Sideloading Bill Would Allow 'Malware, Scams and Data-Exploitation to Proliferate,' Says Apple

[Sophisticatednut]

Apple isn’t providing data. I don’t believe this will happen the way you believe.

I know, hence I would like apple to at least provide evidence for their assertion. Instead of “trust me” it will be X because we say so.

 

[Sophisticatednut]

They built the system this way, advertised it that way

Doesn’t mean it’s legal how they built it tho.

and knew it was a sandboxed system when you entered a contract to purchase their device. You purchased it 'as is' and no misrepresentation was made about the nature of the purchase.
As such, there's no contractual obligation for them to make all the changes you want AFTER you've entered into a contract to buy it (too late - you shoulda bought something else if you don't like the products Apple sells). A feature allowing you to sideload was never part of the contract.

Indeed outside of the missing contract your talking about that I never signed at the cash register at my local electronic store. And it’s relevance for me to be allowed to lobby or pressure apple to do changes benefiting MY property on MY iPhone. Or my ability to pressure for legal investigation of apple potentially breaking the law.

Of course,you can jailbreak it if you like. Nobody's stopping you from hacking/modding your device in order to make it the way you want it to be. Apple don't have a contractual obligation to do this for you though! They sold you one iPhone... as advertised.

Indeed I can with full warranty coverage.

Your argument is like saying 'I bought a hamburger... it is MY hamburger... so the shop MUST provide me with a sauce that isn't on their menu'. Again, you bought a burger WITHOUT that sauce, that was the contract. You can add that sauce if you can find some, but they don't have to actively assist you in doing so.

I would disagree considering left their store and for some reason I can’t go to the sauce supplier next door and ask for more sauce or look at a different menu without paying the same restaurant payment terminal.

I’m not even able to change the straw at any of the suppliers without them turning me back to the apple store.

But for some reason if I hide my hamburger and don’t say I bought it from Apple then some of them allow me to purchase subscription for extra soda delivery for a lower price. Or give me extra selection of different sauces to take home for a cheaper price. But the moment I show them my hamburger they refuse service and point me back to apple store ? how strange

 

[amartinez1660]

I'm for the market deciding these things, not Congress. It would be like forcing property owners to rent space to merchants they may not want in their mall/shopping center. Imagine an adult toy popup store in a mall parking lot.

That said, Apple could easily do this by creating on iOS/iPadOS this same panel that exists on macOS, with the App Store set to on by default.

View attachment 1953438
​

Edit: Upon reflection the first part of what I wrote isn't an appropriate analogy. I just loathe the threats that Congress will do something because the Congress right now sucks.

How do you make sure that no amount of tinkering, hacks, exploits, malwares, machine level overflows, bugs, etc will ever flip that switch and start installing banking malware like on the first posts?

 

[amartinez1660]

Completely inaccurate.

Sideloading would still be sandboxed and can be done exceptionally safely

The first post has a point, banking apps malware on thousands of users. But ok, let’s suppose this is done better and more securely.
Still, and I’ll repeat myself until someone can convincingly say that it can be done safely (as you state): how can you guarantee that no amount of Bitcode tinkering, exploits, malwares, png byte code this or jpg hack that or any other venue for that matter won’t ever flip the switch and start installing crap except if it is directly via the user’s consent.

Example: in some other thread a user proposed something interesting; for that switch to only be flipped via a full system reset in that ON state, the previous default state has to be fully backed up, no iCloud backups can happen in this new sideloading-apps-enabled mode and AppleCare would be perhaps reduced.

 

[amartinez1660]

If Apple were the only game in town, this whole "open 'em up" movement might have some teeth. But they're not!! THERE ARE OPTIONS IF YOU WANT TO SIDE LOAD or hate Tim, or whatever other issues you have with Apple. Go away. Enjoy your options. Leave mine alone. It's not hurting anyone, anything. Why are some so bent on removing choice by making Apple more like Android? It's so bizarre... And exhausting. Stay strong Apple.

Exhausting is the right word.
It actually makes me grind my teeth with envy from all the insane amounts of free time these people have to spend the effort to create/subscribe/validate/login/comment and hate on a service/product/company that they don’t care about, will never use and will never buy.

Heck, at least me personally speaking, I don’t go running around on AndroidRumors or whatever Samsung/HTC/Google/etc related sites forcing them to adopt a closed no-sideloading AppStore system… but heck, maybe I need to do some serious time management training and practice becoming a really dislikeable person to be able to do that on the daily.

 

[Sophisticatednut]

The first post has a point, banking apps malware on thousands of users. But ok, let’s suppose this is done better and more securely.
Still, and I’ll repeat myself until someone can convincingly say that it can be done safely (as you state): how can you guarantee that no amount of Bitcode tinkering, exploits, malwares, png byte code this or jpg hack that or any other venue for that matter won’t ever flip the switch and start installing crap except if it is directly via the user’s consent.

Example: in some other thread a user proposed something interesting; for that switch to only be flipped via a full system reset in that ON state, the previous default state has to be fully backed up, no iCloud backups can happen in this new sideloading-apps-enabled mode and AppleCare would be perhaps reduced.

The first switch in settings can only happen by faceID verification and physically linked to Secure Enclave. Then you must go to the AppStore
And download an app containing the unique encryption keys pared to your idevice manufacturing ID Fromm apple. Making a new faceID verification.

In this app you klick a button that activates server call E2E encryption that sends a key to apple servers. If this key matches what apple expects they will send the final encryption code that must match what the Secure Enclave expect before pressing confirm.

Now the iPhone is able to side load.
The verification process works in the same way as Digital-banking keys work. Overkill but it answers your question

 

[dk001]

The first switch in settings can only happen by faceID verification and physically linked to Secure Enclave. Then you must go to the AppStore
And download an app containing the unique encryption keys pared to your idevice manufacturing ID Fromm apple. Making a new faceID verification.

In this app you klick a button that activates server call E2E encryption that sends a key to apple servers. If this key matches what apple expects they will send the final encryption code that must match what the Secure Enclave expect before pressing confirm.

Now the iPhone is able to side load.
The verification process works in the same way as Digital-banking keys work. Overkill but it answers your question

If it is too difficult, that solution will trigger additional lawsuits or a continuation of the one(s) that push the alternate App Store issue.

A solution that is too restrictive is no solution at all.

 

[huge_apple_fangirl]

If it is too difficult, that solution will trigger additional lawsuits or a continuation of the one(s) that push the alternate App Store issue.

Even if alternate stores are allowed, Apple will still collect its commission.

All this debate about IAP, sideloading, etc. is barking up the wrong tree. Apple knows what it wants- the 30%. While it would prefer to receive its cut through IAP and the App Store, it will take it through any means it can. Regulators focusing on the means Apple uses to collect it completely miss the point. All they will do is inspire Apple to come up with ever-more convoluted ways to get what it wants.

 

[dk001]

Even if alternate stores are allowed, Apple will still collect its commission.

All this debate about IAP, sideloading, etc. is barking up the wrong tree. Apple knows what it wants- the 30%. While it would prefer to receive its cut through IAP and the App Store, it will take it through any means it can. Regulators focusing on the means Apple uses to collect it completely miss the point. All they will do is inspire Apple to come up with ever-more convoluted ways to get what it wants.

While it appears to be apparent, the question is will Apple (and others) be able to hold off or derail these changes. Not just here in the US, but also the EU. I don’t think Apple will be able to hold onto that percentage. JMO.

 

[Sophisticatednut]

Even if alternate stores are allowed, Apple will still collect its commission.

All this debate about IAP, sideloading, etc. is barking up the wrong tree. Apple knows what it wants- the 30%. While it would prefer to receive its cut through IAP and the App Store, it will take it through any means it can. Regulators focusing on the means Apple uses to collect it completely miss the point. All they will do is inspire Apple to come up with ever-more convoluted ways to get what it wants.

The problem is Eu already have case laws that can like stop any such solutions.
But the commission can only attack apple for what it’s currently doing and it’s related parts. Before apple responded with a 27% commission they could not respond. But now it can.

As I said before apple can still lose all claim requireing a forced revenue split they didn’t contribute to. And objectively apples IAP have no legal protection to stand on

Eu doesn’t recognize APIs as copyrighted

the legal protection of computer programs (91/250 EEC or 2009/24/EC), which promotes a copyright exception for APIs, defined as the code that is indispensable to achieve the interoperability of an independently created program with other programs. Recital 15 states that “the reproduction and translation by or on behalf of a person having a right to use a copy of the program is legitimate and compatible with fair practice and must therefore be deemed not to require the authorisation of the right holder.

As consumers have a right to use the code of our phones to operate other code.

So Apple is in a tight spot. Because what IP are the licensing? They can’t license the access to APIs already on the device as EU consider it fairuse

 

[Sophisticatednut]

If it is too difficult, that solution will trigger additional lawsuits or a continuation of the one(s) that push the alternate App Store issue.

A solution that is too restrictive is no solution at all.

Well it was just an example fulfilling his request. And if it used a electronic banking verification mechanism when the button is pressed with FaceID it would likely work just as well in a few minutes

 

[djgamble]

Indeed outside of the missing contract your talking about that I never signed at the cash register at my local electronic store.

I'm a lawyer... selling something at the checkout is a contract. For there to be a contract you need:
- An offer (Apple offers its iPhone to you for a set price)
- Acceptance (you say 'sure... I agree to purchase your goods)
- Consideration (you pay the money)
- Completion (they remove the security tag and you walk outta the store with the product... outside consumer law protections, they can't take it back and you can't take the money back)

A signature is an archaic formality used to demonstrate acceptance. However, a verbal contract is just as good. For example if a plumber comes around, says 'I will fix your toilet for $300', you say 'sure', they fix it, you give them money and both parties walk away then that's a contract. Such contracts are often disputed, which is why people like to write things down. BUT... even if you sign a piece of paper, verbal agreements still form part of the contract. Harder to prove sure, but if your plumber says 'yeah just sign the paperwork... I'll come back and also fix your shower as part of the deal' then that's part of the contract.

So long story short, purchasing an iPhone is entering into a contract to purchase a phone from Apple. That's how it's viewed in the eyes of the law and your assertions that it operates differently don't stack up.

 

[bushman4]

Taking away privacy by allowing side loading will have many ramifications down the road
If your against privacy, buy an android phone but don’t force those who want their privacy to accept anything less

 

[cupcakes2000]

I'm a lawyer... selling something at the checkout is a contract. For there yo be a contract you need:
- An offer (Apple offers its iPhone to you for a set price)
- Acceptance (you say 'sure... I agree to purchase your goods)
- Consideration (you pay the money)
- Completion (they remove the security tag and you walk outta the store with the product... outside consumer law protections, they can't take it back and you can't take the money back)

A signature is an archaic formality used to demonstrate acceptance. However, a verbal contract is just as good. For example if a plumber comes around, says 'I will fix your toilet for $300', you say 'sure', they fix it, you give them money and both parties walk away then that's a contract. Such contracts are often disputed, which is why people like to write things down. BUT... even if you sign a piece of paper, verbal agreements still form part of the contract. Harder to prove sure, but if your plumber says 'yeah just sign the paperwork... I'll come back and also fix your shower as part of the deal' then that's part of the contract.

So long story short, purchasing an iPhone is entering into a contract to purchase a phone from Apple. That's how it's viewed in the eyes of the law and your assertions that it operates differently don't stack up.

Not only that, but one explicitly agrees to an eula of iOS on initial use and upon each update. One doesn't, nor has ever, ‘owned’ iOS.

Edit for grammar.

 

[Sophisticatednut]

I'm a lawyer... selling something at the checkout is a contract. For there yo be a contract you need:
- An offer (Apple offers its iPhone to you for a set price)
- Acceptance (you say 'sure... I agree to purchase your goods)
- Consideration (you pay the money)
- Completion (they remove the security tag and you walk outta the store with the product... outside consumer law protections, they can't take it back and you can't take the money back)

A signature is an archaic formality used to demonstrate acceptance. However, a verbal contract is just as good. For example if a plumber comes around, says 'I will fix your toilet for $300', you say 'sure', they fix it, you give them money and both parties walk away then that's a contract. Such contracts are often disputed, which is why people like to write things down. BUT... even if you sign a piece of paper, verbal agreements still form part of the contract. Harder to prove sure, but if your plumber says 'yeah just sign the paperwork... I'll come back and also fix your shower as part of the deal' then that's part of the contract.

So long story short, purchasing an iPhone is entering into a contract to purchase a phone from Apple. That's how it's viewed in the eyes of the law and your assertions that it operates differently don't stack up.

And all these are correct, and the terms of use are clear. Transfer of ownership of the iPhone and included software for a one time fee.

As of no other terms are presented that’s the extent of the contract in EU.
Shrink wrap EULA aren’t legally enforceable if it’s made available after first sale is completed.

 

[AppliedMicro]

Taking away privacy by allowing side loading will have many ramifications down the road

Privacy can be and is guaranteed by sandboxing apps.
And there are malicious apps on the app store already.

Not only that, but you explicitly agree to an eula of iOS on initial use and upon each update. You don’t, nor have ever, ‘owned’ iOS.

You don't own iOS. But you own your phone.

Presenting EULA after the fact does not make them enforceable.

 

[Sophisticatednut]

Not only that, but one explicitly agrees to an eula of iOS on initial use and upon each update. One doesn't, nor has ever, ‘owned’ iOS.

Edit for grammar.

Eu disagrees with you. This EULA is null and void.
The European Union's highest court, the Court of Justice, has ruled that software, whether sold via a license and whether physically or digitally-distributed, represents a good rather than a service, and that any purchaser of a perpetually-licensed software becomes the exclusive owner over that instance of the software, just as when they purchase any physical good.

A license is a right to use a property or intellectual property that belongs to somebody else. When you read "this software is licensed, not sold" in a software EULA, whether it's for an OS like Windows 10, a game, or an application, "this software" refers to the software Intellectual Property and not the copy of that intellectual property that you've purchased via a software license.
But you are purchasing a one-off copy of the IP of those things, and upon the point of sale of the instances of those IPs there is a transfer of ownership over those instances and you become the sole owner of that instance of that IP. This is exactly the same with software as it is with physical goods - you own your non-reproduceable instance and have full property rights over it.

A good, by definition, is an item and piece of property that undergoes a transfer of ownership upon its point of sale, from the seller to the buyer, granting the buyer full property rights over that purchased item, and removing all rights from the seller over the item which they sold

An EULA and a Terms of Service (ToS) are not the same thing. An EULA purports to apply to a good you've purchased and own, to impose conditions on how you use your own property, and so is invalid. A Terms of Service applies to a service, owned by someone else, that you use via a subscription license or a free account, and so a ToS can be valid. Someone else isn't entitled to set terms for your usage of your own property, which is what an EULA tries to do.

 

[cupcakes2000]

Someone else isn't entitled to set terms for your usage of your own property, which is what an EULA tries to do.

Perhaps, I don’t know enough about the legalities of it to be able to counter most of what you said, but this sentence isn’t universally true.
I’m a photographer- I take pictures of someone which they then buy (both the service and the physical prints). They own these photos - but they cannot do as they please with them because I own the copyright. They can do with them what ever we agree they can do with them. So I’m most certainly entitled to set the terms of what they can do with what they own.

Edit - or is that the difference between a tos and an Eula?

 

[lazyrighteye]

Exhausting is the right word.
It actually makes me grind my teeth with envy from all the insane amounts of free time these people have to spend the effort to create/subscribe/validate/login/comment and hate on a service/product/company that they don’t care about, will never use and will never buy.

Heck, at least me personally speaking, I don’t go running around on AndroidRumors or whatever Samsung/HTC/Google/etc related sites forcing them to adopt a closed no-sideloading AppStore system… but heck, maybe I need to do some serious time management training and practice becoming a really dislikeable person to be able to do that on the daily.

Haha. You nailed it.

 

[I7guy]

And all these are correct, and the terms of use are clear. Transfer of ownership of the iPhone and included software for a one time fee.

As of no other terms are presented that’s the extent of the contract in EU.
Shrink wrap EULA aren’t legally enforceable if it’s made available after first sale is completed.

The answer is then require agreement to the Eula prior to purchase. Worse for consumers..yeah, but that’s where this is heading.

 

[I7guy]

Perhaps, I don’t know enough about the legalities of it to be able to counter most of what you said, but this sentence isn’t universally true.
I’m a photographer- I take pictures of someone which they then buy (both the service and the physical prints). They own these photos - but they cannot do as they please with them because I own the copyright. They can do with them what ever we agree they can do with them. So I’m most certainly entitled to set the terms of what they can do with what they own.

Edit - or is that the difference between a tos and an Eula?

Basically what is going to happen is that purchase of consumer grade electronic devices in the EU is going to be a hassle. Manufacturers are going to want to be protected as consumers will be protected. The Eula is the way that manufacturers lay out the terms so consumers know what to expect. The EU wants to eliminate that, fair enough. The EU ultimately will get what they deserve….second class products.

 

[Sophisticatednut]

Perhaps, I don’t know enough about the legalities of it to be able to counter most of what you said, but this sentence isn’t universally true.
I’m a photographer- I take pictures of someone which they then buy (both the service and the physical prints). They own these photos - but they cannot do as they please with them because I own the copyright. They can do with them what ever we agree they can do with them. So I’m most certainly entitled to set the terms of what they can do with what they own.

Edit - or is that the difference between a tos and an Eula?

Yes, you would need to have an agreement before you give this picture to be limiting me as a consumer to example make copies and sell these copies. But there is nothing you can do to prevent me to do anything with my specific copy. i can modify it, destroy it, put it in commercials etc. etc. your copyright stays with your original copy

The answer is then require agreement to the Eula prior to purchase. Worse for consumers..yeah, but that’s where this is heading.

and that is 100% on the responsibility of the business. And i would love apple to force people to read a 40-pages of legal document with unclear terms before completing a purchase and still be invalidated

COUNCIL DIRECTIVE 93/13/EEC on unfair terms in consumer contracts

A contractual term which has not been individually negotiated shall be regarded as unfair if, contrary to the requirement of good faith, it causes a significant imbalance in the parties' rights and obligations arising under the contract, to the detriment of the consumer.

2. A term shall always be regarded as not individually negotiated where it has been drafted in advance and the consumer has therefore not been able to influence the substance of the term, particularly in the context of a pre-formulated standard contract.
The fact that certain aspects of a term or one specific term have been individually negotiated shall not exclude the application of this Article to the rest of a contract if an overall assessment of the contract indicates that it is nevertheless a pre-formulated standard contract.
Where any seller or supplier claims that a standard term has been individually negotiated, the burden of proof in this respect shall be incumbent on him.

3. The Annex shall contain an indicative and non-exhaustive list of the terms which may be regarded as unfair.

Article 4
1. Without prejudice to Article 7, the unfairness of a contractual term shall be assessed, taking into account the nature of the goods or services for which the contract was concluded and by referring, at the time of conclusion of the contract, to all the circumstances attending the conclusion of the contract and to all the other terms of the contract or of another contract on which it is dependent.

2. Assessment of the unfair nature of the terms shall relate neither to the definition of the main subject matter of the contract nor to the adequacy of the price and remuneration, on the one hand, as against the services or goods supplies in exchange, on the other, in so far as these terms are in plain intelligible language.

Article 5
In the case of contracts where all or certain terms offered to the consumer are in writing, these terms must always be drafted in plain, intelligible language. Where there is doubt about the meaning of a term, the interpretation most favourable to the consumer shall prevail.

 

[I7guy]

Yes, you would need to have an agreement before you give this picture to be limiting me as a consumer to example make copies and sell these copies. But there is nothing you can do to prevent me to do anything with my specific copy. i can modify it, destroy it, put it in commercials etc. etc. your copyright stays with your original copy

and that is 100% on the responsibility of the business. And i would love apple to force people to read a 40-pages of legal document with unclear terms before completing a purchase and still be invalidated

COUNCIL DIRECTIVE 93/13/EEC on unfair terms in consumer contracts

So you’re in agreement. The consumer should be required to read and accept the Eula prior to purchase for every device (whether it be a watch, tv, toothbrush, etc) that has a Eula.

 

[Sophisticatednut]

Basically what is going to happen is that purchase of consumer grade electronic devices in the EU is going to be a hassle. Manufacturers are going to want to be protected as consumers will be protected. The Eula is the way that manufacturers lay out the terms so consumers know what to expect. The EU wants to eliminate that, fair enough. The EU ultimately will get what they deserve….second class products.

Or it will be exactly as now. With zero legal cases enforcing any EULA contract of consumer goods. But we have numerous cases breaking them apart as noncense

 

[Sophisticatednut]

So you’re in agreement. The consumer should be required to read and accept the Eula prior to purchase for every device (whether it be a watch, tv, toothbrush, etc) that has a Eula.

i agree if they want to actually mean anything. And I'm 100% certain consumers will just buy goods with no hassle.
Software was fixed by providing the EULA before sale and the world did not burn down.

Im sorry if you want companies to do whatever they want, but this is not what we want as a people. this is what we chose. Terms still need to be clear and concise