and that is all you need to do. That would be fully compliant,

15:26.840 --> 15:31.400
make everyone happy, make my life easier. So here is what actually did happen.

15:33.080 --> 15:40.200
So in order to go through this, you basically have to do all of these things. The non-fansy

15:40.200 --> 15:45.240
stars are the ones that are pre-existing requirements to build and ship an application for the Apple

15:45.240 --> 15:51.240
app store, the fancy stars are the new things, the new steps you need to do. So you always need to

15:51.240 --> 15:55.880
sign up with Apple except their terms and conditions which are frequently changing and you get

15:55.960 --> 15:59.960
zero notice when they're about to change. And if you don't immediately adhere to them,

15:59.960 --> 16:04.680
you can no longer issue updates to your applications. And then a way to approval, hope that they

16:04.680 --> 16:11.320
approve your account. You need to pay an annual fee, $99 US dollars. You can get an exemption from that

16:11.320 --> 16:17.960
if you're a non-profit or educational institution. New step is you need to agree to alternative

16:17.960 --> 16:25.640
EU terms addendum, which is quite long and involved and has a lot to say about how you can monetize

16:25.720 --> 16:32.200
your apps differently. Then again, you need to build and upload it to the airport, all the

16:32.200 --> 16:38.600
app store connect portal. And once you've done that, you need to request a distribution token from

16:38.600 --> 16:45.080
alternative app marketplace. So say the app fair is an alternative app marketplace. You want

16:45.080 --> 16:51.640
to distribute an app through me. What you do is I give you a token, a passcode basically. You build

16:51.720 --> 16:56.760
your app, upload it to Apple, and then upload that token to Apple. And they take those two things

16:56.760 --> 17:01.560
and say, okay, this app, if we approve it, is going to wind up being able to be distributed through

17:01.560 --> 17:08.200
the app fair through me. You go through app review. It's what they call notarization, but it's

17:08.200 --> 17:13.240
really just a subset of app review. It's a combination of automated scans and human involvement.

17:13.320 --> 17:22.520
You know, that could take an hour, could take a month. Once it passes, you get a token for the

17:22.520 --> 17:27.960
particular version of the application that was approved. You hand that back to the alternative

17:27.960 --> 17:33.480
app marketplace, they're able to download your signed and approved application and then finally

17:33.480 --> 17:39.080
the distributed. And then lastly, you have to pay there for someone notorious Quartingology fee,

17:39.160 --> 17:45.560
which is 50 cents for every download of your application beyond the first million in a year.

17:46.760 --> 17:52.760
And that's only for monetized applications. But it is definitely a hindrance to anyone who thinks

17:52.760 --> 17:57.560
I'm going to make this hit app that billions of people use, you're going to be hit with a massive bill.

17:58.280 --> 18:05.480
So this is the process that they consider compliance that is the facts on the ground right now.

18:05.960 --> 18:14.920
The actual app review subset, the Notarization Guidelines, contain a lot of guidelines around

18:14.920 --> 18:18.760
the sort of content that you can have in your application. It's not just around security.

18:19.320 --> 18:26.360
I won't go through all of these, but there are some fairly ones that should give pause to someone

18:26.360 --> 18:31.480
who thinks that this is a sort of clear and objective standard for a third parties.

18:32.200 --> 18:36.040
One of them being something like this, where they say if you market your app in a misleading way,

18:36.040 --> 18:40.840
your app in a little bit removed, it'll be blocked from being installed. And you might have your developer

18:40.840 --> 18:46.440
account terminated, meaning you can never make an app again. What is the definition of misleading

18:46.440 --> 18:51.720
is there any adjudication mechanism for this, is there any appeal? No, there's not. It's just

18:51.720 --> 18:55.880
whatever they consider to be misleading. So these are the sort of some things that we find

18:55.880 --> 19:01.800
really deeply problematic with the app review subset that you have to that you have to go through.

19:02.360 --> 19:06.280
You can look at all of these guidelines, both the full app review guidelines and the Notarization

19:06.280 --> 19:13.240
subset app store review guidelines. It's a nice little picker where you can toggle between the two

19:13.240 --> 19:20.440
two modes. So that's in order to create an app. What is it? I'll turn about Marketplace

19:20.440 --> 19:24.520
distributor and need to do. In other words, what does the app care need to do? They have to,

19:24.520 --> 19:30.200
again, register with Apple, agree to terms and conditions. You need to request and Marketplace

19:30.200 --> 19:35.880
entitlement. And that has various rules. One of which is that you need to have a base in the

19:35.880 --> 19:42.200
European Union, which is why we started the app fair France. You need to provide a 1 million Euro

19:42.200 --> 19:49.960
annually renewable business letter of credit. And then you need to actually build the app store app

19:50.840 --> 19:57.400
and then submit that through app review. In order to actually process the applications that you

19:58.040 --> 20:04.440
receive in distributed, you basically need to set up a server that accepts the handoff of the

20:04.440 --> 20:11.640
application that Apple passes off to you after the developer signs and uploads it. And then once you do that,

20:11.640 --> 20:16.680
you host the application and then you can have your application talk to the server and redistribute

20:16.680 --> 20:25.800
these things. So what are the barriers to having a free software app marketplace? Obviously,

20:25.800 --> 20:30.120
I mentioned the 1 million Euro letter of credit for Marketplace entitlement. That's a big ask.

20:31.240 --> 20:36.200
The inability to inspect the encrypted app delivery. So Apple applies DRM to every application.

20:36.200 --> 20:42.040
You can't opt out of it. And there's a few issues with this. You can't obviously scan it

20:42.040 --> 20:47.160
for malware. You can't really use reproducible builds in order to verify that the actual source

20:47.160 --> 20:53.240
code matches the app that was installed. The DRM itself that really runs a file of free software

20:53.240 --> 21:00.360
licenses like the GPL. So if you want to be able to use the GPL, it would need to have exceptions

21:00.360 --> 21:05.640
added to it, which introduce problems with compatibility with other GPL software. And then Apple

21:05.720 --> 21:09.160
themselves has a requirement that you need to have scanning in place in order to

21:10.840 --> 21:15.720
in order to be allowed to distribute these apps. But it's completely impossible to do,

21:15.720 --> 21:19.640
or at least illegal to do, because they themselves are encrypting the app and you can't decrypt it.

21:21.080 --> 21:25.800
There's analytics that they do. They track whether you install or install apps. And it's partly

21:25.800 --> 21:31.080
so that they can build up the numbers to know whether you qualify for the Quart Technology fee that

21:31.160 --> 21:38.040
you owe. App review. As I mentioned, these can take an hour. They can take a month. There's really

21:38.040 --> 21:46.200
no telling. There's no service level agreement. And so if you need an urgent patch to any

21:46.200 --> 21:50.760
of your applications for say security, you're out of luck. And the last one is they have a remote

21:50.760 --> 21:56.520
kill switch. They can actually delete your app from your device if you want. So our view is that

21:56.520 --> 22:00.680
the only way forward really to comply with both the spirit and the letter of the digital market

22:00.680 --> 22:05.800
sector is that you really need to store all this away. You need to be able to have direct

22:05.800 --> 22:09.320
side loading. Developers need to, without going through Apple at all, be able to generate

22:09.320 --> 22:13.000
their sending certificates. You need to be able to build and distribute these things with

22:13.000 --> 22:17.960
any special entitlements. Marketplaces need to be able to grant entitlements to developers for

22:17.960 --> 22:24.360
security sensitive permissions. And the app installations need to be opened up and documented

22:24.360 --> 22:29.560
to say that you can just do these things directly. In other words, it needs to become just like

22:29.560 --> 22:36.520
Android is right now. A quick note on security, there's a lot of out in the DMA about security,

22:36.520 --> 22:43.000
a lot of exemptions that are applied. And for this reason, Apple is really, their arguments

22:43.000 --> 22:47.640
are heavily hinging on security. They have an interesting paper building across the

22:47.640 --> 22:52.280
ecosystem from millions of apps, the front analysis, you can read it on their website.

22:52.280 --> 22:56.440
But there's a lot of discussion in there about why side loading is considered dangerous,

22:56.440 --> 23:02.600
why you should never be allowed to do it. I've always found those fairly hollow because if you

23:02.600 --> 23:10.440
go to the page for Apple Music on Android, they have an Android Apple Music APK that you can just

23:10.440 --> 23:14.600
download and install and they guide you step by step through all the steps you need to do,

23:14.600 --> 23:17.880
including one that says, note that you may need to change your Android security settings to

23:17.880 --> 23:24.440
complete this installation. So, I've always found those very hollow, but that's really the angle

23:24.600 --> 23:29.000
that they're pushing in order to be able to skirt around some of the limitations of requirements that they have.

23:31.400 --> 23:35.560
And I'll note a broader point about security is that security is not just about individual

23:35.560 --> 23:41.160
devices, it's about the insecurity of a monoculture. If you have one single centralized source

23:41.160 --> 23:46.840
no matter who they are, no matter where they are, you have these issues where you can't

23:46.840 --> 23:52.440
understand their decision-making process and advice pressure. A few notorious examples are the

23:52.440 --> 23:59.160
removal of the H.K. Maps Live from Hong Kong in 2019. The removal of election novellies,

24:00.040 --> 24:06.600
smart voting application in 2021 by the behest of the Russian authorities. And then just last year,

24:07.640 --> 24:12.520
WhatsApp telegram signal and threads all just got yanked from the App Store. In China, these were

24:13.080 --> 24:17.960
unreviewable, these were unappealable, these were decisions that were made by Central Authority.

24:17.960 --> 24:22.360
And Apple themselves should be concerned by this because they have invited themselves to be

24:22.360 --> 24:27.320
a center of pressure for these things. If they opened up these App Store APIs and made it so,

24:27.320 --> 24:32.360
I can just download these things directly, then that would limit a lot of the pressure on them.

24:33.400 --> 24:38.360
So, the next steps for the App Fair, we're working towards building up a community of volunteers and

24:38.360 --> 24:44.280
contributors. We're looking to raise funds for the standard business level of credit requirement.

24:45.160 --> 24:49.240
And then for the time being, we're probably going to continue to distribute applications through

24:49.240 --> 24:54.520
existing channels. So, apologies for going over time, but I want to thank you all for going.

24:54.520 --> 24:58.280
I'm free at our next time for questions. I'll be around, though, in case you have any questions.

24:58.280 --> 25:08.280
And here is my contact information.