Comment by 827a
8 months ago
When it comes to your personal data, Apple loves (correctly) to say "all of our user's data is encrypted, we can't access it even if we wanted to, so we cannot respond to this government request for data"
When it comes to application distribution, all of Apple's courage immediately disappears. They could say "We don't sign or control apps distributed through third party app stores, that's out of our hands, so we cannot respond to this government request". But, they chose not to. It was a choice, and Tim Cook chose an ugly, dishonorable, cowardly path.
To protect their users they chose to include a feature that allows them to remotely kill nefarious apps on all devices, regardless of how they got installed. A consequence of that is that they cannot answer government requests to kill apps with “I'm sorry, Dave. I'm afraid I can't do that”.
Was that the right trade-off? I’m not sure, but AFAIK, they aren’t allowed to add alarming warnings when users add alternative stores, so they can’t put up signs “you’re leaving the safe area”, so I can see why they made this choice.
In this case they didn't remove the app from the users' devices, they “removed Alternative Distribution functionality from iTorrent’s Developer Portal without any warning.”
So they revoked the right of the developer to publish on other stores, and don't allow publishing that app on their own store.
Beside of those apparent "government sanctions-related rules in various jurisdictions" cited as reason by Apple (whatever that means), they now demonstrated that they still have indirect control over the offering of ALL digital markets.
So regardless in which market you want to publish, you still need to remain in good standing with Apple.
Combining that with Apple's ability to observe the install-base of iOS-devices it's quite a conflict of interest. (The least nefarious being Apple courting successful apps from other stores to come over to Apple)
I would say they have direct control, as they have to bless app before even it can be published on other stores and can revoke this blessing anytime.
20 replies →
Why can't they add a "this app is not verified by apple, we can't guarantee it's safe" popup? Making people jump through ridiculous hoops (like jailbreaking) would violate the DMA, but surely not a simple matter-of-fact warning? Windows does the same with unsigned apps, as do many version of Android.
Because they want to cripple alt stores and ignore the DMA for as long as they can to protect the 30% extortionate rate their position as the sole provider allows them to force on developers.
1 reply →
Because people don't read and scammers would just teach people how to click through that.
12 replies →
I think that’s because of the last phrase in this provision in the DMA (article 13.4 in https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%...):
“The gatekeeper shall not engage in any behaviour that undermines effective compliance with the obligations of Articles 5, 6 and 7 regardless of whether that behaviour is of a contractual, commercial or technical nature, or of any other nature, or consists in the use of behavioural techniques or interface design.”
Because Apple is not allowed to discourage the use of other distribution methods, and such a popup implies that an app provided via other channels is "less safe" than an app provided by Apple.
> Windows does the same with unsigned apps, as do many version of Android.
This is not the same. Windows states that they cannot verify the origin of the app because its not signed. In the current state Apple thoroughly verified the origin of the app, and the app is also signed.
Imagine a guy standing in front of your grocery store telling you that "the food in this store did not pass quality control of Walmart, so we can't guarantee that it's safe"
2 replies →
> To protect their users they chose to include a feature that allows them to remotely kill nefarious apps
This feature is part of antivirus solutions for ages.
If an OS needs antivirus for this, that OS has been designed wrong (excluding Linux, FreeBSD etc as the target audience isn't regular end users) in the first place.
An OS should NOT need antivirus, it needs proper sandbox and containerization.
5 replies →
It wasn’t their choice to make. The user purposefully installed the app from a 3rd party store. That sounds like user intent. If Apple cared about their users, they would allow a user to use without caveat. Including installing whatever software they wish so long as it worked on the platform.
This is right to repair. This is ownership. When you buy some hardware, you should be allowed to install any software you wish, provided it works and you have the technical know how to do so.
>they chose to include a feature that allows them to remotely kill nefarious apps on all devices, regardless of how they got installed.
Huh, I sideload some pretty nefarious apps all the time on my iPhone and have been doing so for about a decade, and they have never got remotely killed or removed.
> To protect their users they chose to include a feature that allows them to remotely kill nefarious apps on all device
And yet if you refund an app it's not automatically removed from your device. Always thought that was weird.
It would be trivial for Apple to push out silent targeted OS updates to specific individuals that would log decryption keys and send them to Apple, enabling Apple to decrypt that specific user's data.
Remember, Apple is the same company that cooperated with the NSA to secretly log and feed user data to the NSA starting back in 2012, as revealed by Snowden's heroic disclosure of the PRISM program (which was ruled unconstitutional by a federal judge).
Apple's privacy-protecting image is nothing more than marketing.
Apple is actually far worse at protecting your privacy than Google.
On iOS, you cannot install any apps without an Apple Account, and even some preinstalled apps (like Pages, Numbers, Keynote, GarageBand, iMovie) cannot be used before you assign them to an Apple Account.
On Android, you can install any app from any third-party store without having any accounts. There's a store called Aurora Store that even lets you install apps from Google's Play Store without an account as well, so, you can even install all the mainstream apps, all without any accounts.
That's one point of privacy.
Meanwhile, they protect vast amounts of your data with encryption, especially if you opt in to the most protection.
I don't have any wish to promote Apple, but those are not comparable. Even though I have hated Apple's closed App Store policy.
17 replies →
> On Android, you can install any app from any third-party store without having any accounts. There's a store called Aurora Store that even lets you install apps from golgle's Pay Store without an account as well.
I thought Google recently announced changes to this requiring a developer account to side load.
5 replies →
> Apple is actually far worse at protecting your privacy than Google. On iOS, you cannot install any apps without an Apple Account
How did you decide that this one thing alone makes Apple's entire privacy approach far worse than Google's? Everything else doesn't matter anymore?
1 reply →
That is indeed one area of privacy but I wouldn’t say that Apple is far worse. There is countless number of examples where this just simply isn’t true.
Also regarding the App Store, you don’t have to enter a credit card, you can make an account with a new email address.
1 reply →
Wouldn't Apple have just done exactly that when they faced public and state pressure to unlock the iPhones of mass shooters, such as the San Bernardino shooter or the Pensacola shooter? That was their golden opportunity, but instead they refused, went to court, and forced the FBI to pay third parties to break into the phones. That's the opposite of your espionage scenario.
If Apple never decrypts a user's data, then this debate will never resolve, because there will always be people who insist that Apple's teetering on the precipice of logging decryption keys and decrypting a user's data – or worse, that they've already done it and we're just waiting for another heroic whistleblower to reveal their corruption.
> Remember, Apple is the same company that cooperated with the NSA to secretly log and feed user data to the NSA starting back in 2012, as revealed by Snowden's heroic disclosure of the PRISM program (which was ruled unconstitutional by a federal judge).
PRISM compelled Apple to provide the NSA with access to cloud data they already held under FISA orders. Apple was not installing spyware on people's devices as you seem to be implying.
>PRISM compelled Apple to provide the NSA with access to cloud data they already held under FISA orders.
Cloud data that's supposedly encrypted with encryption keys Apple pinky promises they don't have, right?
>Apple was not installing spyware on people's devices as you seem to be implying. I am very clearly not implying this is currently happening - just that there is nothing theoretically preventing this from happening, and the company already has a history of secretly cooperating with illegal government surveillance programs to provide cleartext user data - user data that they love to present an image of protecting vigorously.
> It would be trivial for Apple to push out silent targeted OS updates to specific individuals that would log decryption keys and send them to Apple.
I don't think they even need to do that. They are in control of the encryption process and obviously already process the data to create a persona of the user (after which it is no longer considered "user data")
This is what I’ve always struggled to explain to people, that any software’s security and privacy is only as good as its most recent update.
One is a selling point to the security conscious user. The other they no longer need to care about because Android is now a walled garden too.
You haven't noticed that the tyrannical agencies, aka "intelligence" agencies in the west no longer white and throw tantrums about "going blind" and "black holes" etc. regarding Apple device encryption?
I do not get the impression that they just forgot and stopped being traitors.
I mean, you can just look it up instead of spreading conspiracies.
Apple put in functionality that makes it impossible for them to unlock phones and added additional controls to make brute forcing infeasible. The fight was fought, they had it out in court, and it's done.
If that wasn't true, literally all iPhones would be backdoored by the Russians and Chinese lol. Law enforcement is utterly incompetent when it comes to technology, you think they wouldn't immediately leak keys or access?
I regret to inform you that the latest leaked Cellebrite support matrix [1] (from summer 2024) showed that all iOS devices on then-current iOS versions could be forcibly unlocked by law enforcement in AFU state (After First Unlock, following a reboot) using their software.
The only devices that successfully resisted their attempts were Google Pixels running GrapheneOS. According to those documents Cellebrite hasn't had the ability to crack them open since 2022. There's an updated matrix for Android from February [2] which indicates that this hasn't changed on the Android side.
[1] https://discuss.grapheneos.org/d/14344-cellebrite-premium-ju...
[2] https://osservatorionessuno.org/blog/2025/03/a-deep-dive-int...
2 replies →
So Pegasus and others that aare not public are not a thing because it was dealt with in court?
And no, there are things that are not shared with law enforcement for that very reason.
1 reply →
None of that matters if the government just asks Apple to put out a targeted update and break encryption or leak the keys.
You're still relying on blind faith in good actions.
1 reply →