Mozilla is 'Extremely Disappointed' With Implementation of Apple's EU Browser Engine Change

[Stiksi]

I find it strange that people root for governments. Now if the eu keeps putting pressure they may lose American tech. Don’t care you say. Then you’re banished from google…use yahoo.

”Root for governments”… you do understand that governments are elected, right? And as for the ”lose American tech” bit, that’s not even remotely in the realm of possibility. The EU is a way larger customer base than the US, it’s not like they can afford it.

 

[Luap]

And that's why more and more developers worldwide are permanently leaving Apple's Developer Program.

Evidence?

 

[cupcakes2000]

...

Whilst I likely agree with the gist of what you’re saying, the other poster asked for evidence on you’re claim that ‘more and more developers worldwide are permanently leaving Apples developer programme’. The ‘evidence’ you have provided says nothing of the sort. All of these still actually develop for other Apple platforms, and all of them have said they’ll ‘wait and see’ regarding apples new category entry.

 

[Jim Lahey]

Right, there is so much choice in the mobile OS space. You can choose between all of 2 options, so let’s just let them do whatever they want. Apple and Google have enormous power over consumers and you have no problem with that overreach. Why is that power different and better than the power of elected officials?

It's an open secret, a matter of public record in fact, that these elected officials in the Five Eyes alphabet agencies have very real designs on seizing control of big tech companies to the end of forcing them to become surveillance portals for government. You can laugh, cry, disagree or do whatever you like, but when you wake up in a Blade Runner movie some time in the future, just remember that the crazies tried to warn you what would happen 👍

 

[cupcakes2000]

It's an open secret, a matter of public record in fact, that these elected officials in the Five Eyes alphabet agencies have very real designs on seizing control of big tech companies to the end of forcing them to become surveillance portals for government. You can laugh, cry, disagree or do whatever you like, but when you wake up in a Bladerunner movie some time in the future, just remember that the crazies tried to warn you what would happen 👍

Whilst I wholeheartedly agree, this law is actually designed to bypass any gatekeeping at all, and allow one to install apps from anywhere - thus avoiding any need at all to download government tampered apps.

 

[Jim Lahey]

Whilst I wholeheartedly agree, this law is actually designed to bypass any gatekeeping at all, and allow one to install apps from anywhere - thus avoiding any need at all to download government tampered apps.

That may all be so, but in my mind it's not about the public-facing changes to this or that. Rather it's about the unanswered questions of what concessions may have been made at the negotiating table. What might Apple or Google or anyone else be willing to give up in exchange for keeping something that they're not. That's how negotiations work. And the EU will definitely not stop here. Again, all just in my opinion.

 

[palmerc]

Also "security concerns" regarding alternative app stores sound mostly unfounded considering what makes iOS devices secure and private is the sandboxing and permissions system which works on a system level, Apple 'reviewing' each app that gets submitted to the App Store is mostly to check for content violations rather than malicious code I think. See macOS as an example and that's an even more difficult system to keep secure/private because software can optionally run helper processes at a root level.

This suggests that security is composed solely of platform security mechanisms like sandboxing and codesigning. This is not a correct understanding of security. The platform itself cannot be 100% secure and technological mitigations by themselves will not protect a user from violations of privacy, or security.

App review is an opportunity for Apple to perform static and dynamic analysis against a binary, checking for questionable development choices like private API calls, tracking, resource utilisation, obfuscated and hidden code. It also provides an opportunity to determine if the developer has done a sufficient job of informing the user of how their information will be handled or resources it might use through entitlements. Some sensitive entitlements require justification to Apple before they are granted.

Content violations are important for Apple's reputation as a reliable, safe and family-friendly platform, but App Review is another element in their overall security posture.

 

[SonsofAres]

Well, if a non-WebKit browser would mean (for an iPad at least) the ability to keep multiple tabs visible when you scroll down rather than hiding it, I would want that, too.

 

[palmerc]

Whilst I wholeheartedly agree, this law is actually designed to bypass any gatekeeping at all, and allow one to install apps from anywhere - thus avoiding any need at all to download government tampered apps.

Then you have not read the law if you think it is designed to bypass any gatekeeping at all. It is a law that is supposed to make it possible for other businesses to establish themselves as alternative gatekeepers. The notion is that what is best for consumers is what is best for other businesses.

The Digital Markets Act: ensuring fair and open digital markets

Keyword: markets. This is not about bypassing gatekeeping, but allowing other businesses to act as gatekeepers.

 

[McTaste]

Apple going out of its way to keep things like this geo-locked really leaves a bad Tim in my mouth. They put in all the effort to create BrowserEngineKit or whatever, might as well put in extra effort to ensure only legally mandated users gain access.

They must make a lot of money spying on everyones Safari browsing and reselling the data / using it in their ad network.

 

[palmerc]

Why are browsers required to run on the WebKit engine in the first place? WebKit limits Firefox so much that you can't use a ad blocker, it's just safari reskins at that point.

Apple specifically prevents native instructions from being written into memory and then allowing that code to execute.

Security of runtime process in iOS and iPadOS

A browser engine is a complicated piece of software that allows arbitrary code execution. This makes it an excellent target for attacking the platform. Or to put it another way, only allowing WebKit means they only have to deal with the security and performance of one engine.

 

[cupcakes2000]

Then you have not read the law if you think it is designed to bypass any gatekeeping at all. It is a law that is supposed to make it possible for other businesses to establish themselves as alternative gatekeepers. The notion is that what is best for consumers is what is best for other businesses.

The Digital Markets Act: ensuring fair and open digital markets

Keyword: markets. This is not about bypassing gatekeeping, but allowing other businesses to act as a gatekeepers.

*Businesses including indie devs. Or do you think they will become automatic gatekeepers? Do you know what a gatekeeper as the eu designates them is? Or do you just think everyone is a gatekeeper because they own a business, however small?

The law states nowhere it’s designed to allow another business to become a gatekeeper.

 

[palmerc]

They're *way* worse than Microsoft was - they're significantly more creative than MS was back then.



I do hope we can rein Apple in to a significantly more cooperative entity like Microsoft (even now they're still looking over their shoulder) but I think it might be too late.

This completely misunderstands the Microsoft problem. Microsoft was the market. There was no meaningful alternative to Microsoft. It used its dominant market position to crush all rivals on a technological platform that was 'open.'

Apple is an important player, but it is by no means the only player. It ships a lot of devices, but it doesn't ship most devices. The iOS platform was never open, living somewhere between an appliance and an IBM compatible PC.

The legislation might impact Apple, but it isn't solely about Apple. Really, this comment completely mischaracterises the legislation and suggests this new regulation is somehow equivalent to the anti-trust process Microsoft went through. No business is going to comply with a regulation above-and-beyond what is required unless it is in their best interest to do so, in the case of Microsoft it was forced to comply as a remedy to its monopolistic practices.

 

[palmerc]

Because a non-WebKit browser app could choose to make any iOS function that is available to apps also available to web applications, which in turn would allow to implement web applications with basically the same functionality and platform integration as native applications. This, in turn, would deprive Apple of revenue from their App Store.

Not everything boils down to a simple yes or no question nor does it boil down to money or not. Nor would an alternative web engine be allowed to access any function it wanted.

The pegasus exploit burned three zero-days to gain no-click, arbitrary code execution on an iOS platform. A browser by virtue of the existence of Javascript needs to be granted dynamic code execution on the platform. This means the security of the platform becomes tied up with the security of the browser implementation.

 

[I7guy]

They were forced to be more open, that's a bad thing?

Yes. The keyword being “forced.”

 

[I7guy]

”Root for governments”… you do understand that governments are elected, right? And as for the ”lose American tech” bit, that’s not even remotely in the realm of possibility. The EU is a way larger customer base than the US, it’s not like they can afford it.

People have been “rooting” for the EU. And while governments are comprised of elected representatives that doesn’t mean it doesn’t collectively always does a great job or makes the right decisions.

 

[dk001]

This suggests that security is composed solely of platform security mechanisms like sandboxing and codesigning. This is not a correct understanding of security. The platform itself cannot be 100% secure and technological mitigations by themselves will not protect a user from violations of privacy, or security.

App review is an opportunity for Apple to perform static and dynamic analysis against a binary, checking for questionable development choices like private API calls, tracking, resource utilisation, obfuscated and hidden code. It also provides an opportunity to determine if the developer has done a sufficient job of informing the user of how their information will be handled or resources it might use through entitlements. Some sensitive entitlements require justification to Apple before they are granted.

Content violations are important for Apple's reputation as a reliable, safe and family-friendly platform, but App Review is another element in their overall security posture.

Yup
Personally I see Apple as just mouthpiecing the “privacy and security” aspect.
While Apple may “try”, I see major issues of this aspect from the OS and core apps. Not just from nefarious devs.

Looks like another one….

https://twitter.com/x/status/1750502700112916504

 

[I7guy]

Yup
Personally I see Apple as just mouthpiecing the “privacy and security” aspect.
While Apple may “try”, I see major issues of this aspect from the OS and core apps. Not just from nefarious devs.

Looks like another one….

https://twitter.com/x/status/1750502700112916504

With a huge code base and lots of vectors there will always be “another one” to add to the pile. Apple does shut those doors in due time.

 

[dk001]

With a huge code base and lots of vectors there will always be “another one” to add to the pile. Apple does shut those doors in due time.

True they do. The only aspect I would love to see changed is more actual detail on the core issue impact and fix instead of predominately silence. iOS is not as secure and private as Apple Marketing would have us believe.

 

[I7guy]

True they do. The only aspect I would love to see changed is more actual detail on the core issue impact and fix instead of predominately silence. iOS is not as secure and private as Apple Marketing would have us believe.

Well I think it is secure and private as apple says. Doesn’t mean there won’t be any privacy or security issues ever. And everybody’s definition of what constitutes an acceptable level or privacy and security is different.

 

[gregmancuso]

Right, there is so much choice in the mobile OS space. You can choose between all of 2 options, so let’s just let them do whatever they want. Apple and Google have enormous power over consumers and you have no problem with that overreach. Why is that power different and better than the power of elected officials?

And by forcing Apple to remove parts or all of the walled garden - making iOS the same as Android - effectives moves that choice to one!

I am not arguing the merits of keeping iOS closed or opening it up. I am saying that people wanting governments to force Apple to open iOS really seem to want an Android phone and its ecosystem, but want one with an apple logo on the back.

 

[dk001]

And by forcing Apple to remove parts or all of the walled garden - making iOS the same as Android - effectives moves that choice to one!

I am not arguing the merits of keeping iOS closed or opening it up. I am saying that people wanting governments to force Apple to open iOS really seem to want an Android phone and its ecosystem, but want one with an apple logo on the back.

Really?
The only way it end up looking like Android is if Apple builds their solution to copy Android.

 

[Kuckuckstein]

Apple also has a promoted privacy and security and these laws undermine that. If you disagree buy an android phone. I trust Apple over these other companies any day of the week.

I do trust Mozilla over Apple.

 

[Jankie]

It's an open secret, a matter of public record in fact, that these elected officials in the Five Eyes alphabet agencies have very real designs on seizing control of big tech companies to the end of forcing them to become surveillance portals for government. You can laugh, cry, disagree or do whatever you like, but when you wake up in a Blade Runner movie some time in the future, just remember that the crazies tried to warn you what would happen 👍

Just watch ‘Enemy of the State’ from the late 90s. Very informative. They always tell you what they are doing.

 

[Jim Lahey]

Just watch ‘Enemy of the State’ from the late 90s. Very informative. They always tell you what they are doing.

Not seen it for many years but will have to seek it out 👍