[turbinerneiter]

That's fine, just stay on the default settings then.

This however isn't a reason for the rest of the world to accept this. And since the power in the market is highly concentrated and all of it is moving more and more in this direction, regulation enforces these alternative options now.

All this does is regulate the power the provider of a product has over their customer. This does not ruin the walled garden for the people who prefer to stay in it for peace of mind, but it adds a door for the people who want to leave. There is no negative side-effects for the people staying, only the platform providers will have to spend some money and lose some revenue.

[microtonal]

That's fine, just stay on the default settings then.

I agree in principle, but I worry that we end up in the situation where if you need to use a particular app, you can only get it from a third-party store that you don't trust. (Something gross like Facebook starting an app store.)

Or course, this is mostly a result of Apple being greedy. If they had acted like a good steward of the platform rather than trying to extract a lot of money from developers, we probably wouldn't be here.

[roblabla]

Then don't use this particular app? This already exists today: A lot of apps are android-only, or jailbreak-only. In the same sense, tomorrow we'll likely have amazon-store-only apps.

In practice I doubt many apps will use a third-party appstore. Apple has a lot of leeway in how they will implement the regulation - they can make it painful enough to use a third-party store that most popular apps will want to keep using the primary app store to get maximum reach. Just like how almost every android app is on the google play store - despite sideloading being a thing since forever.

[derefr]

Yeah, but for the apps that are on iOS devices, Apple is effectively currently standing in the position of "the lawyer who writes a 4000 page contract to de-risk the wish they're making with the evil wish-granting genie", so that we don't have to. Apple forces apps on their store to obey certain restrictions that make life better (less tracked, especially) for consumers; and those restrictions are begrudgingly accepted by the developers, because there's no other way for the dev to access the iOS user-base.

As soon as those devs can avoid Apple's restrictions and deliver their apps directly to users with the "intended" experience, they will.

Personally, I like neutered-evil-genie apps, and will be sad to lose them (i.e. have them turn into unfettered-evil-genie apps, which I won't use.)

[easton]

Isn't the answer for Apple to provide operating-system level restrictions to apps (regardless of source) that make it so the only way any application on the system can access the identifier is by permission from the user? I wouldn't be surprised if this is how it works right now anyway, just because an app is deployed by an enterprise developer doesn't mean it should be able to bypass the app tracking transparency prompt.

Or does the EU law prevent them from having private APIs/system components period? It seems like many people are making the assumption that this means that every single sideloaded app will be able to bypass all of the privacy/security features on the device, and I don't see why that would be. My understanding is that this is for "fairness", which would mean that apps that are sideloaded would have the same level of access as those on the App Store, meaning they use the same APIs that trigger the same prompts.

[derefr]

No, because this isn't about OS-level identifiers; it's about things like e.g. applications working together to track you by passing permacookies through Shared Containers; or about apps that ask for microphone privileges then listening for ultrasound beacons in retail stores to determine their location.

These are the sorts of prohibited behaviors that can be heuristically recognized by technical means (e.g. static analysis), but where any such recognition would necessarily result result in tons of false positives; and so those issues, when raised, must be passed to a team of human auditors for determination.

This is, by-and-large, why App Store submissions — even for updates — still require that human-auditor step. They're always watching for those seemingly-minor "this app got sold to someone evil" updates that slip in spyware — the kind you see often with Chrome Extensions.

[easton]

Your point is valid, but I think those examples are fixable. Permacookies could be fixed as simply as "Would you like to allow {EvilApp} to access data from {EvilPartnerApp}?", as there aren't a lot of reasons that apps should be passing data between each other without user consent (or the share sheet).

The second example has already been fixed with the microphone indicator from 1-2 versions back, where a light shows up in the corner whenever the microphone has been activated (and swiping down tells you what app activated it). A notification could be added if an app tried to activate the microphone when it wasn't in the foreground (but I don't think the OS lets you do that anyway?)

[nodamage]

People always make this argument in these kinds of threads and I wonder how it isn't blatantly obvious that operating-system level restrictions are woefully inadequate to deal with unscrupulous developers. Put yourself in the mindset of an unscrupulous developer for a moment, can't you think of a hundred ways to abuse permissions granted by the user or operating system to violate privacy?

Take, for example, this: https://www.reddit.com/r/ios/comments/w27x6j/uber_does_not_r...

[Apocryphon]

If these abuses happen under the aegis of the current App Store, doesn't that nullify the argument that App Store review is sufficient protection?

This also ignores that it's conceivable that Apple can harden iOS's existing permissions system.

[blub]

Many of the restrictions that Apple added along the years were reactions to abuse by app developers (which in reality nowadays are "legal malware developers"). Everything you can think of has been tried: from reading the installed list of apps, spying on the clipboard, scraping location data from pictures, fingerprinting phones based on camera sensor or motion sensor and many others.

Permissions represent one of two pillars of their strategy against legal malware developers. The second one is the rulebook associated with the AppStore, preventing publishing non-compliant apps and banning developers for breaking said rules. A classic example is Facebook misusing enterprise certificates to install "Facebook research" which allowed them almost unrestricted access to the data of the users. Apple revoked their enterprise certificate, which also affected internal applications that Facebook employees were using. Facebook relented.

If Facebook launches their own app store, the second pillar is completely circumvented. Additionally they will find ways around the technical limitations, be it through use of private APIs, tricking users into clicking confirmations or bribing them. Technical limitations are not enough when dealing with malicious actors.

[petre]

> If Facebook launches their own app store, the second pillar is completely circumvented

Meta be forced to offer their adware/spyware Facebook app through the Apple app store as well, as many people will not agree or won't have the technical knowledge to install more than one alternative app store. Apple will probably be forced to provide a list of alphabetically ordered app stores to choose from in the initial iPhone setup. It's quite convenient that their own app store starts with an A.

[nuker]

> that make it so the only way any application on the system can access the identifier is by permission from the user?

And let's say the user says No. Today the app will be forced to work without it. By Apple Store rules. Tomorrow the app will say "this permission is required for app to work".

[8note]

So nobody downloads the app? Or are you afraid that other app users don't care about your needs, and are trying to force them into agreeing with you?

The government offers a democratic way to determine these requirements

[kmeisthax]

The obvious counterargument here is that having lawyers write 4000 page de-risked evil genie wishes just normalized the concept of dealing with evil genies. Apple can negotiate around the margins - maybe they stop making their ad tracking identifier opt-out or something. And indeed, that seems good, we increased privacy compared to the alternative. However, this isn't the full picture. Apple is the one who provided that ad tracking identifier in the first place. More generally, they brought a lot of users straight into Facebook's open, gaping maw.

Furthermore, the lawyer isn't just de-risking one evil genie wish, they're de-risking millions of them. Apple does not just have Facebook on the App Store. They have millions of apps. And as you can imagine, many of them are barely reviewed garbage or outright scams. If these apps tried to get distributed outside of the App Store, nobody would trust them. But them being on the App Store gives users a false sense of security. Apple switched from being highly selective in the early days of iOS to doing bare-minimum checks because the latter made them more money.

[8note]

Why not have the government do that? That's the role of government regulations

[est31]

The issue is what if you have to use a specific app to access some service or community. And then that app requesting access to your location data and your address book even though there is no point in it requesting either. Sure you can deny but if you do it, the app will refuse service. It can only be solved by the app store requiring that users denying access won't result in the app refusing to work, or only the features will refuse to work that actually need that data.

"just don't install the app" won't work in many, many cases.

[yoavm]

But this doesn't really happen on Android now. Even though I can sideload apps and use different app stores, my bank never told me to get their app from Shady Store and the public transport company didn't ask me to you F-Droid. The official app store is still _the_ place you find apps in, you're just _also_ free to wander on your on.

[est31]

The most famous example of an app choosing not to be on the play store is Fortnite. Google even had to add a feature to their play store search to show a message that Fortnite is not available, so that people don't get desperate and install one of the many scams. Fortnite did this because they didn't want to pay the Google tax, but other apps might do it because they want to spy on users more. The danger exists.

[ThatPlayer]

We can always use Apple's favorite defense on why they don't have an app store monopoly: use your browser. Facebook, Instagram, TikTok etc. all still work via the browser. I don't know a single one that doesn't (though I could be wrong)

[krzyk]

> use your browser

Yeah, but I can't I can use only Safari engine, and I would like to use Firefox one.

[thefounder]

And the browser sucks on purpose for app development/distribution.

[MichaelCollins]

> The issue is what if you have to use a specific app to access some service or community.

Such compulsions are the real problem. In a free society, nobody should be compelled to have a phone at all, let alone install software on one. Government services in particular should never be gated in this way. If no compulsion exists, then there is no problem with people having the choice to use any appstore they wish.

If by 'have to' you mean something along the lines of "My brother keeps badgering me to install WhatsApp" then the answer is to simply say "No." Real example. He texts me instead.

[est31]

It's thankfully not mandated by governments. However, often there is social pressure to obtain a given app. E.g. when a friend group is all on snapchat and they organize outings via the group chat. Do you want to be left out of that discussion and only be informed by one person from that group who forwards the decision when and where to go to you?

[hammyhavoc]

Sounds like you need better friends.

[warkdarrior]

In US I have not seen any government services that are available only via mobile devices. Most online government services are accessible via a website, and one can go to a public library to use a (non-mobile) computer there.

[laggyluke]

Ideally OS should give you a way to feed such evil apps some fake / spoofed data.

I believe a rooted Android used to allow something like that, not sure if that still works nowadays.

[est31]

The app might be able to detect the pattern generated by the fake data generator and refuse to work in that instance. E.g. apple's approximate location feature often puts you into the city center at a very specific location. It's trivial to detect devices that are always at that precise location and only move around in discrete steps between those points.

This can lead to an arms race where the OS creates increasingly advanced/realistic fake data, and apps get increasingly sophisticated logic.

So I'm not a fan of solving this the technical way. A policy is way better, but you need to be able to enforce it.

[laggyluke]

Why not both?

Sure, it'll lead to arms race like you describe on one side, but let's say 99% of the apps won't even engage in that arms race if the fake data is generic enough to cause a high number of false positives (blocking someone who's not actually faking the data).

Then, we can focus on the remaining 1% of worst offenders to actually enforce the policy.

[highwaylights]

Ultimately I think the only person this benefits is Tim Sweeney, as he gets the Epic store on iOS/Android/Playstation/Xbox.

Realistically this just drives people into a different walled garden. One that is device-vendor agnostic, but a walled garden nonetheless - in that your purchases are tied to Epic. This law could have been so much better, but now it just trades one problem for a bunch of new ones (some even worse than what it's trying to solve).

One thing that might have been nice - making allowances in the law for centralised certification authorities with fixed tariffs, so that Apple still checks the builds as it does now for the App Store, but then the builds can be released elsewhere (as the signatures will match). For this they could charge a fee, which could be capped in the law at a percentage of the sale price (and obviously much lower than 30%). This way iOS/Android could still have guaranteed protection, for which Apple/Google's costs are covered, but the user would have freedom to get their software from wherever.

The problem is that hardline free software advocates would still complain about this, insisting that the certification authority be scrapped. iOS and Android are now Windows, and it's going to be a mess.

[selfhoster11]

You underestimate the blessing that is an app store that's free of bullshit policies restricting what you can and cannot publish. With F-Droid on Android, I used to have access to apps like NewPipe that Google would never even consider carrying on their app store, but - because I had a third party store, that wasn't a problem.

Now that I have an iPhone, I miss NewPipe greatly. But with this law, I might be able to get something like it in a few months without jailbreaking.

[highwaylights]

Not underestimating it at all, it has value. Unfortunately it undermines so much of the security model in other areas that both platforms will rapidly become malware swamps.

[alsetmusic]

> Then don't use this particular app?

And when your employer / school / insurance provider / other requires it, what then?

[hammyhavoc]

A dedicated phone for work/school that operate BYOD schemes? VM?

[2muchcoffeeman]

I think they have to make side loading a painful developer only endeavor.

Other wise you can end up like the streaming situation where people are just giving up with all the subscriptions and just pirating everything.

[thefounder]

Pirating should be a breath of fresh air on mobile. Maybe the streaming services will finally start providing more value.(i.e shared catalog)

[elzbardico]

Then YOU don't use this particular brand of smartphone?

[onion2k]

if you need to use a particular app, you can only get it from a third-party store that you don't trust

This will be a problem but the solution is not to transfer your freedom to choose to Apple and just let them decide which third party apps you are allowed to use.

In some cases that will mean making a hard choice between accepting the risk of using the third party app store, or accepting that you won't be able to use certain apps. The benefits are significant though - your device will actually be under your control. You will be able to do all the things Apple prevent now.

[Tozen]

> ...the solution is not to transfer your freedom to choose to Apple and just let them decide...

Very good point. It's almost like people believing it to be better for a "benevolent" dictator to make all decisions, so that they won't be bothered with having to make choices.

Not every user wants to give over their freedom of choice to Apple (or any seemingly "kind" dictator), and many would prefer they can make decisions about what is best for their particular situation and based on their own preferences.

[_jal]

> This will be a problem but the solution is not to transfer your freedom to choose to Apple

Will the solution involve a method to negotiate degrees-of-freedom? Or perhaps a freedom grant method with revocation protocol? Do I get a little widget to see how free I am at the moment?

I'd love to see a laundry list of changes to industry practice, too. But the language employed for these compatibility fights is just getting goofy.

The F150 cup holder is enslaving me, somebody pass a law quick!

[s3r3nity]

> In some cases that will mean making a hard choice between accepting the risk of using the third party app store, or accepting that you won't be able to use certain apps.

You already have that choice today: I can buy into the walled-garden, or go to Android and side-load to my heart's content.

Clearly the market has chosen the preferred route. (I personally am also in the camp of preferring the simple, locked-down approach for my family that Apple has created.)

[dane-pgp]

> You already have that choice today: I can buy into the walled-garden, or go to Android and side-load to my heart's content.

So if Google decided to force this policy onto Android phones, you would support the EU introducing this legislation to bring back the option of side-loading?

Or would you want the legislation to only apply to Android phones, and not Apple devices?

[thefounder]

Give the Europeans the choice to own their device and install whatever they want!

[sangnoir]

> Clearly the market has chosen the preferred route

Indeed - iOS trails Android in Europe. With this law in effect, perhaps more Europeans will choose to buy iPhones

[mattnewton]

> you can only get it from a third-party store that you don't trust. (Something gross like Facebook starting an app store.)

As apposed to today where you can’t get it at all if apple and the app disagree about anything?

I know you are thinking of another large enough player you don’t trust as much forcing their store as the only avenue for an app, but it’s hard to imagine how that wouldn’t provide large incentives for a smaller party to make a competitor on the official store.

[microtonal]

As apposed to today where you can’t get it at all if apple and the app disagree about anything?

Since there is only one app store for iPhones, almost every app vendor is willing to conform to Apple's guidelines (which are often pro-privacy and protect the user). Otherwise they lose out on a significant market share with a lot of spending power.

smaller party to make a competitor on the official store

Sure, they will pop up. But Facebook, Microsoft, and Google will start iOS app stores and app developers will go to their app stores because of network effects.

[tristan957]

> Since there is only one app store for iPhones, almost every app vendor is willing to conform to Apple's guidelines (which are often pro-privacy and protect the user). Otherwise they lose out on a significant market share with a lot of spending power.

You've just described why these changes are good. I feel like the word "willing" in your statement is carrying a lot of weight.

Apple forces developers to publish from Apple devices, spend $100 a year for a developer account, give up 15-30% of any revenue generated from that app, use WebKit, etc.

That is not at all what I describe as restrictions that lead to "willing" app vendors.

[Apocryphon]

> But Facebook, Microsoft, and Google will start iOS app stores and app developers will go to their app stores because of network effects.

They might try, but it would be a lot harder than you imagine.

[simion314]

>I agree in principle, but I worry that we end up in the situation where if you need to use a particular app, you can only get it from a third-party store that you don't trust. (Something gross like Facebook starting an app store.)

You have Android as a real world experiment, go ask an Android users to search the Facebook Messenger app on Google Play store and you will see it is there, FB did not forced Android users to install the app by side loading it and FB did not created their own app store for their apps.

What could happen though is you would get fair prices, say an app/Game would be 30% cheaper if you buy it directly from the developer and not from an intermediary, though I did not see this happening on PC (getting a better deal if I buy directly, I am wondering what causes this)

[d12bb]

We did not see this as being in an app store actually has value: these 30% cover server/traffic for downloading, billing, discoverability, ease of use in getting the app, little marketing (getting featured). For lots of developers, this seems to be worth whatever the market in question asks for.

[MichaelCollins]

I have never needed to install an app from Facebook, and never have. Amazon has an appstore; I have never been forced to install it or anything from it. Should the day come when people are actually forced to use any facebook app or appstore, that compulsion is the problem that needs to be corrected. The problem isn't having the option to install a facebook app; the compulsion is the problem.

[koyote]

> but I worry that we end up in the situation where if you need to use a particular app, you can only get it from a third-party store that you don't trust

I often hear this argument but Android has had third-party app-stores and 'side-loadable apps' since day one and I can't think of a single major app that needs its own app-store.

[com2kid]

More than one semi-legit app asks you to install the APK on its own.

There are also app stores on Android that basically push lots of scamware targeted at kids.

We aren't the target audience so we aren't going to see much of these going ons.

[hammyhavoc]

Fortnite has the Epic Games app. It's only the biggest video game in the world.

[musicale]

> the biggest video game in the world

My bet is on Microsoft Solitaire. :-)

Though Minecraft is supposedly still at 170 million monthly active players vs. 80M or less for Fortnite.

Not necessarily up to date but interesting: https://en.wikipedia.org/wiki/List_of_most-played_video_game...

[hammyhavoc]

Wasn't meant literally, but sure. It's a big enough deal that it having its own store app is potentially something to take note of.

[vanillaicesquad]

Pornhub

[xdennis]

> I worry that we end up in the situation where if you need to use a particular app, you can only get it from a third-party store that you don't trust.

This works both ways. Some people want to use iOS exclusive apps but can't justify buying an iPhone because of how restrictive it is. This act alleviates that.

[nine_k]

- Third-parry app stores exist, the app in question is available on one of them. You have a choice: install it, or ignore it and stay fully under Apple's aegis, as before.

- The app in question does not exist because the only existing app store run by Apple rejects it. Tough luck, no choice, but you still can stay safe.

Don't you agree that the latter situation is a strict subset of the former?

Also, if I were Apple, I would implement a one-click return to "safe defaults", and a prominent badge to tell Apple's software and setting from third-party.

[norman784]

Don't quote me on this, but there was some discussions early this year about dominant platforms (I didn't read what does cover this Act, but) need to provide API to allow users to use third party alternatives, like Facebook, WhatsApp, iMessage, etc, so you could now have an app like Adium again where you have all your chats. So in theory this will be not an issue.

[rnk]

I think you missed the point of the new restrictions. Stopping those practices that are harmful to users is a good thing. Ending endless spying, aka corporate surveillance, that can be a good thing. When Apple made their changes, Apple conceptually blocked any new facebook app that spys on you, because you can't install it. If there's a future facebook store that has the only facebook app (because facebook won't agree to that more limited apple ad/surveillance world capability), you'd have freedom to install that app because of european rules described here - but you wouldn't necessarily be better off by having more spying.

[Apocryphon]

European (and other) regulators are concerned about tech data collection. It’s an issue that’s not necessarily orthogonal to this development. If Meta wanted to try their luck at putting their apps on an exclusive Facebook app store, such a platform would be subject to regulator scrutiny as well, and would be an even more convenient target for investigation.

[bayindirh]

You can't believe how jolting people and/or companies make them change for the better. Maybe this is the kick we needed for the companies to start innovating and "Think Different"?

I use MacBooks and iPhone, and I love their current form, but they are victim of their own success at one point, like how Intel just dragged its feet to just keep the performance gap enough to keep the lead. Maybe this can help us to see a better, more exciting Apple and tech ecosystem, no?

The last battery lawsuit brought us "Battery health" menu, and this is immensely useful, even if it only reads a couple flags and shows us what the iOS is doing.

[krzyk]

> if you need to use a particular app, you can only get it from a third-party store that you don't trust

This sounds like iPhone user argument. In Android world you can have multiple app stores, but if you want your app to be used you must be on Google one, because it has the most eyes. Facebook didn't create their own app store.

Custom App stores are fringe apps, with exceptions of f-droid which is source of open source apps and many prefer it to google play (and apps are frequently on both stores) and maybe samsung/amazon ones because they are preinstalled on some devices.

[s3p]

>Or course, this is mostly a result of Apple being greedy. If they had acted like a good steward of the platform rather than trying to extract a lot of money from developers, we probably wouldn't be here

I don't think so. Another comment was mentioning how some desktop apps are built to install ONLY from a certain marketplace (eg Steam) so you can't install them from anywhere else. It could easily happen on iOS.

[yieldcrv]

Apple could make a greater incentive to use their approval

Competition

[highwaylights]

This will immediately happen, and is the intent of the law.

Direct downloads from websites isn't far off - I wouldn't be surprised if we very rapidly get to a place of each-app-is-it's-own-store for the purposes of complying with the law so you can freely download apps from websites.

It'll be Windows all over again, with all that implies.

[luplex]

I'd much rather have lawmakers set standards on which apps are legal than appstores.

[MR4D]

> That's fine, just stay on the default settings then.

That’s actually not possible though. For instance, Microsoft is likely to create its own app store, as is Adobe, Google, and obviously Epic, among the many others. So now I will have to install a bunch of app stores just to install different softwares.

I already have this problem on my gaming PC where I not only have a bunch of different app stores, but a bunch of different update tools, payment providers, logins (not just for the games, but for the app stores). It’s a freaking pain in the butt. I just want to play a game on my PC and I have to deal with crap like that. I don’t want it on my phone!

[hammyhavoc]

Don't think of them as stores, think of them as repositories, just like how civilized operating systems use package managers.

[kavenkanum]

Then maybe someone come with a platform that is agnostic. Like Humble Bundle - they offer in many cases both Steam codes AND ability to download directly from their servers with no need to install any additional platform software.

[drexlspivey]

Just wait till Facebook forces you to download their app from the alternative app store with all their tracking crap up to 11

[emsy]

You are forced to download the Facebook app?

[musicale]

Last I checked Facebook owned several popular apps including Instagram and WhatsApp.

[Zak]

I imagine they'd like to do that, but they wouldn't like users to use the website instead, and they really wouldn't like users to use Facebook less.

[Krasnol]

> This however isn't a reason for the rest of the world to accept this.

I guess most of "the rest of the world" will still be hindered by the price tag.

[hammyhavoc]

Price is right on the iPhone SE. Not an Apple user anymore, but it is very competitive versus Samsung, Google Pixel et al.

[Krasnol]

This is like if you'd say a Lamborghini is not an expensive car because there are Ferraris out there.

[philliphaydon]

> That's fine, just stay on the default settings then.

This isn't going to end well.