I don't think it's that simple, and relegating the main issue to a bracketed footnote doesn't make it so.
I agree with you that permissions and a sandbox that actually works would have to be part of any solution.
But you can rest assured that Facebook wouldn't have made such a fuss if all that was at stake is losing access to IDFA and getting slapped with some unenforceable privacy warning.
What's creating a real problem for Facebook is the enforceable legal obligation that Apple has put in place as a precondition for being allowed on iOS devices at all.
It works exactly because it is not a technology based solution. It has created a choice that we didn't previously have.
So I wonder how we can keep this choice without making Apple this all powerful, rent seeking, patronising overlord that also happens to be an ideal attack vector for censorship happy authoritarian governments all over the world.
I think they do have a point though. If Apple's primary concern was security, they would be approaching this from a fundamentally different perspective; their current solution is a pretty dubious stopgap that bridges "human consent" and "your app". A fundamentally secure approach would ultimately let the user audit and manually control their API interfaces to prevent abuse, instead of just hoping Apple has your best intentions at mind.
Many of Apple’s “security” policies are fundamentally editorial rather than technical restrictions. How do you propose that such editorial policies be enforced? For example: an app which targets children and asks them to supply personal information.
Similarly, Apple’s new, much-lauded anti-tracking policy does have a technical component to it, but it would be easy enough for motivated developers to get around it. All that stops them is app review, or more precisely, the threat of app review.
In both cases, I assert that such editorial control cannot survive store diversification. Right now the App Store policies are able to nudge developers towards pro-consumer behaviours. Any substantive amount of store competition flips the script and means stores will compete to appease developers, rather than apply principles in the long term interest of consumers. The nanosecond after Apple is forced to change their product, big names like Google and Facebook will be the first to set up their own shops, specifically to escape Apple’s pro-consumer editorial policies.
>Right now the App Store policies are able to nudge developers towards pro-consumer behaviours.
Yes, and they can also nudge us to pro-Apple business model behaviours such as direct payment instead of ad funding or force us to mislead consumers into paying higher prices than are available elsewhere.
They can also enforce random cultural biases such as "no porn" and threaten our human and civil rights as a side-effect of banning side-loading. In other cases they help to protect our civil rights.
So that's the dilemma. Apple can make arbitrary rules for arbitrary reasons, sometimes helping us, sometimes hurting us. Taking away Apple's right to make those arbitrary rules would allow other companies to impose their own rules without giving users a real choice.
One way or another, users and small developers are left with very little choice and very little freedom.
I agree with you that permissions and a sandbox that actually works would have to be part of any solution.
But you can rest assured that Facebook wouldn't have made such a fuss if all that was at stake is losing access to IDFA and getting slapped with some unenforceable privacy warning.
What's creating a real problem for Facebook is the enforceable legal obligation that Apple has put in place as a precondition for being allowed on iOS devices at all.
It works exactly because it is not a technology based solution. It has created a choice that we didn't previously have.
So I wonder how we can keep this choice without making Apple this all powerful, rent seeking, patronising overlord that also happens to be an ideal attack vector for censorship happy authoritarian governments all over the world.