Apple App Store Chronicle 1: NFT and Delete Button Request

This chronicle is being started now to document what may, or may not, turn out to be a long process in getting TonSafe 2.0 into the Apple App Store. It is much easier to start the chronicle now, than to try and write it later, if this turns out into a long drawn-out affair, as sadly other project developers have had to do, including Telegram.

With that said: let us always be optimistic and hope for the best, but also realistic based on the experiences of others, and prepare for the worst.

Background

This chronicle, no matter which way it turns out, will be very useful and helpful to others. If logic, fairness, moral values and reason prevail, the chronicle will be short, with a good conclusion, which will show how best to approach such matters. If it turns out to be long, then this indicates the way was not smooth, and it will be even more helpful to all manner of possible outcomes whether at worst possible future legal action against a big tech company (prepare for the worst, documentation is important and especially allies in any such fight), or a lesson in how to (or not to) approach the issues, as it raises a fundamental moral issue: honesty towards all app users.

Firstly, by way of background: this blog is from the BASED Group, which is currently developing the TonSafe app. There are 4 mainly active members of the Group involved with the TonSafe project. Exactly half of them, that is two, are primary iPhone users and Apple ecosystem supporters, and the other half are primarily (thus not exclusively), Android users, preferring Android phones to iPhones. One of the four, is a truly big fan of Apple having used Apple Mac for the first time back in the 1980s during the time of Steve Jobbs and in more recent years being responsible for sending a good amount of bug reports to Apple for bugs found in iOS and the iCloud system.

Fundamental Principles

TonSafe came into being precisely because there was not any TON wallet available which truly took care of safety issues in a user-friendly manner for newcomers to The Open Network. It should not be expected that to operate a TON wallet one has to have an education in blockchain technology: the operation should be as easy and clear as possible, also educational where appropriate, and above all else a safe experience.

TonSafe aims to build a safe ecosystem on The Open Network. TonSafe values honesty and integrity as well as high standards towards our users: we guarantee their privacy and provide extensive support, help and educational resources, and open honesty, which is a key factor in why there is no "Delete Account" button in TonSafe.

Likewise, Apple uphold the same principles of providing a safe ecosystem, support and help, and educational resources for their users. The difference is that the Apple ecosystem is huge, TonSafe ecosystem is in its infancy.

Let is be clear: we fully understand and agree with Apple's Account Deletion principles, as users we have often faced this frustration of being trapped into some account held on remote servers, which we could then not delete, and consider this an abuse.

We also understand that although there are no legal requirements for Apple to put into effect strict account deletion policies, and they are thus going above and beyond legal requirements, this is to raise the bar of safety for their users in the Apple ecosystem.

Apple provide the Safari browser for those who want to venture out into the wild west of web 2 but within the Apple ecosystem itself, users should be safe and protected. Same with TonSafe, while using TonSafe app, everything should be safe and protected, those who venture outside of it, the Safari browser window opens for you.

Why Accounts Cannot Be Deleted on the Blockchain

However, there is one fundamental difference between "web 3 blockchain", and "web 2 internet", and we cannot say we are happy with it, but it is a very important technical distinction: when you create accounts on typical web 2 web servers, you can absolutely edit and delete anything, however, on web 3 blockchain, at least for wallet smart contracts "accounts", this is absolutely impossible.

Once you create an account (such as your wallet) on The Open Network, it cannot be deleted by anyone. There is no owner or manager of TON who could even do it, it is the very nature of blockchain smart contracts, and comes with its advantages and disadvantages, like almost everything, it has a plus and a minus.

The plus side is that your account is extremely safe. No one can realistically hack into it and steal your funds. No one can delete it by mistake or on purpose. No no one, not even you as the owner of the account, can edit it to forge any transactions, or claim you did not receive a payment when you did, or sent one when you did not.

Obviously these are big advantages but there are also others, such as the absence of any "middle man", and yet those advantages are also the disadvantages, or minus points: no one can reverse a payment that has already been made, no one can assist you if you lose your 24 secret words which are used to access your account.

TonSafe Safety

This is also exactly why TonSafe provides many additional safety features, unlike any other TON Wallets, and in fact, unlike most "cryptocurrency" wallets in general. These include:

• Making sure as much as possible that you actually physically write down your 24 secret words when you create your wallet account
• Reminders at frequent intervals to train your memory from short-term to medium-term to long-term, guided by psychological and physiological factors
• Preventing logout in error or without extensive clarity to ensure you have your 24 secret words in case you wish to log back in future
• Preventing payments being sent without multiple checks and making it easy to verify that you have the correct wallet destination address and amount and any required memo before proceeding and then with an additional biometric check

These are not the only additional safety features, but these main areas serve as a summary of what TonSafe does above and beyond other TON wallets for user safety.

Being Truthful

We at the TonSafe project have an average age of 55 with our youngest being in the 30s and oldest in the 70s. The oldies among us have many decades of experience in technical, security, financial, legal and other fields of great relevance to the project.

The oldies among us do understand that values such as honesty over convenience, security over convenience, privacy over convenience, or indeed anything over convenience, as not at all what they used to be.

We know Steve Jobbs shared our values, he was close to our generation. We like to think that Apple still shares those values: most of us believe that Apple are the most secure devices to use and also the most private as well as safety out of the box.

Whether this chronicle turns out to be long or short may depend on whether these values are truly shared today. At TonSafe the decision for us is very clear: we will not lie to our users in order to increase our downloads or even access to the Stores.

For example, the Delete Account button that we're being asked to add to TonSafe. The convenient option would be to do what the other TON wallets have done: they added an account delete button but are actually lying to their users. The button does the same as logout, nothing more, since the account cannot actually be deleted.

On one of the wallets as they know this is the case, they have done something else, however it also received community backlash: they allow the user to press a button that moves all their funds out of their account into the developers account. This leaves the user account empty.

But in both cases users can easily verify that they are being lied to: as soon as they re-enter their 24 secret words on any TON wallet, lo and behold, and with no surprise to use if you have been reading this far, their account is still there. It was not deleted, because it cannot be deleted.

As mentioned before, we understand Apple's ecosystem and most of us (though not everyone on the project team) agree with it, and also we understand Apple wanting to be seen to be caring about their users safety. But we would sincerely hope that Apple would not want to lie to their users or expect us to or force us to lie to our users.

If this were the case, obviously this chronicle will turn out to be long. And we'll soon know, stay tuned to the updates.

Convenience over Principles

We cannot speak for other wallets as to why they chose the convenience route, but we can hazard a guess that they chose to go into App Stores over remaining outside and fighting on core principles, which shows where values lie, and as earlier mentioned, sadly the norm for today. We promise you TonSafe will not do that.

If the App Stores will ban TonSafe for not complying with a vaguely worded policy which we do not believe applies to such cases, then we will not cave in. There are certain other beliefs we hold which prevent us from doing that.

Here is an analogy: let us say that TonSafe ends up with a long life and a community in years to come of millions of users. Will the founders be able to stand up and truthfully say they have always put users and core principles first? Or put numbers first?

If Apple had not taken its strong foundation principles seriously it would not be where it is today, and not be able to point to a long and proud history of keeping its users safe, secure, and protecting their rights and freedoms.

The Way Forward

TonSafe will formulate a response to the Apple request and we'll see if the matter ends there are clarifications. We'll not rush to get 2.0 into App Store no matter what it costs us, as we need to do this right. If it become a longer affair, we have this chronicle to keep you all informed.

Should we inform Apple about this chronicle? Fairness dictates that we do not want to influence any decisions via any form of external pressure, such as a public blog could do. And we do not believe that Apple would bow to such pressure, nor should it, unless it was warranted by some wrong doing.

We observe from a search of the web that there is a lot of dissatisfaction among developers with the Apple review process. Our own experience has been a mixed bag, but too early to conclude one way or another. Google's is generally much faster and likely automated, but we cannot compare apples and oranges.

On the other hand it could be principled to not keep a public record without asking Apple if they wish to know about the blog and its chronicle, should this assist in a fuller understanding of the issues so that decision-makers can make better decisions.

Let is be clear, we are not going to publish correspondence to and from Apple as such correspondence is privileged and it is morally wrong to share private or even business correspondence without mutual consent.

We also aren't going to make a big issue out of this at the outset, this opening article was produced simply to cover several bases in advance, in case things to not work out. This makes our life much less stressful later, if that be the case.

Consequently we won't (at this stage) be giving TonSafe users a blow-by-blow account, though we'll update such things in general in the comments, or via hidden posts only visible by clicking on a link. Major updates will produce a new post.

We also invite those of you who can translate this to another language, to kindly do so and post your translation into the comments below. This will again greatly assist many, should this series indeed become as long or longer than this initial post.

And whatever the outcome the outcome will of course be notified to TonSafe users.