I am a big Apple user, in many senses really a fan. But these scare tactics are just off. First of all, the safety promises of the Apple store are way worse than Apple makes them. There is tons of dubious apps around which rob users quickly, just barely within the guide lines. Often enough, bad apps slip through the nets. On the other side, many absolutely legit apps get blocked due to bad review or overzealous restrictions.
Would it be a bad idea to install apps randomly from everywhere? Sure! Would it be a security risk to install well known open source software from a reputably curated alternate store? Most likely not! Also, the system should have more robust implementation which would prevent malicious apps of doing damage until the user explicitly grants entitlements.
And I would be much less interested in installing apps from different sources, if the content of the app store were just guided by safety concerns. But a ton of stuff is blocked just becaue Apple wants to block it. That is, where the demand for alternatives comes in. And lets not even talk about adult content. It would be great for the safety of the users, if Apple would allow such content within the protections of the App Store. But no, even though you have solid age information about your users, it is banned and people are driven to sources outside of the App Store safety and outside of secure payments.
> But a ton of stuff is blocked just because Apple wants to block it
I am avoiding to release anything on iOS (even that my customers would love it) because Apple can shut me down anytime they feel like. Can I sideload like on MacOS or Android? Nope. Can I recompile my app into PWA with decent WebBLE support? Nope, because every browser is reskinned Safari with a poor PWA support. So the moment when they decide to shut me down, all the effort to create iOS application will be thrown out of the window.
Is this based on any assertions or just how they feel?
While the overall ration might not be terribly high, one can read again and again about cases where Apple did reject apps or app updates out of the blue. Some got resolved later on, others not. A common theme is, that you don't really have a direct point of contact, you can only send appeals to Apple. And when they decide to block you, you are done. There is no alternative. I wonder why lawmakers have not dealt with this topic yet, but alternative app stores would go quite a way of reducing the problem.
If you look at Apple’s financial reports, it is. AppStore is a massive revenue stream for Apple. They’d rather have macOS locked down as iOS, than the other way around—iOS as open as macOS. They could not do that because locking macs down would severely cripple the platform and peopple would have a concrete example of how it became terrible. That attention would also shine a light on how terrible this aspect of iOS is.
Notice how they’re telling how terrible everthing will become now on iOS in EU. Yet, the next macOS will be "the safest yet”. This is also why they don’t even acknowledge Mac’s existence in these posts.
It's not about what percentage is the correct commission for stores but the fact that Apple doesn't allow other stores or installation of apps outside their store.
A publisher can ignore all game stores on windows or macos and still sell their game directly to user if they wanted to but they cannot do that on ios.
That depends on the service provided. In a alot of cases it is good value. That is why companies sell their software via steam and are fine with the App Store. The thing is: you don't have to use steam if it is not a good value for you. But you have to use the App Store with its far-reaching rules. Especially the ability sell your app to iOS users alltogether.
I read all of that language in their blog post, though. Apple's been giving EU the middle finger for years as far as I can tell. If this was something about how Apple's proposed changes don't meet the requirements it would be more interesting but it's really just someone writing that they don't like the tone of Apple's post.
I mean... that's what they always do. Though usually by technical means within their power. Now that that's taken away, they just start gaslighting the consumer.
I'm not going to pretend EU law is a flawless godsend but I also can't say that I feel bad for Apple here.
It really does, and their implementation is an actual racket.
The best example is that you cannot install Chrome through the app store on MacOS. In its place? A bunch of garbage apps that people install thinking they're Chrome. So much for quality control.
Millions of users have braved the risky, buggy and deadly internet to install Chrome as a result of this. Nobody cares.
Tell me, if millions of Mac users can download apps successfully, with little malware, why is it the phones need all the protection?
Your best example is people can't easily install this spyware that misled them about spying, until forced to come clean?
"Based on these Google representations, throughout the Class Period, Plaintiffs and Class members reasonably expected that Google would not collect their data while in Incognito mode. They reasonably understood 'You've gone incognito' and ‘Now you can browse privately’ to mean they could browse privately, without Google's continued tracking and data collection.
Google could have disclosed on this Incognito Screen that Google would track users and collect their data while they were browsing privately, but Google did not do that. Instead, Google included representations meant to assure users that they had ‘gone incognito’ and could ‘browse privately’ with only limited exceptions, none of which disclosed Google's own tracking and data collection practices while users were in a private browsing mode."
That's not the macOS App Store. There is no version of Chrome that is installable from the macOS App Store because Google does not publish Chrome in the macOS App Store (probably owing to the sandboxing that would be required and Chrome wants access to all the things).
I think what a lot of corporations are going to realize is there is a giant wrecking ball coming for them in the political future. Strong anti-trust laws are the functional equivalent of a progressive tax system. You make more money - or you're a dominant market player - different rules apply. You still get to be overwhelmingly rich, just not the kind of rich and powerful where you can topple governments, or endanger the democratic process.
They are doing a very poor job of explaining why it should be true. Regarding security, for example, apps from third-party app stores still have to go through Apple’s review process. The apps require notarization. They also explicitly mention human review. So how would that be any less secure than for apps from their own App Store?
For one, even if you make several statements which by themselves are true, but leave out the other half of the truth which describes the situation, then you are misleading people. Also, the statements themselves are only partially right too.
There are some severe shortcomings of the App Store at the moment. First of all, it isn't as secure as they make it. There are enough bad apps which are not detected in time and there are many apps which are on the store which basically scam the user. But Apple is happy to take 30% of the scammed money.
And the elephant in the room is the fact, that the App Store routinely rejects apps, that are absolutely no risk to the user, but rejected for non-security related reasons. Or just because of sloppy review. Just google for some random rejections. That all those internet giants try to handle customer contact in a non-personal way where your means of appeal are low or non-existing, makes the situation worse.
You say The Law as if it's something magical, come down from Mt. Sinai.
Instead of the political decision of a bunch of unelected Brussels would-be "elites" which would never pass a general referendum. If they ever had such things, which they generally don't.
Would we call a rule that "phones must have a USB-C connector" The Law? No, it's just lawyers with too much time on their hands.
I don't think you understand how the EU legislative system works.
The EU is composed of multiple bodies, one of which is unelected people, one of which is people chosen by someone who is elected (roughly) and one of which is people directly elected by EU citizens.
This last body is a Parliament, and is where laws happen.
Once laws are voted, each individual country has a delay to transform it into a local law.
How is their press release important? They did provide the means and tools EU forced them too. Users are not going to be reading this and deciding not install Firefox on iOS.
They haven't yet provided the tools they're being forced to. What they announced so far is a joke and clearly non-compliant with the DMA. Given it's still two months out until it comes into force, they're probably testing the water how much they can still get away with... after all it really sucks when someone takes away your ability to steal 30% from the whole market...
Security in this context is a red herring, it's PR nonsense. We solved the most common vectors of malware when code signing was thought of a generation ago. The problem is only Apple has cared to loosely implement it, and refuses to do it on mobile even though you can do it yourself on Mac.
The double standard is clear: you can run whatever you want on a "computer", but not your "phone" even though phones have far better permissions and protection systems.
We can solve this today if the big players will join in - neutral party code signing. Anyone can provide identity to get a dev key, they get to sign their software. If their software is malicious there's all kinds of evidence of who they are and various agencies very interested in it.
Tangent question — isn’t Chinese iOS firmware different due to their regulations as well? It’s a similar situation, just different applications of laws.
Yes, but China is still a very important manufacturing partner they can’t (yet) afford to offend. At least until India, Vietnam etc are able to make the more complex devices at volumes comparable to what China is doing today.
I know this is not directly related to the point of the post, but please, please, stop using garbage AI generated header images for your blog posts. Just look at the man's fingers. Look at his fucking thumb. It's insulting to your readers. The implication is that we are so myopic that we wouldn't notice the body horror.
If you insist on using AI-generated images, then at least do us the courtesy of spinning the image-generating bingo cage until you get lucky and it spits out something that isn't so patently gross.
This is just the first public round of a negotiation process. The EU is going to force Apple to dial this down to some level that the EU considers acceptable.
Apple wants zero liability from the upcoming changes to the Product Liability Directive and the introduction of the EU Cyber Resilience Act. They want to say "the system was more secure, but the EU made us do this so go pound sand".
> Inevitably, the new options for developers’ EU apps create new risks to Apple users and their devices. Apple can’t eliminate those risks, but within the DMA’s constraints, the company will take steps to reduce them.
That's exactly what this means. Nobody will be able to argue that Apple could have done more. It will be "Apple was doing more, but the EU made them do less".
They could absolutely do more. They could actually vet all applications and exclude knock offs. They could ask for sources of applications they distribute to see if they're legit or not. They could partner with 3rd party known reliable sources.
The EU isn't making it less secure, because WebKit isn't the only secure rendering engine in the world, far from it.
Apple is calling the EU's bluff here. It's an american company. The EU can't break it up. They could ban the import of Apple devices, but they don't have the nerve.
The EU can certainly legislate and regulate Apple within their jurisdiction. There is no bluff here.
Apple seems to have determined it's better to fight against the intended nature of the legislation. Likely they can eek a few more months or years until the hammer comes down. As planned, I'm sure.
Now imagine a Chinese company behaving according to Chinese laws in USA. TikTok came little too close to this setup and US politicians were almost ready to ban it.
What they will do is simply fine them until they comply. Apple is a public company, their share holders won't let them exit the EU over such a small thing.
I also have this question. The core bits of the DMA is only like 6 pages of rules, and none of them mention what a gate keeper is allowed to charge. Which is likely intentional, because the DMA mentions fee caps (free of charge) in some of the data provisions elsewhere. It only mentions that it has to be “technically enabled” which is now true.
My claim is exactly that there is no objective truth. This truth is established under given constraints that can all change: the idea that only Apple can be trusted, for example, is false. The idea that people cannot learn how to detect crap is false, on top of being dystopian. The idea that Apple has to be this big and not be smaller, let competitors bloom, is false.
Most importantly, the idea that the App Store in its current form is exempt of malware and the best possible security is completely ludicrous.
The document is a bunch of nonsense aggregating various android malware and saying its the fault of sideloading (why? who knows it's not stated but of course we know why Apple says that).
Of course the document never mentioned that iOS has a bunch of malware on its own and the appstore doesn't seem to help any of that.
You could add [citations needed] to pretty much every paragraph.
I don't see how it's obvious no, I don't believe the appstore could do anything to counter malware and so far I don't see anything leading me to think that's the case.
Hiding malware from an appstore reviewer is trivial if you really want to.
I wanted to joke that Apple should increase non-App Store fees to $1000 + 80% per app install to invest those fees into better malware protection, but I also don't want to give Apple any more ideas.
You are dead on, they introduced the same fees which landed Unity in hot water with their new optional scheme.
So besides writing a snarky disdainful press release they made sure no one significant ever will use the scheme required by the EU because you'd need to pay through the nose for it.
I'm pretty sure that would violate the clause that explicitly prevents them from working around the bill by making it absurdly inaccessible for the user.
After the USB C debacle, the EU has learned to include such a clause pretty well, I guess.
This was the most obvious characteristic about all this new legislation and I haven’t seen nearly enough chatter about it. It’s analogous, in my opinion, to the Star Wars prequels where all the senators praised the formation of the empire to thunderous applause.
On the contrary, it's something of a scandal they're not transparent about who wrote what, as Google alone spent on the order of $100M in lobbying to shape, and has been all over this for a while. This, from 2020:
“Google, Facebook, and Microsoft are among the companies making huge efforts to shape the upcoming Commission proposals to regulate the digital market. In spite of a new lockdown, the Brussels Bubble is back in action at full speed, with a flurry of online lobby meetings and debates plus highly questionable research papers.” ...
“Who has been lobbying?”
“The quick and simple answer is Big Tech firms, with Google leading the pack.”
”This is clear from the lobby meetings proactively disclosed by the upper echelons of the Commission (commissioners, their cabinets, and directors-general). Since the start of the Von der Leyen Commission, 158 meetings were logged as including discussions on the DMA or DSA Sidenote.”
“These meetings involved 103 organisations, mostly companies and lobby groups. Only 13 actors had at least 3 or more meetings logged on these issues. Google stands out with the most meetings with Microsoft and Facebook trailing close behind. Apple and Amazon have also lobbied on the DMA and/ or DSA, although they rank lower overall with two and one meeting respectively.”
That was 4 years ago. If you think they stopped lobbying, meeting, and writing... then you haven't been paying attention to which EU commissioners are getting kicked out for what and why.
The "drop dead" phrasing... "drop dead" / "drop your pants".
Presumably one of these is more extreme than the other ("drop your pants" is a thing doctors say for a proctology exam much like adtech installed in your phone, not a sexual assault reference) but regardless both are figure of speech hyperbole.
I am a big Apple user, in many senses really a fan. But these scare tactics are just off. First of all, the safety promises of the Apple store are way worse than Apple makes them. There is tons of dubious apps around which rob users quickly, just barely within the guide lines. Often enough, bad apps slip through the nets. On the other side, many absolutely legit apps get blocked due to bad review or overzealous restrictions.
Would it be a bad idea to install apps randomly from everywhere? Sure! Would it be a security risk to install well known open source software from a reputably curated alternate store? Most likely not! Also, the system should have more robust implementation which would prevent malicious apps of doing damage until the user explicitly grants entitlements.
And I would be much less interested in installing apps from different sources, if the content of the app store were just guided by safety concerns. But a ton of stuff is blocked just becaue Apple wants to block it. That is, where the demand for alternatives comes in. And lets not even talk about adult content. It would be great for the safety of the users, if Apple would allow such content within the protections of the App Store. But no, even though you have solid age information about your users, it is banned and people are driven to sources outside of the App Store safety and outside of secure payments.