I’ll side with Apple on this one, the time and money spent to fully open up their os would (I assume) require a huge amount of code rewrite and software re-architecture that it just isn’t worth it since this EU law only applies to the EU and no where else. If this law was world wide then I can see them having to spend the time and money for re architecting their software.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Confirms iOS 17.4 Disables Home Screen Web Apps in the European Union
- Thread starter MacRumors
- Start date
- Sort by reaction score
I really need 🤷♂️ as a reaction, because I just don't know what to say anymore. The DMA does not force you to use 3rd party store, sideload or use a different browser, it just says Apple has to offer that option. Not, not less. And I still believe that this will improve iOS more than it will harm it.
Many that are upset are seemingly trying to not actually understand the situation.
If you want to keep living in Apple's locked down world, you're able to still keep doing that and these changes will not impact you.
This is providing more choice. This is good. This is better for more people.
Strawman argument. Posters on here say how Android is more innovative, has better options, etc. so use Android if you don't like Apple's choices is a valid comment. However, what some are really saying is "I want Apple to do things the way I think they should be" and are unwilling to make a change because they still want an iPhone.
At the end of the day, it's a phone. Both OS's have pluses and minuses. Both get the job done. Users have a choice. It's fair to criticize Apple's design and pricing choices, but Apple should be free to make them and as long as they meet the EU law not forced to do more.
Personally, I think it is hypocritical for the big companies that are whining about Apple considering many of their platforms are equally closed or even more of a walled garden.
Except that these changes do impact people in the EU because there is now a loss of functionality with home screen web apps, even if they opt to only use Safari.
Last edited:
That's because of Apple and how they've CHOSEN to react to local regulations.
Apple is responsible for how it conducts itself in local jurisdictions
Nothing about EU regulations is forcing them to screw PWA's like this in the EU
None of this happened overnight, btw. Apple had a lot of time to approach their solution in the EU very differently, and they chose not to.
I'm really looking forward to the EU hitting Apple with a MASSIVE fine for shenanigans like this.
All they had to do was add a setting for which browser you want to run web apps. But they're behaving like a small child who's been told that he has to eat his vegetables before he can have dessert.
All they had to do was add a setting for which browser you want to run web apps. But they're behaving like a small child who's been told that he has to eat his vegetables before he can have dessert.
Apple is required to allow third party browsers to be competitive. That is why they will have a browser selection screen that does not default to Safari. That is why they have added tons of new browser-specific API to allow browsers to have deeper system integration that they previously only got indirectly via WebKit's entitlements and use of private API.
The PWA support shipped today is a combination of WebKit and Private API coordinated by Safari and the OS. But they are classified as a browser-level feature, so the OS had to be extended to allow non-Safari/non-WebKit usage, or the whole thing had to be disabled in the name of regulatory fairness.
The public API doesn't exist, which is why third party browsers cannot use it even if they wanted to. DMA means Safari can't use it either.
Chances are to allow side loading is not nearly as big of a change as you might think. It chances are relatively minor things it is a change to how to accept signing certs that are not Apple. The code on that part is pretty minor. Hell most of the heavy lifting is already done with their enterprise certs. The most complex thing is just added a screen in the setting to allow to see it. Everything else is already done.
For what? Apple is not allowed to favor their browser so they removed PWA functionality to avoid violating EU law.
Apple would have to, in order to comply with the EU law, offer the same functionality so as not to favor tehir browser. If Safari PWA's had better security competitors could claim Apple has given Safari an advantage. Apple decided the cost of making any browser as capable as Safari for PWAs was not worth it. Risking a fine for allowing PWAs with less functionality than Safari's would be stupid; deprecating PWAs was the best and quickest way to be in compliance.
The EU has defined what a gatekeeper must do and Apple is complying with the regulation as written. I suspect, as all the ramifications of this regulation play out there will be changes and adjustments.
Last edited:
I’m one. Using them for this forum as well as a Finnish forum I frequent in.
I haven’t paid enough attention, but regardless of Apple trying to keep developers by not including ipadOS does the EU law require companies like facebook and Spotify to keep their apps in apple’s App Store and updated if they build their own App Store within apple’s iOS or a “side loaded” version of their app and make the apps work using Apple Pay and so on?
Regardless The true locked down version would be if Apple went back to something closer to its original concept of not having an App Store and making 3rd party stuff all web based. Apple builds phone, os, any Apple built in app is part of OS, and anything else is done on the web or web apps in a big sandbox that can’t access anything outside of it. I am actually good with that.
On slightly different note or question for anyone about the future release of 17.4 in EU:
With closed system Apple’s weakness has been getting lazy at times thinking that just being closed is secure and just going thru App Store makes App Store agreements as far as privacy and security work well enough as compared to coding it in and finding issues themselves in their review.
So Is Apple really going to be able to open up ios securely to allow equal access to side-loading apps and 3rd party app stores and web browsers in a point release to 17.4?
Or
Have they been building versions like this on the side over the years mirroring released versions like they did with the intel version of Mac OS (that still had some issues but was happening in background for several years at same time as previous OS releases)?
Time to fix it properly. Which costs money (have to pay people do to this, its not like ChatGPT will solve that problem for you for free, yet..). I answered the question.
Sounds like someone is going to be getting a new Android device soon. Congratulations!
Hi ChatGPT. I want you to act as Phil Schiller and provide me with a coding solution solution to PWAs not working in the EU as a result of the Digital Market Act.
ChatGPT: 10 Print "Move out of the EU."
It's not that they can't make things secure for this feature, they have said they can. What they said is that to spend the energy (manpower) to do so would be cost prohibitive. They are a business who needs to consider profit. The EU is forcing this change and to make the feature secure would cost money with no return on the expenditure so rather than opening it up to be not secure they are removing the feature. There is nothing scary about it, in fact if anything it is the opposite. Rather than Apple "just complying" they are complying in a way that is secure. The only reason this is a "story" is because people who want to use the feature being removed are, rightfully so, upset.
Last edited:
I wish I could like you guys posts multiple times!
Funny to me how the EU enacted new laws forcing Apples hand to make their product different than the one they make for the rest of the world and somehow folks say this is Apples fault and how terrible they are. And all for the simple PWA feature that really isn't that big a deal. You would think they are removing the Phone app from the iPhone.
Last edited:
False. It was properly sandboxed and worked great UNDER WEBKIT. Apple had made the decision to make web browsers WebKit only because it would be secure and because they had full control over the whole stack. That does not make it a security hole because developers wrote the code according to the requirements given to them. As I said, no engineer in the world is going to go beyond the requirements if they value their job. They’d be fired for wasting the company’s time. You’re wishcasting about engineering companies creating requirements that nobody wanted to do while calling that a security hole. Nonsense. I’m guessing you know nothing about software engineering. I don’t know of a single engineering company anywhere that would have done what you think they should have done. Their decision was to make it WebKit-only, so why in the world would anyone expend time and money on securing non-WebKit browser engines?
This kind of thinking is exactly the kind that EU regulators had, in other words, they know zilch about how software works. When that is the case, decisions will naturally have unintended consequences. Sorry, but any blame is squarely on the EU.
You talk about jailbreaking, something Apple frowns on. Keep in mind jailbreaking in itself is an exploitation of a security hole. The second they find one, they patch it to prevent exploitation. Apple’s action, and that of any other company, wouldn’t be to encourage security exploitation. Their action is to close that hole and stop people from doing it. Now your argument is that someone might jailbreak. Just for that, we should allow some other browser engine to run besides WebKit. Who thinks like that?
Apple didn’t disallow the app. Every game within Xbox cloud is a different app. Apple’s fear is that an individual game would be able to introduce a virus or some other nasty thing into iOS without any testing whatsoever on Apple’s part. It was fear of security that asked each game to be submitted individually. There was nothing stopping Microsoft from creating a cloud app and following Apple’s request to submit each game.
The equivalent is something like Adobe Creative Cloud, which has over a dozen apps. Adobe could either submit one app that allowed downloading of other apps that evade scrutiny of Apple’s software reviewers or they could submit each app individually. They chose the latter route, so each app could be checked for harmful behavior or behavior that violated the rules. Can you imagine Adobe not submitting Photoshop for review, but rather submitting only a shell app that allowed Photoshop to circumvent review? Microsoft decided not to bother since they didn’t want to submit each app. But that was Microsoft’s choice to not play by the rules.
Apple relaxed the rules, now allowing the equivalent of unsubmitted apps onto their platform and Microsoft decided not to play anyway. This is on them.
The reason Microsoft is irritated is that they wanted to freeload off the App Store. Hypocrites. Nobody remembers what App Stores were like before Apple created one. I remember it well from the Windows CE and Windows Mobile days when Microsoft charged developers 70% on their App Store. Once Apple entered the fray, they begrudgingly reduced their fee to 30% and that fee remains today on Windows App Store. Now they want to create their own App Store on the iPhone and not pay Apple a penny. Apple followed the EU rules by allowing third party app stores but are charging a 27% fee (30% minus the credit card transaction fee) and Microsoft doesn’t want to pay, despite now being the biggest company in the world.
All of this was Microsoft’s choice. They just never want to play by Apple’s rules.
You clearly did not read Apple’s statement correctly. Apple said they COULD make changes to ensure security on third party browser engines, but they said the feature was used so little that it wasn’t justified to expend the resources to do so. Just think how much engineering effort it took to ensure third party app stores. That probably took away a great number of features that would have appeared in iOS 18, but are now forfeit because they were forced into spending millions on engineering costs to comply. They’d probably have to spend a lot more to make this feature work, but it isn’t worth it to them. Their statement clearly says that if people did use the feature, they would have put forth the effort.
Apple’s entire company identity is security. That’s their biggest selling point about the iPhone and you put forth a statement that basically says Apple doesn’t care about security. They piss off people like Mark Zuckerberg because Tim Cook won’t allow him to steal your data and you say Apple doesn’t care? If Apple really didn’t care, they wouldn’t bother spending millions on security and would be selling your data just like Google and Meta.
They did do this right. Remember this feature was written probably back in 2006 for the first iPhone that had no App Store since at the time, Apple didn’t ever intend to have an App Store. It was written correctly and securely for 2007’s introduction of the iPhone. Fast forward to 2024 and 17 years later some EU regulator comes by and says, sorry you have to change everything. And you’re blaming Apple for not implementing a feature in a way they never wanted it to? If you were an engineer, think about this. If I were designing a system, would you design it the way the company wanted you to do so (“make it work with WebKit since that’s the only web engine we’re going to have on the iPhone”), or would you think… “Gee, if the EU 17 years down the line decide to overturn everything we’re doing because they don’t like WebKit exclusivity, I should tell all my hundreds of engineers to ignore company decisions and do it the way the EU will want in 17 years.” See how absurd statements are about how Apple somehow designed things wrong?
You are incorrect because people don’t see the changes under the hood. Even if you stayed completely in the Apple walled garden, other companies submit their browser apps to the Apple App Store with a different browser engine. Those have security holes Apple cannot protect against. Now an exploit comes along against Chromium, for example, and allows unfettered access to your camera without you knowing it’s happening since that little camera indicator doesn’t come on. Apple can’t protect against that because they don’t control Chromium. They did identify a feature, which if allowed, would allow hackers to exploit just what I described if PWA was allowed without using WebKit. See how staying in the walled garden isn’t necessarily a protection anymore? People simply can’t see unintended consequences for these types of decisions made by government people who know nothing about technology and probably made this decision because somebody greased their pockets. If you don’t think somebody in government got paid off, that’s just naive. We engineer types can generally spot these potential exploits pretty quickly, but the average consumer can’t and think they’re just as protected as before. They aren’t, and Apple decided the way to proactively protect is to remove the feature.
There are undocumented API’s that provide all sorts of low-level, high security access to iPhone hardware. Those are used by WebKit, but security measures were put in place to prevent WebKit exploitation from opening security holes. Those protections aren’t present in these third party web engines. That is why the feature is now gone, and people in the EU wonder why they lost a feature they had before, despite being in the walled garden still.
Last edited:
Here is the problem. That get an android argument is used on people who want side loading added with zero reference to Android or pointing out the unfounded security risk BS argument and yes referencing Android.
The want side loading so get an Android is the default.
Hence if you are in the EU and say dont like this law say get an Android the only correct answer that is well don't like the law move to a different country.
In your example someone finds an exploit in Chromium and they get access to the camera that is Apple security issue.
If a camera turns on with out that little light turning on well that I put 100% on Apple. same for the mic.
That can easily be done in hardware to make it IMPOSSIBLE to exploit it. How for example it is done on a lot of web cams and on the mac for example that LED light is exact same wire that powers the camera. It should be impossible.
Now on your entire argument list let me break down the key point you missed. If you DON'T set a Chromium browser as your default it is not an issue. You continue to live in your Safari Webkit world under Apple's control. None of the rest of your argument applies.
Apple choose to be petty. Even if Apple is telling the truth Apple has already shown they are being beyond petty in other areas of this law with at best malicious compliance hence petty is a fairly likely. If this was the only thing Apple did involving this issue then it would be believable and just Apple made some piss poor choices over a decade ago and never bothered fixing it but this is just another item added to the malicious compliance list.