== Begin quote ==

The iOS system has traditionally provided support for Home Screen web apps by building directly on WebKit and its security architecture. That integration means Home Screen web apps are managed to align with the security and privacy model for native apps on iOS, including isolation of storage and enforcement of system prompts to access privacy impacting capabilities on a per-site basis.

Without this type of isolation and enforcement, malicious web apps could read data from other web apps and recapture their permissions to gain access to a user’s camera, microphone or location without a user’s consent. Browsers also could install web apps on the system without a user’s awareness and consent. Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration architecture that does not currently exist in iOS and was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps. And so, to comply with the DMA’s requirements, we had to remove the Home Screen web apps feature in the EU.

EU users will be able to continue accessing websites directly from their Home Screen through a bookmark with minimal impact to their functionality. We expect this change to affect a small number of users. Still, we regret any impact this change — that was made as part of the work to comply with the DMA — may have on developers of Home Screen web apps and our users.

== End quote ==

Source: https://developer.apple.com/support/dma-and-apps-in-the-eu/#...

In context 99% of the users I meet don't even know what USB-C is.

I agree that's not as good as a native install prompt but I don't think it's a strange incantation/utterly unintuitive. I know that icon originally meant 'share' but these days it means a wider range of things - basically "take this thing somewhere else".

It’s also a very inconsistent experience: some sites have set themselves up as fully featured PWAs, others have made no efforts at all. Both get the same button.

The more important context is the legal one, not what laypeople think.

Apple is presenting PWAs as viable alternatives to the app store in a legal context: https://www.accc.gov.au/system/files/Apple%20Pty%20Limited%2...

In a similar vein, a startup will be very happy to talk about how valuable it is, except when it comes to talking to tax authorities, whereupon suddenly their shares are borderline worthless.

It's off balance, and it shows now that the tech has to be removed since it wasn't actually at parity despite it being an argument for it unfortunately.

The worst part? This has been the case for 15 years. It's not like there wasn't enough time to fix it. That's plenty of time to hire and develop solutions, yet now look at the reasons for it being taken away.

I think a lot of the time people give an excuse, or perhaps even a justification to themselves, when they really just want the excitement of new phone. I often catch myself inventing reasons why I should replace my perfectly fine phone.

Literally many people do not care enough to understand it. It's just a modern necessity, a tool.

USB-c PD is such a dumpster fire of a standard. Even with supposedly high end cables like Anker you often can't charge a Macbook Pro faster than it can drain it's own battery under load. We can't expect normal people to understand why there are a dozen different cable types that all have the same tip but charge at vastly different rates...

Buy stuff that's up to spec, and it'll be fine.

Higher power levels beyond 60W are optional. The newest PD spec goes up to 240W (5A @ 48V).

Anyway the GP post is referring to a USB A to C cable and an old-fashioned USB A wall charger, many of which barely output a single watt. My family members have had similar problems due to similar confusion.

If it doesn't have the wires inside, you've been scammed into buying a piece of junk that merely looks like a USB cable.

When using a USB-A charger, you're guaranteed* at least 2.5W, and the charging standard (BC 1.2) goes up to 7.5W (though usually you can go higher with proprietary protocols, such as QC, or even PD 1.0, although it's very rare for something to support PD 1.0 and pretty common to support QC or Apple signaling). Sure, you won't be able to charge a laptop from a USB-A port, but it's not a hard thing to grasp.

I don't think you know what you're talking about.

* You could probably find some chargers that do less than 500mA, but you'd have to search among 20 years old ones at this point and they wouldn't really work with anything modern anyway, PD or not. The hard requirement is that a port has to provide at least 100mA, but that's only relevant to data ports that can do USB enumeration - for charging-only ports, everything assumes at least 500mA, and it would be really hard to find something with less than 1A or even 1.5A (7.5W) these days. Of course, if you try hard you can find any kind of weird stuff out there - I've got a water fountain for cats with power adapter that has a USB-A port providing 9V, so connecting anything else to it may make it release its magic smoke - but that's hardly a problem with USB itself.

Having power wires isn't optional. The ohm limits aren't optional. And they can handle 20 volts by virtue of using normal insulation.

The 60 watt limit is for completely passive cables that don't implement anything PD-specific.

Every conforming cable supports 3 amps and 20 volts.

If you think something's incorrect with that, be specific. But the spec is pretty clear.

The exact details of the faster cables are murky because there's old and new versions of that section of the spec, but very few devices use enough power to care about that.

If something breaks that, it doesn't make sense to blame USB. Whatever the manufacturer was doing, it was such a mess that it would fail with any other standard.

Supporting data and PD is just three tiny wires, it's not hard.

The problem is all the non-conforming cables that people have, that look exactly the same as conforming cables.

Really, we're talking about physically broken cables here. As long as there's electrical connection, there's no other way for a cable to not work at 3A/60W with USB PD. Its cable requirements only start when you want to go higher than that - and 60W is plenty of power already.

Is the part of the GP comment I was responding to. The connectors form part of the standard. There’s no way to identify a standards-conforming cable from a non-standards-conforming cable by looking at it. They all look the same.

You plug in a USB-C cable, you might get a quick charge. You might not. Unless you have a USB-C power meter, you have no way to tell unless you know how quickly your device should charge in 5, 10 or 15 minutes, and hang around to wait and see if it does or not.

I think there’s a meaningful difference there!

The only case where you may need a different (non-passive, "e-marked") cable is when going above 60W (3A).

OH (frequently):

- hey I need to to up, do you have a phone charger?

- yup, which kind?

- not "an Apple"

- oh, so USB?

- yeah the "standard" one, not the "new usb"

That said, I'm surprised many do know about the literal "usb-c" term. Micro USB A though flies over their head, it's "small usb" or "standard usb" every time.

Of note: EU here, and while they by and large don't know about the EU standardising stuff they did notice the effect. I've seen a few refer to USB-C as "universal one" (largely coz it works the same for both phones and laptops)

For one thing, if Apple is complying with the EU’s alternative App Store and browser engine mandate, they’re even less useful than before. Why do I as a user want a PWA when I could have a native app?

On iOS you need to use the Share > Add to Home Screen which normies have no clue about. You’ll find out if the site supports PWA features AFTER you add it to your Home Screen. This of course is done entirely on purpose to make them harder to find and less appealing than the revenue generating App Store.

For me, I use iPhone entirely because pixel doesn’t support cardav and caldav out of the box…if I can’t use PWA’s on my phone then I’m going back to android cause I can solve the email problem easier than I can solve the productivity tools not being available via PWA’s.

For one, the actual PWA packaging process gets shunted off to a Google server; I think you can make a "thin client" APK from a manifest using a tool they wrote some time ago[0] (Twitter Lite is one of these), but I've not really looked into it. It's not quite the extension to Chrome you'd really want it to be; if you use a non-Chrome browser on Android, it means you can't really ditch the Chrome dependency if you want to use a PWA. (Further not really helped by the fact that Google is basically the only PWA implementer on Android, since Firefox does not consider PWAs a priority whatsoever.) Similarly, Google's servers need to be able to read out the manifest declaration, which makes them unfeasible for intranet software unless you want to punch a temporary hole and expose it to the internet for a bit.

The other kinda annoying thing Google does is really aggressive degradation between PWA and homescreen shortcut. If the manifest isn't entirely up to snuff in terms of what's listed, there's no attempt at trying to resolve the issue, it just instantly degrades to a homescreen shortcut. A basic example of this is the requirement to use a service worker (even if the service workers entire job is to do nothing); it's not really stated in the manifest spec that it's required, but if you don't have one, the PWA straight up refuses to install as a PWA.

Google's strength with the play store really mostly comes from their bundling advantage; Play Services and the attached Store and Google Apps are required for OEMs to add to their devices (might change with the DMA?). That's the kinda odd reality that makes Apples desire for control seem so extreme - we know what an open platform looks like on Android. It works pretty well for the most part and the incumbents advantage for a store is large enough that almost every app developer submits to the Play Store regardless.

[0]: It's called Bubblewrap - https://github.com/GoogleChromeLabs/bubblewrap

Would be interesting to see how the play store changes in the event of Android honoring code signing for side loading like windows. Eg..no scare screen on side loaded apk’s as long as they’re code signed.

I suspect the App Store would live on as a consumer focused App Store and the enterprise apps would direct distribute which makes sense anyhow cause IAP does t understand account based pricing.

The only thing actually needed for feature parity with the Play Store is mostly just that F-Droid can't auto-update; the Play Store can skip the update/install prompt screen, F-Droid can't. They added install origins to APK files last year iirc, so there's a likely chance they're allowing it though.

Google in theory has a financial motivation to make their competitor Apple look like the bad actor.

We run 3 SaaS apps. One is strictly native, and the other two are strictly web. Writing for 4 platforms on the native app is an extremely expensive exercise and then we are also subject to the insanity that is the App Store. Long story here, everything from App Store review times on mission critical software to the fact that their billing mechanism simply doesn’t work for B2B SaaS…and by the way, we get zero traffic from the App Store as that’s simply not where our customers are looking for the solution we provide. Fortunately, bulk of our customers start on desktop where we self distribute (code signing on windows and notarization on mac) with ev ssl on marketing sites. Why is the App Store scammy over the open web…search for any number of popular apps and look at how many have been cloned. Sure, you can do this on the web with paid ads and enough SEO effort but it’s much harder.

To this day, Apple continue to allow keyword stuffing, advertising on trademarked names, and blatant copyright infringement in app descriptions and even I (fairly tech savvy) accidentally purchased a clone of poly bridge for my kid cause they’ll list the clone above the real one on an exact term search. What was apples response when I said I purchased the wrong app? Tough cookies!

This is the same reason I hate shopping on Amazon. I simply prefer to have a direct relationship with the companies I buy things from, and from what I can tell, our customers prefer have a direct relationship with us.

But back to why PWA’s are awesome…simply put, iteration time. We can publish dozens of improvements every day and roll back instantly when an issue arises. We simply can’t do that with native as long as the Apple / Google act as a gate keepers. When we allow proper sideloading without the scare tactics and dirty tricks, we’ll take the time to build native again.

You've described some advantages to you as a developer. For the average user, apps that change all the time and effectively make them a tester aren't such a no brainer!

Re benefit for who. We will invest our time where it makes the most sense. If you’re familiar with platform risk, you’ll understand that we’re not exactly eager for our existence to be subject to the whims of Apple and Google.

In some regards yes. In practical regards they're a threat to app store margins (on all app stores, not just Apple), so there's no incentive to truly support them other than developers being loud about it.

>I don’t even know where to find one.

Because Apple has crippled the ability for you to use them, so developers can't really spend time working on them. Chicken and egg problem.

>if Apple is complying

They're not really, they're twisting and turning as much as possible to look like complying but make the desired outcomes even more difficult to achieve.

If a regulator enforces a ban on dihydrogen monoxide in a misguided attempt to reduce global warming, should companies comply with the regulation or the presumed intent?

The EU is demonstrating the folly of legislation tech product design at this level of detail.

Heh! Also known as hydroxyl acid. It’s the major component of acid rain.

;)

Does it live up to that? YMMV. It's probably fine for very simple apps, probably comes apart at the seams for anything trying to look modern or have fancier functionality.

One of the small conveniences is indeed that you didn't need to develop the same thing twice, which made the barrier to entry much lower. The functionality that you were exposing to users did not need to pass a review at one of two US tech giant companies, which could reject publishing it for any or no sensible reason at all. You were not forced to pay 30% of your revenue to the gatekeepers of the platform. You were not banned to invite users to buy your product in any way that works for them, even if it meant sending you checks over carrier pigeons. There was no _chokepoints_ that a single company could squeeze to further its own interests (after the collapse of IE).

The only two things I've ever missed from native functionality are:

- background geolocation

- push notifications on ios

The second one was fixed recently.

In contrast, from what I've seen 90+ percent of apps I see in the app stores would be better as a web page / PWA.

Well, they "live" on their phone. I would just put a button on my website to install the app, users would find that easily.

To use the gaming console example, it's not unlike using an emulator to launch your game on PC (if you could somehow monetize an emulated rom). It's not the ideal experience, but it requires very little extra work.

Apple’s decision is going to kill businesses and break apps used by hundreds of thousands of people in Europe, many of whom are healthcare workers delivering patient care.

"In September, hiring was much greater than had been expected, with the unemployment rate staying near a half-century low. Strong hiring typically empowers workers to demand higher wages, which, in turn, can worsen inflation if their employers pass on the higher labor costs by raising their prices."

https://apnews.com/article/federal-reserve-inflation-economy...

I don’t know if this ironic given that apple originally didn’t want to support native apps and gave in due to developer demand.

Apple both did and didn’t want web apps

That's just a few of many advantages.

>The kind of deep user information you can gather by installing a full blown app compared to a more sandboxed web app is worth way more than the 30% royalty cut.

What kind of information is that?

What people want isn't PWAs, they just want the kind of capabilities that computers have had for decades, including many of Apple's current computers for sale today. To be able to install an application and run it.

the name "install" is bad and the wording is NOT a web standard, NOTHING is installed

the question is web capabilities

one core capability is caching and offline via service workers

no need for "install" for this

"installing" a web app does not even need anything anymore, not even offline or service workers... it is ONLY switch to standalone and get a launch button or be integrated into app launchers on OS

behind "install" is a bad and immature web app manifest api, it is a draft... the wording install must go

it is one of MANY possible web capabilities for a web domain to be able run standalone and get a button

apple cannot ban this since a shortcut to chrome cannot be deemed unsafe, where then CHROME decides to run standalone or not

the real problem is NOT that safari kills standalone

they try to kill a lot of web capability, like service workers, and NOT JUST FOR SAFARI

I mean this will not stand, you CAN stay apple-level-safe (whether it is more or less than other platforms) by CHOOSING safari

it is an obvious CHOICE to be granted to trust google, mozilla or microsoft and their web security model to stay safe with THEM on the web

no argument why this should not be allowed if other native apps are allowed

and come on, even mac os is safe with service workers in chromium

It's functionality to add an arbitrary webpage. What exactly are you expecting them to "provide"?

30 some million lines of code in chromium browsers.

Thats bigger than the linux kernel.

The HN crowed might not LIKE apples response but they have a very defensible position.

Edit: Its not like we haven't seen this play out on the desktop recently: https://www.theverge.com/24054329/microsoft-edge-automatic-c...

What you link is a case of one app (edge) reading the data of another app (chrome), which is entirely unrelated to PWAs.

Indeeed, and 'whatever browser engine you picked here' is responsible for correctly implementing these additional security features.

That's the argument; if you write an app that lets you run other apps inside it how do we make sure your app does security correctly?

When you look at it from that perspective, you can see that unless at an OS level you provide additional 'meta-security' features that allow apps that run in other apps to have fine grains access control that is managed by the OS, it's pretty much "security? Well, whatever...".

Right? I mean, whether you agree or not, it's a pretty reasonable position to take and it entirely makes sense.

Yes, and Apple now (against their will) allow me to select this browser myself to browser the web with.

Whether I use this to load a webpage normally or as a PWA does not change the risk I was exposed to. PWAs just let a web application ask the browser to run "fullscreen" without browser chrome, to set its badge and colors, to register as a handler for certain URL types, and to open the share panel. All actions already taken regularly by said browser.

Even if we assume Apple's statement that other browsers are insecure is correct, there is no value in blocking PWAs and requiring me to instead use bookmarks: I am still loading said application in said browser that implements and uses all this functionality itself. To the OS, a PWA is nothing more than a type of bookmark for a browser.

So, no - this is not reasonable and their argument makes no sense. If it was true that Safari was actually safer, then Apple should instead spend energy sharing how so that other apps can be equally safe - it would be incredibly irresponsible for the platform owner to keep security as secret sauce - rather than handicapping other apps.

But browsers already have this security features that isolates websites from each other? How come PWA, which essentially just placing a website shortcut in the home screen and hiding browser ui, affect browser's existing security features?

But that is a new retort when I ask that same question most of the time. Often it’s because of mean old Apple that PWAs aren’t more popular on Android.

But since now that there will be alternate means of distribution in the EU, you should be okay with no PWAs in the EU?

> But since now that there will be alternate means of distribution in the EU, you should be okay with no PWAs in the EU?

I see, a hardened Apple defender. Nice show of cards! There are no alternative means of distribution in the EU that don't involve paying large sums of money to Apple, but you already knew that.

My second point is if it just Apple and Safari holding back the adoption of PWAs, then why aren’t they more popular on Android if Chrome is so much better?

Why aren’t companies creating PWAs for Android to avoid the same 30% cut? Are they okay with paying “large sums of money” to Google?

Why aren’t they using third party app stores on Android or letting users download directly from them?

(And the HN gods are mad at me for some reason)

I don't think that's the only solution. A simple alternative is to declare that "apps that run in other apps don't get to do anything at all."

I.e. in this case, in response to a EU requirement to support alternative browser engines, Apple could — rather than disabling PWA integration altogether — drop all additional privileges that PWAs have that regular webpages don't.

Make installed PWAs in the EU market into just "webpages, but with a home-screen icon, a separate task-manager card, and no address bar." Which is 99% of the reason anyone installs a PWA anyway. No camera/microphone, no extra storage, etc. Not for Chrome PWAs, not for Safari PWAs; not for any PWAs (on these devices.) They're just webpages presented differently. No "meta-security" required!

And the nice thing about PWAs, is that there's no way for a PWA to know or care that it's being run "installed", and change its expectations/requirements — as there's just no web API for that. Instead, a PWA must just attempt to talk to each of these permission-gated APIs it wants to use, and find that it's now being [prompted for and] given access to them, rather than silently refused them.

So, unlike tightening the security model around regular native apps, tightening the security sandbox around PWAs shouldn't actually fundamentally break them — they should be designed to gracefully degrade when refused these capabilities. Presuming these PWAs were already ordinary fully-functional web-apps, which have just been progressively enhanced with these features when and where available, they'll just act like they do "on the web" — which should still deliver on the app's use-case. That's what the "Progressive" in "Progressive Web Apps" is supposed to mean!

Of course, some PWAs 1. will have been designed from the ground up as PWAs, and 2. will have a purpose/use-case that's very specific to the use of these high-integrity web APIs, such that they're completely useless without these PWA-only permissions. A video-chat PWA, for example, won't do much without access to your camera + microphone. There's no point to using these webapps as webapps — and often they don't even let you do so (i.e. they attempt to access the specific API they need on launch; if they succeed, they render the app UI; if they fail, they render a prompt to install the PWA.)

I don't know if you'd really call these PWAs, since there's nothing progressive about them — there almost needs to be a different term for these apps that need the high-trust APIs to do anything-at-all. For the sake of discussion, I'll refer to these as "Elevated Web Apps" (EWAs), since they require elevated permissions to be useful.

It's only these Elevated Web Apps that would benefit from having what the GP called "meta-security": the ability to interact with the OS security on a per-webapp basis, through e.g. an Android-like install-time gate where the app presents a capabilities manifest (displayed to the user as a set of permissions it wants) and the user makes a decision of whether to accept that.

And, if Apple simply neutered PWAs rather than removing them, it's only these Elevated Web Apps that people would "miss out on."

As cool as PWAs are as a technology, these Elevated Web Apps are a true minority or them — maybe 1% or so.

And — at least as far as I know — almost all Elevated Web apps only exist for one of two reasons:

1. to serve use-cases that users with access to native apps from an app store, just have no reason to care about. (Specifically, they were developed to allow users to accomplish native-app-equivalent things on OSes that don't support any kind of native apps — like FirefoxOS nee KaiOS, or early ChromiumOS.)

2. to benefit the developer at the user's expense, by forcing the user to give the developer permissions that allow the developer to spy on the user more effectively, before the app will work — but where the app doesn't actually do anything with these permissions to serve the use-case. (I've seen a few scammy Chinese dating sites demand to be installed as a PWA for this reason.)

In other words: on iOS, at least, you probably won't miss them! (Especially with the third-party App Store ruling also in place in the EU! Things like emulators don't need to be relegated to "WASM running in a PWA" any more; in the EU, they can just be third-party-store apps!)

so, Apple? Since Apple has also required browsers for years to use their own safari backend, this isn't even an issue of "oh well it doesn't work on Firefox".

Sounds like they cornered themselves there.

I imagine that if you’re on HN you are close to developers or are a developer yourself.

And if so, I imagine that you have already had an important customer (to who you cannot say “no”), completely change your plans and architecture with a new feature request while setting an aggressive deadline (ie, you don’t have time to implement everything and must make choices)

Now replace you with “Apple” and “important customer” with EU.

Sure. I sure do wish the demands were actually consumer centric, and not "force all these advertising tracking into your site, tank performance, and grab a bunch of unneeded user data".

And of course, if I maliciously complied and "oops the tracking only gets 1% of user data", I would simply be fired instead of get another strongly worded letter leading to meetings re-defining what "grab a bunch if unneeded user data" is.

EU is the “important customer”, the users of PWA are “other customers”.

Using your example, you would implement tracking for that important customer (and comply 100% to the requirements as Apple did) but because of this additional bloat, the website would load 2 times slower.

After a discussion with your colleagues, you would realize that:

- Most users won’t care about the slow loading (including the important customer)

- Re-architecturing the website to keep the same level of performance while adding the necessary tracking required by the important customer would delay shipping the tracking by 1 year, past the 2 months deadline required by the important customer.

Back to your desk, you start implementing the tracking that will incur a 2x slower load time.

I'd love to one day work for a place where I can dismiss monetization as "the other customer". But alas, my career hasn't been that friendly.

>Using your example, you would implement tracking for that important customer (and comply 100% to the requirements as Apple did) but because of this additional bloat, the website would load 2 times slower.

Given how the topic is:

>Following developer complaints and press reports about how PWAs were no longer functional in the EU after installing the most recent iOS betas

I fail to see how the EU is the "important customer" here. And not the powers that be in Apple telling me to maliciously comply.

The EU said "allow other app stores to exist" and my theoretical manager at Apple is saying "okay, PWAs can exist but they don't have to run well. Add in unnecessary security (because the NA version doesn't have it) that disables functionality". I don't even see how it has to do with complying with the EU, unless it's soke long term OS lock down for future app stores.

Tell me how the EU here is the one telling me to slow down my OS/browser?

They had 1,5 years from the time of being identified as gatekeepers to work on this.

The DMA was voted on by the EU parliament and then the council in july 2022, Apple was identified as a gatekeeper in september 2022, the law became legally implemented in november 2022, with gatekeepers required to comply with it by march 6th 2024.

I do not buy for a second that the richest tech company on the planet, that owns, designs and manufactures the whole tech stack their product uses was unable to respond in due time to the legally required changes and so 'just had to go this route due to time constraints'.

They don’t see money with PWA at this point in time and therefore decided that breaking support was not a big deal.

It obviously outrages everyone on HN, but HN is not your average customer of Apple.

However the parent argument was a weak one, and so had to be answered with facts.

It's all just code sandboxed by the OS. Apple is just being pathetic because they couldn't force legislators to do their bidding.

In one sense, sure.

But in another sense Edge taking Chrome's tabs means Microsoft is getting insight into Google's data. A lot of Apple's defenses seem really targeted at reducing the ability of Microsoft, Google, and Meta to extract value from Apple's users. Apple sees the union of all the app data, but their competitors can't put together that picture. So in that sense, Edge eating Chrome data may be the sort of thing they're looking to prevent.

Ofc, like a bond, a user pays for a reason: he gets something out of the facility provided by Apple, in kind.

The real issue, however, is that Apple is not saying “we need more time to implement the APIs”, which the EU would very likely concede, but “we don’t think it’s worth it for us”.

We do this all the time. I don’t uniquely depend on Microsoft for stuff that runs on Windows. Same for stuff that runs on macOS. And on Linux I’m not even sure who I’m trusting from the ground up other than a huge and disparate collection of people.

So what makes iOS so unique that it can’t run PWAs, which is little more than adding some chrome and a handful of APIs to already pre-existing browser capabilities.

What an F’ing joke. And the bigger joke are the Apple fans who are going out of their way to defend Apple sticking it up their nether parts.

Apple has no interest in working with public institutions that have a close relationship with the people they serve. That's a big red flag in my book. You cant trust a company that serves content and hardware and at the same time trust them with security. It's too many eggs in one basket, to easy of a target for rogue entities (NSA) even if they have good motives .

What Apple and some users here are saying that users don't have intelligence to judge it and so will have to trust only Apple.

This seems to be over-generalization? Users are using Apple devices because those are good products, not because they want to delegate every single trust problem to the Apple ecosystem. That might be a great proposition for people like you, but there is a significant number of people who consider it a compromise rather than a value.

As a long time user of Windows which historically had an incomparably large amount of security incidents, I can assure you that Apple won't get blamed that much for 3rd party data breach unless it involves Apple's own service and user data.

I’m talking about the general public. If a story about a data breach in a 3rd party app — affecting iOS users — hits the news cycle, Apple will take the blame and their brand reputation and sales will be impacted. It doesn’t matter whose fault it really is, Apple is the face of the iPhone and through their walled garden they have accepted final responsibility for everything that occurs on iOS.

You can draw a direct line between Apple’s original marketing pitch (easy to use, simple, secure, appliance-style computing) and the iOS walled garden. Just as you can with Disney and their family-oriented brand. It’s not a compelling argument to say that other film studios have nudity in their films when Disney is the brand at issue.

They didn't take security seriously when they were laying down the architecture for Windows because they didn't think they had to. Apple is taking the exact opposite approach. They're fairly obsessed with security and privacy because that's one of the big selling points for the whole iOS ecosystem. They miss things because they (like us) live in the real world but they do pay a lot of attention to it and the number of updates for things like 0day defects that arrive within days of the defects being reported tells me that this continues to this day.

Apple doesn't have a monopoly. Per https://gs.statcounter.com/os-market-share/mobile/worldwide Android has twice the market share that iOS has. The reason for all of this generated drama is found in https://www.businessofapps.com/data/app-revenues/. The key bullet points are:

"App Revenue Key Statistics

* Mobile ad spend in 2022 reached $362 billion, a 7.7% increase on the previous year * Android and iOS app consumer spending increased to $135 billion in 2023 * iOS was responsible for 66% of app consumer spending in 2023 * Games accounted for 60% of consumer app spending in 2023. Google Play contributed 41% of the total amount * Subscription revenues increased to $45.6 billion in 2023, iOS was responsible for 76% of that revenue"

The real reason for all this foolishness can be found in these bullet points. 66% of $135 billion is $89.1 billion, and lots of people would love to get a piece of that pie without dealing with Apple (who built and owns the stack). It isn't a monopoly, though, and all of that monopoly talk is misdirection.

I suspect that from Apple's perspective, it is definitively not a significant number.

For Apple, ownership of the "trust problem" is an intrinsic part of "making good products".

Yes, this might be true. And the majority of elected officials in EU fundamentally disagrees with that statement.

Politicians aren't expected to be experts due to the immense breadth of subjects they need to consider - they're expected to consult experts. Whether an individual politician is an expert[1] is pretty irrelevant.

All of these statements are about our general expectations of politicians - whether you think politicians adhere to that point or have comments on specific politicians is beside the scope of my comment. As a less controversial example it might be good to instead consider how judges operate who are expected to provide well reasoned judgements on subjects they know nothing about.

1. Sometimes those former expert politicians are the worst of all since they _think_ they know the way things are and won't listen to actual experts but they've been out of the industry so long that they've lost their familiarity with the subject.

That didn't go hilariously wrong, though - the internet is a series of tubes. Not physically (copper cables aren't tubes) but he obviously wasn't talking about specific stuff but broad-strokes analogy (his exact line was "It's not a big truck. It's a series of tubes."), and his description was basically accurate.

Well, EU can and will force, fine, or ban US companies as they see fit but there is not some fundamental correctness to their viewpoint

It has control over the people living in China, true, but I do not think controlling a person, being able to put them in jail if they don't obey you, is the same thing as representing them.

Indeed, who apple is or isn't able to sell to, doesn't affect what people think is moral or immoral.

As for Apple's CEO representing Apple's customers: Are you sure? We didn't elect him. We just bought stuff made by an organization he currently runs.

I'm saying that customers decide whether or not to buy from Apple based on whether they resonate with them from a moral standpoint, at least as part of their decision to purchase their products. And I said Apple's CEO is accountable to their customers, not that they represent them. Yes, they're also accountable to shareholders, as your sibling comment points out. But if the company screws up enough to elicit a popular boycott, you can bet the reason shareholders will be exercising that accountability is due to the actions of the customer base.

> I'm saying that customers decide whether or not to buy from Apple based on whether they resonate with them from a moral standpoint

I fully believe that you might do that yourself. There's no evidence everyone else does, or even that a majority do. Especially since most people aren't informed of working conditions involved in manufacturing Apple products (or indeed, many others' products).

It's just not believable that everyone thinks that buying a product = agreeing with every single moral stance made by the person currently running the company. And what if he changed his mind tomorrow? Would he offer a full refund to everybody who asked for one?

> And I said Apple's CEO is accountable to their customers, not that they represent them.

He's not accountable to them, only to the board*, but we're discussing representation - that is, speaking on behalf of a people, according to those people, not you or I or the speaker individually. If you mentioned accountability while we were on the topic of representation, and I returned us to the topic of representation, you're welcome :)

[*]: Your example illustrates this: a complex chain of accountability from CEO to Corporation and BoD to Corporation and Corporation to shareholders is required for any action to happen. Being accountable to customers means customers can decide to fire him _directly_.

Because they are interrelated concepts. Without accountability you can’t be trusted to faithfully represent someone. “Representation” without accountability is autocracy.

Also, chill with the condescension.

In this case, though, the CEO is not accountable to customers, and the CEO does not represent customers, so not too confusing. He is accountable to the BoD (nobody else can fire him) and represents the corporation. The interests of other parties, including customers, are secondary to, and when opposed lose to, the interests of the corporation.

People don’t think of it that way, they tell themselves all the reasons why that’s a good thing, but that’s ultimately what it is - a legislative solution to end the “android vs iOS” debate for all time.

The argument is walled gardens shouldn’t exist, so the solution is to either legislate requirements that apple destroy the walls, or that they exit the market. That is a statement that most android advocates would agree with.

And the EU will largely just keep ratcheting up the legislation until that happens. Driving apple out is the point - walled gardens are (in the EU sense) unacceptable and the option for a walled-garden business model needs to be removed from the market.

Apple is (correctly) perceiving this and pulling out of the market, first by dropping the affected features, and I’m sure there will be a “next compliance requirement” before many years too.

1. Still hoping to see something amazing RIM!

That'd be "corporate freedom" rather than "end user freedom" yeah?

That's my impression of what the NA model of freedom seems to mean these days.

1. I'd point to a great example from one of our current justices in this regard: https://www.theguardian.com/law/2017/mar/23/neil-gorsuch-sup...

In the same way Right to Repair, Minimum Wage, and Disciminatory hiring affects the freedom of running a business, sure. Unfortunately, rules are written in blood and this is happening because other businesses at this point abused the point of labor or customer satisfaction and needed to get dinged for it.

In this case, Blame Microsoft, I guess. Heck, even Google. we already know the result of a closed system abusing its platform and large share to make its product worse. I'm glad we're actually jumping into this before it's too late (like we usually do).

Companies are designed and allowed, by characters, to operate within the scope of whats good for society. If it harms the public good then it needs to be reigned in. I have no illusions that companies have the same standing and rights as living beings do. They are lifeless entities meant to be subject to the will of people.

No-one's forcing Apple customers to go outside the walled garden. They can still source their apps from only the Apple App Store.

That's not just an EU problem though. It seems to be well established (and perhaps worse?) in many places.

if someone wants to sell systems where the only supported configuration is SELinux, why should that be illegal?

For general populace good also include secure by default.

"every single trust problem to the Apple ecosystem." is rather technical point that very few people would even understand meaning of it.

> significant number of people who consider it a compromise

How significant compare to iPhone user base?

I don't hate Apple, but rather realise that it's bottom line and fiduciary duty to its shareholders is stronger than what is best for us (consumers/developers).

I do not trust the corporate marketing one bit (and honestly, why should I?).

This behaviour of Apple just further supports that view. As a company, it seems to believe that it is somehow above following the rules meant to benefit consumers/developers, which goes against what the company has been marketing its self with since the 80's.

So lets stop the 'Leave Apple alone (and us that work there)' crying, and just acknowledge what the whole thing revolves around.

Seems like they hate us (developers) back though so it’s a mutual relationship I suppose.

Have you seen the world around you for the past 20 years or so? I'd say this characterises developers (well, companies they work for at least) quite well, don't you think?

But there are some trying to scam you…and some of those are also in the App Store…as long as they use IAP to scam you all is well.

That just doesn't exclude trusting others as well.

Except that's exactly what Apple is saying. Their engine -- and their brand depends on it -- offers users assurances arbitrary engines do not offer. Apple says PWAs are safe because Safari is safe, while not-Safari PWAs are not-safe.

And, if not safe, Apple is at least accountable.

Google's brand, for instance, does not depend on it: https://www.engadget.com/the-morning-after-google-will-settl...

You misunderstand. If a foreign browser engine was to be made available for PWAs, it would be because the user installed the browser and browsed the web with it. In other words, if loading a web page in this browser was unsafe - which is what a PWA is - the user would already be compromised. PWA or bookmark does not matter.

PWAs do not change the risk profile. PWAs only get a few extra APIs, but nothing major. Location, microphone, webcam, bluetooth, usb, etc. are all standard web APIs available to web pages, not PWA specific.

The argument that PWA specifically has a special risk profile is null and void. The only sensible reasoning is that Apple is strongly against opening their platform at all (their way of implementing compliance is borderline malicious), and maybe want to weasel their way out of any effort they can avoid (allowing users to install new types of apps is zero work, changing which app opens a link by default is near-zero, while allowing users to replace the engine for PWAs require a bit more integration).

They are just afraid the browsers will host PWAs better than Safari does, making them a more viable alternative to the App Store.

Since when was loading web pages ever considered safe, at least by those who actually breathe computer?

It's frankly alarming how much trust we (must) give to Arbitrary, Remotely Executed Code(tm), especially given how many attack vectors are remote code executions.

I honestly prefer to pay a vendor who will (a) complete a product until it's usable (b) be motivated to maintain it because they are paid and (c) be motivated to maintain it because they are scared of the bad PR of not maintaining it.

43 points by vitplister 4 months ago | 32 comments

https://news.ycombinator.com/item?id=37875370

Apple fined $8.5M for illegally collecting iPhone owners' data for ads (gizmodo.com)

334 points by nixcraft on Jan 8, 2023 | 134 comments

https://news.ycombinator.com/item?id=34299433

Apple's Cooperation with Authoritarian Governments (jessesquires.com)

468 points by ig0r0 on March 31, 2021 | 291 comments

https://news.ycombinator.com/item?id=26644216

Apple reportedly dropped plan for encrypting backups after FBI complained (2020) (theverge.com)

425 points by samename on Jan 14, 2021 | 137 comments

https://news.ycombinator.com/item?id=25777207

Google's very means of income relies on gathering and to an extent sharing your personal data.

Edit: and "Android" as in the AOSP (where PWAs still function) does not sell data.

Second, it’s entirely dependent on the regulation whether it crushes (or even just hurts) a behemoth.

Yes: https://developer.mozilla.org/en-US/docs/Web/Progressive_web...

I tested just now in Firefox with an app from https://appsco.pe and it does indeed work!

I can do the same with the Android version of Brave.

> If you install Firefox it uses Gecko but still has native app look feel?

That depends on your definition. Making an app _feel_ native is a matter of implementation. But the opposite is also true: A native app is free to feel non-native if the app creator makes it that way.

The app does show as a distinct entry in the app switcher, but still has a Firefox icon when I tested it just now.

I tested just now in firefox with an app from https://appsco.pe and it just...opened a browser tab with the website.

So I understand a PWA is just a website but isn't the whole point to have a dedicated window/card for it?

It looks like appsco.pe has some incorrect entries in its list of PWA.