Comment by Someone
8 months ago
To protect their users they chose to include a feature that allows them to remotely kill nefarious apps on all devices, regardless of how they got installed. A consequence of that is that they cannot answer government requests to kill apps with “I'm sorry, Dave. I'm afraid I can't do that”.
Was that the right trade-off? I’m not sure, but AFAIK, they aren’t allowed to add alarming warnings when users add alternative stores, so they can’t put up signs “you’re leaving the safe area”, so I can see why they made this choice.
In this case they didn't remove the app from the users' devices, they “removed Alternative Distribution functionality from iTorrent’s Developer Portal without any warning.”
So they revoked the right of the developer to publish on other stores, and don't allow publishing that app on their own store.
Beside of those apparent "government sanctions-related rules in various jurisdictions" cited as reason by Apple (whatever that means), they now demonstrated that they still have indirect control over the offering of ALL digital markets.
So regardless in which market you want to publish, you still need to remain in good standing with Apple.
Combining that with Apple's ability to observe the install-base of iOS-devices it's quite a conflict of interest. (The least nefarious being Apple courting successful apps from other stores to come over to Apple)
I would say they have direct control, as they have to bless app before even it can be published on other stores and can revoke this blessing anytime.
So you never really own an Apple device.
18 replies →
Devil is in the detail
Why can't they add a "this app is not verified by apple, we can't guarantee it's safe" popup? Making people jump through ridiculous hoops (like jailbreaking) would violate the DMA, but surely not a simple matter-of-fact warning? Windows does the same with unsigned apps, as do many version of Android.
Because they want to cripple alt stores and ignore the DMA for as long as they can to protect the 30% extortionate rate their position as the sole provider allows them to force on developers.
The deliberate crippling of third-party stores is a clear example of malicious compliance, something Apple is well known for when facing regulatory pressure.
It's neither new nor surprising. Think about it: the Netherlands' dating app payment pricing trick, South Korea's alternative billing law, the US anti-steering injunction in Epic v. Apple, the Core Technology Fee for the EU's DMA, their ridiculous 'right to repair' process, etc.
What’s striking is how often parts of the discussion around Apple completely ignore this known pattern, instead leaning on apologetic corporate narratives about safety, integrity, privacy, or the environment.
I am against most of the (current!) regulatory pressure on Apple, but regardless of whether one supports these regulations, we can talk honestly about this practices of malicious compliance or even corporate disobedience. They exists in the world regardless of our personal stance on regulation (or Apple).
Generally speaking: If a tech giant does something and there are several possible motives, one of which is profit or power consolidation, and the others are different things, it is always profit/power. They did not start out a giant after all.
Because people don't read and scammers would just teach people how to click through that.
It's tragic, the amount of babysitting supposed adults need...
(I'm not totally against it, the mythical grandma would otherwise lose all her savings because of an animated dancing monkey exe)
6 replies →
That's not "Apple is not allowed to", that's "they don't because they think it's ineffective".
4 replies →
I think that’s because of the last phrase in this provision in the DMA (article 13.4 in https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%...):
“The gatekeeper shall not engage in any behaviour that undermines effective compliance with the obligations of Articles 5, 6 and 7 regardless of whether that behaviour is of a contractual, commercial or technical nature, or of any other nature, or consists in the use of behavioural techniques or interface design.”
Because Apple is not allowed to discourage the use of other distribution methods, and such a popup implies that an app provided via other channels is "less safe" than an app provided by Apple.
> Windows does the same with unsigned apps, as do many version of Android.
This is not the same. Windows states that they cannot verify the origin of the app because its not signed. In the current state Apple thoroughly verified the origin of the app, and the app is also signed.
Imagine a guy standing in front of your grocery store telling you that "the food in this store did not pass quality control of Walmart, so we can't guarantee that it's safe"
I still don't see the problem. Apple can say this app wasn't verified for safety by Apple because...it wasn't. I see an argument for them having to have a setting to disable the nag screen, but it's just stating a fact, just like Windows says "this app is not signed, you can't verify it comes from the correct publisher".
The walmart comparison makes no sense. A better comparison is the operator of a mall putting up a sign saying the products the stores in there sell are not verified by them. Often a store chain also owns malls, so Walmart saying "the things in the Walmart in the WalmartMall are ours and we vouch for their quality, but the other stores in the mall are independent and not vetted by Walmart.
It's only weird because it's so obvious nobody would think otherwise for a mall. But apparently people expect different for phones, which does make sense given Apple hasn't allowed third parties until now.
1 reply →
> To protect their users they chose to include a feature that allows them to remotely kill nefarious apps
This feature is part of antivirus solutions for ages.
If an OS needs antivirus for this, that OS has been designed wrong (excluding Linux, FreeBSD etc as the target audience isn't regular end users) in the first place.
An OS should NOT need antivirus, it needs proper sandbox and containerization.
- defense in depth means adding such an extra layer is a good idea
- an app can 100% stay within its sandbox and still be nefarious. For example, a password manager could secretly send all your passwords to Mr(s) Evil.
2 replies →
There is no OS sandboxing and containerization which would prevent an internet facing software, like browsers, to be part of bot networks.
These are good to have, just like how it's good to have an antivirus. In some cases.
Most of the people download things which were checked before with an antivirus (like Play Store, App Store, GMail), or they don't really download anything outside of browsers (e.g. on desktop), so most of the people (almost everybody in case of percentage) don't need that much protection than 20 years ago. I also don't need neither OS level sandboxing, containerization, nor antivirus by default, because I know how to prevent compromise even without those. I, of course, use those when they are needed, when for example I install or browse something risky. But then I use a full blown VM, or an ultra sandboxed browser, and I know the risk, that there is nothing I can really do, if they use a vulnerability of my hardware for example.
It wasn’t their choice to make. The user purposefully installed the app from a 3rd party store. That sounds like user intent. If Apple cared about their users, they would allow a user to use without caveat. Including installing whatever software they wish so long as it worked on the platform.
This is right to repair. This is ownership. When you buy some hardware, you should be allowed to install any software you wish, provided it works and you have the technical know how to do so.
>they chose to include a feature that allows them to remotely kill nefarious apps on all devices, regardless of how they got installed.
Huh, I sideload some pretty nefarious apps all the time on my iPhone and have been doing so for about a decade, and they have never got remotely killed or removed.
> To protect their users they chose to include a feature that allows them to remotely kill nefarious apps on all device
And yet if you refund an app it's not automatically removed from your device. Always thought that was weird.