Hacker News new | past | comments | ask | show | jobs | submit login
EU approves legislation to regulate Apple, Google, Meta, and other tech firms (macrumors.com)
691 points by marcobambini on July 5, 2022 | hide | past | favorite | 900 comments



There's several very good provisions in this legislation (3rd party payment processors, non-preferential treatment for 1st party apps), there are several that have a mix of upsides and downsides (sideloading is one--I personally like knowing that Facebook can't ask people to sideload some privacy destroying crap on iOS).

Then there's:

- Allow developers to integrate their apps and digital services directly with those belonging to a gatekeeper. This includes making messaging, voice-calling, and video-calling services interoperable with third-party services upon request.

- Give developers access to any hardware feature, such as "near-field communication technology, secure elements and processors, authentication mechanisms, and the software used to control those technologies."

Apps will use near-field communication technology and other mechanisms to track us (consider how many device related APIs have restrictions in web browsers for just this reason), and I think it's credible that the interoperability requirements are going to be used to smash end-to-end encrypted messaging. You can have a decentralized end to end encrypted protocol. Can you retrofit every existing messaging service to use it in the short-term? Probably not.

As an end user, the things that give developers maximum freedom are not necessarily the things that let me use my device with maximum freedom. I support people who want a FOSS device that is in no way locked down. I just don't want that, because I don't want to play systems administrator for an always on tracker in my pocket.


Can we stop pretending that Apple has the users best interest in mind? They just want to be the gatekeeper for lucrative applications/functions so they can charge for it. That they somehow convinced apple users that it's somehow in their interest just shows how good their marketing is.


Apple is a company, and it’s interested in making profits. Right now, its methods of making profits are slightly more aligned with what privacy conscious users desire than some other companies’, and that’s good.

Apple absolutely needs to be checked in other ways—-the fact that it’s selling advertising while setting policies that hurt other advertisers stinks to high heaven. Let antitrust rake them over the coals for that.


I don't agree with the second paragraph at all.

Apple sets a restrictive and privacy-centric set of rules for advertisers, which it then follows. The fact that this is a problem for other advertising companies is an indictment of those companies and their bleak surveillance-enabling business model.

Contrast this with the "use WebKit or go home" rule, which, like it or not, is favoring Apple's product over others. It's not like these advertising policies are "be headquartered in Cupertino", it's "if you want to track our users you must ask them first".


Exactly. This is the popup for app store personalized ads[0], which is a full-screen popup that forces you to choose one or the other before you can access the app. It's super transparent and easy to decline the personalization.

0: https://videoweek.com/wp-content/uploads/2021/09/Apple-permi...


I wonder how many people actually register that there are two buttons at the bottom? It's very obvious to power-users like us since we're used to

  [ Accept ]     Cancel
at this point, but I can only imagine the borderless design for the secondary button originating from a dark pattern.


The entire iOS operating system works that way now.

I dislike it. I think buttons should be buttons. But this isn't a special case, so unless you consider every instance of two buttons looking this way a dark pattern, this one isn't either.


> unless you consider every instance of two buttons looking this way a dark pattern

The entire point of this pattern is to guide the user into a "default" option so using it for anything where the user is suppposed to provide informed consent is a dark pattern. The only places where it is not a dark pattern is where default choice actually aligns with the interest of the average user and I think that is hard to argue for a choice whose purpose is primarily to be allowed to better manipulate the user into spending more.


That pattern may be reasonable for "Are you sure" kind of requests for actions that the user explicitly wanted - because then there really is a sane default; we expect the user didn't click on some button by accident. But it's not reasonable to portray questions that are asking the user to agree to something they did not explicitly want; that's just trying to trick the user to make the annoying popup go away by clicking the big button. There's no sane default here, so none should be preselected (and ideally, the layout of confirmation dialogs and agreement dialogs would not be identical in the first place).

It's a dark pattern, and I really doubt it's accidental.


Personally I find it subconsciously mirrors how we interact with classic HTML.

A button posts, a link gets.

As a step in the device setup, the button infers some form of enablement or configuration while a link is perfect for skipping.


That's a reasonable perspective that I hadn't considered, and probably makes even more sense to people who barely used/use desktops in the first place.

I still don't like it! But I also never had any trouble using it. Except Apple Music. Don't get me started.


The only button they provide is for accepting ads. To say no, they provide a link. That's a dark pattern.


That is at most a slightly shadowy pattern, it is the equivalent of saying "please select this one".

Darker patterns would be a preselected checkbox with a ok button or a default consent with a "go to settings to update your selection".

This is a "Personalized Ads" popup with an On and Off option, it looks pretty ok to me.


The bottom one isn't a button?


It doesn't matter what you call it. It doesn't look like a button to the vast majority of non-techies. That makes it a dark pattern.


What's the one for third-party apps? How different is the wording?


Apple have repeatedly refused to confirm that their ad system is compliant with the ATT rules.


Which ad system? Their programmatic ad inventory does not support tracking, as anyone who has access to developer ads can confirm.


Forgive my ignorance, but how do we know that Apple doesn't track more data than they provide to developers?


If you ever interview apple developers for other companies, or just inspect what is being sent to apple's servers constantly from their devices, you'll realize that apple is recording A LOT of very private info about their users.

Apple is very much a 'private from everyone but apple' company, they smartly just don't talk about it out loud. For their high level apps like TV and such, have things like privacy review. But their security, activation and map parts do record a lot of info.


Block all traffic to Apple at the router, except (e.g. use a different SSID) when you need to perform OS/app updates.

Apple kindly publishes IP exception lists so you can still receive notifications, while blocking the rest of 17/8.


Maybe that will work in practice but you have no way of knowing if it does. There is nothing really preventing Apple from sneaking tracking data through the notification channel (not to mention that centralized notifications are already a juicy opportunity to profile and track users) or retaining the data and sending it off when you do OS updates. Once a company has shown willingness to go against your interest you can't really trust them. The only real solution is to use software that respects you and increasingly that means only open source software.


All true, but less bad than competitors Google and Microsoft, which do not offer comparable segmentation of notifications and telemetry.

Since notifications are user-visible, one can audit for unexpected, non-notification traffic to Apple's advertised notification-only IPs.


Apple colluded with Google when it suited them before, I cannot see a reason to trust them any more than Google.


No large corporation should be blindly trusted.

If a large corporation officially advertises to enterprise customers a bounded, testable claim (e.g. traffic to these IP addresses is limited to notifications), then that claim can be subject to ongoing audit by the IT teams of multiple, independent, enterprises.

Verified accountability is far superior to trust. Step 1: vendor corporation makes a bounded, testable, claim.


This question is quite ambiguous about scope and definition. In the context of Apple’s tracking protections, tracking is defined as sharing identifiable information about a customer for advertising or marketing purposes. Nothing more, nothing less. Apple could collect all the information they wanted to about you from all their various products and services, and that wouldn’t be tracking. Under this definition, data they don’t make available for advertisement targeting or attribution isn’t tracking.


This is a great point. You could probably sum up Apple’s strategy as “capture the most lucrative market through initial quality/vanity, learn more about it than anyone else, then ring-fence it and protect it.”

They aren’t a monopoly as long as you don’t consider income demographics.


I think is whole platform-holder strategy is where antitrust legislation needs a significant update. We must recognize the inherent platform lock-in and the effective monopoly over the platform even if there are other platforms that the users could theoretically switch to and regulate the platform holders accordingly. Anything else would be akin to ignoring a monopoly just because alternatives are available in a different town or country.


It's easy to play by the rules when you're the one writing them.


This is only a criticism if you enumerate the deficiencies with the rules you believe are only justified by self-interest.


The linked article lists a bunch of those. Most of that bullet-point list of required or conversely prohibited behaviors apply to Apple. And all of those are justified only by self-interest.

Incidentally, that doesn't mean the alternative has to be the wild west - that's a false dichotomy. Controlling access is fine; it's simply not fine that it's the platform that holds exclusive sway, especially if the answer is "only if we're the ones providing that app."


This thread is about Apple’s privacy rules for App Store developers, and it’s not plainly obvious which items in the EU proposal enhance those protections at all, but the person I was responding to was insinuating that those protections have self-serving flaws.


Is that distinction really helpful? The App Store has _rules_ some of which relate to user privacy, and some of which are in a grey area, and some of which don't relate to user privacy. Is needing to use Apple's payment provider a privacy protection? If you squint just right it might be.

I'm sure there are some subset of app-store rules that taken by themselves, without the context of the other app-store rules are not self-serving. But that doesn't mean the rules overall are - and that's the reality that competitors need to deal with. Unlike apple, they can't change the restrictions they need to comply with. Both in actually immediate sense, and in a more meta process sense Apple has an unfair advantage they can and do exploit to extract tolls from the interactions between users and third-party providers.

The fact that some of those protections also protect user privacy to the extent the user stays in Apple's walled garden is almost akin to blackmail: rather than trying to protect the user's privacy regardless, they've tied the user's privacy to the Apple ecosystem. It's all or nothing. Would be a shame if anything happened to that privacy of yours - are you sure you want to leave our walled garden? There aren't any other curated gardens (we made sure of that!), and your device unfortunately has no way to safely and conveniently opt in to risks worth taking, so it's our way, or the wild west out there... oh, and if you really want the wild west, we'll take your hardware too, you'll need to use android, and we use obvious UI patents to ensure it's inconvenient to switch a lot.

It doesn't take an evil, machiavellian plan to end up in a situation in which the rules are so slanted in Apple's favor. All it takes are lots of tiny by themselves reasonable features - but steps that are always tested against Apple's interests, since those get a voice in the decision-making process, and rarely tested against third-party interests. It may well be that Apple was well intentioned in its privacy rules, and that those rules truly do protect the user - yet still have those rules stifle competition in a way that also harms the user down the line.


100%


That’s not what people are saying though. Whether or not apple cares about its users is completely irrelevant. The question is whether apples incentives align with its users better than other tech companies. The answer pretty clearly seems to be yes, apple makes most of its money by selling hardware, their incentive is to make a product people enjoy. Competitors make most of their money selling ads, their incentive is to lock users in while maximizing the number and effectiveness of ads served.


> their incentive is to lock users

All good apart from this. Apple does this magnificently, ie closed hardware protocols. For example there are significantly better earphones than airpads pro (and some cost +-same), but good luck getting same level of integration over apple's proprietary protocols.

While rest of whole universe at least tries to adhere to open things so we users have freedom in how we design & evolve our electronic setup, they have basic support for stuff like bluetooth and superb for their proprietary protocol. If some random chinese company can make seamless aptx hd integration with their buds, so can apple. But it won't.

Thunderbolt vs USB. Again whole world vs Apple. It required... who else than our sluggish EU to come up with way to end this cable madness that would otherwise continue forever. Seen enough 40 euro frayed cables for one lifetime. For me this was a one of few breaking points between Iphone 13 pro max and Samsung S22 ultra. I am currently very happy user of the latter. That's hardware lock-in like hell.


> Thunderbolt vs USB. Again whole world vs Apple.

WAT.

Maybe you mean Lightning vs. USB? Well, it turns out that while a whole committee was designing 15 different and confusing standards over the past 20 years, Apple designed two, and they work.

Now it's suddenly "Apple vs. the world" because the USB committee managed to spit out a semi-functional spec that ... Apple was the first to actually go full in with their desktop offerings, pissing so many people off.


Apple was involved in Thunderbolt from the beginning (and from all accounts was a major driving force for Thunderbolt in the first place) and is part of the USB-IF. The only time it lagged in adopting a new USB version was because Intel was dragging their feet for USB 3.

Some people just cannot understand that they have different strategies for desktops/laptops and mobile phones and go with “Apple walled garden bad”.

> Apple was the first to actually go full in with their desktop offerings, pissing so many people off

And also more or less designed the connector, apparently.


Umm, Thunderbolt was developed by Intel, in cooperation with Apple. And IIRC, Apple is a member of the USB consortium. Too bad design by committee sucks and has led to the disaster that is USB-C.


USB Type C is the connector and isn't a disaster. You could argue lightning is a better connector, but it's not _that_ much better. Thunderbolt 3 and 4 use the USB-C connector.

The USB naming of the protocols:

USB 3.0, USB 3.1 Gen 1, USB 3.1 Gen 2 -> USB 3.1 Gen 2 x 1, USB 3.2 Gen 1x2, USB 3.2 Gen 2x2, USB4 Gen 2x2, USB4 Gen 3x2

is ridiculous without even getting into the complexity of the protocol


I think USB 3.0 being renamed into USB 3.1 Gen 1 and then into USB 3.2 Gen 1 into just so that manufacturers can market their devices with the latest USB numbers should really count as false advertising.


> Apple is a member of the USB consortium

Apple is also a member of Khronos (and so is Microsoft btw) yet decided to push their proprietary API instead of working with open standards.

Membership in a standards organization makes just as much sense for a company competing with the standard as it does for one embracing it.


> member of Khronos (and so is Microsoft btw) yet decided to push their proprietary API instead of working with open standards

Which open standards? If you mean Vulkan, then it appeared in any viable form three years after Apple released the first version if Metal.

And Vulkan itself was donated by AMD because they couldn't figure out what to do with otherwise proprietary Mantle.


"They just want to be the gatekeeper for lucrative applications/functions so they can charge for it."...on the platforms that they have developed, invested in and are maintaining, which also don't hold a market majority around the world.

"...they somehow convinced apple users..."...by making a product that fits Apple users' needs in a market that always had lots of competition, meaning that those who for whatever reason didn't want to use Apple products could always pick anything else.


You don’t have to be the market majority for your actions to be anti-competitive.


That's not the point. "Anti-competitive practices are business or government practices that prevent or reduce competition in a market.". The point of me mentioning that Apple is not the market majority was to emphasize that even with their current positions, Apple isn't capable of effectively reducing competition in the market of electronic devices, as is already proven not by legislative bodies but the market.


Just because there is someone with more market share than you does not mean that your actions can't squeeze smaller players than you (or, more commonly for apple, squeeze players in adjacent markets. See: Spotify vs Apple Music).


True that. "See: Spotify vs Apple Music". Considering that Google has their own streaming services and takes same 30% cut, i truly wonder why Spotify didn't address their "anticompetitive practices".


Looks like Google has been offering concessions:

https://variety.com/2022/digital/news/spotify-google-billing...

And previously Spotify and Netflix had a loophole on the Play Store:

https://www.cnbc.com/2020/09/28/google-to-enforce-30percent-...


I thought Apple was the more profitable platform however, also to develop for, which would imply that anti-competitive practices could deform the market because developers would be forced to bow to Apple since that is where the largest part of their profits would be coming from?


Considering that the definition of "anti competitive practices" is beyond stretched at this point, it's safe to say that those very practices are one of the reasons iOS is profitable for developers: they don't need to worry about piracy as much as they do on Android, because Apple learned the key lessons of phone manufacturers of the past.


> ... one of the reasons iOS is profitable for developers.

Is it profitable for many developers?

Was under the impression that making decent money was possible years ago, but in recent years it's not real profitable for the vast majority of devs.


For those who still serve "premium" apps it is (e.g gaming or industry specific applications.).


They don’t want to reduce competition in the market of electronic devices. They are in the business of service relationships with people with lots of disposable income.


A big case in point is Apple Music.

Apple turning the Music Player app in Apple Music allowed them to catch a huge part of the market that had never interacted with music streaming before. Extremely anti-competitive. IMO when they did that they should have immediately been forced by the EU to instead show a pop-up that also gave the option for Spotify, Deezer, Tidal etc.


And immediately cancel any revenue they take from competitors.


While I agree that Apple had a severe advantage in the case of Apple Music, it's also pretty clear that the advantage manifested because consumers who would otherwise be unobtainable were enticed to buy into the offering. It was an uncaptured market.


As a byproduct it does give a measure of privacy so what's it to you if apple users just don't care about your idea of freedom? I hope this European legislation at least lets apple customers opt-IN to these new features or choose the old way of doing business. I would prefer to keep access footprints to a minimum to stuff like NFC, contacts, hardware APIs, apple pay, etc on my phone.


In theory you already have the choice of opting-in by choosing not to install apps that utilize NFC, hardware APIs, other payment processors, etc.

But that's if nothing changed. My concern is that if companies are given the opportunity to have their own stores, and their own payment processors, we're going to end up with de-facto-forced-install of a store and acceptance of terms, and it favors companies that already have a strong presence in the marketplace. I might want to use WhatsApp, but now I need to install Meta's store, and I'm required to give it access to a blanket set of permissions.

And guess who doesn't have the power/influence to get you to install a custom store: The small devs, the new entrants, the challenger apps.


I absolutely agree that corporations and their apps need to be kept in check, but giving one for profit company with its own motives control over that is not a good solution.

Better would be

a) to give the user control over permissions in a way lets them deny ALL permissions without the app being able to know that it was even denied the permission wherever that is remotely possible and

b) to restrict what what market leaders can get away with which should not just apply to Apple but also to hugely popular apps

c) to require interopability from social networks and other communication platforms to counter network effects.

The entire tech space is still a wild west in what corporations are allowed to get away with and eventually what will need to change if individuals are to retain any control over their digital lifes.


Apple is not forbidden by this legislation from providing a user-controlled sandbox.


In the EU privacy is assured by actual legislation in the form of the GDPR, and I expect Apple can get away with demanding compliance with that set of laws before putting something in the appstore if they really worry about privacy.


And you think words on a piece of paper are going to be enough? You can't legislate privacy into existence if you're constantly broadcasting all the data yourself. It's better to not broadcast the data in the first place, but that's not the route we've chosen.


>Somehow

Perhaps by creating products that their users actually don't hate using.


It's not binary, one company can be worse than another.


If you're going to level this accusation about what Apple supposedly "wants", you should at least have the common courtesy to support it. In any way. At all.

Or just admit it: you're making it up, especially the part about what Apple "wants". And the part about what Apple will supposedly charge for.


>Can we stop pretending that Apple has the users best interest in mind?

Well they did, at least during Steve Jobs's era.


Jobs didn't want apps on the iPhone at all and later insisted on having the App Store being the only way to distribute apps.

The only reason why we attribute today's Apple as "greedy" and not Jobs-era Apple as such is because you have fonder memories of him. Also, Jobs was a master of the reality distortion field and could explain things easier than today's Apple could. But none of that changes whether or not locked down devices are anticompetitive or not, just whether or not Apple's own fans are complaining about it.

Furthermore, there are pro-consumer justifications for Apple's uncompetitive behavior. In fact, that's Apple's whole defense against the antitrust inquiries it faces: the digital warlord's walled garden is for the protection of its serfs, and if the serfs don't like it they can surrender all their property and swear fealty to another digital warlord.


People seems to equate everything that Apple are doing today originate from Jobs. And therefore every single sin ( if you call it so ) means it was also Jobs idea.

What people dont realise it was the best model at the time. While Jobs approved the iPhone 6 design ( or a "bigger screen" iPhone ), he died during the iPhone 4 era. When Apple was about to repeat the same mistakes as it did in the 80s /90s.

As if Steve made iPod to only buy or listen music on iTunes. He got rid of Music DRM, single handedly.


You probably meant Wozniak, not Jobs.


It's not that Wozniak wished users ill, but, for all his technical skill, there's little evidence that he had a particularly good understanding of what users wanted or needed — his post-Apple career is basically marked by flop after flop.

Now, of course, it's all different, and his blockchain surely is going to revolutionize the world: efforce.io /s


Steve Jobs was an asshole who always put money first. But even if you disagree with that, he's been dead for more than a decade. It's time to move on.


Disney buying Pixar made Jobs more money than anything he ever did with computers.


And if anybody on HN actually read Apple's Annual report every single year before the iPod even came out, they would ( or should ) have know how Apple's money or profits works very differently from Steve to Tim Cook's era.


Apple makes peanuts from the App Store relative to phone sales. After they upped the cut for developers to between 70% and 85% and CC companies still get their cut, add customer service and app reviews and it simply isn’t that profitable.

What they benefit from is selling 1,000$ phones at a 30+% profit margin, because for the average consumer they simply work better. Which actually aligns incentives between customers and Apple quite well.


Apple's App store revenue is very substantial and likely has very low overall costs and microscopic per-unit costs relative to a hardware business like iPhone or Mac. Apple paid out $45 billion to developers in 2020 with $64 billion gross, which means they had as high as $19 billion in revenue from the app store commission alone.[1]

Unfortunately Apple doesn't break out profit per category but we know that their net income for 2020 was $58 billion [2]. As far as I'm aware we don't know operating costs for the App store, but I think its fair to say that the portion of the ~$19 billion that is profit is far from being "peanuts".

[1] https://www.cnbc.com/2021/01/08/apples-app-store-had-gross-s...

[2] https://www.macrotrends.net/stocks/charts/AAPL/apple/net-inc...


Apple annual gross profit for 2021 was $152 billion.

That ~19B in 2020 is before CC fees on 64B or internal expenses. App stores have a lot of customer service and charge backs on relatively tiny purchases. Actually reviewing apps isn’t cheap either, and all the relevant IT adds even more expense.

Further they upped the developers cut to between 70% and 85% from the flat 70% in 2020. So sure they might make 3-5 billion from the App Store in 2021, but that’s like 2% of total profits.


Net income is, imo, a better number to use given the sheer amount of R&D that goes into developing Apple hardware that is necessary but unaccounted for in gross profit. further, if we are looking at 2021 their App Store gross revenue went to $85 billion.

> That ~19B in 2020 is before CC fees on 64B or internal expenses. App stores have a lot of customer service and charge backs on relatively tiny purchases. Actually reviewing apps isn’t cheap either, and all the relevant IT adds even more expense.

I don't disagree with any of that, but I don't think its anywhere near 2/3 of revenue after developer split. I don't have any evidence for that because Apple is very secretive about those numbers, but I think level with which they protect that information is evidence on its own. if Apple were making a piddly 3-5 billion on $65 billion in gross revenue they would be screaming it from the rooftops to (rightfully) justify their 30% cut as being reasonable.

> Further they upped the developers cut to between 70% and 85% from the flat 70% in 2020.

the app store is extremely top heavy with top devs being responsible for a huge amount of the revenue. The policy is great for small devs but the aggregate split is probably still much closer to 30% than it is to 15%.


Defending their cut based on expenses is a losing strategy because if they 2 billion dollars or 20 Billion anyone would love to have that income stream. Further stating their actual costs simply invite the idea of competition lowering prices.

Apple clearly wants to profit from the App Store, but just as important to them is maintaining the ecosystem and the mountains of cash iOS provides when change means risk.


at 5%, cc fees would result 2.9 billion. So more like 16B in profit


It strikes me as hard to be believe it's that much - surely Apple does not pay 5% in CC fees. They _must_ have managed a better deal than that...


There is no way that Apple is paying 5% on credit card fees. Average fees paid by merchants are 1.3% to 3.5%[1].

You can bet Apple negotiates hard on that fee. It wouldn't surprise me to learn they are paying 0.1%.

[1] https://www.fool.com/the-ascent/research/average-credit-card...


If transactions are small, like 99 cents, transaction fees can exceed 29%.


And you think Apple can't negotiate that?


Not much, Apple can negotiate with the payment processor but but the minimums are still quite high.

https://usa.visa.com/content/dam/VCOM/download/merchants/vis...


> at 5%, cc fees would result 2.9 billion. So more like 16B in profit

So you assume they can do all the stuff I just mentioned for 0$ and changing their fee structure had no long term impacts on profits.

Also your math doesn’t work out if 5% of 64B = 3.2B, though 25% or 64B is 16B. Not that actual CC fees are 5%, or that their old revenue model is relevant any longer.


Apple makes peanuts from app sales.

It’s those stupid game ISPs they make all the money off. Smurfberries and pseudo-gambling and such.

Ruined the App Store and iOS gaming, but it’s so insanely profitable it will never go away.


A quick Google suggests Apple made 64 billion from the App Store in 2021 of the 378 billion in total revenue.

Some fairly large peanuts!

And that revenue is basically pure profit as it doesn’t require the creation of any actual physical hardware either.


If not stopped it might eventually get tempting or even logical to phase out making things and focus on rent seeking alone.


The profit is more important than revenue.


Is this pre 30% or after? Also: how much does it cost to run the App Store globally? Do have the numbers?


Ya, maybe they meant this article[0]? If so, then it's 60B going to developers, and some quick math there indicates Apple only made 15B from their cut.

> Apple said Monday that it paid developers $60 billion in 2021, a figure that suggests that App Store sales continue to grow at a rapid clip.

0: https://www.cnbc.com/2022/01/10/apple-implies-it-generated-r...


15ish billion isn’t profit. They still need to pay credit card fees, do customer service on low value transactions, actually review apps, run data centers etc.


> how much does it cost to run the App Store globally? Do have the numbers?

I think that anyone who thought about this for even a second would come to the conclusion of "It almost certainly doesn't cost anywhere near the amount of revenue that comes from it".

So the answer is, probably not a lot, compared to revenue.


I dunno… I figure just the bandwidth costs, not to mention data center/cloud costs, for the constant stream of apps being deployed/updated is pretty significant.

I could expect them to be moving multiple terabytes of data per hour.


Its nothing compared to the piratebay.


Hosting torrents takes minimal bandwidth. Apple can’t offload bandwidth peer to peer to phones when people are on limited cellular plans.


Interesting plot twist you have there. No one at Apple ever actually said that of course but if it was true the distribution was made more expensive by preventing the use of apps on desktop computers.

However, anyone can seed from any system and that lots of people have unlimited plans and/or good wifi.

You could have a static store app with the phone manufacturer providing a feed with names, descriptions, pictures and checksums. Everything else could be distributed over a p2p network. Unpopular apps could be slow to download with the developers server having to patch holes to keep the file alive. Popular apps would have usable numbers to hint at their popularity.

Most apps need internet anyway. (Billing wouldn't be a problem.) I see a thousand pages arguing hosting for an app costs between 70 and 320 per month. I have no idea how true that is or how far apps can live from the average.

It does seem logical to assume with a reasonably smart distribution scheme p2p could also reduce that bill for somewhat more dynamic content.

I'm really impressed by how many useful and fun mobile apps were created. In the 90's I thought nothing was worth using on a mobile device. I was very wrong about that.

I now think it is equally wrong to think the 30% is not dramatically reducing interest in mobile development. Personally I wouldn't touch it with a 6 foot pole. I do web apps that are like websites, they have very limited access to the features of the device.

While I applaud these new regulations it is kinda lame it took them this long.


Remember the uproar when Apple wanted to decentralize CSAM detection?

Imagine how loud the screams would be if they tried to decentralize app distribution.


Edit: Yep, I misread this


The near-field communication have a clear reason. Apple was only allowing access to their own banking app as a payment provider in shops. As I understand there was not even a way to get access with any kind of forms or such if you had a competing plastic card firm. That is pretty much the only reason that clause is the legislation.


> there was not even a way to get access with any kind of forms or such if you had a competing plastic card firm

What does this mean? Apple is not a payment processor. The banks sign deals with Apple put make their cards available through Apple Pay, but the payment still goes through the payment networks (visa, mastercard, amex) and the banks.


A example from Denmark would be MobilePay [0] which is the most use payment solution for mobiles in Denmark. They would like to make it possible to use NFC to transfer information about a transaction in shops, but cannot do that on Apple Phones. Instead they rely on QR codes and short number codes for payment.

They cannot in any way get NFC access on Apple devices as it is now.

Another and probably more relevant concrete example of the above is the Danish Dankort [1] which is a national equivalent of visa/mastercard/amex. Again they cannot use NFC for their app. Some banks have signed contracts that allows their users to use Dankort with Apple pay, but it is not all of them yet. I don't know if there is any fee or similar to Apple pay tbh, but if there is then NFC acces should not be monopolized by Apple.

[0]: https://en.wikipedia.org/wiki/MobilePay

[1]: https://en.wikipedia.org/wiki/Dankort


They aren't a payment processor, they are a payment provider. You are correct that most banks have deals with Apple and thus cards are available, but Paypal, Venmo, Cashapp, Google Pay, etc. can't be used as a default payment provider for purchases on the iPhone.

Apple reportedly makes about 0.15% of each purchase through Apple Pay[1].

[1] http://www.macrumors.com/2014/09/12/more-apple-pay-details/


Of course they can’t, because they’re not credit/debit cards. What’s the PoS going to do with a PayPal NFC? Nothing. It’s like complaining they don’t support bitcoin - neither do the stores!


This is incorrect. Paypal DOES issue virtual cards that can do NFC through your phone, the same as Google Pay.


There are lots of payment services that are not credit/debit cards and are widely used (swish in Sweden is another one). All these cannot use NFC on IOS.


Don't you think that's actually a problem?

Apple can dictacte all the conditions and if they don't like anything, $PaymentNetwork will just not work with Apple devices at all with no option to change that by installing another app?


> Apps will use near-field communication technology and other mechanisms to track us

So, then do not allow any apps the NFC permission... problem solved.

The point is, Apple should not be the one dictating what users can and can not use;

Example: on macOS you can disable SIP. 99% of the people i know do not even know what SIP is, nor that this possibility exists. However, if we/Developers/researchers/etc. want it, they can choose to do as they like. Which is really useful.

Researchers should not be limited in finding (security) flaws, neither should users be limited by Apple to use their hardware as they wish.


The main problem is that users can be tricked to do it. Used to happen to my parents all the time on Android. They'd install random apps and the website will "guide" them how to install this app by going to settings and enabling "untrusted developers".

This is my issue with all these devs screaming at apple. Your customers chose a product for whatever reason. Don't like it? I don't care - respect their choices. It speaks volumes to me how much they will respect me and my privacy when they want to optimise for their own profits instead of my XP and privacy.


Not sure I buy the argument.

By that logic, Apple should only allow phone calls from callers they consider trusted, because any call originating from a non-trusted phone number may be a scam phone call, and someone may fall for it.

Do scam phone call exists? Yes. Do people fall for it? Yes. Does apple block all untrusted phone calls, with no opt-out, as a result of this? (AFAIK) No.

(I could also make the same or similar arguments for web pages, music, podcasts, books, movies, or even apps on their other OS and so on... but phone calls seemed the simplest one to present succinctly.)


That was ground already lost by the time Apple introduced a phone. Sort of like how they can’t lock down macOS in the same way. But given iOS was a fresh start they locked it down from the start so they didn’t have to claw that locked down experience back.


> "The main problem is that users can be tricked to do it."

That's because the GUI is badly implemented;

On macOS, your parents would never disable SIP (system integrity protection), because it's quite cumbersome to disable and there are enough warnings and hurdles.

This is already has been reality for years: it is simply not an issue.


What happened to personal agency? Let people make mistakes, you don't need to infantilize them.


young children don't know any better. hell many teens don't. older people get dementia and go senile. Not everyone is tech savvy.

And selfishly I don't want to have to continually be on guard with my phone and worry about "making mistakes". Don't go forcing your world view on a product i have selected in large part because of the restrictions it places on developers, especially when you have the larger android ecosystem giving you it.


You can ask Apple to give you the tools to easily manage permissions, same goes for their parental blocks.


The problem is the older, senile or tech illiterate folk who can be coached into disable the blocks and installing spyware. You don't like it buy an android its literally that easy to avoid if you want the freedom.


Enable the setting to block third-party app stores - something which will 100% guaranteed to be there - and be happy while the rest of us who want consumer choice can also be happy. Win-Win.


that doesn't help the tech illiterate or senile parents who can be coached into disabling it to install spyware. And right now you can just not buy an apple device and have your choice while the rest of us can continue buying apple for our parents: win-win.


You can already restrict apps with a unique passcode today. Will work for senile parents or children.

However, as a sane, functioning adult, I don't have my choice on the iOS platform - I cannot use native Firefox. I cannot make my apps without paying the Apple dev tax. I cannot distribute to my circle.


You have the choice to not buy apple abs just get an android..


People are easy to manipulate at scale. The idea that people are rational agents who can make educated decisions as consumers is deeply flawed. Yes, people _can_ make educated decisions, but more often than not, they don't have the requisite knowledge to make an informed decision. Letting those consumers get scammed because they aren't technical enough isn't a good solution to complicated problems.


With the same logic, setting sane defaults and putting “dangerous” options behind enough GUI options will give you the best of both - no (statistically) people will be motivated enough to press n menus deep for a setting, while the few that want full access to a very expensive device they supposedly own get to use it to its max.


[flagged]


There are middle points in there, before your extreme.


What extreme?

Letting people decide what permissions on their apps is the middle ground.

The extremes are letting Apple decide what you can and can't run on your phone, or letting apps decide what you can or can't run on your phone.

That some people are too ignorant to set phone permissions is their problem. We still sell sharp knives even though people cut themselves all the time. Demanding Apple protect us is the digital equivalent of banning anything sharper than a butter knife.


There's a ton of regulation for knives and everything you can think of, and where there isn't, we call it "the Wild West" and it's not a compliment.


You must be British to think that licenses for knife buying are normal.



So many people in this thread seem to be arguing I should not be allowed to choose Apple’s model as it is today, “for my own good”. The article is about explicitly outlawing parts of their model.

How’s that for personal agency and not infantilising me?


> “for my own good”

No, for the common good. We are all harmed when Apple or Google can decide which businesses will succeed or fail, which apps get censored and which are allowed.


Can us common people get to decide what the common good is, or is that exclusively your choice?

Censorship is something governments do, not private companies selling an optional product.

If the greater good is a free for all app store, then let the greater populace decide that by choosing that product, not by outlawing the alternatives.


> Can us common people get to decide what the common good is, or is that exclusively your choice?

This legislation is the result of democratic process - i.e. decided by the "common people", if indirectly.

> let the greater populace decide that by choosing that product

"The only legitimate power citizens have is that of consumers, not voters." - shall we also decide to only buy from companies that don't use child labor, and don't put toxic chemicals in food, and don't pollute, or are those areas something where legislation is legitimate, while reigning in anti-competitive practices for some reason is not okay?


> This legislation is the result of democratic process - i.e. decided by the "common people", if indirectly.

Do you know that for a fact? The EU is famously opaque to its voters. What is being done in the name of the voters is likely for the most part entirely unknown to said voters. Very likely many more EU citizens have “voted” on this issue in a more direct fashion by buying Apple products. Should we disregard their opinion in favour of the opinion of a few bureaucrats four levels removed from the common people?

> shall we also decide to only buy from companies that don't use child labor, and don't put toxic chemicals in food, and don't pollute, or are those areas something where legislation is legitimate, while reigning in anti-competitive practices for some reason is not okay?

Ehr, yes? Shouldn’t we decide to avoid bad companies? Reminder that this subthread is about not infantilising people. I do believe people make such choices all the time, to avoid child labour and what not. What’s more democratic than a vast majority of people making such choices without coercion?


> Ehr, yes? Shouldn’t we decide to avoid bad companies?

What I clearly meant was if that should be the only defense we have against such companies. Or should we also have things like food and work safety regulations, and anti-child-labor laws.

> What’s more democratic than a vast majority of people making such choices without coercion?

Consumerism is the ultimate democracy, voting for laws and representatives is tyranny...


> Very likely many more EU citizens have “voted” on this issue in a more direct fashion by buying Apple products.

Can you honestly tell what exactly they voted on? I voted for the good hardware and privacy-aligned actions, which did overcome their closed, proprietary-only software’s problems. By your logic, my vote should count towards the latter as a goal.


I can’t tell what the buyers of Apple products voted for exactly, but neither can you tell me what EU voters voted for when choosing their rep.

I mean here we have a law proposed by an unelected body (the European Commission), now being ratified by the European Parliament. The EP is elected (with ~50% turnout) but decides numerous issues (thousands? Tens of thousands?) in an election cycle. When voters elected their representatives how much thought did they spare to walled garden app stores?

Although both are indirect expressions of opinion, buying an Apple product seems to be a clearer endorsement for their model than voting in EU elections by a long shot.


Not sure if it is comparable. If the EU would ban Apple products than sure, but regulating the platform should not be only an Apple-issue. These private companies are so big that they have considerable impact on the public, so I think it is only fair that the public gets a say as well (in the form of indirect democracy, as we don’t have better).


> Censorship is something governments do, not private companies selling an optional product.

Since when? Private companies have exceedingly large powers and they are not chosen in a democratic manner by people at all. Apple could on a whim cut me off from most of my data or impersonate me, facebook feeds false information to whole countries, swaying public opinion.

At least most governments are more-or-less democratically elected.


This is why I've bought my mother in law and my mother (both retirement age) an iPhone SE.

Zero support calls since then. I don't have to worry about them installing some spyware crap on their phone, Apple is taking care of that. All I actually need to do is to educate them not to click on any link in any message, email or SMS. And not to buy anything over the phone.


Apple has a harsher review process for such practices.


> So, then do not allow any apps the NFC permission... problem solved.

So the world of malware, viruses, data exfiltration, phishing etc is "solved ?


> As an end user, the things that give developers maximum freedom are not necessarily the things that let me use my device with maximum freedom.

From the article's list, even the ones that are described with "allow users to" are firmly aligned with 3rd party developer's best interests, not aligned with the end user's best interest. There was once a time when these were roughly the same, but I don't think anyone can agree this is true anymore. It's gotten so bad that I'd guess that the platform owners' interests are more closely aligned with the end user's interests than 3rd party developers. It's more of a triangle though with nobody's best interests aligned.


> I personally like knowing that Facebook can't ask people to sideload some privacy destroying crap on iOS).

No company like Facebook requires app side loading on Android. The side-loading is used for other apps that one way or another couldn't be on Play Store. For example other stores (F-Droid is the most popular with open source applications) or other apps that one way or another are not allowed in the store.

Another example is GPSLogger[1], Play Store makes it very difficult to support older versions or Android. Author got frustrated and just moved to alternative store.

[1] https://github.com/mendhak/gpslogger/issues/849


Smartphones would be far more useful devices and we would have a far healthier software landscape if developers could just access these features and deploy software as is. It is the official provisioned apps through proprietary stores that track users far more than apps you can download and install on other systems. Apple would deny this but they have a clear business incentive here.

Sure, the user would have the responsibility again but it is easy to explain to them that they shouldn't do anything they have no idea about.

> As an end user, the things that give developers maximum freedom are not necessarily the things that let me use my device with maximum freedom.

No, that is usually untrue and the distinction is arbitrary. The exception is malicious software perhaps but this is an edge case. But even with that the user can choose to just don't install software he doesn't know. You can be pretty sure the average FOSS device will track you far less than Apple or Google alternatives and it is not even close on pretty much all metrics. You also don't need to play administrator if you don't want to.

What tracks you is the random H&M app that has access to bluetooth you got provision through the app store.


All that already exists on Android and the negatives didn't happen (with modern android versions), on the contrary. My phone supports multiple payment vendors using nfc. I can have Tasker do magic with my phone etc.


And that's great! but why force apple to do it when it doesn't have a monopoly status in the phone market?


Because it will be a benefit to consumers?

The EU has the authority to create new regulations, it’s not limited to antitrust.


Why not just have EU draw up specs on a phone that apple and android phone companies have to adhere to. Why allow any variance at all? Surely a one size fits everything approach would be best for the consumer, and designed by the EU government brain trust it would surely be the best?


It will not be a benefit to consumers. If I have a choice of an Android phone or an Android-like phone with an Apple logo on it, I don’t have a real choice.


Sure you do have a real choice.

Simply only use the Apple app store and you will have the same phone you had before.


> Simply only use the Apple app store and you will have the same phone you had before.

That's not really true. Apps you need and currently use may well be moved from the Apple app store.

For example WhatsApp. Some people have to use it, not because they want to. Some have to use it for work. One day they may have to install the Meta app store to get WhatsApp, and agree to permissions and access to their personal data that they don't like at all, because there will be no gatekeeping pressure from Apple on WhatsApp to not do that.

Maybe Chrome, the world's only browser by then that most sites are tested on, will require the Google app store with special advertisement and behaviour influencing hooks enabled. Don't like them? No Chrome for you and your banking website doesn't work on your phone.

Maybe the banking apps will move to SecurTrust Special Banking App Store With Device Verify(tm) too.


> Apps you need and currently use may well be moved from the Apple app store

This is isn't the case on Android.

> For example WhatsApp. Some people have to use it, not because they want to.

That's already a separate problem and hopefully also one that the EU will address. Imagine if to call someone you'd have to sign up with the same provider as them. That we allow this kind of mess in the the software world is pure insanity.

Legislation is simply lagging behind technology but that is an argument for updating legislation to deal with the modern world, not for letting a private company play judge, jury and executioner.

> Some have to use it for work. One day they may have to install the Meta app store to get WhatsApp, and agree to permissions and access to their personal data that they don't like at all, because there will be no gatekeeping pressure from Apple on WhatsApp to not do that.

If your work requires you to install something on your private phone that is not completely isolated than that should also be regulated. If its on a work phone then your work should be interested in restricting what the app can do.


No, because apps will be moved to other stores with less strict guidelines on permissions. Meta will for sure do it. They mentioned Apple as a major reason for their poor financial performance, after Apple introduced further restrictions on what they can and can't do. They've also been caught red handed before, and had their enterprise developer account disabled for abusing it to do things they weren't allowed to on end user phones.


And why Apple should be the arbiter of truth in the question? They are free to make the UX for enabling side-loading as inconvenient as they want (I haven’t heard anyone accidentally unlocking dev mode on Android for example), and presumably Facebook is not big enough to overcome that burden, effectively still forcing them to play by Apple’s rules. But why should everyone do so?


Because it's their hardware and software and should be able to choose? They aren't preventing you have buying an android phone


No, a device I bought from them is very much not their hardware, but mine, I should do as I please with it.

And can we just stop this “you can buy android” bullshit? 2 is not a choice, and there are fundamental reasons why a 3rd competitor can’t exist right now, so competition can’t produce a better product, hence we are left with market regulation by governments to not let this oligopoly get away with everything.


> No, a device I bought from them is very much not their hardware, but mine, I should do as I please with it.

This argument falls apart when the “device” in question is a car or PlayStation though? You most certainly cannot do whatever you please with a car for obvious reasons. You most certainly cannot install any game on a PlayStation unless Sony approves it.

More importantly, the pov you hold is a ableist attitude. A device that controls your communications (either to your bosses at work or loved ones at home) or that deals with your financial or health data can become a treasure trove to exploit among less tech savvy users.

A device a “less tech savvy user can do what they please” with is exactly the device that a mobile repair person in a store can convince the user to install BigEvil’s browser because BigEvil pays a commission to that repair person. Or that’s exactly the device the police or immigration customs agents can install spyware as a part of a “security check”.

Tech savvy users can do whatever they please with their devices. Feel free to jailbreak it and forgo any right to future software updates. After all, once you buy it — the device is yours. But you have no right to expect to receive continued support and features in the form of future software updates.


> No, because apps will be moved to other stores with less strict guidelines on permissions.

This hasn't happened on Android so your argument falls flat.


They don't have those restrictions on Android :)


If apple has to drill holes in their hardware/software API for sideloaders, it is not the same. Known CCP agents like tiktok would love to sneak around any "securty/sandbox" and have more opportunities for attack.


Because they have better hardware I would like to use, but can’t on a supposedly general purpose handheld computer I paid a shitton of money for.


> Allow developers to integrate their apps and digital services directly with those belonging to a gatekeeper. This includes making messaging, voice-calling, and video-calling services interoperable with third-party services upon request.

I would think this requirement is satisfied merely by providing a public API / protocol documentation for your protocol, to allow for third-party access and integration, not some weird backend integration that everyone has to support. This would have effects on business models of running chat services for free and it would have an effect on how they handle spam and abuse, but I honestly think both of these changes are likely to be for the better...

Now, I (importantly) have NOT read the actual law text yet, but given the high-level summaries I feel like a lot of people have been worried about this over nothing: having the ability to write a third-party iMessage client would ALLOW someone to build a server-mediated client for it, but I think that SHOULD be allowed, I don't think that in any way destroys the ability to create or use end-to-end clients and services, it would also allow people to build alternative e2e clients and even integrations (imagine a Samsung Android device shipping with iMessage support in their local client) without hurting the existence of end-to-end encryption.


They already do this to an extent[0], but maybe they're trying to make iMessage interop with RCS by force.

0: https://developer.apple.com/documentation/callkit


Let's be real, within the EU the main communication platform is WhatsApp. This is very much aimed there, as that is most definitely not a public API.


This one I can definitely see backfiring for the EU.

Apple will just release a MessagesKit (maybe even an Android version) which will allow third party apps to read/write messages to the network.

Which will simply grow its footprint and promote inoperability.


I am struggling to see how that is a backfire for the EU?


> which will allow third party apps to read/write messages to the network.

I worry that this will be mainly used for spam.


> I think it's credible that the interoperability requirements are going to be used to smash end-to-end encrypted messaging

Why and how?

I already use Signal to handle the plain old, almost completely unencrypted text messages. It has no impact on security of Signal-to-Signal communication.


My take on this is that they want iOS to integrate RCS directly into Messages, given tons of other features are already widely supported by the os [0][1][2]. Google Messages (runs on top of RCS) currently only provides encryption when both sides are using Google Messages, so unless Apple and Google create a unified standard it won't be E2EE.

0: https://developer.apple.com/documentation/callkit

1: https://developer.apple.com/documentation/usernotificationsu...

2: https://developer.apple.com/documentation/usernotifications/...


RCS is such an awful protocol that is seriously going to harm users.

It was clearly designed to allow governments to maintain their ability to monitor user communications at scale.


If Signal is forced to interoperate with e.g. WhatsApp, the end-to-end encryption of one or both will have to be compromised. If the integration is forced, then there’s no barrier for either app grabbing all the info from the other in plain-text.


> If Signal is forced to interoperate with e.g. WhatsApp, the end-to-end encryption of one or both will have to be compromised

Wrong https://matrix.org/blog/2022/03/25/interoperability-without-...


> Facebook can't ask people to sideload some privacy destroying crap on iOS

That is arguably the responsibility of the OS and the user. Lots of ways to do that. Examples: Network, no network access unless use gives permission. App manifest lists up to 10 domains or "all". If "all", user is prompted "App would like to access entire network Y/N"?

What else is there? Camera access? Camera can be multiple permissions (a) User gives app full access (b) User gives app access only when app is active (c) User doesn't give access. Note: iOS already does a good job at this. I don't give the Messenger app access to my camera, nor do I give it direct access to photos, only selected ones.

Same with NFC etc. I'm guessing Apple will come up with clever ways to allow the user to limit access.

Bluetooth, no idea what they do here and I don't know bluetooth but I'd just guess devices have ids and the OS could require an app to list a limited id filter so an app can only talk to devices built for that app unless the user gives blanket permission

I suppose FB can put an app on another store that doesn't run without full access. If user says "no" then app says "can't run". That's fine. I won't run it. Individual stores are still allowed to enforce their own rules. I can't imagine Apple's store to not be the dominate store and therefore apps from it will be safer. (Unless someone steps up to make an even safer store ;)


I haven't read the DMA/DSA, so if this is actually written out in them then I'll happily be corrected here.

The way I see it, the EU probably doesn't really care if Apple keep ALL the restrictions they currently have on their App Store in actuality, as long as options exist on the platform.

So the solution to allowing access to NFC hardware will probably just be Apple opening up sideloading.

I personally hope that Apple implements sideloading in a way that allows those who don't want to use it to keep their device secure, and I'm confident they will.

Regarding the messaging platforms, I'm pretty sure the EU are not going to push us into a situation where E2E is broken, in fact, I was under the impression that the bills specifically required that E2E be maintained.


I'm worried that apps that does not honor user's privacy would just leave App Store and have users sideload their app. Sometimes users have very little choice about whether or not to use certain phenomenal IM/social apps since everyone is using them and it would be a problem if they can now force user to sideload their unrestricted/unaudited version.


Some might try this move, but my guess is that sideloading will involve enough friction that user retention will drop and developers will be heavily disincentivized from relying on it for distribution. In particular I expect that every update will require user action to re-install the new version of every sideloaded app, which is the reason most developers don't go that route on Android today.


Funnily enough that's exactly the reason why Epic sued Google - having to confirm every update and install through a scary dialog box was too anti-competitive for them.

Google responded by... actually, adding entirely new APIs in Android for sideloaded app stores to be able to update already-approved applications without extra permissions or approval. In fact, they even distinguish between "sideloaded app" and "installed app from a sideloaded app store" for security-sensitive things like custom accessibility handlers.

This still doesn't moot all of Epic's case, though. They want you to be able to download Epic Games Store from Google Play - i.e. no scary warnings or anything, just Google giving Epic a blanket sign-off on everything they sign off on. I'm not sure how I feel about this - it reminds me of the total and utter mess that was and is selling SSL certs to competing certificate authorities.


Epic is such a slimy company. They have no interest in users or making the ecosystem better.

They just want to be the gatekeeper so they can endlessly profit from their ridiculous Fornite metaverse concept.


I absolutely agree, and I don't even fault Apple for trying to stop their shenanigans. I just want Apple to lose for entirely unrelated reasons from Epic's own nonsense.

Related note: Facebook's platform fees in their little VR chat thing[0] are actually way worse than Apple's.

As far as I can tell or care, most tech companies that have anything resembling a platform inevitably try to suck the life out of it and kill it. Apple is unique in that they've carefully calculated and balanced how much money they can extract out of developers, but they're still playing the same digital warlord game that I would much rather do without.

[0] Horizon Worlds, I think? IDK it sounds like the sequel to Horizon Zero Dawn


Epic, the company that keeps 95% of profits made by Fortnite creators: https://daringfireball.net/linked/2022/06/27/epic-95-split

Epic, the company that complained about Apple's 30% cut :)


> adding entirely new APIs in Android for sideloaded app stores to be able to update already-approved applications without extra permissions or approval

Wow, that sounds great! Does F-Droid make use of those yet? Having to manually install every app update gets tiresome.


Nope, they will not get to keep their App Store restrictions. From the DMA Q&A page (https://ec.europa.eu/commission/presscorner/detail/en/QANDA_...):

> Ban on requiring app developers to use certain of the gatekeeper's services (such as payment systems or identity providers) in order to appear in app stores of the gatekeeper;


One of the App Store restrictions is on code that can modify itself after installation. If that is no longer a restriction the the whole App Store restriction and review process is just pointless.


Maybe Apple will lift some of the App Store restrictions for Europe in order to reduce the need for sideloading. They certainly don’t want their customers to become used to sideloading all the time and stop primarily using the App Store.


Yeah this seems likely to me as well, I was more or less just making a point that there are more than one ways to be compliant with certain parts of the DMA.


You can fearmonger all you want, but this is a good thing: People should actually own their devices.


This is what you call an awful dichotomy. Security Vs Autonomy... weaponized.

I agree with you. I also agree with the other side though. Allowing these monopolies to squat all the bottlenecks in protocols of media and communication channels is also intolerable.

It is perfectly reasonable for you as an individual to prefer privacy. It's perfectly reasonable for a regulator to strike at a problem.

Look... the can't provide the technical solutions. Mandate a protocol or whatnot. They might, maybe be able that eventually makes adoption of reasonably secure, open protocols happen.

WhatsApp can't be the end state. It appears to be the economic Maxima though.


It would indeed be bad if the requirement were to scream YOLO and allow all apps to always access potentially privacy eroding features like NFC. But surely the proposal isn't that - is it? If it's merely that the OS be required to be _allow_ NFC features just as it does for first-party apps, what's the risk exactly here?

I think these kind of special permission requests work at least sort of reasonably on web-browsers, and less brilliantly but acceptably on android. Yes, users will need to think before clicking OK, but the way those dialogs often work (and surely can work) means that they're no longer conveniently able to throw up take-it-or-leave-it modal dialogs. It's at least a little better than the nonsense that is an EULA.

But the real critical issue here is that we should not let ourselves be held hostage by apple. Yes, apple hasn't made it _at all_ easy to secure third party access to potentially privileged functionality. But... that's their _choice._ They choose to make a really high first-party moat, because that's convenient for them. But the alternative isn't throwing users to the wolves, it's actually thinking about how to limit access securely even while delegating access. If we have to wait until big tech decides to do that out of the goodness of their heart... we'll die waiting.


I think (and hope) the platform will still be allowed to pop up a “do you want to give this app permission to do Foo?” dialog, as long as it does so the same for all apps, independent of developer or app store it was downloaded from.

I also would hope the platform can still restrict browsers in what they can do, as long as that’s applied uniformly across all browsers, but I’m less certain about that.


So, exactly how Android does?


Interoperability means that hardware and hardware related OS capabilities have to be accessible to third-party developers. End to end encryption isn't a hardware capability, it's software. Also, they only have to give them a mechanism to access it, they don't have to remove the already existing security mechanisms like notifying the user that an app has requested access to things user contacts or bluetooth. If users don't want to grant an app permissions that's not the fault of the platform developer.


> I support people who want a FOSS device that is in no way locked down. I just don't want that, because I don't want to play systems administrator for an always on tracker in my pocket.

    Settings > General > Enable Expert Mode
Problem solved


There is nothing in this article which would prohibit the gatekeepers to extensively warn the user when accessing these features. Apple had tons of trust from its users. They can just say that this third party usage is dangerous one the first time and re - reporting bad usage later.


Developers are end users too


>Apps will use near-field communication technology and other mechanisms to track us

Ok, well, the EU mandates opening up this tech to apps, some apps then violate GDPR in various ways leading to big fines for those apps.

Now someone is going to say fines with GDPR have not been big enough, but I think they are slowly increasing (because really that is typical gov. policy, don't go in with big fines, start small, and later when hitting big you can say but we have been very reasonable), and also, just maybe the fines for people moving into a new field with predatory tracking from the get-go will get the big fines and be shut down quick.


"Big fines?" Seriously? How are you going to wring "big fines" out of piddly-ass hacks troweling out junk apps?


you don't, you give them the maximum fine and they go out of business. If they don't pay the fine they are criminals, they get removed from platforms they are on.


> I just don't want that, because I don't want to play systems administrator for an always on tracker in my pocket.

You should stop using smartphones then.


This is huge. Forcing Apple to allow app side-loading, third-party payments, etc is going to wrest away control of the iOS ecosystem (and eat pretty heavily into their revenues [1]

[1] https://www.cnbc.com/2022/01/10/apple-implies-it-generated-r...

I hope some of these regulations spill over into the U.S. and the rest of the world.


Never underestimate the creative genius of Apple. They will come up with new solutions to keep their walled garden.

"Allow users to install apps from third-party app stores and sideload directly from the internet"

I bet this is going to be a horrible user experience. "Are you really sure?", "Apple takes no responsibility not warranty" whatsoever.

What sound usually easy on paper...


> "Are you really sure?", "Apple takes no responsibility not warranty"

Sounds good to me. As a techie who maintains several phones for several family members at a variety of tech-literate levels, I certainly hope this experience sucks and is difficult to figure out.


I love the walled garden. You want a self-managed server, buy one.

I want a foolproof thin client for myself and all the older people in my life


Are you saying that old people who have difficulty figuring a phone will suddenly become a techie that can find an obscure setting?

Complete FUD. Stop fearmongering.


No, they don't just "Find an obscure setting". A website tells them exactly where to look, exactly what to do, and they have motive to do it because they want whatever this app is promising. These kinds of scams are all over the place.

Open up your browser's developer console while on Facebook and you'll see FB's desperate attempt to get you to not start typing in commands.

When Epic got up in arms about Google's fees, they published a sideload-able version of FortNite, and some users ended up installing a fake virus-laden version (https://www.theguardian.com/games/2018/aug/10/fortnite-on-an...).

How many Linux users run arbitrary shell commands they find online while trying to fix or install something? What about some curl command somewhere that downloads and executes whole scripts? And Linux users tend to be very technically oriented.

This is not FUD. We're there. This is happening today.


That's why it's FUD. It's happening today. There will never be a perfect circumstance where a determined enough attacker cannot get a determined enough sucker to give them their savings.


“This is FUD because it’s already happening and there is nothing you can do about it” is a weird take.

Just because something is possible doesn’t mean that making it harder isn’t worthwhile. Perfect is the enemy of good, after all.


Where is the guarantee that the current situation is better, in terms of actively preventing that situation?


They can’t even follow how to call me up through facebook, do you honestly believe they will accidentally turn on the equivalent of Android dev mode? If Apple want to make it hard to access, they can.


Read again and reinterpret. Old people will get sent a link to the “new official tax app” and be screwed six ways to Sunday.


And it can happen today as well via a website. That’s why some countries mandate two-factor authentication for example, which is a proper solution, not this “let’s sell overpriced tamagotchis” security theater.


Well, get them to install AppleSafe™, which will give them the curated Apple experience by locking out all sideloading, and requires them to call Apple and go through menus in order to remove it.


This works for me. I trust Apple a lot more than I trust some third party rando and I enjoyed watching Facebook whine about losing data tracking revenues and whiplash into Meta on their way to more people discovering that the world can live without them.


Don't worry, it won't be legal for Apple to void the warranty for this.


The concern is not a voided warranty. The concern is tech-illiterate users being able to install some random app they found on the web. They find a special version of Facebook and install it, and now their phone is compromised.


>They find a special version of Facebook and install it, and now their phone is compromised.

The Android ecosystem is a bit of a cesspool, but surely even it isn't having major issues with swaths of people having their phone compromised, right? My parents aren't going to sideload an apk.

I have faith that there's a way to do this right.


I saw a friend go through all the motions of sideloading an apk of a fake DHL app he got through a 'track your delivery' fishing email. He did the whole thing while complaining about 'How stupid DHL is', and 'How orwellian it is' for DHL to ask for screen record permission ...


We techies vastly overestimate the technical nous of people who don’t care about it.

For example, my dad, who has had decades of internet usage, tried to buy a USB drive that promised to speed up his computer for only $99.

These folks need an app store.


People also buy "mileage improvers" for their cars that are just a set of blinking lights that attach to to the OBD bus.


The solution to that is teaching tech illiterate people not to do that. At some point you have to accept the reality that not every advanced system can be made safe. The approach to not have advanced systems is not sustainable. You end up with Candy Crush OS that negatively affects everyone. In my opinion people get scammed by that too.

In reality Apple could just implement a dummy mode. I bet a lot of people would decide against that an be completely fine.


It won't matter much, the external app stores can make it worth their while. They'll give away valuable apps (e.g. Epic Store) and charge 20% less.


They backed out from these tricks in the Netherland standoff. As you guessed, it started with horrible wording, and has now became something way saner (albeit they kept their fees requirements)


They didn't back out on these: They were forced to give them up in the Netherlands. And then, when South Korea passed a similar law... Apple has announced the same tricks the Netherlands refused to accept as their plan to comply with the South Korean law.

You can bet they'll start playing the same games with the EU once this goes into effect. Regulating big tech requires not just passing the law, but a heavy handed enforcement that doesn't put up with delays and antics.


Denying warranty claims for that reason would already be illegal under existing laws in most developed countries.


Yes, but there's few entities out there actually enforcing these kinds of laws. For example, if you ever use the manufacturer-sanctioned bootloader unlock on a Samsung phone, that blows a fuse in the phone that says "my warranty is void". Samsung refuses to service phones that have ever had their bootloaders unlocked, regardless of what was actually done to them. As far as I'm aware nobody has bothered to sue Samsung over this feature.


This had me thinking. This might be a weird take, but if nobody was bothered enough to file an official complaint against Samsung, and have it reviewed and pushed through the process, is it a significant issue in the first place ?

(Basically, I am making a "if a tree falls in a forest" argument)


I don’t think fucking around with EU regulators is something Apple should do here. They’ll probably revenge even with stronger further regulations later.


I think they should fuck around and find out.


Play stupid games, win stupid prizes!


Definitely -- I can imagine them making it some kind of faustian bargain, where in exchange for enabling sideloading, you void your warranty, never get any software updates again, can't connect to any Apple online services whatsoever, etc.


Tech companies seem to believe that it is a neat trick to mislead regulators, in my opinion this is a serious mistake: regulators hold the power to destroy you and playing 'clever' may give you bragging rights but ultimately it can doom your company. Underestimating the power of nation states is a pretty dumb strategy for any company that relies on the cooperation of the countries they intend to do business with.


That would violate the EU legislation as currently written.


> can't connect to any Apple online services whatsoever

So what's the downside?


If you don't want to use Apple services, why are you buying an Apple device? These facetious arguments make no sense.


I use a Mac because the hardware is great and the software is least worst.


There have always been Android users who don’t want Google services, spurring the creation of Cyanogen and Replicant and the like. Are you sure there are no equivalent users on iOS?


> creative genius of Apple.

You're forgetting the "no creative geniuses"-clause, aka repeated fines of 10-20% of worldwide turnover.


You know the walled garden is put up with good reason -- to keep fraud and abuse out? And that very few are actually capable of doing such a job, and the software industry has continually demonstrated the lack of that capability.


"Wait 60 seconds to proceed"


I agree, it could be ugly. The GDPR is supposed to be great, but what practical impact did it have on most of us? Cookie consent dialogs everywhere.


You can request and get a full copy of your data anywhere, and be fully deleted if you want. Every company has become aware and afraid of data leaks because they are required to report them.

The cookie banner thing is… unfortunate.


The cookie banner thing is... entirely optional. Just don't track your visitors, problem solved.


If anything, the banner indicates that the site is tracking you. The site chooses to do that. The GDPR doesn't force them to.


The impact is: far fewer data breaches in the EU than before, fewer of them wiped under the carpet, security no longer seen as a cost but as an important element in the IT strategy and with a seat at the table during design, operation and decommission (and in many cases: at the C level). On the whole the change has been remarkable, the last four years have seen a sea change in how corporations look at data, security and compliance.

If all you associate with the GDPR is cookie consent dialogs then maybe these discussions are not for you?


That all sounds pretty rosy, and my BS-meter is pegged. I think it's just as likely that the corporations have figured out how to skirt the law and get everything they wanted anyway.

> If all you associate with the GDPR is cookie consent dialogs then maybe these discussions are not for you?

You realize that you are the unique one? Most people don't care about abstract concepts of digital privacy and just hit whatever button on that dialog that makes it go away. Who knows what they're opting in to, and they don't really care.

These are definitely the sorts of things we should factor into regulation lest we continue to pave that road to hell with shiny good intentions.


People in EU did care enough about privacy to vote in the politicians who passed GDPR, no?


> > If all you associate with the GDPR is cookie consent dialogs then maybe these discussions are not for you?

> You realize that you are the unique one? Most people don't care about abstract concepts of digital privacy and just hit whatever button on that dialog that makes it go away. Who knows what they're opting in to, and they don't really care.

His point just went straight over your head. GDPR has nothing to do with cookie consent dialogues. That you think otherwise demonstrates that you don't know much about this topic, hence: "maybe these discussions are not for you?"

Incidentally, in my observation cookie consent dialogues is a pet peeve of people on forums like this, but not with the general public. It's something techies bitch about.


This is also the IAB's fault by trying to be clever and decide "the user will just consent to everything" in order to continue business as usual.

It did not have to be this way.


Cookie consents predate GDPR.

They're misused by sites. You don't need to show cookie consent if your cookies are purely technical (e.g auth)


Cookie consent is not compliant with GDPR - I need an ability to retract my consent as easily as I gave it, which zero of those sites actually provide.

If the EU ever actually starts enforcing GDPR, I expect a quick reckoning.


Cookie consent is not gdpr.


Apple's greed (in maintaining the egregious 30% commission for so long) is going to undermine their entire ecosystem.

If Apple moved voluntarily to 10% or 15% for all, there never would have been the industry pressure for this sort of regulation.

The EU would have been better to just mandate a maximum % commission for all digital marketplaces above a certain level of revenue. This new solution will get poked full of holes by Apple and lead to an inferior experience for consumers.


> Apple simply chose to pay a $5.5 million fine every week for months in the Netherlands instead of obey orders from the Authority for Consumers and Markets

How to piss off the EU political system in one simple step.

This ruling is no surprise after such behaviour from Apple. They made their own bed.


That felt somewhat desperate, like Apple didn't really know how to deal with this.

I wonder what their endgame was? Did they hope that users would rise up and defend apple against their government over dating apps?

Did they think the government would blink first? (Why would it?)

Was this an attempt to hinder similar laws in other jurisdictions? (If so, how?)

Where they simply too stunned and inflexible to react quickly?

It made no sense to me and I fear we will never learn?


Yep.

"So you think our fines are too puny to make you comply?"

"There fixed that for you."


Fines, at least for corporations, really need to have increase exponentially without limit for repeat offenses so that violating the law can never just be shrugged off as the cost of doing business.


10% of global turnover seems pretty substantial.

20% for repeat offenders.

I can't imagine any company in the world that will shrug that off.


This is what beats the heck outta me. A company that is sitting on nearly 150B in cash somehow feels the need to pinch 30% commissions from developers till date. I understand this as an initial business model. I mean a 15% reduction in app revenues is not even a rounding error in Apple's P&L. What the hell are they thinking. The goodwill that they'd earn from devs will go a long long way and if they signal that their share will eventually go to zero over a period of 10+ years, that'll get more devs to embrace iOS. I fail to understand the current leadership at Apple.


So the people that can make the company more successful are sales and marketing people, and they end up running the companies. And the product people get driven out of the decision making forums, and the companies forget what it means to make great products. The product sensibility and the product genius that brought them to that monopolistic position gets rotted out by people running these companies that have no conception of a good product versus a bad product.

They have no conception of the craftsmanship that's required to take a good idea and turn it into a good product. And they really have no feeling in their hearts, usually, about wanting to really help the customers.

-Steve Jobs


Also called the Hewlett Packard special.


> This is what beats the heck outta me. A company that is sitting on nearly 150B in cash somehow feels the need to pinch 30% commissions from developers till date.

The rich don’t become rich by being generous and giving money away.


They are there to earn money for their share holders (which to be clear isn't just rich people, it's pensions including pensions for fire departments etc). They must act in their share holders interests. Cutting their fees with no justifiable reason is not something they are going to do.

There's no conspiracy, companies are there to make money, that's it.


I see this, and it just makes me think that if they had, we'd be seeing posts that say, "Apple's greed (in maintaining the egregious 10% commission for so long) is going to undermine their entire ecosystem. If Apple moved voluntarily to 5% or 3% for all, ...".


30% is almost 1/3 of the app price! It is higher than income tax in most countries. It is stealing money from developers because their app is not successful due to being released on App Store, it is successful because it is a great product and people would buy it on whatever store it would be available. Developers were just unable to publish it in another store or use a different payment processor with lower fees.


30% is an insane amount.


How much is a fair amount? Who decides that and how?


The market, through competition.


The scale of the App Store, or iphone-vs-android in general, or even other markets such as semiconductor lithography - is just so mind-bogglingly massive in scale and cost, that the entire human race only has one or two entrants. It's not currently possible for new entrants to break in at all. Competition is simply non-existent.

If the barriers-to-entry are so high that you can't have real market competition, then regulation is the only option left.


Is "the market" going to magically provide all the substantial benefits of an Apple-run store for apps, too?

No. It's not. "The market" is going to say: sorry users, fuck that, y'all can just magically research all this and provide your own security and privacy from here on out.

Which is impossible, of course.

Result: much poorer user experience for the vast majority of users. Which is why Apple did it their way in the first place. No, it was not because of revenue. Anyone who says that is either lying or is incredibly lazy and hasn't looked up where Apple actually makes its money.


The app store had 85B ($85,000,000,000) gross revenue in 2021. Apple made 30%. https://www.statista.com/statistics/296226/annual-apple-app-...

From https://revenuesandprofits.com/how-apple-makes-money-underst...,

> The devices and platforms help Apple lock-in the consumer into its ecosystem. First, Apple achieves hardware lock-in with the devices. Then, it achieves software lock-in with operating system software, application software, and third-party software and apps. Then, iCloud helps Apple achieve the data lock-in.


As stated elsewhere on this thread, the 30% isn’t entirely going to Apple’s pockets — they have costs such as App Store bandwidth costs, support costs for purchases made, and the likes.


Let's say Apple pockets all 30% as profit. Who is to say Apple should or shouldn't profit that much from the App Store? Who decides how much they should profit? I find the discussion around commissions shallow and entitled. We should discuss the fundamentals: market definition, competition, abuse of power, etc.

PS: In case I couldn't make it clear, my questions are not directed to parent comment.


> Let's say Apple pockets all 30% as profit. Who is to say Apple should or shouldn't profit that much from the App Store?

All of us. The very same society that gave Apple exclusive control over their "intellectual property" in the first place which allows them to pocket that profit without having to compete for it. The same society that pays for enforcing that exclusivity. Corporations like Apple and their business models are only allowed to exist because we think that suits us - and we should continuously reevaluate that decision and correct it when corporations do more harm than good.


I don't think Apple rests on any intellectual property or exclusivity rights in regard to App Store, but I agree with the general idea that society should be free to exercise its right to change course. Still, I don't think it's right to decide to use this right based on a company's gross margin. The decision should be based on society's fundamental goals.


Do you remember when Apple was engaged in price rigging for ebooks?

https://www.nbcnews.com/businessmain/apple-faces-5-year-ban-...

We already have rules about how much control a single company can have over a market and what defines a market. The app store is clearly a market. Apple has an aggressive chokehold on it that artificially inflates prices and prevents competition.

As an obvious check - Amazon can't sell me ebooks through it's kindle app without Apple being involved and taking a 30% cut. That is market control and abuse.

Let's say you want to build a direct competitor to an Apple product. You can't because Apple actually won't let you do the things it's apps do if you want to be listed in the store. That's called market abuse.


> We already have rules about how much control a single company can have over a market and what defines a market.

I don't know of such rules. Can you point me to them?

To the contrary, there's Epic Games v. Apple case in which definition of the market is pretty narrow (digital mobile gaming transactions) compared to what you suggest (App Store in general) [0].

> That is market control and abuse.

In the same case, judge decided that Apple is not a monopoly, saying “Success is not illegal.” [1]

> Apple has an aggressive chokehold on it that artificially inflates prices and prevents competition.

Almost all apps are free. What inflated prices are you talking about?

[0] https://en.wikipedia.org/wiki/Epic_Games_v._Apple#Decision

[1] https://appleinsider.com/articles/20/08/23/apple-versus-epic...


Thanks for the clarification, because your previous comment seemed to contradict.


Oh, is there a competitor to the app store that will let me get apps for my iOS devices?


Your reply reads quite snarky. I don't think further discussion would be productive, so I won't continue.


That already happened when the consumer bought an iPhone instead of an Android phone. Is there supposed to be fractal competition all the way down?


For the “competition will select for the best option” to be the case, yes.


Did you research Apple's costs for running the App Store, screening apps for security, etc., before making this blanket statement? I'd wager not.


But they're not billing on the basis of how much it technically costs them to provide these services. If we had a competitive ecosystem then we would expect Apple's prices for payment processing to be at least within an order of magnitude of (for example) Stripe's.

Of course security screening is expensive, but it's also not that expensive (e.g. a typical software company might have a 10-30% profit margin, so in some cases apple accounts for roughly half the operational expenses of a company – i.e. the company pays as much, or more, money to apple as it does to its entire payroll)


Do you seriously believe all these things are big expenses? They barely do any screening.


How does it compare to a regular bricks & mortar retail store? Shelf fees, etc?

Edit: downvoted for asking a question? Thanks HN.


How does that compare to CDN, stripe Integration, a fancy certificate and a shop web page. That is the question. It is software distribution.


Exactly. I wish people stop using Retail as a counter argument, especially when 99.999999999% of them have no idea how Retail works.


How much warehouse space does it take to sell 3,000,000 copies of fortnite? How much shrink did they have?


The shrinkage is called chargeback and processing fees.


Great so that's 3.5%

Where is the other 26.5% coming from?


How many people do you think Apple employees whose job is solely or primarily-centered around iOS developer relations, tools, support, store infrastructure etc. etc?


This isn't the point – the point is that because Apple has a monopolistic position they are not forced to compete and provide better service.


Random guess? Maybe N employees, paid $5-10bn per year. Maybe $5-10bn in all the other expenses.

In 2020 Apple made $60bn from the AppStore.

Apple makes outrageous amounts of money from first mover advantage and a humongous moat but I guess we're ok with that.


> If Apple moved voluntarily to 10% or 15% for all, there never would have been the industry pressure for this sort of regulation.

They did[0], but the actual companies lobbying for this are the ones that don't benefit because they're making $x millions less due to iOS.

0: https://developer.apple.com/app-store/small-business-program...


If iPhones had different app stores with 15% fees, then consumers would decide. I think the real issue here is consumers are gona get hyper confused and it wont be a better experience for anyone.

Every single app creator out there will now want their own "app store" and it's going to be a mess. 30% fee initially to capture that market was what our company factored in and grew exponentially with. A 15% fee is nothing if the market is fragmented.


> Every single app creator out there will now want their own "app store" and it's going to be a mess.

This is such an oft-repeated argument, yet overlooks that Android already allows sideloading and alternative app stores. If everyone-creating-their-own-app-store hasn't happened on Android, why would iOS be different?


Here in China there is like 800 app stores for Android.


Isn't the Play Store blocked in China? Seems like that would be the main reason for the proliferation of alternatives.


Full devils advocate here, but the argument I've always heard is that the play store is a lot less arbitrary and restrictive than the App Store, so there's less reason to want to go outside of it.

Apple locks out so many useful kinds of software that there actually may be enough momentum for real alternate app stores to proliferate.


Apple locks out so many useful kinds of software

For someone who doesn't have a personal Android phone, what useful software is out there that I can get on an iPhone?

Related: What mass-market software is out there that isn't available on the iPhone? I don't mean *nix tools and niche game emulators. Things that would make many people actually care about alt stores?


- Web browsers with ad-blocking and plug-ins (Apple currently requires all web browsers to use system Webkit with very limited APIs).

- Game cloud streaming services (xCloud, Stadia, GeForce Now).

- Unofficial clients for websites such as YouTube that add features that official client doesn't have.

- Tools to disable advertisements in applications.

- Programs licensed under GPL as Apple App Store bans those.


> Unofficial clients for websites such as YouTube that add features that official client doesn't have.

I'm sure Google can send a cease-and-desist to all sorts of other stores instead of just Apple.

> Tools to disable advertisements in applications.

This would be breaking the sandbox model of the system, I don't think the regulation requires dismantling system security

> Programs licensed under GPL as Apple App Store bans those.

No such rule. VLC on App Store is the first example that comes to mind. There are also GPLv2 components (such as WebKit) shipping in iOS itself.

The FSF has said there are (IMHO bureaucratic) issues with GPL on an App Store, specifically that e.g. Apple takes on certain responsibilities, rather than the developer.

For that reason, it's possible a contributor may shoot down publication, which IIRC caused VLC to have to rewrite certain components before launch.


> I'm sure Google can send a cease-and-desist to all sorts of other stores instead of just Apple.

Google may dislike those applications and refuse to host them on Google Play, but they aren't doing anything illegal, so they cannot do anything about programs like https://f-droid.org/en/packages/org.schabi.newpipe/ on other stores.

> This would be breaking the sandbox model of the system, I don't think the regulation requires dismantling system security

I don't think it is breaking the sandbox, it could be implemented using NEAppProxyProvider, however this particular API is not available for App Store applications.

> Programs licensed under GPL as Apple App Store bans those.

iPhone version of VLC is licensed under MPL2 specifically for that reason. WebKit is LGPL2.1.


Also, torrent clients, anything that could perhaps be used for piracy, anything even just very slightly pornographic or considered that by Apple.


> For someone who doesn't have a personal Android phone, what useful software is out there that I can get on an iPhone?

A web browser that isn't a hamstrung reskin of Safari, and that can run uBlock Origin.


You do understand that uBlock Origin has private, profit-generating relationships with advertisers.

And you want them to have full access to every URL that you visit ?

Rather than use AdGuard or any other ad-blocker that can't go and sell your data to third parties for money.


1) Completely false for uBlock Origin; zero relationship

2) It's fully open-source so the above is verifiable

3) AdGuard and every single other (proprietary) adblocker for Mac and iOS includes content blockers, but also includes web extensions that request access to "all web page contents", including credit card numbers you type in, allegedly for the purposes of custom element blocking etc. (not open source, we can't check). Try installing it and see. Apple still allows web extensions that have complete access to all webpage contents (which is necessary for many legit extensions), they just block specific WebExtensions APIs that uBlock Origin requires. Literally zero benefit to privacy whatsoever, yet everyone buys the BS.


That's uBlock you were thinking about, which is owned by AdBlock. I'm 98.9% certain that Raymond Gorhill's project which I can build from source and install is not doing that.


And Gorhill / uBlock Origin doesn't even maintain the block lists (but does ship with a default selection).


> You do understand that uBlock Origin has private, profit-generating relationships with advertisers.

That's uBlock without Origin. Careful where you download your ad blockers from.

Edit: I'd also love a DaisyDisk that works on iOS. It will never get permission to get on the app store. Of course, that kind of app IS a huge security issue so I'd be very careful where I get it from.


In addition to everything the others mentioned already, anything that's not a web browser that might at some point show NSFW content. Applications like Discord and Tumblr been forced to make ux-degrading changes to comply with this Victorian-era prudishness.

(and before you mention an application you know of that doesn't have this problem, remember that Apple's enforcement and reading of the rules compares unfavorably with nuclear particle decay)


Yeah, if as a consequence what you can do iOS/Mac OS stops being censored according to US puritan values, that would be a plus.


Haha speaking of Apple stuff being Disney-ified, my phone stopped charging wirelessly. The solution to that is to restart it, but Apple hid that option under 3 layers of menus and I can never find it, so I asked Siri to "turn off this f--ing phone". She said "That's not nice" and did not turn off the phone.


No uBlock Origin for one.


The Pornhub app


Call recorders.


I have never, in 15 years on iOS, run into a single "kind of software" that Apple has supposedly "locked out" that I actually wanted or needed.


Your needs are limited and "anecdote" is not the plural form of "data".


The Play Store, as a system app, gets special privileges that user-sideloaded appstores don't, like automatic updates.


"...hasn't happened on Android...", except it did but mostly in Asia. Not to mention the manufacturer-exclusive appstores.


Counter argument: The millions of different game launchers on Windows. What a complete and utter mess.


And it would be better if Microsoft had total control over what you're allowed to run? Give them that power in 1990, and the web never exists outside of a research project.


Now imagine there's a single game launcher, and that's the built-in Xbox app. Games that aren't approved by Microsoft don't get published.

I'll take the current arrangement any day of the week, thank you.


And we would never have all the innovations in the market that Steam has brought to us if windows only allowed game installs through some Microsoft Games Market. Are you saying that would be preferable?


You mean like twelve and most of the games with custom launchers are still on Steam?


That doesn't apply. You are forced to use the different launchers if you want certain games


Millions? Cite them.


More likely, some apps will simply bypass the whole app store concept entirely. There are a lot of downsides to requiring every app install be intermediated by a third party, especially for internal or very niche apps where the app store isn't really adding any value because the provider is a trusted/known brand to the customer already (e.g. they may have a negotiated contract).

For consumer apps, there doesn't seem to be much appetite to do this on Android at least, though Telegram can be installed outside of app stores. It rolls its own update system and that seems to work fine.


Unfortunately, the App Stores tend to bundle both the store (i.e. curation and discovery) part and the on device package management part somewhat so apps installed outside the store will need to provide their own update mechanism. There is of course no real reason why there can't be a standard way to provide update channels that can be managed in a central package manager application without also requiring the store part, just so far no incentives for platform holders to separate these two.


Pretty sure 30% commission is not an Apple-exclusive thing. Google Play, consoles and Steam have the same rate.


Switch has 30% with a 5% rebate to consumers.

Steam has a regressive 20%/25%/30% tiered commission structure.

There are sweetheart deals we have no knowledge of, like Apple's deal with Amazon to get Prime Video onto their devices.


And AFAIK Apple charges 15% if you earn less than a million in your net revenue, yet noone mentions that. Which, by the way, could be considered a sweetheart deal of its own, just like Steams tiered system. As for the Switch it's still 30% and to the developer it doesn't matter whether there's 5 percent going to the customer or not.


Apple only made that change after incredible pushback from their community, and it still doesn't address the real problem: Apple could be charging 2% and they would still have a monopoly on app distribution that deserves to be broken up. Steam isn't comparable, since it charges that 30% fee and competes against other distributors. Despite that, developers continue to choose Steam over alternative platforms like Itch.io or EGS. Likewise, Apple is free to charge whatever they want for their app store, they just need to compete with other service providers to ensure they're providing a fair deal.


More like "after Tim Sweeney suddenly became obsessed with Apple and started demanding things".

"...they would still have a monopoly on app distribution..." on the platform that they've created, supported and maintained over the years, in the market that already has alternatives.

"Steam isn't comparable..." ah, so Steam charging the same percentage is a whole different thing...i see.

"...competes against other distributors." on the Windows, Linux and MacOS operating systems, operating on a platform that is not exclusive to any manufacturer in partucular.

"...they just need to compete with other service providers to ensure they're providing a fair deal." They already do compete, look up alternative iOS stores.


Someone needs a tutorial on what "monopoly" means.

Controlling app distribution solely within your own platform is not a monopoly. You might wish it were. You might not like it; you might want it changed. But that doesn't magically mean you can call it a monopoly. It's not a monopoly.


If you open a market in the city, prevent any others from opening a market in the city, force all sellers to pay 10-30% to you, force all product makers to comply to your dictates about what can be sold or get kicked out then it's an effective and abusive monopoly.

Thankfully the EU in their wisdom has decided that Apple has abused their dominant position and we don't need to agree with your definition.


Except iOS devices aren't "markets in the city". It's a good thing that you decided to pick that as an example for this comparison (even though it's a bad example) as you have (on accident, i presume) contradicted yourself in a spectacular way. See, the aformentioned market is in...well, "the city" and chances are that that market is regulated by the city council/county laws/the laws of the country the market is in. The city provides infrastructure for the market as well as customers, perhaps some advertising...you get the idea. Hm, it seems that in that relationship, while AppStore is sure a market, the city that the market belongs to is...Apple? Whoops.

I hope that the wise EU is also going to decide that European car manufacturers and their infotainment systems are "abusing" their dominant position in their respective markets of manufacturer and model specific systems! Or that non-European companies should be able to provide "alternative software" to multi-billion euro manufacturing lines of European mega-manufacturers with the same disregard for any potential consequences, just to avoid any sort of "anti-consumer" behaviour. I sure hope so!!!(couldn't care less)


Except Apple hasn't prevented others from opening a market.

You're aware of Android, right?

It's not "my definition". It's THE definition.


The incidence of fees is born by the consumer so it should matter.


It originates from publishers. When Amazon was pressuring all the publishers to sell cheaper e-book versions for their Kindle, they were aggressively cutting prices to win consumers from competition. They'd then use their classic "70% of your purchases come through us, so lower your prices for Amazon or we will cut you from our store" to get more profits. The publishers obviously hated this, and especially seeing the brand damage of their brand new flagship type books on sale since it made them seem like they were in the bargain bin for not selling well. Since Amazon was a reseller, they could do whatever they wanted with the pricing.

Apple came in as a "savior" for the publishers and said that the publishers can set their own prices and take as much profit as they wanted... just as long as Apple got 30%. This 30% originally came from the music publishing industry (where they did set the price themselves, remember $0.99 songs?), went through books and now has been legacy'd onto apps. If nothing changes here it'll probably exist for metaverse stuff if they go there.


Steam's commision has also been (IMO rightfully) criticised but the situation is hardly the same because Steam doesn't (and can't) prevent other stores or direct app installations on the platforms it runs on so that 30% is much more justifiable as something the "free" market is willing to pay for the services Steam provides. Apple on the other hand doesn't even let anyone compete.

(Of course, Steam still greatly benefits from first mover advantage and network effects that IMO mean they should also be subject to more regulation, including being required to support alternate clients for all Steam services as well as federation for their social network and communication channels.)


They can't, because the platform it runs on doesn't belong to anyone in particular. It's absolutely not the same situation that Apple/console makers have.

No they shouldn't. Steam wasn't the first in digital distribution of videogames as some consoles offered similar system way before Steam. An argument can be made that "on demand" gaming options of the past can be considered the Steam of the past. And enforcing regulations for no reasons other than regulating on companies that are widely recognized as pioneers of their respective industries is the very definition of "punishing success".


Will it though?

I don't know anyone who side loads onto Android, and even Epic gave up and put Fortnite back onto Google play[0].

I'm sure that any side loading will be hidden beneath layers of warnings designed to put off all but the most determined.

[0] https://www.polygon.com/2020/4/21/21229930/fortnite-availabl...


F-Droid is somewhat popular among privacy minded folks. You probably want it for NewPipe and Conversations.


The US already has one which is supposed to be voted upon soon: https://www.congress.gov/bill/117th-congress/senate-bill/271...


This is just for payment providers though, not alternative app stores.


Are you just reading the summary? It does force them to allow 3rd party apps and app stores too:

>A covered company that controls the operating system or operating system configuration on which its app store operates shall allow and provide readily accessible means for users of that operating system to choose third-party apps or app stores as defaults for categories appropriate to the app or app store

https://www.congress.gov/bill/117th-congress/senate-bill/271...


Huh, there's even a bipartisan spread of cosponsors. That might actually have a chance.


I wonder if it would make more financial sense for Apple to withdraw from EU market, rather than complying.

The numbers for 2021 are pretty much in line:

$89B - Apple sales in Europe (including some non-EU countries, most notably UK)

$85B - Apple AppStore revenue worldwide.

The question is: which one has more potential for growth.


Remember that App Store revenue is also generated in the EU.

Let's assume that 15% of App Store revenue is from the EU. That would leave an additional $12.7 billion hole in Apple's pocket.

Worse, it would mean Apple's third-party developers lose about $30 billion in revenue. (Apple takes a 30% cut, so the total App Store sales volume is about $283B). Those developers would also lose all access to their existing users in those countries. It would be a massive black stain on Apple's reputation.

It's the kind of drastic move that you simply can't do as a platform provider unless your hand is absolutely forced by something like international sanctions.


And more importantly it would further erode their market share. It would be an absolutely insane move.

Much more likely they'll go the route of malicious compliance. You can side load apps but you can't add them to your home screen. You can set a third party voice assistant but it can't launch apps. Etc.

Will be very interesting to see how this plays out!


> You can set a third party voice assistant but it can't launch apps

Facebook and Google are going to love this.

They can build a voice assistant app which will provide them with all of the apps people use the most, people they contact, places they visit, searches they do etc.

It's going to be a privacy nightmare.


I don't think so. The EU market is pretty huge and financially strong. Maybe they will only allow sideloading and payment freedom for the EU with special iOS builds.


This would be very consistent with their prior actions. Apple's "opening move" with prior rulings and laws on in-app payment processing has been to require separate binaries locked to specific jurisdictions. The company genuinely believes that competition is consumer-hostile at best and outright dangerous at worst.

The question is, how far will Apple go to keep Americans from turning on "EU mode"? Will it just be the usual country toggle? Will sideloaded apps be geofenced to the EU with Location Services? Or will they start adding bootloader fuses for each jurisdiction so that you can't install the "EU sideloading firmware" on US-purchased iPads? Or all of the above? I hope the EU is ready to litigate whatever hoops Apple makes people jump through - because Apple loves inventing new hoops.


depends on the company really. some might think a bit more about offering their products to eu countries considering (some of) these rules. which imo are quite serious, and some even ridiculous.


Considering how far backwards companies bend over to make business in China and some Arabic countries I don't expect a single company with some profitable business in the EU to leave that market.


for sure. but a newly established company with strong revenues in a part of the world where there are no rules? difficult to answer.


So what? Nobody is obliged to serve any market, or a markets obliges to open for individual companies. If company A won't, companies B and C propably will.


> So what?

if your goal is more protectionism, then it’s great. but if you want to produce market leaders then it’s bad.


If by market leader you mean creating monopolies, or oligopolies, there are rules againstt that in place. So there seems to be some concensus of seeing those outcomes as non desireable. And those rules cover consumer protection and choice, Microsoft has some experience with that when it comes to Internet Explorer.


Being a monopoly is not against the law. Abusing your monopoly is.


Which ones do you find ridiculous? They frankly diverge from the current status quo but to me they all go in the right direction.


i foresee a fiasco in general, but a few stand out:

> Share data and metrics with developers and competitors, including marketing and advertising performance data.

with competitors? :))

> Allow developers to integrate their apps and digital services directly with those belonging to a gatekeeper. This includes making messaging, voice-calling, and video-calling services interoperable with third-party services upon request.

could have been solved easily if they proposed a working group to come up with the next video and messaging standard. right now i foresee the discussions we had back in mid 00s: we use our own video encoder. they use h263. and those other guys use vp9. good luck to the team writing a transcoder that works real time :))

> The Digital Services Act (DSA), which requires platforms to do more to police the internet for illegal content, has also been approved.

“think of the children” legislation.


I don’t see why you are surprised by the sharing with competitors and the obligation of interoperability. That’s in line with what’s imposed on dominant player in an unbalanced market. Basically Europe is saying to gatekeepers that they can keep their platform but it will come with a lot of caveat from now on.


Asking for data sharing without specifying exactly which data is included and exactly which data is exempt is ridiculous. The standard for laws need to be far higher. Which metrics? Which data? If the lawmakers mean all data they are going to discover very quickly a lot of that data is subject to privacy standards. You can't for example share the data you use to train a personal assistant without sharing queries people have made of that assistant.


That's pretty much the point of the regulation. If you're okay with being preyed upon by billion-dollar companies, stay in the US. If you'd like to be protected as a customer, come to the EU.

Besides, the DMA has specific exemptions for small companies. Once a company reaches the "gatekeeper" level, they will have had all the necessary time to figure out how to comply with the law.


Oh please. Are any of these billion-dollar companies going to deliberately issue malware that allows them to record my passwords and empty my bank account? Side-loading will be a huge gift for scammers.


Only if you're confident it's some uniquely EU idea (which it's not, regulators all over the world are thinking about doing this).


Some of that App Store revenue comes from the EU BTW. Probably a quite sizable chunk of it.


How could it make more financial sense to withdraw?

As long as Apple keeps selling iPhones, there's still profit to be made, App Store be damned.


It doesn't. The parent premise - that Apple is going to be severely harmed financially by any of this - is something far beyond silly.

Apple will barely see a dent from it. Their profit juggernaut will keep rolling on almost exactly the same.

The parent comment in question - "and eat pretty heavily into their revenues" - is confusing their personal projected wishful thinking (obviously desperately wanting big tech to falter) with actual reality (the one where Apple has no serious competitive threats in smartphones for what they do, and as such they'll keep marching on just the same).


Apple clearly does have serious competitive threats to what they do, it doesn't even have majority market share in the EU. But it also won't threaten their revenues much. On platforms where users and developers do have a choice from day one (Android), the app store is sufficiently useful that most devs do choose to stick with it. It seems unlikely that Apple can't make the app store competitive on its own terms.


That would be a strategic mistake even if it made short-term sense (which it probably doesn't) because it would leave a big hole for to fill that could be leveraged to compete with them later in the US.


it will be a ~10% drop of their profits maximum . They have nothing to fear, and have been engaging in these shenanigans just because they can


Doesn't Apple route all of their international sales through Ireland, which is in the EU? They'd need to find another tax haven.


Not all of them, no. Broadly just the European ones, plus a few others where it's not worth setting up a different regional HQ.


I’m pretty sure Apple would still turn a profit even by just selling the hardware in Europe.


Then I wonder what would happen if Taiwan introduced the same legislation.


Oh, I'm sure Apple can drag this out for years and year in the courts lobbing health and safty arguments etc.


Only if the EU court is willing to suspend sanctions during that time. That's not what happened with Microsoft for instance.


First time they're out of compliance, the fine is 10% of their global annual revenue. Then 5% of their daily average revenue until they comply.

Second time they're out of compliance, the fine doubles.

If they still breach compliance, they get investigated for systematic non-compliance. The Commission can then impose structural and behavioral changes.

Or Apple can stop providing service in the EU. But they're not going to say goodbye to a fourth of their global revenue. They will comply.


Well. After the first 2 instances of being out of compliance, that's exactly where they'd be anyway.

I agree it seems unlikely but the math checks out.


They still (rightfully, IMO) can charge third parties for getting access to their customers, just as super markets charge for getting stuff on their shelves, or as amusement parks take a cut for the right to sell ice cream.

Now, as to what’s reasonable there? That will be a separate discussion. So far, Apple has put the bar at over 20% for countries that have passed similar legislation, likely on the argument that payment processing need not cost more than credit card companies charge (a few percent, in the EU)


> They still (rightfully, IMO) can charge third parties for getting access to their customers, just as super markets charge for getting stuff on their shelves, or as amusement parks take a cut for the right to sell ice cream.

Super markets charge for use of shelf space and logistics. The customers don't belong to anyone. The super market can't prevent you from opening a store next door to sell to the same customers directly. Similarly, I don't see any problem with Apple charching for hosting, downloads, payment, curation etc. but it should not be their place to sell permission fro what you are allowed to install on your own device just as it would be ridiculous for Ikea to control what you can put on your shelf.


It won't eat into any revenues. In the Netherlands Apple charges 27% commission on any revenues paid into external payment systems [1]. And what is the EU exactly going to do - ban Apple from charging for access to their software APIs [2]? That seems like one step from banning charging for software as a whole.

[1] https://www.theverge.com/2022/2/4/22917582/apple-netherlands...

[2] Yes, APIs themselves are not copyrightable, but what developer is going to spend the resources to reimplement all of iOS' APIs, with no documentation of how the underlying hardware works?


Lol shit loads of psps have super simple native SDKs: PayPal, stripe, adyen….

They’re all waiting for the day developers switch to their apis. And developers usually work with them over the web, they just didn’t do so on ios because of apple policy


I don't mean payment providers, I mean Apple device APIs like HealthKit, WeatherKit, SwiftUI, CoreML, ARKit, etc. Nobody is stripping all that out (there aren't even real competitors for a lot of these things).


Apple will likely do as little as possible as late as possible, and try to stall as much as possible. It will be interesting to see how it will play out.


It will play as usual, with huge fines.


Not sure Apple is willing to give up 20% of their total revenue (which is the maximum penalty after repeat offense).


There's still plenty of money to be made until the law comes into effect, the regulatory bodies become active, the cases are prepared, rulings are made, all of the layers of appeals have gone through, the regulators have decided whether the new measures are in compliance, it becomes a repeat offense, etc.


Nobody is, but they all do. If they don't comply then they will have their assets confiscated.


For many (most?) users, Apple's restrictions, especially sideloading, protect users from bad actor app owners (looking at you, Facebook). To me, allowing sideloading is like allowing chemical weapons to be used in war. Yes, it's a new tool and capability at your disposal, but it's also available to every powerful and unscrupulous participant.


> allowing sideloading is like allowing chemical weapons to be used in war.

yes, it is exactly like that. Millions of people who download .exe to their compuyters every day are doing chemical warfare


Millions of people downloading .exe files everywhere are why we have an infosec industry. I trust indie developers on the App Store because of the restrictions and the review process. I’ll never side load a small developer’s app. And I worry that major players (I.e. Facebook) will require side loading so they can be free of the App Store rules about privacy.


infosec, like defense (stuff like the internet and apollo missions) are how humanity progresses. Power plays always keep us behind


How has malware, viruses, botnets, phishing etc progressed humanity ?


If you got a job at Best Buy's Geek Squad for a week, you'd quickly realize just how irresponsible most people are with what they install on their devices.


So people with Android where sideloading has been a normal thing for many years have been dangerous? Could they harm other people by creating their own app and installing it on their Android without paying anyone a yearly subscription?

It used to be normal in the past that people would OWN a computer and they would run ANY software on it. Why should we allow a greedy company like Apple to change that? Both android and ios implement sandboxes and apps can't gain complete access over the device in most cases so I don't see any security benefit.


More like a chemistry lab to everyone. Most won't even touch the thing because it requires too much knowledge and is intimidating. Some will doubtlessly use it to "make meth" and get burnt or blown up. But some will also use it to produce better understanding or accomplish a task on their own using their own expertise.


As soon as side loading or their own app stores are allowed, all sorts of companies may require that. Maybe most big companies will stick with Apple's.

As an iOS developer, hardening the 10k-ish apis that exist in iOS will be mostly impossible to do in a short term given the attack vectors would now be outside of Apple's control, probably resulting in incompatibilities and bugs. Android is a horrible platform already given the myriad of different OS versions that exist (and often are not updated by the users) that you have to support.

I also wonder what the law requires as to switchover to the new rules, new OS releases or going back X versions or something? Is there are time frame?

Imagine also being an app developer and having to build/test releases for multiple app stores that include different payment gateways. Without a solid and secure API environment in the OS, how do you manage that with screwing up? iOS has always been easy to do since you only have to support one major OS back. A couple jobs (like 7 years) back our Android app was a nightmare to manage, as we had multiple OS release/phone suppliers that rarely got bug fixes in at all and never at the same time, making fixing/testing some things a nightmare. Might be better today, but I remember how much of a pain it was.


Android allowed sideloading for many years. How many companies require their apps to be sideloaded?


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: