[thebean11]

> So how can it reflect badly on their case?

Because these privacy violations are happening despite their locked down App Store.

> The way it reflects well, is to notice that this is a small hole in their privacy measures which can easily be fixed

Sure, it reflects well on Apple as a whole, but not on the app store. This issue is just as easy to fix for sideloaded apps because it's related to OS level permissions which sideloaded apps would still be subject to.

[zepto]

>> So how can it reflect badly on their case?

> Because these privacy violations are happening despite their locked down App Store.

That’s an obviously false comparison. You are comparing against a perfect world, not against the real world.

A valid comparison is against what privacy violations would be happening without the App Store.

As a simple example, we know for certain that Facebook would be a doing a lot more tracking without the App Store, because they have told us in public that they would.

Therefore the App Store is in fact protecting users against large categories of privacy concerns, and this easily corrected hole doesn’t change that.

[thebean11]

> That’s an obviously false comparison. You are comparing against a perfect world, not against the real world.

No I'm not, I'm comparing against a world where Apple allows sideloading, and this privacy issue exists in both.

> because they have told us in public that they would.

Source? Apple's new add tracking opt-in thing is on the OS level the same way this location tracking issue is. It would still work if the Facebook app was sideloaded from what I understand.

[zepto]

> Source?

You can trivially check this yourself.

> Apple's new add tracking opt-in thing is on the OS level the same way this location tracking issue is.

This is a complete misunderstanding of how it works. Apple provides a mechanism for apps to use to identify users who opt-in.

The only thing preventing developers from just ignoring this and using fingerprinting or other identifiers is the App Store rules. A whole bunch of apps have been banned or otherwise forced to stop doing this.

€ It would still work if the Facebook app was sideloaded from what I understand.

No. If the app were sideloaded, Facebook would just implement a fingerprinting solution or provide their own identifier, and ignore Apple’s mechanism.

[thebean11]

> You can trivially check this yourself.

I could not find any quote like this..not sure why you think it's so trivial to find.

> No. If the app were sideloaded, Facebook would just implement a fingerprinting solution or provide their own identifier, and ignore Apple’s mechanism.

You mean like how they ignored Apples location sharing mechanism and maliciously opened your photos to read metadata?

Or the one a few years back about playing silent audio tracks to stay open in the background?

[zepto]

> I could not find any quote like this..not sure why you think it's so trivial to find.

You won’t find a ‘quote’, but it it’s trivial to educate yourself on this mechanism. E.g. Apple’s documentation. Various articles about ad tracking transparency, etc.

If you haven’t read the technical materials about the subject, why do you claim to understand it?

> You mean like how they ignored Apples location sharing mechanism and maliciously opened your photos to read metadata?

There is no rule against reading the metadata. Yes it’s malicious, but Apple doesn’t currently have grounds for removing the app. The correct solution is to stop leaving the metadata in the file.

> Or the one a few years back about playing silent audio tracks to stay open in the background?

That one was indeed solved by a rule change.

But why do you mention these?

Presumably to support your claim that sideloading would be no different from the App Store when it comes to privacy.

If you understood the mechanisms, you’d know this was false.

[fsociety]

You come off as making an ad hominem attack, saying that this information is trivial and if the replier can’t find it then they shouldn’t be commenting on the subject. If it is true that iOS’s permission model is done on the App Store level and not the OS level, which I doubt by the way, then that is a flaw on Apple’s part and should be fixed. Otherwise we are relying on arbitrary App Store rules to protect our privacy and security, instead of baked in constructs in the OS. I’m skeptical that Apple would do something so shortsighted.

[thebean11]

So we agree that Facebook never actually said this? Not sure why you're referencing Apples docs for Facebooks supposed comment..