Don’t even bother. Every time the EU does something that upsets apple we get these business experts advising apple to pull out of the EU. And yet apple complies, or pretends to comply, every time.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Approves Epic Games Store for iPhone and iPad in EU
- Thread starter MacRumors
- Start date
- Sort by reaction score
Someone (not you) alleged that the DMA served as a backdoor for surveillance. That's where this discussion about security originated from, as far as I'm concerned, and you happened to chime in on it.
It's not only about EU companies.
Most of the companies benefitting from it will probably be non-EU companies.
It's about fair competition. With the implied assumption that European consumers and European companies will benefit from it. Or as the EU puts it: "opening entirely new business opportunities to a large number of companies in the Union to the benefit of consumers in the Union."
Whether it will achieve that - we will see.
The law doesn't much give consumers direct benefits or rights against platform operators with regards to installation of apps. Though it does with, for instance, portability of data.
I can smell when someone (Apple) is being disingenuous.
Just as (I assume) you can smell a statement from Spotify or Epic Games' being disingenuous. 😉
Apps need certificates and they need to be reviewed by Apple - and Apple chosen to continue with that. So from a software security standpoint, they're being dishonest.
You've taken my statement out of context there too.
Context:
- #30 (obviously sarcastic): "i fk'n hate when I have choices! (...) GIVE APPLE BACK IT'S MONOPOLY"
- #228 "Love when people say monopoly for a company that has a monopoly on their product. (...) Sony has a monopoly on the PlayStation store and Microsoft on the Xbox store"
- #245 (me): Replying that the DMA is about access, marketing and distribution of third-party products/services on iOS devices - not Apple's own products or services.
Yeah, I literally used that word in my reply.
Nothing is below Apple in making life as difficult as possible for competing stores.
Protecting Apple's own store from "clone" imitations that users could mistake as Apple's store is a legitimate interest.
Forcing competing stores to be as alien-looking as possible and forgo established UI or naming conventions isn't.
I do feel that a lot of this kind of arguments can be distilled into individual vs collective rights. Having more choice both be good for you as an individual, while also being bad for people as a collective.
For example, a small number of people may argue for the right to install whatever apps they want, believing that they are technologically-savvy enough to manage the risks. They are not wrong, and they are also not the ones who have to manage any fallout at the end of the day.
The problem then comes when everyone has access to the same options, you can't guarantee that everyone making use of said option are cognisant the inherent risks involved, and it's Apple who has to end up managing the aggregated risks to their platform. For example, I don't have to install a third party App Store, but who knows what other security vulnerabilities or tradeoffs may be introduced to the OS in order to accommodate said feature, which impacts all iOS users universally regardless of whether they make use of said feature or not.
You claim there won't be any disadvantage to me at all, but again, how certain are you? I am pretty sure people here will say anything in order to win an argument; doesn't mean that argument will hold up in the long run.
And of course, this argument could just as easily around be turned on its head. You can argue that perhaps it is in the collective interests of Apple users in general that they be allowed to sideload whatever apps they want (like in the case of people in Russia who are not able to access VPN apps overnight), and that perhaps my desire for a safer and more secure computing environment is the exception, rather than the norm.
It really comes down to whether the people desiring third party apps stores and sideloading is the majority or (I believe) the overwhelming minority, and whose perspective we are looking from.
It's a similar argument regarding the repairability of Apple devices. Yes, at an individual level, if and when your iPhone or iPad breaks down, it would be convenient to be able to bring it to the nearest mobile repair shop and have the screen or battery replaced for less money compared to making an appointment with the Apple Store (which is actually not that near my house). But is making their devices more modular and serviceable just for the convenience of the 0.1% worth the global increase in cost, energy use, pollution etc for everyone else who uses Apple devices? I actually don't mind paying more, and making a trip down to the Apple Store for what is probably a once-very-few-years occurance. I will just treat it as an opportunity to do some window shopping while I am at it.
From this perspective, I can understand why Apple chooses to replace a 2018 iPad Pro instead of attempting to service the battery, if they are confident enough of the durability and longevity of their devices and believe that the projected low repair rates make it cheaper to simply swap out the entire device than keep spare parts around (which entails costs of its own). Again, sucks for the minority (especially if they live in countries without a strong Apple retail presence), but easier for Apple to manage from their end.
And even if it does have the ramification of shutting out businesses like ifixit or independent repair shops, one can also argue that it's not really Apple's responsibly to prop up these enterprises.
Or to cite a more controversial topic - US gun laws. It's possible that owning a gun can make an individual safer (or at least feel safer), at the expense of the community being more unsafe as a result.
I guess where I am going with this is that while Apple may not be entirely right with their actions, it doesn't mean their viewpoint (or our concerns) are entirely invalid either (and I will still argue that they are acting in good faith).
Make of it what you will. 😬
...and Apple, petty as they are, aren't even done about it:
"Apple has told some press channels that, though they have approved our current EGS iOS App for notarization, they are still demanding Epic change the user interface in a future version"
- Can apps be installed on iOS devices without going through Apple's App Store?
Yes, as has been possible for years. ✔️ - Do users have to trust the app developer before that app will open and run?
Yes, as it has been for years (for non-App-Store apps) ✔️ - Do installable apps have to be signed, and are those signing certificates available to third-parties?
Yes, as they have been forever ✔️ - Bonus: Do third-party apps obtained elsewhere have to be reviewed by Apple?
No, unreviewed apps have been installable for years.
But yes, for "alternative" distribution to consumers, Apple still requires review.
There's literally nothing that needs to be changed*. And hence no new security vulnerability needs to be introduced.
Apple just decided to not allow the features being used for consumer distribution (most likely for commercial reasons).
* Apart from a simple setting that would make alternative stores a default store (as far as I'm aware - and no, this does not make for a security vulnerability in credible way)
PS: If this gets replied to or disputed, just ask yourself if the reply can articulate concrete evidence to the contrary. Rather than just vague and unsubstantiated casting of doubt (as in "everything, every single line of could be a huge vulnerability" or "But... but... but... we never know what needs to be changed... there could be something somewhere... you never know").
Last edited:
Yeah let’s blame video games for the downfall of humankind. You sure got this one all figured out.
Tencent has a big stake in Ubisoft (Assassins Creed and several others) Riot Games, and 81% in Supercell, which makes Clash of Clans. You don't see anyone up in arms about Clash of Clans...
I'm much more concerned about what my government (US) is doing, rather than China's.
Last edited:
It makes me scratch my head that posters who know seemingly know the DMA like the back of their hand, whether it's because they are contributors to the regulations, know ChatGPT very well, are barristers, or are students of the DMA lack a fundamental understanding of what the corporate enterprise corporate certificate program really is both philosophically and technically. Either that or the forums are being trolled due to disinformation.
If it's your understanding the DMA and the corporate enterprise program are the same (when you boil everything down to bits and bytes I suppose it all is the same) then perfect!
There are all sorts of changes needed. One example you quoted - make an alternate App Store the default. Now what happens if I make it the default, erase the normal one off my device (because the DMA mandates that native apps be able to be deleted). Are you honestly going to tell me there are no potential code changes in iOS needed to deal with an iPhone that doesn’t have Apple’s App Store on it? This is just one example, there are loads of others.
Even if you were 100% correct that nothing has changed, you’re downplaying the ease of access to the feature set. Right now, the ROI on using this process to exploit users is incredibly low - because hardly anyone will follow all the steps to do so. Now, in Europe it’s a hell of a lot easier to trick users into installing something malicious.
Do we think the EU would have accepted “anyone can utilize the corporate enterprise program” as DMA compliance? Of course not.
So why they’re fighting so hard on this boggles my mind. While I vehemently disagree with @AppliedMicro on the DMA, they usually make coherent arguments that I just strongly disagree with.
Spotify never offered IAP until 2014 and dropped it in 2015. They also bragged to the press in 2016 that Apple Music had increased awareness of music streaming and that their own subscription service was growing faster than Apple. Their preferred approach has always been to offer the free ad-supported version of Spotify in the App Store and have customers sign up for the premium subscription version online. In other words, the exact opposite of what the EU is claiming with its anti-steering fines per Apple. Customers had to go online for the EXPENSIVE version not the cheap version.
It’s not. I never claimed they "are" the same. Particularly not in "philosophy":
Apple designed that program to cash in on iOS/iPhone usage in corporate business settings - while still maintaining their monopoly on app distribution to (iOS) consumers.
But from a perspective of software infrastructure and OS-level security, no new infrastructure is needed (or security holes to be poked) to allow for third-party app stores.
If anyone thinks. "Oh no, the DMA suddenly allows to install apps that weren't downloaded from Apple/the App Store and that weren't properly reviewed by Apple - and that's a totally new danger that wasn't there before" they are wrong and uninformed. But that's pretty much the picture Apple wants to paint.
The security of operating systems does boil down to their bits and bytes.
Achieving OS/platform security in general-purpose operating systems though spending a few minutes on reviewing every app (and its updates) is futile.
Note that: That's not saying that software review doesn't have its merits - with regards to individual apps and end users using those apps. But it doesn't make an operating system or the platform it runs on secure.
Last edited:
LOL...
"Mobile security threats are increasingly common, especially on platforms that support sideloading. The European Union’s cybersecurity agency, ENISA, reported the detection of 230,000 new malware infections per day – i.e., 84 million per year – in 2019 and early 2020. Kaspersky Lab, Europe’s largest cybersecurity services provider, estimated that in 2020, nearly 6 million attacks per month affected Android mobile devices owned by its clients."
"These threats are predominantly present on platforms that support sideloading: Recent studies have shown that devices that run on Android – a platform that supports sideloading – have an estimated 15 to 47 times more infections from malicious software than iPhone."
I haven't had a virus in decades on Windows, many don't, when is the last time you used it? 🙄
Why not?
What would be missing?
Yes, I am.
As is established, apps can be downloaded from any web site - so can Apple's App Store app. Just download it from Apple's web site - properly signed by Apple. Certainly doesn't need any code change.
I do however believe that the App Store may be exempt from this DMA requirement. Cause the DMA requires "only" software applications to be uninstallable - not application stores.
Anyway... 👉 The DMA has been in force for a while now. This must be observable behaviour. So can it be deleted?
I honestly don't think so. Rather the contrary, given how many scary "warning signs" Apple has put between the user and such installs.
That's exactly what you are claiming.
Apple designed the program to allow companies to deploy custom ios applications while not going through the ios app store for various reasons. Apple has a natural monopoly on the ios app store.
That's your conjecture.
Again, your conjecture and opinion.
Yep, I agree at the bits and bytes level it's all the same. /s
So just let 'er rip...right?
Eliminating the up front threats from social engineering and phishing makes a users online life better, but you are correct that is not the operating system doing that.
This article (as well as the 2016 article here) says they stopped it in 2016 - after Apple undercut them in pricing on iOS.
That is contradicted by the second article I linked to in the first paragraph.
Spotify were well happy to sell through in-app purchases, at an additional charge.
They've been wrong about that growing faster, as evidenced by Apple Music becoming their biggest competitor.
So?
Hardly a surprise, given how Android is the preferred platform for piracy of mobile software applications.
The alternative distributions mechanisms mandated by the DMA will remain regulated by Apple though.
They've provided the technical building blocks to provide third-party app stores.
Enterprise certificates were in fact abused to create alternative stores chock-full of pirated apps.
Apple just didn't allow it as a matter of policy, contractual terms.
That is not a natural monopoly.
I laid down the argument in my previous post here.
Any reasonable person can observe and verify the arguments - or make counterclaims.
If you prefer one-worded dismissals ("conjecture") over making factual arguments: Goodbye! 👋
Sure does. For the people that want that.
That's why they can continue to load all of their apps from Apple. If Android and the Play Store are any indication, it doesn't seem likely that developers will leave the App Store in masses.
Given how Apple has chosen to introduce or maintain approval proccesses for third-party app stores and apps, the risk seems very manageable and well-mitigated.
Though I admit that a malicious app using a rogue enterprise certificate may pose as a legitimate third-party app/store - and as consumers grow accustomed to alternative app distribution (that "on iPhones, Apple's App Store is not the only store anymore") may actually mistake that for a legitimate alternatively distributed app or App marketplace.
Last edited:
I've been using windows since the 90s and haven't had a virus since 2002ish, though my main computer is a m1 air. Wife has been using android for over a decade and has never had malware.
Time to stop repeating these outdated tropes.
Last edited:
And apple yanked the certificate from unscrupulous operators. But that’s neither here nor there.
It is.
I don’t agree with your arguments and I’ve laid out my opinions.
Goodbye I guess. A series of facts, unlike a mathematical proof still leads to an opinion on those facts.
Again, that’s not neither here nor there.
The risk seems out of control and it’s the best they could do given they couldn’t deny epic a certificate given the company out and our attempted to defraud apple. Those are facts.