I, for one, do not look forward to having to sideload Facebook, Instagram, Google, Gmail, and every single other megacorps app just because they want to track my every click. I would rather give power to Apple than all the other companies.
A good solution to apps wanting to track your every click is not organizational but technical. Just don't give them APIs for reliable cross-app tracking. That advertising ID? It simply does not need to exist at all. Same for all the attribution bullshit.
Besides, sideloading enables installation of modded apps giving users more choice.
Making it a really technically hard problem is great news for Facebook and Google. They will happily hire software engineers that do the best possible job of detecting who a user is, using machine learning and all sorts of other tricks. And then sell this functionality (either explicitly or implicitly) to developers that use their ad platforms.
Same with not allowing fine-grain control of what apps are allowed to use your WiFi/connect to the internet. I don't give a shit that an app feels entitled to it, its my internet bill and its already implemented perfectly for your cellular data stuff. There's no reason or excuse its not a privacy setting that you can tightly-control and revoke.
This would be excellent, because most apps and even iOS shits the bed when it is on a WiFi network that can't reach out to the Internet. They expect it to be there and open all the time, and show me all sorts of Fisher-Price "Uhoh! Your WiFi isn't working!" errors when in fact it is working fine, and I'm completely aware it can't connect to the Internet because I'm the one who configured the firewall.
Fingerprinting is hard. Especially when apps are as sandboxed as they are on iOS, and especially when there are so few iOS device models. Any APIs that can be used to share data between apps should be subject to permissions (e.g. file system access) or explicit user action (e.g. sharing content or links from one app to another).
It’s truly not — the OS sandbox is nowhere near as restrictive as, say, a browser sandbox.
Moreover, if Apple is forced to open the platform to third-party app stores, identifying unique users in collusion with the third-party app store is incredibly easy.
They did manage to answer this question in their comment. It’s the entire last sentence. (It also seems fairly well implied that they mean “iOS fingerprinting is currently hard” given the topic of discussion.) I don’t see how I could reliably fingerprint if so many APIs require user permission. It might be possible but I don’t see easy.
From IOKit to getifaddrs() to file system APIs, there are straightforward ways to uniquely identify a device — and I’m sure someone who actually works in this space can think of quite a few more.
Hell, even if you make it a hard problem and sandbox every possible source of unique information about the device, I’m sure Google would be happy to throw ML engineers at identifying users via impossible-to-obscure user information (keyboard timings, accelerometer readings, etc).
Preventing misuse of PII requires a policy/legal solution, not a technical one.
That's the thing, all these holes need to be identified and plugged up. Google, despite being a data-hungry targeted advertising company, did a fairly good job at this in recent Android versions.
Or, a much, much simpler solution: an application firewall built into the system. With downloadable easily shareable rulesets. No matter what an app collects, it's all worthless if it can't send that back to advertisers. We already do that for websites by using ad blockers.
Facebook app can, of course, send its tracking data back to Facebook, but it will only be able to track what you do within Facebook itself. That's fair and that can't be prevented. I'm talking specifically about cross-app and cross-site tracking.
You really, truly, cannot close all the holes necessary to prevent fingerprinting while still providing a useful general purpose OS.
You especially cannot achieve this while providing third parties access to what has traditionally been vendor-only API on mobile devices; e.g. to support third-party app stores.
This simply is not solvable through technical means. It must be solved through policy and law.
Amazon used to encourage you to sideload their app store on android. You got a free copy of Angry Birds 2 if you did, and I think at one point you may have needed to do it if you wanted to install prime video at all.
It still ended up going away and they gave up. So allowing sideloading is hardly the threat you think it is.
Maybe. Incentives are different on iOS. Apps are more-restricted and the platform’s more valuable. Could play out like it did on Android, but might not.
… and the platform’s more restrictive. There were two factors I mentioned. And that’s just store revenue—it’ll skew harder toward Apple if you include other ways of making money on mobile.
I don’t recall Facebook publicly throwing any tantrums over Play Store policy changes.
It’s also possible that being able to put a store on both platforms is the kind of thing that would get, say, Facebook to expand the Quest software store to mobile. They’ll want to do that for Apple’s headset at least, if these changes open that up to them—expanding that effort to include iOS and Android seems like something with decent odds of happening.
Knowing the EU, further privacy policies are probably going to be announced at some point, greatly crippling the current form of targeted advertising, including on Android.
That’d be nice. Not having “doesn’t let companies do shit to you that ought to be illegal… as much” be a platform differentiator would be great. That should just be a given.
Yeah it's hell on android having to install all of these separate app stores.... Oh, except it isn't, 99.9% of these apps just exist on the Play Store.
If you don't like them, just don't use them, right? I mean that's the argument we're seeing against these changes, how does it not apply equally the opposite way? If you don't want to use an app like Facebook because it's on its own separate appstore, then don't. Besides, I don't see a reality in which these companies forego the easy native solution with millions of users in favor of whatever the process sideloading would involve.
Apple have much stricter requirements, which is the point the person is making and you are willingly ignoring.
Apple, right now, have the ability to ensure the apps are transparent about what they track, have an explicit dialogue to confirm if you'd like the app to track you.
These big corps hate that apple have that control and want to keep their customers informed on what's going on, and as such, they will stop using the App Store and ask customers to side load so they can release much more invasive versions of their apps that track everything without any user ever being informed.
So yes, this IS objectively a bad thing and ripe for explotation.
Sounds like Apple, with their trillions of dollars and apparent focus on quality, should invest into figuring out an OS-level permissions system then, which I presume they already do have. The OS should be handling such issues, not the App Store from which apps come from. Even if the user installs some botnet willingly, it shouldn't be able to break out of the OS sandbox and do things the user doesn't want simply because it was sideloaded (assuming a non-jailbroken/rooted phone which no non-technical user will ever accidentally find themselves with).
> These big corps hate that apple have that control and want to keep their customers informed on what's going on...
Oh yeah, the noble small Apple - the richest and biggest corporation to have ever existed - only has their user's best wishes in mind... It's totally unrelated to their own ad network, which they're building on top of the data they exclusively have access to thanks to their walled garden! And no, I'm not saying others should have access to this data, this data shouldn't be able to be used at all, not by Apple nor anyone else.
> ... they will stop using the App Store and ask customers to side load so they can release much more invasive versions of their apps that track everything without any user ever being informed
If the only thing protecting users from this is the fact that you can't sideload and have to rely on the App Store review process, then that's some real shit security, and Apple should definitely improve things there.
> So yes, this IS objectively a bad thing and ripe for explotation.
Funny how saying something is objective doesn't make it so. It's objectively bad for Apple, sure, since they lose their iron-tight grip on their own users. They also lose out on that sweet 30% of every penny a dev makes. Won't find me shedding a tear for them though, the less money Apple and the other megacorps get to suck dry, the better.
And again, all they have to do is spend a few thousand of those trillions of dollars they have to put up an obnoxious and hard-to-get-rid of warning when sideloading. People who care about sideloading like myself will happily oblige and go through the warning screens even if they're tedious, while the hypothetical vulnerable grandmas get greeted with a screen they don't know how to work around.
We can sideload on Android, but those apps are all on the Play Store, which actually gives them more tracking capabilities, because it's hard to block stuff using Play API's
Same here. Side loading will open the door to a whole new category of malware/adware/crapware.
Yes of course the App Store is not perfect but at least Apple has control over it and can stop things when they are degenerating. I’m not looking forward to a new Facebook VPN that will “enhance my phone,” available through side loading only, that I will of course never install but which my grandma or another unsuspecting entity would…
So don't sideload apps? For you, the experience will stay the same. Let apple put a warning like android with DANGER, ARE YOU SURE YOU WANT SIDELOAD and problem solved. Ppl that want to stay in apple store will do so, ppl that want sideload will sideload
Meta is already in the regulators' sights. Data harvesting is not something the EU is blind to. Presumably there would be injunctions made against them from so easily pied pipering users into doing that. Not to mention, most users do not want to have to jump through more hoops just to have the same old FB/IG/WhatsApp experience. They'd balk.
Ah yes... so give Meta a couple of years of all gas no brakes with regards to user data while the legislators play catch up.
They have gone for Apple out of pride and short sighted electoral strategy. The answer is to deal with Facebook(Meta) and Google(Alphabet) et cetera first. Pumping money into Gecko development.
This is serving up regular people who use smart phones (which in the west are essentially mandatory) to big data on a silver platter.
What’s your explanation for Japan doing the same to Apple? It’s hardly only the EU who has them (and Google, and the rest of Big Tech) in their crosshairs.
That’s the beauty of it. I’m not convinced that ‘regular people’ are going to have the patience to deal with Meta forcing them to get and manage yet another damn account to use Facebook/Instagram/WhatsApp. Just a terrible hurdle that will cause FB to shed a non-zero number of users, at a time where their DAU has not been hot, never mind their long term growth potential.
Without a compelling reason for them to join (free Oculuses? Oculii?) you can’t expect users to be forced to sign up for yet another account- not to mention most people are aware at the invasiveness of Meta- and remain quiet. Users already have more streaming services than they can handle, they’re not going to have the patience to juggle multiple app store accounts, just to get the same apps they already have!
Forcing users to adopt a new walled garden right away is going to inspire mass consumer backlash right away. And that will cause regulators to weigh in immediately, data gathering operation or no data gathering op.
I just don’t see Meta having the product or marketing stones to pull this off. Their last thing with positive buzz is what, Threads? Something dependent on the failure of another’s platform? And that only lasted for like a week.
There is going to be a race to become the WeChat of the west.
Governments more generally need to deal with tech and the EU is the only one with the heft and the stones to do it. But this piecemeal approach of trying to hit each of these giants like this ends up paralysed by court processes and intervention from the American Government.
Network effects are powerful. And there is a huge incumbency advantage past a certain point.
Meta, Google, Microsoft, and X are the big winners out of this decision.
Musk's questionable decisions aside, I don't see how X can succeed being an everything app a la WeChat. (Aren't they also planning to pivot to becoming a video app? What is the vision combining both?) You know what social media app that also supports sending payments, video submissions, had/has its own content channel of shows, even a knock-off of HQ Trivia? Facebook. And who ever used FB in its portal-like form? Besides the Feed, Events, Groups, and Marketplace, who bothers with the everything features? I question that the WeChat model is really applicable for U.S. markets anyway, as it really depends if food delivery, ridesharing, etc. other companies are willing to team up with an everything app platform-maker.
Google is plagued by product execution issues. Any attempt at such an app will just fill a larger plot in the Google Graveyard. Microsoft doesn't even do social- what do they have, LinkedIn? Yammer? The Xbox network? X faces an uncertain future. Funnily enough I think Uber would have been a contender back under Kalanick's reign, but they don't have the same juice they used to.
If you were that concerned you’d use web version of all of the above.
Would be nice if Apple required you to have a functional web app before installing app. I.E.FB Messenger - the only reason why it doesn’t work on mobile browser is so that FB can track you more via their App.
Has it occurred to you that Apple might not be that different from other companies you listed. It's just good marketing strategy like Google had "don't be evil" years ago. Essentially apple is like only I can access all user data for profit, improving products, ads, while others can't.
Apple a) has a mutual interest in them remaining privacy centric as we do. B) most of your data is locked onto the device and cannot be accessed by anyone including apple themselves.
The first thing that will happen is Facebook putting up a "light" version in the AppStore with half of functionality removed and pestering people to sideload the "full" version, that will, naturally, come with tracking, snooping and all other unethical bs that they love so much.
As I mentioned in another comment: yep, that's just like they did on android, except no, they didn't, everything is on the app store. I'm not sure where people are getting these fantasies from.
So you, as a person concerned with privacy, will not install non appstore version, easy peasy sr even better- not install fb at all. You keep your security, and ppl that want sideload will have what they want, everyone happy. And it's quite ironic that on Android the app works as usual, no crippled version
Don't use instagram, simple choice)))
Or, hear me out, you would be able to use insta in the browser with iblock installed so that you don't have ads and part of tracking!
And what about the users who wish to use Insta for sharing photos on socials, but don’t want to allow fb wholesale access to their data? Why are their concerns so glibly ignored?
