>you can keep using app store, so I don't understand the issue
Apps with massive following that are into the idea of violating privacy rights will leave App Store and its restrictions, and will be available only on third party app stores where they can do whatever they want.
Imagine Facebook leaving App Store and becoming available only on Meta Store (or whatever they would call it). Oh, and they dont have to abide by Apple's privacy rules anymore. Oh, and you also got no choice now if you want to continue using it.
I personally don't use FB, but it was a solid example, and it can apply to any other app. Facebook is almost definitely cheering now at this decision, because I remember they had a pretty bad earnings call last year after Apple added additional privacy restrictions to iOS/App Store. But worry no more, FB is back in the game as soon as they can release their unrestricted version on a third party app store.
"More choice available", in this scenario refers not to my personal choices, but to more ways for companies behind those large apps to avoid privacy considerations and restrictions of the platform.
Tl;dr: FB has only two options now - abide by the current privacy rules of App Store or not have an app for iOS at all. With third party app stores being available, FB has a new and way juicier option - publish a version in their own app store with zero restrictions. Why would they even consider the official App Store and follow the restrictions. Consumers lose a solid option here.
I can't for the life of me figure out why everyone cites Facebook here. Nobody is forcing you to download the Facebook app. It's perfectly usable inside a web browser, nevermind the fact that a sideloaded version of Facebook could still leverage the same security benefits provided by iOS' sandboxing model. At this point you're basically arguing that Apple should be the one who dictates what privacy should look like... which isn't the case. If you feel strongly that Facebook's data collection should be regulated more closely, you should take it up with local legislation. That's how systematic improvements like this EU bill get drafted, and it's how we force big companies to play fair instead of expecting other privately held businesses to hold them in check. That's not how antitrust action works.
> I can't for the life of me figure out why everyone cites Facebook here. Nobody is forcing you to download the Facebook app. It's perfectly usable inside a web browser, nevermind the fact that a sideloaded version of Facebook could still leverage the same security benefits provided by iOS' sandboxing model.
I'll see if I can help.
1. A lot of people feel forced to use the Facebook ecosystem - there are groups and markets that are only accessible to Facebook users, let alone the ability to stay up to date with family and friends. Facebook/Meta also provide internet services in some countries, making them utterly unavoidable
2. Facebook has caught in several privacy abuses in the past, including one that used enterprise certificates to side-load a non-reviewed app which set Facebook as a VPN to monitor internet traffic and app usage.
3. There is no guarantee that Facebook will continue to allow full accessibility via a browser if they have sufficient benefits to installing a native app. See Reddit heavily pushing for their native app over the browser on mobile, or Google blocking whole services (or essential features for some services, such as the ability to edit Google Docs) to "encourage" people into native apps.
4. There are many security and privacy features of the App Store that come not from technical measures but from Apple acting as a quasi regulatory enforcer. For instance, application developers must ask for consent for tracking, and the setting chooses whether an advertising identifier is released. But the App Store contract limits _all_ cross-party tracking methods without this consent, including things like sharing device fingerprinting and IP addresses with third parties. These protections only exist for iOS users because of Apple's ability to block publication.
1. They can use Facebook on desktop, or again, the mobile app.
2. Past misbehavior means greater scrutiny would be put upon Facebook, especially if they launch an unprecedented new product as high-profile as a competing Meta app store.
3. Regulators can and will act against Facebook for such restrictive behavior as well. People who want to use Reddit on mobile have the option of Apollo.
4. Apple still controls their devices from an OS level. They can enforce plenty of security and privacy features from there. On MacOS already, apps that aren't on the Mac App Store must still undergo notarization. Why do you doubt Apple's ability to execute? The App Store is not the final word on security.
I would agree in the sense that the only way this gatekeeper regulation works is if regulators set additional rules and regulatory scrutiny to all non-gatekeepers allowed to distribute applications outside the existing platform controls.
The three concerns I have about that is:
1. I do not know if regulators are equipped to understand such technical details (see the rough parts of this legislation)
2. Abuses move at internet speed, while corrections will move at bureaucratic speed.
3. It is drastically harder to regulate businesses outside your country. A shady side-loaded app may not be something that can easily be blocked
Notorization does not enforce security or privacy features on macOS. Security features are either enabled across the operating system or are opt-in based on the selected entitlements. A "gatekeeper" presumably will not be allowed broad limits entitlements on side-loaded apps or apps sold in a third party store.
There are relatively few enforceable privacy features at the software level. Trying to create them is a cat-and-mouse game between the platform and developers.
The way Apple platforms achieve privacy is a mix of technical measures and business measures - ignoring business requirements to gather user consent is a way to get your company banned from the App Store.
> A "gatekeeper" presumably will not be allowed broad limits entitlements on side-loaded apps or apps sold in a third party store.
You're presuming that, but if Apple does indeed have valid privacy and security reasons for setting such limits, presumably they will also make the case to regulators. I suppose it all comes down to having faith in our democratic institutions will act on behalf of the public's interest.
> There are relatively few enforceable privacy features at the software level.
Then what is the point of App Store review if it can't even do that? Is Apple so powerless over its own platform that it can't harden its security model with further updates?
No. I believe this whole debate makes assumptions about what Apple can and can't do, and it seems eminently foolhardy to believe that manual review is somehow the only way in which Apple can control its own operating system and provide security.
> The way Apple platforms achieve privacy is a mix of technical measures
And certainly, Apple is capable of far more technical measures than you and I can dream of.
> I can't for the life of me figure out why everyone cites Facebook here
Probably because they got caught abusing enterprise certificates to sideload a spyware app:
"Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data."
> I can't for the life of me figure out why everyone cites Facebook here.
And yet, people have a preference for installing apps, as evidenced by the populace that has the app on their phone as opposed to using m.facebook.com on their web browser.
Sure, I, an experienced user, can still make that choice, but most won’t and it’s a net negative for the common user’s privacy.
Apps with massive following that are into the idea of violating privacy rights will leave App Store and its restrictions, and will be available only on third party app stores where they can do whatever they want.
Imagine Facebook leaving App Store and becoming available only on Meta Store (or whatever they would call it). Oh, and they dont have to abide by Apple's privacy rules anymore. Oh, and you also got no choice now if you want to continue using it.
I personally don't use FB, but it was a solid example, and it can apply to any other app. Facebook is almost definitely cheering now at this decision, because I remember they had a pretty bad earnings call last year after Apple added additional privacy restrictions to iOS/App Store. But worry no more, FB is back in the game as soon as they can release their unrestricted version on a third party app store.
"More choice available", in this scenario refers not to my personal choices, but to more ways for companies behind those large apps to avoid privacy considerations and restrictions of the platform.
Tl;dr: FB has only two options now - abide by the current privacy rules of App Store or not have an app for iOS at all. With third party app stores being available, FB has a new and way juicier option - publish a version in their own app store with zero restrictions. Why would they even consider the official App Store and follow the restrictions. Consumers lose a solid option here.