Should Apple Continue to Ban Rival Browser Engines on iOS?

[Maximara]

But it wasn’t just the Internet Explorer that got the attention of Janet Reno, it was a build up of other things. Developers were complaining that Microsoft would have developers build apps for them, incorporate it into MS-DOS as a core app then with a future release of Windows, Microsoft would build their own and discard the developer. A prime example was Disk Defragmentor from MS-DOS and use that a similar version in Windows 95. Another was a disk compression tool sold independently for MS-DOS that was later included in Windows.

They also tried to put the makers of Lotus 123 out of business with Word, Excel and Powerpoint. It became pretty glaring when Microsoft tried to put Netscape out of business with a free version of Internet Explorer. Microsoft had built a case against itself that made it an easy target for the DOJ.

Not to mention Microsoft dominated the OS marketshare pushing it way over the Supreme Court's minimum of 75%. Google's fork of Apple's webkit dominates the PC and mobile world (~65%) while Apple's own version putters around at 19% (and that is over Mac, iPad, and iPhone). The idea that Apple has a monopoly by any sane definition is insane.

 

[pshufd]

Yes, there is always Android but having an alternative doesn't mean there can't still be the existence of antitrust issues. There were other desktop OS options in the 1990s besides Windows yet that didn't stop the DOJ from pursuing antirust charges and monopoly power claims against Microsoft.

And Microsoft ramped up their lobbying efforts after that. Antitrust can be politically driven too.

In the browser wars of the early 2000s, Microsoft's dominance and the problems associated with it sparked the development of new browsers and engines.

 

[webkit]

But it wasn’t just the Internet Explorer that got the attention of Janet Reno, it was a build up of other things. Developers were complaining that Microsoft would have developers build apps for them, incorporate it into MS-DOS as a core app then with a future release of Windows, Microsoft would build their own and discard the developer. A prime example was Disk Defragmentor from MS-DOS and use that a similar version in Windows 95. Another was a disk compression tool sold independently for MS-DOS that was later included in Windows.

They also tried to put the makers of Lotus 123 out of business with Word, Excel and Powerpoint. It became pretty glaring when Microsoft tried to put Netscape out of business with a free version of Internet Explorer. Microsoft had built a case against itself that made it an easy target for the DOJ.

Correct. IE was the "headline" but there had been other things too. Of course, the monopoly or monopoly power issue for Microsoft was not about the browser but rather the OS. Netscape actually had higher to much higher browser share than MS leading up to the antitrust trial. Microsoft's actions regarding the browser (and other things) were the anticompetitive piece.

The same is true for Apple now. It's not about Apple having a monopoly or monopoly power in browsers or browser engines. The alleged monopoly or monopoly power piece comes from their dominance in mobile OS. The Webkit requirement is the alleged anticompetitive piece.

 

[webkit]

So in other words, another browser that just uses the same engine as FireFox.

I believe the only browser engines still being used are Chromium, Webkit, Gecko and Trident plus perhaps some "one off" custom browser engines.

 

[webkit]

And Microsoft ramped up their lobbying efforts after that. Antitrust can be politically driven too.

In the browser wars of the early 2000s, Microsoft's dominance and the problems associated with it sparked the development of new browsers and engines.

I'd say it was the release of Chromium in 2008 that lead to a wave of new browsers that followed. Obviously, two notable browsers (and engines) came out a bit earlier: Safari (Webkit) and Firefox (Gecko).

There had also been various browsers available in the 1990s but the market was overwhelmingly dominated first by Netscape Navigator and then IE eventually overtook Netscape.

 

[Ruggy]

I'm really missing something here I confess.
You can install Chrome and Firefox on iOS but it's anti-competitive because they have to be based on Webkit and not on something else, even though Chrome on Android is also based on Webkit?
And a browser in any case is only something like a post office decoding ip addresses to direct you to the correct web page and really doing not much else?

 

[Heat_Fan89]

I'm really missing something here I confess.
You can install Chrome and Firefox on iOS but it's anti-competitive because they have to be based on Webkit and not on something else, even though Chrome on Android is also based on Webkit?
And a browser in any case is only something like a post office decoding ip addresses to direct you to the correct web page and really doing not much else?

The problem is that when Apple no longer updates or supports a device then the Webkit updates stop as well. When websites begin to update or upgrade their sites it eventually breaks compatibility so in the end whatever browser you are using won't work properly. An iPad running iOS 7 may not work as good on every website vs an iPad that is on a semi current release. A Mac running Mountain Lion might not work as well with Safari as a Mac running High Sierra and above.

With Android that doesn't apply because Webkit and every web browser gets updates via the Google Play Store so I could use an Android tablet running Android 5.0 and still have current compatibility with any website I visit. That seems to be why there's a push for Apple to change things. Core updates for Apple devices only happen when an OS update takes place.

 

[jav6454]

I believe the only browser engines still being used are Chromium, Webkit, Gecko and Trident plus perhaps some "one off" custom browser engines.

Taking that into account, then I do see the harm in Apple banning another browser engine. However, how much market share of the other engines is there that could affect the mobile space?

 

[I7guy]

Taking that into account, then I do see the harm in Apple banning another browser engine. However, how much market share of the other engines is there that could affect the mobile space?

The issue for iOS is if every browser used their own “WebKit” engine the vector for zero day vulnerabilities would open up wide. Apple wouldn’t be able to patch these engines and another mail in the coffin for iOS security. With security updates being forked in iOS 16, it’s a win-win but other browsers wouldn’t have to be patched via the App Store.

 

[jav6454]

The issue for iOS is if every browser used their own “WebKit” engine the vector for zero day vulnerabilities would open up wide. Apple wouldn’t be able to patch these engines and another mail in the coffin for iOS security. With security updates being forked in iOS 16, it’s a win-win but other browsers wouldn’t have to be patched via the App Store.

Makes sense. Perhaps iOS16's security patch feature will bring about a reversal of said ban?

 

[webkit]

I'm really missing something here I confess.
You can install Chrome and Firefox on iOS but it's anti-competitive because they have to be based on Webkit and not on something else, even though Chrome on Android is also based on Webkit?
And a browser in any case is only something like a post office decoding ip addresses to direct you to the correct web page and really doing not much else?

It's not just about Chrome or Chromium, it's about allowing all browser engines and variants/forks used for the respective browsers instead of "forcing" just Webkit specifically. Not all browser engines are offshoots of Webkit (such as Firefox you also mentioned as it uses Gecko) yet all are required to use Webkit on iOS.

Browser engines (and variants) are not all the same as they can differ on how they access, load, display, etc. various web pages.

 

[webkit]

Taking that into account, then I do see the harm in Apple banning another browser engine. However, how much market share of the other engines is there that could affect the mobile space?

That can vary by region but I think regulators just don't like to see a significant part of the mobile OS market "unreasonably" or "artificially" restricted by having to specifically use Webkit.

 

[Sophisticatednut]

The issue for iOS is if every browser used their own “WebKit” engine the vector for zero day vulnerabilities would open up wide. Apple wouldn’t be able to patch these engines and another mail in the coffin for iOS security. With security updates being forked in iOS 16, it’s a win-win but other browsers wouldn’t have to be patched via the App Store.

Well they wouldn’t use their own WebKit engine. They would use chromium or gecko as the engin. And the app developers would be responsible for their own app security as everyone else is today.

Makes sense. Perhaps iOS16's security patch feature will bring about a reversal of said ban?

Makes no sense considering Apple isn’t the developers of Gecko or chromium, even if chromium originally was a fork of apples WebKit.

perhaps we will get a new WebKit fork that will compete against both, but as long as nothing but the WebKit Apple provides it won’t be worth their time

 

[I7guy]

Well they wouldn’t use their own WebKit engine. They would use chromium or gecko as the engin. And the app developers would be responsible for their own app security as everyone else is today.

Makes no sense considering Apple isn’t the developers of Gecko or chromium, even if chromium originally was a fork of apples WebKit.

perhaps we will get a new WebKit fork that will compete against both, but as long as nothing but the WebKit Apple provides it won’t be worth their time

Still, the original point stands. Larger surface vector for attacks.

 

[Sophisticatednut]

Still, the original point stands. Larger surface vector for attacks.

I would say it would be a smaller surface are of attack. Instead of one browser engine that you need to exploi to gain 100% acces, you now need 3-4 difrent exploits in 5-10 different web browser implementations to gain the same 100% user base access.
now: exploit safari= 100% acces.

in the future:
(Blink WebKit forked engine)chrome 20%
(Chromium fork)edge 10%
(Chromium fork)brave 10%
(Chromium fork) opera 5%

(gecko engin)firefox 5%
(goana gecko fork) pale moon 5%
(flow gecko fork) flow 5%
(WebKit engin) safari 40%

these are a wide net to cover and exploit. If chrome gets an exploit you can easily move to another fork. Blink engine gets an exploit, then you can easily change to safari. If safari WebKit gets an exploit then you can easily move to Firefox. If Firefox gets an exploit then you can move to flow etc etc.

instead of now being vulnerable until Apple releases an update as 100% of iOS users use WebKit, making it atracti for attacks

 

[Sophisticatednut]

Still, the original point stands. Larger surface vector for attacks.

I would say it would be a smaller surface are of attack. Instead of one browser engine that you need to exploi to gain 100% acces, you now need 3-4 difrent exploits in 5-10 different web browser implementations to gain the same 100% user base access.
now: exploit safari= 100% acces.

in the future:
(Blink WebKit forked engine)chrome 20%
(Chromium fork)edge 10%
(Chromium fork)brave 10%
(Chromium fork) opera 5%

(gecko engin)firefox 5%
(goana gecko fork) pale moon 5%
(flow gecko fork) flow 5%
(WebKit engin) safari 40%

these are a wide net to cover and exploit. If chrome gets an exploit you can easily move to another fork. Blink engine gets an exploit, then you can easily change to safari. If safari WebKit gets an exploit then you can easily move to Firefox. If Firefox gets an exploit then you can move to flow etc etc.

instead of now being vulnerable until Apple releases an update as 100% of iOS users use WebKit, making it atracti for attacks

 

[I7guy]

I would say it would be a smaller surface are of attack. Instead of one browser engine that you need to exploi to gain 100% acces, you now need 3-4 difrent exploits in 5-10 different web browser implementations to gain the same 100% user base access.
now: exploit safari= 100% acces.

in the future:
(Blink WebKit forked engine)chrome 20%
(Chromium fork)edge 10%
(Chromium fork)brave 10%
(Chromium fork) opera 5%

(gecko engin)firefox 5%
(goana gecko fork) pale moon 5%
(flow gecko fork) flow 5%
(WebKit engin) safari 40%

these are a wide net to cover and exploit. If chrome gets an exploit you can easily move to another fork. Blink engine gets an exploit, then you can easily change to safari. If safari WebKit gets an exploit then you can easily move to Firefox. If Firefox gets an exploit then you can move to flow etc etc.

instead of now being vulnerable until Apple releases an update as 100% of iOS users use WebKit, making it atracti for attacks

I believe you are making the point I am making. But I guess ymmv.

 

[chucker23n1]

My point was that a regulator's role is more about keeping markets as free and competitive as possible

Doctrines on how antitrust agencies see their role differ. For example, US antitrust doctrine for a few decades now has been to make consumer prices as low as possible, which isn't necessarily the approach that leads to healthy markets.

 

[Sophisticatednut]

I believe you are making the point I am making. But I guess ymmv.

Are we? I thought you mean we should only have apples WebKit that everyone uses on iOS, instead of allowing more. Putting all risk in one giant basket.

Instead of verity in engines used to spread the risk in multiple smaller baskets. Making every breach less damaging

 

[I7guy]

Are we? I thought you mean we should only have apples WebKit that everyone uses on iOS, instead of allowing more. Putting all risk in one giant basket.

Instead of verity in engines used to spread the risk in multiple smaller baskets. Making every breach less damaging

It’s better to have multiple areas of a surface attack that are fixed at different times then one vector that’s fixed once?

 

[Sophisticatednut]

It’s better to have multiple areas of a surface attack that are fixed at different times then one vector that’s fixed once?

Yes it’s better because every surface uses different security and requires uneqe exploits. One giant egg basket is less secure than 5 egg baskets. Dropping one won’t spoil the bunch.

As a good allegory. If a CPU uses the same security and logic system, then you would only need to crack a single “master key” to open up everyone’s CPUs irrespective of brand. But if everyone uses different types of CPUs,
Security, logic and locking mechanism, then it would force you to make a unique master key for every type, making you spend 5 times the effort for the same gain

Example with the specter and meltdown exploits heavily affecting intel CPUs, did not affect AMD but one CPU type and apple’s ARM processors was barely affected. And there was 5~ something different kinds of executions of the exploit to hit everyone

speculative execution is a form of high-performance execution in modern CPUs by making what is essentially an educated guess on what the CPU will be told to do next, rather than wait for the instruction. Intel has been doing this for decades, but AMD has not. AMD doesn’t do what’s called branch prediction, this protected them.

If Apple opted to continue to use Intel CPUs or had chosen to use x86 in the iPhone instead of doing their own, then they would have been even more affected.

Apples fix barely impacted performance while intel’s fix killed performance.

 

[Maximara]

Correct. IE was the "headline" but there had been other things too. Of course, the monopoly or monopoly power issue for Microsoft was not about the browser but rather the OS. Netscape actually had higher to much higher browser share than MS leading up to the antitrust trial. Microsoft's actions regarding the browser (and other things) were the anticompetitive piece.

The same is true for Apple now. It's not about Apple having a monopoly or monopoly power in browsers or browser engines. The alleged monopoly or monopoly power piece comes from their dominance in mobile OS. The Webkit requirement is the alleged anticompetitive piece.

Apple doesn't have a dominance in the global mobile OS market which has already been ruled the relevant market in a freaking court of US law – "the Court finds the area of effective competition in the geographic market to be global, with the exception of China.As discussed in the findings of facts, see supra Facts § III, Apple’s engagement in that market does not change based on national borders. Developers globally access the platform based on the same set of rules and agreements." - Case 4:20-cv-05640-YGR Document 812 Filed 09/10/21

 

[webkit]

Doctrines on how antitrust agencies see their role differ. For example, US antitrust doctrine for a few decades now has been to make consumer prices as low as possible, which isn't necessarily the approach that leads to healthy markets.

I agree that doctrines can differ by region and agency but I think the typical goal is to have free and open competition and the net result of that can be lower prices but other things too. I also agree that it doesn't always have the best results.

 

[webkit]

Apple doesn't have a dominance in the global mobile OS market which has already been ruled the relevant market in a freaking court of US law – "the Court finds the area of effective competition in the geographic market to be global, with the exception of China.As discussed in the findings of facts, see supra Facts § III, Apple’s engagement in that market does not change based on national borders. Developers globally access the platform based on the same set of rules and agreements." - Case 4:20-cv-05640-YGR Document 812 Filed 09/10/21

It doesn't necessarily have to be global. It can be tied to whatever country or region where the antitrust charges are being made. Each country or region can have different rules and regulations and these findings/rulings can be limited to just that country or region. Some antitrust issues Apple (and other companies) may have overseas don't necessarily apply to or impact their business in the U.S. and vice versa.

 

[LV426]

Yes it’s better because every surface uses different security and requires uneqe exploits. One giant egg basket is less secure than 5 egg baskets. Dropping one won’t spoil the bunch.

As a good allegory. If a CPU uses the same security and logic system, then you would only need to crack a single “master key” to open up everyone’s CPUs irrespective of brand. But if everyone uses different types of CPUs,
Security, logic and locking mechanism, then it would force you to make a unique master key for every type, making you spend 5 times the effort for the same gain

Example with the specter and meltdown exploits heavily affecting intel CPUs, did not affect AMD but one CPU type and apple’s ARM processors was barely affected. And there was 5~ something different kinds of executions of the exploit to hit everyone

speculative execution is a form of high-performance execution in modern CPUs by making what is essentially an educated guess on what the CPU will be told to do next, rather than wait for the instruction. Intel has been doing this for decades, but AMD has not. AMD doesn’t do what’s called branch prediction, this protected them.

If Apple opted to continue to use Intel CPUs or had chosen to use x86 in the iPhone instead of doing their own, then they would have been even more affected.

Apples fix barely impacted performance while intel’s fix killed performance.

It's really not as clear-cut as that. Consider the following scenario:

I have a hardened OS and browser that is 100% secure. Adding anything at all to the mix will put my system at additional risk.

Of course, that is not a realistic scenario for something like an iPhone, which gets patched every few months (likely more so from iOS16+). But it's not that far off. You also have to consider the patching schedules of third party software. I've installed plenty of apps over the years that have not been updated in years. God only knows what risks they pose.