They’re actively asking developers to index all the content in their apps, to provide Personal Context that Siri can use for user requests. And to create/index the actions available in the app.
So, where developers comply, all of that content is now accessible to those alternative implementations.
It’s not full read/write of the phone, and it’d exclude obvious secrets like passwords, but it is quite far reaching access.
I don’t know what sort of restrictions they can put on the alternative implementations. Can I vibe code one and have it live in a week? or is there a minimum bar?
We may have a different view of what 'giving access' means in this context.
The way I see it: If a user willingly (1) installs another AI app like deepseek and (2) willingly gives it access to 'full phone and app data' with a warning screen or setting of whatever that seems... like a good thing?
I may not agree with those users that it's worthwhile providing their full private data to [some AI startup X] or [Some Chinese or US AI company that will hover up as much for their own use] but if the EU forces Apple to provide this as an option, that sounds good to me.
The whole point of the regulation is that the data on the device is _the user's_ data and if Apple can have its AI services work with the user's data, competitors should be able to do the same.
From my (admittedly European) perspective it looks like Apple is just throwing a tantrum here.
I don’t have the EU perspective, which might be changed by things like GDPR, but I prefer Apple’s stance that “no one should have this data, not even us”.
One reason is that the data on a user’s phone isn’t solely owned by them. Some of it is shared with other people, or “belongs” to someone else: chat, email, shared documents, photos of people, contact information, etc.
In a corporate environment, this is more explicit: you have access to company information, so the IT department controls what apps you can install / run, because individual EEs won’t always make the best choices.
Second, I think app developers are more likely to share more data, if they know that the shared data doesn’t leave the user’s control. And that (presumably) makes the feature work better. If I’m developing an app, I’ll think twice about indexing any sensitive data, if I don’t know where it was going to end up.
Maybe you missed the 'or sent to private cloud' part of the announcement, it's not just local-llm only.
Don't get me wrong, just like you I personally would also prefer LLM-integrations with a privacy-focused provider and I think Apple is a good party to get that from (assuming they're using good models and keep their privacy guarantees here...)
But in the end you're still often 'sending data to an LLM provider', and the EU enforcing them to also let that be competing LLM providers still doesn't sound like a bad thing to me.
If Mistral would give the same privacy guarantees: great! If a company wants to use their enterprise OpenAI subscription: great! Etc. etc.
Let's allow for some competition here and not force a specific LLM-provider onto users just because they like the Apple hardware and software ecosystem.
> Maybe you missed the 'or sent to private cloud' part of the announcement, it's not just local-llm only.
I saw that. Maybe you’re unfamiliar with Apple’s Private Compute Cloud? It’s intended to allow cloud computation on data without making the data available to anyone, which I think backs up my interpretation that apple’s stance is “no one should have this data, not even us”
We designed Private Cloud Compute with core requirements that go beyond traditional models of cloud AI security:
* Stateless computation on personal user data: PCC must use the personal user data that it receives exclusively for the purpose of fulfilling the user’s request. User data must not be accessible after the response is returned to the user.
* Enforceable guarantees: It must be possible to constrain and analyze all the components that critically contribute to the guarantees of the overall PCC system.
* No privileged runtime access: PCC must not contain privileged interfaces that might enable Apple site reliability staff to bypass PCC privacy guarantees.
* Non-targetability: An attacker should not be able to attempt to compromise personal data that belongs to specific, targeted PCC users without attempting a broad compromise of the entire PCC system.
* Verifiable transparency: Security researchers need to be able to verify, with a high degree of confidence, that our privacy and security guarantees for PCC match our public promises.
- - - -
Second, according to their press release ([1] and a sibling comment elsewhere in this chain), they’ve been trying to find a way to allow interoperability without giving full access to everything. Unsuccessfully, so far. So it’ll be interesting to see where it goes, but I’m sympathetic to their current stance.
Could the restriction not be the device owner choosing to use it? If some rando vibe coded an app and the os told me all the things it can access, I'd probably want to trust the developer before installing it. Why do I need to beg Apple's permission to use software better than their first party offering?
Because you made the choice to trust Apple when you bought an iPhone. And while you may make a deep study of who is providing your alternative AI app (is that even possible with openAI or Copilot or Gemini?), the average use will pick something shiny and lose their savings when it transfers their bank balance outside the country.
> the average use will pick something shiny and lose their savings when it transfers their bank balance outside the country.
Couldn't you make a more believable straw man, please? The "Nigerian prince wants to send you billions" is really tired. Try something more emotional! Hackers will steal your kid's photos and post them on pedophile forums or something. This will resonate better with uninitiated and allow to easier lobby monopolistic practices. Good luck!
Just because I bought an Apple product doesn't mean I made the choice to trust them globally across everything I do on my device, when did this become a binary that the hardware vendor must also be the only trusted software and service vendor? I like my MacBook because I trusted Apple to build great hardware, a pretty okay os, and services I don't give a shit about. I won't buy an iPhone because Apple has removed the ability to distinguish between those things on that platform.
Surely there's something better we can do than say "the average user is a dumbfuck better consolidate all control with Apple".
So, where developers comply, all of that content is now accessible to those alternative implementations.
It’s not full read/write of the phone, and it’d exclude obvious secrets like passwords, but it is quite far reaching access.
I don’t know what sort of restrictions they can put on the alternative implementations. Can I vibe code one and have it live in a week? or is there a minimum bar?