Apple Confirms iOS 17.4 Disables Home Screen Web Apps in the European Union

[djphat2000]

By their own choice and lack of will.

Unless you're in a position to know, i.e you work for Apple and know how to fix it. This is a misleading statement. Sure, Apple could waste time energy and resources to make it work by a certain date or in the future. But, why should they do that when very few people within the EU actually use it? You don't use it, for example. Taking it away doesn't affect you at all. Same for many many others. No affect. Those that use it, while affected negatively by this. And I personally have been on that end of a product. Where, it had a feature that very few customers used, but I used all the time. They took it away, and I have to make major work arounds to deal with that loss. But, I know my voice is very small for that feature. And it made more sense to work towards that work around.

It technically is possible to sandbox 3rd party browser instances similarly as PWA using webkit is being separated right now.

They would have to engage with those browsers/vendors to properly implement a secure environment for each browser. That would be work for both companies to do and maintain forever more. Any changes in the underlying OS could and work affect its ability to work. So every time Apple made an update. They would have to make sure each browser still worked, and if it didn't. Work with each of them to fix it. And it could so be a situation that it's not fixable and a major rework would be required and well. Not worth the effort. Cut your losses.

Is it financially viable to implement it? Probably not.

exactly

Would it be pro-consumer? Definitely.

VERY few consumers.

Am I personally bothered? Not at all.

This matters more as you are in the majority of those that it matters little to.

I'm not using single PWA and did not use it for quite some time. Is their PWA approach lazy and anti-consumer? Yes.

No, it's the right choice.

Is it aligned with EU's DMA? Yes it is.

It is, and it's a consequence of following the law. Just because something is possible, doesn't mean it's practical. And it doesn't mean it makes sense to do.

 

[1129846]

They would have to engage with those browsers/vendors to properly implement a secure environment for each browser. That would be work for both companies to do and maintain forever more. Any changes in the underlying OS could and work affect its ability to work. So every time Apple made an update. They would have to make sure each browser still worked, and if it didn't. Work with each of them to fix it. And it could so be a situation that it's not fixable and a major rework would be required and well. Not worth the effort. Cut your losses.

The problem there is end of the day Apple made a major security hole from the beginning if they could not popularly sandbox a browser engine from the beginning. Instead they took short cuts and cheated with security risk of deeply integrating webkit with out proper sandboxing. You would of though Apple would of been smart enough to not make the same mistake MS did with integrating IE to deep into windows.

Cost wise yeah might be a little high but end of the day Apple screwed up in the late 2000's with that decision and instead of trying to fix that security problem they left it in their for years.
That might also explain MULTIPLE security holes in the past that allow people to root the phone threw safari because let the browser get way to deep into the system. Still they never fix root security problem it in over 10 years.

Root problem is not sandboxing the web engine. Sad they did not learn from the mistake MS made in 95.

 

[blotchy-veil]

deeply integrating webkit

This also why we need a whole iOS/iPadOS/macOS update when Safari has a 0-day vulnerability. Instead of just a regular app update.

 

[poseidondev]

Makes sense.

For it to be honest there needs to be a level playing field where all browsers and browser engines are able to install PWAs, and for that to be the case intensive engineering resources need to be dedicated to rewrite the underlying architecture.

Resources that this doesn’t warrant due to a marginal user base that installs PWAs, especially in light of the resources they’ve had to use to get in compliance to with the big ticket DMA items and in light of needing engineers in hand to make the inevitable tweaks once the EC passes judgment come March.

It’s just not worth it, at least not as a priority item on the agenda. As such, it’s only fair that Apple also disables it for Safari.

 

[poseidondev]

The problem there is end of the day Apple made a major security hole from the beginning if they could not popularly sandbox a browser engine from the beginning. Instead they took short cuts and cheated with security risk of deeply integrating webkit with out proper sandboxing. You would of though Apple would of been smart enough to not make the same mistake MS did with integrating IE to deep into windows.

Cost wise yeah might be a little high but end of the day Apple screwed up in the late 2000's with that decision and instead of trying to fix that security problem they left it in their for years.
That might also explain MULTIPLE security holes in the past that allow people to root the phone threw safari because let the browser get way to deep into the system. Still they never fix root security problem it in over 10 years.

Root problem is not sandboxing the web engine. Sad they did not learn from the mistake MS made in 95.

This entire comment is one non sequitur after another sprinkled with assumptions without any basis to support them.

Safari is sandboxed, just like other browsers are sandboxed, and just like apps are sandboxed.

The problem isn't so much the sandbox as it is the need to rewrite the underlying architecture to facilitate escalated privileges that manage the installation to the home screen and that allow for background processes by browsers to be run, all in a safe and manageable manner.

On top of that, as it was pointed out, they need to ensure everything remains compatible when the OS changes but also when the browsers change.

They've done the legwork for this with Safari, which, while challenging, is manageable because of direct lines with the Safari and WebKit team.

Having to redo the legwork in such a way that it is agnostic to which browser is involved and maintaining compatibility with the other vendors is an entirely different ballgame and Apple has decided that (for now anyways) it's not worth the trouble, especially in light of all the other efforts they need to undertake.

Instead of leaving it as is, giving themselves a benefit over competitors, something the DMA doesn't allow, they've chosen to disable it for Safari as well and change it into a bookmarking function.

Completely reasonable of course, because the install rate of PWAs, even across other platforms such as Android and Windows, is negligible.

 

[subjonas]

While I mostly agree with your previous statements, I don't think the DMA is hindering Apple to do the good job they have been doing until now with hardware and software design. The requirements set by the DMA are only directed against very specific business practices that put companies who rely on the iPhone as a platform at a stark disadvantage. These companies have no choice but to be on the iPhone and have practically no leverage over Apple. It's a bad situation for competition and ultimately also for the customer.

Let’s hope nothing changes for the negative but I’m not very optimistic. But at least the EU can possibly serve as a testing ground for how customer UX is affected by these sorts of law changes. Although in cases like this where Apple is apparently forced to choose between compromised security, or allocating some unknown amount of additional resources (although many on the internet will claim to know) toward supporting 3rd parties with the same integration as a 1st party feature, or dropping the feature due to low ROI, the data and its interpretation can get muddled.

 

[tehabe]

Web apps in iOS runs in Webkit currently, not in a sandboxed browser.

IIRC all apps on iOS are sandboxed. Why should PWA any different? It makes no sense.

 

[Isengardtom]

Linus is right. Apple is hostile towards its users

 

[tobybrut]

The problem there is end of the day Apple made a major security hole from the beginning if they could not popularly sandbox a browser engine from the beginning. Instead they took short cuts and cheated with security risk of deeply integrating webkit with out proper sandboxing. You would of though Apple would of been smart enough to not make the same mistake MS did with integrating IE to deep into windows.

Cost wise yeah might be a little high but end of the day Apple screwed up in the late 2000's with that decision and instead of trying to fix that security problem they left it in their for years.
That might also explain MULTIPLE security holes in the past that allow people to root the phone threw safari because let the browser get way to deep into the system. Still they never fix root security problem it in over 10 years.

Root problem is not sandboxing the web engine. Sad they did not learn from the mistake MS made in 95.

There's not an engineering company in the world that designs around requirements that don't need to be met. If Apple never foresaw the need to allow non-WebKit browsers to work with PWA years ago, there would never have been a reason to do extra work for no particular reason. They've said that it would take a major redesign to accommodate these imposed requirements. It isn't a security hole because it works as designed, not as someone else wants more than ten years after they implemented it. It met their needs for a lot of years, and expecting a company to waste time and resources on something that wasn't needed is ridiculous.

When requirements change, engineering companies then decide the risk/reward of whether it's worth doing the work to adapt to new requirements. That process doesn't change regardless of whether it was an internal decision or an externally imposed requirements. If they don't see any value in fixing it, they won't. In this case, they've said that there aren't enough people who use the feature to warrant expending engineering resources for that, rather than allocating those resources for a feature people actually want to use. It's that simple, but yet people are trashing Apple for not anticipating more than ten years ago that some governmental body would force them to do something beyond their original implementation. It wasn't necessary back then, so there was no reason for them to do it.

 

[mrochester]

And here we are with the first of the unintended consequences of heavy-handed regulation.

And just as I suspected, some people choose to focus their ire on Apple rather than the regulators that have imposed these things upon us.

 

[Sogeman]

I switched to ios after over a decade of using Android. I'll strongly think about switching back in 3 years even if I want to ha e as little as possible to do with Google.
I don't need all the features of Android but if Apple keeps removing features because they're throwing a tantrum I guess I don't have much of a choice

 

[mrochester]

I switched to ios after over a decade of using Android. I'll strongly think about switching back in 3 years even if I want to ha e as little as possible to do with Google.
I don't need all the features of Android but if Apple keeps removing features because they're throwing a tantrum I guess I don't have much of a choice

The trouble is Google is even more evil because of their business model. Out of the frying pan into the fire 😂

 

[1129846]

There's not an engineering company in the world that designs around requirements that don't need to be met. If Apple never foresaw the need to allow non-WebKit browsers to work with PWA years ago, there would never have been a reason to do extra work for no particular reason. They've said that it would take a major redesign to accommodate these imposed requirements. It isn't a security hole because it works as designed, not as someone else wants more than ten years after they implemented it. It met their needs for a lot of years, and expecting a company to waste time and resources on something that wasn't needed is ridiculous.

When requirements change, engineering companies then decide the risk/reward of whether it's worth doing the work to adapt to new requirements. That process doesn't change regardless of whether it was an internal decision or an externally imposed requirements. If they don't see any value in fixing it, they won't. In this case, they've said that there aren't enough people who use the feature to warrant expending engineering resources for that, rather than allocating those resources for a feature people actually want to use. It's that simple, but yet people are trashing Apple for not anticipating more than ten years ago that some governmental body would force them to do something beyond their original implementation. It wasn't necessary back then, so there was no reason for them to do it.

And you missed the part of not learning from mistake MS made in the windows 95-XP days of super deep integration of the OS web engine into the OS. That the root issue. That is a security issue is you allow the web engine to run a lot of random code and not sandbox it correctly.

Also some of those requirements you ask the question as a developer. Are we ever thinking about doing this in the future? If yes you can account for it. At the time we knew the engineers were thinking about allowing 3rd party Apps which most likely include a web engine.

It was a security issue from early one and at one point you could jailbreak your iOS device by going to a single website. It was funny going into stores with iPhones on display and most of them would be jailbroken because all you had to do was going to a certain website and it was exploited. It took apple a while to patch that one. I also know it was not the only exploite in the webkit that was exploited. The jailbreaking one that was over 10 years ago and again a lesson Apple should of started working on 10 years ago due to the security issue but instead band aided it and covered it up.

 

[1129846]

This also why we need a whole iOS/iPadOS/macOS update when Safari has a 0-day vulnerability. Instead of just a regular app update.

True but that goes for most of Appls app which is sad. They really should be stand alone one that could be updated threw the appstore instead of a full OS update. Hence a issue in the setup to begin with

 

[mrochester]

And you missed the part of not learning from mistake MS made in the windows 95-XP days of super deep integration of the OS web engine into the OS. That the root issue. That is a security issue is you allow the web engine to run a lot of random code and not sandbox it correctly.

Also some of those requirements you ask the question as a developer. Are we ever thinking about doing this in the future? If yes you can account for it. At the time we knew the engineers were thinking about allowing 3rd party Apps which most likely include a web engine.

It was a security issue from early one and at one point you could jailbreak your iOS device by going to a single website. It was funny going into stores with iPhones on display and most of them would be jailbroken because all you had to do was going to a certain website and it was exploited. It took apple a while to patch that one. I also know it was not the only exploite in the webkit that was exploited. The jailbreaking one that was over 10 years ago and again a lesson Apple should have started working on 10 years ago due to the security issue but instead band aided it and covered it up.

Apple aren’t a horizontally integrated company therefore the Windows/IE tie-up isn’t relevant (until EU regulators changed the law to make it relevant). This is why Android operates in a different way, because it is also a horizontally integrated product.

When you are operate a vertically integrated product you expect to be able to do whatever you like with it and customers are then free to either reward or punish you by buying or not buying the product that you offer. The issues arise when regulators try to enforce a horizontal business model onto a vertically integrated product, and here we are.

It the EU wants to crow about all the wonderful things that the DMA does they also need to accept all the downsides that the DMA imposes too. They can’t try and claim all the good things are due to the DMA but the bad things are someone else’s fault; that sounds like MAGA logic.

 

[mkartano]

I hate what EU is doing here.. I hope I as a user, could have option to choose do I want to use EU bureaucracy version of iOS or continue as before. If I would like to use different browsers, multiple app-stores etc. i would choose Android. It's not that we don't have options. Nothing good comes from EU regulators (except maybe USB-c) and I'm alfraid what they wan't next.

 

[mrochester]

I hate what EU is doing here.. I hope I as a user, could have option to choose do I want to use EU bureaucracy version of iOS or continue as before. If I would like to use different browsers, multiple app-stores etc. i would choose Android. It's not that we don't have options. Nothing good comes from EU regulators (except maybe USB-c) and I'm alfraid what they wan't next.

Yeah, sadly the DMA is not designed to benefit consumers, it’s designed to benefit Apple’s competitors. Us consumers are just fallout.

 

[traveler01]

Safari uses deep private API to wrap these links into being treated as apps consisting of a WebKit runner, which gives them isolated storage and permissions. They aren’t prepared to a third party, let alone dozens of third party browsers, have this capability. So by law they have to disable it from Safari.

These dozens of third party browsers are quite literally just wrappers around Chromium and then Firefox 😂

 

[traveler01]

What is a PWA? I am being serious! I really do not know what it is? And I think most people do not know either!

Actually used PWAs quite often during the last year. Both to use for Lemmy front-ends but also to stream in Xbox cloud since Apple is so trashy they were not allowing the native Xbox app to do that for no good reason.

 

[mrochester]

Actually used PWAs quite often during the last year. Both to use for Lemmy front-ends but also to stream in Xbox cloud since Apple is so trashy they were not allowing the native Xbox app to do that for no good reason.

And Microsoft still won’t let you have a native Xbox cloud app even though they are now free to make one.

 

[traveler01]

And Microsoft still won’t let you have a native Xbox cloud app even though they are now free to make one.

So why would Microsoft go rushing into pushing their tech team to finally develop such a complex feature into their iOS app after not being allowed by many years? So that Apple can change their mind in the future and they end up wasting their time?

Because this is the main issue: right now developers need iOS because the user base is wide and willing to spend money on apps. But with this anti consumer attitude (and even anti developer) they’re only damaging their other less used platforms. They’re trying to push gaming developers to make more games to Macs. Who’s the crazy studio that will waste their money developing a MacOS version of their game, when it’s not a widely used OS and considering how Apple acts in iOS where they finally got a position of dominance? Who’s the crazy developer that will start developing for VisionOS? It’s a ecosystem that’s in their beginning and I pretty much doubt that any developer will want to see its success. Apple is fighting a heavy and dirty battle to protect their money cow called iOS but they’re not considering the size of the damage they’re doing to their other products.

 

[mrochester]

So why would Microsoft go rushing into pushing their tech team to finally develop such a complex feature into their iOS app after not being allowed by many years? So that Apple can change their mind in the future and they end up wasting their time?

Because this is the main issue: right now developers need iOS because the user base is wide and willing to spend money on apps. But with this anti consumer attitude (and even anti developer) they’re only damaging their other less used platforms. They’re trying to push gaming developers to make more games to Macs. Who’s the crazy studio that will waste their money developing a MacOS version of their game, when it’s not a widely used OS and considering how Apple acts in iOS where they finally got a position of dominance? Who’s the crazy developer that will start developing for VisionOS? It’s an ecosystem that’s in their beginning and I pretty much doubt that any developer will want to see its success. Apple is fighting a heavy and dirty battle to protect their money cow called iOS but they’re not considering the size of the damage they’re doing to their other products.

They should do it because it’s exactly what they originally asked to be able to do. However, I doubt appearing hypocritical will do Microsoft any harm with shills at the ready to defend them 👍

 

[traveler01]

They should do it because it’s exactly what they originally asked to be able to do. However, I doubt appearing hypocritical will do Microsoft any harm with shills at the ready to defend them 👍

Not defending anything, just showing you the logic. Even though Apple “allowed” all that they designed it to fail. They’re screwing everyone: consumers, developers and in the end the EU.

 

[mrochester]

Not defending anything, just showing you the logic. Even though Apple “allowed” all that they designed it to fail. They’re screwing everyone: consumers, developers and in the end the EU.

Not really. Microsoft can make an Xbox cloud gaming app, stick it in the App Store, consumers can download it and use it. It’s just Microsoft won’t do that, so your beef is with them for refusing to make the app.

 

[JohnRckr]

Someone please explain this article to me like im 10 - what the hell does this mean?