What does this mean in practice? How will the EU app store be different from the global one? Do we have more info on this other than this rumor article?
The link to the "Power On" newsletter shows me a half-loaded page that talks about the Apple Vision Pro, there is no mention of the App Store. Quality journalism.
I hear that the scammers, grifters, wallet drainers, SIM swappers and the malware and the ransomware industry are rejoicing with another gateway into expanding their business into targeting a massive market of iPhone users just like they have dominated the Android malware market for decades.
They are planning their market expansion into delivering their ransomware onto iOS. It is a sad day for security but what a wonderful opportunity for ransomware authors.
There is anecdotal evidence that allowing side loading and 3rd party app stores makes the ecosystem less secure and makes it more difficult to respond to threats (volume of android infections vs. iOS, as well as case-by-case analysis of specific malware that is done by security companies), but I've never seen a more comprehensive review of HOW malware gets installed on devices (vectors), to be able to quantify the impact of closed vs. open app loading.
So you heard from what's basically a glorified blog post in a pay-to-publish journal written by a primary author who works for a university run by the YMCA. Thanks for citing your sources. I also heard that the world is flat.
I used to be more sympathetic to Apple here, but it's not like the App Store isn't full of scammers and grifters already[1][2]. Definitely will be interesting to see what happens next.
Good that Apple has stellar reputation in that regard with none of that nonsense in the official App Store, so no sane consumer will leave this paradise for a tiny discount!
> a) Will Apple not allow apps on the official App Store if they appear on third party ones.
The EU almost certainly wouldn't allow it.
> b) How will Apple collect their commission. There is nothing in the regulation that says that they can't continue to do this.
See Denmark which has an App Store carveout for in-app purchases within dating apps. Basically, Apple wants records and reserves the right to audit.
Considering this is more than in-app purchases, I would expect a requirement for an Apple Developer account and a legal agreement to get a process similar to notarization on macOS.
It will be interesting if it's the Denmark model or whether they put the responsibility on third party app stores to supply this data to Apple on behalf of the hosted apps.
Either way third party app stores should end up being noticeably more expensive than using the official. Especially once they start having to deal with fraud, chargebacks etc.
Ugh I hope not notarization. It's a real pain to deal with on Mac if you're building packages. And also a privacy leak as it used to send the app hash to Apple on every launch. This has now been reduced to once a week but still..
Luckily it can still be avoided by turning off gatekeeper.
Of course they can't collect ”commission” on payments they're not involved with. The entire point of the Act is to crack down on anticompetitive behaviour. Your example is textbook, and I am certain the text of the law bans it.
I think it's more a matter of "is there a way that complies with the wording and intent of the DMA" than "is there a way to separate the commission from the App Store app itself". Even then, if it's not what the regulators intend it wouldn't be allowed to stand. This isn't a case of breaking some ancient law or technicality and needing to shore up, it's a brand new law with the intent of stopping this kind of practice hindering markets.
They tried similar minded tactics already with the Dutch complaints already and they weren't blindly accepted.
I'm not sure even Apple wants to be flippant about EU regulation.
"See this one neat legal flaw that EU regulators hate!" isn't an approach a US$350B-revenue-company wants to take, with a regulator who's already signalled their intent.
It doesn't need to explicitly mention commissions, law is not an ACL. The regulators and DMA just need to consider that it qualifies as e.g. gatekeeping, which is centrally referenced. Even if it can't be defined as a required action of gatekeeping today the DMA allows for the commission to quickly update that to qualify and require action by Apple. If, by some miracle, the regulators truly made a law which doesn't allow them to regulate the anti-competitiveness they intended too and they are truly beat by some gotcha this time then Apple has only bought a delay not an exception.
$99/year for the development kit will probably be seen as reasonable enough for it to be allowed, though they may have to accept allowing 3rd party alternative solutions to publish things to these other app stores or similar. The fixed price of the development kit isn't really the point when talking about the 30% commission though. That's about revenue from consumer purchases and trying to evade that via moving the pricing to the dev kit wholly then requiring the dev kit will not fly just because the DMA doesn't explicitly reference doing that being an example of a bad gatekeeping action.
>The regulators and DMA just need to consider that it qualifies as e.g. gatekeeping, which is centrally referenced. Even if it can't be defined as a required action of gatekeeping today the DMA allows for the commission to quickly update that to qualify and require action by Apple. If, by some miracle, the regulators truly made a law which doesn't allow them to regulate the anti-competitiveness they intended too and they are truly beat by some gotcha this time then Apple has only bought a delay not an exception.
Is charging a royalty for using the iOS SDK "gatekeeping"? I don't see why that's the case. Is Epic Games "gatekeeping" Unreal Engine by demanding 5% royalty to use their engine? Why should it be any different for Apple to demand royalty for using their SDK?
Even if EU magically made a law that explicitly banned royalties for operating system SDKs, that won't be the end of the story. Such measures could be construed as anti-free trade (given how it disproportionately affects US companies compared to EU companies), and will probably lead to a trade war and/or WTO arbitration between the EU and the US.
If they kept it to something like 5% and don't try to stop alternatives when used with other stores then it's probably not something that'd cause problems. The same is true for any sane pricing of external API integrations regardless of source as charging for push notifications or similar is fine by itself too.
Where they'd get into trouble is by trying to turn these things into ways to move the 30% revenue cut. Just moving the 30% revenue from "rights to be on the one and only store" to "rights to write apps against the device with the one and only SDK" is quite clearly a different motive and forced cost model than having a 5% SDK fee where the developer is free to choose a different SDK.
I.e. "but others charge for an SDK" doesn't allow you to then change your SDK cost model to exactly match what was deemed illegally anticompetitive forced market pricing. It just allows you to charge for your SDK in a competitive way, nothing more.
> And there is nothing anti-competitive about Apple charging for their developer kit.
Not only that but a bunch of iOS apis incur services costs on Apple's side. Certainly seems valid that they should be able to charge to provide push notifications, iCloud storage, etc. There is a wide industry of businesses monetizing development kit usage and/or enterprise services. Nothing in the EU's regulations should preclude Apple from monetizing their investment into the iOS development platform.
Who says I'm using their tools? I might build my app using Electron or GTK.
I don't think Apple can have a requirement to use their proprietary tools. That would be anti-competitive. If they want to make money off the tools... they should just charge a fee to buy the tools.
> The regulation doesn’t allow you to mmap w^x willy-nilly
Yesn’t; I don’t think the regulators would look kindly upon Apple restricting third-party JITs, since it’d give Safari/WebKit an unfair competitive advantage over other browser engines on iOS (something I believe the DMA is also meant to open up.)
Third party payments have always been possible to implement in iOS apps; I've done it myself. What happens, however, is Apple rejects your app during the review process if the payment is for something they deem should be an in-app purchase or subscription (physical purchases are fine). Without that review process, you don't have to use Apple's payment process and can use Stripe or Braintree or whatever you want, and bypass Apple's 15-30% commission.
b) Apple is free to act as payment provider, but can't force businesses to use it.
If they decide to do it anyway:
In case a gatekeeper does not comply with the obligations laid out in the DMA, the Commission can impose fines up to 10% of the company's total worldwide turnover, which can go up to 20% in case of repeated infringement. In case of systematic infringements, the Commission is also empowered to adopt additional remedies such as obliging a gatekeeper to sell a business or parts of it, or banning the gatekeeper from acquiring additional services related to the systemic non-compliance.
This is how these EU regulations get their teeth: turnover not profit and global not local to a region—they can't creatively account their way out of the fine and it's always going to be big enough to really want to avoid, no matter the size of the company. None of this "the fine is just the permit fee for those that can afford it" attitude.
I have to assume at least one company is going to try setting up a company, completely divesting from it, and contracting it to perform operations in the EU. With an open process for tender, even.
No what is stranger is 1million dollar fines on trillion dollar companies then expecting to change behaviour. In some European fines for speeding etc are also based on a person income $100 fine on a millionaire won't have any effect
So their macbooks are insecure because they accept any package installed? Seems like a weak argument and an even weaker security model, has it worked ever security through obscurity/ black box? Should I avoid surfing through the web on non approved websites? Seems like they made a weak system security wise
It's no different than "I want a folding screen iPhone" or "I want an iPhone with a bigger battery/screen/camera/whatever". A year ago I'd say USB-C iPhone. "Just get an Android" or more generally "why don't you leave" is a fallacy that doesn't actually address any criticisms: https://en.wikipedia.org/wiki/Ergo_decedo
Is EU also forcing companies that don't make folding phones to make folding phones because people want them? Or ferraris to make minivans? This argument doesn't make a lot of sense. You may want the world, why would a for-profit entity have to bend over for you? This seems to me to just be another way to control what you do - no longer can you start a company with your vision, you can only start a company that fits someone elses vision, like European Union's vision. Free will is a thing of the past.
I like my phone experience to be simple and intuitive. It really lends itself to a walled approach. I'm out doing something else, and the phone is along for the ride.
On desktop, I have a keyboard, a big screen, and more time. I'm sitting down to work on the computer, so having to pay more attention to it is completely fine (for nerds like me). So the walled garden approach feels more restrictive than empowering in this context, at least for me.
I might have agreed with you if Apple was a good gardener. That would involve weeding out the scams in the app store, giving developers feedback on radars, and being more communicative and reasonable in app review.
It will be interesting to see if Facebook decides to release their own app store, replete with all of the tracking that Apple had been taking away. If they make their apps only available through that kind of custom app store and then "encourage" FB/Insta/WhatsApp users to migrate, it defeats the walled garden.
Meta and other Big Tech corpos will naturally have their own app stores, and distribute their apps through them exclusively once they can.
A year from the release of this capability, EU users will have 20 additional app stores on their phone. Each will be sending notifications, coordinating "enhanced user tracking" between their apps and partner apps, advertising additional 1st- and 3rd-party products, performing background tasks like polling for updates, etc.
Because you can’t download alternate app stores directly from Google’s Play Store. This is a really interesting point — if the EU doesn’t require Apple to allow competitive app stores on App Store, discovery barriers largely neuter potential impacts.
Not really sure specifically, but the comments in that thread are comical.
"Others apps will stay outside to avoid Apple review process. Bugs and deliberate surveillance will run rampant. "
Yup, exactly, but...only to people that choose to actively use these other app stores. If these secondary app stores do not attempt to verify and defend against malicious apps, then they will hopefully be branded as such. For those that choose to continue using them, I have a very tiny violin here ready to play a song of sympathy.
I do not relish the idea of having to download Facebook/Instagram/WhatsApp directly from a 3rd party store. For me Apple standing between sketchy devs like Zuck-co and my phone is a feature not a bug.
If you see apps only appearing in 3rd party stores and not on the Apple store, then that would be a huge red flag. Hopefully, there will be someone looking to make a name for themselves that would download the binaries from each store it is available and test for any differences. Those looking to avoid the cut paid to Apple seem to get all of the attention, but it's these more nefarious things that scare the bejeebus out of me. I don't even use apps from Apple's store because of the shit devs pull. No way in hell would I use something unregulated
> The threat to competition that is claimed to be posed by AT&T in this industry is that, through the use of cross-subsidization and customer discrimination, it will use its power in the interexchange market to disadvantage competing electronic publishers. While the possibility of cross-subsidization is as remote here as it is with respect to other subjects considered herein, there is a real danger that AT&T will use its control of the interexchange network to undermine competing publishing ventures.
Sounds familiar, I wonder how things ended for Ma Bell?
For a while, they were broken up into the baby bells. Then, one baby bell started buying up all of the other baby bells and renamed itself ATT. Clearly, that's a totally different company than AT&T. So, ultimately, nothing.
From a less misanthropic perspective, we avoided the immediate outcome of a direct monopoly and have an undeniably more robust telecommunications infrastructure because of it. If we get an AT&T-style placation out of Apple, I'd consider ourselves lucky.
Ma Bell, at it's peak, was arguably biggest company in the entire world.
The new comglomerate of "baby bells" isn't even the biggest Telco provider in the USA, let alone the biggest company in the USA... let alone the biggest in the world.
You can choose to let Apple stand between you by staying on Apple's App Store. If you don't get an app because Apple is blocking it from the App Store, isn't that working as intended? If you choose to ignore Apple's block and get the app elsewhere, then it sounds like Apple's barrier is a bug
That's a possibility right now, with or without iOS sideloading. Nothing stops Facebook or WhatsApp from bypassing Apple's native guidelines and force their evil, expensive anticonsumer practices down user's throat on the web or competing platforms.
That's my point. If consumers are willing to go directly to Facebook, and Facebook are willing to serve them directly, why does Apple need to get involved?
On the other hand, if consumers want Apple involved, they wouldn't leave the app store, they wouldn't download the app, and the app will fail when there's no users.
Someone who loves Zuck products and finds them indispensable, but still underhanded and despicable in terms of user abuse (surveillance, manipulative feeds, no socially healthy ad-free no-tracking neutral-feed for-pay option …), has reason to dislike Mr. Meta.
Unfortunately, reality is rarely as a la carte as we all might wish.
Imagine being able to make in app purchases for boosting your posts, or ad campaigns, facebook marketplace items (think meta brand items just like amazon brand items) or tiktok shop items.
Now imagine those companies paying a percentage off the top for app store in-app purchases when there is an alternative that doesn’t involve that percentage.
Facebook and Amazon have both tried (and failed) to make their own phones. That’s how much they want to control the entire UX. Of course they would funnel people to their own app stores.
Hell, app stores themselves are places to sell ads and other apps, Apple has proven that.
So why wouldn’t a company with the developer resources and monetization potential of Meta or Amazon create their own app store?
Simple: if they were going to do that, they already would have on Android, where it's possible right now.
Sure, Meta could demand that people install their super-extra-spyware version of Instagram from the META STORE instead of Google Play. But, what they'd likely find out is the same thing Epic found out when it tried to found its own store: most users just don't care enough to install stuff from third-party stores, and generally won't bother.
> Simple: if they were going to do that, they already would have on Android, where it's possible right now.
Maybe, maybe not. Android didn't attempt to destroy their business though, whereas Apple did (and then turned around and introduced their own, non ATT compliant ad system).
I'd grant you that point if this was someone like Musk that we're talking about, but Zuck just doesn't seem like he's at that level of vindictive/petty to go to all of this trouble[1] just out of spite.
Yeah, fair. iOS was super, super important to their business though, so it might net out as financially worthwhile, especially if they created it more as a gaming store with a pitch to all the mobile gaming companies that they'd be able to do analytics again.
(Actually, they're one of the few people that could make a store like that work, dunno if they'd want the distraction but it might be worthwhile for the ads business).
>So why wouldn’t a company with the developer resources and monetization potential of Meta or Amazon create their own app store?
Because that is an incredibly excessive alternative. Instead of just duplicating their app to a third-party app store run by someone else, you're assuming that Meta will go to the effort to create an entire ecosystem that they then have to manage. They would have to ensure that each app on the store is on the up-and-up and hire an immense amount of staffing for that sort of thing - moderation, development, backend support, customer support, yadda yadda. Not only do they already struggle to control the narrative around content moderation on their platforms, but now they've gotta work on preventing malware from being installed on folks phones, too?
It's way too extra, when the much more affordable option is to drop a Meta-preferred alternative onto a third-party app store that already exists. Yet they haven't even bothered doing that with something like f-droid, so I'm expected to believe that they're just going to jump to the more cumbersome option of opening their own store? When the average end user will just use the default store that comes installed on their phone?
I don't buy it. And I say this as someone who is very much in the "Fuck Zuck"/"Meta is trash" camp.
I think for many people the fact it is a tightly walled garden is a feature - those walls keep bad actors out. For many people a phone is just a tool, and they're quite happy to pay a tax to make it trouble free.
The generation of my parents (60s+) is generally not hugely tech savvy. They remember the days of windows XP well - endless viruses, trojans and expensive security software. One of the reasons iPhones are so popular with this group is they let them use the web without fear of dealing with that again.
Right, but you can get the benefit of the walled garden by just... choosing to only install apps that have been vetted and verified by Apple through their app store, and not from anywhere else. These people are acting like the possibility of getting apps from elsewhere personally affects them, but if they are competent enough adults to know that it's more secure to get apps from the Apple App Store, then it won't, because they aren't forced to use other apps. And yeah maybe that isn't possible for old people or very young people because they aren't competent adults anymore, technologically speaking, but then maybe you could add a parental controls feature that locks down side loading apps or something like that. You don't need to remove the feature entirely to make everyone safe.
I think it will be very hard to do that when the other big players move their apps off the store. They will be effectively forced to download apps like WhatsApp and Instagram from wherever Meta puts them. The net result is more hassle, more risk, and worse privacy and security for them. How is that a win?
Do you think that meta will give up their presence on the official app store in order to move to a unofficial app store? Because apple will not allow apps on apple app store if they are unofficial, i have no data, but I suspect they will not
Meta could have done that on Android, they have not, there is your data... it seems that as long as Apple remains a trusted and reasonable partner, Meta will continue to use Apples App Store to distribute their apps, just like they continue to use Google's Play Store today.
I'm looking at it from the perspective of my parents.
For them it is a major feature of the iPhone that you can download any app with complete impunity. No need for $150/year antivirus (for those big scary viruses windows used to get absolutely riddled with). No need to worry it's going to change your default search engine or start mining bitcoin. You know when you download something from the App Store it has been through some level of vetting. I'm not sure why so many people here are wilfully blind to this use case.
Also, the reason I specifically bring up WhatsApp is that we know Facebook will take ridiculous liberties given the chance - remember Onavo?
The thing is that apple app store is also filled with scammy apps, so the argument is flawed at the start, you can’t outsource your security and act on the internet like youre blind and doesn’t affect you, you need to be attentive
> The thing is that apple app store is also filled with scammy apps, so the argument is flawed at the start
So you think to improve the security is to make the problem even worse by having more installable unchecked ransomware on the iPhone.
Really can’t wait for the flood of sideloaded malware and ransomware that made Android phones the insecure toxic hellstew that it still is today; on the iPhone. /s
I can't wait either. I've got a number of sideloaded apps on my Android phone (Netguard, KeePassDX, even a Hacker News client to name a few) and have no viruses to speak of. Closest thing to malware I can notice is the OEM software.
But you're not as ignorant add your patents, so why repeat the obviously false FUD? No, there is no such thing as "complete immunity", what it the basis for worrying that Safari's default search can be easily changed by an app from a different store? How are viruses in the past(!) on Windows(!) relevant?
You're not describing an honest "use case", so there is nothing to be willfully blind about
Privacy and security (of other data on your phone) should be ensured through technological measures like strict sandboxing and permissions that allow sensor data to be spoofed. This is largely already the case, but any remaining gaps should be filled with technological barriers, not underpaid human reviewers prone to mistakes, favoritism, and politics.
If Meta does that, they will be creating their own walled garden next to the Apple one. Meta won't allow pirated software and malware to run rampant on their own store.
and there's where the wheels fell off the bus with your argument. so many non-adults are using devices and downloading content. if their friends are using a non-Apple store and all using an app from there, they will follow. we'll see what kind of parental controls any 3rd party app store provide. teens will absolutely look for ways to skirt anything their parents are using to limit them. it's just part of being a teen.
Expecting people to know what makes an app store safe is like expecting people to know how to change their spark plugs. It’s a niche skill. The only people who are going to know are into the hobby.
Your average person does not have “computers” as a hobby.
In the same vein, I’m not going to give you shit that you don’t know how to change your spark plugs off your head even though it’s so basic.
My inlaws got scammed for 5K when a person calling, apparently from Apple, and convinced them to install an app on an iPhone that eventually got a foothold on their bank account. The same is also possible on Android, but I just wanted to say that even the iPhone can have some of these old problems.
> The generation of my parents (60s+) is generally not hugely tech savvy. They remember the days of windows XP well - endless viruses, trojans and expensive security software. One of the reasons iPhones are so popular with this group is they let them use the web without fear of dealing with that again.
This is a strange argument, given that Windows XP is more than 20 years old, and the problem already went mostly away 20 years ago, when Service Pack 2 came out.
In any case, the problem has long been a thing from the past. Moreover, I don't see anyone complaining about modern Windows or MacOS computers which aren't locked to an app store. So your explanation doesn't make sense.
I think the correct explanation is much simpler: These people are Apple fans, and fans will, occasionally, be irrationally loyal. Like PlayStation or Nintendo fans.
God that thread is infuriating. If they're so worried about apps from outside the Apple App Store being insecure, and want to stick to only installing apps that Apple has approved, then they can literally just limit themselves to only using the Apple App Store and be literally just as "safe" as they were before, with zero difference. They're not forced to get anything from outside the Apple App Store just because the option exists. What, are they infants who can't control themselves? And if other people are using it, so what? Are other people going to install apps on their phones somehow? No, they're not. So others having extra choices they don't want to use doesn't effect them. It's like complaining that your house is made less secure because other people haven't installed a 24/7 surveillance camera and six deadbolts and bullet proof glass like you have. But this is how Apple's propaganda has taught their cultists to think: through learned helplessness. "I need as many choices as possible taken away from me to make sure I'm all safe and secure." Like, no, security (and ease of use) is about having excellent, solid defaults most people won't need to change, NOT about taking away more advanced options.
Maybe, but that's a very limited collection of apps, and I would imagine that such sufficiently popular and well-known apps would actually have a reputation to uphold and proper technical support to ensure that installation is properly verified and that their apps don't contain viruses. Maybe more surveillance might get through, but the solution to that is to have a better sandboxing and permissions model that prevents unwanted data collection by default, since app sandboxing isn't possible to get around by just having your app be downloaded from somewhere else, since it all still has to run on the same phone.
Do you think that meta will give up their presence on the official app store in order to move to a unofficial app store? Because apple will not allow apps on apple app store if they appear on unofficial, i have no data, but I suspect they will not
I suspect they will offer different apps. The official one on the app store becomes limited or doesn't change at all. The app released via other stores will be Zuck's wet dream of a Hoover of all your things. There will be no limitations on tracking. There will be no limitations on what parts of the system can be accessed. Even if the OS puts up road blocks, Zuck will just ask the user for permission and they will all be granted. Even if it is something the official app store would ban from publishing if they were accessed.
Do you honestly believe they wouldn't? If so, I have a bridge for sale
We just have to see it, I have a doubt that apple will be fooled by meta calling whatsapp in a different way, but no certainty, most recently some people were convinced that apple had no solution but allow a unofficial android app on iMessage, and we saw what happened, something tells me theyre harder to fool than it seems
how would releasing an app on a 3rd party app store that Apple has no control over be "fooling" Apple? I'm suggesting theZuck continues releasing apps on the Apple store just like now playing by whatever rules the app store comes with. At the same time, releasing a different app on 3rd party stores that does the things that Apple prevents. What are you confused by to think they are trying to fool Apple?
They clearly said they wouldn't allow apps that appear on third party stores to be on official apple app store. I'd suspect they would monitor them, scrape them, and see. But the only fact is that they won't allow them to be on both stores, the how is speculation, but there are many tools to ensure that
Macrumors and similar fan-forums are usually where stockholders hang out, not casual users. The majority of people who are not directly affiliated with Apple's profitability will probably have no opinion on the topic. That's the best I can rationalize it.
That is not even new. MR comments have been calling for Apple to pull out of EU, or any country that threatens their business model. That is EU, UK, Japan, South Korea, Australia, India and a few others. But never once mentioned pulling out of US or China.
Before US took a stance on App Store, they also wanted Apple to lobby the US Goverment to sanction any country that threatens Apple. Including pulling out of NATO.
A lot of these only died down ( a bit ) once the US Government took an official stance against App Store monopoly.
Who hosts your apps for download and world wide distribution? Also the infrastructure for payments from buyer to you and in app purchase/ refunds, security? Just tip of the iceberg, I suppose you don’t like paying taxes to your government
> I suppose you don’t like paying taxes to your government
The fact that the closest comparison people have to the App Store racket is a sovereign government (the most powerful entities on Earth) is a pretty bad sign from an antitrust perspective.
Of all the App Store problems, this one strikes me as by far the most egregious. If Microsoft couldn't bundle IE in the 90s, then Apple certainly shouldn't be able to completely prevent installation of Safari competitors.
There’s a lot of talking past each other about security, but the big technical question in my mind is: Apple must plan to implement MacOS's Gatekeeper for third-party iOS app stores, right? Is there anything in the DMA that would preclude requiring notarized binaries?
For everyone complaining about the security issues, there is nothing that stops Apple from throwing up a ton of warnings for apps that didn't come from their App Store.
"This app came from a third party, it can download all your private information and has not been reviewed by Apple".
Pop a warning every single time it accesses contacts or location, don't allow third party apps outside the App Store to be granted ongoing permissions to anything, etc.
They can still do a lot to make the third party App Store experience much less appealing to developers than the App Store path and still be within the letter of the law. And I'm sure they will.
(amusing side note, every time I write App Store autocorrect keeps capitalizing it for me)
>, there is nothing that stops Apple from throwing up a ton of warnings for apps that didn't come from their App Store. [...] Pop a warning every single time it accesses contacts or location, don't allow third party apps outside the App Store to be granted ongoing permissions to anything, etc.
But then why wouldn't EU later consider those high-friction "warnings" and security firewalls to be anti-competitive because it doesn't let 3rd-party apps be on equal footing as Apple's Official App Store?
Is there precedence from previous rulings analogous to this Apple situation to predict what EU would pursue depending on how Apple follows the "letter of the law" instead of the "spirit of the law"?
> This app came from a third party, it can download all your private information and has not been reviewed by Apple
Why would you consider it "anticompetitive"? I think Apple has a good claim that this is a factual statement that is used as a security warning as a core OS feature.
Google have something like this when you sideload (or allow sideloading option, don't remember exactly when you get these warnings) and EU did not consider it "anti-competitive" (at least yet).
> I think Apple has a good claim that this is a factual statement that is used as a security warning
I would hope that the technical protections protecting user data apply to all apps and not just apps that come from Apple's store. If an app from the store wants to access your contacts or your location, the user has to approve it. Should be exactly the same with side loaded apps.
Vender lock in such as a core operating system feature that can only be accessed with Apple approved apps would be blatant anti-competitive behaviour.
> Google have something like this when you sideload (or allow sideloading option, don't remember exactly when you get these warnings) and EU did not consider it "anti-competitive" (at least yet).
The EU and the USA have both found those warnings to be anti-competitive. In the EU's case, they have the same deadline as Apple to fix it. In the USA, Google was recently fined several hundred million dollars (and will also be required to change the alerts).
I'm sure there will be some warnings, but it they will have to be reasonable - such as "[Name] is an app you downloaded from the internet. Are you sure you want to open it? Safari downloaded this app today from [Website URL]" - that's the message you get right now side-loading an app on a Mac, I think it would be hard for Apple to justify anything more "scary" than that.
> If an app from the store wants to access your contacts or your location, the user has to approve it. Should be exactly the same with side loaded apps.
What I'm saying is that it already happens for apps from the App Store, where it asks you to allow access to contacts for example. But one of your choices is "always allow". I'm saying for third party store apps, they remove the "always allow" option. Make you approve it every time, to remind you that it's happening.
>I'm saying for third party store apps, they remove the "always allow" option.
I do not know EU's Digital Markets Act Laws in detail but I can't imagine that such discrimination would not be in breach of them. I would frankly see that as an unacceptable and unfair measure. I want to use my iPhone like my Mac without artificial annoyances.
It used to be a global setting with a bit of a lecture on the risks, nothing serious.
Now it's related to a permission per app, you need to give permission for each app to install others. Eg the browser with which you downloaded an APK. Or the files app you used to open it. Or F-Droid's store app. The lecture is gone through. But you still have to grant it explicitly.
> Pop a warning every single time it accesses contacts or location, don't allow third party apps outside the App Store to be granted ongoing permissions to anything, etc.
You bring up an excellent point, but that's a technological issue that should be solved with technological barriers.
An app shouldn't be able to download any private data without explicit user permission, but these restrictions should apply to every app, regardless of where it comes from. To be more specific, users should have complete control over every permission and have an easy way to audit their usage.
Sane security models don't rely on some app reviewer magically catching malicious behavior in an opaque review process where they don't even have access to the source code, much less the ability to review it in detail.
When you jailbreak your iPhone, all you’re doing is running external software on it. I can easily see this becoming commonplace especially with an ecosystem like Apple where people have been sheltered for so long they’re not as wary as say an android user.
I wouldn't compare sideloading to jailbreaking at all, they have nothing in common besides both allowing you to run apps from 3rd party sources.
Sideloading should be an officially supported mechanism and safely allow any app to operate within the confines of the existing sandbox. Jailbreaking is more like taking a sledge hammer to the sandbox and other technological barriers, once you break them down, privacy and security can't be guaranteed anymore. It's why I stopped rooting my personal Android devices.
> An app shouldn't be able to download any private data without explicit user permission, but these restrictions should apply to every app, regardless of where it comes from.
What I'm saying is that it already happens for apps from the App Store, where it asks you to allow access to contacts for example. But one of your choices is "always allow". I'm saying for third party store apps, they remove the "always allow" option. Make you approve it every time, to remind you that it's happening.
I’m pretty sure the legislation accounts for that kind of behavior. You’re not going to be allowed to create extra warnings based on which vector the application is delivered.
Digital Markets Act, Article 13. Anti-circumvention
"The gatekeeper shall not degrade the conditions or quality of any of the core platform services provided to business users or end users who avail themselves of the rights or choices laid down in Articles 5, 6 and 7, or make the exercise of those rights or choices unduly difficult, including by offering choices to the end-user in a non-neutral manner, or by subverting end users’ or business users' autonomy, decision-making, or free choice via the structure, design, function or manner of operation of a user interface or a part thereof."
That just ruins the whole experience. Not to mention, it’s so much easier to have malicious exploits that can jailbreak your phone just by installing it and ruin security for everything within the walled garden as well.
I'm sure they could do that, but when users start getting scammed and losing data, they are not going to remember that they clicked through and allowed the app to install. Neither is the tech media, who will no doubt make a huge deal out of "Apple's broken garden" or something like that.
The same window of scrutiny exists for Android, too. Apple has further to fall, but that's because they deliberately tied their vertical integration to anticompetitive practices. Two wrongs don't fix a broken status quo.
Users very quickly learn to ignore warning popups. It's why you end up with flashlight apps that can access your contacts with millions of downloads. This "fix" almost never works in practice. It didn't work in 2006 when Microsoft introduced it in Vista w/ UAC, and it's not going to work 18 years later where users are even less technical.
There's also a certain amount of fatigue I associate with these warnings and popups now. Its getting to the point where I'm more and more likely to just ignore them and give up my data without a fight and I say that as a software engineer.
wouldn't popular apps then be "prevent apple warnings" app?
I mean, some of the beauty of another app store is that apps don't have to obey apple.
Or... they could popup warnings for apple telemetry, or disobey apple APIs, or "fix" the dark patterns apple has introduced.
Apple phones home all. the. time. They think "anonymized telemetry" is ok. Apple lets apps have unfettered internet access. Remember how the control panel buttons for wifi/bluetooth just disable them temporarily? etc.
Third party App Store doesn't mean jailbroken. You will still have to follow the technical rules imposed by the OS. That warning is put up by the OS, not the app.
> For everyone complaining about the security issues, there is nothing that stops Apple from throwing up a ton of warnings for apps that didn't come from their App Store.
Also, those issues never came to pass on Android which has this feature since the beginning.
In fact I would trust apps from F-Droid a whole lot more than those "reviewed" by Google on the play store.
I think Apple has enough lawyers advising them that most likely this is poor/fuzzy reporting and we shouldn’t jump to conclusions about the specifics of how this will all work from external reporting of rumors.
EU law applies to residents, not citizens. You don't get to avoid other EU regulations because you're a turk living in france, just like you don't have to follow it just because you're a french person living in turkey.
DMCA is a US law also, GDPR, working time directive, or something would have probably been a better example to go with.
I’m very curious to see if/how Apple will “bully” anyone who installs apps from a 3th party AppStore - in other words, nudge them back to Apple’s native AppStore.
Much like how Spotify has been painful to use the past 10 years, compared to Apple Music, for example. AirPlay did work in Spotify, but not natively on the HomePod like Apple Music, etc.
If anything is painful it's the complete bag of shit the Apple Music app is. Spotify doesn't have the best UI, but it's a lot less infuriating to navigate.
You can't expect Apple to integrate every music service on the HomePod and I don't see how that's related with the App Store.
If you want Spotify there are lots of other speakers with Spotify connect and no Apple Music - should they be regulated too or is it just about punishing Apple?
> ”You can't expect Apple to integrate every music service on the HomePod”
Why not?
It’s already possible to do this _now_, the limitation was just another example of Apple crippling competitors…
(Spotify has not implemented it in their app yet, but other music apps have.)
You can also now set the default Music app HomePod/Siri will use.
Luckily EU regulators and others are stepping in to stop Apple in this anti-competitive behavior.
> You can't expect Apple to integrate every music service on the HomePod
Technically, they can provide a standard interface and registration for music apps to comply with.
Legally, if EU believes iPhone via Airplay is being used by Apple to give Music unfair advantage over competition, they can require this or ask Music to be split in a different company.
Spotify not working properly on HomePod is on them because the tools to properly integrate third party music apps have been available for almost 5 years now.
I can kind of understand why they have "given up" though, after all of Apple's anti-competitive behavior. This won't change, so It's just not worth the effort.
> Each country already has it’s own AppStore with specific apps, and reviews.
Is that true? I thought it is one app store, they just filter the content according to your region, language, etc. After all I don't have to install another app store app (unlike Amazon shopping which has different apps for different regions) when I go to another country.
You are correct in that you don’t have to install a separate front end app, but the apps are segregated on the backend. Apps are region locked creating different versions of the AppStore. Plenty developers only release their app on a specific region.
This is kind of subjective isn't it then? I can argue that any app that shows different content to different users is actually a separate app for each user, since all the data is "segregated in the backend". IMO the proper measure of this has to be the user-facing actual app. Not some abstract concept of an app in the backend.
It means basically that Apple won't let these App store channels to work outside the EU.
Their strategy is to reduce the economies of scale that you can achieve, and thus make them less attractive since as a developer you could not sell as much on those app stores.
I wonder how this will affect people with both EU and non-EU iTunes/App Store accounts.
I have five accounts in five different countries, from a time in my life when I moved around more. Two of those accounts are in countries within the EU, but they're not "EU App Store," they're specific to the nation in which they were opened.
Maybe the two EU accounts will be merged into a new EU Store. Or maybe that's a bad idea since history has shown that nations and join and leave the EU a lot more often than anyone anticipated.
Does that imply that I don’t need to sign up for the Developer Program. I’m building a simple app for myself that I planned to distribute via TestFlight. The $99 scared me off a bit.
202 comments
[ 4.1 ms ] story [ 251 ms ] threadThe link to the "Power On" newsletter shows me a half-loaded page that talks about the Apple Vision Pro, there is no mention of the App Store. Quality journalism.
They are planning their market expansion into delivering their ransomware onto iOS. It is a sad day for security but what a wonderful opportunity for ransomware authors.
There is anecdotal evidence that allowing side loading and 3rd party app stores makes the ecosystem less secure and makes it more difficult to respond to threats (volume of android infections vs. iOS, as well as case-by-case analysis of specific malware that is done by security companies), but I've never seen a more comprehensive review of HOW malware gets installed on devices (vectors), to be able to quantify the impact of closed vs. open app loading.
Anyone seen an actual decent review of this?
[1] https://old.reddit.com/r/apple/comments/11tw577/how_come_app...
[2] https://mashable.com/article/apple-mac-app-store-scam-forces...
a) Will Apple not allow apps on the official App Store if they appear on third party ones.
b) How will Apple collect their commission. There is nothing in the regulation that says that they can't continue to do this.
That would look very much like an anti-competitive move to the same EU regulators who are forcing Apple to open the store for competition reasons.
Apple can continue to enforce their own rules on their own store, but demanding exclusivity probably isn't an option for them.
The EU almost certainly wouldn't allow it.
> b) How will Apple collect their commission. There is nothing in the regulation that says that they can't continue to do this.
See Denmark which has an App Store carveout for in-app purchases within dating apps. Basically, Apple wants records and reserves the right to audit.
Considering this is more than in-app purchases, I would expect a requirement for an Apple Developer account and a legal agreement to get a process similar to notarization on macOS.
Either way third party app stores should end up being noticeably more expensive than using the official. Especially once they start having to deal with fraud, chargebacks etc.
Luckily it can still be avoided by turning off gatekeeper.
You are using their developer tools and SDKs and like other tooling e.g. game engines they can recoup this cost through a per-sale model.
They tried similar minded tactics already with the Dutch complaints already and they weren't blindly accepted.
And there is nothing anti-competitive about Apple charging for their developer kit.
"See this one neat legal flaw that EU regulators hate!" isn't an approach a US$350B-revenue-company wants to take, with a regulator who's already signalled their intent.
$99/year for the development kit will probably be seen as reasonable enough for it to be allowed, though they may have to accept allowing 3rd party alternative solutions to publish things to these other app stores or similar. The fixed price of the development kit isn't really the point when talking about the 30% commission though. That's about revenue from consumer purchases and trying to evade that via moving the pricing to the dev kit wholly then requiring the dev kit will not fly just because the DMA doesn't explicitly reference doing that being an example of a bad gatekeeping action.
Is charging a royalty for using the iOS SDK "gatekeeping"? I don't see why that's the case. Is Epic Games "gatekeeping" Unreal Engine by demanding 5% royalty to use their engine? Why should it be any different for Apple to demand royalty for using their SDK?
Even if EU magically made a law that explicitly banned royalties for operating system SDKs, that won't be the end of the story. Such measures could be construed as anti-free trade (given how it disproportionately affects US companies compared to EU companies), and will probably lead to a trade war and/or WTO arbitration between the EU and the US.
Where they'd get into trouble is by trying to turn these things into ways to move the 30% revenue cut. Just moving the 30% revenue from "rights to be on the one and only store" to "rights to write apps against the device with the one and only SDK" is quite clearly a different motive and forced cost model than having a 5% SDK fee where the developer is free to choose a different SDK.
I.e. "but others charge for an SDK" doesn't allow you to then change your SDK cost model to exactly match what was deemed illegally anticompetitive forced market pricing. It just allows you to charge for your SDK in a competitive way, nothing more.
Are you a lawyer specialising in the topic?
Do you actually know anything about this or is this just your opinion presented as fact?
It's not an outrageous conclusion that the law bans blatantly unfair practices, when that's what it sets out to do.
Not only that but a bunch of iOS apis incur services costs on Apple's side. Certainly seems valid that they should be able to charge to provide push notifications, iCloud storage, etc. There is a wide industry of businesses monetizing development kit usage and/or enterprise services. Nothing in the EU's regulations should preclude Apple from monetizing their investment into the iOS development platform.
I don't think Apple can have a requirement to use their proprietary tools. That would be anti-competitive. If they want to make money off the tools... they should just charge a fee to buy the tools.
Yesn’t; I don’t think the regulators would look kindly upon Apple restricting third-party JITs, since it’d give Safari/WebKit an unfair competitive advantage over other browser engines on iOS (something I believe the DMA is also meant to open up.)
It would be interesting to see if people can replace parts of ios (sort of like grapheneos cuts out google)
b) Apple is free to act as payment provider, but can't force businesses to use it.
If they decide to do it anyway:
https://ec.europa.eu/commission/presscorner/detail/en/QANDA_...Apples iMessage is also currently evaluated. In a total coincidence Apple also announced recently that RCS support is coming.
So Google can't just make an EU subsidiary that never makes a profit and thus the fines don't have teeth.
It's the global turnover of Alphabet Corporation.
Not that it'd work, but might be amusing.
The next generation of runtimes (wasm for example) have this built in out of the box.
For corporate managed devices, sure. But for personal devices?
If you're happy with the defaults... don't ever change the defaults!
But someone else being able to make a different choice doesn't decrease your happiness.
It's no different than "I want a folding screen iPhone" or "I want an iPhone with a bigger battery/screen/camera/whatever". A year ago I'd say USB-C iPhone. "Just get an Android" or more generally "why don't you leave" is a fallacy that doesn't actually address any criticisms: https://en.wikipedia.org/wiki/Ergo_decedo
Every year, the EU’s economic importance declines, partly due to stunts like this one.
So at some point (far in the future unfortunately), their diktats will simply be ignored.
On desktop, I have a keyboard, a big screen, and more time. I'm sitting down to work on the computer, so having to pay more attention to it is completely fine (for nerds like me). So the walled garden approach feels more restrictive than empowering in this context, at least for me.
But you don't have to wait, right??
All the innovation is happening outside it.
A year from the release of this capability, EU users will have 20 additional app stores on their phone. Each will be sending notifications, coordinating "enhanced user tracking" between their apps and partner apps, advertising additional 1st- and 3rd-party products, performing background tasks like polling for updates, etc.
Paradise!
Someone has enough knowledge of human brain to explain this form of life way of thinking?
"Others apps will stay outside to avoid Apple review process. Bugs and deliberate surveillance will run rampant. "
Yup, exactly, but...only to people that choose to actively use these other app stores. If these secondary app stores do not attempt to verify and defend against malicious apps, then they will hopefully be branded as such. For those that choose to continue using them, I have a very tiny violin here ready to play a song of sympathy.
> The threat to competition that is claimed to be posed by AT&T in this industry is that, through the use of cross-subsidization and customer discrimination, it will use its power in the interexchange market to disadvantage competing electronic publishers. While the possibility of cross-subsidization is as remote here as it is with respect to other subjects considered herein, there is a real danger that AT&T will use its control of the interexchange network to undermine competing publishing ventures.
Sounds familiar, I wonder how things ended for Ma Bell?
For a while, they were broken up into the baby bells. Then, one baby bell started buying up all of the other baby bells and renamed itself ATT. Clearly, that's a totally different company than AT&T. So, ultimately, nothing.
The new comglomerate of "baby bells" isn't even the biggest Telco provider in the USA, let alone the biggest company in the USA... let alone the biggest in the world.
On the other hand, if consumers want Apple involved, they wouldn't leave the app store, they wouldn't download the app, and the app will fail when there's no users.
Someone who loves Zuck products and finds them indispensable, but still underhanded and despicable in terms of user abuse (surveillance, manipulative feeds, no socially healthy ad-free no-tracking neutral-feed for-pay option …), has reason to dislike Mr. Meta.
Unfortunately, reality is rarely as a la carte as we all might wish.
So don't. It's your choice. The benefit is that those who don't mind, will also be able to exercise their choice.
Why do you think you will be unable to download FB, IG & WA from the App Store?
Now imagine those companies paying a percentage off the top for app store in-app purchases when there is an alternative that doesn’t involve that percentage.
Facebook and Amazon have both tried (and failed) to make their own phones. That’s how much they want to control the entire UX. Of course they would funnel people to their own app stores.
Hell, app stores themselves are places to sell ads and other apps, Apple has proven that.
So why wouldn’t a company with the developer resources and monetization potential of Meta or Amazon create their own app store?
Sure, Meta could demand that people install their super-extra-spyware version of Instagram from the META STORE instead of Google Play. But, what they'd likely find out is the same thing Epic found out when it tried to found its own store: most users just don't care enough to install stuff from third-party stores, and generally won't bother.
Maybe, maybe not. Android didn't attempt to destroy their business though, whereas Apple did (and then turned around and introduced their own, non ATT compliant ad system).
[1] https://news.ycombinator.com/item?id=39013192
(Actually, they're one of the few people that could make a store like that work, dunno if they'd want the distraction but it might be worthwhile for the ads business).
Because that is an incredibly excessive alternative. Instead of just duplicating their app to a third-party app store run by someone else, you're assuming that Meta will go to the effort to create an entire ecosystem that they then have to manage. They would have to ensure that each app on the store is on the up-and-up and hire an immense amount of staffing for that sort of thing - moderation, development, backend support, customer support, yadda yadda. Not only do they already struggle to control the narrative around content moderation on their platforms, but now they've gotta work on preventing malware from being installed on folks phones, too?
It's way too extra, when the much more affordable option is to drop a Meta-preferred alternative onto a third-party app store that already exists. Yet they haven't even bothered doing that with something like f-droid, so I'm expected to believe that they're just going to jump to the more cumbersome option of opening their own store? When the average end user will just use the default store that comes installed on their phone?
I don't buy it. And I say this as someone who is very much in the "Fuck Zuck"/"Meta is trash" camp.
They still do since, you know, they make the OS on which those apps would run.
I bought an iPhone, in large part, for the security and convenience of all apps coming from a single verifying source.
Now it’s going to become the same Balkanized nonsense that Android is.
Thanks, Europe.
like this person feels like they are being force fed this thing?
The generation of my parents (60s+) is generally not hugely tech savvy. They remember the days of windows XP well - endless viruses, trojans and expensive security software. One of the reasons iPhones are so popular with this group is they let them use the web without fear of dealing with that again.
>They will be effectively forced to download apps like WhatsApp and Instagram from wherever Meta puts them
So, what's the connect? You've started with big scary viruses and ended up with WhatsApp?
For them it is a major feature of the iPhone that you can download any app with complete impunity. No need for $150/year antivirus (for those big scary viruses windows used to get absolutely riddled with). No need to worry it's going to change your default search engine or start mining bitcoin. You know when you download something from the App Store it has been through some level of vetting. I'm not sure why so many people here are wilfully blind to this use case.
Also, the reason I specifically bring up WhatsApp is that we know Facebook will take ridiculous liberties given the chance - remember Onavo?
So you think to improve the security is to make the problem even worse by having more installable unchecked ransomware on the iPhone.
Really can’t wait for the flood of sideloaded malware and ransomware that made Android phones the insecure toxic hellstew that it still is today; on the iPhone. /s
You're not describing an honest "use case", so there is nothing to be willfully blind about
It did not happen on Android.
and there's where the wheels fell off the bus with your argument. so many non-adults are using devices and downloading content. if their friends are using a non-Apple store and all using an app from there, they will follow. we'll see what kind of parental controls any 3rd party app store provide. teens will absolutely look for ways to skirt anything their parents are using to limit them. it's just part of being a teen.
When I helped him out, he had 3 different SMS apps installed.
You are essentially assuming everyone has the same level of survival skills to survive the technological wilderness as yourself.
Most of humanity would just end up as prey.
The walled garden keeps predatory behavior out.
Your average person does not have “computers” as a hobby.
In the same vein, I’m not going to give you shit that you don’t know how to change your spark plugs off your head even though it’s so basic.
This is a strange argument, given that Windows XP is more than 20 years old, and the problem already went mostly away 20 years ago, when Service Pack 2 came out.
In any case, the problem has long been a thing from the past. Moreover, I don't see anyone complaining about modern Windows or MacOS computers which aren't locked to an app store. So your explanation doesn't make sense.
I think the correct explanation is much simpler: These people are Apple fans, and fans will, occasionally, be irrationally loyal. Like PlayStation or Nintendo fans.
Do you honestly believe they wouldn't? If so, I have a bridge for sale
I seriously doubt that the EU would allow such behavior.
The same mindset that appreciates the "simplicity" of removing all the connection ports from a device.
Before US took a stance on App Store, they also wanted Apple to lobby the US Goverment to sanction any country that threatens Apple. Including pulling out of NATO.
A lot of these only died down ( a bit ) once the US Government took an official stance against App Store monopoly.
What does this "stance" amount to, given that the App Store monopoly continues to be perfectly legal in the US?
Yes, Apple takes 30% for "protection."
The fact that the closest comparison people have to the App Store racket is a sovereign government (the most powerful entities on Earth) is a pretty bad sign from an antitrust perspective.
"This app came from a third party, it can download all your private information and has not been reviewed by Apple".
Pop a warning every single time it accesses contacts or location, don't allow third party apps outside the App Store to be granted ongoing permissions to anything, etc.
They can still do a lot to make the third party App Store experience much less appealing to developers than the App Store path and still be within the letter of the law. And I'm sure they will.
(amusing side note, every time I write App Store autocorrect keeps capitalizing it for me)
But then why wouldn't EU later consider those high-friction "warnings" and security firewalls to be anti-competitive because it doesn't let 3rd-party apps be on equal footing as Apple's Official App Store?
Is there precedence from previous rulings analogous to this Apple situation to predict what EU would pursue depending on how Apple follows the "letter of the law" instead of the "spirit of the law"?
Why would you consider it "anticompetitive"? I think Apple has a good claim that this is a factual statement that is used as a security warning as a core OS feature.
Google have something like this when you sideload (or allow sideloading option, don't remember exactly when you get these warnings) and EU did not consider it "anti-competitive" (at least yet).
I would hope that the technical protections protecting user data apply to all apps and not just apps that come from Apple's store. If an app from the store wants to access your contacts or your location, the user has to approve it. Should be exactly the same with side loaded apps.
Vender lock in such as a core operating system feature that can only be accessed with Apple approved apps would be blatant anti-competitive behaviour.
> Google have something like this when you sideload (or allow sideloading option, don't remember exactly when you get these warnings) and EU did not consider it "anti-competitive" (at least yet).
The EU and the USA have both found those warnings to be anti-competitive. In the EU's case, they have the same deadline as Apple to fix it. In the USA, Google was recently fined several hundred million dollars (and will also be required to change the alerts).
I'm sure there will be some warnings, but it they will have to be reasonable - such as "[Name] is an app you downloaded from the internet. Are you sure you want to open it? Safari downloaded this app today from [Website URL]" - that's the message you get right now side-loading an app on a Mac, I think it would be hard for Apple to justify anything more "scary" than that.
What I'm saying is that it already happens for apps from the App Store, where it asks you to allow access to contacts for example. But one of your choices is "always allow". I'm saying for third party store apps, they remove the "always allow" option. Make you approve it every time, to remind you that it's happening.
I do not know EU's Digital Markets Act Laws in detail but I can't imagine that such discrimination would not be in breach of them. I would frankly see that as an unacceptable and unfair measure. I want to use my iPhone like my Mac without artificial annoyances.
> this app came from a first party, it can download all your private information and has not been reviewed by a third party
I have never seen such a warning. Even if it exists it must be very non-intrusive, otherwise I would remember it.
Now it's related to a permission per app, you need to give permission for each app to install others. Eg the browser with which you downloaded an APK. Or the files app you used to open it. Or F-Droid's store app. The lecture is gone through. But you still have to grant it explicitly.
> Pop a warning every single time it accesses contacts or location, don't allow third party apps outside the App Store to be granted ongoing permissions to anything, etc.
You bring up an excellent point, but that's a technological issue that should be solved with technological barriers.
An app shouldn't be able to download any private data without explicit user permission, but these restrictions should apply to every app, regardless of where it comes from. To be more specific, users should have complete control over every permission and have an easy way to audit their usage.
Sane security models don't rely on some app reviewer magically catching malicious behavior in an opaque review process where they don't even have access to the source code, much less the ability to review it in detail.
Sideloading should be an officially supported mechanism and safely allow any app to operate within the confines of the existing sandbox. Jailbreaking is more like taking a sledge hammer to the sandbox and other technological barriers, once you break them down, privacy and security can't be guaranteed anymore. It's why I stopped rooting my personal Android devices.
What I'm saying is that it already happens for apps from the App Store, where it asks you to allow access to contacts for example. But one of your choices is "always allow". I'm saying for third party store apps, they remove the "always allow" option. Make you approve it every time, to remind you that it's happening.
Digital Markets Act, Article 13. Anti-circumvention
"The gatekeeper shall not degrade the conditions or quality of any of the core platform services provided to business users or end users who avail themselves of the rights or choices laid down in Articles 5, 6 and 7, or make the exercise of those rights or choices unduly difficult, including by offering choices to the end-user in a non-neutral manner, or by subverting end users’ or business users' autonomy, decision-making, or free choice via the structure, design, function or manner of operation of a user interface or a part thereof."
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32...
Users very quickly learn to ignore warning popups. It's why you end up with flashlight apps that can access your contacts with millions of downloads. This "fix" almost never works in practice. It didn't work in 2006 when Microsoft introduced it in Vista w/ UAC, and it's not going to work 18 years later where users are even less technical.
Such things were present in Windows since Windows 95. I had some friends who only pressed cancel, without reading, which led to funny things.
I mean, some of the beauty of another app store is that apps don't have to obey apple.
Or... they could popup warnings for apple telemetry, or disobey apple APIs, or "fix" the dark patterns apple has introduced.
Apple phones home all. the. time. They think "anonymized telemetry" is ok. Apple lets apps have unfettered internet access. Remember how the control panel buttons for wifi/bluetooth just disable them temporarily? etc.
Also, those issues never came to pass on Android which has this feature since the beginning.
In fact I would trust apps from F-Droid a whole lot more than those "reviewed" by Google on the play store.
I'm not sure that's going to fly. My understanding is that the DMA, like the DMCA, applies to EU citizens wherever they happen to be.
Surely in reality that will mean if your account/device is set to the European region.
DMCA is a US law also, GDPR, working time directive, or something would have probably been a better example to go with.
Much like how Spotify has been painful to use the past 10 years, compared to Apple Music, for example. AirPlay did work in Spotify, but not natively on the HomePod like Apple Music, etc.
You can't expect Apple to integrate every music service on the HomePod and I don't see how that's related with the App Store. If you want Spotify there are lots of other speakers with Spotify connect and no Apple Music - should they be regulated too or is it just about punishing Apple?
Why not?
It’s already possible to do this _now_, the limitation was just another example of Apple crippling competitors… (Spotify has not implemented it in their app yet, but other music apps have.)
You can also now set the default Music app HomePod/Siri will use.
Luckily EU regulators and others are stepping in to stop Apple in this anti-competitive behavior.
Technically, they can provide a standard interface and registration for music apps to comply with.
Legally, if EU believes iPhone via Airplay is being used by Apple to give Music unfair advantage over competition, they can require this or ask Music to be split in a different company.
https://developer.apple.com/videos/play/tech-talks/10854/
https://developer.apple.com/videos/play/wwdc2019/207
I can kind of understand why they have "given up" though, after all of Apple's anti-competitive behavior. This won't change, so It's just not worth the effort.
Will developers have to submit to the Apple Worldwide AppStore that excludes EU countries? Then submit a separate build to the Apple EU AppStore?
Is that true? I thought it is one app store, they just filter the content according to your region, language, etc. After all I don't have to install another app store app (unlike Amazon shopping which has different apps for different regions) when I go to another country.
This is kind of subjective isn't it then? I can argue that any app that shows different content to different users is actually a separate app for each user, since all the data is "segregated in the backend". IMO the proper measure of this has to be the user-facing actual app. Not some abstract concept of an app in the backend.
Their strategy is to reduce the economies of scale that you can achieve, and thus make them less attractive since as a developer you could not sell as much on those app stores.
I have five accounts in five different countries, from a time in my life when I moved around more. Two of those accounts are in countries within the EU, but they're not "EU App Store," they're specific to the nation in which they were opened.
Maybe the two EU accounts will be merged into a new EU Store. Or maybe that's a bad idea since history has shown that nations and join and leave the EU a lot more often than anyone anticipated.
I hope this solves it.
A phone is like a PC just that its locked boot loader, locked operating system.