I’ve never understood the business model of relying entirely on one other company for revenue. It might sound like a good idea at first, especially if the other company is being especially generous, but if the other company changes the deal, you’re shit out of luck:
Apple is shutting down an App Store affiliate program that shared a small percentage of revenue generated by third-party links to purchase apps or in-app content.
[…]
Apple’s decision comes as a sucker punch to outlets like mobile gaming news and reviews site TouchArcade, which has long relied on the App Store affiliate program for a significant chunk of its revenue. As TouchArcade editor Eli Hodapp writes in a despairing post, the loss of the “reliable” affiliate revenue stream could very well kill the site, which will now lean more heavily on Patreon donations and Amazon affiliate links to stay afloat.
“I genuinely have no idea what TouchArcade is going to do,” Hodapp writes. “It’s hard to read this in any other way than ‘We went from seeing a microscopic amount of value in third-party editorial to, we now see no value.’ … I don’t know how the takeaway from this move can be seen as anything other than Apple extending a massive middle finger to sites like TouchArcade, AppShopper, and many others who have spent the last decade evangelizing the App Store and iOS gaming.”
Maybe deciding what TouchArcade will do if Apple cancels its affiliate program is something that should have been considered earlier. Especially since not too long ago Apple changed the terms of its affiliate program to reduce the amount of money affiliates received.
Threat modeling isn’t an exercise that should be performed exclusively by a company’s security team. Security threats are just one kind of threat that businesses face. Loss of revenue sources is another threat that must be considered.