An american subsidiary lied once and an american court said they didn't have to keep them around, so we kicked a european subsidiary out of the european mandated DMA.
Yeah, that's gonna go over great with the EU. Apple really deserves the 10% of global revenue fine to be brought down a peg.
A US judge ruled that Epic has a pattern of “malicious compliance”.
Epic created a new account in Sweden so they can create an App Store in the EU.
Apple used the judge’s reasoning of a pattern of malicious compliance to preemptively shut down Epic’s account. Because they believe Epic will not play by the rules.
So it’s a kind of pre-crime reasoning, they’re shutting down Epic’s account before they can do anything wrong. And probably also because Epic publicly criticized Apple’s malicious compliance around the EU rulings.
The DMA tax. It has the side effect of killing off open-source projects for the iOS with their egregious installation fee in Europe. Every time you install an open-source app, the developers are extorted by Apple with Core Technology Fee of €0.5 each and the Fee waiver guideline does not mention open-source to be a valid criterion for such exemption.
Limiting USB-C speed to USB2.0 for iDevices that are deemed "not pro", and not having Thunderbolt access despite the hardware could in theory allows it, limiting customers choice to buy the "pro" models for a full experience. And a slightly bigger Lightning cable is still being used in Apple Vision, which is clearly a flying middle finger to the USB-C change.
Apple are starting to commit on the adoption of RCS standard in 2024 too but they still won't support Google's E2E extensions, and instead working with GSMA to make their own encryption standard. The point of RCS is to make communications open, not by trying to make you feel special. Perhaps Apple is still trying to make a segregated market with different colored bubbles just like iMessages.
This might be controversial, but I think it counts: notarization hell (I would like to call it "notorization", combining both notarization and notorious). Starting from Catalina, Apple is forcing all Mac app to be notarized by Apple before use, making the experience of installing custom software other than downloaded from the App Store extremely difficult, in that you have to press a lot of buttons, buried deep in the settings and not as apparent as they should. This makes genuine open-source development for the Mac itself quite hard as it not only need to go through Apple's notarization service before publishing, which is sometimes flaky and not always available all the time, but it also means Apple have control over what apps are allowed simply by revoking your certification, unless you jailbroken your Mac to disable notarization (https://disable-gatekeeper.github.io). Interestingly, Apple could have totally banished checkra1n from running in Mac by revoking the notarization, but Apple doesn't.
> Every time you install an open-source app, the developers are extorted by Apple with Core Technology Fee of €0.5 each
I don't think this is true? AIUI a developer can choose to operating using the "old business terms" even in the EU, in which case they don't have to pay the fee. https://developer.apple.com/support/core-technology-fee/ backs this up by stating that the CTF is an element of the "new business terms".
As far as I know, they ship a whole package of tools to customers who would like to repair their equipment. They also made the latest iPhone models easier to disassemble. What do you think they should have done in order to comply benevolently?
- They don't allow repair shops to freely order parts, each part must be ordered on-demand, requiring repair shops to pass their customers' personal information to Apple. This adds significant delay to repairs which makes 3rd parties an unappealing option
- They implement digital pairing between parts that require Apple's authorization, which is inaccessible to third party repair shops. In practice this means that you could buy 2 identical brand new iPhones from the Apple store, and they wouldn't work when you swapped their screens.
- They restrict Apple authorized repair shops from performing many useful repairs, I'm not completely up to date on the exact list, but you can watch videos from Louis Rossmann or read materials from other educators on the topic
- They gaslight users asking about data recovery options on their own forum, claiming that any repair shop which offers to recover data is scamming them, and ban actual experts who correct them to say that data recovery is possible
And, of course, all this is done under the guise of "security" or "protecting privacy" and the users are cheering for it. You never know when a 3rd party company is going to place a digital time bomb _somehow_ by putting a screen from iPhone A into iPhone B! Better let Apple fix it. Oh, the margins? What margins? It's not margins, it's the price of SECURITY!
Don’t be too quick to accept these criticisms. You have to compare to competitors in the industry to get a clearer picture.
Looking at screen repairs for Samsung Galaxy phones the same security issues arise and there are complaints about Samsung blocking third party repairs due to security concerns.
So are both Apple and Samsung just being greedy or is there more to the issue at hand? I’m inclined to believe a company unless they’ve demonstrated that I cannot trust them.
> You have to compare to competitors in the industry to get a clearer picture.
This tells you nothing. They each have the same incentives. They want you to pay a premium to the manufacturer for repairs, because they're the manufacturer, and because that causes more devices to be uneconomical to repair and so more people have to buy new ones.
I agree. I give Apple more benefit of the doubt than other tech giants. I see many knee-jerk reactions to what Apple does --- in my opinion --- rightfully. After all, many of these decisions are trade-offs, such as reusing parts from another iPhone being a measure against theft. I thanked the previous user I replied to because they were able to go beyond knee-jerk reactions and highlight issues in which Apple is pushing too hard on the trade-off scale.
> After all, many of these decisions are trade-offs, such as reusing parts from another iPhone being a measure against theft.
This is their stated justification, but it doesn't hold water. The device could refuse to accept a part if the part is from a device that has been reported stolen but they have it refusing to accept a part from a device that hasn't been stolen.
"Trade-offs" is a weasel word. It excuses nothing because it excuses anything.
Automatically bricking every device the second the warranty expires is a trade off, because you're "protecting" the user from out-of-warranty repairs. Does that mean it's justified?
Real trade-offs are the epitome of customer choice. Both of the alternatives are available and you choose the one you want. That choice is impaired when products are bound together, so that you can't make your choices independently.
Forcing people into these trade-offs is the evil to be prevented. It's the reason anti-trust laws prohibit tying.
I didn't say trade-offs justify Apple's behavior. But unless proposed alternatives are superior in every regard, we cannot claim that Apple should have done so, or that they have secret motives. Your proposed alternative for third-party repairs is likely to require trade-offs that Apple is not willing to make.
> It excuses nothing because it excuses anything.
We have a bigger problem that excuses anything: current economic model. Under this model, actors act the way they do, not because acting so is right, but because they can. Apple can afford to limit third-party repair options, so they do.
Regulations only make it a cat-and-mouse game. Actors now do whatever they can within the new limits. And, they are very clever in finding new ways of doing what they can, which people call “malicious compliance”.
> But unless proposed alternatives are superior in every regard, we cannot claim that Apple should have done so, or that they have secret motives.
This is what makes it a weasel word. Nothing is ever superior to something else in every regard. To use this as the standard is to assume that an ulterior motive is never possible, even when there is an unambiguous perverse incentive and the company's rationalization is weak and transparent.
> Your proposed alternative for third-party repairs is likely to require trade-offs that Apple is not willing to make.
Which is why it should be the customer and not Apple who chooses whether to make them that way, and the customer should not be forced to make such otherwise-independent choices together.
> Regulations only make it a cat-and-mouse game.
The premise of a cat-and-mouse game is that the cat is unwilling to eat the mouse.
If the law says that you have to allow competing stores and the company flaunts the law, the next law could say that the same company is not allowed to both make the device and exercise any control over any store, prohibiting the company from operating one themselves. Penalties don't have to be limited to money, they could require the release of internal documentation and source code to facilitate adversarial interoperability. They could simply break the company into a dozen smaller pieces.
Regulations are often terrible because they create inefficiencies which raise prices and, when applied to smaller entities, can destroy them and cause market consolidation. And regulators often pass rules without ever checking up on their actual effects. But "regulations are often wasteful and ineffective" absolutely does not mean that the regulators have no ability to mess up your business -- that is, in fact, the hardest thing to avoid because it happens so easily by accident. The last thing you want is to do anything to cause them to want to crawl inside you and lay eggs.
The thing here is that the potential "crime" they were trying to prevent is opening an App Store in the EU, which EU literally forced Apple to allow. So if this was the reasoning, then Apple is the one breaking the law here.
Didn't Epic Games violate the app store ToS a while back? I'm not a fan of Apple but it still seems reasonable to me to terminate a developer account for breaking ToS
You can't just use your ToS to circumvent the law of the market you operate in. If they have to allow Epic to operate in the EU under the DMA they can't kick them out unless it's in compliance with EU law. The EU law overpowers Apple's ToS.
It's not reasonable when Apple has set up artificial roadblocks whereby Epic can't compete with Apple in the iOS app store market without a developer account. As of yesterday, Apple is legally mandated to enable competition in that market, so using those roadblocks to aggressively block competition is a pretty big problem.
Apple could easily resolve this by just removing their their bogus constraints around the requirements for launching a competing app store on iOS. After that they could probably keep Epic banned all they want from the main App Store based on future ToS violations. (Though with the caveat that the ToS would need to be reasonable, and it seems clear that Apple has no intent of making a reasonable ToS unless forced).
But they're not going to do that, are they? None of Apple's restrictions were about security or user safety, they were always intended as an exclusionary measures, to make sure nobody can launch a viable competing store. When it looked like Epic was going to do it despite the ridiculous business terms, Apple reached for the next excuse in their toolbox.
Violating some company's ToS is completely irrelevant when it comes to actual laws.
And more importantly, it makes no sense that Epic has to interact with Apple at all in order to sell software to owners of Apple products. Apple has implemented systems which makes this very hard or impossible for non-expert users. Which means Apple violates basic principles of ownership.
This might be fine if Apple allowed creating alternate App Stores and developing apps for that store to be done without a developer account. However, the alternate App Store is a right granted to Epic by an EU regulation, so Apple can't just block them from doing it because they didn't follow the ToS for APPLE's App Store.
Well it seems reasonable to me they terminate their developer account ONLY AND ONLY IF a developer account is not mandatory to be able to have a foot in the iOS market.
Apple has the responsibility to safeguard apps delivered by its own store, but it will be each third party store responsibility to do the same while also complying to EU laws.
My understanding is that they had to break the ToS to take it to court. I mean they could have taken it to court anyway but they wouldn't have had standing.
Things are different when you’re in antitrust crosshairs and have been designated a “gatekeeper” by new legislation that explicitly intends to force you to open your product to competitors.
It’s not a great look when your first action in that gatekeeper role is to block access to a competitor because of actions the competitor’s parent company took years ago in another country and a different jurisdiction.
> this is the law now and they have to comply with it.
lol ugh, it’s the law to wear a seatbelt, I can choose to ignore it. One ironic part I like to mention about this is that tractors tell you not to wear a seat belt. That lets you bail if it’s tipping over. The thing is, it’s still technically illegal not wearing a seat belt. Ironically, riding a motorbike requires no seatbelt… and overall is more unsafe, but totally fine apparently.
The point I’m making is laws aren’t hard constraints, they’re human constructs and you can choose to ignore them. There may be consequences to ignoring them. But the calculus for Apple is that it’s worth it to them and to ignore.
Much like the farmer with the tractor, minimal risk to ignore. High risk to follow law.
The farmer do whatever he wants within its field, the road laws don't apply there. But he has to follow the laws when he is on the road where a tractor has no reason to tip over.
> laws aren’t hard constraints, they’re human constructs
As is Apple, the company. It only exists on paper. It can be barred from existing in a jurisdiction by another human construct, a court ruling. It can choose to ignore EU laws, but there would be consequences.
Last action, they terminated Epic one day before the DMA went into effect (today).
It's clearly meant to stall the creation of Epic's own App Store. All the processes still require an Apple developer account. This is malicious enough that I hope the EU regulators pull all strings to make Apple's fine for this not just aedequate to the money they're saving, but also to account for the disregard of the law itself.
The EU isn't the boring cyberpunk future where corporations can do whatever they want Apple thinks it is.
> Last action, they terminated Epic one day before the DMA went into effect (today).
The law went into effect november 1st 2022[0]. Until yesterday has been a grace period to allow big companies time to implement the law - I must say that 1 year and 4 months is generous.
Sure, if you want to be pedantic about it. Though this is pretty normal for EU law to give a lot of preparation time. The GDPR had 2 entire years - and I still got some emergency compliance tickets in the week before (worked at the eCommerce arm of a major German retailer).
This is ridiculous. If you develop a game that needs to be available on all major platforms, Apple devices are a part of them.
Are you also one of the people, who would argue, that you can build you own road network, if you don't like the terms on the current road network?
Luckily it is not you who are going to work on these regulations, but people who actually care about free markets (how ironic that the EU is the progressive one on the question of freedom).
There is such a thing as a private road. This is not about access. This is about money, and to think the EU - the geniuses who gave us all GDPR pop ups - don't have a intrinsic interest in devaluing Apples ecosystem is delusional.
The GDPR didn't "give you" pop ups, it just made it mandatory for companies to seek our consent before they abuse our personal data. Many companies chose to be as obnoxious as possible about it to annoy you into agreeing. You need to rethink who you're directing your anger at.
As a matter of practical advice, there are optional filter lists for uBlock Origin that block the vast majority of consent popups. I barely see any these days.
It was not part of GDPR, GDPR also says that giving and removing consent should be equally easy and not remove functionality (like disabling the whole website with a transparent black background) hence the vast majority of the cookie banners are illegal.
Blame companies for illegal behaviour, the EU's rules are supposed to give you the information about how/where your private information is being shared. That's genius, and you should be grateful that now you know how much your personal information leaks.
You can call Apple a customer or supplier of Epic, but it's just semantics they do have a business relationship.
The deeper point is companies get rid of litigious business partners whenever possible. It's one reason why you end up regulating utilities, nobody wants the electric company to have excessive control over the local economy. Where exactly digital platforms sit on this spectrum is probably a question for legislators not the courts.
Really interesting to see how hard Apple is fighting with everything they have to keep their profits and not open up. This is a fight Apple can't win because the EU will strike back again and again. It's Apple trying to win time and thus bank profits. But I believe the strategy will fail hard: high fines and even tighter regulations that will break up Apple's monopoly completely, much broader than intented before. The more actions like this one Apple takes to squash competition, the stronger the rules will be that will be forced upon them.
At this point I'm wondering what happens if the EU invokes their malicious compliance clause, and tells Apple outright what to do. Will they just refuse and hope they don't lose the EU market?
I think one point lost in most of these conversations is that the existence of an open iOS will spawn a lot of "change your region to Europe" how-to articles in the rest of the world, creating an escape hatch from the walled garden (and finally a good reason to use a VPN), similar to what Apple keeps attacking sideloading for. Maybe they'd rather keep control of their other markets than be in the EU one.
Refusing is moot. They make $3bn profit every month in the EU. Shareholders would certainly send Cook off if Apple loses access to the EU market. Apple will play this game until the EU takes the gloves off, and they will.
I don't understand what Apple executives are even thinking to keep engaging in these actions. How do they justify continuing to burn bridges with developers and tarnish their reputation in the public eye?
Honestly they had it easy because of inertia and because they managed to build a successful business with cloud technology.
Had they failed with Gaming, Office365 + Azure the same way they failed in the mobile market, Microsoft would not be the same company as it is today and as it was 20 years ago.
Thankfully EU legislation has very severe penalties built-in that are mostly deterrants (think the 4% turnover maximum GDPR fine), but if anyone deserves to be hit with the full force of the law, it's Apple.
Even Meta, who are also happy to rack up fines instead of fixing their privacy issues, aren't this reckless.
I’ve had my disagreements with Meta’s leadership (I quit after all) but they do try hard to comply with the law on privacy. It’s a hard, hard problem that they spend a lot of money on.
The results have been mixed: they should probably spend even more.
In general these are some of the “least evil” people in the valley. I have personal disputes with some of them, some mutually pretty unpleasant. But that increases, not decreases my responsibility to be fair.
Bosworth in particular is about as close to a good guy as you can be in a job like that.
I don’t think very highly about how I’ve been treated personally, but that’s irrelevant to the broader point: Meta’s team is playing at the “least rough” end of the field. They’re great on open models and research, their lobbying is at the low, low end of shady (by the dismal standards of the day), employees have historically been treated well, it’s less bad.
If you want to get on them about something, the availability of Reels to minors needs to change.
I wouldn't say they are the least evil, but they are working hard to lose that "bad actor" reputation they have been given over the year regarding privacy.
Apple’s recent behavior in Europe sure is perplexing to me. The arrogance suggests a kind of legal naïveté that a $2.6T multinational can’t possibly have. It must be a calculation. Do they figure Washington will pull strings to bail them out of their predicament?
Much like the usb charging situation, it's a delaying tactic. Of course they're aware that this isn't something they can win but they can fight and delay it for as long as possible in order to both have some profits from it while it lasts and to weaken the competitor's (in this case Epic) position by delaying their entry in the market.
Apple must have realised this would provide direct evidence of their control over the iOS app market, regardless of their apparent compliance with the DMA. The loss of a developer account means that epic cant even release their own app store on apple devices, undermining apples responsibility to open up to competition. Cant wait to see how big the next fine is *grabs popcorn*
Yeah it could even lead the EU to mandate that no business relation to Apple is required to operate your store and Apple has no saying whatsoever over you and may not charge you for installs, updates etc. Also, no penalties or changes may be applied to Apps choosing to use other stores. Play stupid games, win stupid prizes.
This might lead to a complete opening-up of the iPhone as a result for the EU market.
This is why their petulant behavior, as brazen as it is, doesn't really bother me. Every action they take just provides further evidence and support for further anti-trust action that will affect the entire big tech industry. Now it's up to the regulators to deliver on enforcement and take a bite out of the poisoned apple.
I am not so confident. Apple has a lot of Senators and Members of Congress on its payroll. This could easily lead to the U.S. government putting considerable pressure on the EU to ease-off on Apple and the regulators de-clawed. This might likely be accompanied with lots of media articles and talking points about terrible EU regulations that are suppressing good & successful U.S. companies.
There are smartphones designed in europe. Isn't Fairphone a dutch company? The greenphone was from Norway. Gigaset is German. The Shift smartphones too. Wiko is french and chinese.
Going off some website [0]; unless I've been badly mislead, effectively nobody in Europe wants them. Looks like Nokia is leading the pack of desirable phones with nearly 1 person in 100 (not really that good, but close enough) thinking it is the phone for them.
Or it would be if Nokia's mobile phone division hadn't been bought out by the Americans. So technically even that is a US brand these days. Seems fair to count that as European though, presumably they still have offices in the EU.
> Wiko is french and chinese.
Well they've solved half the problems that EU companies face.
Perhaps because Google and Apple have been acting as monopolies and made all other products undesirable? The US benefits from the EU greatly, but whenever the EU enforces laws to protect it's citizens you always hear people from the US complain about "socialist" whiners who can't compete with the US.
If the US had domestic laws that actually helped and protected it's citizenry, they'd probably look like the EU's laws.
Then the US wouldn't be involved in the smartphone market either, the EU and the US would both be trying to counter the overwhelming dominance of Asian smartphones.
If the US adopted the same regulations, they'd get the same outcome.
> If they put this sort of effort into inquiring how they mucked up their own companies then they might make some actual progress.
Here's the thing though, the point of an anti-trust investigation is that the market dominance might, possibly, be due to something other than people liking it.
I don't have a problem with the specific things Apple's getting criticised for in the Epic cases[0], but it's really unavoidably obvious that a lot of people do.
[0] And that's not as a fanboi: I do have a problem plenty of other things they do and fail to do, just not these specific things. E.g. Safari as the only browser engine was obviously going to bite them, even though the browser wars are much less important today than in the 90s.
Are you suggesting that Apple aren't the people in charge of iPhones? You might like to pass that on to the EU, they're worried about iPhones and they appear to have accidentally decided that probing Apple will help!
I'm sure the EU is trying to regulate how China manufactures iPhones too, if that is some sort of consolation prize to you. And my response is the same - there is a reason it is happening in China. The reason is EU regulations.
> ...market dominance might, possibly, be due to something other than people liking it.
Case in point; the market dominanace of Apple in Europe is primarily because EU regulators are technophobic. North America can manage to design a smartphone. Asia can design smartphones in plural. Europe can manage the Nokia 1100 which is not nothing. Well done Europe. But not enough to compete with serious players.
They can however design an instruction set integral to the development of the iPhone and garner Apple's continued investment in their success as a result.
> There is a reason that they are probing a US company - the European continent isn't capable of producing a smartphone that people want.
I don't believe it. I mean yes, we can't compete with designing a smartphone, but I don't think that is the reason the EU is looking into US tech companies.
Yeah it would have happened regardless. US Americans think it wouldn't because they think politics necessates lobbyism and expect that if a European company were in a similar position to Apple then obviously the EU would be lobbied by them to let them keep pillaging.
This article and related discussion might be relevant. It addresses more or less exactly this sentiment:
> This is the reason why I get a bit frustrated whenever I see somebody in tech dismisses the EU as just trying to protect European companies from competition with their glorious and wonderful US companies.
The EU has taken a human rights stance with zero consideration how to compete on the global markets. Of course money never sleeps and this'll eventually move most EU-based properties in the hands of foreign investors. Perhaps this is the intent all along
On many occasions it has been tremendously helpful to consumers when the EU stepped up and got in the way of companies doing as they please. Examples include capping phone roaming charges and mandating 24/7 free money transfers.
I will repeat, again, what I say when I see people commenting about this with such bad take.
It is the US companies that do this. The worst cookie banners all come from US companies.
Examples: "Admiral" one of the biggest cookie banner company is from Florida. Their banner is absolutely annoying, made to trick you into consenting to be tracked.
Many USA healthcare sites, refuse to work entirely if you decline marketing tracking cookies (yes you read that correctly, healthcare sites kick you out if you want privacy about your health).
The crazy thing is, the law never said you must have a cookie banner, what the law says is: you are not allowed to spy on people, UNLESS they allow it explicitly. So USA companies that are not big on privacy for some reason, concluded that annoying cookie banners where is easy to accidentally give away your privacy is a great idea.
If your site doesn't track users, you don't need any banner, not even a disclaimer.
Just don't spy on people, and that is it. I wonder how people from USA can still claim with a straight face they are "the land of the free", when they aren't free to not be spied upon (by their own government even, as Snowden proved).
Even Apple implemented the equivalent of the cookie prompt — the mandatory “Allow App to Track” dialog on iOS.
So the idea clearly wasn’t all that bad. IMO the problem was that the EU law left it up to websites to police cookies, but it should be part of the browser instead — just like Apple’s tracker permission dialog for iOS native apps is part of the operating system.
The law does not mandate cookie prompts. Don't set cookies that are not technically required for functionality (such as login sessions) and you don't need to ask for consent.
It is the companies that choose to hassle the users to keep tracking them. Some of the prompts designs that make it hard to opt out are also malicious compliance, perhaps even non-compliant.
Because those companies chose to operate in the EU. Regulating its market is one of its main tasks, and certainly not a waste of time. That depends on the perspective. From the perspective of a company abusing its market dominance, it is indeed a pain. For the perspective of companies which are not dominant and consumers, it is really desirable for the EU to be active in this field.
Hey, do you know that the EU also have the power to ban companies from doing business in the EU ? That's because like every market, it's a regulated market.
EU is very pro business but, unfortunately for Apple, they are the one writing the rules.
Apple feels really arrogant trying to get around the rules of EU while also accepting every regulation with their tails between their legs in China.
I have a lot of Apple products, I really like them, but EU can get along without their products, so if they want to sell on this continent, they have to follow the rules.
They're global companies, not American ones. EU consumers lose out by Apple's decision. If you want to trade in Europe you've gotta pay by the antitrust rulebook.
Basically, when non-EU companies operate within EU, they have to follow EU's rules and regulations.
EU might suspect something that goes against those.
Why is the US at times poking its nose into European businesses? On both cases (EU or US): because 1) they can, and 2) they think it is related to their remit.
There are several Apple stores within easy driving distance of me in the UK. Clearly Apple has to obey UK, and European law. You don't get to ignore laws you don't like, just because you are based in another country.
Think Apple's argument about Epic having previously flouted the rules openly might be good enough. For a third party app store, Apple is pretty much giving the keys to your phone to the said app store. If there is a company which has demonstrated they won't play by the rules, it's not a huge stretch to say that it may harm the security of the model. While the EU wants the company/iphone to be more open, it also puts the onus of keeping it secure on the company itself.
Another reason I believe they are on sure footing is that they got the rejection from the law firm, which I presume knows what they are doing, just as they did during the 2020 shenanigans from Epic.
Through security enhancing features in the operating system, like not allowing processes to access other's memory spaces. Or prompting users to allow an application to use potentially harmful api's. What do you think is the role of an operating system?
Given one of the things you can get on an app store is a replacement keyboard, "security" is, in addition to all the things you listed, "make sure there are no installable key-loggers".
And for web browsers, which are basically an inner-OS, making sure that plug-ins can't read arbitrary content from the pages you visit.
And given that "phone" is an app, that it can't wiretap all your calls.
There's also stuff which is bad for the device, but I'm not sure if it really ought to be Apple's responsibility to prevent, like crypto miner libraries running on-device as an income stream for the developer.
> Given one of the things you can get on an app store is a replacement keyboard, "security" is, in addition to all the things you listed, "make sure there are no installable key-loggers".
"This keyboard app requires access to network resources, do you want to allow this?" Or better yet, let the operating system block apps from using both network resources and keyboard api's.
> And for web browsers, which are basically an inner-OS, making sure that plug-ins can't read arbitrary content from the pages you visit.
My web browser allows me to choose when I want an extension to have access to a web page.
> "And given that "phone" is an app, that it can't wiretap all your calls."
I'm gonna guess it does this with a man-in-the-middle attack.
"The operating system has detected that this phone app always calls the same number. We have disabled it for security reasons." Also if you buy a phone, it might be reasonable to let there only be one phone app.
I'm kind of tired of people claiming the hand-holding argument, that apple helps people who do not understand technology. My sister uses apple devices exclusively, but at her work, her employer regularly does tests for phishing and she always fails. It is time people get educated about how to use their computing devices. These devices have been around long enough that people who fall for obvious scams should be considered incompetent.
> "This keyboard app requires access to network resources, do you want to allow this?" Or better yet, let the operating system block apps from using both network resources and keyboard api's.
So, either a "we want this for analytics" message on the popup for fakers, or no analytics for legit developers.
Now sure, I personally don't think app development benefits all that much from analytics and would be happy if analytics were outlawed in entirety by the EU, but 95% of websites have been howling about how important they are since they were forced to request consent for that with the GDPR.
> My web browser allows me to choose when I want an extension to have access to a web page.
And every time I set up a new computer, I have to check very carefully to make sure I'm installing a well-recognised ad blocker rather than one of the huge number of look-alike scams — I have to be right every time, the scammers only have to fool me once.
> I'm gonna guess it does this with a man-in-the-middle attack. "The operating system has detected that this phone app always calls the same number.
Why? I was thinking "record message, upload to website". Same deal as with keyboard, except the permission popup can also say "VoIP".
> I'm kind of tired of people claiming the hand-holding argument, that apple helps people who do not understand technology. My sister uses apple devices exclusively, but at her work, her employer regularly does tests for phishing and she always fails. It is time people get educated about how to use their computing devices. These devices have been around long enough that people who fall for obvious scams should be considered incompetent.
To put it another way, your standards are too high. I don't know much chemistry, so I need the chemicals in my daily life to be regulated; I don't know much law, so I need governments to deem that certain contractual clauses are invalid on my behalf; I don't know much biology, so I need the government to prevent snake oil salesmen selling snake oil for all potential ills.
Should private companies be the regulator? Sometimes the law requires it, sometimes the law forbids it. I'm comfortable (if not happy) letting the governments decide what Apple must and must not do, for the exact same reason that I have been comfortable (if not happy) letting Apple decide what developers can do.
I do know computers, and I like messing around with them much as StyroPyro likes messing with terrifyingly high powered lasers[0], much as The Thought Emporium likes messing with terrifying man-made horrors beyond comprehension[1], much as Colin Furze liked making a hoverbike with "no steering, it has no brakes, it's got two accelerators and not even a seat"[2]… asking everyone to take on that responsibility just because I'd like more freedom, isn't as good as you think it is.
> asking everyone to take on that responsibility just because I'd like more freedom, isn't as good as you think it is.
That's news to me. I haven't yet told my mom how to enable developer settings on her Android device, but apparently she's at risk because an optional setting exists on her phone.
While we're at it, let's remove all the potential scam-vectors on iOS. Like you said, it's just not good to ask people to accept the responsibility for more freedom. First we have to remove the App Store, to prevent stuff like fake LastPass apps from being accidentally installed on your phone. Next we have to remove SMS and calling capabilities - both are hot-spots for social engineering attacks, and cannot be trusted without direct supervision. Gotta axe Safari too, can't have people randomly sharing information over the internet without exposing them to risk. Apple Music too, can you imagine how dangerous it is letting your child use a platform filled with expletives and free speech?
Soon enough we'll have it, the perfect phone. It's featureset? Oh, I though we were designing jewelry.
> Given one of the things you can get on an app store is a replacement keyboard, "security" is, in addition to all the things you listed, "make sure there are no installable key-loggers".
And what makes you think Apple can stop these apps on their own app store before they cause harm?
I sense this pervasive belief on HN that Apple's reviews are infallible, or that they magically catch malware, when in reality it's just some low ranking person installing the app and navigating through it to spot obvious flaws, usability issues, rule breaches, and ensure that the developer doesn't try to direct users to their website to purchase a subscription for cheaper, the usual anti-competitive stuff.
Unless you can point out a step in the review process where a security expert sits down and reverse engineers the app, and every subsequent update, to verify that it doesn't steal user data?
It's only when someone raises the suspicion that things get looked into, reported and taken off the store. At least web extensions have the benefit of being written in Javascript which is easier to inspect. At no point does Apple ask you to hand over source code.
> I sense this pervasive belief on HN that Apple's reviews are infallible
Our language makes booleans easier to communicate than nuances.
For example, I absolutely do not consider their reviews infallible, I just didn't think it would come across that way when I wrote the comment you're responding to.
None of the things you mention is the responsibility of Apple to decide. They are all choices I get to make as the device owner. Apple can decide what ships on the device, and what is for sale in their very reputable store, but not outside of it.
The thing you are missing is that once third party stores is allowed, the responsibility and security burden is also shared with those third party stores who have to comply the same way to EU rules or risk being fined and lose reputation the same way.
It is not Apple's job to protect its customers from third party stores malware. They just have to build a secure OS with a safe apple store while allowing third parties to provide stores.
> It is not Apple's job to protect its customers from third party stores malware. They just have to build a secure OS with a safe apple store while allowing third parties to provide stores.
> In all cases, the gatekeeper and the requesting provider should ensure that interoperability does not undermine a high level of security and data protection in line with their obligations laid down in this Regulation and applicable Union law, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC. The obligation related to interoperability should be without prejudice to the information and choices to be made available to end users of the number-independent interpersonal communication services of the gatekeeper and the requesting provider under this Regulation and other Union law, in particular Regulation (EU) 2016/679.
"the gatekeeper and the requesting provider"
Apple is still on the hook in combination with the requesting provider that doesn't intentionally deploy malware.
Apple is likely claiming that Epic has in the past demonstrated clear and willful circumvention of their own security and rules. Apple would be putting itself at risk by allowing Epic to deploy applications given Epic's past history of intentionally trying to harm Apple's reputation and would compromise Apple's high level of security in data protection that it is required to follow under Union law. Apple would likely state that Epic has shown that it would intentionally break the law to harm Apple - and that's a believable concern.
EU mandates that gatekeepers work towards privacy and safety of the customers as a requirement in the DMA/DSA.
From this link[1]:
> Obligations for very large platforms that reach more than 10% of the EU’s population to prevent abuse of their systems by taking risk-based action and through independent audits of their risk management systems.
They have a mandate to prevent abuse of their platforms from other apps or third party app store. This is in conjunction with opening up the same ecosystem for everyone else.
I doubt that Apple would accept to be responsible and liable for the security of software from other companies. Epic would ensure the security of their software in the same or similar ways as Apple does it for their software. The operating system provides the security framework, the makers of applications are responsible for the security of their software within that framework.
The problem with that argument is that Apple is demonstrably incapable or unwilling of securing their devices, despite the walled garden. Pegasus and a dozen other spyware exploit iOS vulnerabilities which have remained open for at least a couple of _years_ and Apple seemingly doesn't care.
The only way to secure a device is to actually give control of the device to the user. But that would imply no more Apple tax, so Apple would rather die on that hill than follow the DMA. Add to that their psychopathic need for control.
An american subsidiary lied once and an american court said they didn't have to keep them around, so we kicked a european subsidiary out of the european mandated DMA.
Yeah, that's gonna go over great with the EU. Apple really deserves the 10% of global revenue fine to be brought down a peg.