Best outcome: Meta reveals how Apple uses "privacy" as an excuse to block reasonable requests for third party APIs, favor first part apps and suppress competition, while Apple reveals how much data Facebook collects. Both lose, and users win.
Unfortunately, the most likely outcome is they realize this is bad for both, and they should reach a private agreement under the table just like Google Apple no poaching agreement.
I think it would be nice if apple's customers could block apple itself due to privacy.
Set up any apple device and you are required ot activate the device. Get to the privacy policy during setup, and it is thousands of pages long. You can read the privacy policy, but you can't decline the activity. And then apple devices phone home continuously.
That said, maybe meta is doing what matt stone and trey parker did with the south park movie - inundate the censors with an incredibly enormous amount of requests and see what sticks. All the puppet sex in the movie is what got through.
The cynic in me would imagine that Apple loves this. They found the perfect enemy to throw under the bus, just in time for the EU’s review of what interoperability means for the iPhone. Meta is probably the most hated big tech company by the EU.
On the other hand, I’m sure Apple hates this. Being told they have to share and cooperate is not something they’re familiar with. The EU really is twisting the screws for DMA.
I wonder if any of the big companies will pull out of the EU over DMA or future legislation. It seems each of the big tech companies have started to get a grumpy with being pushed to make crazy changes by the EU.
> I wonder if any of the big companies will pull out of the EU over DMA or future legislation. It seems each of the big tech companies have started to get a grumpy with being pushed to make crazy changes by the EU.
Luckily we don’t need to guess because the equation is simple. Does the risk/reward increase or decrease shareholder value. EU regulators know this, too.
To date the equation has balanced out.
The biggest risk is where the EU forces big tech in ways that impact their non-EU business. I think the equation changes if things boil over to a point where complying with EU law threatens their business outside of the EU.
> I wonder if any of the big companies will pull out of the EU over DMA or future legislation.
I've said this here before - no chance. Shareholders would be taking them to the cleaners. Europe is responsible for >20% of Apple's revenue. Look at how many companies are willing to kill people for a few % extra, let alone as much as 20%. I don't think there's any where the EU counts for <10%, maybe X if you still count that as a big one.
In Apple’s earnings reports, “Europe” also includes… non EU European states, many of which are/were high income nations (UK, Russia, Turkey, Ukraine, etc) as well as the entire middle-east. This is apple’s own explanations.
The European Union itself is certainly closer to 10% than >20%. Their CFO said that EU accounted for 7% of the App Store, but hasn’t explicitly mentioned global revenue percent.
If Apple wanted to leave the European Union, their boat left months ago when they were forced to pay their back taxes in Ireland. Now that they're paid up on their dues, it would probably cost Apple more money than it's worth to leave the European economic zone.
In 2023, Apple made 162bn in the US, 94bn in Europe (presumably mostly-EU), 72b in China, 24bn in Japan, 29bn in rest of APAC, the rest negligible. Abandoning their second-largest region, only to find their largest region going after them, albeit with more limited tools, for the same thing, would be an... interesting move. Their third-largest region is also not exactly what you'd call libertarians.
The iPhone doesn't have a particularly large market share in the EU, it's just not that popular. "Europe" also includes other nations and regions, eg. the UK and the Middle East. Many of those nations also feature the iPhone having a large market share, despite them potentially being a "poorer" nation.
The UK, Russia, Saudi Arabia, etc all have larger iPhone penetration in their population. The UK + Russia + Saudi have a similar collective population to Germany, France, and Italy, but each also feature a higher iPhone usage per capita than the EU.
So I think it stands to reason that the EU probably features heavily in that number, but is certainly closer to half of it.
Apple has completely lost their credibility with me every time they use "privacy & security" as an excuse to exploit their users. Does anybody actually know what Meta is asking for in these cases?
Can you elaborate on this “excuse” and “exploitation” you are talking about? I am curious because I fully believe Apple really cares about security and privacy and goes to great lengths to preserve it for their users. Sure they use it as a strategy, and that is how they justify the investment. Am curious about your opinions though since you seem to be on the other end of the spectrum
Here's one example. Apple has locked down the API for replying to a text message on an iPhone using a smart watch to only their own Apple Watch. Competing smart watches like Garmin or Suunto aren't allowed to build similar functionality. This is a naked abuse of market power for product tying, exactly the type of behavior that got Microsoft in trouble with US antitrust authorities years ago.
Android phones have no such artificial limitation.
Can you reply to messages in Signal, WhatsApp, Telegram, etc., from those watches paired with an iPhone?
I’m not asking rhetorically, I’m genuinely curious and an unfamiliar with the finer details of Apple’s phone/watch pairing. When replying to a text in iMessage from a paired watch, is the watch actually using internal APIs? You sign in on the watch with your AppleID, so I would assume no, the watch is just using the phones cell connection to communicate with Apple’s iMessage servers directly.
If you pair an Apple Watch to an Android phone, can you still use the iMessage app on the Watch? Yes, right? If so, there’s obviously not going to be any internal Apple APIs in play.
Not person you are replying to, but I think lack of sideloading is a big factor, since it impacts ease of doing anything outside appstore.
AFA Security and privacy, I think security issues have been brought up previously on HN where the relative closed-ness of Apple and how the respond to some security reports raises questions whether the RDF is in play.
I want to be clear that I trust them more than others. At the same time, while I got my dad an iPhone to replace his Lumia 640 (because Microsoft does stupid things) I still use an android phone. Why? Because for someone like him, yes, it is safer.
> Can you elaborate on this “excuse” and “exploitation” you are talking about? I am curious because I fully believe Apple really cares about security and privacy and goes to great lengths to preserve it for their users. Sure they use it as a strategy, and that is how they justify the investment.
Going back to windows phone, I'll give a fun example. Why didn't Windows phones get Snapchat? because MS literally would not let that be collectible by 3rd party apps (Not sure about 1st party.) and that was a sticking point.
Not the best move for them at the time (definitely hurt uptake on folks still 'new' to smartphones to become a 3rd player) yet it is arguably a more strict stance than what apple did/does.
I'll also note, Apple gets instant bad karma from me AFA the combination of (1) not allowing sideloading, (2) taking the cut they do on all transactions, alongside (3) still giving better deals to huge players like netflix.
TBH I just want to be able to buy shit to read on my kindle account without going through a circus on my android phone, yet it's a big sign of how fucked things are in the overall ecosystem.
Apple allows side loading. It’s an extra $8 a month and called a Developer Account. I have many side loaded apps on my iPhone. Stop repeating this.
You can refine your argument to say “but that requires a MacBook and Xcode and two or three clicks to install” but it’s still side loading even if there’s some friction. Always has been.
No, because your counterpoint is disingenuous compared to options in other ecosystems.
For starters, I can't just 'side load' shit I want to FAFO with from Itch.io that way, can I? Maybe I could, if I had a Macbook, but I don't. Also that's way way way more ceremony+cost than downloading an APK.
Fire Tablet sideloading is just a matter a couple flips in a settings menu.
Actual 'Android' devices are typically similar or less ceremony, although some security features may? have issues depending on how dumb they are vs how dumb what you are installing is vs how dumb you are for accepting the perms it asked for.
But, for either of those cases, I don't need to pay 8$ a month and buy a macbook for the 'privilege' of installing whatever app I want on hardware I purchased.
Frankly it's been the main thing that has kept me personally away from iPhones for the better part of a decade.
Not really sure what your counterpoint is. Yes there are some up front fixed costs and slightly more steps, but like I said, it's just friction. You can still side load. Plenty of Android devices make it virtually impossible to side-load (Xiaomi) so your argument doesn't even work in the general case.
At this point the conversation veers off into arguments about lack of custom web renderers and JIT. I'll save you the trouble. iOS only allows safari wrappers because the kernel prevents mmap W^X to save Apple the support costs when Chrome gets a 0-day. That is the technical reason and it has nothing to do with side loading.
> Plenty of Android devices make it virtually impossible to side-load (Xiaomi)
OK so cherry picking specific android devices vs everything I've managed to buy in the last 12 years to your recurring cost (Primarily Samsung, sadly) for Andoid.
> iOS only allows safari wrappers because the kernel prevents mmap W^X to save Apple the support costs when Chrome gets a 0-day.
How's that going for them again? With the 0 days and kernel exploits?
I'll agree it's better than Android but the overall is still smoke and mirrors IMO. You can have a non-safari browser boxed in non W^X env and it can work but JS might be trash.
I really -do- want to experience the RDF sometime, can you help me? What am I doing wrong?
Apple likes their platforms locked down tight. Arguably this has benefits for the users both in terms of privacy/security and in terms of UX, but it does definitely come with a bunch of costs (not least of which the 30% cut from the App Store). I think describing those costs as "exploitation" is excessive, but it's not completely unreasonable.
Given that context, Meta being unreasonable in what they ask for proves Apple's point that having things locked down benefits their users. While true in this instance, it's also a convenient excuse to justify retaining the level of control they want.
For the record, I do agree with you: Apple's investment in on-device AI tools, their history of not training Siri using user data, etc are clear examples of them actually acting on the values they advertise on. Even if it's a cynical marketing-driven decision, they're still acting on it.
AirPlay Continuity Camera
App Intents
Devices connected with Bluetooth
Apple Notification Center Service
iPhone Mirroring
CarPlay
Connectivity to all of a user’s Apple devices
Messaging
Wi-Fi networks and properties
Yes and these are not new problems.
I encountered showstopper limitations backgrounding processes that make use of iBeacons, back in iOS 7.
The potential for data collection is massive.
I was tinkering with a firechat inspired mesh messaging concept as an indie iOS dev. I could not dismiss arguments about potential privacy concerns w/ persistent background apps advertising and scanning - but the lack thereof certainly dampens innovators too.
You admit you have no idea what the details are, yet you default to considering Apple in the wrong, for exploitation which you do not detail. Your comment is worthless.
Yes who should we trust here when it comes to data collection. Apple or Meta.
According to Apple they are asking for effectively everything on the device e.g. all photos, emails, messages, passwords. Far beyond what is needed for WhatsApp etc to work but would be game changing for their ad and AI platforms.
And plenty do let us know when Apple has used our own data to exploit us like Meta has.
It feels like there should be a user option to allow (default deny) this. Like it doesn’t have to be that the minute you install WhatsApp it gets access to all of your texts or calls. But it sucks to be stuck w iMessage when that’s just locking me into apples ecosystem
The problem is that we have decades of experience with your approach. And it simply doesn’t work. Users will click any dialog box especially when the app makes features conditional on its approval.
The only way this works is what Apple and Google have implemented. Which is to allow access to a single photo or contact but not the entire library. But that’s not what Meta is after. They want everything.
If these APIs risk creating privacy problems, why did Apple add them to the platform in the first place? Why is Apple letting their first party apps access these dangerous APIs? If privacy and security really were the number one priority, they should immediately block access to them to their first party apps until they've figured out how to implement them safely.
Obviously they're not doing that. Why? Because these APIs give Apple's first party apps a competitive advantage. It lets them leverage their control of iOS into control of more and more markets without having to ever worry about competing on a level playing field. And inversely, the users' buy-in into these markets locks them tighter into the iOS ecosystem. It's a positive feedback cycle of abuse of a dominant market position.
> If Apple were to have to grant all of these requests, Facebook, Instagram, and WhatsApp could enable Meta to read on a user's device all of their messages and emails
I assume ultimately users will need to grant the permission for these things?
If Apple did their part to inform user of the consequences, and yet user decides to allow access, who is Apple to judge?
I wouldn't be surprised if applications permanently show a notification "you haven't granted us access to X", and restrict functionality until you do. E.g.:
- Telegram permanently shows an in-app notification if you haven't granted access to all your contacts.
- WhatsApp won't show nicknames in your conversation list or individual conversations if you haven't granted access to all your contacts (the nicknames are visible in some other screen, so this isn't a case of missing data).
The user will get to decide, but the user won't get to decide _freely_. Some other annoyance will be introduced until you decide to grant all the access they demand.
> Telegram permanently shows an in-app notification if you haven't granted access to all your contacts.
> WhatsApp won't show nicknames in your conversation list or individual conversations if you haven't granted access to all your contacts
Hrm, are you in the EU? I ask because neither appear to be the case for me, but I'm in the EU; the GDPR generally doesn't allow penalising the user for declining to consent to data collection (though compliance with this is patchy currently).
You do realise that Facebook, Instagram, WhatsApp etc are thriving today without these permissions.
And the problem with companies like Meta is that their terms of service are so complex and indecipherable that it’s almost a certainty you will approve giving them photos to share with friends and then turn around and use it for ads.
Letting the users decide is a sure way to lose the plot on data. There are always users that will want to give away their data and so services won’t have any incentive to build services that preserve privacy or attempt to reduce user data consumption. I would much rather be strict and let them not get any new data beyond what is already lost
I know that one of the few apps on my phone which doesn't use Apple's newer photo access API (which only shares the photos you pick with Apple by default) is not used by WhatsApp, even though it is available.
Apps using either of these are just off-limits for me. There is a photo picker UI where the App gets NO permanent permissions and just gets the photo(s) you end up picking.
Any non-camera / non-photo editing app should never need any permanent access to your library, restricted set or not.
Exactly. I actually checked, and there are three apps on my phone that don't support the "seamlessly pick a photo to use without granting extended access to some or all photos" API: WhatsApp, Instagram, and Telegram.
Your messages and emails involve at least two parties.
If the choice is between making it effectively impossible for you to give Meta all the messages and emails between us, and making it a trivial decision in a nagging popup, I'd prefer we keep it impossible.
If there was infrastucture to support mutual consent, I'd be more inclined to buy into your premise. But that's not coming any time soon.
Yeah my guess here is that Meta wants WhatsApp to hook into the "native" phone calling system and messages etc.
As someone who used to use a lot of third party apps for core functionality in Android, I ... like the idea of third party apps taking over some of this stuff. But I don't know if I want Meta to be the one to do it!
Remember when iOS apps couldn’t run in the background, and then Apple made an exception for voip apps? All of a sudden many apps, especially Facebook, started offering in-app voip calls. Coincidence? Of course they were using that as an excuse to do other things in the background.
ngl that's pretty funny, never knew that. I am in the camp of wishing more apps could run in the background (long-running downloads/uploads for Spotify or Google Photos) but I appreciate that it's a dangerous road to go down
> Apple’s iCloud servers which have a history of being hacked.
Bold claims need strong proof. Have a source for this?
The only major hack I’m aware of was the Fappenning, which was widely accepted as an issue of password reuse across sites, and Apple responded by making it difficult to avoid using MFA.
Thank you for pointing this out—I appreciate it and have upvoted your comment. My original complaint was based on my memory of the 2014 iCloud celebrity scandal involving passwords. As I recall, there was a security issue where hackers exploited the “forgot password” mechanism. I believe Apple had very lax mechanisms in place at the time. However, since this wasn’t a complete compromise of iCloud, I’ve removed that detail from my main point to make it clearer.
It was hackers ringing up phone companies, acting as celebrities or agents and asking for replacement SIMs. Or pretending to be Apple Support. And then social engineering around the MFA process. Apple’s security was on par with everyone else in the industry.
In 2014, Apple had an iCloud issue with a vulnerability in Apple's Find My iPhone API, which lacked rate-limiting, allowing attackers to perform brute-force password attacks without restriction. Apple denied that this was the cause of the celebrity photo releases, but they also patched several bugs relating to security and began promoting two-factor authentication.
> Facebook, Instagram, and WhatsApp could enable Meta to read on a user's device all of their messages and emails, see every phone call they make or receive, track every app that they use, scan all of their photos, look at their files and calendar events, log all of their passwords, and more.
Iunno, none of those things sound like stuff that isn't already being tracked by iCloud. If the user opts into it, I can't see legitimate grounds for Apple to object. It's like the old meme, "Myths of 'consensual' cloud services: isn't there someone you forgot to ask?"
If Apple's interfaces aren't fundamentally exploitative then I don't see how it's unreasonable to let Meta interoperate with them. As long as the user opts into it deliberately, Apple has no right to obstruct their business.
Personally, I don't trust Meta as far as I can throw them but it's my phone so I know I can make the call. I want interoperability to be forced so that iOS and Mac customers can finally use alternatives to Apple's unnecessarily opaque, expensive and untrustworthy services.
Competition will do good here. Apple needs to fix their infrastructure if they're unable to safely let competitors integrate with iOS and Mac platforms.
Best outcome: Meta reveals how Apple uses "privacy" as an excuse to block reasonable requests for third party APIs, favor first part apps and suppress competition, while Apple reveals how much data Facebook collects. Both lose, and users win.