Apple Warns of Privacy Risks in EU's DMA Interoperability Requirements

[davide_eu]

Apple has released a report highlighting its concerns about how some companies could "weaponize" the EU's Digital Markets Act (DMA) interoperability requirements to access sensitive user data. The report came on the same day that the European Commission began consulting on the proposed measures for requesting interoperability with Apple's iOS and iPadOS operating systems.

The DMA, which came into force this year, requires major platform holders like Apple to provide third-party developers equal access to iOS and iPadOS system tools and features. One of the Commission's proceedings focuses on the process Apple has set up to address interoperability requests submitted by developers and third parties for iOS and iPadOS. While Apple says it is fully committed to complying with the interoperability regulations, which aim to create fair competition, it is worried about unintended consequences resulting from the law's interpretation that could have a negative impact on user privacy.

Apple's report specifically calls out Meta, which has made 15 separate requests "and counting" for access to Apple's technology stack. According to Apple, Meta's requests have included access to features like messaging capabilities, AirPlay, CarPlay, and the App Intents framework. If granted as requested, Apple warns that these permissions would potentially allow Meta's apps to access a range of user data spanning messages, phone calls, photos, app usage, and passwords on their devices.

"In many cases, Meta is seeking to alter functionality in a way [...] that appears to be completely unrelated to the actual use of Meta external devices, such as Meta smart glasses and Meta Quests," says Apple. The report continues: Apple in the report is keen to emphasize its longtime support for developer access to device features through more than 250,000 APIs, but always with built-in privacy protections. The company points to historical examples like TouchID implementation and microphone access, where developers can take advantage of these features while maintaining privacy and control safeguards.

The report expresses particular concern about companies with previous privacy violations potentially circumventing GDPR protections through DMA requirements. Apple notes that while it processes data on-device whenever possible, other companies might use that information for their own gain. "Third parties may not have the same commitment to keeping the user in control on their device as Apple, and may prefer to move user information to their servers—where they can combine, profile, and monetize an individual's private data," Apple warns.

Apple's publication underlines its commitment to reviewing and implementing interoperability requests as per the DMA when feasible, but the company argues that solutions must preserve platform integrity and protect sensitive user data. As a way to achieve this, Apple outlines its four-step process for handling interoperability requests that includes initial assessment, project planning, development, and release phases.

"We will never abandon our bedrock commitment to our users' privacy and security," adds Apple. "We trust that the EC will seek to implement the interoperability requirements in a manner that respects the GDPR."

Meta yesterday responded to Apple's criticisms, claiming that "Every time Apple is called out for its anti-competitive behavior, they defend themselves on privacy grounds that have no basis in reality." However, Meta itself has previously come under criticism for privacy violations several times. Just this week, the UK's Ofcom said it was opening an investigation into Meta's Instagram for "turning a blind eye to ads for child sex abuse," while a new report by MLex said that more than half of UK scams involve Meta platforms.

Meta has also been fined €251 million ($265 million) by Ireland's Data Protection Commission for a 2018 Facebook breach affecting three million accounts in Europe, exposing names, contact details, locations, and children's data. Meta is expected to appeal the decision.

The Commission's interoperability proceedings began in September 2024 and are set to conclude within six months of opening.

Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Apple Warns of Privacy Risks in EU's DMA Interoperability Requirements

Ahah so funny, they are trying to use fear to protect their money.

Please EU give them a lesson forever.

 

[davide_eu]

Everyone knew that Apple would move to USB-C eventually. EU's decision played a small role in it. But being a resident in EU, what I can see that many decisions only create problems for the countries. There are more losers than gainers in EU. It created more bureaucracy, more corruption and unstable economy.

More corruption? Please may you show evidence that they brought "more"?

 

[davide_eu]

How can a company not have data on its customers?

That's like saying BMW not wanting to share all their customer data with the world is proof of them wanting to hold a monopoly.

That's absurd.

The 1st party will always have data on its customers, because, well, they are one side of the exchange of value.

That isn't a monopoly, but rather the inevitable end result of doing business with someone.

No,

They "process" personal data because they have at least one legal base. Else they CANNOT process.

 

[davide_eu]

Great more popups, sorry but this why I use an iPhone. I'm glad Apple walled off the EU version of iOS when they make Apple open everyhting up to Meta it will only be in the EU.

I have lost some episodes of this drama...

What did a$$le open to Meta?

 

[davide_eu]

Apple, at this point you've dropped your pants and let them bend you over time after time. Either back out of the EU all together or shut up at this point. You playing along with their BS is why this is still going on.

Is it the same a$$le dropping pants in China?

 

[jimbobb24]

The EU is really showing the world why their tech sector is a joke compared to the US and Asia. Justify it all you want but these type of laws and bureaucrats are why Europe is being left in the dust. They are a giant market but they are going to fade as more tech flees and it’s just not worth dealing with all their attempts to make the software suck in the hopes that some European company can have the bar lowered enough to participate. But that European company will just relate to Asia where they can grow and develop free of the eurocrats.

 

[Sophisticatednut]

Exactly. Apple quite literally created USB-C, then provided it to the standards bodies to work on the implementation. Of the companies that had employees assigned to the task, Apple’s group of employees was second ONLY to Intel. The tech world wisely ignored the tech-deaf EU’s Memorandum of Understanding to standardize on microUSB. And, when USB-C was ready, there was little resistance because the tech world was already on board and a part of making the change happen. The only reason why Apple took a full 10 years from adopting lightning to adopting USB-C is because that’s exactly what they announced they’d do when switching to lightning! Which is crazy when you think about it. They were THAT confident that, in 10 years, a reversible, universal cabling system would be available to transition to even though it hadn’t even been fully standardized yet! (Lightning was out in 2012, USB-C wasn’t ratified until 2 years later!)

In all this, the only part the EU had in it was changing their mind from microUSB to USB-C and then closing the barn gate BEHIND them when the entire tech world had already moved on (USB-C isn’t required until the end of THIS year).

EU didn’t change their mind. The MoU from 2009 went out in 2014 when usb-c launched as they had agreed on. And I’m sorry but Apple isn’t the only company in town consider the hundreds of charging ports that where in use at the time.

But If only Apple had adopted USB-c in 2014 and replaced the 2012 lightning port.
And Apple was so forward thinking that the iPhone 15/16 is still using usb 2.0 from 2000… 🙄

At least now I can use my keyboard, mouse and headphones with usb-c for everything

 

[vantelimus]

Maybe let users decide who they want to trust with their data?

I made a decision when I chose Apple and its emphasis on security and privacy so that I didn't have to do extensive research on every app to determine whether it would steal my data. The EC is trying to pry open Apple's ecosystem to make it much much harder for me to maintain security and privacy. It is creating a hazard that I made a decision to avoid. The EC is anti-choice.

 

[spazzcat]

I have lost some episodes of this drama...

What did a$$le open to Meta?

Meta is asking for full access, nothing has been open to them.

 

[vantelimus]

Privacy doesn't exist when you are carrying a device with a camera, microphone and gps in your pocket all day.

Apple doesn't care about privacy if they did they wouldn't sell their users to Google, they care about $$$$

The headline is false and misleading and so is your allegation.

Now, what you are saying might be true if Apple were shipping your private data to Google, but it is NOT. It might be true if Apple restricted your search access solely to Google, but it does NOT. It might be true if you couldn't change your default search engine, but you CAN. It might be true if you couldn't disable Google tracking in Safari, but you CAN.

In sum, your comment smells worse than BS.

 

[I7guy]

Privacy doesn't exist when you are carrying a device with a camera, microphone and gps in your pocket all day.

Apple doesn't care about privacy if they did they wouldn't sell their users to Google, they care about $$$$

This doesn’t mean what you think it means, old chap. How do internet protocols changed if google.com were typed in the browser.

Before you answer, they don’t.

 

[I7guy]

Is it the same a$$le dropping pants in China?

What needs to be accomplished in china is well known. Not so much for the EU as the dma is a disaster.

 

[Mrkevinfinnerty]

The headline is false and misleading and so is your allegation.

Now, what you are saying might be true if Apple were shipping your private data to Google, but it is NOT. It might be true if Apple restricted your search access solely to Google, but it does NOT. It might be true if you couldn't change your default search engine, but you CAN. It might be true if you couldn't disable Google tracking in Safari, but you CAN.

In sum, your comment smells worse than BS.

They know the vast majority don't change the default that's how they can command the fee. They are selling access to those users to Google however you want to dress it up.

They are happy to talk about privacy but more than happy to profit out of the ad tracking economy that they pretend to be so outraged by

That's before you even get into the PRISM allegations. They have very little real credibility outside of those who would swallow any line they put out. As others have pointed out much of their privacy rhetoric exists to defend their monopoly.

 

[I7guy]

They know the vast majority don't change the default that's how they can command the fee. They are selling access to those users to Google however you want to dress it up.

However you dress it up. It’s fake news.

They are happy to talk about privacy but more than happy to profit out of the ad tracking economy that they pretend to be so outraged by

More fake news

That's before you even get into the PRISM allegations. They have very little real credibility outside of those who would swallow any line they put out. As others have pointed out much of their privacy rhetoric exists to defend their monopoly.

Why are you still harping on stuff from 20 years ago?

 

[antnythr]

"If Apple were to have to grant all of these requests, Facebook, Instagram, and WhatsApp could enable Meta to read on a user's device all of their messages and emails, see every phone call they make or receive, track every app that they use, scan all of their photos, look at their files and calendar events, log all of their passwords, and more. This is data that Apple itself has chosen not to access in order to provide the strongest possible protection to users."

So Apple is saying that they have access to all this stuff and they’re just choosing not to look at it? Do they pinky swear?

🤔

 

[Mrkevinfinnerty]

However you dress it up. It’s fake news.

More fake news

Why are you still harping on stuff from 20 years ago?

Yeah it doesn't count because it was 20 years ago (we'll just ignore the fact that it happened while Cook was CEO and wasn't nearly 20 years ago)

Nothing fake about it, if mining personal data was the gold rush Apple is one of the guys selling the shovels.

 

[I7guy]

Yeah it doesn't count because it was 20 years ago

Why don’t you go back to the civil war then?

(we'll just ignore the fact that it happened while Cook was CEO and wasn't nearly 20 years ago)

You’re right it started in 2007 and was mandatory under Steve Jobs. So stop the fake news.

Nothing fake about it, if mining personal data was the gold rush Apple is one of the guys selling the shovels.

 

[Mrkevinfinnerty]

Why don’t you go back to the civil war then?

You’re right it started in 2007 and was mandatory under Steve Jobs. So stop the fake news.

Ok? not sure how that makes it any different. Steve Jobs was Apple CEO at the time. Although they were far less preachy when Jobs was in charge.

 

[I7guy]

Ok? not sure how that makes it any different. Steve Jobs was Apple CEO at the time. Although they were far less preachy when Jobs was in charge.

I would say if anyone is going to dish on apple at least get the facts right. The only comment toward getting the entire thing wrong is an opinion about being preachy.

There are many throw the baby out with the bath water types here on MR. But thankfully apple ignores the noise.

 

[MilaM]

The only wrong thing about this mandate, is that Meta might get access to MY data, while I as a user can't.

It's really absurd watching big corporations fight about who gets to profit from "knowing the user", while we users can only guess what is really going on inside our devices.

 

[Mrkevinfinnerty]

I would say if anyone is going to dish on apple at least get the facts right. The only comment toward getting the entire thing wrong is an opinion about being preachy.

There are many throw the baby out with the bath water types here on MR. But thankfully apple ignores the noise.

Which part is factually incorrect?

 

[I7guy]

Which part is factually incorrect?

Everything is incorrect.

 

[I7guy]

So Apple is saying that they have access to all this stuff and they’re just choosing not to look at it? Do they pinky swear?

🤔

Yes apple pinky swears. Actually your cell provider also knows where you’ve been, who you’ve called and for how long you were on the phone. And what the MAC address is, etc

 

[Mrkevinfinnerty]

Everything is incorrect.

Can't actually refute anything that was posted then. I see.

 

[djphat2000]

It's always about trust. Do I trust Apple more than Meta right now? Yes. Do I trust them for the next 10 years? Who knows.

This is certainly a fair point.

But Apple is the one holding all your data and by keeping other companies out, they have a monopoly on that data.

I'm currently not aware of Apple holding any of my data that I did not explicitly allow them to have. Either it's encrypted in iCloud or on device. So I don't agree they have a monopoly on my data. They have to use it to some point but not to the extent that Meta or Google does.

It's like saying you mustn't buy 3rd party car replacement parts because now other companies could track on which parts are replaced. If you do not allow 3rd parties, the car company is the one having your data.

For situations like that we try to have something like a license for 3rd parties to have that let the end user know. This is a safe product for this "car" or whatever it's going into. However, it may interoperate with it. That way the end user knows they should be operating within the same parameters as an OEM part. Once you go "allow them to have the same access as you" route. Well, it gets murky. Apple states they are not accessing those areas and purposefully keep away from it. For personal security reasons. You the end users data is not viewed or tracked with that information. While Meta and others seemly want access to your photos, Contacts, GeoLocation, etc. When all they are doing is showing you something at the end of the day. What? Why would they need access to my phone camera or contacts when I'm just playing a game on Quest? The potentially could have access to all that because Apple "could". We can debate if Apple does or does not use any sensitive data on any end user. But, that's just the statement they are making.

And saying "buy another car" is valid due to the number of manufacturers. But it's iOS vs. Android. So either be locked in the iOS ecosystem and fully trust Apple or let Google get your data but have more choice for 3rd party add-ons.

At the end of the day, you have the choice to purchase one or the other or neither and do without. There are those that say you can't operate in life without either. So they are necessary devices to facilitate daily life. If that is the case, we need to treat them like a utility and over regulate them. If they are free enterprise businesses. Then they should be able to proceed with their different paths to the same goal (making money). I personally don't feel locked into either eco-system. They both offer competing products and present it in their way. You either like it or don't. Need it or not. But, locked it is a myth made up by people that don't fully like either, and can't accept what you have is what you have. Unless you make something new. Which everyone is pretty free to do in most democratically run countries. If you want to overregelate it. Then you will lose out on the individuality of having these devices. They will all look the same (mostly), and function the same (mostly), and have the same sets of features. Things you like or don't will be the same. This may work well for gas, water, and electricity. But, I'm not in favor of that for phones.

The only competition is Huawei's HarmonyOS but apart from that, all manufacturers rely on Google.

But we do have Apple as an option to Google.... Sorry everyone (mostly everyone) didn't like Microsoft CE or Windows Phone. And got over Blackberry, and Symbian, and PalmOS, etc.

Apple's statement against the DMA is just them trying to maintain their monopoly.

Whether I agree or not with that point is irrelevant. What is-is my ability to prevent that data sharing to other 3rd parties. I would argue that I choose Apple or Google to my phone data. But I don't choose Meta or any other 3rd party to that data by default. I do not want them to have access to my phones hardware/software stack in totality by default just because I use a Quest device once in a while. Do they need some hardware level access? Sure. Some software access, sure. But, not total.

If you think it's about privacy, see where data is stored for Chinese users. And if the US requires Apple to stop end-to-end encryption, Apple will not hesitate to give governments your data. Privacy is just a convenience as Apple doesn't rely on data gathering like Google does

That's the point. Apple doesn't rely on your data for them to make money. While Google and Meta do. It is what pays for the services they offer. Which if they charged for those services, they wouldn't have much of a company. And there comes a point where that access goes way too far. And "access" just becomes full on monitoring of your data live as it flows in and out of your device.