> Alternative app marketplaces. Marketplaces can choose to offer a catalog of apps solely from the developer of the marketplace.
How does that count as a "marketplace"?
> Web Distribution ... will let authorized developers distribute their iOS apps to EU users directly from a website owned by the developer
All of this just makes it crystal clear what Apple's goal is: to prevent competition. It's not about security like they've been lying about; it's all about maintaining their app store monopoly.
Before this, if you had an alternative marketplace, you had to accept submissions from other developers. You are still allowed to accept submissions from other developers, but are no longer required to.
I suppose the point is that, if we're being pedantic (and after all, that is what the internet is _for_), you cannot have a single vendor marketplace based on the commonly understood meaning of the word 'marketplace'.
(But yeah, this is just slightly silly naming from Apple).
Isn't that kind of the point? The goal was to get out of Apple's clutches when your customers have their devices, so Apple made the thing meant to be independent even more dependent than the original in order to deter adoption.
The parent comment cited Web Distribution as evidence that Apple doesn't actually care about safety and security, when in fact Web Distribution is more secured than Marketplace distribution.
> The goal was to get out of Apple's clutches when your customers have their devices
Whose goal? Read the DMA. It is very explicit that it expects Apple to maintain security of devices and apps.
> Apple doesn't actually care about safety and security, when in fact Web Distribution is more secured than Marketplace distribution.
That's a contradiction in logic there. If they cared for security, they would choose the more secured option. But they didn't?
Either they then have provided worse security all along: web distribution could have offered more security than an app store?
Or they could have provided even better security in their app store all along: if they implemented this stricter checking there. Why not?
These arguments are poor and don't stand up to scruteny.
The very simple conclusion is that it's not about security, that it never has been.
No, you're making assumptions about what "secured" means in this context and clearly have no understanding of how any of it actually works. None of what you wrote makes sense.
You could have stopped at "means". No need to be condescending or telling me I don't know how stuff works. I know how stuff works.
My point is, and remains, purely non-technical though. And I also know how language works.
If you say "we don't allow X, only Y, because we prioritize security". Then change that to "we do allow X but will perform extra security scrutiny over what we do at Y" then it does not compute. Again: it proves your first statement was a lie (intentional or not). Because a) it was possible to allow for your level of security and you could've allowed both X and Y all along, or b) you are now lowering your security, proving you don't really prioritize security, or c) you are merely frustrating X in a different way now and security was never the reason not to allow X.
I'm convinced it's both a and c. I surely hope not that it's b.
> The parent comment cited Web Distribution as evidence that Apple doesn't actually care about safety and security, when in fact Web Distribution is more secured than Marketplace distribution.
Which goes to the parent's point that their intent is to prevent competition. Otherwise why would the alternative need more onerous security measures, if not to act as a deterrent through friction?
> Read the DMA. It is very explicit that it expects Apple to maintain security of devices and apps.
It also says that the security measures have to be "strictly necessary" and "there are no less-restrictive means to safeguard the integrity of the hardware or operating system" and "[t]he gatekeeper should be prevented from implementing such measures as a default setting or as pre-installation" etc.
Which implies to me that you not only have to be able to turn them off, they have to be off by default.
The comment literally says "It's not about security like they've been lying about", when the opposite is actually true. They were implying that Web Distribution was a way to get around security of a Marketplace, which is not possible.
Without a kill switch, gatekeepers would lose control over apps, making them "strictly necessary." Most interpretations of the DMA agree.
> The comment literally says "It's not about security like they've been lying about"
The comment literally says: "All of this just makes it crystal clear what Apple's goal is: to prevent competition. It's not about security like they've been lying about; it's all about maintaining their app store monopoly."
There is no reason for the security measures to be more onerous for the competing thing if they were sufficient for Apple's thing, unless the purpose of the security measures is to prevent competition.
> Without a kill switch, gatekeepers would lose control over apps, making them "strictly necessary."
Gatekeepers having control over apps isn't necessary for security. The device's owner having control over apps is. They can opt into a particular gatekeeper's control if they choose to. How is it "strictly necessary" for the gatekeeper to force them to use one provider of vetting services over another? Isn't the point of the act to enable competition?
> There is no reason for the security measures to be more onerous for the competing thing if they were sufficient for Apple's thing, unless the purpose of the security measures is to prevent competition.
Web Distribution means Apple is handing over responsibilities previously handled by the Marketplace directly to the developer. Allowing developers to police themselves is obviously riskier.
> The device's owner having control over apps is.
This is simply not true. Device owners are hopeless at maintaining the security of their devices.
> How is it "strictly necessary" for the gatekeeper to force them to use one provider of vetting services over another?
There are 2 tiers of "vetting services": 1. Marketplaces determine the appropriate content or type of apps allowed in their listings, 2. Apple determines if an app, developer, or marketplace is an outright threat, e.g. if an app turns out to be a scam, or if a bug in an app exposes an exploit, it is "strictly necessary" for Apple to be able to yank the app immediately.
> Web Distribution means Apple is handing over responsibilities previously handled by the Marketplace directly to the developer. Allowing developers to police themselves is obviously riskier.
Doesn't that depend on who the developer is? Certainly it isn't the case that no one exists who the user might trust at least as much as Apple.
> This is simply not true. Device owners are hopeless at maintaining the security of their devices.
"Device owners" includes substantially all people. Many of them are not hopeless and are entitled to make their own decisions. Some of them are even more qualified to do it than the people Apple has reviewing apps.
The hopeless people may be better off sticking to trusted stores, but they can do that without prohibiting others from doing otherwise.
> There are 2 tiers of "vetting services": 1. Marketplaces determine the appropriate content or type of apps allowed in their listings, 2. Apple determines if an app, developer, or marketplace is an outright threat, e.g. if an app turns out to be a scam, or if a bug in an app exposes an exploit, it is "strictly necessary" for Apple to be able to yank the app immediately.
That doesn't change the question. How is it "strictly necessary" for Apple to do that, rather than whoever the owner of the device chooses to do it? It would obviously be possible for a third party like Symantec, Malwarebytes or the makers of uBlock to do the same thing.
Sure, the amount risk probably varies, but you are talking about going from a Marketplace that implements some level of app review to no-review. It's more risk.
> Many of them are not hopeless ...
Exactly, and "many" is not enough. It's not possible to design a special switch only for those qualified "many" - and only them. Platform owners and the EU insist on protecting the unqualified everyone else too.
> How is it "strictly necessary" for Apple to do that, rather than whoever the owner of the device chooses to do it?
It's not in the sense that someone else could do it, but the DMA doesn't require it, so obviously no gatekeeper will. Also, it's a terrible idea because there's no market for it. Everyone already expects it to be free.
> Sure, the amount risk probably varies, but you are talking about going from a Marketplace that implements some level of app review to no-review. It's more risk.
Only if the developer isn't as trustworthy as Apple. In fact, it could be lower risk even if they are less trustworthy than Apple, when it's their own app, because someone who is less competent but not overtly malicious who posts their own app is much less likely to be supplying malware than a general-purpose store that tries to vet everything but accepts submissions from just anyone at all including overtly malicious actors, and could thereby miss something.
And the user, in choosing which alternate stores or developers to trust, can decide that.
> It's not possible to design a special switch only for those qualified "many" - and only them.
Well of course it is. In the worst case scenario you could make the switch irreversible and then once enabled the device could never add another store. But that's really no different than requiring a device wipe to change it back, because a wiped device should be no different than a new device that never had the switch enabled to begin with.
> It's not in the sense that someone else could do it, but the DMA doesn't require it, so obviously no gatekeeper will.
Isn't whether it's "strictly necessary" the condition on which they can demand it?
> Also, it's a terrible idea because there's no market for it. Everyone already expects it to be free.
How is it free? They're charging $100/year and a percentage on top of that.
I love how a never-used-by-courts-before regulation would supposedly already have "most interpretations" with any sort of authoritative value. I can probably walk into a pub tonight and get 27 other "interpretations", they will have the same value of yours. Technically speaking, even the Commissioner's own interpretation might well be flawed - we won't know until a court spends some time on it. I would humbly suggest, though, that when the very same lawmaker who wrote the law is publicly pulling your ears in public on related matters, your interpretations are probably not the right ones.
Apple pay enough real lawyers to defend them, they really don't need pro-bono amateurs.
It's not my interpretation, self-proclaimed humble person. Educated people have been discussing this ad nauseam for months. I would not-humbly suggest you actually read up on topics before breathlessly dismissing them deep down an HN comment thread.
> it's all about maintaining their app store monopoly.
Does this only makes sense if you assume payments are tied to the App Store? They aren’t.
If you remove payments from your list of motivations, what do you presume Apple’s motivation is to encourage apps to list themselves on the App Store and not a third-party marketplace?
It is much harder to explain to consumers why Apple should get a percentage-based rent (sorry Core Technology Fee that enables Privacy and Security™) if they go to a non-Apple website, download a non-Apple app, to do non-Apple-related things.
Like literally the only participants in that business transaction are the consumer and the company, Apple does not even enter the picture.
It would be like car manufacturers charging you a percentage for going to the grocery store, because they provide a Private and Secure™ transportation platform.
Consumers will soon catch up, and if the EU does not put pressure on Apple about this, they definitely will.
It’s more like car manufacturer charging license fees to the dealership for their use of the original manuals and tools to provide services that rely on their diagnostic tools and manuals.
But a car is used for more things than going to the dealership, and the dealership does not sell me groceries. Perhaps I want to race, or carry ikea furniture, or jump start another car - it is a general-purpose transportation device.
Similarly, I dream of going to Epic's website to download some Fortnite, maybe charge a thousand vbucks to mom's credit card if I'm feeling adventurous, and that has nothing to do with Apple or iOS.
This is how every single general-purpose computing platform (including Apple's MacOs) and the open internet has worked for multiple decades.
we don’t care how the car is used. It’s the dealership that pays the fee on service manuals and access to tools, not the customer. The dealership can choose to pass the cost to customer but it doesn’t have to.
Oh but we do care. Not every app developer is a dealership, a car is used in a much broader context.
Some may be like Uber, turning the car into a taxi service, or like Turo, allowing it to be rented. Others may be independent mechanics that can work on the car perfectly fine without access to blessed tools.
There is no cost passed on to the customer because the car manufacturer does not enforce a percentage cut of Uber's or Turo's revenue.
That said, there is likely no perfect analogy in cars. We can instead turn to MacOs / Windows / Linux etc., general purpose computing platforms that do not suffer from a gatekeeper's stranglehold.
An independent dealership can choose to not service particular make of the car, pay for the OEM tools and license for manuals or can choose to obtain those via other means.
You can see where the lack of respect to IP rights leads to when it comes to current espionage claims between some of the world largest economies entangled in a myriad of IP disputes. Ultimately, the question I ask myself is: am I happy with unverified random parts I want to put in my car? Instead of having easy traceability and ability to sue for damages I now have to also vet provenance, authenticity and take on additional risk of an unvetted supplier that I often won’t be even able to sue.
The independent auto shop isn't paying the auto maker a fee every time they change the spark plugs on one of their cars though. They buy a license to the service manual collection and can use that knowledge for however many cars they work on.
This would be the developer buying a license to the SDK and documentation and then that would be it.
Most platforms would offer the core libraries and services for free as an incentive to attract developers to the platform/make development easier.
This is how it used to be, until Apple got too large and instead of being beholden to developers it flipped the other way around, and now releasing an app for Apple's platform is a supposed privilege.
Take the games industry, where developers and publishers are often given huge incentives by a platform (mostly consoles) to develop for that platform; because games developers are providing value for the platform owner by making the platform more attractive because it has more content options for the consumer.
Why is it so hard for people to wrap their heads around that concept.
> Most platforms would offer the core libraries and services for free as an incentive
Right, as an incentive. That's exactly right. Makers of other platforms chose a particular funding model to suit their commercial strategic environment, not because they were obligated to. Why should Apple be obligated to follow other (or even their own) prior business models?
Sure. Remind me where I can download the free developer kit for the PlayStation 5? Remind me who I need to pay in order to distribute a PlayStation game?
Even back when Visual Studio did cost you an arm and a leg, you didn't need it to build and distribute software for Windows. Free options were always available; you paid for the comfort.
In fact, Windows itself came with everything that you needed to build just about any userspace app in the box since Windows XP SP1 (the first one that included .NET Framework).
Apple fans would always claim that this was a security measure to prevent malware. I have always found the claim dubious.
If you believe in that as a security measure, you could still have a signing requirement and apple could revoke trust on known-bad binaries. Which is probably what they will do.
Mind giving some high level clarification on how Apple would revoke entitlements on applications they’re not allowed to manage? Honestly curious about the infrastructure involved, is it really simple from a technological stand point?
If the developer needs to use Apple resources to track and manage said entitlements, and the consumer expects Apple to police bad actors, then are we asking Apple to do this for free on the bad actor’s behalf (oops, I didn’t mean to use your microphone, GPS, BLE in order to sell the info to an enemy state, law enforcement, angry ex!) or should the cost of said infrastructure be passed to the customer when purchasing hardware? OR does Apple wait until an application is exposed, generally through an echo chamber after the damage is done and is made aware of the issue?
I thought they already do this with notarized binaries on macOS. Conceptually it's no different from certificate revocation. The platform can phone home periodically to discover binaries for which notarization has been revoked.
You may be correct? Then the assumption would be developers need to pay the $99 fee to be part of the Apple dev program (pretty sure that’s the only way to get notarized). Next step in Apple’s playbook might be upping that fee for third party stores?
The vast majority of Android users use the Play Store (or the Amazon thing) exclusively. So Android is not different than iOS in this regard.
The vanishingly few remaining users use F-Droid (sometimes exclusively), which is probably the safest app store on Earth, with GNU/Linux and *BSD distros' base repositories. Open source only, reproducible builds with public recipes written independently, trackers removed (because they usually rely on non-free libs).
I honestly don't see how having only one store makes an OS safer. That store could be an unchecked mess.
We could talk about policies around app inclusion and permission management though.
If the argument is "the number of stores is not a useful metric", I agree.
If the argument is "Apple in particular has a huge vested interest in making sure that their first party App Store doesn't distribute malware", that's somewhat stronger.
I don't know which argument nektro was trying to make, I could read it either way.
Personally, I lean towards the point about vested interests, although it is only "lean towards" not "fully embrace": what they care about isn't strictly security, but their bottom line, and being a US company with US moral norms and US payment providers, this can also be observed in the form of their content rules — they seem to treat sex as a much more important thing to hide than violence[0]. This does not sit well with people like me who think violence is bad and sex is good.
[0] A bit over a decade ago, the app submission process flagged the word "knopf" in German translations, telling me it was a rude word and I might get in trouble if I was using inappropriate language. It's the German word for button… or knob (but in the sense of button, it's never a dick), and so I can only assume someone got a naughty words list in English and translated it literally rather than asking for a local list of naughty words.
> The vast majority of Android users use the Play Store (or the Amazon thing) exclusively
Are you sure? Android phones are pretty big in China, which is by far the world's largest smartphone market, and I guess Play Store & "the Amazon thing" (I don't remember the name either) adoption there is close to 0%. Anecdotally I have noticed a lot of people using phone vendor app stores in India (the second largest market, though half the number of devices as China) and Indonesia (another huge market). Taken together I'm very skeptical that Play Store + Amazon have a majority of Android users.
Google and its services are mostly blocked in China, so using the Play Store would require the use of a VPN or a foreign SIM card. There are a variety of local app stores. I've found that people often just use whatever came on their phone (which is often the phone manufacturer's own app store).
But does it? I haven't seen any hard evidence, and lots of anecdotal tales of technology illiterate grandparents, fathers and mothers being better off.
> lots of anecdotal tales of technology illiterate grandparents, fathers and mothers being better off
I'll bite. Is there anyone here that thinks overall security for elderly (and lower skilled users) will *not* be hurt by additional app stores? I find it hard to believe. And, I write this post an an uber geek is is neither an Apple fan boi, but is very impressive by their overall security and UX. For the geeks, it would be great to have more stores. For the average users... maybe... For the least tech-savvy users, I cannot believe it will benefit them.
> For the least tech-savvy users, I cannot believe it will benefit them.
My parents are in their 80s and use Android with F-Droid (I set it up for them). No scams. No account or password. No ads. Simple apps. They have definitely benefited from having more choices available to them, specifically a repo of software built with something other than profit motive in mind. Apple's not very good at offering that.
I still feel like that argument is like a "won't somebody please think of the children" one.
If app stores need to be locked down to protect the elderly, then surely the Internet needs to be locked down to protect all children. After all, Safari still navigates little Jimmy to pornhub if he clicks the link.
I feel like the real solution, same as the one most parents should be using instead of forcing it into everyone else is the same it's always been; don't give young Jimmy unfettered access to the Internet (and use a child/safety filter in your own home/on your own devices) and for Apple to provide a setting that enables/disables alternative app stores, so that children of the elderly can choose for them in the same way they'd choose for their children.
In fact, Apple devices already ship with something called "Assistive Access", which is a mode that you can enable that limits what can be done with the phone. In particular, it limits the ability to install apps.
I think you are overall correct that the iOS store does improve the experience of the elder. But I suspect it's more due to the lack of 'side loading' and locked user experience and less so do to do with apple inspection/code review. I have no evidence to support this.
My original question was a request for hard evidence which I think is lacking in arguments of security and safety.
I think I've seen an equal amount of press surrounding fake and useless apps on both android and apple platforms. But this is purely observational.
Particularly when there are better alternatives. For example, put a physical hardware switch on the inside of the device that disables new stores from being added. Now you can set up your technically disinclined relatives with Apple's store, and a couple of others you trust if it pleases you, then flip the switch and they can't get into trouble because they can't add others.
Move the switch back and the device won't boot without a factory wipe. That's going to deter both anyone who can't successfully disassemble the device to flip the switch (i.e. severely technically illiterate people) and the people who aren't willing to press YES to a prompt that says it's about to erase all their data (i.e. mildly technically illiterate people), while leaving it possible for exactly the people it should be possible for.
What happens when Meta, X, Google et al. move to their own stores where they distribute apps unencumbered by Apple's privacy policies? Your relatives then contact you and insist that you flip the switch for them so they can install Facebook and Instagram from the Meta store so they can continue scrolling cat memes.
I have yet to hear a convincing argument (from multi-store proponents) about how to prevent this. If the big social media companies pull their apps from Apple's official store and move to their own stores (with unfettered access to spy on users) then they will be successful at dragging their users with them. Furthermore, there is no evidence that GDPR has had any success stopping them from siphoning up all the data they want.
You tell them to use the service's web page because their app isn't available from a trustworthy source. And if their web page sucks, you encourage them to use a competing service whenever possible and only use the inconvenient one when strictly necessary. Which, as others do the same, pressures the service to do what you want and put their app in the existing store.
This is the same thing that Apple does if they refuse to follow the process as it is, right? You're being insufficiently stubborn. And excessively dismissive if you think users making choices have no power. There are demonstrably people committed to having it their way:
Unless you think tech companies have gotten too big and people don't have a choice anymore. If you have a monopoly, what you want is not another monopoly to fight them over which gets to fleece you, it's to smash them both by any available means. One of which is resistance through personal choices, one of which is... anti-trust enforcement.
Users don't have much power, individually. They express their power collectively through the political system. I'm just very skeptical of the approach taken by Europe with the DMA. It seems to be less about empowering individual users and more about letting other large players carve up the Apple/Google 2-slice pie into a few more big slices.
> about letting other large players carve up the Apple/Google 2-slice pie into a few more big slices
Do you not believe that increasing competition for app stores will "empower individual users"? If yes, please provide an alternative to DMA that will benefits users more.
Apple markets their offering on its privacy and security. In effect, they act as a bargaining agent on behalf of their users which says no to a lot of the tracking Google, Meta, et al. want to do. Due to Apple's marketshare and the nature of this arrangement (the walled garden), these trackers are forced to bargain with Apple as a unit. The DMA seeks to put an end to this arrangement and allow the trackers to bargain with users individually.
So, to answer your question: no, I do not believe it will empower individual users. If we really want to empower individual users we should be looking to inject more competition into the social media markets as well. More "app stores" that do nothing but offer the same apps while bypassing Apple's protections will not benefit users. And if the 30% Apple tax is the real problem then why not legislate against that directly?
> If we really want to empower individual users we should be looking to inject more competition into the social media markets as well.
Sure, but you can do both.
> More "app stores" that do nothing but offer the same apps while bypassing Apple's protections will not benefit users.
It's not just the same apps though. For example, the license Apple uses for the app store is incompatible with the GPL, so no one can make an iPhone app under the GPL or use existing GPL code in one. That license is one of the things that allows collaborative projects to form and right now that can't happen for iPhones.
Likewise, the $100/year fee deters hobbyists from creating apps.
And Apple prohibits certain types of content in their store, e.g. adult content or P2P apps, which some users would want.
> And if the 30% Apple tax is the real problem then why not legislate against that directly?
Price controls are generally a bad idea. The cost of hosting the app installers is generally negligible, but a few apps could be huge, and then it isn't, so how much should it cost? Can they charge a flat percentage of sales or does it have to be per-GB of transfer? What happens when the market price of storage or bandwidth changes over time? What if it's different in different regions?
Legislating rules to handle all the edge cases is a fool's errand when competition would handle it for you because anyone who charges too much would lose business to someone who charges less.
Users have a lot of power individually. The most obvious example is when there is competition. You could be a single person and your counterparty could be the world's largest corporation, but if you have ten other viable alternatives, they can do no worse to you than the best of your other alternatives or you just choose the other one.
But you can also do it by being stubborn. Some people seem to have completely forgotten how to do this. There is a transaction with a surplus of $100, the counterparty is some egregious monopolist and the deal they offer you is that they get $99 and you get $1. A lot of people take the deal, because $1 is better than nothing, but that's not it. What you do is flip over the table and walk away, because that costs you $1 but it costs them $99 (or $50 or whatever their share would be after offering whatever it would have taken to satisfy your sense of fairness).
People are so lazy now, or they've been conditioned, so now they always just take the $1 even if the alternative is only a minor inconvenience for them. Okay, you have to use Signal instead of WhatsApp, so what? But being willing to walk away from an unfair offer can sometimes be to your advantage even in an individual negotiation, because you both know the other party has more to lose. It's definitely to your advantage when other similarly-situated people do the same thing at scale. See also:
> They express their power collectively through the political system.
They express their power collectively however they want. Organizations (e.g. FSF, EFF) can do things like pool money to create competing systems. Even for-profit corporations can do this -- you don't like the incumbent? Start a competitor, and raise funding from all the other people who don't like the incumbent.
But again this seems like something people have been conditioned to believe doesn't work, even though it obviously does. To take a simple example, the EFF created Let's Encrypt, which cut the legs out from under the certificate mafia and made TLS free for everybody. All it took was an organization to pool enough resources to develop the initial implementation.
> I'm just very skeptical of the approach taken by Europe with the DMA. It seems to be less about empowering individual users and more about letting other large players carve up the Apple/Google 2-slice pie into a few more big slices.
Government regulations often fail as a result of incompetent administration or some corruption. But some forms of anti-trust can only be fixed through the law because the trusts themselves were created that way.
If government enforce contracts in restraint of trade then people will enter into contracts and form a cartel or enforce a monopoly. That is not acceptable, so then governments have to constrain what kinds of contracts they're willing to enforce, and somebody has to write down what "restraint of trade" means to establish how that works. It's not fun and they'll often get it wrong but the only alternatives are to either not have governments enforce contracts or allow cartels to form that become de facto private governments. So we do the best we can.
The EU is not great at this, but the problem they're trying to address is real, so sometimes you just get to sit back and watch two entities you don't really like have a fight with each other.
Except that Signal is free and nothing prevents anyone from having both installed at once, so you being stubborn can get your contacts to install the free app that takes two seconds to install.
Then everyone ends up on Signal because anyone can install Signal but the stubborn people refuse to install WhatsApp, at which point "everyone you actually need to communicate to is on Signal, WhatsApp is pretty much useless."
But in order to get there, you (the collective you, the median pedant) have to be more stubborn than the people who want to use WhatsApp, instead of the other way around.
Most casual contacts aren't going to install Signal just for you, no matter how stubborn you are. They'll just shrug and go their way.
I've been there, actually running Signal as my primary IM for several years. The number of people I "converted" who stuck around was, in the long run, zero.
>What happens when Meta, X, Google et al. move to their own stores where they distribute apps unencumbered by Apple's privacy policies?
I guess pigs fly or hell freezes over. Musk and Zuckerburg had years after such changes to make their own store on Android (which put in similar privacy policies at the same time as Apple). It doesn't make any sense for them because being off the main store is worse than gleeming off a bit more data to sell.
>I have yet to hear a convincing argument (from multi-store proponents) about how to prevent this.
How about proving that the subjects in question are on multiple stores to begin with, or otherwise have shown interest?
You're questioning GDPR's validity, but your own premise isn't a thing to begin with.
Why should that be prevented exactly? Why shouldn’t users be able to download apps directly from companies if they want to? Isn’t the whole point of the EU legislation to make all this possible?
> Your relatives then contact you and insist that you flip the switch for them so they can install Facebook and Instagram from the Meta store so they can continue scrolling cat memes.
You should not have to police adults on what they're allowed to do with their property. If someone asks me to help them setup their computer, I may gave some advice and warning about things to avoid. If they asked me to do something that may be dangerous, I can refuse to do it, but I will not actively prevent them from doing so. They're not children.
If someone is ok with putting their whole digital life at risk, then let him do so. Just like you can't prevent someone who wants to eat cake all day. It's not your life.
> You should not have to police adults on what they're allowed to do with their property.
The fundamental problem with this "power to the people" mentality is that adults don't actually know how to use technology. The average person is technologically illiterate.
You can go on about giving adults full control over their property, etc. etc. but we both know that this is how you get security disasters: old people getting scammed, people losing their life savings and what not.
Part of being an effective security engineer, is realizing that you need to protect people themselves. 2FA is a prime example of security driven via this mindset: necessary because the technologically illiterate masses reuse passwords. There are other benefits, but that's the main reason.
So you shouldn't have to police people, but practically, in the end you do.
> If someone is ok with putting their whole digital life at risk, then let him do so.
All fun and games until people lose their life savings and get forced into homelessness or whatever.
Then these people start to blame you. Then technologically illiterate senators and regulators will also blame you. Lose-lose scenario.
Crypto is a prime example of what happens when you give people control. "Power to the people!," tons of people get scammed, and this prompts regulatory lockdown.
TL;DR is that the EU regs wouldn't be a problem if Apple could hide the functionality behind developer settings, but they can't. Exciting times, people in the EU are gonna get totally fucked by shady apps. GG.
> You can go on about giving adults full control over their property, etc. etc. but we both know that this is how you get security disasters: old people getting scammed, people losing their life savings and what not.
This happens when senile people are legally authorized to exercise control over their assets. It has nothing to do with technology and has been happening since before computers existed. The general solution is to appoint a conservator who is required to authorize major transactions.
Which hardly justifies using the same measures for someone of sound mind.
> 2FA is a prime example of security driven via this mindset: necessary because the technologically illiterate masses reuse passwords.
And then their phone number changes or they lose access to their email and you've locked them out of their account.
This is particularly egregious when the second factor is required to be a phone number, because people in financial straits will have their service canceled for non-payment and now you've magnified their problems at the worst possible time. But phone numbers serve as a convenient tracking ID since most people only have one of them, which may explain the popularity of requiring them "for your own protection".
> All fun and games until people lose their life savings and get forced into homelessness or whatever.
We build insecure systems and then blame the users for it and offer to lock them in a cell to protect them from our bad choices.
Why is it that anyone can charge a credit card or a bank account who has the account number? Public key cryptography has been a thing for decades. Put a USB-C connector on the credit card itself and require the card to be plugged in to the device the first time each merchant wants to charge the account. 99% of credit card fraud, gone, because you can't breach one merchant and use the card info at a different one without physical access to the card.
Meanwhile anyone could trivially cancel a subscription because the list of authorized merchants would be listed on the bank's account webpage and the user could remove one at any time.
> Crypto is a prime example of what happens when you give people control.
Anybody can go to the bank, right now, and withdraw cash and hand it to a scammer. Sometimes they do. You can also give them your television or company ID badge. Cryptocurrency is no different. Most of the crypto scams are get rich quick schemes, which people have been getting scammed by since the invention of barter.
What made cryptocurrency so susceptible to scams wasn't that people were in control, it was that some people were actually getting rich, which made others credulous, and that attracts con men.
"We have to protect people from themselves" is only true for small children and the mentally ill. Adults get to make their own choices -- because there is no one else to make them. As soon as you appoint someone else to do it, that person has a conflict of interest and the incentive to defect, and the person affected needs the right to choose differently unless you can prove that this specific person is mentally incapable of exercising reason.
"Nobody is ever completely reasonable" doesn't cut it because that applies to the gatekeepers too.
Apple is just trying to protect users from scammers! I'm sure all this sensible authorization and notarization business will continue even after the fees are removed from the equation
How does that count as a "marketplace"?
> Web Distribution ... will let authorized developers distribute their iOS apps to EU users directly from a website owned by the developer
All of this just makes it crystal clear what Apple's goal is: to prevent competition. It's not about security like they've been lying about; it's all about maintaining their app store monopoly.