There's several very good provisions in this legislation (3rd party payment processors, non-preferential treatment for 1st party apps), there are several that have a mix of upsides and downsides (sideloading is one--I personally like knowing that Facebook can't ask people to sideload some privacy destroying crap on iOS).
Then there's:
- Allow developers to integrate their apps and digital services directly with those belonging to a gatekeeper. This includes making messaging, voice-calling, and video-calling services interoperable with third-party services upon request.
- Give developers access to any hardware feature, such as "near-field communication technology, secure elements and processors, authentication mechanisms, and the software used to control those technologies."
Apps will use near-field communication technology and other mechanisms to track us (consider how many device related APIs have restrictions in web browsers for just this reason), and I think it's credible that the interoperability requirements are going to be used to smash end-to-end encrypted messaging. You can have a decentralized end to end encrypted protocol. Can you retrofit every existing messaging service to use it in the short-term? Probably not.
As an end user, the things that give developers maximum freedom are not necessarily the things that let me use my device with maximum freedom. I support people who want a FOSS device that is in no way locked down. I just don't want that, because I don't want to play systems administrator for an always on tracker in my pocket.
Can we stop pretending that Apple has the users best interest in mind? They just want to be the gatekeeper for lucrative applications/functions so they can charge for it. That they somehow convinced apple users that it's somehow in their interest just shows how good their marketing is.
Apple is a company, and it’s interested in making profits. Right now, its methods of making profits are slightly more aligned with what privacy conscious users desire than some other companies’, and that’s good.
Apple absolutely needs to be checked in other ways—-the fact that it’s selling advertising while setting policies that hurt other advertisers stinks to high heaven. Let antitrust rake them over the coals for that.
Apple sets a restrictive and privacy-centric set of rules for advertisers, which it then follows. The fact that this is a problem for other advertising companies is an indictment of those companies and their bleak surveillance-enabling business model.
Contrast this with the "use WebKit or go home" rule, which, like it or not, is favoring Apple's product over others. It's not like these advertising policies are "be headquartered in Cupertino", it's "if you want to track our users you must ask them first".
Exactly. This is the popup for app store personalized ads[0], which is a full-screen popup that forces you to choose one or the other before you can access the app. It's super transparent and easy to decline the personalization.
The entire iOS operating system works that way now.
I dislike it. I think buttons should be buttons. But this isn't a special case, so unless you consider every instance of two buttons looking this way a dark pattern, this one isn't either.
> unless you consider every instance of two buttons looking this way a dark pattern
The entire point of this pattern is to guide the user into a "default" option so using it for anything where the user is suppposed to provide informed consent is a dark pattern. The only places where it is not a dark pattern is where default choice actually aligns with the interest of the average user and I think that is hard to argue for a choice whose purpose is primarily to be allowed to better manipulate the user into spending more.
That pattern may be reasonable for "Are you sure" kind of requests for actions that the user explicitly wanted - because then there really is a sane default; we expect the user didn't click on some button by accident. But it's not reasonable to portray questions that are asking the user to agree to something they did not explicitly want; that's just trying to trick the user to make the annoying popup go away by clicking the big button. There's no sane default here, so none should be preselected (and ideally, the layout of confirmation dialogs and agreement dialogs would not be identical in the first place).
It's a dark pattern, and I really doubt it's accidental.
That's a reasonable perspective that I hadn't considered, and probably makes even more sense to people who barely used/use desktops in the first place.
I still don't like it! But I also never had any trouble using it. Except Apple Music. Don't get me started.
If you ever interview apple developers for other companies, or just inspect what is being sent to apple's servers constantly from their devices, you'll realize that apple is recording A LOT of very private info about their users.
Apple is very much a 'private from everyone but apple' company, they smartly just don't talk about it out loud. For their high level apps like TV and such, have things like privacy review. But their security, activation and map parts do record a lot of info.
Maybe that will work in practice but you have no way of knowing if it does. There is nothing really preventing Apple from sneaking tracking data through the notification channel (not to mention that centralized notifications are already a juicy opportunity to profile and track users) or retaining the data and sending it off when you do OS updates. Once a company has shown willingness to go against your interest you can't really trust them. The only real solution is to use software that respects you and increasingly that means only open source software.
If a large corporation officially advertises to enterprise customers a bounded, testable claim (e.g. traffic to these IP addresses is limited to notifications), then that claim can be subject to ongoing audit by the IT teams of multiple, independent, enterprises.
Verified accountability is far superior to trust. Step 1: vendor corporation makes a bounded, testable, claim.
This question is quite ambiguous about scope and definition. In the context of Apple’s tracking protections, tracking is defined as sharing identifiable information about a customer for advertising or marketing purposes. Nothing more, nothing less. Apple could collect all the information they wanted to about you from all their various products and services, and that wouldn’t be tracking. Under this definition, data they don’t make available for advertisement targeting or attribution isn’t tracking.
This is a great point. You could probably sum up Apple’s strategy as “capture the most lucrative market through initial quality/vanity, learn more about it than anyone else, then ring-fence it and protect it.”
They aren’t a monopoly as long as you don’t consider income demographics.
I think is whole platform-holder strategy is where antitrust legislation needs a significant update. We must recognize the inherent platform lock-in and the effective monopoly over the platform even if there are other platforms that the users could theoretically switch to and regulate the platform holders accordingly. Anything else would be akin to ignoring a monopoly just because alternatives are available in a different town or country.
The linked article lists a bunch of those. Most of that bullet-point list of required or conversely prohibited behaviors apply to Apple. And all of those are justified only by self-interest.
Incidentally, that doesn't mean the alternative has to be the wild west - that's a false dichotomy. Controlling access is fine; it's simply not fine that it's the platform that holds exclusive sway, especially if the answer is "only if we're the ones providing that app."
This thread is about Apple’s privacy rules for App Store developers, and it’s not plainly obvious which items in the EU proposal enhance those protections at all, but the person I was responding to was insinuating that those protections have self-serving flaws.
Is that distinction really helpful? The App Store has _rules_ some of which relate to user privacy, and some of which are in a grey area, and some of which don't relate to user privacy. Is needing to use Apple's payment provider a privacy protection? If you squint just right it might be.
I'm sure there are some subset of app-store rules that taken by themselves, without the context of the other app-store rules are not self-serving. But that doesn't mean the rules overall are - and that's the reality that competitors need to deal with. Unlike apple, they can't change the restrictions they need to comply with. Both in actually immediate sense, and in a more meta process sense Apple has an unfair advantage they can and do exploit to extract tolls from the interactions between users and third-party providers.
The fact that some of those protections also protect user privacy to the extent the user stays in Apple's walled garden is almost akin to blackmail: rather than trying to protect the user's privacy regardless, they've tied the user's privacy to the Apple ecosystem. It's all or nothing. Would be a shame if anything happened to that privacy of yours - are you sure you want to leave our walled garden? There aren't any other curated gardens (we made sure of that!), and your device unfortunately has no way to safely and conveniently opt in to risks worth taking, so it's our way, or the wild west out there... oh, and if you really want the wild west, we'll take your hardware too, you'll need to use android, and we use obvious UI patents to ensure it's inconvenient to switch a lot.
It doesn't take an evil, machiavellian plan to end up in a situation in which the rules are so slanted in Apple's favor. All it takes are lots of tiny by themselves reasonable features - but steps that are always tested against Apple's interests, since those get a voice in the decision-making process, and rarely tested against third-party interests. It may well be that Apple was well intentioned in its privacy rules, and that those rules truly do protect the user - yet still have those rules stifle competition in a way that also harms the user down the line.
That’s not what people are saying though. Whether or not apple cares about its users is completely irrelevant. The question is whether apples incentives align with its users better than other tech companies. The answer pretty clearly seems to be yes, apple makes most of its money by selling hardware, their incentive is to make a product people enjoy. Competitors make most of their money selling ads, their incentive is to lock users in while maximizing the number and effectiveness of ads served.
All good apart from this. Apple does this magnificently, ie closed hardware protocols. For example there are significantly better earphones than airpads pro (and some cost +-same), but good luck getting same level of integration over apple's proprietary protocols.
While rest of whole universe at least tries to adhere to open things so we users have freedom in how we design & evolve our electronic setup, they have basic support for stuff like bluetooth and superb for their proprietary protocol. If some random chinese company can make seamless aptx hd integration with their buds, so can apple. But it won't.
Thunderbolt vs USB. Again whole world vs Apple. It required... who else than our sluggish EU to come up with way to end this cable madness that would otherwise continue forever. Seen enough 40 euro frayed cables for one lifetime. For me this was a one of few breaking points between Iphone 13 pro max and Samsung S22 ultra. I am currently very happy user of the latter. That's hardware lock-in like hell.
Maybe you mean Lightning vs. USB? Well, it turns out that while a whole committee was designing 15 different and confusing standards over the past 20 years, Apple designed two, and they work.
Now it's suddenly "Apple vs. the world" because the USB committee managed to spit out a semi-functional spec that ... Apple was the first to actually go full in with their desktop offerings, pissing so many people off.
Apple was involved in Thunderbolt from the beginning (and from all accounts was a major driving force for Thunderbolt in the first place) and is part of the USB-IF. The only time it lagged in adopting a new USB version was because Intel was dragging their feet for USB 3.
Some people just cannot understand that they have different strategies for desktops/laptops and mobile phones and go with “Apple walled garden bad”.
> Apple was the first to actually go full in with their desktop offerings, pissing so many people off
And also more or less designed the connector, apparently.
Umm, Thunderbolt was developed by Intel, in cooperation with Apple. And IIRC, Apple is a member of the USB consortium. Too bad design by committee sucks and has led to the disaster that is USB-C.
USB Type C is the connector and isn't a disaster. You could argue lightning is a better connector, but it's not _that_ much better. Thunderbolt 3 and 4 use the USB-C connector.
The USB naming of the protocols:
USB 3.0,
USB 3.1 Gen 1,
USB 3.1 Gen 2 -> USB 3.1 Gen 2 x 1,
USB 3.2 Gen 1x2,
USB 3.2 Gen 2x2,
USB4 Gen 2x2,
USB4 Gen 3x2
is ridiculous without even getting into the complexity of the protocol
I think USB 3.0 being renamed into USB 3.1 Gen 1 and then into USB 3.2 Gen 1 into just so that manufacturers can market their devices with the latest USB numbers should really count as false advertising.
"They just want to be the gatekeeper for lucrative applications/functions so they can charge for it."...on the platforms that they have developed, invested in and are maintaining, which also don't hold a market majority around the world.
"...they somehow convinced apple users..."...by making a product that fits Apple users' needs in a market that always had lots of competition, meaning that those who for whatever reason didn't want to use Apple products could always pick anything else.
That's not the point.
"Anti-competitive practices are business or government practices that prevent or reduce competition in a market.". The point of me mentioning that Apple is not the market majority was to emphasize that even with their current positions, Apple isn't capable of effectively reducing competition in the market of electronic devices, as is already proven not by legislative bodies but the market.
Just because there is someone with more market share than you does not mean that your actions can't squeeze smaller players than you (or, more commonly for apple, squeeze players in adjacent markets. See: Spotify vs Apple Music).
True that.
"See: Spotify vs Apple Music". Considering that Google has their own streaming services and takes same 30% cut, i truly wonder why Spotify didn't address their "anticompetitive practices".
I thought Apple was the more profitable platform however, also to develop for, which would imply that anti-competitive practices could deform the market because developers would be forced to bow to Apple since that is where the largest part of their profits would be coming from?
Considering that the definition of "anti competitive practices" is beyond stretched at this point, it's safe to say that those very practices are one of the reasons iOS is profitable for developers: they don't need to worry about piracy as much as they do on Android, because Apple learned the key lessons of phone manufacturers of the past.
They don’t want to reduce competition in the market of electronic devices. They are in the business of service relationships with people with lots of disposable income.
Apple turning the Music Player app in Apple Music allowed them to catch a huge part of the market that had never interacted with music streaming before. Extremely anti-competitive. IMO when they did that they should have immediately been forced by the EU to instead show a pop-up that also gave the option for Spotify, Deezer, Tidal etc.
While I agree that Apple had a severe advantage in the case of Apple Music, it's also pretty clear that the advantage manifested because consumers who would otherwise be unobtainable were enticed to buy into the offering. It was an uncaptured market.
As a byproduct it does give a measure of privacy so what's it to you if apple users just don't care about your idea of freedom? I hope this European legislation at least lets apple customers opt-IN to these new features or choose the old way of doing business. I would prefer to keep access footprints to a minimum to stuff like NFC, contacts, hardware APIs, apple pay, etc on my phone.
In theory you already have the choice of opting-in by choosing not to install apps that utilize NFC, hardware APIs, other payment processors, etc.
But that's if nothing changed. My concern is that if companies are given the opportunity to have their own stores, and their own payment processors, we're going to end up with de-facto-forced-install of a store and acceptance of terms, and it favors companies that already have a strong presence in the marketplace. I might want to use WhatsApp, but now I need to install Meta's store, and I'm required to give it access to a blanket set of permissions.
And guess who doesn't have the power/influence to get you to install a custom store: The small devs, the new entrants, the challenger apps.
I absolutely agree that corporations and their apps need to be kept in check, but giving one for profit company with its own motives control over that is not a good solution.
Better would be
a) to give the user control over permissions in a way lets them deny ALL permissions without the app being able to know that it was even denied the permission wherever that is remotely possible and
b) to restrict what what market leaders can get away with which should not just apply to Apple but also to hugely popular apps
c) to require interopability from social networks and other communication platforms to counter network effects.
The entire tech space is still a wild west in what corporations are allowed to get away with and eventually what will need to change if individuals are to retain any control over their digital lifes.
In the EU privacy is assured by actual legislation in the form of the GDPR, and I expect Apple can get away with demanding compliance with that set of laws before putting something in the appstore if they really worry about privacy.
And you think words on a piece of paper are going to be enough? You can't legislate privacy into existence if you're constantly broadcasting all the data yourself. It's better to not broadcast the data in the first place, but that's not the route we've chosen.
If you're going to level this accusation about what Apple supposedly "wants", you should at least have the common courtesy to support it. In any way. At all.
Or just admit it: you're making it up, especially the part about what Apple "wants". And the part about what Apple will supposedly charge for.
Jobs didn't want apps on the iPhone at all and later insisted on having the App Store being the only way to distribute apps.
The only reason why we attribute today's Apple as "greedy" and not Jobs-era Apple as such is because you have fonder memories of him. Also, Jobs was a master of the reality distortion field and could explain things easier than today's Apple could. But none of that changes whether or not locked down devices are anticompetitive or not, just whether or not Apple's own fans are complaining about it.
Furthermore, there are pro-consumer justifications for Apple's uncompetitive behavior. In fact, that's Apple's whole defense against the antitrust inquiries it faces: the digital warlord's walled garden is for the protection of its serfs, and if the serfs don't like it they can surrender all their property and swear fealty to another digital warlord.
People seems to equate everything that Apple are doing today originate from Jobs. And therefore every single sin ( if you call it so ) means it was also Jobs idea.
What people dont realise it was the best model at the time. While Jobs approved the iPhone 6 design ( or a "bigger screen" iPhone ), he died during the iPhone 4 era. When Apple was about to repeat the same mistakes as it did in the 80s /90s.
As if Steve made iPod to only buy or listen music on iTunes. He got rid of Music DRM, single handedly.
It's not that Wozniak wished users ill, but, for all his technical skill, there's little evidence that he had a particularly good understanding of what users wanted or needed — his post-Apple career is basically marked by flop after flop.
Now, of course, it's all different, and his blockchain surely is going to revolutionize the world: efforce.io /s
And if anybody on HN actually read Apple's Annual report every single year before the iPod even came out, they would ( or should ) have know how Apple's money or profits works very differently from Steve to Tim Cook's era.
Apple makes peanuts from the App Store relative to phone sales. After they upped the cut for developers to between 70% and 85% and CC companies still get their cut, add customer service and app reviews and it simply isn’t that profitable.
What they benefit from is selling 1,000$ phones at a 30+% profit margin, because for the average consumer they simply work better. Which actually aligns incentives between customers and Apple quite well.
Apple's App store revenue is very substantial and likely has very low overall costs and microscopic per-unit costs relative to a hardware business like iPhone or Mac. Apple paid out $45 billion to developers in 2020 with $64 billion gross, which means they had as high as $19 billion in revenue from the app store commission alone.[1]
Unfortunately Apple doesn't break out profit per category but we know that their net income for 2020 was $58 billion [2]. As far as I'm aware we don't know operating costs for the App store, but I think its fair to say that the portion of the ~$19 billion that is profit is far from being "peanuts".
Apple annual gross profit for 2021 was $152 billion.
That ~19B in 2020 is before CC fees on 64B or internal expenses. App stores have a lot of customer service and charge backs on relatively tiny purchases. Actually reviewing apps isn’t cheap either, and all the relevant IT adds even more expense.
Further they upped the developers cut to between 70% and 85% from the flat 70% in 2020. So sure they might make 3-5 billion from the App Store in 2021, but that’s like 2% of total profits.
Net income is, imo, a better number to use given the sheer amount of R&D that goes into developing Apple hardware that is necessary but unaccounted for in gross profit. further, if we are looking at 2021 their App Store gross revenue went to $85 billion.
> That ~19B in 2020 is before CC fees on 64B or internal expenses. App stores have a lot of customer service and charge backs on relatively tiny purchases. Actually reviewing apps isn’t cheap either, and all the relevant IT adds even more expense.
I don't disagree with any of that, but I don't think its anywhere near 2/3 of revenue after developer split. I don't have any evidence for that because Apple is very secretive about those numbers, but I think level with which they protect that information is evidence on its own. if Apple were making a piddly 3-5 billion on $65 billion in gross revenue they would be screaming it from the rooftops to (rightfully) justify their 30% cut as being reasonable.
> Further they upped the developers cut to between 70% and 85% from the flat 70% in 2020.
the app store is extremely top heavy with top devs being responsible for a huge amount of the revenue. The policy is great for small devs but the aggregate split is probably still much closer to 30% than it is to 15%.
Defending their cut based on expenses is a losing strategy because if they 2 billion dollars or 20 Billion anyone would love to have that income stream. Further stating their actual costs simply invite the idea of competition lowering prices.
Apple clearly wants to profit from the App Store, but just as important to them is maintaining the ecosystem and the mountains of cash iOS provides when change means risk.
> at 5%, cc fees would result 2.9 billion. So more like 16B in profit
So you assume they can do all the stuff I just mentioned for 0$ and changing their fee structure had no long term impacts on profits.
Also your math doesn’t work out if 5% of 64B = 3.2B, though 25% or 64B is 16B. Not that actual CC fees are 5%, or that their old revenue model is relevant any longer.
Ya, maybe they meant this article[0]? If so, then it's 60B going to developers, and some quick math there indicates Apple only made 15B from their cut.
> Apple said Monday that it paid developers $60 billion in 2021, a figure that suggests that App Store sales continue to grow at a rapid clip.
15ish billion isn’t profit. They still need to pay credit card fees, do customer service on low value transactions, actually review apps, run data centers etc.
> how much does it cost to run the App Store globally? Do have the numbers?
I think that anyone who thought about this for even a second would come to the conclusion of "It almost certainly doesn't cost anywhere near the amount of revenue that comes from it".
So the answer is, probably not a lot, compared to revenue.
I dunno… I figure just the bandwidth costs, not to mention data center/cloud costs, for the constant stream of apps being deployed/updated is pretty significant.
I could expect them to be moving multiple terabytes of data per hour.
Interesting plot twist you have there. No one at Apple ever actually said that of course but if it was true the distribution was made more expensive by preventing the use of apps on desktop computers.
However, anyone can seed from any system and that lots of people have unlimited plans and/or good wifi.
You could have a static store app with the phone manufacturer providing a feed with names, descriptions, pictures and checksums. Everything else could be distributed over a p2p network. Unpopular apps could be slow to download with the developers server having to patch holes to keep the file alive. Popular apps would have usable numbers to hint at their popularity.
Most apps need internet anyway. (Billing wouldn't be a problem.) I see a thousand pages arguing hosting for an app costs between 70 and 320 per month. I have no idea how true that is or how far apps can live from the average.
It does seem logical to assume with a reasonably smart distribution scheme p2p could also reduce that bill for somewhat more dynamic content.
I'm really impressed by how many useful and fun mobile apps were created. In the 90's I thought nothing was worth using on a mobile device. I was very wrong about that.
I now think it is equally wrong to think the 30% is not dramatically reducing interest in mobile development. Personally I wouldn't touch it with a 6 foot pole. I do web apps that are like websites, they have very limited access to the features of the device.
While I applaud these new regulations it is kinda lame it took them this long.
The near-field communication have a clear reason. Apple was only allowing access to their own banking app as a payment provider in shops. As I understand there was not even a way to get access with any kind of forms or such if you had a competing plastic card firm. That is pretty much the only reason that clause is the legislation.
> there was not even a way to get access with any kind of forms or such if you had a competing plastic card firm
What does this mean? Apple is not a payment processor. The banks sign deals with Apple put make their cards available through Apple Pay, but the payment still goes through the payment networks (visa, mastercard, amex) and the banks.
A example from Denmark would be MobilePay [0] which is the most use payment solution for mobiles in Denmark. They would like to make it possible to use NFC to transfer information about a transaction in shops, but cannot do that on Apple Phones. Instead they rely on QR codes and short number codes for payment.
They cannot in any way get NFC access on Apple devices as it is now.
Another and probably more relevant concrete example of the above is the Danish Dankort [1] which is a national equivalent of visa/mastercard/amex. Again they cannot use NFC for their app. Some banks have signed contracts that allows their users to use Dankort with Apple pay, but it is not all of them yet. I don't know if there is any fee or similar to Apple pay tbh, but if there is then NFC acces should not be monopolized by Apple.
They aren't a payment processor, they are a payment provider. You are correct that most banks have deals with Apple and thus cards are available, but Paypal, Venmo, Cashapp, Google Pay, etc. can't be used as a default payment provider for purchases on the iPhone.
Apple reportedly makes about 0.15% of each purchase through Apple Pay[1].
Of course they can’t, because they’re not credit/debit cards. What’s the PoS going to do with a PayPal NFC? Nothing. It’s like complaining they don’t support bitcoin - neither do the stores!
There are lots of payment services that are not credit/debit cards and are widely used (swish in Sweden is another one). All these cannot use NFC on IOS.
Apple can dictacte all the conditions and if they don't like anything, $PaymentNetwork will just not work with Apple devices at all with no option to change that by installing another app?
> Apps will use near-field communication technology and other mechanisms to track us
So, then do not allow any apps the NFC permission... problem solved.
The point is, Apple should not be the one dictating what users can and can not use;
Example: on macOS you can disable SIP. 99% of the people i know do not even know what SIP is, nor that this possibility exists. However, if we/Developers/researchers/etc. want it, they can choose to do as they like. Which is really useful.
Researchers should not be limited in finding (security) flaws, neither should users be limited by Apple to use their hardware as they wish.
The main problem is that users can be tricked to do it. Used to happen to my parents all the time on Android. They'd install random apps and the website will "guide" them how to install this app by going to settings and enabling "untrusted developers".
This is my issue with all these devs screaming at apple. Your customers chose a product for whatever reason. Don't like it? I don't care - respect their choices. It speaks volumes to me how much they will respect me and my privacy when they want to optimise for their own profits instead of my XP and privacy.
By that logic, Apple should only allow phone calls from callers they consider trusted, because any call originating from a non-trusted phone number may be a scam phone call, and someone may fall for it.
Do scam phone call exists? Yes. Do people fall for it? Yes. Does apple block all untrusted phone calls, with no opt-out, as a result of this? (AFAIK) No.
(I could also make the same or similar arguments for web pages, music, podcasts, books, movies, or even apps on their other OS and so on... but phone calls seemed the simplest one to present succinctly.)
That was ground already lost by the time Apple introduced a phone. Sort of like how they can’t lock down macOS in the same way. But given iOS was a fresh start they locked it down from the start so they didn’t have to claw that locked down experience back.
> "The main problem is that users can be tricked to do it."
That's because the GUI is badly implemented;
On macOS, your parents would never disable SIP (system integrity protection), because it's quite cumbersome to disable and there are enough warnings and hurdles.
This is already has been reality for years: it is simply not an issue.
young children don't know any better. hell many teens don't. older people get dementia and go senile. Not everyone is tech savvy.
And selfishly I don't want to have to continually be on guard with my phone and worry about "making mistakes". Don't go forcing your world view on a product i have selected in large part because of the restrictions it places on developers, especially when you have the larger android ecosystem giving you it.
The problem is the older, senile or tech illiterate folk who can be coached into disable the blocks and installing spyware. You don't like it buy an android its literally that easy to avoid if you want the freedom.
Enable the setting to block third-party app stores - something which will 100% guaranteed to be there - and be happy while the rest of us who want consumer choice can also be happy. Win-Win.
that doesn't help the tech illiterate or senile parents who can be coached into disabling it to install spyware. And right now you can just not buy an apple device and have your choice while the rest of us can continue buying apple for our parents: win-win.
You can already restrict apps with a unique passcode today. Will work for senile parents or children.
However, as a sane, functioning adult, I don't have my choice on the iOS platform - I cannot use native Firefox. I cannot make my apps without paying the Apple dev tax. I cannot distribute to my circle.
People are easy to manipulate at scale. The idea that people are rational agents who can make educated decisions as consumers is deeply flawed. Yes, people _can_ make educated decisions, but more often than not, they don't have the requisite knowledge to make an informed decision. Letting those consumers get scammed because they aren't technical enough isn't a good solution to complicated problems.
With the same logic, setting sane defaults and putting “dangerous” options behind enough GUI options will give you the best of both - no (statistically) people will be motivated enough to press n menus deep for a setting, while the few that want full access to a very expensive device they supposedly own get to use it to its max.
Letting people decide what permissions on their apps is the middle ground.
The extremes are letting Apple decide what you can and can't run on your phone, or letting apps decide what you can or can't run on your phone.
That some people are too ignorant to set phone permissions is their problem. We still sell sharp knives even though people cut themselves all the time. Demanding Apple protect us is the digital equivalent of banning anything sharper than a butter knife.
So many people in this thread seem to be arguing I should not be allowed to choose Apple’s model as it is today, “for my own good”. The article is about explicitly outlawing parts of their model.
How’s that for personal agency and not infantilising me?
No, for the common good. We are all harmed when Apple or Google can decide which businesses will succeed or fail, which apps get censored and which are allowed.
Can us common people get to decide what the common good is, or is that exclusively your choice?
Censorship is something governments do, not private companies selling an optional product.
If the greater good is a free for all app store, then let the greater populace decide that by choosing that product, not by outlawing the alternatives.
> Can us common people get to decide what the common good is, or is that exclusively your choice?
This legislation is the result of democratic process - i.e. decided by the "common people", if indirectly.
> let the greater populace decide that by choosing that product
"The only legitimate power citizens have is that of consumers, not voters." - shall we also decide to only buy from companies that don't use child labor, and don't put toxic chemicals in food, and don't pollute, or are those areas something where legislation is legitimate, while reigning in anti-competitive practices for some reason is not okay?
> This legislation is the result of democratic process - i.e. decided by the "common people", if indirectly.
Do you know that for a fact? The EU is famously opaque to its voters. What is being done in the name of the voters is likely for the most part entirely unknown to said voters. Very likely many more EU citizens have “voted” on this issue in a more direct fashion by buying Apple products. Should we disregard their opinion in favour of the opinion of a few bureaucrats four levels removed from the common people?
> shall we also decide to only buy from companies that don't use child labor, and don't put toxic chemicals in food, and don't pollute, or are those areas something where legislation is legitimate, while reigning in anti-competitive practices for some reason is not okay?
Ehr, yes? Shouldn’t we decide to avoid bad companies? Reminder that this subthread is about not infantilising people. I do believe people make such choices all the time, to avoid child labour and what not. What’s more democratic than a vast majority of people making such choices without coercion?
> Ehr, yes? Shouldn’t we decide to avoid bad companies?
What I clearly meant was if that should be the only defense we have against such companies. Or should we also have things like food and work safety regulations, and anti-child-labor laws.
> What’s more democratic than a vast majority of people making such choices without coercion?
Consumerism is the ultimate democracy, voting for laws and representatives is tyranny...
> Very likely many more EU citizens have “voted” on this issue in a more direct fashion by buying Apple products.
Can you honestly tell what exactly they voted on? I voted for the good hardware and privacy-aligned actions, which did overcome their closed, proprietary-only software’s problems. By your logic, my vote should count towards the latter as a goal.
I can’t tell what the buyers of Apple products voted for exactly, but neither can you tell me what EU voters voted for when choosing their rep.
I mean here we have a law proposed by an unelected body (the European Commission), now being ratified by the European Parliament. The EP is elected (with ~50% turnout) but decides numerous issues (thousands? Tens of thousands?) in an election cycle. When voters elected their representatives how much thought did they spare to walled garden app stores?
Although both are indirect expressions of opinion, buying an Apple product seems to be a clearer endorsement for their model than voting in EU elections by a long shot.
Not sure if it is comparable. If the EU would ban Apple products than sure, but regulating the platform should not be only an Apple-issue. These private companies are so big that they have considerable impact on the public, so I think it is only fair that the public gets a say as well (in the form of indirect democracy, as we don’t have better).
> Censorship is something governments do, not private companies selling an optional product.
Since when? Private companies have exceedingly large powers and they are not chosen in a democratic manner by people at all. Apple could on a whim cut me off from most of my data or impersonate me, facebook feeds false information to whole countries, swaying public opinion.
At least most governments are more-or-less democratically elected.
This is why I've bought my mother in law and my mother (both retirement age) an iPhone SE.
Zero support calls since then. I don't have to worry about them installing some spyware crap on their phone, Apple is taking care of that. All I actually need to do is to educate them not to click on any link in any message, email or SMS. And not to buy anything over the phone.
> As an end user, the things that give developers maximum freedom are not necessarily the things that let me use my device with maximum freedom.
From the article's list, even the ones that are described with "allow users to" are firmly aligned with 3rd party developer's best interests, not aligned with the end user's best interest. There was once a time when these were roughly the same, but I don't think anyone can agree this is true anymore. It's gotten so bad that I'd guess that the platform owners' interests are more closely aligned with the end user's interests than 3rd party developers. It's more of a triangle though with nobody's best interests aligned.
> I personally like knowing that Facebook can't ask people to sideload some privacy destroying crap on iOS).
No company like Facebook requires app side loading on Android. The side-loading is used for other apps that one way or another couldn't be on Play Store. For example other stores (F-Droid is the most popular with open source applications) or other apps that one way or another are not allowed in the store.
Another example is GPSLogger[1], Play Store makes it very difficult to support older versions or Android. Author got frustrated and just moved to alternative store.
Smartphones would be far more useful devices and we would have a far healthier software landscape if developers could just access these features and deploy software as is. It is the official provisioned apps through proprietary stores that track users far more than apps you can download and install on other systems. Apple would deny this but they have a clear business incentive here.
Sure, the user would have the responsibility again but it is easy to explain to them that they shouldn't do anything they have no idea about.
> As an end user, the things that give developers maximum freedom are not necessarily the things that let me use my device with maximum freedom.
No, that is usually untrue and the distinction is arbitrary. The exception is malicious software perhaps but this is an edge case. But even with that the user can choose to just don't install software he doesn't know. You can be pretty sure the average FOSS device will track you far less than Apple or Google alternatives and it is not even close on pretty much all metrics. You also don't need to play administrator if you don't want to.
What tracks you is the random H&M app that has access to bluetooth you got provision through the app store.
All that already exists on Android and the negatives didn't happen (with modern android versions), on the contrary. My phone supports multiple payment vendors using nfc. I can have Tasker do magic with my phone etc.
Why not just have EU draw up specs on a phone that apple and android phone companies have to adhere to. Why allow any variance at all? Surely a one size fits everything approach would be best for the consumer, and designed by the EU government brain trust it would surely be the best?
It will not be a benefit to consumers. If I have a choice of an Android phone or an Android-like phone with an Apple logo on it, I don’t have a real choice.
> Simply only use the Apple app store and you will have the same phone you had before.
That's not really true. Apps you need and currently use may well be moved from the Apple app store.
For example WhatsApp. Some people have to use it, not because they want to. Some have to use it for work. One day they may have to install the Meta app store to get WhatsApp, and agree to permissions and access to their personal data that they don't like at all, because there will be no gatekeeping pressure from Apple on WhatsApp to not do that.
Maybe Chrome, the world's only browser by then that most sites are tested on, will require the Google app store with special advertisement and behaviour influencing hooks enabled. Don't like them? No Chrome for you and your banking website doesn't work on your phone.
Maybe the banking apps will move to SecurTrust Special Banking App Store With Device Verify(tm) too.
> Apps you need and currently use may well be moved from the Apple app store
This is isn't the case on Android.
> For example WhatsApp. Some people have to use it, not because they want to.
That's already a separate problem and hopefully also one that the EU will address. Imagine if to call someone you'd have to sign up with the same provider as them. That we allow this kind of mess in the the software world is pure insanity.
Legislation is simply lagging behind technology but that is an argument for updating legislation to deal with the modern world, not for letting a private company play judge, jury and executioner.
> Some have to use it for work. One day they may have to install the Meta app store to get WhatsApp, and agree to permissions and access to their personal data that they don't like at all, because there will be no gatekeeping pressure from Apple on WhatsApp to not do that.
If your work requires you to install something on your private phone that is not completely isolated than that should also be regulated. If its on a work phone then your work should be interested in restricting what the app can do.
No, because apps will be moved to other stores with less strict guidelines on permissions. Meta will for sure do it. They mentioned Apple as a major reason for their poor financial performance, after Apple introduced further restrictions on what they can and can't do. They've also been caught red handed before, and had their enterprise developer account disabled for abusing it to do things they weren't allowed to on end user phones.
And why Apple should be the arbiter of truth in the question? They are free to make the UX for enabling side-loading as inconvenient as they want (I haven’t heard anyone accidentally unlocking dev mode on Android for example), and presumably Facebook is not big enough to overcome that burden, effectively still forcing them to play by Apple’s rules. But why should everyone do so?
No, a device I bought from them is very much not their hardware, but mine, I should do as I please with it.
And can we just stop this “you can buy android” bullshit? 2 is not a choice, and there are fundamental reasons why a 3rd competitor can’t exist right now, so competition can’t produce a better product, hence we are left with market regulation by governments to not let this oligopoly get away with everything.
> No, a device I bought from them is very much not their hardware, but mine, I should do as I please with it.
This argument falls apart when the “device” in question is a car or PlayStation though? You most certainly cannot do whatever you please with a car for obvious reasons. You most certainly cannot install any game on a PlayStation unless Sony approves it.
More importantly, the pov you hold is a ableist attitude. A device that controls your communications (either to your bosses at work or loved ones at home) or that deals with your financial or health data can become a treasure trove to exploit among less tech savvy users.
A device a “less tech savvy user can do what they please” with is exactly the device that a mobile repair person in a store can convince the user to install BigEvil’s browser because BigEvil pays a commission to that repair person. Or that’s exactly the device the police or immigration customs agents can install spyware as a part of a “security check”.
Tech savvy users can do whatever they please with their devices. Feel free to jailbreak it and forgo any right to future software updates. After all, once you buy it — the device is yours. But you have no right to expect to receive continued support and features in the form of future software updates.
If apple has to drill holes in their hardware/software API for sideloaders, it is not the same. Known CCP agents like tiktok would love to sneak around any "securty/sandbox" and have more opportunities for attack.
> Allow developers to integrate their apps and digital services directly with those belonging to a gatekeeper. This includes making messaging, voice-calling, and video-calling services interoperable with third-party services upon request.
I would think this requirement is satisfied merely by providing a public API / protocol documentation for your protocol, to allow for third-party access and integration, not some weird backend integration that everyone has to support. This would have effects on business models of running chat services for free and it would have an effect on how they handle spam and abuse, but I honestly think both of these changes are likely to be for the better...
Now, I (importantly) have NOT read the actual law text yet, but given the high-level summaries I feel like a lot of people have been worried about this over nothing: having the ability to write a third-party iMessage client would ALLOW someone to build a server-mediated client for it, but I think that SHOULD be allowed, I don't think that in any way destroys the ability to create or use end-to-end clients and services, it would also allow people to build alternative e2e clients and even integrations (imagine a Samsung Android device shipping with iMessage support in their local client) without hurting the existence of end-to-end encryption.
> I think it's credible that the interoperability requirements are going to be used to smash end-to-end encrypted messaging
Why and how?
I already use Signal to handle the plain old, almost completely unencrypted text messages. It has no impact on security of Signal-to-Signal communication.
My take on this is that they want iOS to integrate RCS directly into Messages, given tons of other features are already widely supported by the os [0][1][2]. Google Messages (runs on top of RCS) currently only provides encryption when both sides are using Google Messages, so unless Apple and Google create a unified standard it won't be E2EE.
If Signal is forced to interoperate with e.g. WhatsApp, the end-to-end encryption of one or both will have to be compromised. If the integration is forced, then there’s no barrier for either app grabbing all the info from the other in plain-text.
> Facebook can't ask people to sideload some privacy destroying crap on iOS
That is arguably the responsibility of the OS and the user. Lots of ways to do that. Examples: Network, no network access unless use gives permission. App manifest lists up to 10 domains or "all". If "all", user is prompted "App would like to access entire network Y/N"?
What else is there? Camera access? Camera can be multiple permissions (a) User gives app full access (b) User gives app access only when app is active (c) User doesn't give access. Note: iOS already does a good job at this. I don't give the Messenger app access to my camera, nor do I give it direct access to photos, only selected ones.
Same with NFC etc. I'm guessing Apple will come up with clever ways to allow the user to limit access.
Bluetooth, no idea what they do here and I don't know bluetooth but I'd just guess devices have ids and the OS could require an app to list a limited id filter so an app can only talk to devices built for that app unless the user gives blanket permission
I suppose FB can put an app on another store that doesn't run without full access. If user says "no" then app says "can't run". That's fine. I won't run it. Individual stores are still allowed to enforce their own rules. I can't imagine Apple's store to not be the dominate store and therefore apps from it will be safer. (Unless someone steps up to make an even safer store ;)
I haven't read the DMA/DSA, so if this is actually written out in them then I'll happily be corrected here.
The way I see it, the EU probably doesn't really care if Apple keep ALL the restrictions they currently have on their App Store in actuality, as long as options exist on the platform.
So the solution to allowing access to NFC hardware will probably just be Apple opening up sideloading.
I personally hope that Apple implements sideloading in a way that allows those who don't want to use it to keep their device secure, and I'm confident they will.
Regarding the messaging platforms, I'm pretty sure the EU are not going to push us into a situation where E2E is broken, in fact, I was under the impression that the bills specifically required that E2E be maintained.
I'm worried that apps that does not honor user's privacy would just leave App Store and have users sideload their app. Sometimes users have very little choice about whether or not to use certain phenomenal IM/social apps since everyone is using them and it would be a problem if they can now force user to sideload their unrestricted/unaudited version.
Some might try this move, but my guess is that sideloading will involve enough friction that user retention will drop and developers will be heavily disincentivized from relying on it for distribution. In particular I expect that every update will require user action to re-install the new version of every sideloaded app, which is the reason most developers don't go that route on Android today.
Funnily enough that's exactly the reason why Epic sued Google - having to confirm every update and install through a scary dialog box was too anti-competitive for them.
Google responded by... actually, adding entirely new APIs in Android for sideloaded app stores to be able to update already-approved applications without extra permissions or approval. In fact, they even distinguish between "sideloaded app" and "installed app from a sideloaded app store" for security-sensitive things like custom accessibility handlers.
This still doesn't moot all of Epic's case, though. They want you to be able to download Epic Games Store from Google Play - i.e. no scary warnings or anything, just Google giving Epic a blanket sign-off on everything they sign off on. I'm not sure how I feel about this - it reminds me of the total and utter mess that was and is selling SSL certs to competing certificate authorities.
I absolutely agree, and I don't even fault Apple for trying to stop their shenanigans. I just want Apple to lose for entirely unrelated reasons from Epic's own nonsense.
Related note: Facebook's platform fees in their little VR chat thing[0] are actually way worse than Apple's.
As far as I can tell or care, most tech companies that have anything resembling a platform inevitably try to suck the life out of it and kill it. Apple is unique in that they've carefully calculated and balanced how much money they can extract out of developers, but they're still playing the same digital warlord game that I would much rather do without.
[0] Horizon Worlds, I think? IDK it sounds like the sequel to Horizon Zero Dawn
> adding entirely new APIs in Android for sideloaded app stores to be able to update already-approved applications without extra permissions or approval
Wow, that sounds great! Does F-Droid make use of those yet? Having to manually install every app update gets tiresome.
> Ban on requiring app developers to use certain of the gatekeeper's services (such as payment systems or identity providers) in order to appear in app stores of the gatekeeper;
One of the App Store restrictions is on code that can modify itself after installation. If that is no longer a restriction the the whole App Store restriction and review process is just pointless.
Maybe Apple will lift some of the App Store restrictions for Europe in order to reduce the need for sideloading. They certainly don’t want their customers to become used to sideloading all the time and stop primarily using the App Store.
Yeah this seems likely to me as well, I was more or less just making a point that there are more than one ways to be compliant with certain parts of the DMA.
This is what you call an awful dichotomy. Security Vs Autonomy... weaponized.
I agree with you. I also agree with the other side though. Allowing these monopolies to squat all the bottlenecks in protocols of media and communication channels is also intolerable.
It is perfectly reasonable for you as an individual to prefer privacy. It's perfectly reasonable for a regulator to strike at a problem.
Look... the can't provide the technical solutions. Mandate a protocol or whatnot. They might, maybe be able that eventually makes adoption of reasonably secure, open protocols happen.
WhatsApp can't be the end state. It appears to be the economic Maxima though.
It would indeed be bad if the requirement were to scream YOLO and allow all apps to always access potentially privacy eroding features like NFC. But surely the proposal isn't that - is it? If it's merely that the OS be required to be _allow_ NFC features just as it does for first-party apps, what's the risk exactly here?
I think these kind of special permission requests work at least sort of reasonably on web-browsers, and less brilliantly but acceptably on android. Yes, users will need to think before clicking OK, but the way those dialogs often work (and surely can work) means that they're no longer conveniently able to throw up take-it-or-leave-it modal dialogs. It's at least a little better than the nonsense that is an EULA.
But the real critical issue here is that we should not let ourselves be held hostage by apple. Yes, apple hasn't made it _at all_ easy to secure third party access to potentially privileged functionality. But... that's their _choice._ They choose to make a really high first-party moat, because that's convenient for them. But the alternative isn't throwing users to the wolves, it's actually thinking about how to limit access securely even while delegating access. If we have to wait until big tech decides to do that out of the goodness of their heart... we'll die waiting.
I think (and hope) the platform will still be allowed to pop up a “do you want to give this app permission to do Foo?” dialog, as long as it does so the same for all apps, independent of developer or app store it was downloaded from.
I also would hope the platform can still restrict browsers in what they can do, as long as that’s applied uniformly across all browsers, but I’m less certain about that.
Interoperability means that hardware and hardware related OS capabilities have to be accessible to third-party developers. End to end encryption isn't a hardware capability, it's software. Also, they only have to give them a mechanism to access it, they don't have to remove the already existing security mechanisms like notifying the user that an app has requested access to things user contacts or bluetooth. If users don't want to grant an app permissions that's not the fault of the platform developer.
> I support people who want a FOSS device that is in no way locked down. I just don't want that, because I don't want to play systems administrator for an always on tracker in my pocket.
There is nothing in this article which would prohibit the gatekeepers to extensively warn the user when accessing these features. Apple had tons of trust from its users. They can just say that this third party usage is dangerous one the first time and re - reporting bad usage later.
>Apps will use near-field communication technology and other mechanisms to track us
Ok, well, the EU mandates opening up this tech to apps, some apps then violate GDPR in various ways leading to big fines for those apps.
Now someone is going to say fines with GDPR have not been big enough, but I think they are slowly increasing (because really that is typical gov. policy, don't go in with big fines, start small, and later when hitting big you can say but we have been very reasonable), and also, just maybe the fines for people moving into a new field with predatory tracking from the get-go will get the big fines and be shut down quick.
you don't, you give them the maximum fine and they go out of business. If they don't pay the fine they are criminals, they get removed from platforms they are on.
Then there's:
- Allow developers to integrate their apps and digital services directly with those belonging to a gatekeeper. This includes making messaging, voice-calling, and video-calling services interoperable with third-party services upon request.
- Give developers access to any hardware feature, such as "near-field communication technology, secure elements and processors, authentication mechanisms, and the software used to control those technologies."
Apps will use near-field communication technology and other mechanisms to track us (consider how many device related APIs have restrictions in web browsers for just this reason), and I think it's credible that the interoperability requirements are going to be used to smash end-to-end encrypted messaging. You can have a decentralized end to end encrypted protocol. Can you retrofit every existing messaging service to use it in the short-term? Probably not.
As an end user, the things that give developers maximum freedom are not necessarily the things that let me use my device with maximum freedom. I support people who want a FOSS device that is in no way locked down. I just don't want that, because I don't want to play systems administrator for an always on tracker in my pocket.