> (vi) Apps should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, checking in to the app a certain number of times, etc. Apps should not require users to rate the app, review the app, watch videos, download other apps, tap on advertisements, enable tracking, or take other similar actions in order to access functionality, content, use the app, or receive monetary or other compensation, including but not limited to gift cards and codes.
It's a very good policy, I wish they'd follow it for their own systems.
To download free apps off the Mac app store I need to set up an account and provide Apple with an email address, physical address, and phone number. Apps like the Wireguard GUI don't have access to necessary system APIs outside of the app store, so the developers have no way to allow users to sidestep giving Apple that information.
I'm forced to use the command line interface from Brew and mess around with network interfaces on my work laptop just because I refuse to give Apple my phone number and home address, even though Wireguard is free and no billing/payment information would be required for me to download it, and even though having an Apple account is completely unrelated to their sandboxing goals or the information that the app needs to run.
Bonus points for telling me I'm providing my phone number "for security purposes" but providing no option during signup to use a secure 2FA app instead of SMS.
Command line automation isn't the issue I'm having, the issue I'm having is being able to download without making an Apple account.
Sideloading would be helpful if Mac app store apps were made available as sideloaded apps anywhere. But I'm going to hazard a guess that Wireguard would not be permitted to provide those downloads -- I haven't been able to find a download link anywhere. And I'm seeing conflicting information online about whether or not sideloading even works for some apps unless the Apple IDs are shared between computers.
I suppose that I could try to compile the Wireguard app from source, but for all I know, running XCode will require an account as well.
All of these solutions are less work than manually managing the network interfaces myself. It's just kind of crappy that a privacy-oriented company is forcing me to do so. I shouldn't have to outsmart my Mac to get work done.
The interplay between iOS/macOS as “secure” operating systems and Wireguard implementations of “secure” networking on the aforementioned platforms really puts proof to the lie, as to what makes for better security outcomes and implementation stories and for whom.
Yeah if they practiced what they preached you could go to the apple store, pay cash for your laptop. Then once home if you wanted some paid apps you could open up appstore over your super high tech vpn (or even tor browser) path with digital currency and download your app without apple ever knowing who you are. That is the ideal, even better would be to let me order the old fashioned way with a money order with a fake name and address on it and buy the app that way with a randomly generated UUID than I put in with the money order.
I would love a way to anonymously purchase apps, but I'm not even asking for that much accomodation.
I would tolerate giving Apple billing information to purchase an app. I don't understand why I need billing information to download a free app that doesn't cost any money. There's no transaction for Apple to verify.
And I don't understand why I need to give Apple a phone number of any of this.
I'm not even asking for an ideal world, just a very slightly less crappy one; Apple objectively does not need my phone number to let me hit a download link. That serves no purpose, it's a completely unrelated step to the task I'm trying to perform.
Maybe, but this computer cost money, so even if that is their requirement Apple is still violating the spirit of their own rules.
I have to pay money for a piece of hardware and give a bunch of personal information to Apple, just to download a free app on the hardware that I paid for?
I do tend to agree with this idea. People constantly make such arguments talking about Android being free hence "you're the product". But people actually paid hundreds of dollars to get that Android phone, so it's not unreasonable at all to be irritated that your OS is trying to monetize you.
Yes, they do. On the Mac, at least for the longest time, they put a sticker on the shrink wrap for the device that said something to the effect of "By using this device, you agree to the terms of Software License Agreement found at apple.com/legal/sla". Of course, if you didn't agree with that you could return the device or install Windows/Linux, but on the iPhone (which won't activate without agreeing), you can't since the bootloader is locked.
Iirc, those shrink wrap licenses are of questionable enforceability. The Wikipedia entry on "shrink wrap contract" agrees, but I'm not well-versed on the topic.
IIUC (at least in US legal system), using software without an appropriate license from the copyright holder is considered a violation of civil copyright law.
Suppose that courts deemed shrink-wrap EULAs to be invalid. If the EULA is the agreement that grants end-users permission to use the copyrighted software, would the invalidation mean that users were in violation of copyright law? Or is there a right to use the software that's implicitly granted by the original purchase?
It reminds me of a US visa, which is far from free, and you pay for applying whether you is granted it or not. It allows you travel to a border control and ask to be let in. They can refuse you without explanation.
All visas work this way afaik, at least in the few places I’ve traveled where I’ve needed a visa; notably Africa.
I met a Italian man at immigration control in Ethiopia, at the Addis Ababa airport, he had been traveling Africa and this was his third attempt to enter Ethiopia. The first two attempts were via land borders with Kenya and he had been turned around both times, despite having a visa, because border control felt it would be too dangerous for a white man to travel through southern Ethiopia at the time. So he had to travel to Nairobi and get a flight; he was admitted this time, but he had to pay for another visa at the airport. Unclear why? He wasn’t best pleased about the whole thing.
Oh, let's not with my country. We're also the only nation in the world that requires its abroad citizens to pay the same tax rates domestic citizens pay, and only offers a credit-basis for exempting income that you paid taxes on to the country you reside in.
It's the reason nearly all US citizens who move overseas eventually give up their citizenship. My great aunt left for Poland 30 years ago, and renounced her citizenship within 3 years because she was paying taxes on everything she earned twice, one under Polish law and again under US law.
The US doesn't care about your other nationalities. If you have citizenship or permanent residency in the US you need to file taxes (though despite what the other poster is saying, you may not actually need to pay any taxes).
If the nations have a tax treaty, you are usually not double taxed on income below some threshold. Last I checked, it was around the first $100k or so worldwide income, for US taxes anyway. After that, you are taxed at some rate, but I’m not sure if it is reduced at all or how different forms of income may affect this.
I believe the threshold, which is basically a big deduction, always applies if you meet the criterion (living outside the US). Tax treaties come into effect regarding whatever income you have beyond your deductions.
Good points. I should note that my foreign income was taxed and paid in the jurisdiction in which I earned it, so if you are not liable to pay foreign taxes on foreign income, you may not get the deduction advantages of a tax treaty to offset your US tax liability on worldwide income, as the intent is to not double tax. If you weren’t taxed on that income yet, the US may hold a tax liability on any and all income not already taxed, and it may be taxed a second time if said income exceeds limits.
That’s how I understand it, anyway. I hope to be corrected if I’m inaccurate as this is not my area of expertise.
I think this skips a step. You don't need a copyright license to use software. Copyright only protects making copies, making derivative works, and public performance. This is why shrinkwrap EULAs are a thing. You don't actually need a license, but they claim you agree to one just by opening the shrinkwrap. When you buy a CD or download software, the (presumably) authorized manufacturer or server made the copy that you receive.
The idea that you may not be receiving a copy at all and you merely have access through a license is a legal construction that's not well tested in court and to me seems pretty dubious. How can giving someone a transcription of the bits of the software not be a copy of the software? Anyway this court opinion (final appeal in Step-Saver vs Wyse Tech) deals with the issue and you can read what a court thinks: https://cyber.harvard.edu/metaschool/fisher/contract/cases/s...
I particularly like this paragraph where they discuss some of the context of the issue even though they decide not to specifically rule on this part.
> When these form licenses were first developed for software, it was, in large part, to avoid the federal copyright law first sale doctrine. Under the first sale doctrine, once the copyright holder has sold a copy of the copyrighted work, the owner of the copy could "sell or otherwise dispose of the possession of that copy" without the copyright holder's consent. See Bobbs-Merrill Co. v. Straus, 210 U.S. 339, 350, 28 S.Ct. 722, 726, 52 L.Ed. 1086 (1908); 17 U.S.C.A. з 109(a) (West 1977). Under this doctrine, one could purchase a copy of a computer program, and then lease it or lend it to another without infringing the copyright on the program. Because of the ease of copying software, software producers were justifiably concerned that companies would spring up that would purchase copies of various programs and then lease those to consumers. Typically, the companies, like a videotape rental store, would purchase a number of copies of each program, and then make them available for over-night rental to consumers. Consumers, instead of purchasing their own copy of the program, would simply rent a copy of the program, and duplicate it. This copying by the individual consumers would presumably infringe the copyright, but usually it would be far too expensive for the copyright holder to identify and sue each individual copier. Thus, software producers wanted to sue the companies that were renting the copies of the program to individual consumers, rather than the individual consumers. The first sale doctrine, though, stood as a substantial barrier to successful suit against these software rental companies, even under a theory of contributory infringement. By characterizing the original transaction between the software producer and the software rental company as a license, rather than a sale, and by making the license personal and non- transferable, software producers hoped to avoid the reach of the first sale doctrine and to establish a basis in state contract law for suing the software rental companies directly. Questions remained, however, as to whether the use of state contract law to avoid the first sale doctrine would be preempted either by the federal copyright statute (statutory preemption) or by the exclusive constitutional grant of authority over copyright issues to the federal government (constitutional preemption). See generally Bonito Boats, Inc. v. Thunder Craft Boats, Inc., 489 U.S. 141, 109 S.Ct. 971, 103 L.Ed.2d 118 (1989); Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470, 94 S.Ct. 1879, 40 L.Ed.2d 315 (1974); Compco Corp. v. Day-Brite Lighting, Inc., 376 U.S. 234, 84 S.Ct. 779, 11 L.Ed.2d 669 (1964); Sears, Roebuck & Co. v. Stiffel Co., 376 U.S. 225, 84 S.Ct. 784, 11 L.Ed.2d 661 (1964). Congress recognized the problem, and, in 1990, amended the first sale doctrine as it applies to computer programs and phonorecords. See Computer Software Rental Amendments Act of 1990, Pub.L. No. 101-650, 104 Stat. 5134 (codified at 17 U.S.C.A. з 109(b) (West Supp.1991)). As amended, the first sale doctrines permits only non-profit libraries and educational institutions to lend or lease copies of software and phonorecords. See 17 U.S.C.A. з 109(b)(1)(A) (West Supp.1991). (Under the amended statute, a purchaser of a copy of a copyrighted computer program may still sell his copy to another without the consent of the copyright holder.) This amendment renders the need to characterize the original transaction as a license largely anachronistic. While these transactions took place in 1986-87, before the Computer Software Rental Amendments were enacted, there was no need to characterize the transactions between Step-Saver and TSL as a license to avoid the first sale doctrine because both Step-Saver and TSL agree that Step-Saver had the right to resell the copies of the Multilink Advanced program.
It has been possible to run OSX on PCs for quite a few years now courtesy of the Clover and OpenCore apps. There have been countless Github projects, websites, forums etc dedicated to providing material assistance in using them.
At no point has Apple ever gone after the websites or individuals despite it being fairly trivial to do so e.g. DCMA or cease and desist letter.
In fact Craig Federighi has gone on the record stating that they fully support people hacking the Mac, OSX etc and believe it to be an important part of the ecosystem.
IIRC the existence of such an EULA includes a clause which was the reason behind Apple's successful court case against a company who was selling pre assembled and configured Hackintosh boxes. (Does anyone remember what the name of the company was? It was like 2007-9 or something)
IMHO that EULA's main purpose atm is to tell you that you can only install MacOS on, and I quote, an 'Apple-branded computer'.
This led to a hilarious habit of Hackintosh users including myself just sticking the Apple stickers from their iPods or other Apple devices on their custom built machines. Wouldn't hold up in court, of course, we were just having fun with the wordplay.
Of particular note in that case is the court ruled that Apple's alleged "monopoly" over the market of "Mac OS-capable computers" was not a valid antitrust market because users knowingly agreed to the EULA restriction limiting installation of Mac OS to Apple computers when they initially purchased Mac OS.
I expect this very same issue will come up in Epic's case as well with regard to Apple's alleged "monopoly" over iOS app distribution.
You need to actually read that case. It was relevant that at the time the plaintiffs failed to show that Apple had a single brand market... Epic did not make the same mistake.
I have read the case in its entirety, see the entire section under B. Market definition: Alleged "Mac OS-capable computers" market.
(It's true that Psystar's attempt to establish "Mac OS" as a single-brand market in section A also failed, but that is not what I am referring to here.)
If you have a more substantive criticism feel free to elaborate in more detail, otherwise making a drive by comment to accuse someone else of not reading just seems hostile and unnecessary.
It doesn't sound like you actually understand the relevant aspects of the case. Psystar made multiple counterclaims, including a claim of tying between "Mac OS" and "Mac OS-capable computers". A tying claim requires establishing the existence of two separate product markets, which is why the court analyzed both the "Mac OS" market and the "Mac OS-capable computers" market separately. Ultimately both markets were found to be invalid. The "Mac OS-capable computers" market is a wholly derivative aftermarket of the "Mac OS" market and the reasoning for why it was ruled invalid is also relevant.
Are you serious? At this point I can't tell if you are trolling. This is a direct quote from the case I linked:
Psystar alleges that this conduct has caused harmful and anti-competitive effects in the marketplace (Compl. ¶¶ 68-77). Psystar asserts six claims for relief: (1) unlawful tying in violation of Section 1 of the Sherman Act, 15 U.S.C. 1; (2) monopoly maintenance in violation of Section 2 of the Sherman Act; (3) exclusive dealing in violation of Section 3 of the Clayton Act, 15 U.S.C. 14; (4) violations of California's Cartwright Act, Cal. Bus. Prof. Code § 16700; (5) violations of California's unfair competition law, Cal. Bus. Prof. Code § 17200, and (6) violations of the common law of unfair competition. Apple moved to dismiss all claims.
These are all antitrust claims!!!
Oh, I see why you might be confused. Apple originally filed a lawsuit against Psystar alleging copyright infringement. Psystar then filed a countersuit over antitrust violations. I am referring specifically to the countersuit that was dismissed by the court which I deliberately linked in my original post (https://casetext.com/case/apple-2). Apple pursued their copyright case after they got Psystar's countersuit dismissed and eventually won their copyright case as well.
> Antitrust cases are filed by the government, not other private parties.
This is totally wrong. How can you go around pretending to be an expert in antitrust when you don't even understand basic facts like this? Epic's lawsuit against Apple is an antitrust case. Epic is a private party!
I suspect the reason Apple went after the more recent "hackintosh" brigade is because they were seeing a repetition of a bad experience they had before when Apple officially permitted OEM manufacturing of compatible "clone" computers back in the 90s.
The official 90s clones ended badly because the OEMs were cutting corners as part of a race to the bottom on pricing. This led to shit hardware which led to a shit customer experience. Which meant Apple took back control and killed off the official clone industry.
There are videos on YouTube of Steve Jobs talking (during informal interviews, not corporate statements) about the importance to both him personally and Apple of the entire customer experience (hardware and software). Its not from a perspective of monopoly. Its from a perspective of quality of the overall experience. That's what all the dumb Apple bashers fail to understand.
All of Apple's EULAs are published on their website. You can download the PDFs and read through them before you decide to purchase software that Apple creates and sells.
EULA's are basically unenforceable in Europe, so why bother. For a contract to be valid it has to be understood by both parties, be reasonable etc., and in many countries forcing arbitration on consumer matters is invalid (don't know if Apple has those terms, but many do). Forcing a consumer to read 20+ pages of legalese for each purchase, each app they download etc. is just not feasible.
There's a difference between policies that we agree with, and policies that should be policy.
I think in this context, the real policy should be regulatory, and it shouldn't allow Apple to even have such a policy or forbid anything.
Apple should be allowed to discriminate in their own garden, and/or to rate or group apps based on various factors.
So an app that 'requires social sharing and to make a review' receive a negative quality score ranking etc. - but otherwise - 'informed users' can make their own choices.
Wow this is why my next phone will be an iphone, so sick of apps in Android play store pestering me to rate their app after completing an action in the app or forcing me to turn on location services when I can easily enter a zip code instead.
> forcing me to turn on location services when I can easily enter a zip code instead
This exists on iOS too. I recently downloaded a wardrobe app that refused to let me select clothes for hot or cold weather unless I turned on location services. Also some fast food apps (either Burger King, Popeye's or Taco Bell...can't remember which one) constantly whine about location services off and introduce extra friction to type in a zip code.
iOS 14 has an option to share location without being precise - pretty much like sharing zip.
A lot of apps ask for location and I deny and enter my zip. In fact it was one of the major reasons I switched years ago.
I don't understand why this wasn't there from the start - the majority of apps asking for location service just want to figure out what city/state/country you are in, and giving them access to your precise location just seems unnecessarily dangerous.
Back when the feature was originally introduced (I guess in the iPhone OS 3 era?), surveillance capitalism and spyware wasn't as widespread and it then took them a while to catch up (I guess there are backwards-compatibility concerns?).
And hopefully sideloading is never allowed, or apps would just bypass any such customer focused regulation and most users would again be forced into a poor UX.
In order to actually be a fair choice, overpriced means "greater than zero", so I suppose what you say is true, but I object to the characterization of something that you have to actively seek out for no reason other than to view it as advertising, because it dilutes the term.
When it comes to YouTube the waters are muddy. The YouTube app is just a client to a third-party web service (whose functionality falls outside of App Store rules); so in this case it can be argued that the "functionality" of the app is just the client functionality and not the content itself.
Furthermore you can skip ads on YouTube after a 5-second timer, so this seems reasonably fair, though I would still not install it and recommend everyone to just use the web with a content blocker extension (AdGuard) or a third-party frontend like Invidious (https://github.com/iv-org/invidious).
> Furthermore you can skip ads on YouTube after a 5-second timer
For me, that only really happens these days with mid-video ads (and even then it's happening less frequently despite the number of mid-video ads increasing.) Most of this week I've had double unskippable ads at the front of many videos and they're generally 60+ seconds combined.
I don’t know about where you live, it’s the most expensive streaming platform here. Not worth the money for occasional watching of things people share at work. Also seeing more unskippable ads lately and it’s incredibly annoying.
Can't skip the first ad depending on the length of the video you will get 2 in the middle and then at 30-40 secs left. It's made YouTube unwatchable for most stuff.
Rick Beato did a video talking about music license holders injecting more ads into his videos because he does stuff like Top 20 Rock Drummers of All Time. That requires him playing others' songs so they can inject more ads to earn from that video instead of taking it down.
Youtube has two offerings: an ad-free version of youtube, and a version that shows a whole bunch of live local (and national) tv channels. The latter is close to 5X the cost of the former and is, I suspect, what you are thinking of.
Google banning every ios and macos user from accessing everything from google.com
To their gmail to youtube is a completely foreseeable counter reaction if apple chooses to limit youtube due to ads.
Both companies will lose, of course, but Google has a hell of a lot more web traffic to its content than Apple does.
There is no way they can do so without attracting anti-trust scrutiny, not to mention Apple can deploy a very easy countermeasure by changing Safari's user-agent to Chrome's and playing cat & mouse regarding browser fingerprinting defenses.
That seems like a pretty big loophole if applied. Taken to the logical extreme, one could make an app that streams raw user inputs to a server and streams back a video output and be allowed to do whatever they like (albeit with horrendous performance).
They've thought of that loophole and closed it already ;-) Basically you can only stream from a device that is owned by the user/owner of the iPhone/iPad on the same LAN, and you should not use streaming to mimic a thin client of a cloud app. See rule 4.7.2 on Remote Desktop Clients.
(Note: this does not apply for "generic" remote desktop clients that are not intended to stream specific apps or services, such as the generic Microsoft Remote Desktop Client for iOS.)
Apple already declared a policy against game-streaming service apps; presumably specifically to avoid this loophole where the ads, purchases, etc. are happening “remotely” and so Apple can’t get a cut of them.
Presumably, if anyone tried to build a service for “streaming” non-game apps, that wouldn’t be allowed on the App Store either.
> Apple already declared a policy against game-streaming service apps.
I thought they did just the opposite?
4.9: Streaming games Streaming games are permitted so long as they adhere to all guidelines — for example, each game update must be submitted for review, developers must provide appropriate metadata for search, games must use in-app purchase to unlock features or functionality, etc. Of course, there is always the open Internet and web browser apps to reach all users outside of the App Store.
Because Google And Apple have come to an agreement. Same with Amazon and Apple as well as Amazon and Google (Youtube is finally on FireStick). Also it's not the size of the business but the value of your product and how much you are willing to give into the deal. Epic wanted to cut Apple completed out from IAP as well as get full OS level access with no Apple approval or supervision over the Epic Store that will be selling other developers apps. What kind of deal was that?
As soon as I start using an app in a regular bases and I notice they stop me too many times to watch videos or look to timed ads, I check if they have a paid version. So this is a good solution and a good compromise for paid. For free apps, I get it because developers need to make money.
Can it also not require Apple to get a 30% cut when we buy something from within an app, like... oh, IDK, a Fortnite skin? Because I think requiring us to tack on a 30% tax or for the devs to take a 30% loss on something Apple has nothing to do with is also unacceptable.
Is this in the usual technical sense of MUST / SHOULD / MAY, or does 'should not' here actually mean 'may not' (as suggested by the category being 'Unacceptable', rather than 'Discouraged')?
(Several other entries are phrased much less ambiguously: "Unacceptable: (i) Creating an interface …", and (ix) is explicitly "Apps must not …" (emphasis mine).)
Apple's guidelines are usually written in soft language to give it wiggle room in case an unexpected scenario arises.
Practically-speaking, if Apple decides an app has violated this provision, the app is toast. No app company on the planet has enough lawyers to challenge Apple on such nit-pickery.
I once had to delete an entire bug fix version, and turn it into a feature version, because I "shouldn't" have done something (can't remember what, exactly -I'd have to go digging through the commit comments to find it, and I don't want to do that).
The Hitman Sniper app does at least one of those “unacceptable” things: They offer (not really) “free” digital items in exchange for “likes” on Facebook. And there seems to be more app functionality tied to Facebook logins.
Will big players like Square Enix be made to comply with those rules or is it only the little guys?
The subsection this falls under is "Unacceptable" as in "Will not be accepted". The "should" in the sentence is a normative statement about values, not recommendational.
Not to the same effect. It means if developers don’t want to play by Apple’s rules they don’t have to completely surrender the iOS market. A big enough name could just direct users to the third party App Store.
I would definitely expect a "Facebook Store" to appear if side-loading was allowed which would not only host the Facebook app itself but also provide a safe haven for all of the privacy-violating crap (in fact I'd argue that their review process would require your app to contain the FB SDK for it to be accepted).
Christ, what is with people thinking Tencent is behind Epic? They don't have a majority stake in Epic - Tim Sweeney does. There's zero evidence that anything Epic has done and is doing is driven by Tencent.
Maybe argue about what Epic is doing based on its own merits, rather than some baseless conspiracy about Tencent.
Even if that's true (I haven't seen any reports about Tencent pushing their investments to join the case), it's almost as if it'd benefit a lot of companies to not have to deal with Apple's restrictions.
I'll ask again - do you actually have something to say about the merit of the case itself rather than just conspiracies about Tencent? Why is anything you mentioned bad? For argument's sake let's say Apple is in the wrong here and Epic is in the right. Why would Tencent also having a stake in the case change that?
I'm not certain here. for the users that want the on the rails experience that Apple currently provides like the OP (seemingly), they'd still be able to do so. Meanwhile, someone that wants to download apps that wouldn't pass muster with the App Store rules (such as game streaming apps and, yes, Fortnite with Epic's payment system) would still be available to iOS users that would want them (personally speaking, would love xCloud and GeForce Now clients and would be willing to "unlock" the capability in Settings to do so if given the option).
The issue with that is that you would end up with the balkanisation of the app delivery method as we have with PCs. You would end up with hundreds of 'stores' which act as the exclusive distributor for that vendors products.
One workaround could be permitting additional stores, but insisting that anything available on the additional stores must also be submitted to the Apple store. If Apple rejects it, that's their right but the software can still be made available through the third sideloading.
Of course this would also need to be behind a big 'UNSAFE MODE' lock because it would be an obvious target for malware.
And it would be behind a setting just like Android I'd imagine. Alluded to that in the last bit of what I was saying.
At first I hated the whole idea of the various PC game stores and would continue to buy, say, Assassin's Creed games on Steam even though Uplay came out (and iirc, they started requiring Uplay be installed for DRM or whatever anyway). Then eventually I realized that directly in Uplay, you could get pretty absurd discounts plus discounts from some type of point system compounded on top of that. So by cutting out Steam in that interaction, it made it cheaper for me and they effectively got the same amount of money so win/win. Granted, Playnite and GOG Galaxy 2 really streamlined the whole thing such that managing various libraries wasn't an absolute nightmare.
As far as iOS goes, we should look at Android and Fortnite. Originally, Fortnite was side loaded. Then they moved it to the Android Play Store because they weren't getting the traction that they expected. So they went in with the Play Store.
Could Epic do a side loaded Epic Mobile Store or something where you could get Fortnite, an Infinity Sword remaster, or Shadow Complex ported to mobile (great game, shame they haven't done anything with that property since Xbox 360 era really)? Sure, but if that did happen it would be the exception and not the rule. I don't think you'd see the proliferation of alternate storefronts you see on PCs because the storefronts came later in the PC's life so various means of pulling in new applications has been what we've experienced from day one whereas the App Store has always been there for the vast majority of iOS adopters (no App Store era was during the AT&T period and even then, early on people were under contracts and what not/weren't ready to shell out the kind of money an iPhone called for). Non-billion dollar development shops aren't going to leave the App Store because they want the discoverability nor the overhead required of setting up their own payment gateways and what not.
The existence of a third party App Store doesn’t prevent you from voting with your feet and sticking with Apples App Store, if that’s a valuable feature to you.
I absolutely detest this idea of third party app stores. Please tell me why this is a good idea when literally your entire life and its contents are contained in this palm sized device.
Do you really want sideloading of apps that asks average joes for ransomware?
We already have another sandbox - browsers. And you're seeing problems with extensions, popups, .dmg downloads and .exe virus scans, etc. So much so that browsers are constantly fighting against attacks for 20 years.
> We already have another sandbox - browsers. And you're seeing problems with extensions, popups, .dmg downloads and .exe virus scans, etc. So much so that browsers are constantly fighting against attacks for 20 years.
They are, and, if you look around, they're winning: billions of people use Windows, MacOS and desktop Linux, safely, to do all manner of things. Billions of people use the web, which involves all kinds of code from all kinds of places - none of which is held hostage by a single absurdly valuable corporation - and, judging by the continuing success of that platform, I would say it's doing pretty well.
You know what's terrifying? This argument is terrifying. So, you brought up the web … assuming iOS continues to be what it is, and eventually people just stop bothering to make websites: is that okay? Is that what we want?
I actually want a phone with absolutely no app store. Just browser is fine. Given the amount of information it holds, adding any kind of apps that allow system wide access is horrifying to me. Since we don't have such phones, the next best thing is a store run by a company that can have security staff, highly paid security engineers and a whole bunch of people trying to make it secure than some reddit group that wants to distribute apps to billions of people. For that, as I said, just use a browser.
App store reviewers are not the people you should be trusting to make your phone secure. They can and do make mistakes, because their job is to go through a checklist, look for things they don't like, and maybe run some analysis tools that other people wrote. (I'm guessing, of course: this process is completely invisible to the general public). The people who should be making your iPhone secure are the developers at Apple who are improving how apps are sandboxed, catching and fixing security vulnerabilities throughout the OS, sometimes even with open source code and published CVE entries.
If we have so little faith in those developers that we believe the last line of defence - the App Store reviewers - are the thing holding us back from disaster, then we definitely should not be using iPhones.
App store reviews are executing the policies and tools that security engineers built. Whether it is a human checking these policies or automated scripts doing it, the point is that the policies governing those filtering processes are conceptualized, written and developed by experts that know what they're doing and they get paid a handsome amount [250k USD and upwards]. You're also switching from AppStore to the whole device. The device is secure because of things like T2 chip and billions that probably went into making it possible.
It's really obvious to me which is more secure - a 2 trillion dollar company with vested interest and one of the key selling points, that is privacy; or ... literally anything else.
Note that “tracking” is used in an intentionally misleading way here. Apple’s guidelines expressly permit all sorts of silent, invisible, no-opt-in tracking within apps, and most apps in the app store embed this sort of spyware.
The term “tracking” in this instance refers to GPS or contacts permission and other such things that Apple has built an opt-in switch for.
The maker of the app can send network requests, to themselves or any third party service they like, for every single action taken within the app: every launch, every click, every character typed, even every background refresh. They can include a unique tracking identifier to cross-reference these requests, they can further include any login/id information you’ve provided to the app, and they can include location information if the app has GPS permissions.
Even without GPS permission, IP geolocation provides them a rough track log, enough to say “user x was in california on monday, new york on tuesday, then new jersey for the remainder of the month”.
The way I read this (as well as their recently-postponed change regarding the advertising ID) is that they are explicitly tightening up the rules and will hopefully crack down on the behavior your describe (malware - aka the Facebook SDK - being embedded in every single app).
There has to be be some degree of tying purchases to an account. The real issue here is what is done with the data after it's been collected. Internal use is one thing; such as improving apps etc. When it's used to target individual in a bid to influence their thinking, that's when the real problem starts. Are Apple guilty of the latter?
Now you know that you were wrong. Windows allows you to disable telemetry and certainly doesn't report apps you install to Microsoft if you don't want it to. Same for Android and obviously for desktop and server Linux distros. This is simply not possible on iOS.
> Doesn't Apple track every app you install, access and run?
Do you have a source on the them tracking every app a user runs? Obviously they have to collect every app I install for updates and subscriptions, but collecting every run might be too much.
It is opt-in now; when setting up iOS for the first time it asks you if you'd like to enable "iPhone analytics" (OS-wide analytics for Apple) and if you accept then it asks you whether you want to share the analytical data with the app developers.
I believe iOS handles this process differently. Apps are signed in advance (when the app is approved and published to the Store) and the signatures are only checked locally against a hardcoded signing key. But even on Mac when it comes to notarization, I'm pretty sure the signatures are only checked on first run and then the result of that is cached (partly for performance reasons).
Your device doesn’t need to send it. They know what apps you’ve downloaded already and on what device. The real question is, does it send when you remove an app? If so, they are tracking your apps you have installed.
If your device offloads apps, they know when you download it again and thus can infer usage.
Ha! Ive never actually looked the definition up. This is definitely whataboutism (I still havent looked the definition up so Im trusting this the actual definition)
> […] the tech giant has found no evidence that apps using the Mintegral SDK are harming users. […] The company says app developers are responsible for the behavior of their products, including the behavior of third-party code, and they should exercise caution when using third-party code to insure it does not accidentally undermine security and privacy.
This seems to be correct. This is an SDK the application developer chose to use. Its behavior may be harmful to other ad networks, but doesn’t seem to have any effect on the user. Which is to say, the SDK isn’t doing anything the app itself couldn’t just do itself. The SDK may be doing stuff the developer isn’t aware of, but that’s true of any third-party code, and this is why developers need to ensure they validate third-party code appropriately.
This is literally what GDPR will enforce. Under GDPR you're not allowed to 'trade' extra functionality or access for tracking.
I'm still applauding Apple for taking this stance on privacy, but want to point out that privacy in no way requires a walled garden approach to software.
Pre-installed apps where you can't disable them or revoke their permissions are a cancer on the Android ecosystem. Especially fun when they have permissions like "access the filesystem" or "obtain device location" or "send notifications".
There used to be a security app on my MIUI phone. Security apps can't do anything on android, because each app is sandboxed. But of course, it had full non-revocable permissions including physical sensors, precise location, contacts, camera and microphone.
I hope someone cracks open their 'security' app and controls every MIUI device, just for them to learn their lesson.
As some others have mentioned, this is not true at all for phones like Pixel at least.
Last I checked, I had to provide permission to each app that came in the phone. I can deny access to location to even Google Maps.
I think Google largely went wrong with Pixel 4 hardware, but my three year old Pixel 2 still runs sharp and I have always wondered why it didn't grab a bigger share of Android pie.
It’s hard to prove that this is a fix (i.e. I can prove it for my device, but your device might be special), but you can always just install a VPN app that doesn’t actually connect to a VPN, but rather acts in a LittleSnitch-alike way to the traffic it’s proxying.
I believe this is, in part, how CloudFlare’s 1.1.1.1 app works on iOS.
I have been using Android for a long time, I don't find this to be true. Can you qualify as to what Google collects on a standard Pixel phone which they don't ask for?
On Android, you can deny permissions to preinstalled apps (I just verified this myself) or even disable the apps entirely, which unlinks all entry points into the app. On iOS, they just sit there sucking up your data like iMessage keeping track of everybody you message.
With a user controlled Android phone, you can just feed apps you don't trust fake location data. But now Google has started restricting user-owned Android to a fixed number of flashes or something, or they get locked out of Google Play Services.
That's kind of besides the point. Could this info be e.g. passed to US authorities if requested? Is it being used for nefarious purposes? We don't know.
At least in EU (and thus all apps made in EU) you can ask for personal info to be deleted. The list of apps downloaded is certainly sensitive info that reveals many preferences. Can you ask apple to delete this info?
Under the GDPR it is permitted to keep PII, resposibly, if that PII is used for conducting normal business, which should ideally be anonymised. Arguably, apps that you have downloaded from an online store fall under this category. You can close an AppleID, thereby deleting donload info, but you'll lose access to the apps that you have purchased, including IAPs. There is absolutely a discussion to be had around that, but that's moot with regard your point. Asking Apple to delete the info about app purchase history is self defeating. A better question to aim at Apple is to ask if the data is anonymised. The same is true of Google Play.
> You can close an AppleID, thereby deleting donload info
That's not what GDPR requires. I am sure Apple has a way to request to delete sensitive info such as app purchases without loss of service, or else they d be in violation in EU.
> to aim at Apple is to ask if the data is anonymised.
I can't see a way in which my app purchases could be anonymized (then it wouldn't be personal information)
Let's form the issue here using an example from the regulation:
A bank holds personal data about its customers. This includes details of each customer’s address, date of birth and mother’s maiden name. The bank uses this information as part of its security procedures. It is appropriate for the bank to retain this data for as long as the customer has an account with the bank. Even after the account has been closed, the bank may need to continue holding some of this information for legal or operational reasons for a further set time.
Based on that, I'd suggest its entirely reqasonable to posit:
An online app store holds personal data about it's customers. This includes payment information and a list of apps that have been purchased, including free apps, and which of those apps have been downloaded. It is appropriate for the app store to maintain this information so they can allow the customer to install apps on their devices and link in app purchased made in those apps to the correct account. Even after the app has been removed from a device, the app store may need to continue holding some of this information for legal and/or operation reasons.
Arguing that app store purchases are sensitive is some what missing the wood for the trees. What matters is what is done with the information. If Apple (or Google, Sony and Microsoft - they all run similar stores) use this in an attempt to target app store recommendations, the negative inpact on the individual is extremely debatable, certainly from the point-of-view of GDPR. If they are using the information to build a profile of an individual to sell access to that individual to 3rd parties, then there is a problem.
Apple's recommendations are handled on-device. It's great for security, but the downside is that Apple News on my iPhone and Apple News on my computer don't have the same list of publications I dislike.
That's genius! Apple avoided developing synchronization of user data and got good PR for doing that.
I'm gonna try that with my clients. "Sir, I wont aggregate your store's point of sale data because it's more secure if the data never leaves the store. Now pay me a premium for the added security, thanks."
Facebook and Google are valuable because they have this data and their customers don't. If the data is harder to come by, Facebook and Google just win out over smaller data collectors.
Of course they can’t guarantee it. The best they could do is give users the ability to block all internet access in an app. Currently you can only block an app from using cellular data.
Nope they can't. In fact to use an iOS device you pretty much need an Apple account (if you want to be able to install any apps) and that comes with a privacy policy and some extra "features" you might not know about like every sender e-mail on iOS Mail being synced to their cloud.
However, at least we can find comfort in the fact that their business model so far has been against the surveillance/advertising economy and their entire marketing strategy has been based on that for the past few years, so at least they currently do not have any incentive to misuse that data even if they do collect it (and if they do eventually think about misusing it, we can hope that there would be some actual enforcement of laws such as the GDPR that would discourage them from doing so).
I do not think Apple should have the power to do such decisions.
I do not like tracking at all.
But I think this is something which needs to be handled by governments (laws/regulations) not by apple forcing their opinion about what is right onto everyone else by abusing their marked positions.
In this case it might be beneficial for the users.
In others cases it was not beneficial for the users at all but only for apple. Like if I remember correctly apps where not allowed to state that they are Pebble compatible because Pebble did compete with the Apple Watch at least theoretically, similar platforms like Netflix/Amazon Prime got special terms wrt. the pay cut but a Netflix/Amazon Prime for gaming wasn't allowed at all for dubious reasons (with that reasons any content gateway like browsers, newsfeeds, Netflix etc. would not be allowed) oh and guess what it seems Apple is currently working on their own Gaming/Game Streaming platform...
So yes anti tracking is good. But I still belive Apple is again abusing their monopoly like positions for their own benefits, let's not forget Apple has their own app network which likely isn't affected by this.
If the government regulates something, that very often means that the incumbents will donate/bribe officials to pass regulations that favor the mega corps.
Getting government regulations that actually favors the consumers is somewhere between difficult and impossible.
> But I think this is something which needs to be handled by governments (laws/regulations) not by apple forcing their opinion about what is right onto everyone else by abusing their marked positions.
Why should governments force their opinion about what is right onto everyone else? Why not allow freedom in the market so that users can choose what matters most to them? Right now, Apple is serving the market of those opposed to tracking and in favor of greater privacy. If it turns out this is what consumers want and are willing to pay for, competitors will feel pressure to follow suit. No heavy handed government regulation needed.
Freedom in the market got us a massive surveillance apparatus selling data to analytics companies selling data to foreign governments to help them most effectively influence elections and society, widening divides and contributing to massive unrest, and not to the benefit of any of us.
In isolation it doesn’t matter if you want to sell your privacy (and all your friends’ privacy!) for access to a Facebook quiz on what breed of dog you are. As a collective whole on a societal or global scale it makes a difference.
The NSA doesn’t become less scary because it’s “free market” instead of a government agency. If anything the lack of accountability to the public makes it more scary.
This is exactly where government should be involved—when the desirable individual action results in negative outcomes for the group.
I completely disagree. I want Apple to have complete control over my device because the alternatives are absolutely horrifying - ransomeware attacks, blackmailing to get my photos back, contact list sold off in an auction, etc.
This is not a linux PC. Average joes and jills are not avid users with understanding of security. Think billions of users, not just HN community of 30k developers.
How did you jump from advertisement related stuff to ransomware, blackmail and similar?
Android allows many things Apple doesn't, including alternative app stores and there is no massive problem with ransomware, blackmailing and similar.
On the other hand do you really think you contacts are not sold of if you sync them with e.g. WhatsApp on a apple device?
No one ever said that phones should not run apps in a sandbox or not have a permissions system or not have opinionated app store(s!) or not throw warnings at users when side-loading apps or similar.
It's about apple being a quasi monopoly for millions of phones which today are the most commonly spread and used general purpose computers. And it's about Apple abusing that power for their own benefit sometimes also in ways which happen to profit the end-user.
Allows third party app stores and apple can do whatever they want in their App store. And yes most people still would mainly use the Apple app stores. (And yes you might still allow Apple to "ban"/"reject" third party app stores which act malicious/abusiveness. But on legal basis. I.e. if they ban a third party Appstore the banned company must be able to sue for damages if the ban is found to be baseless. And no absurd arbitrary max damages TOS clause like there currently is).
Government regulation would be at the mercy of Google and Facebook and their hoard of regulators, so I’m not convinced this would protect iOS end users better than the status quo. Facebook and similar developers might be happy about it though
"Apps should not require users to rate the app, review the app, watch videos, download other apps, tap on advertisements, enable tracking, or take other similar actions in order to access functionality, content, use the app, or receive monetary or other compensation, including but not limited to gift cards and codes."
Bunch of apps started doing the above "enable tracking" part already - good thing Apple specifically disallowed it, should nip that problem before 14 comes out.
I remember ios 5 I think brought app permissions. Essentially say app A should not get location or contacts and put this behind a password. The app couldnt do shit. Then android after late got some permissions but its still lame IMO. App can deny you access without a permission. A recent thing I have seen on android is permission protection or whatever. The system gives dummy or no access to the contacts for example instead of actual contacts. Sounds good but now every app can detect this and bugs you to allow the sameby nagging you.
Look, if I want to deny app A or B access to contacts, as far as the app is concerned it should get 0 access. Not blocking or pseudo blocking but a sinkhole type "huh. Nothing here". It should not be able to detect this. Same for internet access. If I deny internet to an app, that app should think its in flight mode. Thats it.
Same thing here. Say I dont want to be tracked, apps should think I have allowed access and go ahead. Why should they tailor access based on my permission to track ? My installing the app is proof I want to use the app. I just dont want it to be tied to anything. Kinda like the original "sandbox" idea
Okay, but I don't want that as a user. If I accidentally say "Deny Location Permission" I want the app to say "I actually can't navigate for you without this, sorry. Want me to request the permission again?". I don't want to debug this shit - oh why is navigation not working? No thanks. Life's too short.
I won't know to do that if the app doesn't tell me. How do I know it's not a bug and a problem with the permissions instead? Especially if the problem does not occur immediately after denying the permission
Ideally a well-designed app would only ask for the permission the first time the feature requiring that permission is used so it becomes obvious as to why the feature doesn't work; but in either case the app can display an error message with instructions on how to grant the permission.
This is one of the reasons, I am actually in favor of only having the App Store on Apple. As soon as you have another way to distribute apps on the iPhone, app developers will try to migrate to the less privacy conscious store that lets them do all their dark patterns.
Sometimes, let the consumer choose does not work. For example, if governments did not regulate kids products and just said let the consumer choose, the market would be filled with unsafe products. Sometimes you need someone enforcing standards.
Apple’s enforcement of standards is one of the big reasons why I choose their ecosystem.
Certain developers (ahem... Facebook) love to cry about Apple’s walled garden, without acknowledging that the reason that iOS and its walled garden is so popular is precisely because these large developers have proven to users that they are completely untrustworthy. If they conducted their business more responsibly, and if users could trust that these developers wouldn’t abuse their privacy and security, perhaps the mobile software ecosystem would be more open in nature.
I think irrespective of how good the App Store policies are, every user should be given the right to load non-App Store apps if they so choose. It's totally fine if it's buried 10-levels deep in settings. It's fine if they cannot do it easily by just clicking a random link due to security considerations. It's a good idea to make it hard to do by accident, and I expect if Apple wanted to they could create an awesome UX that preserves safety & security while respecting device owner sovereignty of what can go onto their device.
Might seem like a trivial thing, but it would have made all the difference for the civil liberties protests in HK when their app got banned from the App Store.
Would this also apply to forcing users to enable location for content that only partially requires it? In particular, Snapchat has some location-based filters, but even the ones that don't require location (purely cosmetic, rewind, slow-mo, etc filters) are disabled.
Apple's policies are starting to read like governmental regulatory documents, and their internal process like an opaque, private Judicial system.
This is not good for us in the long run.
We need a new version of the FCC that's smart enough to engage lightly for the most part, but heavily and smartly where necessary in this new digital age.
> (iii) Artificially increasing the number of impressions or click-throughs of ads, as well as apps that are designed predominantly for the display of ads.
So they're going to remove most of the games that my kids have been duped into installing from an ad in another game? ;p
In Europe it indeed wouldn't, however GDPR enforcement has been severely lacking despite the potential for significant fines, so Apple taking matters into its own hands (and using its influence and power over the App Store) is very good news.
The GDPR so far doesn't have any enforcement for stuff like this. All the links to "enforcement tracker" (which I'm sure someone will reply with down below) have been either about a technicality like a badly worded privacy policy or the amount of the fine was peanuts compared to the size of the offending company.
> 3.2.2 Unacceptable
> (vi) Apps should allow a user to get what they’ve paid for without performing additional tasks, such as posting on social media, uploading contacts, checking in to the app a certain number of times, etc. Apps should not require users to rate the app, review the app, watch videos, download other apps, tap on advertisements, enable tracking, or take other similar actions in order to access functionality, content, use the app, or receive monetary or other compensation, including but not limited to gift cards and codes.