[cmeacham98]

> I may be getting something wildly wrong here, but I am not sure I see the presence of this Apple ID proxy in Apple’s services logs to be a violation of either its own policies or users’ expectations for using internet services in general.

I strongly disagree that the iOS App Store should be treated as an "internet service" rather than a part of the device. The iOS App Store only comes on iOS devices, it comes on all iOS devices, and it is the only way to access a crucial feature of the device. It is, for all meaningful purposes, part of the iPhone in the same way iOS is.

It would be a bit like Microsoft saying "explorer.exe? Policy A only covers the OS, and that is clearly not part of Windows! - so therefore you are covered by Policy B". While Apple may be legally in the right, I strongly believe they are morally in the wrong and have betrayed the trust their users put in them to safeguard their privacy.

I believe that a casual user of the iPhone would take a look at Apple's iPhone privacy policy and expect that to apply to the iOS App Store as well, as for all intents and purposes that is a part of the iPhone.

[1vuio0pswjnm7]

"It would be like Microsoft saying "explorer.exe? Policy A only covers the OS, and that is clearly not part of Windows! - so therefore you are covered by Policy B."

This made me remember a long time ago when I ran Windows I used to disable explorer.exe by editing a certain registry key.

Not sure if this still works today, but it did back then. This reduced distraction as only one window could be maxmized at a time. Also made the OS feel more stable and snappier. In any event it was one less memory-consuming process running.

[drooopy]

I remember that back in the windows 95 days i used the same trick to load progman.exe instead of explorer.exe during boot.

I was too used to the Windows 3.1 desktop environment...

[1vuio0pswjnm7]

IIRC, I think I used taskmgr.exe as a substitute program launcher instead of explorer.exe's "Start" button and menu. I, too, was originally a Windows 3.11 for Workgroups user.

[r0m4n0]

I'm not sure what is being argued by the semantics here but the app store is an important aspect of the device but does that make it not an internet service? An app store by definition is almost a direct equivalent to a web browser. It's just a tool to allow you to move data/code onto your device to do more things. Without it, your device still has a functioning OS. Apple has coupled the functionality of app installation and a curated remote repository of apps on the internet and bundled it as "the app store." I'd say most people aren't referring to the app installation aspect when they refer to the app store.

If an app store is a glorified web browser and apple is maintaining content that is loaded into it, it's almost the definition of an internet service no?

[cmeacham98]

Let me repost what I wrote elsewhere in this thread:

The point is not that the App Store isn't an online service (although I would argue that it more "relies on" an online service), but that its role as part of the OS supersedes that.

I can't go back and edit my comment now, but to make it more clear I probably should have written something like:

> I strongly disagree that the iOS App Store should be treated as ___only___ an "internet service" rather than...

[r0m4n0]

Ok yea agreed. I think it’s more than one thing, including an internet service

[smoldesu]

It's certainly multiple things, but some things take precedent. If Apple allowed people to install third-party App Stores, then the freedom would take precedent and nobody would be throwing rocks at them.

[Spooky23]

You can use enterprise provisioning, which uses the same mechanics, to install apps on devices you manage.

There are lots of places that run iOS on private networks with no internet access or Apple ID.

[placatedmayhem]

It's not just a web browser, though. It's the sole method to install software, most similar to a package manager on a desktop operating system. On your point, many package managers do have the ability to browse the remote index of the software they can install (e.g. `brew search [X]`, dnf search [X]`). However, the primary purpose of a package manager, including the App Store, is to install and manage software. This is a critical operating system function, made more critical on iOS by the fact that the App Store is the only way to get software.

[yreg]

Devil's advocate:

Contrary to explorer.exe, App Store is an internet service in the sense that it requires sending requests to backend for pretty much any user action. There is zero functionality without a data connection.

[newaccount74]

How does that justify logging user actions? Just because you can log customer requests does not mean it is morally right to do so.

[yreg]

I am responding to a specific argument. That argument is that App Store is not an internet service. I say it is.

[cmeacham98]

The point is not that the App Store isn't an online service (although I would argue that it more "relies on" an online service), but that its role as part of the OS supersedes that.

I can't go back and edit my comment now, but to make it more clear I probably should have written something like:

> I strongly disagree that the iOS App Store should be treated as ___only___ an "internet service" rather than...

[grog454]

Why can't we just say internet service or not, privacy applies. My banking is done through internet services and I still have privacy expectations there.

[2OEH8eoCRo0]

Uninstall requires a backend? If uninstall doesn't require a backend then it's not an internet service. It's manipulating things on-device.

It's a package manager and tracker designed in such a way that it only talks to Apple's backend.

It's still the system package manager though.

[yreg]

There is no functionality for uninstalling software in the App Store app.

Users uninstall apps directly from the homescreen (springboard), without going through the App Store app.

[scarface74]

Every app can have iCloud associated data that would be deleted when you uninstall the app. Also push notifications go through Apple’s servers and then Apple bundles them for different apps. Apple would need to know not to send push notifications to an app that is no longer installed.

Also of course Apple keeps a record of installed apps. If you drop your phone in the ocean and go to the Apple Store to buy a new one, your installed apps are reinstalled.

[smoldesu]

iCloud is the problem, here. Apple has no right to predecate my software usage on the existence of an account with them. It's equally as absurd as Windows requiring a Microsoft ID to log in.

[scarface74]

Then don’t buy an Apple device?

Apple for over 40 years has sold integrated software and hardware and for over 20 has sold hardware + integrated online services (iPod+ iTunes) and now you are shocked that when you buy an Apple device you also buy into their ecosystem?

Exactly how is anything on the iPhone suppose to work without an account? Push notifications?

Most Android apps are also dependent on Google services and a Google account.

[quickthrower2]

Windows is now entirely an internet service as you need a microsoft account and internet connection to install it.

[whywhywhywhy]

You don’t, they try to obscure it but you can still install without a Microsoft Account.

[AshamedCaptain]

At some point, when you have to go find the disassembler and start monkey patching binaries, some people will still say "but there's still a workaround!".

[RunSet]

Reminds me of how Firefox removed the ability to set a URL for new tabs (the better to display advertising on them) but justified it by saying "Users can trust and install a third-party extension to enable that functionality."

[gog]

And obscuring it in a way that you need to disconnect from the internet for the local account installation to become available.

[yreg]

That's a dark pattern, but even so, Windows is useful without the internet. App Store doesn't demand a data connection on a whim, it fundamentally needs it for all of its functionality.

[Semaphor]

Source? Because last I checked, local accounts were discouraged but worked.

[quickthrower2]

I got through 3 new lenovos with windows 11. One purchase but returned 2 due hardware issues. Installed windows about 3 or 4 times

[timmg]

> I strongly disagree that the iOS App Store should be treated as an "internet service" rather than a part of the device.

It's also on the web, e.g.: https://apps.apple.com/us/app/facebook/id284882215

Which means apps, for example, show up on Google searches.

[simonh]

>I strongly disagree that the iOS App Store should be treated as an "internet service"

It’s entire purpose is to look up data and download stuff across the internet. How can it not be an internet service? How much use could it be if it was cut off from internet connectivity, what would you even do in it?

[Lukas_Skywalker]

Sure, it requires internet for it to work, just as the phone itself requires cellular service so you can make a call. Calling is still part of the phone.

Of how much use is an iPhone without the App Store? You can still use the preinstalled apps, but your expectation as a consumer is that you can install new apps. This expectation is broken without the App Store.

[verisimi]

With a name like yours, I was expecting you to point this out:

"These are not device analytics, they are services analytics."

"These Are Not the Droids You Are Looking For"

[klabb3]

Finally, someone puts words on the irks I felt the last times this came up. Thank you.

Apple is basically loopholing all the shitty ad-tech engagement surveillance bs that plagues the rest of the industry through the app store, pretending like it's any other app. Of course they can, but a lot of the hard-line privacy stuff goes down the drain with the hypocrisy.

What bothers me is that Apple really doesn't have to move in this direction, at all. They've been uniquely positioned to basically do things that nobody else can, because they sell so much expensive hardware. Instead, all mega corps seem to blend together and follow the same playbook. It's sad.

[dessant]

The public dismissal of the evidence these researchers presented in the last few weeks was surprising. It isn't truly important whether the App Store is an integral component of iOS, which it practically is until Apple becomes compliant with the provisions of the Digital Markets Act, it merely compounds their legal issues due to ignoring user intent when iOS analytics are disabled.

The main issue here is that Apple has been collecting personal data for years through its own apps without informed consent, which is in breach of GDPR. You need to ask for express consent to collect personal data in the form of non-essential user analytics, having a privacy policy and a toggle in settings to opt out of data collection is not enough, and it does not matter if the data collection is done by a website, app or an operating system.

It was particularly frustrating to see people argue that it's just an older version of iOS, when the reality is that one needs to hack an iPhone to see how this data is being syphoned off, and that jailbreaks for new iOS versions can be prohibitively expensive to achieve. Despite that, researchers pointed out that they see similar encrypted packets being sent with a recent iOS version.

I think it's worrying that consumers can't inspect the traffic of a device they own, and this is also an area that should be regulated so that our rights are respected.

[amelius]

The biggest issue imho is that the device is tethered by the vendor. You can't use it (practically) without being connected to Apple. This should change. I should be able to buy a product and use it with anyone's services. Otherwise, I bought a service and not a product.

[dessant]

You're right, and this is what the Digital Markets Act will help achieve. Though considering how tech companies behave in the face of new consumer rights (see how it took Google half a decade and multiple fines to show a GDPR compliant consent popup with a REJECT ALL button), it will be a couple more years before you can install a third-party app store on iOS or sideload an app.

[scarface74]

> when the reality is that one needs to hack an iPhone to see how this data is being syphoned off

The author of the article wrote that all he had to do was request his data from Apple.

[dessant]

> The author of the article wrote that all he had to do was request his data from Apple

You observation has nothing to do with what is being discussed, we have a right to inspect the network activity of our devices.

I remember you posting in threads criticizing Apple, almost always coming to their defense. You've been doing this for years.

[scarface74]

> one needs to hack the device to see what data has.

This is a provably false claim based on the authors own experience.

Guess what? You also have no idea what your phone is sending the carrier or any other service provider.

But as far as you knowing who I am because of my posting history, “but for me it was Tuesday”

[smoldesu]

> You also have no idea what your phone is sending the carrier or any other service provider.

Ah, so now you play the fatalist backdoor card. Well, the good news is that we do know some of what your iPhone sends back home. We know that every time you launch an app, both Apple and Akamai receive data about what app you opened and when. We know that Apple has private API entitlements for circumventing your VPN rules. We know that Apple actively and directly works with the NSA and CCP to enable domestic surveillance capabilities.

So, you're right! Hacking your device only gives you a small window into the horrors of your software vendor. If we could totally decrypt all of Apple's traffic alongside the SIM's baseband transmissions, nobody would every say 'privacy' and 'iPhone' in the same sentence again.

[BlueTemplar]

In the longer term Apple has a bigger issue here (though related to GDPR) : being a US company it's effectively illegal in the UE.

And after several attempts to pretend that US laws like the Patriot Act that remove non-US citizen rights were compatible with the EU Charter of Fundamental Rights have been struck down by the Court of Justice of the EU (after the US has been caught violating these rights) it's starting to be hard to imagine what kind of agreement can possibly happen between the USA and the EU that would make US companies legal again...

[bsenftner]

> Instead, all mega corps seem to blend together and follow the same playbook. It's sad.

Yet another glaring indicator identifying our species as not mature enough to manage our own society. If this occurs everywhere, no matter what, then it is us, our constitution, our chemistry, our maturity as a species that is at fault.

[Shoue]

Not really, systems affect our behaviour. We created the system that is our current market economy, and we have the ability to construct new systems that encourage better behaviour. For example, studies show that cooperatively ran businesses are more ethical and more stable:

> [...] Additionally, "cooperative banks build up counter-cyclical buffers that function well in case of a crisis," and are less likely to lead members and clients towards a debt trap (p. 216). This is explained by their more democratic governance that reduces perverse incentives and subsequent contributions to economic bubbles.

> The cooperative banking sector had 20% market share of the European banking sector, but accounted for only 7 per cent of all the write-downs and losses between the third quarter of 2007 and first quarter of 2011. Cooperative banks were also over-represented in lending to small and medium-sized businesses in all of the 10 countries included in the report.

> [...] in France and Spain, worker cooperatives and social cooperatives "have been more resilient than conventional enterprises during the economic crisis".

> Public trust in credit unions stands at 60%, compared to 30% for big banks and small businesses are five times less likely to be dissatisfied with a credit union than with a big bank.

In other words, this behaviour doesn't happen everywhere. It's specific to certain types of businesses.

Paragraphs from here: https://en.wikipedia.org/wiki/Cooperative#Economic_stability

[scarface74]

> Public trust in credit unions stands at 60%, compared to 30% for big banks and small businesses are five times less likely to be dissatisfied with a credit union than with a big bank

All organizations seek to accrue power and revenue - even “non profits”.

I saw it from one of the local credit unions I worked at in college…

1. First it was a credit union for a few large companies

2. Then it redid its charter to become a “regional credit union”

3. Then it said “fuck it we are bank”

Meet the old boss..

[mcculley]

Indeed. This is why some (relatively few) organizations are designed to limit growth. Not all credit unions have the problem of growing to serve other customers.

[dismalpedigree]

This mental leap is a bridge to far for me to understand. Can you fill in the steps in your logic?

[bsenftner]

A hallmark of maturity is delayed gratification: one may want, but their maturity tells them they ought to prepare, or otherwise delay and suppress their gratification for a later period when that gratification is a) possible, b) achieved without subterfuge or deception, c) an appropriately and fairly earned reward or payment for effort expended towards this goal.

It is common and entirely ordinary to observe everyday people unable to delay their immediate need for gratification. It is also entirely ordinary and normal to observe friends, family and coworkers who routinely cut corners (take process shortcuts) and engage in process deceptions because they simply do not care about the consequences. Likewise it is entirely ordinary for one's employer to other their own employees to the degree they treat them with equal severity as one might find in the times of legal slavery (not exaggerating at all.) It is common and ordinary for spouses to other their own spouse, causing a legacy of failed marriages.

What is not ordinary is to meet persons that do not take short cuts, do not cheat on their employees, their spouses, or in reality: themselves. The majority that do not cheat are those not trusted and not provided the opportunities. The majority, if given too much trust, will rape their environment blind given time and the lack of repercussion: and that is immaturity at scale in our society, and it is the natural state of society. Trust is for fools.

[aerique]

Probably not now that he's come down from whatever he was smoking.

[interpol_p]

> Apple is basically loopholing all the shitty ad-tech engagement surveillance bs that plagues the rest of the industry

That's a pretty extreme description of what's happening here. I agree that they should not be doing this, and that App Store analytics should be opt-in like the rest of the device analytics, however, they are not correlating your unique identifier with other web properties — i.e. when you visit through Safari. I also doubt they are selling that data to third parties, allowing ads to target you on the basis of it, or using it to build a profile against other application analytics.

In fact, it seems like the article says: they do no clever stuff with it whatsoever. They should remove it in a future update