> Apple doesn't actually care about safety and security, when in fact Web Distribution is more secured than Marketplace distribution.

That's a contradiction in logic there. If they cared for security, they would choose the more secured option. But they didn't?

Either they then have provided worse security all along: web distribution could have offered more security than an app store? Or they could have provided even better security in their app store all along: if they implemented this stricter checking there. Why not?

These arguments are poor and don't stand up to scruteny.

The very simple conclusion is that it's not about security, that it never has been.

No, you're making assumptions about what "secured" means in this context and clearly have no understanding of how any of it actually works. None of what you wrote makes sense.

You could have stopped at "means". No need to be condescending or telling me I don't know how stuff works. I know how stuff works.

My point is, and remains, purely non-technical though. And I also know how language works.

If you say "we don't allow X, only Y, because we prioritize security". Then change that to "we do allow X but will perform extra security scrutiny over what we do at Y" then it does not compute. Again: it proves your first statement was a lie (intentional or not). Because a) it was possible to allow for your level of security and you could've allowed both X and Y all along, or b) you are now lowering your security, proving you don't really prioritize security, or c) you are merely frustrating X in a different way now and security was never the reason not to allow X.

I'm convinced it's both a and c. I surely hope not that it's b.

> The parent comment cited Web Distribution as evidence that Apple doesn't actually care about safety and security, when in fact Web Distribution is more secured than Marketplace distribution.

Which goes to the parent's point that their intent is to prevent competition. Otherwise why would the alternative need more onerous security measures, if not to act as a deterrent through friction?

> Read the DMA. It is very explicit that it expects Apple to maintain security of devices and apps.

It also says that the security measures have to be "strictly necessary" and "there are no less-restrictive means to safeguard the integrity of the hardware or operating system" and "[t]he gatekeeper should be prevented from implementing such measures as a default setting or as pre-installation" etc.

Which implies to me that you not only have to be able to turn them off, they have to be off by default.

The comment literally says "It's not about security like they've been lying about", when the opposite is actually true. They were implying that Web Distribution was a way to get around security of a Marketplace, which is not possible.

Without a kill switch, gatekeepers would lose control over apps, making them "strictly necessary." Most interpretations of the DMA agree.

> The comment literally says "It's not about security like they've been lying about"

The comment literally says: "All of this just makes it crystal clear what Apple's goal is: to prevent competition. It's not about security like they've been lying about; it's all about maintaining their app store monopoly."

There is no reason for the security measures to be more onerous for the competing thing if they were sufficient for Apple's thing, unless the purpose of the security measures is to prevent competition.

> Without a kill switch, gatekeepers would lose control over apps, making them "strictly necessary."

Gatekeepers having control over apps isn't necessary for security. The device's owner having control over apps is. They can opt into a particular gatekeeper's control if they choose to. How is it "strictly necessary" for the gatekeeper to force them to use one provider of vetting services over another? Isn't the point of the act to enable competition?

> There is no reason for the security measures to be more onerous for the competing thing if they were sufficient for Apple's thing, unless the purpose of the security measures is to prevent competition.

Web Distribution means Apple is handing over responsibilities previously handled by the Marketplace directly to the developer. Allowing developers to police themselves is obviously riskier.

> The device's owner having control over apps is.

This is simply not true. Device owners are hopeless at maintaining the security of their devices.

> How is it "strictly necessary" for the gatekeeper to force them to use one provider of vetting services over another?

There are 2 tiers of "vetting services": 1. Marketplaces determine the appropriate content or type of apps allowed in their listings, 2. Apple determines if an app, developer, or marketplace is an outright threat, e.g. if an app turns out to be a scam, or if a bug in an app exposes an exploit, it is "strictly necessary" for Apple to be able to yank the app immediately.

> Web Distribution means Apple is handing over responsibilities previously handled by the Marketplace directly to the developer. Allowing developers to police themselves is obviously riskier.

Doesn't that depend on who the developer is? Certainly it isn't the case that no one exists who the user might trust at least as much as Apple.

> This is simply not true. Device owners are hopeless at maintaining the security of their devices.

"Device owners" includes substantially all people. Many of them are not hopeless and are entitled to make their own decisions. Some of them are even more qualified to do it than the people Apple has reviewing apps.

The hopeless people may be better off sticking to trusted stores, but they can do that without prohibiting others from doing otherwise.

> There are 2 tiers of "vetting services": 1. Marketplaces determine the appropriate content or type of apps allowed in their listings, 2. Apple determines if an app, developer, or marketplace is an outright threat, e.g. if an app turns out to be a scam, or if a bug in an app exposes an exploit, it is "strictly necessary" for Apple to be able to yank the app immediately.

That doesn't change the question. How is it "strictly necessary" for Apple to do that, rather than whoever the owner of the device chooses to do it? It would obviously be possible for a third party like Symantec, Malwarebytes or the makers of uBlock to do the same thing.

> Doesn't that depend on who the developer is?

Sure, the amount risk probably varies, but you are talking about going from a Marketplace that implements some level of app review to no-review. It's more risk.

> Many of them are not hopeless ...

Exactly, and "many" is not enough. It's not possible to design a special switch only for those qualified "many" - and only them. Platform owners and the EU insist on protecting the unqualified everyone else too.

> How is it "strictly necessary" for Apple to do that, rather than whoever the owner of the device chooses to do it?

It's not in the sense that someone else could do it, but the DMA doesn't require it, so obviously no gatekeeper will. Also, it's a terrible idea because there's no market for it. Everyone already expects it to be free.

> Sure, the amount risk probably varies, but you are talking about going from a Marketplace that implements some level of app review to no-review. It's more risk.

Only if the developer isn't as trustworthy as Apple. In fact, it could be lower risk even if they are less trustworthy than Apple, when it's their own app, because someone who is less competent but not overtly malicious who posts their own app is much less likely to be supplying malware than a general-purpose store that tries to vet everything but accepts submissions from just anyone at all including overtly malicious actors, and could thereby miss something.

And the user, in choosing which alternate stores or developers to trust, can decide that.

> It's not possible to design a special switch only for those qualified "many" - and only them.

Well of course it is. In the worst case scenario you could make the switch irreversible and then once enabled the device could never add another store. But that's really no different than requiring a device wipe to change it back, because a wiped device should be no different than a new device that never had the switch enabled to begin with.

> It's not in the sense that someone else could do it, but the DMA doesn't require it, so obviously no gatekeeper will.

Isn't whether it's "strictly necessary" the condition on which they can demand it?

> Also, it's a terrible idea because there's no market for it. Everyone already expects it to be free.

How is it free? They're charging $100/year and a percentage on top of that.

I love how a never-used-by-courts-before regulation would supposedly already have "most interpretations" with any sort of authoritative value. I can probably walk into a pub tonight and get 27 other "interpretations", they will have the same value of yours. Technically speaking, even the Commissioner's own interpretation might well be flawed - we won't know until a court spends some time on it. I would humbly suggest, though, that when the very same lawmaker who wrote the law is publicly pulling your ears in public on related matters, your interpretations are probably not the right ones.

Apple pay enough real lawyers to defend them, they really don't need pro-bono amateurs.