return to table of content

Apple confirms it's breaking iPhone web apps in the EU on purpose

LeoPanthera
402 replies
21h32m

Since the article doesn't actually repeat what Apple has said, here's what Apple says:

== Begin quote ==

The iOS system has traditionally provided support for Home Screen web apps by building directly on WebKit and its security architecture. That integration means Home Screen web apps are managed to align with the security and privacy model for native apps on iOS, including isolation of storage and enforcement of system prompts to access privacy impacting capabilities on a per-site basis.

Without this type of isolation and enforcement, malicious web apps could read data from other web apps and recapture their permissions to gain access to a user’s camera, microphone or location without a user’s consent. Browsers also could install web apps on the system without a user’s awareness and consent. Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration architecture that does not currently exist in iOS and was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps. And so, to comply with the DMA’s requirements, we had to remove the Home Screen web apps feature in the EU.

EU users will be able to continue accessing websites directly from their Home Screen through a bookmark with minimal impact to their functionality. We expect this change to affect a small number of users. Still, we regret any impact this change — that was made as part of the work to comply with the DMA — may have on developers of Home Screen web apps and our users.

== End quote ==

Source: https://developer.apple.com/support/dma-and-apps-in-the-eu/#...

zer00eyz
159 replies
21h8m

Without this type of isolation and enforcement, malicious... camera, microphone or location ... Browsers ...

30 some million lines of code in chromium browsers.

Thats bigger than the linux kernel.

The HN crowed might not LIKE apples response but they have a very defensible position.

Edit: Its not like we haven't seen this play out on the desktop recently: https://www.theverge.com/24054329/microsoft-edge-automatic-c...

summerlight
75 replies
20h39m

Why should we trust Apple for security in that context? Apple also provides all those functionalities via their proprietary API, which is not even audit-able. If Apple really believes in that argument, they should disable their own API as well.

M4v3R
56 replies
20h31m

You have to trust someone if you're using a computing device connected to the Internet. The point of being in Apple ecosystem is that you trust Apple, and then (supposedly) you can not trust anyone else. To many that's a very strong proposition.

summerlight
44 replies
20h20m

The point of being in Apple ecosystem is that you trust Apple,

This seems to be over-generalization? Users are using Apple devices because those are good products, not because they want to delegate every single trust problem to the Apple ecosystem. That might be a great proposition for people like you, but there is a significant number of people who consider it a compromise rather than a value.

anon84873628
28 replies
20h8m

there is a significant number of people who consider it as a compromise rather than a value.

I suspect that from Apple's perspective, it is definitively not a significant number.

For Apple, ownership of the "trust problem" is an intrinsic part of "making good products".

summerlight
27 replies
20h0m

For Apple, ownership of the "trust problem" is an intrinsic part of "making good products".

Yes, this might be true. And the majority of elected officials in EU fundamentally disagrees with that statement.

geodel
11 replies
19h41m

And the majority of elected officials in EU fundamentally disagrees with that statement.

Well, EU can and will force, fine, or ban US companies as they see fit but there is not some fundamental correctness to their viewpoint

ImPostingOnHN
10 replies
19h27m

Any fundamental correctness of their viewpoint is by virtue of them representing more people (EU citizens) than Apple's CEO represents (himself and, I guess, the Apple corporation, if you count that). On moral issues, the fundamentally "correct" viewpoint (if there is one) is, by definition, the one that more people say is the fundamentally "correct" viewpoint.

mckn1ght
4 replies
18h2m

What you should be comparing is the percentage of the market the EU represents in the total market available to Apple. EU politicians are accountable to their population. Apple’s CEO is accountable to every Apple customer. The EU does not now, nor has it ever, constituted a majority of Apple revenue.

ImPostingOnHN
2 replies
17h51m

I don't believe the concept of a market has any fundamental place in morality, and my morality isn't limited to any particular "market".

Indeed, who apple is or isn't able to sell to, doesn't affect what people think is moral or immoral.

As for Apple's CEO representing Apple's customers: Are you sure? We didn't elect him. We just bought stuff made by an organization he currently runs.

mckn1ght
1 replies
5h15m

So you think government can prove morality, but markets cannot? If you don't think government is a marketplace where the currency is political capital, then you have a naive view of how governments work. Also, I don't believe the EU is a direct democracy, so the representative morality is lossy. Have you never disagreed with a decision made by a politician you voted for?

I'm saying that customers decide whether or not to buy from Apple based on whether they resonate with them from a moral standpoint, at least as part of their decision to purchase their products. And I said Apple's CEO is accountable to their customers, not that they represent them. Yes, they're also accountable to shareholders, as your sibling comment points out. But if the company screws up enough to elicit a popular boycott, you can bet the reason shareholders will be exercising that accountability is due to the actions of the customer base.

ImPostingOnHN
0 replies
5h2m

Yes, a democratic government represents the people, and thus their moral stance. A market sells stuff. There's really no relationship between the two nouns. No reason to compare them. You might as well ask, "So the people can decide what's moral, but a jar of pickles can't?" Yes, that's correct. A jar of pickles is technically a market, so this analogy applies particularly well.

> I'm saying that customers decide whether or not to buy from Apple based on whether they resonate with them from a moral standpoint

I fully believe that you might do that yourself. There's no evidence everyone else does, or even that a majority do. Especially since most people aren't informed of working conditions involved in manufacturing Apple products (or indeed, many others' products).

It's just not believable that everyone thinks that buying a product = agreeing with every single moral stance made by the person currently running the company. And what if he changed his mind tomorrow? Would he offer a full refund to everybody who asked for one?

> And I said Apple's CEO is accountable to their customers, not that they represent them.

He's not accountable to them, only to the board*, but we're discussing representation - that is, speaking on behalf of a people, according to those people, not you or I or the speaker individually. If you mentioned accountability while we were on the topic of representation, and I returned us to the topic of representation, you're welcome :)

[*]: Your example illustrates this: a complex chain of accountability from CEO to Corporation and BoD to Corporation and Corporation to shareholders is required for any action to happen. Being accountable to customers means customers can decide to fire him _directly_.

trinsic2
0 replies
16h40m

I'd argue that's not the case. CEO's are accountable to share holders, not its customers. And before you say its the same thing, there are a lot of pubically traded companies who get away with unlawful actions that direct effect its customer's for a long, long time without their bottom line being effected.

zappb
3 replies
15h47m

China represents twice as many people as the EU. This is not an enticing argument. Can you at least qualify this with democratic representation?

Nullabillity
1 replies
13h49m

Which free and democratic election did Xi win?

bryanrasmussen
0 replies
10h59m

none, which is what the comment was complaining about.

ImPostingOnHN
0 replies
3h54m

Thank you for your comment. In the spirit of interpreting it in the most charitable way possible, I assume that when you say "China", you mean the Chinese government. The answer is that Chinese government doesn't necessarily represent people living in China. As you say, it is not democratic. That leaves us with few indicators of representation.

It has control over the people living in China, true, but I do not think controlling a person, being able to put them in jail if they don't obey you, is the same thing as representing them.

cwyers
0 replies
17h16m

Governments in other countries have come to a different view, and it's for Apple to determine how worth it is for them to conform to the view come to by the representatives of the EU citizens versus catering to markets with other regulatory regimes.

paulmd
10 replies
19h32m

Yeah, as I’ve said before: the root problem here is that the EU wants to outlaw apples business model.

People don’t think of it that way, they tell themselves all the reasons why that’s a good thing, but that’s ultimately what it is - a legislative solution to end the “android vs iOS” debate for all time.

The argument is walled gardens shouldn’t exist, so the solution is to either legislate requirements that apple destroy the walls, or that they exit the market. That is a statement that most android advocates would agree with.

And the EU will largely just keep ratcheting up the legislation until that happens. Driving apple out is the point - walled gardens are (in the EU sense) unacceptable and the option for a walled-garden business model needs to be removed from the market.

Apple is (correctly) perceiving this and pulling out of the market, first by dropping the affected features, and I’m sure there will be a “next compliance requirement” before many years too.

munk-a
8 replies
18h59m

I feel like this is a win for consumers - I'd much rather there remain more OS competition on mobile devices[1] but if Apple wants to pursue a business model that excludes large portions of the world from their customer base that's their decision. I don't believe there exists any maliciousness from the EU towards Apple - they do, after all, benefit greatly from corporation tax revenues from Apple and iPhones are still quite popular in the EU. I think at the end of the day there's just a difference in the social expectation of privacy and freedom between the EU and NA. Apple, being primarily steeped in NA's expectations for freedom, hasn't built an ecosystem that is compatible with the EU's higher expectations.

1. Still hoping to see something amazing RIM!

jokethrowaway
6 replies
18h21m

I don't see how you can call EU having any expectation of freedom when commenting about a law which forces a company to comply to regulation.

This actively reduces freedom, the freedom of running your business. You just don't care about it.

If you don't like walled gardens you can just not use them (I certainly never bought anything Apple for this very reason), there's no need to infringe on the freedom of everyone else who wants to use walled gardens.

The EU is in general becoming increasingly less free, thanks to barely elected bureaucrats who line up their pockets with sponsors money.

munk-a
1 replies
18h0m

I think this is a great example of what I had mentioned as social differences of freedom between the EU and NA - in NA the freedom of businesses is often well protected up until it causes actual harm to human beings[1] - in the EU the freedom of human beings tend to be given priority of those of companies. It's important to remember that there are a lot of freedoms in this world and they often conflict in major ways. A quote that I love is "Your right to swing your arms ends just where the other man's nose begins". Freedoms are extremely easy to guarantee if they're non-conflicting but that's rarely the case. In this case the EU is siding with the freedoms of the customers rather than the freedom of the corporation - whether that makes the society less or more free overall is a matter of opinion.

1. I'd point to a great example from one of our current justices in this regard: https://www.theguardian.com/law/2017/mar/23/neil-gorsuch-sup...

jquery
0 replies
17h13m

That dissent sent him to the top of the Heritage Foundation SC shortlist for being a corporate kowtowing stooge.

trinsic2
0 replies
16h26m

Companies don't have freedom. People do. Companies are a collection of people that have a responsibility to the people who allow them to operating by charters. In our current age, I'd say that justice in this regard isn't operating as it should, because our governments are allowing selfish individuals within companies to do illegal stuff that go against the original intent of charters. Individuals that would normally be held accountable for their actions are now being protected from being prosecuted for harms they commit while being part business.

Companies are designed and allowed, by characters, to operate within the scope of whats good for society. If it harms the public good then it needs to be reigned in. I have no illusions that companies have the same standing and rights as living beings do. They are lifeless entities meant to be subject to the will of people.

justinclift
0 replies
17h59m

line up their pockets with sponsors money.

That's not just an EU problem though. It seems to be well established (and perhaps worse?) in many places.

johnnyanmac
0 replies
15h38m

This actively reduces freedom, the freedom of running your business. You just don't care about it.

In the same way Right to Repair, Minimum Wage, and Disciminatory hiring affects the freedom of running a business, sure. Unfortunately, rules are written in blood and this is happening because other businesses at this point abused the point of labor or customer satisfaction and needed to get dinged for it.

In this case, Blame Microsoft, I guess. Heck, even Google. we already know the result of a closed system abusing its platform and large share to make its product worse. I'm glad we're actually jumping into this before it's too late (like we usually do).

FireBeyond
0 replies
16h44m

If you don't like walled gardens you can just not use them (I certainly never bought anything Apple for this very reason), there's no need to infringe on the freedom of everyone else who wants to use walled gardens.

No-one's forcing Apple customers to go outside the walled garden. They can still source their apps from only the Apple App Store.

justinclift
0 replies
18h1m

NA's expectations for freedom

That'd be "corporate freedom" rather than "end user freedom" yeah?

That's my impression of what the NA model of freedom seems to mean these days.

Nullabillity
0 replies
19h22m

Apple is free to switch to a less fascistic business model.

dingle_thunk
3 replies
19h32m

Because of course elected officials without any expertise, representing a very small minority of humanity, are the best arbiters of reality.

munk-a
1 replies
19h6m

Non experts have to rule on expert subjects all the time - sometimes this goes hilariously wrong (like the internet being a series of tubes) but usually what happens is that the non-expert relies on the testimony of experts to make their judgement.

Politicians aren't expected to be experts due to the immense breadth of subjects they need to consider - they're expected to consult experts. Whether an individual politician is an expert[1] is pretty irrelevant.

All of these statements are about our general expectations of politicians - whether you think politicians adhere to that point or have comments on specific politicians is beside the scope of my comment. As a less controversial example it might be good to instead consider how judges operate who are expected to provide well reasoned judgements on subjects they know nothing about.

1. Sometimes those former expert politicians are the worst of all since they _think_ they know the way things are and won't listen to actual experts but they've been out of the industry so long that they've lost their familiarity with the subject.

Qwertious
0 replies
14h7m

sometimes this goes hilariously wrong (like the internet being a series of tubes)

That didn't go hilariously wrong, though - the internet is a series of tubes. Not physically (copper cables aren't tubes) but he obviously wasn't talking about specific stuff but broad-strokes analogy (his exact line was "It's not a big truck. It's a series of tubes."), and his description was basically accurate.

troupo
0 replies
9h48m

Unlike trillion-dollar corporations?

chongli
13 replies
20h14m

Users trust Apple because Apple is ultimately accountable for security breaches on iOS devices. If a 3rd party app causes a data breach it does not matter if the breach was made possible by compliance with regulations like the DMA, Apple will still take the blame.

summerlight
12 replies
20h2m

Users trust Apple because Apple is ultimately accountable for security breaches on iOS devices.

As a long time user of Windows which historically had an incomparably large amount of security incidents, I can assure you that Apple won't get blamed that much for 3rd party data breach unless it involves Apple's own service and user data.

chongli
8 replies
19h50m

Since you’re a commenter on HN I’m going to assume you’re a tech person. I’m not talking about tech people, who through their discussions try to find the correct person/company to blame for issues.

I’m talking about the general public. If a story about a data breach in a 3rd party app — affecting iOS users — hits the news cycle, Apple will take the blame and their brand reputation and sales will be impacted. It doesn’t matter whose fault it really is, Apple is the face of the iPhone and through their walled garden they have accepted final responsibility for everything that occurs on iOS.

Wowfunhappy
7 replies
19h43m

I don't see how this matters to the GP's argument. Windows was a virus hotbed for decades and that does not appear to have affected its reputation in a meaningful way.

chongli
4 replies
19h34m

That’s because Windows’ reputation was already mud. Microsoft made their business on corporate users anyway. Apple is a consumer brand. A data breach on iOS is like nudity in a Disney movie: utterly brand-destroying.

Wowfunhappy
3 replies
19h32m

Windows was both. If you were buying a computer in the early 2000s, it was almost certainly a Windows PC.

zappb
1 replies
15h50m

That was because Microsoft abused their monopoly in operating systems at the time to force OEMs to use their OS on all their computers in order to maintain the industry discounts on OEM licensing.

ffgjgf1
0 replies
10h30m

Also because there weren’t really any credible alternatives

chongli
0 replies
19h14m

Right, but Apple built their brand on being the alternative to Windows for people who didn’t want to deal with security issues, viruses, crashes, bundled junkware, etc.

You can draw a direct line between Apple’s original marketing pitch (easy to use, simple, secure, appliance-style computing) and the iOS walled garden. Just as you can with Disney and their family-oriented brand. It’s not a compelling argument to say that other film studios have nudity in their films when Disney is the brand at issue.

overstay8930
1 replies
15h40m

Windows doesn’t have a reputation. It’s the default. Nobody actually likes using windows you just have to. Do you really think there are people out there asking for advertisements in their start menu?

jc_dc
0 replies
15h6m

To this day, I prefer windows, and I have to switch between Mac and windows all day every day.

addicted
1 replies
18h24m

What was the last 3rd party breach Apple took the blame for?

overstay8930
0 replies
15h35m

Fappening. Apple took all of the blame and then we got mandatory MFA. The logjc works even if it’s the own users fault for getting scammed.

sunshinerag
0 replies
6h37m

I as an Apple user will blame Apple for design choices that lead to 3rd party breaches of my data and privacy.

geodel
0 replies
19h49m

Users are using Apple devices because those are good products,..

For general populace good also include secure by default.

"every single trust problem to the Apple ecosystem." is rather technical point that very few people would even understand meaning of it.

significant number of people who consider it a compromise

How significant compare to iPhone user base?

trinsic2
2 replies
16h52m

I'd rather trust a public (not-for-profit) institution that actually had a real incentive to protect user security. Instead we get for-profit companies that have a vested interest (conflict of interest) to do security the way it thinks it should be done. In my experience, that usually is bad for the people that are using the platform because there is no real surety that security is being done for the sake of the users.

Apple has no interest in working with public institutions that have a close relationship with the people they serve. That's a big red flag in my book. You cant trust a company that serves content and hardware and at the same time trust them with security. It's too many eggs in one basket, to easy of a target for rogue entities (NSA) even if they have good motives .

sunshinerag
1 replies
6h39m

Which public institutions do you find have real concern for their users? In which country?

fsflover
0 replies
5h23m
jc_dc
2 replies
15h9m

And to a degree, that’s why developers tend to hate Apple. They paint us as a pack of crims trying to steal from unsuspecting Apple users.

troupo
0 replies
9h45m

They paint us as a pack of crims trying to steal from unsuspecting Apple users.

Have you seen the world around you for the past 20 years or so? I'd say this characterises developers (well, companies they work for at least) quite well, don't you think?

MrDresden
0 replies
9h51m

I think you are conflating the relationship between consumers/developers and the corporation (that you work for?).

I don't hate Apple, but rather realise that it's bottom line and fiduciary duty to its shareholders is stronger than what is best for us (consumers/developers).

I do not trust the corporate marketing one bit (and honestly, why should I?).

This behaviour of Apple just further supports that view. As a company, it seems to believe that it is somehow above following the rules meant to benefit consumers/developers, which goes against what the company has been marketing its self with since the 80's.

So lets stop the 'Leave Apple alone (and us that work there)' crying, and just acknowledge what the whole thing revolves around.

addicted
2 replies
18h25m

Why can’t I choose to trust Apple for iOS and another developer for other functionality that runs on iOS?

We do this all the time. I don’t uniquely depend on Microsoft for stuff that runs on Windows. Same for stuff that runs on macOS. And on Linux I’m not even sure who I’m trusting from the ground up other than a huge and disparate collection of people.

So what makes iOS so unique that it can’t run PWAs, which is little more than adding some chrome and a handful of APIs to already pre-existing browser capabilities.

What an F’ing joke. And the bigger joke are the Apple fans who are going out of their way to defend Apple sticking it up their nether parts.

zappb
0 replies
15h52m

It’s not unique to Apple. It’s an inherent problem to securing Turing machines.

sunshinerag
0 replies
6h40m

If you are not an Apple user not an Apple fan why do you care so much about Apple and its users?

xwolfi
0 replies
13h29m

But that's what the EU is willing to reform. Apple isnt a EU company, hell it may even not contribute much to the tax base, there's less reason to trust them in exchange for gatekeeping against EU companies trying to generate tax revenue on their plarform.

Trusting Apple is nice in the US where it's probably a net contributor to the country's development. Elsewhere, not so.

blackoil
0 replies
13h46m

There are two kinds of trust, I may trust Apple to not intentionally steal data. But I may trust Signal to create a more inherently secure messenger, or I may trust Google to create technically a more secure browser.

What Apple and some users here are saying that users don't have intelligence to judge it and so will have to trust only Apple.

arghwhat
8 replies
19h10m

Well, while the argument is entirely bogus as "PWAs are unsafe" implies that loading web pages in that browser itself is unsafe and thus stopping PWAs but not loading pages is pointless, you do have to have full trust in Apple for security of your device as they are the sole provider for the core platform providing most of the security primitives used.

That just doesn't exclude trusting others as well.

Terretta
4 replies
19h5m

Well, while the argument is entirely bogus as "PWAs are unsafe" implies that loading web pages in that browser itself is unsafe

Except that's exactly what Apple is saying. Their engine -- and their brand depends on it -- offers users assurances arbitrary engines do not offer. Apple says PWAs are safe because Safari is safe, while not-Safari PWAs are not-safe.

And, if not safe, Apple is at least accountable.

Google's brand, for instance, does not depend on it: https://www.engadget.com/the-morning-after-google-will-settl...

troupo
0 replies
9h43m

Well, that link definitely plays in Apple's favour :)

arghwhat
0 replies
5h2m

Except that's exactly what Apple is saying.

You misunderstand. If a foreign browser engine was to be made available for PWAs, it would be because the user installed the browser and browsed the web with it. In other words, if loading a web page in this browser was unsafe - which is what a PWA is - the user would already be compromised. PWA or bookmark does not matter.

PWAs do not change the risk profile. PWAs only get a few extra APIs, but nothing major. Location, microphone, webcam, bluetooth, usb, etc. are all standard web APIs available to web pages, not PWA specific.

The argument that PWA specifically has a special risk profile is null and void. The only sensible reasoning is that Apple is strongly against opening their platform at all (their way of implementing compliance is borderline malicious), and maybe want to weasel their way out of any effort they can avoid (allowing users to install new types of apps is zero work, changing which app opens a link by default is near-zero, while allowing users to replace the engine for PWAs require a bit more integration).

anon373839
0 replies
9h3m

It doesn’t matter - they are going to support third party browsers anyway.

They are just afraid the browsers will host PWAs better than Safari does, making them a more viable alternative to the App Store.

addicted
0 replies
18h22m

Apple’s inability to protect its “brand” while doing what nearly every other platform owner in the world does routinely does not justify monopolistic and anti competitive behavior.

Dalewyn
2 replies
17h59m

implies that loading web pages in that browser itself is unsafe

Since when was loading web pages ever considered safe, at least by those who actually breathe computer?

It's frankly alarming how much trust we (must) give to Arbitrary, Remotely Executed Code(tm), especially given how many attack vectors are remote code executions.

johnnyanmac
0 replies
15h33m

Never, but the world wide web is the one force of nature even Jobs couldn't fight back against. I'm sure he tried, too. So like most "too popular" stuff, it was given an exception that no other type of app would ever dream of.

arghwhat
0 replies
5h0m

Well, that's a different argument altogether. Whether you consider browsing the web in any browser safe or not, the fact that PWAs do not change the risk profile of loading such pages remain true.

thimp
5 replies
20h3m

We don't entirely trust Apple. We just trust them more than other vendors.

fsflover
2 replies
8h57m

This is a false dichotomy. Completely trusting any single entity who doesn't really care about you (and only cares about extracting money from you) is riskier than trusting FLOSS, which is being constantly verified by independent actors.

thimp
1 replies
7h42m

That is not really how it works though. Look at the amount of limping, poorly implemented FLOSS software there is out there where the maintainers show no interest at all or there is no funding to support it. Look at the whole OpenSSL mess a while back.

I honestly prefer to pay a vendor who will (a) complete a product until it's usable (b) be motivated to maintain it because they are paid and (c) be motivated to maintain it because they are scared of the bad PR of not maintaining it.

fsflover
0 replies
6h16m

Apple OSes are insecure by design to aid surveillance (sneak.berlin)

43 points by vitplister 4 months ago | 32 comments

https://news.ycombinator.com/item?id=37875370

Apple fined $8.5M for illegally collecting iPhone owners' data for ads (gizmodo.com)

334 points by nixcraft on Jan 8, 2023 | 134 comments

https://news.ycombinator.com/item?id=34299433

Apple's Cooperation with Authoritarian Governments (jessesquires.com)

468 points by ig0r0 on March 31, 2021 | 291 comments

https://news.ycombinator.com/item?id=26644216

Apple reportedly dropped plan for encrypting backups after FBI complained (2020) (theverge.com)

425 points by samename on Jan 14, 2021 | 137 comments

https://news.ycombinator.com/item?id=25777207

rickdeckard
1 replies
19h35m

Who is "we"?

thimp
0 replies
19h32m

Probably the folk upvoting my comment.

zaphirplane
0 replies
20h25m

Apple’s business model excludes Clickjacking, stealing personal Information, stealing passwords, commissions from redirects, commissions from gambling sites redirects. Those in that business use browser plugins to get inside your security boundary so your argument maybe over my head or baby bath water thing

Retric
0 replies
19h56m

Using an Apple device requires trust in Apple even if you run a 3rd party operating system let alone a 3rd party application on their OS.

EasyMark
0 replies
18h21m

I don't trust anyone, but historically they seem on par with the big guys like Microsoft and Google. At some point you accept someone's security model or you roll your own system I guess and hope you're better than the security teams at these companies?

arghwhat
32 replies
19h14m

It really doesn't make sense. By that logic, I shouldn't be allowed to load web pages because it's impossible to secure a browser. PWA's only need a few extra integration privileges like badge- and window control, rest is just a web as usual.

What you link is a case of one app (edge) reading the data of another app (chrome), which is entirely unrelated to PWAs.

wokwokwok
25 replies
17h17m

By that logic, I shouldn't be allowed to load web pages because it's impossible to secure a browser.

Indeeed, and 'whatever browser engine you picked here' is responsible for correctly implementing these additional security features.

That's the argument; if you write an app that lets you run other apps inside it how do we make sure your app does security correctly?

When you look at it from that perspective, you can see that unless at an OS level you provide additional 'meta-security' features that allow apps that run in other apps to have fine grains access control that is managed by the OS, it's pretty much "security? Well, whatever...".

Right? I mean, whether you agree or not, it's a pretty reasonable position to take and it entirely makes sense.

johnnyanmac
7 replies
15h47m

and 'whatever browser engine you picked here' is responsible for correctly implementing these additional security features.

so, Apple? Since Apple has also required browsers for years to use their own safari backend, this isn't even an issue of "oh well it doesn't work on Firefox".

Sounds like they cornered themselves there.

nip
6 replies
12h58m

Apple’s hand has been forced to implement changes that didn’t fit their vision and roadmap.

I imagine that if you’re on HN you are close to developers or are a developer yourself.

And if so, I imagine that you have already had an important customer (to who you cannot say “no”), completely change your plans and architecture with a new feature request while setting an aggressive deadline (ie, you don’t have time to implement everything and must make choices)

Now replace you with “Apple” and “important customer” with EU.

johnnyanmac
2 replies
12h52m

I imagine that you have already had an important customer (to who you cannot say “no”), completely change your plans and architecture with a new feature request while setting an aggressive deadline

Sure. I sure do wish the demands were actually consumer centric, and not "force all these advertising tracking into your site, tank performance, and grab a bunch of unneeded user data".

And of course, if I maliciously complied and "oops the tracking only gets 1% of user data", I would simply be fired instead of get another strongly worded letter leading to meetings re-defining what "grab a bunch if unneeded user data" is.

nip
1 replies
12h22m

You are confusing the “important customer” with “other customers”.

EU is the “important customer”, the users of PWA are “other customers”.

Using your example, you would implement tracking for that important customer (and comply 100% to the requirements as Apple did) but because of this additional bloat, the website would load 2 times slower.

After a discussion with your colleagues, you would realize that:

- Most users won’t care about the slow loading (including the important customer)

- Re-architecturing the website to keep the same level of performance while adding the necessary tracking required by the important customer would delay shipping the tracking by 1 year, past the 2 months deadline required by the important customer.

Back to your desk, you start implementing the tracking that will incur a 2x slower load time.

johnnyanmac
0 replies
12h11m

You are confusing the “important customer” with “other customers”.

I'd love to one day work for a place where I can dismiss monetization as "the other customer". But alas, my career hasn't been that friendly.

Using your example, you would implement tracking for that important customer (and comply 100% to the requirements as Apple did) but because of this additional bloat, the website would load 2 times slower.

Given how the topic is:

Following developer complaints and press reports about how PWAs were no longer functional in the EU after installing the most recent iOS betas

I fail to see how the EU is the "important customer" here. And not the powers that be in Apple telling me to maliciously comply.

The EU said "allow other app stores to exist" and my theoretical manager at Apple is saying "okay, PWAs can exist but they don't have to run well. Add in unnecessary security (because the NA version doesn't have it) that disables functionality". I don't even see how it has to do with complying with the EU, unless it's soke long term OS lock down for future app stores.

Tell me how the EU here is the one telling me to slow down my OS/browser?

MrDresden
2 replies
10h7m

That is simply just nonsense.

They had 1,5 years from the time of being identified as gatekeepers to work on this.

The DMA was voted on by the EU parliament and then the council in july 2022, Apple was identified as a gatekeeper in september 2022, the law became legally implemented in november 2022, with gatekeepers required to comply with it by march 6th 2024.

I do not buy for a second that the richest tech company on the planet, that owns, designs and manufactures the whole tech stack their product uses was unable to respond in due time to the legally required changes and so 'just had to go this route due to time constraints'.

nip
1 replies
7h31m

The simple answer is that it’s not worth it to them.

They don’t see money with PWA at this point in time and therefore decided that breaking support was not a big deal.

It obviously outrages everyone on HN, but HN is not your average customer of Apple.

MrDresden
0 replies
2h19m

Oh I don't care one iota about PWA's on iOS.

However the parent argument was a weak one, and so had to be answered with facts.

neurostimulant
5 replies
12h5m

if you write an app that lets you run other apps inside it how do we make sure your app does security correctly?

But browsers already have this security features that isolates websites from each other? How come PWA, which essentially just placing a website shortcut in the home screen and hiding browser ui, affect browser's existing security features?

anon373839
3 replies
9h11m

It doesn’t, of course. Apple’s real concern is that if Chrome is allowed to host standalone PWAs, it can also remove some of the unnecessary pain points that Apple’s Safari maliciously injected to kneecap PWAs in the first place. For example, Chrome could make it easy for users to install a PWA. Chrome could support more web standards. Etc. This would create a true alternative to the App Store, with no Apple tax, and of course Apple isn’t going to let that happen without kicking and screaming.

scarface_74
2 replies
4h42m

Yes because PWAs are so popular on Android

Pesthuf
1 replies
4h16m

They’re not as necessary on Android because Android has alternative App distribution methods.

scarface_74
0 replies
4h11m

Right. Because downloading from alternate app stores or from the web is really easier than creating a PWA and is easier for discoverability.

But that is a new retort when I ask that same question most of the time. Often it’s because of mean old Apple that PWAs aren’t more popular on Android.

But since now that there will be alternate means of distribution in the EU, you should be okay with no PWAs in the EU?

AlienRobot
0 replies
6h3m

I thought the whole point of PWAs was that they could access user files directly, which they wouldn't be able to as a webpage inside a browser's sandbox? If that's not the case it's just a bookmark.

derefr
5 replies
16h42m

you can see that unless at an OS level you provide additional 'meta-security' features that allow apps that run in other apps to have fine grains access control that is managed by the OS, it's pretty much "security? Well, whatever...".

I don't think that's the only solution. A simple alternative is to declare that "apps that run in other apps don't get to do anything at all."

I.e. in this case, in response to a EU requirement to support alternative browser engines, Apple could — rather than disabling PWA integration altogether — drop all additional privileges that PWAs have that regular webpages don't.

Make installed PWAs in the EU market into just "webpages, but with a home-screen icon, a separate task-manager card, and no address bar." Which is 99% of the reason anyone installs a PWA anyway. No camera/microphone, no extra storage, etc. Not for Chrome PWAs, not for Safari PWAs; not for any PWAs (on these devices.) They're just webpages presented differently. No "meta-security" required!

giantrobot
2 replies
16h14m

Then everyone will just bitch PWAs can't do anything.

derefr
0 replies
2h19m

But only in the EU, and only on iOS. They'd still get enhanced capabilities elsewhere. (On iOS on any other continent; on Android anywhere; on ChromiumOS anywhere, or just Chrome on desktop anywhere; etc.)

And the nice thing about PWAs, is that there's no way for a PWA to know or care that it's being run "installed", and change its expectations/requirements — as there's just no web API for that. Instead, a PWA must just attempt to talk to each of these permission-gated APIs it wants to use, and find that it's now being [prompted for and] given access to them, rather than silently refused them.

So, unlike tightening the security model around regular native apps, tightening the security sandbox around PWAs shouldn't actually fundamentally break them — they should be designed to gracefully degrade when refused these capabilities. Presuming these PWAs were already ordinary fully-functional web-apps, which have just been progressively enhanced with these features when and where available, they'll just act like they do "on the web" — which should still deliver on the app's use-case. That's what the "Progressive" in "Progressive Web Apps" is supposed to mean!

Of course, some PWAs 1. will have been designed from the ground up as PWAs, and 2. will have a purpose/use-case that's very specific to the use of these high-integrity web APIs, such that they're completely useless without these PWA-only permissions. A video-chat PWA, for example, won't do much without access to your camera + microphone. There's no point to using these webapps as webapps — and often they don't even let you do so (i.e. they attempt to access the specific API they need on launch; if they succeed, they render the app UI; if they fail, they render a prompt to install the PWA.)

I don't know if you'd really call these PWAs, since there's nothing progressive about them — there almost needs to be a different term for these apps that need the high-trust APIs to do anything-at-all. For the sake of discussion, I'll refer to these as "Elevated Web Apps" (EWAs), since they require elevated permissions to be useful.

It's only these Elevated Web Apps that would benefit from having what the GP called "meta-security": the ability to interact with the OS security on a per-webapp basis, through e.g. an Android-like install-time gate where the app presents a capabilities manifest (displayed to the user as a set of permissions it wants) and the user makes a decision of whether to accept that.

And, if Apple simply neutered PWAs rather than removing them, it's only these Elevated Web Apps that people would "miss out on."

As cool as PWAs are as a technology, these Elevated Web Apps are a true minority or them — maybe 1% or so.

And — at least as far as I know — almost all Elevated Web apps only exist for one of two reasons:

1. to serve use-cases that users with access to native apps from an app store, just have no reason to care about. (Specifically, they were developed to allow users to accomplish native-app-equivalent things on OSes that don't support any kind of native apps — like FirefoxOS nee KaiOS, or early ChromiumOS.)

2. to benefit the developer at the user's expense, by forcing the user to give the developer permissions that allow the developer to spy on the user more effectively, before the app will work — but where the app doesn't actually do anything with these permissions to serve the use-case. (I've seen a few scammy Chinese dating sites demand to be installed as a PWA for this reason.)

In other words: on iOS, at least, you probably won't miss them! (Especially with the third-party App Store ruling also in place in the EU! Things like emulators don't need to be relegated to "WASM running in a PWA" any more; in the EU, they can just be third-party-store apps!)

Izkata
0 replies
13h19m

The Peapod grocery delivery app was already just single webview to their website. Worked fine.

rahkiin
1 replies
11h8m

This would run foul against the DMA, unless they make safari PWA also less capable.

derefr
0 replies
2h25m

That’s what I meant/said — they’d neuter the PWA framework itself, which would mean that any PWA (including Safari PWAs) would just become “regular webpages but standalone.”

kristiandupont
2 replies
12h32m

I don't see how this refutes GP's point. Yes, it's a big challenge but when they are allowing other browsers, the challenge is met already. The "install to home screen" feature adds but very minute extra features.

rahkiin
0 replies
11h3m

I guess the issue is that PWA is more deeply integrated… so instead of having this integration within the OS using their WKWebView component, they need to make it a user choice which browser component is used. This component then has to be installable through the App Store. This then also means an ‘app’ is hosted by another ‘app’, and to do this properly that host app needs to many permissions

elbear
0 replies
12h10m

My understanding is that Apple can provide security guarantees only for their own browser, because it's tightly integrated with the rest of their stack.

beeboobaa
0 replies
6h16m

Nah, it's secure because the OS is secure. No difference between an app itself and an app running "other apps".

It's all just code sandboxed by the OS. Apple is just being pathetic because they couldn't force legislators to do their bidding.

arghwhat
0 replies
4h42m

Indeeed, and 'whatever browser engine you picked here' is responsible for correctly implementing these additional security features.

Yes, and Apple now (against their will) allow me to select this browser myself to browser the web with.

Whether I use this to load a webpage normally or as a PWA does not change the risk I was exposed to. PWAs just let a web application ask the browser to run "fullscreen" without browser chrome, to set its badge and colors, to register as a handler for certain URL types, and to open the share panel. All actions already taken regularly by said browser.

Even if we assume Apple's statement that other browsers are insecure is correct, there is no value in blocking PWAs and requiring me to instead use bookmarks: I am still loading said application in said browser that implements and uses all this functionality itself. To the OS, a PWA is nothing more than a type of bookmark for a browser.

So, no - this is not reasonable and their argument makes no sense. If it was true that Safari was actually safer, then Apple should instead spend energy sharing how so that other apps can be equally safe - it would be incredibly irresponsible for the platform owner to keep security as secret sauce - rather than handicapping other apps.

ants_everywhere
3 replies
17h16m

What you link is a case of one app (edge) reading the data of another app (chrome), which is entirely unrelated to PWAs.

In one sense, sure.

But in another sense Edge taking Chrome's tabs means Microsoft is getting insight into Google's data. A lot of Apple's defenses seem really targeted at reducing the ability of Microsoft, Google, and Meta to extract value from Apple's users. Apple sees the union of all the app data, but their competitors can't put together that picture. So in that sense, Edge eating Chrome data may be the sort of thing they're looking to prevent.

sagarm
2 replies
16h58m

After all, Apple users are the product. They even pay for the privilege!

xwolfi
0 replies
13h33m

They are a cash flow generating financial product, like a bond ETF. Apple packages users, resell them to the highest bidder, and interest is collected as return on investment from the payments users make.

Ofc, like a bond, a user pays for a reason: he gets something out of the facility provided by Apple, in kind.

sunshinerag
0 replies
6h45m

Apple users are not products. That would be Google/chrome/android users

emgeee
1 replies
18h45m

In my experience even "a few extras privileges" can take many months to implement, especially for a company as large as Apple.

layer8
0 replies
17h44m

The EU gave them six months after being designated as a gatekeeper. The regulation already entered into force an additional ten months earlier, so Apple arguably could have already prepared for their likely designation.

The real issue, however, is that Apple is not saying “we need more time to implement the APIs”, which the EU would very likely concede, but “we don’t think it’s worth it for us”.

cma
22 replies
20h56m

But the plain browser already can request camera permissions, in a bad security situation a site that didn't request it still receives it from the browser's system level request.

This is just Apple wanting to avoid people being able to develop a platform on top of their platform without paying a tax.

zitterbewegung
16 replies
20h40m

That’s not the point though because WebKit is already secured by Apple but if you have multiple blink related apps like Microsoft edge or brave or Firefox apple will have to audit those too and be on the hook if something breaks and then Apple will have to take the blame over a security oversight they aren’t responsible for.

spaceribs
13 replies
20h21m

That assumes that Apple would be blamed for Edge/Brave/Firefox's security oversight.

shagie
6 replies
19h47m

If you add a PWA (with Safari) a year ago to your Home Screen and then change your browser to Firefox, and that PWA breaks out and steals some other application data...

Will you blame the software maker that you used to install the icon on the screen? or the one that is seemingly unrelated to the icon on your Home Screen?

m-p-3
3 replies
18h49m

Why silently change the underlying browser engine of an existing PWA without the user's knowledge?

That sounds like a bad UX. At least make the existing PWA stay with Safari and provide the ability to switch the underlying engine for each PWA afterwards if migrating is possible.

shagie
2 replies
16h45m

As I understand the legislation, Apple has three choices for how to comply with the law.

They can either allow third party browsers the elevated system access that Safari currently has in order to be able to access the data for multiple PWAs ... which compromises Apple's security standards, but puts Safari and other browser engines on the same footing.

Or, Apple can remove the additional security permissions that Safari uses in order to access the data of multiple PWAs so that Safari and other web browsers are on the same footing again.

Or, Apple can invest significant time and resources into creating a new sandbox for browser engines (including Safari) such that a PWA running in the browser engine will not be able to escape and access the elevated permissions of the browser engine or the data of other PWAs through a flaw in the browser engine.

Given the amount of effort that the third option would take, the low adoption of PWAs from most users within the European market, and the not going to compromise on the first option - the second option of removing security permissions from Safari (and other browser engines) to run PWAs is the only option to comply with the law in Europe.

pjerem
1 replies
11h35m

They can either allow third party browsers the elevated system access that Safari currently has

That’s a fable. Apple have a good history in security design. There is absolutely no way Safari have some "system access" that another app can’t have. Safari is probably just as sandboxed by the OS than every other app or else that would be an incredibly stupid decision.

If Apple wanted to implement PWAs correctly, they’d just run whatever engine + the web page in the same solid OS sandbox and there wouldn’t be any more security issue than with any App Store App.

Any iOS dev knows that it’s impossible for any app to gain any useful access without being granted the permission by the OS. The point is Apple is stuck being forced to hide that the security model of iOS is based on this (working well) sandboxing because it goes against their narrative that all the security comes from App Store policies (which they technically can’t enforce because all they’ve got to review is binary code).

shagie
0 replies
3h55m

It's not the Sandbox between Safari and Bank of America app - its the sandbox within Safari between the Bank of America PWA and Some Game PWA at issue.

Does Safari, as the browser engine running PWAs have access to the data of multiple PWAs?

If so, and Apple has good security - that's not a problem.

However, if Safari does have that access to multiple PWAs local data, and a different browser engine is used and also needs access to multiple PWAs data stores in order to be able to run them, what can Apple do to ensure that one PWA can't break out of its sandbox within the (as an example) Firefox PWA runner and access the data for another PWA?

If Apple cannot ensure that all browser engines have the rigorous design and/or history of security design and promptness of rolling out fixes when 0 days are discovered ... should Apple grant the additional security access for a 3rd party browser engine to be able to access the data of multiple PWAs?

If Apple should not grant that access because the other browser engines may not be as secure, then Apple (according to the law) must not grant its browser engine any favored position within the system.

The way to fill that requirement is to either figure out how to create additional sandboxes within 3rd party code so that PWAs running within FireFox cannot break out of their sandbox to access other PWAs ... or remove the ability for Safari to run PWAs all together.

And you pointed out yourself ... "If Apple wanted to implement PWAs correctly," - they apparently didn't implement PWAs correctly and are using sandboxing within Safari rather than sandboxing the PWAs and Safari combination at the OS level.

Should Apple invest the time to fix Safari and PWAs and 3rd party browser engines? Or given the low adoption of PWAs, is it less work and better security, and only a marginal loss of functionality to remove PWAs from Safari?

seszett
0 replies
19h32m

I would probably blame the "the software maker" for silently switching the engine used by previously installed PWAs. Why do that?

rickdeckard
0 replies
19h29m

You think this uneducated me would know that this was a PWA and no app and also remember that it was installed by Safari, an app I apparently don't own anymore at this stage...?

Why wouldn't Safari remove all its PWA icons when I uninstall it, considering that it anyway cannot transfer the data to another browser...?

etchalon
2 replies
20h12m

They would absolutely be blamed by users for it.

pjerem
1 replies
11h46m

Like when it happens on MacOS ? Oh wait…

etchalon
0 replies
1h44m

Yes, people blame Apple for it when it happens on a macOS.

Have you ever worked an IT support desk?

ChilledTonic
2 replies
20h8m

Why wouldn't they be? Especially considering their existing reputation in consumers minds for security and reliabilty?

spaceribs
0 replies
15h51m

Because they own and maintain the operating system, not the vulnerable software?

I understand that they've built this image of being a grand infinite protector for all their users within the walls of their garden, but they've had plenty of security issues within their own software, and plenty of cases where application developers have sidestepped their rules.

This relationship of trust with Apple is cultish at best. To say that I can trust Apple but not Mozilla? What are we smoking here?

pjerem
0 replies
11h48m

Because it never ever happened on any other platform including MacOS.

Ajedi32
1 replies
20h13m

So extending this logic to other platforms: if Chrome has a security bug on Windows... you believe people will blame Microsoft? And you think that would be valid justification for Microsoft pushing a "security update" that uninstalls all competing browsers and replaces them with Edge?

graeme
0 replies
19h25m

If you made a "Microsoft Windows Desktop Citibank App" from Edge, and then in stall Chrome, and the Uber app now uses Chrome, and a bug in Chrome lets someone steal your Citibank info, yes, the user probably would blame Microsoft as it was Windows software which made the Desktop app for Citibank.

And yes, if Windows had this feature and then Europe demanded it work like I described, Microsoft would be acting reasonably if it disabled the Desktop App feature in Europe.

Apple doesn't disable competing browsers, it just doesn't allow different web engines to underly the browsers. You can argue with that but it isn't the same as "uninstalling all competing browsers".

Gigachad
4 replies
19h40m

Browsers can still do that. It's more that PWAs look like entirely separate apps which the user would expect to be sandboxed. While a tab in a browser is clearly part of the browser app.

anon373839
2 replies
19h31m

This is not a meaningful distinction. Users ALSO expect ordinary websites’ data to be sandboxed. Users trust that pornhub.com won’t be allowed to read data entered into irs.gov.

almostnormal
0 replies
17h47m

Users trust that pornhub.com won’t be allowed to read data entered into irs.gov.

Likely, most are worried about the other direction.

Gigachad
0 replies
15h34m

There is also a brand rep issue. If there is a Chrome bug that leaks data, it will be seen as a Google issue. If PWAs have the same problem, it will be seen as an Apple security issue. One that they have no ability to fix.

cma
0 replies
4h59m

If I gave camera permissions to the zoom website on my browser, it is way worse if a random malicious email link gets them too on a different domain than if a permission spreads across PWAs I hand installed. This is Apple shaking people down.

rchaud
14 replies
18h59m

Android handles this just fine. These are the world's largest corporations we're talking about, not some mom and pop shop that will be crushed under the heel of overzealous regulation.

SigmundA
9 replies
18h51m

So Android allows alternative rendering engines besides Chrome for PWA? If you install Firefox it uses Gecko but still has native app look feel? I honestly don't know but would be surprised if they did.

Symbiote
2 replies
18h33m

Installing a PWA on Firefox for Android adds the icon to the homescreen with a tiny Firefox icon at the bottom. The look and feel is Android, there's no obvious bits that would look either Firefox or Chrome.

https://web.dev/learn/pwa/tools-and-debug#using_physical_dev... at "Firefox Remote Debugging" says there's a way to debug Firefox for Android PWAs.

So I'm fairly sure the PWA is running using Firefox for Android.

I also never accepted the terms and conditions for Chrome on this phone.

rchaud
1 replies
16h50m

The look and feel of the app itself is a CSS issue. There are web app frameworks that specifically offer themes matching style guides provided by Apple and Google. Framework7 is an example: the demo app on the home page is styled using iOS UI elements, and there is an option for more Android style designs as well.

https://framework7.io/

rafram
0 replies
14h15m

I wouldn’t say that demo is very convincing…

Pfhortune
2 replies
18h24m

So Android allows alternative rendering engines besides Chrome for PWA?

Yes: https://developer.mozilla.org/en-US/docs/Web/Progressive_web...

I tested just now in Firefox with an app from https://appsco.pe and it does indeed work!

I can do the same with the Android version of Brave.

If you install Firefox it uses Gecko but still has native app look feel?

That depends on your definition. Making an app _feel_ native is a matter of implementation. But the opposite is also true: A native app is free to feel non-native if the app creator makes it that way.

The app does show as a distinct entry in the app switcher, but still has a Firefox icon when I tested it just now.

prmoustache
1 replies
10h46m

I tested just now in Firefox with an app from https://appsco.pe and it does indeed work!

I tested just now in firefox with an app from https://appsco.pe and it just...opened a browser tab with the website.

So I understand a PWA is just a website but isn't the whole point to have a dedicated window/card for it?

Pfhortune
0 replies
2h16m

I don't know what your setup is, but it did work for me, creating an app that shows as its own icon on the homescreen, without FF chrome, with a separate app-switcher entry. Using a S24 Ultra with whatever the current OneUI is.

teki_one
1 replies
18h32m

I think Android already allowed that 7+ years ago: https://hacks.mozilla.org/2017/10/progressive-web-apps-firef...

SigmundA
0 replies
18h15m

Ok so I guess Android has some sort of API for allowing an app to install additional icons on the desktop with specific parameters like a shortcut and it shows the icon with a little icon representing the parent app, makes sense.

So if you install a PWA from Firefox it runs in Firefox and from Chrome it runs in Chrome similar to desktops. Looking at it this way I could see Apple doing something similar with less effort than trying to standardize a web view API and have PWA use the "system default browser".

dazilcher
0 replies
18h26m

"On Android, Firefox, Chrome, Edge, Opera, and Samsung Internet Browser all support installing PWAs."

https://developer.mozilla.org/en-US/docs/Web/Progressive_web...

natch
1 replies
15h52m

Android "handles it" if you want to call shrugging it off "handling it," by making different security tradeoffs that do not emphasize security as much as Apple does.

internetter
0 replies
13h46m

Android zero days are worth as much as iPhone ones.

nonethewiser
0 replies
18h40m

First, we should not be content to crush mom and pop shops with regulations.

Second, it’s entirely dependent on the regulation whether it crushes (or even just hurts) a behemoth.

2OEH8eoCRo0
0 replies
18h56m

Suddenly the user respecting innovators are all out of ideas!

thimp
5 replies
20h27m

As an end user who has been fucked over by the other side (MS/Google/crappy app vendors), I am behind their decision.

If I was not I can choose to leave.

I know this is a divisive comment. Please see my further extrapolation in a child comment.

circuit10
4 replies
20h24m

How does removing web apps help anything? To me it seems like part of a ploy to create backlash against this law by removing features

thimp
1 replies
20h8m

It's a move against the third party browser engines which have been the bane of my existence from a security perspective on other platforms. For example, the about box in an Android app bundled a whole different browser engine which circumvented device policy entirely and allowed data to be exfiltrated. This app change was delivered in an update by clueless or lazy developers. This is not possible on iOS due to the platform restrictions.

In this case they have to change the integration and sandbox model to allow the security policy to remain intact for people who want and need it. That breaks a few things but it stops the integration from being used for exfiltration among other things.

Note that they're not completely breaking it, just ensuring that the security model stays intact when browser engines have to coexist on the same device. That means sacrificing some convenience for security.

chrisjj
0 replies
3h29m

For example, the about box in an Android app bundled a whole different browser engine which circumvented device policy entirely and allowed data to be exfiltrated. This app change was delivered in an update by clueless or lazy developers. This is not possible on iOS due to the platform restrictions.

If this prevention is by OS security, then your complaint is about the OS.

If it us by store guards, then yiu complaint is about the store.

So sorry, but I don't see how your complaint is properly about the browser engines.

anon84873628
1 replies
20h5m

I know it is not en vogue to be charitable towards tech companies, but it seems fair to assume that some teams are making a good faith effort to follow the law, and may be forced to accept imperfect design tradeoffs. Like they say, it affects a relatively small number of users, there is a sufficient workaround, and the technical fix would require major investment.

Not everything is a conspiracy.

chrisjj
0 replies
3h28m

it seems fair to assume that some teams are making a good faith effort to follow the law

Equally fair to conclude that one team here is not.

lukan
0 replies
8h53m

If chrome is really the problem, then chrome is already the problem and nothing about PWAs can change that.

And if PWAs from chrome are the problem, then it would also be possible to not allow chrome PWA's but still allow webkit PWA's.

jc_dc
0 replies
15h13m

I don’t buy it. Apple build iOS and I’m sure they will sandbox alt browsers as they do with every other 3rd party app on the phone.

heisenbit
0 replies
10h40m

It makes absolutely no sense. Apple could have pointed out to the EU that there are major and not - in the given time - fixable security issues with allowing other browsers on the home screen. PWA runtime platform could be seen as imho. other market than general web browsers. PWA serve niche markets (and corporate in-house) and this move may hurt the long tail in the EU but also globally.

beeboobaa
0 replies
6h18m

Lol, no. They were fine for years but are not throwing a hissy fit. It's all utter nonsense. Third party apps are subject to the same security guarantees the system has been operating on for years.

But a legislator forced their hand so now they gotta cry about it.

anon373839
0 replies
19h36m

The HN crowed might not LIKE apples response but they have a very defensible position.

You and Apple both are ignoring the fact that these permission APIs exist even if the website isn’t being displayed in standalone/full screen mode. The modern web is built on them, and third-party browser engines WILL provide access to these APIs in Europe.

InsomniacL
0 replies
7h15m

Why can the camera be accessed through third-party browser engines so long as it's in a browser window?

If the browser engine can't be trusted to segregate camera access through a PWA then why is it trusted to segregate it in-app?

benguild
88 replies
20h24m

The “low usage” comment is going to be more ammo against Apple unfortunately. The whole reason they are low usage on PWAs is because of a lack of investment from Apple and a lack of parity, yet for the longest time Apple has played both sides by saying PWAs are a viable alternative to the App Store, all while channeling people to App Store for actual app downloads and not providing similar marketing or anything for PWAs

thimp
58 replies
20h0m

Are you sure this isn't a tech industry viewpoint? I don't know anyone who knows what the difference between an app and a PWA is. I don't think I've seen anyone outside of the tech industry with a PWA active.

In context 99% of the users I meet don't even know what USB-C is.

dangus
20 replies
16h30m

I think PWAs are an outright failure and a technical solution looking for a problem. I don’t even know where to find one.

For one thing, if Apple is complying with the EU’s alternative App Store and browser engine mandate, they’re even less useful than before. Why do I as a user want a PWA when I could have a native app?

johnnyanmac
6 replies
15h52m

I mean, the problem is the same one introduced since the two big mobile platforms were established: "I want to publish to IOS/Android as a native app without needing to have two separate builds to manage". PWAs make that pitch to those who already have websites to triple dip. It never has to promise to be as good as a native app, just "good enough".

Does it live up to that? YMMV. It's probably fine for very simple apps, probably comes apart at the seams for anything trying to look modern or have fancier functionality.

claytongulick
4 replies
14h57m

I've built large, complex and beautiful healthcare apps as a PWA.

The only two things I've ever missed from native functionality are:

- background geolocation

- push notifications on ios

The second one was fixed recently.

In contrast, from what I've seen 90+ percent of apps I see in the app stores would be better as a web page / PWA.

dangus
3 replies
13h18m

But the real question is where most of your users live.

I’d take a decent wager that most of your users are most familiar with apps and would prefer installing full apps.

Doesn’t matter that most apps would be better suited to being a web page or PWA if that’s not where the users are. That’s kind of like saying that PCs are better at gaming than consoles. Yes, that’s true, but that’s not where the majority of users are.

johnnyanmac
1 replies
12h58m

I mean, PWAs aren't made with the goal to maximize User UX. It's a cost saving measure like any other solution that isn't making 2 dedicated native apps for IOS/Android.it won't get as much traffic as a native app, but it's almost "free" to deploy.

To use the gaming console example, it's not unlike using an emulator to launch your game on PC (if you could somehow monetize an emulated rom). It's not the ideal experience, but it requires very little extra work.

callalex
0 replies
10h31m

I find PWAs to have a vastly superior UX. I can trust that they are running in the strongest sandbox my device has to offer. I don’t have to download anything, and I don’t have to update anything. I don’t have to remember any account passwords to install anything, and my ad blockers and password managers just work inside them. I don’t have to worry about arbitrary content policies of Apple or Google, the app can just show me whatever it wants.

kristiandupont
0 replies
12h40m

But the real question is where most of your users live.

Well, they "live" on their phone. I would just put a button on my website to install the app, users would find that easily.

tie_
0 replies
6h48m

The "two big mobile platforms" were not established by an irreversible act of God. Before the current time of two platforms, there was a time of (mostly-)one platform i.e. the Web, and that platform had quite a few nice features.

One of the small conveniences is indeed that you didn't need to develop the same thing twice, which made the barrier to entry much lower. The functionality that you were exposing to users did not need to pass a review at one of two US tech giant companies, which could reject publishing it for any or no sensible reason at all. You were not forced to pay 30% of your revenue to the gatekeepers of the platform. You were not banned to invite users to buy your product in any way that works for them, even if it meant sending you checks over carrier pigeons. There was no _chokepoints_ that a single company could squeeze to further its own interests (after the collapse of IE).

jc_dc
5 replies
15h17m

PWA’s on Android can be installed directly from a website…it’s awesome, less friction and less scammy than the Play Store.

On iOS you need to use the Share > Add to Home Screen which normies have no clue about. You’ll find out if the site supports PWA features AFTER you add it to your Home Screen. This of course is done entirely on purpose to make them harder to find and less appealing than the revenue generating App Store.

For me, I use iPhone entirely because pixel doesn’t support cardav and caldav out of the box…if I can’t use PWA’s on my phone then I’m going back to android cause I can solve the email problem easier than I can solve the productivity tools not being available via PWA’s.

dangus
4 replies
13h3m

Google should in theory have the same play store revenue motivation to hide PWAs, right? Granted, they also want people to stay on the web to continue using Google.com, so I guess those are two competing priorities.

That to me is a bit of an indicator that Apple just doesn’t believe in the merits of the technology. I think they might be asking the same question in asking: what problem is this solving?

Every platform with a web browser has a better way to run applications, which is to just run an application. A web site that is masquerading as an installed application is basically just a less capable application.

As a side note, I’m also not really sure how an app store can be considered scammier than the entire web. The web is a Wild West with far fewer “rules” than the Play Store.

jc_dc
1 replies
9h39m

Google have an interest in moving people away from desktop applications because they don’t have a desktop OS (not counting Chromebook).

We run 3 SaaS apps. One is strictly native, and the other two are strictly web. Writing for 4 platforms on the native app is an extremely expensive exercise and then we are also subject to the insanity that is the App Store. Long story here, everything from App Store review times on mission critical software to the fact that their billing mechanism simply doesn’t work for B2B SaaS…and by the way, we get zero traffic from the App Store as that’s simply not where our customers are looking for the solution we provide. Fortunately, bulk of our customers start on desktop where we self distribute (code signing on windows and notarization on mac) with ev ssl on marketing sites. Why is the App Store scammy over the open web…search for any number of popular apps and look at how many have been cloned. Sure, you can do this on the web with paid ads and enough SEO effort but it’s much harder.

To this day, Apple continue to allow keyword stuffing, advertising on trademarked names, and blatant copyright infringement in app descriptions and even I (fairly tech savvy) accidentally purchased a clone of poly bridge for my kid cause they’ll list the clone above the real one on an exact term search. What was apples response when I said I purchased the wrong app? Tough cookies!

This is the same reason I hate shopping on Amazon. I simply prefer to have a direct relationship with the companies I buy things from, and from what I can tell, our customers prefer have a direct relationship with us.

But back to why PWA’s are awesome…simply put, iteration time. We can publish dozens of improvements every day and roll back instantly when an issue arises. We simply can’t do that with native as long as the Apple / Google act as a gate keepers. When we allow proper sideloading without the scare tactics and dirty tricks, we’ll take the time to build native again.

alexdbird
0 replies
7h16m

why PWA’s are awesome

You've described some advantages to you as a developer. For the average user, apps that change all the time and effectively make them a tester aren't such a no brainer!

noirscape
0 replies
7h59m

Kind of, it's just that the approach Google takes is a lot more palatable than Apple's. As someone who has written a PWA (albeit one that almost entirely relies on SSR), Google's PWA approach is definitely better than Apple, but there's some marked issues.

For one, the actual PWA packaging process gets shunted off to a Google server; I think you can make a "thin client" APK from a manifest using a tool they wrote some time ago[0] (Twitter Lite is one of these), but I've not really looked into it. It's not quite the extension to Chrome you'd really want it to be; if you use a non-Chrome browser on Android, it means you can't really ditch the Chrome dependency if you want to use a PWA. (Further not really helped by the fact that Google is basically the only PWA implementer on Android, since Firefox does not consider PWAs a priority whatsoever.) Similarly, Google's servers need to be able to read out the manifest declaration, which makes them unfeasible for intranet software unless you want to punch a temporary hole and expose it to the internet for a bit.

The other kinda annoying thing Google does is really aggressive degradation between PWA and homescreen shortcut. If the manifest isn't entirely up to snuff in terms of what's listed, there's no attempt at trying to resolve the issue, it just instantly degrades to a homescreen shortcut. A basic example of this is the requirement to use a service worker (even if the service workers entire job is to do nothing); it's not really stated in the manifest spec that it's required, but if you don't have one, the PWA straight up refuses to install as a PWA.

Google's strength with the play store really mostly comes from their bundling advantage; Play Services and the attached Store and Google Apps are required for OEMs to add to their devices (might change with the DMA?). That's the kinda odd reality that makes Apples desire for control seem so extreme - we know what an open platform looks like on Android. It works pretty well for the most part and the incumbents advantage for a store is large enough that almost every app developer submits to the Play Store regardless.

[0]: It's called Bubblewrap - https://github.com/GoogleChromeLabs/bubblewrap

JacobThreeThree
0 replies
11h43m

Google should in theory have the same play store revenue motivation to hide PWAs, right?

Google in theory has a financial motivation to make their competitor Apple look like the bad actor.

TheCapeGreek
3 replies
10h43m

technical solution looking for a problem

In some regards yes. In practical regards they're a threat to app store margins (on all app stores, not just Apple), so there's no incentive to truly support them other than developers being loud about it.

I don’t even know where to find one.

Because Apple has crippled the ability for you to use them, so developers can't really spend time working on them. Chicken and egg problem.

if Apple is complying

They're not really, they're twisting and turning as much as possible to look like complying but make the desired outcomes even more difficult to achieve.

brookst
1 replies
5h55m

Isn’t all regulation about activities, not outcomes?

If a regulator enforces a ban on dihydrogen monoxide in a misguided attempt to reduce global warming, should companies comply with the regulation or the presumed intent?

The EU is demonstrating the folly of legislation tech product design at this level of detail.

jsjohnst
0 replies
5h33m

dihydrogen monoxide

Heh! Also known as hydroxyl acid. It’s the major component of acid rain.

;)

scarface_74
0 replies
4h45m

It came out in the Epic trial that 90% of App Store revenue comes from in app purchases of pay to win games. They are not going to all of the sudden move to PWAs and on top of that, they already use cross platform engines.

anon373839
1 replies
9h19m

You think that a technology that allows mobile apps to be developed and distributed in a way that’s secure, free and open, and platform-independent is a solution in search of a problem? Honestly?

scarface_74
0 replies
4h47m

Yes, just like every other cross platform GUI has been a dumpster fire since Java Swing all the way up to Electron.

mgoetzke
0 replies
8h29m

It allows us from our webapp to easily allow a user to i.e. PIN a section of the app onto the homescreen (e.g import photos into this folder).. really nice.

anakaine
20 replies
19h44m

Fair call on your first point about PWA knowledge level in users. Regarding your users knowledge of what USB-C is: are you sure your user group are not potato's? Most people I know, including the teenage daughters and their friends, all know what USB-C is these days.

thimp
19 replies
19h42m

One of them was going to buy a new phone because it took a long time to charge. This was because she had a crap charger and crap cable. I am unsure if they are potatoes or not but I suspect they might be :)

red369
17 replies
18h45m

I don't necessarily think it applies in your example, but I've heard some very silly reasons given by people as their reason for upgrading.

I think a lot of the time people give an excuse, or perhaps even a justification to themselves, when they really just want the excitement of new phone. I often catch myself inventing reasons why I should replace my perfectly fine phone.

thimp
16 replies
18h33m

No it was 6 months old and she doesn't care about it or phones. She thought it was broken. I charged it with my powerbank, an anker PD one and she ordered a proper charger off amazon. I gave her my spare USB-C cable. It was seen as a potential financial inconvenience having to do anything about it as well.

Literally many people do not care enough to understand it. It's just a modern necessity, a tool.

illumin8
15 replies
14h35m

This is my wife. She purchased a bunch of USB-A to USB-c cables off Amazon and wonders why her laptop runs out of power while plugged in - it's because the laptop needs 25-30 watts and those cables can only put out 5 watts because they're limited by the USB-A port.

USB-c PD is such a dumpster fire of a standard. Even with supposedly high end cables like Anker you often can't charge a Macbook Pro faster than it can drain it's own battery under load. We can't expect normal people to understand why there are a dozen different cable types that all have the same tip but charge at vastly different rates...

Dylan16807
10 replies
11h31m

The charging speed of USB-C cables (C on both ends) is pretty much just the slow ones and the fast ones, and "slow" is 60 watts.

throwaway2990
6 replies
11h16m

No.

Dylan16807
5 replies
11h6m

Yes.

Every conforming cable supports 3 amps and 20 volts.

If you think something's incorrect with that, be specific. But the spec is pretty clear.

The exact details of the faster cables are murky because there's old and new versions of that section of the spec, but very few devices use enough power to care about that.

oarsinsync
4 replies
10h17m

Every conforming cable

The problem is all the non-conforming cables that people have, that look exactly the same as conforming cables.

geoelectric
2 replies
9h40m

Except they were responding to a comment criticizing USB-C PD as a standard. Non-standard cables are irrelevant to that discussion.

oarsinsync
1 replies
4h56m

We can't expect normal people to understand why there are a dozen different cable types that all have the same tip but charge at vastly different rates

Is the part of the GP comment I was responding to. The connectors form part of the standard. There’s no way to identify a standards-conforming cable from a non-standards-conforming cable by looking at it. They all look the same.

seba_dos1
0 replies
3h6m

This applies to any kind of cable. How can you tell that a HDMI cable isn't empty inside, missing all its wires? It looks the same!

seba_dos1
0 replies
3h25m

In this particular context, a "non-conforming" cable would cause troubles by starting fire or dropping voltage below usable range, not by limiting charging current. The only sane thing to do with such cables is to throw them away.

Really, we're talking about physically broken cables here. As long as there's electrical connection, there's no other way for a cable to not work at 3A/60W with USB PD. Its cable requirements only start when you want to go higher than that - and 60W is plenty of power already.

j16sdiz
2 replies
6h56m

No. PD is optional in standard.

Reason077
0 replies
6h41m

No, all compliant USB-C cables support 60W minimum (3A @ 20V). That is the minimum baseline for all USB-C cables.

Higher power levels beyond 60W are optional. The newest PD spec goes up to 240W (5A @ 48V).

Dylan16807
0 replies
1h40m

Optional in what way?

Having power wires isn't optional. The ohm limits aren't optional. And they can handle 20 volts by virtue of using normal insulation.

The 60 watt limit is for completely passive cables that don't implement anything PD-specific.

seba_dos1
0 replies
3h29m

There are no USB cables that are limited to 5W, and standard non-PD USB-A ports can give you up to 15W.

The only case where you may need a different (non-passive, "e-marked") cable is when going above 60W (3A).

literalAardvark
0 replies
8h39m

That's true of all things that don't respect standards, not a PD issue. If you buy a wheel and it's not up to spec it'll crack. If you buy a power cable and it has a type-c on one end and a 110/220v plug on the other, that's not going to work well either.

Buy stuff that's up to spec, and it'll be fine.

diffeomorphism
0 replies
10h34m

It is a bit curious that you immediately jump to PD being a dumpster fire instead of the much more immediate "apple is a dumpster fire and incompatible just to be obnoxious".

dhosek
0 replies
13h22m

I recently discovered that I can use my iPad and MacBook charging brick to test PD of a usb cable. If it’s low wattage, the charging brick will not provide any power to the iPad. High wattage and it will.

pmontra
0 replies
9h35m

It can be only the charger or the cable. It usually happens when using the charger of an old phone for a new one or when buying a new cable, maybe because the one coming with the phone is too short and doesn't go from the plug to the table. Both chargers and cables usually list their compatible phones.

JacobThreeThree
4 replies
11h45m

Are you sure this isn't a tech industry viewpoint? I don't know anyone who knows what the difference between an app and a PWA is. I don't think I've seen anyone outside of the tech industry with a PWA active.

The more important context is the legal one, not what laypeople think.

Apple is presenting PWAs as viable alternatives to the app store in a legal context: https://www.accc.gov.au/system/files/Apple%20Pty%20Limited%2...

EricHolden12
1 replies
4h33m

But now they’ve allowed alternative app stores so why are PWAs still required?

beeboobaa
0 replies
4h27m

Because they have already been heavily invested in and are cross platform. Sure, Apple has already been fucking over PWAs by refusing to implement certain web standards, but they still promoted them and they are heavily used in certain industries.

gtsteve
0 replies
7h34m

Companies can quite happily hold two opposing viewpoints when it suits them. Apple's products usually have some kind of pleasing consistency but that doesn't mean their corporate dealings have to be.

In a similar vein, a startup will be very happy to talk about how valuable it is, except when it comes to talking to tax authorities, whereupon suddenly their shares are borderline worthless.

f1shy
0 replies
7h39m

No. It is not! The law is for the people, for the „laymen“, not for lawers.

tester89
2 replies
19h46m

The only PWA that I think gets any use on i(Pad)OS is that for the Financial Times.

dcow
0 replies
6h20m

It’s just iOS and macOS.

cal85
0 replies
5h35m

I thought that was gone but you’re right, app.ft.com still works and can be installed as a full screen PWA. But the main site, ft.com, isn’t a PWA (or at least, it doesn’t install as a full screen web app). I had assumed they had shut down the PWA, because I haven’t seen any promotion/mention of it for years (and I use ft.com a lot) so I don’t know how regular people would find out about it these days.

afavour
2 replies
16h1m

You’re right but a lot of that has to do with discoverability and the lack thereof on iOS. On Android you can show an install prompt via the browser or even package your PWA to be distributed via the Play Store. On iOS you have to do a strange incantation of “sharing” a web page to your Home Screen via a submenu. Its utterly unituitive so it’s not too surprising that most don’t.

cal85
1 replies
6h15m

I think it's pretty feasible for a web app (assuming the user trusts it) to prompt a user and explain how to add it to homescreen from iOS Safari. I can imagine, and think I've seen in the past, a nice-enough UI flow to get people to install a PWA. After explaining the benefits, you have an "Add to Home Screen" CTA button. When the user taps that, if it's iOS Safari, you pop up a modal that visually explains the two steps required, which are (1) tapping the button at the bottom of the screen, and (2) tapping the "Add to Home Screen" menu item. (OK they need to do one final tap on 'Add' to confirm the title, but most users who've got this far would manage that on their own.)

I agree that's not as good as a native install prompt but I don't think it's a strange incantation/utterly unintuitive. I know that icon originally meant 'share' but these days it means a wider range of things - basically "take this thing somewhere else".

afavour
0 replies
6h3m

It’s definitely possible, I’ve done it myself in the past (it’s still very annoying owing to the different position of button on iPhone vs iPad) and the analytics show some users get it. But as compared to “find us in the App Store” it’s night and day.

It’s also a very inconsistent experience: some sites have set themselves up as fully featured PWAs, others have made no efforts at all. Both get the same button.

lloeki
1 replies
12h12m

In context 99% of the users I meet don't even know what USB-C is.

OH (frequently):

- hey I need to to up, do you have a phone charger?

- yup, which kind?

- not "an Apple"

- oh, so USB?

- yeah the "standard" one, not the "new usb"

That said, I'm surprised many do know about the literal "usb-c" term. Micro USB A though flies over their head, it's "small usb" or "standard usb" every time.

Of note: EU here, and while they by and large don't know about the EU standardising stuff they did notice the effect. I've seen a few refer to USB-C as "universal one" (largely coz it works the same for both phones and laptops)

pmontra
0 replies
9h39m

With my friends it's either "USB-C" or the "round USB". Maybe it's already too old to be referred to as the "new USB". The old one is definitely the "old USB" or the "not round USB".

formerly_proven
0 replies
10h5m

So what's a Home Screen Web App in this context? Is it adding a bookmark to the home screen (you open it, and it opens in the regular full iOS Safari), or something else?

darylteo
0 replies
17h36m

Going on a slight tangent: I do get many clients inquiring about PWA because "they don't need to pay 30% per purchase". This is anecdotal, of course... they wouldn't be able to tell you what it is, but all they care about is that they save 30%. So there is definitely "interest" in PWAs.

benguild
0 replies
19h32m

Correct on it being a tech industry viewpoint— people think "apps come from the App Store" and therefore anything else that's clunky requires a fair amount of education and payoff for users to adopt.

It's off balance, and it shows now that the tech has to be removed since it wasn't actually at parity despite it being an argument for it unfortunately.

The worst part? This has been the case for 15 years. It's not like there wasn't enough time to fix it. That's plenty of time to hire and develop solutions, yet now look at the reasons for it being taken away.

jdminhbg
8 replies
18h58m

So are PWAs really popular on Android?

shuckles
7 replies
16h35m

I think the advocate retort is that lack of support on iOS makes them a nonstarter for developers on all platforms. I think this argument is more of an excuse.

dangus
5 replies
16h29m

Right, Android has something like 70% global marketshare. PWAs aren’t popular because they don’t really benefit developers/businesses. They also don’t offer any advantages in user experience over a native app. Apart from the economics, there’s no developer friction advantage since you can use something like react native and deploy anywhere.

The kind of deep user information you can gather by installing a full blown app compared to a more sandboxed web app is worth way more than the 30% royalty cut.

kristiandupont
3 replies
12h37m

There is great value in building one product instead of three.

The kind of deep user information you can gather by installing a full blown app compared to a more sandboxed web app is worth way more than the 30% royalty cut.

What kind of information is that?

dickersnoodle
2 replies
5h31m

Great value to whom? The only value I've ever heard of that made any sense at all was "saves me money and lets me change things and publish them faster" and that (as other commenters have said) is a developer / manager value, not a user value.

capr
1 replies
1h29m

Developer value is totally user value. The developer "changes things and publish them faster" for the customer, it's not a hobby.

dickersnoodle
0 replies
46m

It's tempting to think so, but IME users download apps to get things done more than they want to "ooh" and "aah" over an app's UI changes and I've been an app developer since 2009. It's all too easy to push out someone's pet feature (or something to buff up someone's resume for their next job) and if it's a speed-focused company it's a coin flip whether there is someone acting as the gatekeeper to keep that kind of nonsense out.

grotorea
0 replies
5h32m

70% of marketshare isn't the important part, it's what the share of potential revenue is. And it's well know that iOS has more revenue per user.

brookst
0 replies
5h50m

I can’t believe Apple is holding back my vision for a resurgence of COBOL apps. If only Apple would support native cobol apps, surely Android would follow and the world would see peace and prosperity forever. /s

turquoisevar
4 replies
13h20m

The whole reason they are low usage on PWAs is because of a lack of investment from Apple and a lack of parity

This is a trite argument that hasn’t been true ever since Jen Simmons joined Apple in 2020 and changed the course of Safari significantly to the point that PWAs not only are viable, they have been given feature parity with native apps on many fronts.

Simultaneously, the argument completely bypasses the fact that install rates of PWAs are abysmal on any platform. Whether it be iOS, Android or Windows.

Contrary to what PWA developers, industry organizations and other stakeholders proselytize, PWAs aren’t the second coming and the next best thing since sliced bread. At least not when it comes to install rates.

Edit:

Don’t get me wrong, I’m sure they’re great as “websites”.

Lord knows people who sell PWAs[0] love to brag about bounce rates and conversion rates and what not. But there’s a reason why you can find barely anything about install rates other than some vague statistics about individual unnamed PWAs[1] or PWA sellers[2] talking about obviously bogus 10x and 3-5x install rates, and it’s not because the PWA crowd is too shy to brag.

0: https://www.pwastats.com/

1: https://developer.chrome.com/blog/pwa-install-features

2: https://mobsted.com/pwa_vs_native_mobile_apps_install_rates_...

jchw
2 replies
13h13m

That's kind of the point, PWAs don't have parity on any platform, but Apple's platforms are the only ones where it is being positioned as a legitimate alternative; Android has "sideloading", Windows has REGULAR loading. It doesn't matter who joined Apple when and did what, PWAs on iPhone are not like native apps, it's not even really close. It's good that this pathetic line of argument wasn't much of a deterrence for the EU.

What people want isn't PWAs, they just want the kind of capabilities that computers have had for decades, including many of Apple's current computers for sale today. To be able to install an application and run it.

turquoisevar
1 replies
11h41m

That's kind of the point, PWAs don't have parity on any platform

That’s not true, nor what I posited. PWAs have almost all the native features, if not all, depending on the platform. Plenty of “pro-PWA” people go out of their way to demonstrate this[0].

I’m talking about install rates and usage by end users in a way similar to using a native app.

Whether you agree on parity or not, you seem to concede that PWAs aren’t wildly adopted the way native apps are.

As such, it makes sense that Apple wouldn’t want to waste engineering resources on it by rewriting the underlying architecture, which is the topic at hand.

That in and of itself ends the debate.

You then go on, OT, about whether Apple should or shouldn’t position websites and PWAs as legitimate alternatives.

Saying:

but Apple's platforms are the only ones where it is being positioned as a legitimate alternative

Specifically, Apple states[1]:

If the App Store model and guidelines are not best for your app or business idea that’s okay, we provide Safari for a great web experience too.

An alternative isn’t, as you seem to imply, an identical option; instead, it is simply understood to mean a different choice, usually a choice different from what is usual.

One might say, "In the absence of a better alternative, we’ll have to proceed with our original plan.” This use in and of itself implies that one option is better than another, thus not identical.

Whether something is “legitimate” or, more specifically, a “legitimate alternative” entirely depends on the person making the consideration and the value judgment they make based on their needs and wants.

I might consider soda a “legitimate alternative” to coffee because I’m just looking for a beverage, whereas a different person might not deem it a legitimate alternative. After all, they are solely interested in a warm beverage.

With that in mind, I consider web pages, particularly PWAs, a legitimate alternative to native apps because most native functions are available to PWAs on iOS. You might not because your need might be one of the few things PWAs can’t provide.

That doesn’t make it a bad-faith argument on Apple’s part; they never claimed that PWAs are an identical option to native apps via their App Store. They offered up an alternative that can provide some, if not most, of what a native app can provide.

You continue with your OT by presenting a false equivalence

Android has "sideloading", Windows has REGULAR loading.

It’s a false equivalence because neither Google nor OEMs present sideloading as a legitimate alternative; it simply exists, but it’s not promoted as an alternative option.

Google specifically likes to write copious amounts of words in blog posts[1] and whatnot, talking about how great PWAs are while wearing their Chrome hat. Meanwhile, the PWA experience on Android is marginally better than that on iOS, provided you use Google’s browser. Where is your indignation for that? They’re promoting PWAs harder than Apple will ever do.

For that matter, Microsoft also doesn’t call “regular loading” a legitimate alternative, so again, your equivalence makes no sense.

It doesn't matter who joined Apple when and did what

Of course it does; if you don’t go OT, that is. Whether Safari is or isn’t suitable for PWAs is essential to assess if PWAs are used in meaningful quantities.

If someone posits that Safari doesn’t properly support PWAs when that isn’t true, like GP did, then it’s important to point that out and provide context on when that changed.

It doesn’t matter to you because you’re having an entirely separate discussion.

PWAs on iPhone are not like native apps

Yes, they are.

As stated above, they’re not identical, but they are similar to, or if you prefer, “like” native apps.

it's not even really close

This is a value judgment because it requires that you and I agree on the definition of “close.” I argue that they’re pretty close because they can do about 90% of what native apps can do.

It's good that this pathetic line of argument wasn't much of a deterrence for the EU.

Let’s keep it classy and within HN guidelines.

What people want isn't PWAs

Hence, the low install rate of PWAs and why it’s not weird that Apple didn’t decide to spend engineering resources on rewriting the underlying architecture for PWA installs.

Again, that, in and of itself, ends the debate.

they just want the kind of capabilities that computers have had for decades, including many of Apple's current computers for sale today. To be able to install an application and run it.

I’m not sure what you base this on.

From here, it looks like you’re projecting your own wants onto the average iPhone user base at large. Do you have anything that expands on how many iPhone users share your vision?

The commercial success of iPhones suggests that not many seem to care for this.

I suppose alternatively, you could argue that the fact that Android dominates globally indicates there is a demand for this in the smartphone market[2]. Still, the obvious question then becomes why those iPhone users wouldn’t just join in Android’s dominance and switch over, particularly those who feel so strongly about this that they’d spend their time online lamenting its absence.

0: https://whatpwacando.today

1: https://developer.apple.com/app-store/review/guidelines/#int...

2: This is simplified, of course; one feature wouldn’t be the sole driver of Android’s dominance

jchw
0 replies
11h14m

I'm not going to go point by point on this one, but I do have some remarks. I am not "projecting", I own multiple Apple devices, therefore, I am very well within my right to talk about what I want as an owner of Apple hardware and on behalf of likeminded users, even if people on Hacker News don't like that fact as is evident from time to time. Wanting "sideloading" aka regular loading is not wildly off topic, it's literally MORE on topic than PWA vs native app parity, which is really not relevant to the EU DMA compliance issues at hand. And on that note, of course PWAs do not have parity with native applications. They're quite a lot slower, for starters. Is anyone shocked? No... it's not weird that it is much slower when you are going through Webkit instead of native APIs like Metal, in WebAssembly and JavaScript instead of C and Swift. That's disregarding the fact that both policy-wise and in what APIs are available, clearly PWAs have significantly more limited access to integrate with their host platforms, which again, is hardly surprising for glorified bookmarks.

szasamasa
0 replies
8h19m

web apps are websites with standalone

the name "install" is bad and the wording is NOT a web standard, NOTHING is installed

the question is web capabilities

one core capability is caching and offline via service workers

no need for "install" for this

"installing" a web app does not even need anything anymore, not even offline or service workers... it is ONLY switch to standalone and get a launch button or be integrated into app launchers on OS

behind "install" is a bad and immature web app manifest api, it is a draft... the wording install must go

it is one of MANY possible web capabilities for a web domain to be able run standalone and get a button

apple cannot ban this since a shortcut to chrome cannot be deemed unsafe, where then CHROME decides to run standalone or not

the real problem is NOT that safari kills standalone

they try to kill a lot of web capability, like service workers, and NOT JUST FOR SAFARI

I mean this will not stand, you CAN stay apple-level-safe (whether it is more or less than other platforms) by CHOOSING safari

it is an obvious CHOICE to be granted to trust google, mozilla or microsoft and their web security model to stay safe with THEM on the web

no argument why this should not be allowed if other native apps are allowed

and come on, even mac os is safe with service workers in chromium

anon373839
4 replies
8h0m

I recommend that everyone interested in this topic read some of the comments from PWA developers at: https://bugs.webkit.org/show_bug.cgi?id=268643

Apple’s decision is going to kill businesses and break apps used by hundreds of thousands of people in Europe, many of whom are healthcare workers delivering patient care.

EricHolden12
3 replies
4h34m

Patient care apps as PWAs? Yikes.

seba_dos1
0 replies
3h36m

Patient care apps as native blobs for selected platforms? Yikes.

niutech
0 replies
2h14m

What's unusual with it? I even do my online banking exclusively via web browser.

SCdF
0 replies
58m

What's the concern here?

treflop
3 replies
12h18m

From Apple’s PoV, PWAs don’t earn them any money, aren’t forced through review by Apple, and decrease lock-in. There is no incentive for Apple to support PWAs.

ikekkdcjkfke
2 replies
11h59m

So it is now their fiduciary duty to enshitify the web? Nice system

pjmlp
0 replies
11h46m

Enshitify ChromeOS actually.

brookst
0 replies
5h53m

That cringe neologism refers to shifting from making money by delivering value to users to making money by exploiting the user base.

m463
2 replies
15h50m

how do they know low usage if there is no download from apple?

overstay8930
0 replies
15h43m

Because they know what’s on your Home Screen If you enable Usage analytics?

Teckla
0 replies
15h42m

Most likely telemetry in iOS itself. iOS knows when users pin web pages to the home screen, and iOS knows each time a user taps on and opens those pinned web pages.

stephenr
0 replies
17h22m

not providing similar marketing or anything for PWAs

It's functionality to add an arbitrary webpage. What exactly are you expecting them to "provide"?

scarface_74
0 replies
4h51m

So why is there also low usage on Android?

nemothekid
0 replies
15h23m

The whole reason they are low usage on PWAs is because of a lack of investment from Apple

I don’t know if this ironic given that apple originally didn’t want to support native apps and gave in due to developer demand.

Apple both did and didn’t want web apps

jensensbutton
38 replies
20h57m

Seems like an OS problem. They should fix that.

lannisterstark
32 replies
20h49m

Or they could just not.

luuurker
28 replies
20h39m

What's the benefit for you as a user to side with Apple on things like this?

robertlagrant
8 replies
20h3m

What's the benefit for you as a user to side with Apple on things like this?

Looking at these things as sides is a mistake. Instead of just being tribal, it's better to look positions on their merits.

kibwen
5 replies
18h25m

I've been asking these people for the merits of Apple's decisions for years, and all I ever get in response is "Apple knows best, I don't need these features."

shuckles
4 replies
16h30m

That seems like a perfectly reasonable argument on the merits. What user actually needs web apps? What's the market for apps whose developers can't stomach a $99 developer fee and/or with functionality not allowable by app review?

breather
2 replies
12h42m

Well shit, what user needs an app store to begin with? It was never about need, it was about what they could convince users to put up with.

robertlagrant
1 replies
6h53m

Why do you think an app store isn't something people want, rather than something they put up with? What about the pre-app store world made it the one preferred by consumers in your mind?

smoldesu
0 replies
1h24m

Why do you think an app store isn't something people want, rather than something they put up with?

Because it seems to be that way on MacOS. On Mac, the App Store is absolutely useless and exclusively something people do not want. It does not distribute the software users want, it charges them extra fees, and limits the type of app you distribute.

Judging by every single professional Mac user I've met, circumventing the App Store is a functional necessity for some. Most of them absolutely "put up with" the limitations and issues of MacOS.

What about the pre-app store world made it the one preferred by consumers in your mind?

The freedom? The cheaper software? The stronger OS security models and lack of social-manipulation-as-a-security-feature?

If the post-App Store world is so great, people will keep living in it even when alternative stores exist. I suspect that most users will not give a rats ass about convenience if there's a 30% cheaper subscription elsewhere.

pompino
0 replies
9h21m

I hope you realize the irony that this just your personal view on what is reasonable and what is or isn't a merit. I don't see the point in bullying someone who is simply expressing an opinion - which happens to be anti-Apple - and one which makes a lot of sense to me.

breather
1 replies
12h43m

it's better to look positions on their merits

How do you do this when any value a "merit" could have is based in this dichotomy of vendor/user?

robertlagrant
0 replies
11h13m

It's not based on that, as far as I can see. Saying "browsers are extremely complex from a security perspective and we will only allow the one we made on to our platform" is in service of making a better product.

You might say that that's not true, and browsers are easy to secure, but that would be arguing the point on its merits. Not on the tribalist lens you're seeing this situation through.

gretch
4 replies
20h27m

Apple has a decade+ track record of making devices that i really like. (At several points I’ve compared solutions across the market).

Instead of siding with Apple, why would I side with anonymous and random internet commentators who have never made devices I want to buy?

pompino
3 replies
9h19m

It is definitely odd to outsource your moral principles based on which mega corp you opened your wallet to.

gretch
1 replies
1h50m

Morals? You think you’re some kind of righteous crusader?

I’m talking about toys and gadgets. The ability to view memes.

mthoms
0 replies
45m

If that's your use case, then great!

My iPhone connects me to my government, my bank, my school, my family on the other side of the world, my portfolio, and perhaps most importantly; critical safety services (local avalanche forecasts in my case).

You can be damn well sure I'll be passionate about how it's controlled, and what capabilities the manufacturer is derailing in the interest of record profits.

(For clarity - I'm not the person you responded to, but this is HN so I thought I'd chime in on why some people are so passionate about this so called "toy")

pb7
0 replies
13m

You opened your wallet to the same megacorp. The only difference is you're sitting on your high horse for some reason.

vundercind
1 replies
18h0m

I don't care about PWAs and would generally prefer companies not have the option so they can't try to push me into one. Anything that makes that less-viable is good for me.

I wish Apple'd held a hard line on the "no apps that should be a web site" rule(s) for similar reasons. Alas, they did not.

jquery
0 replies
17h0m

I agree. My experience with PWAs is they are usually downgrade from a safari bookmark... they are created to benefit the provider, not the user, by taking away browser abilities from me (back, forward, copy url, etc).

pb7
1 replies
20h24m

Pretty simple: I like the way Apple does most things. I'm rarely disappointed by the culmination of all of their decisions. I'm frequently disappointed with how other companies do things therefore I don't want their disease to spread to things I'm perfectly content with.

adamtaylor_13
0 replies
15h16m

I couldn’t put my feelings into words but this sums it up fairly well. Apple, for all their flaws, typically creates an outstanding product from a security, privacy, and general end-user perspective.

At the end of the day, Apple has earned my trust to make choices that maybe aren’t the most “open” choices, because usually they end up being the best experience for me as an end consumer.

cqqxo4zV46cp
1 replies
20h26m

Please drop the tribalistic vitriol and be an adult about this. The statement is “or they could not”. It’s factual. It’s what Apple did. It’s not a religious stance.

masto
0 replies
20h7m

The question was "What's the benefit for you as a user to side with Apple on things like this?". There's no vitriol there. Jumping to the defense of a trillion dollar corporation seems religious or at least tribalistic to me.

And lest I be dismissed as a hater, I currently own five Apple computers, an iPhone I've upgraded every year since they came out, an iPad, a watch, and a virtu^wspatial computing heads^wdevice. But that's because of the transactional value they provide, not because I believe Apple loves me and has my best interests at heart. They love my money and that's where it ends.

I use several PWAs and I will be very disappointed if this is the stick Apple uses to close the window on this short period of time where we had a reasonably interoperable standard for making "apps" using web technologies. I can run Elk in a browser, but it's suboptimal.

vdaea
0 replies
20h30m

He's not necessarily siding with Apple. He's pointing out they don't have to do that.

shuckles
0 replies
20h15m

The sides in this debate are: Apple, Chrome advocates (with a little bit of separation), and the EU. It's not that perplexing to choose the first.

nonethewiser
0 replies
15h43m

There are lots of things that Apple could do to benefit me that aren’t reasonable.

natch
0 replies
15h45m

Advocating for security and user privacy protection.

moogly
0 replies
20h32m

A seat at Steve Jobs' table in the lunch cafeteria in he...aven?

elbear
0 replies
12h7m

The fact that Apple controls the entire stack means that they can provide better guarantees for security and experience and also make optimisations that are difficult or impossible when integrating 3rd party software.

breather
0 replies
12h44m

There's little benefit to the user for many of Apple's design decisions; that seems like an odd way to predict their behavior.

asadotzler
0 replies
13h32m

boots taste good and these kids are too young to recall why any of this matters.

agust
2 replies
20h42m

They could develop APIs to support alternate browser engines but could not allow them to install sandboxed web apps on the system? Like all other OSes do, including macOS?

How surprising.

kmbfjr
0 replies
20h26m

Are not some of the changes in the EU so that people won’t have to rely on Apple’s APIs?

bobbylarrybobby
0 replies
19h51m

The whole point is that doing so would privilege safari over other browsers, which is illegal.

TheGlav
3 replies
20h31m

Of course they could. They looked at the cost of rewriting the entire integration and framework for running PWAs and said, "eh, nah."

jeroenhd
2 replies
20h4m

They'll have to allow some kind of app installation API to allow for alternative app stores. If Google implements some kind of WebAPK technology on iOS, they may just be able to launch a Google Play for iOS to work around these PWAs as a workaround, and Safari will be down a feature.

I have the feeling Apple is betting on Google not caring enough about the PWA platform to try to compete. Maybe they're right, but if they're not, they're only making the browser wars worse for themselves.

shuckles
0 replies
16h32m

My guess is it's easier for developers to throw their website into Cordova than to start paying Apple a Core Technology Fee and convince users to download an alternative app marketplace to support what is effectively a differently packaged Cordova app.

jdminhbg
0 replies
18h57m

I have the feeling Apple is betting on Google not caring enough about the PWA platform to try to compete.

I don't think it's about Google, I think they assume consumers won't care, and they're probably right.

mixmastamyk
0 replies
19h6m

Spend money to lose money, not a great investment in their eyes.

sccxy
29 replies
21h18m

TLDR: We did not want to give other browsers too powerful apis to compete with Safari & App Store.

rimunroe
18 replies
21h16m

From the (admittedly little) I know about how iOS handles security and the speed at which they responded this sounds like a pretty credible explanation to me. What makes you think it isn't?

veeti
13 replies
20h45m

Because that's literally what it says when you really read into it? They acknowledge that 1) Safari already has all the integrations required to support PWA securely and that 2) they can't be bothered to provide the same API's for third party browsers because it's not "practical".

They built their PWA support in an anticompetitive manner assuming App Store & WebKit would be a monopoly forever, and now as a result the baby is going out with the bathwater.

Elidrake42
5 replies
20h32m

This is why I purchase iOS devices - ultimately their closed garden provides a smaller attack surface, clearly evidenced by the comparative (to Android) cost of exploits on the black market.

I cannot see this as anticompetitive. If you want open, you have that choice in Android.

veeti
1 replies
20h13m

I'm sorry to say the EU regulators disagree with you on that.

rimunroe
0 replies
20h1m

We noticed! I’m not thrilled about the decision.

louthy
1 replies
18h42m

I cannot see this as anticompetitive. If you want open, you have that choice in Android

If Apple doesn’t support PWAs then PWAs stop being a viable method of app deployment - killing the platform outright. That’s anticompetitive.

spacedcowboy
0 replies
13h56m

Only if you give a damn about PWA's. Evidenced by the fact I have none on my phone, and don't feel the need for any either, I'm fine with them being out.

"Hey PWA, don't let the door hit you on the backside, on your way out".

The browser is just about the most vulnerable attack surface on any computer. Using it as a general-purpose application host is nuts, IMHO.

rimunroe
0 replies
20h24m

This is exactly my feeling too. I don't want the platform to open up more. I left Android because I wanted to make fewer decisions about my device, and to just think about it less in general.

Also, Safari is a non-Chromium-based (though still related) browser which developers are forced to support because it's the only thing allowed on iPhones. Most users aren't going to install Firefox on their iPhone, they're going to install Chrome, which is just going to make Chromium's market dominance worse.

rimunroe
4 replies
20h32m

Because that's literally what it says when you really read into it?

I know it's used as an intensifier, but this feels like a particularly bad place to use "literally" that way.

They acknowledge that 1) Safari already has all the integrations required to support PWA securely

Not really sure how to respond to this. An airliner already has all the controls required for being piloted. Why am I not allowed to pilot my next commercial flight?

But my more serious point:

2) they can't be bothered to provide the same API's for third party browsers because it's not "practical".

Why are you glossing over "practical" there and putting it in sarcastic quotes?

This sounds like a huge change in the security model given how tightly Safari is integrated with the rest of iOS. Heavily restricting permissions and sometimes functionality to prevent security threats is very consistent with what I've seen from Apple in the past (and is one of the reasons I prefer them).

Even if they intended to open this stuff up, I can't imagine this is a change which wouldn't require massive changes to iOS and a long review and testing process.

They built their PWA support in an anticompetitive manner assuming App Store & WebKit would be a monopoly forever, and now as a result the baby is going out with the bathwater.

They built their PWA support for the architecture they've had since the iPhone's release. Why should they have wasted time building affordances for a world in which they were forced to support other browsers?

veeti
2 replies
20h18m

Not really sure how to respond to this. An airliner already has all the controls required for being piloted. Why am I not allowed to pilot my next commercial flight?

What kind of ridiculous "argument" is this? Am I putting hundreds of other people in risk by installing Firefox on my iPhone? The fact remains that the EU in fact does intend to put you in front the airliner's controls. You can of course choose to turn on autopilot and keep using Safari.

Why should they have wasted time building affordances for a world in which they were forced to support other browsers?

Guess what, "tight integration" of Internet Explorer into Windows for whatever technical reasons was not a favorable argument for Microsoft in front of the European Commission either. Lack of foresight to design open systems is not an excuse in front of the law.

rimunroe
1 replies
19h57m

What kind of ridiculous "argument" is this? Am I putting hundreds of other people in risk by installing Firefox on my iPhone?

Certainly it’s an extreme example, but yes, giving people the ability to install other browsers and app stores is increasing their risk. This ruling makes it possible for some companies to decide to only allow their app to be installed through an alternate app store, which won’t necessarily restrict malicious code in the same way.

gkbrk
0 replies
9h33m

giving people the ability to install other browsers and app stores is increasing their risk

But it is increasing _their_ risk. That's the massive difference from your example. Installing other browsers and app stores is increasing _your_ risk

gkbrk
0 replies
20h19m

An airliner already has all the controls required for being piloted. Why am I not allowed to pilot my next commercial flight?

Flying a plane badly risks the lives of your passengers, the lives of people on other planes, and people in the nearby area.

Doing whatever you want with your phone doesn't risk other people's phones.

TheGlav
1 replies
20h12m

They built their PWA support with assumptions about how the application, OS, and WebKit were going to run. That's like saying, "Oh, Microsoft didn't build an API layer into Windows to support running X11 apps side by side with Win32 apps, so they were being monopolistic." No, you have limited engineering time and you make engineering tradeoffs. You don't need to design an interface layer and API and hooks between system components if your design doesn't call for it or doesn't need it.

They built their PWA support in an anticompetitive manner assuming App Store & WebKit would be a monopoly forever, and now as a result the baby is going out with the bathwater.

They built it in such a way that it was sustainable and sensible for the time it was made (iOS 2.0). That's a really long time ago in the software world. More than a dozen versions of the OS have been built on top of this. Saying "they should have just figured it out back then" is completely ignoring the reality of what was offered by the OS and the mobile space entirely at the time.

Now laws have been passed that say "you must provide alternatives." OK. They can choose to spend an ungodly amount of time refactoring the OS to undo 16 revisions of the OS of assumptions for zero benefit for the company, or they can say "Sorry we can't comply with that for your market."

It sucks. But it's a result of reasonable business decisions and their evolutions from a significantly different era.

veeti
0 replies
18h46m

No, it's saying that they shouldn't have designed a operating system with no support for other browsers (unlike lesser known alternatives such as "Apple Mac OS X") in the first place and that you shouldn't have any sympathy when such an anticompetitive technical design and behavior blows up in their face.

They built it in such a way that it was sustainable and sensible for the time it was made (iOS 2.0).

Support for installing progressive web apps was added in iOS 11 [1], released in 2017. This is decade(s) after Microsoft was dragged to court in the US and EU for similar behavior with Internet Explorer. Of course being the authoritarian company they are, Apple would rather dig their heels until the bitter end instead of just doing the right thing.

Saying "they should have just figured it out back then" is completely ignoring the reality of what was offered by the OS and the mobile space entirely at the time.

Sorry, but the rest of the mobile space did figure it out at the same time. All of the things being debated in this thread simply just work on any Android phone and Google Chrome or Mozilla Firefox in a secure manner. I'm so tired of this reality distortion field.

[1] https://developer.apple.com/library/archive/releasenotes/Gen...

foobarchu
3 replies
21h1m

Have to agree (disclaimer, haven't been an iPhone user since the 4). Suddenly allowing all browsers to have those kinds of native permissions, even with massive testing, sounds like a security nightmare. You're introducing an entire extra dimension for security holes, given how much trust people place in their phones.

This doesn't sound at all the same as allowing other engines for use inside browsers, based on both apples defense and the take-downs on them.

trothamel
2 replies
19h58m

Browsers support PWAs on the desktop platforms without there being a security nightmare, and while I'm sure there are some permissions that could be a problem, things like the camera and microphone are managed on the desktop without issue.

Is there some flaw in iOS that makes it harder to secure than the desktop?

sccxy
0 replies
19h28m

They know that giving too powerful apis to other browsers will kill their marketshare and competitors will build a better product in free environment.

popalchemist
0 replies
17h21m

iOS was never conceived of as something which would run arbitrary code that could access system-level data (the siloed data). So basically the situation exists by design, and in order to achieve security when enabling PWAs from other browser engines, they'd have to add another layer of security that currently doesn't exist (since they never had to trust anyone's code but their own).

So... yes, there is apparently a lack of security there, but that's because the layer in question was never intended to be anything but proprietary until this ruling.

LeoPanthera
9 replies
21h17m

I think this is an extremely cynical interpretation.

akaij
8 replies
21h16m

I think any other interpretation is extremely naive.

rimunroe
7 replies
21h1m

Could you explain why?

dylan604
2 replies
20h30m

naive people accept at face value PR speak. unwilling to look past that and look for other ulterior motives even less charitable ones would pretty much be textbook naivety to me.

rimunroe
1 replies
20h4m

I didn’t ask because I think someone should take a company’s word at face value.

I asked because the thing this company said in this particular instance aligned with what I’d heard from other (independent) parties and I wanted to know why this person seemed so sure about that being wrong.

dylan604
0 replies
19h58m

Naive people also forget the best lies have some truth woven in.

akaij
2 replies
20h18m

I don't think believing why the most valuable company in the world with the highest and thickest walls around its garden, and a track record of not playing nice with others, is doing this, requires much explanation except that they want to kill the possibility of anyone bypassing the toll gate to the said garden.

shuckles
1 replies
20h8m

Apple could support PWAs and enforce the same Core Technology Fee they do on them as they do for 3p distributed apps, so this argument makes no sense.

commoner
0 replies
12h6m

Apple has no way of enforcing any kind of platform fee for PWAs since the developer does not need to interact with Apple at all. This financial conflict of interest is why the availablity of the full PWA feature set is desirable to developers and undesirable to Apple.

fsflover
0 replies
20h39m

Because accidentally this move will make more money for Apple. (Follow the money.)

sigmar
23 replies
21h9m

tbh, I thought the summary in techcrunch was much easier to read and concise.

Browsers also could install web apps on the system without a user’s awareness and consent.

Couldn't this be entirely solved with an OS permission-like prompt "are you sure you want [progressive web app name] added to home screen?"

npunt
11 replies
20h29m

You don't want random processes firing off permissions prompts, you want them to remain meaningful to users on a platform else they'll get prompt fatigue. Think of all the prompts users see and just press 'ok' to.

sigmar
9 replies
20h23m

Heard. But we're going to entirely eliminate all PWAs because there might be an additional prompt added? Seems excessive/specious to me.

npunt
8 replies
20h12m

It's not one additional prompt, it's a class of prompts that could be exploited over and over again. A single site could trigger hundreds by sites popping up in the background each which trigger it, and then the user's home screen is full of fake PWAs with names like 'save money' 'in debt?' 'casino cash bucks' etc. Next you're developing mitigations, spam cleanup, etc. We've gone through this kind of thing before.

seszett
3 replies
19h25m

If that's a real potential problem, why doesn't this already happen on Android?

Why would this be exploited on the relatively small marketshare platform that is iOS, when in all those years this year not been a problem on the dominant platform?

Because it's not a real problem.

ricardobeat
2 replies
19h18m

You mean like this? https://www.tomsguide.com/news/hackers-are-using-a-new-trick...

This stuff is part of the reason people commit to the Apple ecosystem despite its shortcomings.

While Android dominates globally, iOS has nearly 60% market share in the US and some other countries.

willsmith72
0 replies
18h46m

i don't think that's right, i think apple dominates the US because they're genius at marketing and design. you don't have to build something more secure, you just have to convince people you did

seszett
0 replies
18h51m

I'm not especially aware of this particular thing, but sending an SMS with a link to a web page that asks to install a PWA seems to me like it would work on any platform that allows PWAs, irrespective of whether PWAs are restricted to one rendering engine or not, and totally unrelated to the exploit outlined in the post I was responding to (about a somewhat unclear process to me, that would open sites in the background, sending prompts to the user and somehow automatically installing many different PWAs this way).

What we are talking about is specifically targeted at the EU where iOS represents about 30% of users, and doesn't apply to the US. So it's unlikely that scammers would just hold off from exploiting Android and wait for the EU to force iOS to allow different browsers, and only then exploit this class of vulnerability.

sigmar
2 replies
20h3m

The user would get rid of the app/browser that is doing this, no? The same way they would have to for any malicious app that persistently requests a special permission?

samatman
0 replies
19h40m

I'm guessing you've never had to clean up a relative's Windows machine. I wish I could say the same.

npunt
0 replies
19h31m

Yeah ideally. Given there are nearly 1.5 billion active iPhones tho, a lot (100s of millions) of users aren't going to understand the relationship between the prompts and the browser and/or know (/know how) to uninstall the browser and/or have desire to do it at the moment they experience the problem, especially if the browser has other qualities they like. Many more would just blame it on themselves, ignore the problem, etc. These users may make up a plurality or majority of iOS users, and have a totally different experience from a technical user working on a desktop OS (HN crowd).

anakaine
0 replies
19h42m

Are you sure we can't have additional plugin toolbars for Safari? Maybe have one or two that tell us that we can get paid to surf the Web, and a couple of others that definitely don't show popups?

lxgr
0 replies
19h54m

"Yes, allow install (this time)" / "No, don't allow install (this time)" / "No, and never prompt me again"?

iOS has been doing something very similar and it's arguably worked pretty well.

madeofpalk
5 replies
20h19m

I guess that's why they say that "would require building an entirely new integration architecture that does not currently exist in iOS and was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps"

Sabinus
2 replies
9h27m

Personally, I'm not concerned with the costs of an EU mandate on Apple for interoperability but that could just be me.

madeofpalk
1 replies
7h58m

You've not been asked to be concerned. Apple is saying what their reasoning is, and you can believe it or not, but you don't have to feel pitty for them.

beeboobaa
0 replies
6h14m

Apple is just playing pr games trying to get their cult followers to rage against the DMA which apple hates having to follow. So yes, people are being asked.

saiya-jin
1 replies
9h54m

Well, this is just 'we don't want to do it because our market projections steer us in a different direction, but we really don't have any solid arguments so here is some blah our marketing & legal came up with'.

3 trillion company can implement this without breaking a sweat properly if they cared, what are they trying to say here - 'we are incompetent'? Not buying that for a second, we know they can deliver.

beeboobaa
0 replies
6h15m

More like "that pesky eu is forcing us to behave like a normal company and we don't like that. Let's punish the users in hopes they'll revolt"

natch
3 replies
15h47m

So, as an abusive stepparent, you run the "Spy on Me" PWA on your stepdaughter's phone, and click the permission dialog, and she's none the wiser. Do you think that's great?

Apple does not.

sensanaty
1 replies
13h51m

If you're an abusive step-parent with access to your daughter's phone, you can already install "Spy on Me" software in the form of regular apps, a PWA changes nothing here.

rapidaneurism
0 replies
13h8m

True, but in the regular app case apple gets its cut.

bmicraft
0 replies
15h22m

You can already do that with apps

NoPicklez
0 replies
17h58m

Sounds like the type of dialogue message I got sick of in Android

crazygringo
14 replies
21h9m

Thanks for posting that. I'm no iOS expert but it actually sounds like a pretty reasonable explanation. It's at least good to hear Apple's side here, and more knowledgeable commenters here can weigh in as to whether it really does seem genuine.

candiodari
11 replies
20h51m

Sure it's reasonable ... because of course all these browsers don't have a security model and just allow web apps to do whatever they want.

This is essentially saying no-one can build a secure browser.

weberer
3 replies
20h9m

I know at least Firefox has per-site permissions for location, webcam, and microphone access. Is it a correct interpretation that Safari on iOS does not have this feature?

shuckles
1 replies
19h34m

Their argument was they want the system (iOS) to enforce those permissions, not browsers on behalf of apps they've added.

jwells89
0 replies
18h24m

Ideally there should be both browser-level and OS-level controls. Reduces the chances of things slipping through the cracks and it limits the blast radius in case a browser vendor can’t get a hole patched up quickly for some reason.

manmal
0 replies
19h56m

Safari has those features.

bee_rider
2 replies
20h23m

Nobody can build a secure browser.

shuckles
1 replies
20h14m

Truer words have not been spoken! Maybe only second to nobody can build a secure baseband.

dividedbyzero
0 replies
19h51m

Security is well achievable, absolute security is not. Somehow almost everyone seems to grasp that intuitively, but a subset of IT keeps pretending they're the same thing.

dividedbyzero
1 replies
20h4m

I don't think they're saying that. I read their statement more like "someone might build an insecure browser", which isn't that invalid a concern I think. I'd like Apple to be a bit more daring and just open up those APIs too, but I kind of get their incentives point the other way. Apart from some landmark design decisions, Apple is an extremely conservative company, and stalling on an issue like this is just what such an org would do.

e12e
0 replies
17h39m

But they already give the "insecure browser" access to display web pages, access the camera etc. They just don't want "runs best on chrome" pwas eating they're app store cake.

nozzlegear
0 replies
20h14m

Nobody but Apple has experience building a secure browser. [1]

[1] On iOS.

MrDarcy
0 replies
20h32m

No, it’s saying they’re being forced to support at least one insecure browser which would affect the security of an obscure feature so they’re removing the feature.

below43
1 replies
14h33m

It's a massive blow for PWAs. There are a lot of corporate apps that are PWAs as the app stores do not really support "private" distribution of apps (other than via MDM-based solutions which doesn't work for use cases where you don't control the users' devices). Furthermore, by forcing the apps to load in a browser tab (rather than as a full screen home screen app) it breaks the support for push notifications. In my opinion this is malicious compliance.

alex_suzuki
0 replies
10h37m

So much this. I am the author of a barcode scanning library for JavaScript, my customers are mainly SMBs running in-house apps, and they love frigging PWAs.

- No App Store review

- Full control of distribution channel

- Instant deployment from CI/CD

- Single codebase

- Easy to source developers, even in-house

- No administrative burden from having to maintain accounts at Apple/Google.

Adding to home screen is important for non-technical end-users to recognize it as an "app" and not a "website".

secondcoming
10 replies
21h9m

malicious web apps could read data from other web apps and recapture their permissions to gain access to a user’s camera, microphone or location without a user’s consent.

How is this even possible? It's shocking that these APIs even exist for any browser to use.

kemayo
4 replies
21h2m

I assume you mean the "read data from other web apps" part. That'd be because there's (presumably) not a system-level way to launch a third-party browser in "web app mode", with all data siloed off per-PWA. Thus the only way they could currently make web apps work would be to launch the third-party browser and trust that it silos everything adequately itself internally.

Apple could add a bunch of new APIs to support this case for third-party browsers. Presumably there's something equivalent that's being done for said web apps currently in Safari. But they're not wrong to say that there's not an existing system in place that said third-party browsers are already written to use. (And, you know, they're clearly not invested in trying to make this law succeed.)

fock
3 replies
19h22m

the bunch of new APIs might just be a containerized copy of the users browser? Seems very easy.

kemayo
1 replies
18h24m

I think there's a lot of edge cases, and just spinning up an entire new data container for iOS Chrome and launching a web app inside it would probably make Chrome very confused. (It wouldn't know to hide its normal tab/browser UI, to not nag the user about logging into their google account, etc.)

Like I said, Apple could totally make APIs so that Chrome could know it was being launched in a container with data isolation and should behave as a web app. Google could then adopt those APIs, with the alacrity that it's famous for showing with new iOS system APIs. But the behavior Apple is implementing here is probably how any default-browser that hadn't yet opted into those new APIs would have to behave.

(To be clear: I think Apple is being petty here by not having those APIs announced. But "we're going to regress everything to bookmarks" is probably more DMA-compliant than "things are better when you use Safari, and we promise we'll extend that to other browsers someday".)

jquery
0 replies
16h55m

Bookmarks are superior to PWAs, anything that reduces the spread of PWAs is a good thing in my opinion.

jwells89
0 replies
18h16m

Currently Safari on Mac copies over login cookies and data directly relevant to the site and nothing else when installing an app as a PWA.

This strikes me as the way to go, there’s no good reason for anything else to be copied and it reduces the amount of data that integrated privacy-compromising ad and analytics services can readily glean from users.

zer00eyz
2 replies
21h6m

> How is this even possible? It's shocking that these APIs even exist for any browser to use.

https://www.theverge.com/24054329/microsoft-edge-automatic-c...

Ask MS, they already did it.

veeti
0 replies
20h40m

This is completely irrelevant to the discussion, there is no sandboxing on PC.

cqqxo4zV46cp
0 replies
20h22m

iOS and Windows’ security models are not remotely comparable. I can’t imagine that you’d be making such intellectually lazy comparisons if it wasn’t in the context of some perceived holy war.

amelius
1 replies
21h5m

I didn't read the article, but to me it sounds like Safari's security mechanisms need more work.

MBCook
0 replies
20h54m

Safari is fine.

Other browsers would have to be trusted, Apple doesn’t have a mechanism to ensure that they do what they’re supposed to.

So until they have time to add one (remember they already had to create all the API‘s for third-party browsers to use), they’re not allowed to give Safari preferential treatment. So they had to remove the feature.

beeboobaa
8 replies
6h20m

What an absolute crock of shit. Someone at apple must be feeling really, really pathetic lately. Why can't they just get over themselves and actually deliver a useful product instead of trying to achieve cult status?

rmbyrro
6 replies
6h7m

I dislike how Apple is evolving as an evil corporate, but they seem to have a real security and privacy concern on this issue.

fauigerzigerk
2 replies
5h38m

I completely understand that companies will defend their own business interests. But the extent to which Apple has been leaning on spurious security arguments in order to do that is really starting to damage their reputation and in fact the security of their platforms.

Clearly, they're just making a point here, hurting developers and users just to spite a regulator.

What they are signalling to me as a developer is that mobile devices are just not a reliable platform. Better do as much as possible on the server.

DeusExMachina
1 replies
5h28m

I usually do not like these moves from Apple. For example, I strongly dislike all the new guidelines they added to comply with the introduction of alternative payment systems.

However, I'm on their side in this case. I run a business. If having a feature comply with some regulation meant implementing a whole infrastructure I don't have to serve a minority of customers, I would also abandon the feature.

fauigerzigerk
0 replies
5h13m

Apple isn't just any business though. They are a multi-trillion platform company. I expect them to prioritise backward compatibility over spiting regulators and over itemised profitability considerations.

They could have implemented this feature securely but they chose to use the opportunity to make a point instead.

chrisjj
0 replies
3h26m

I dislike how Apple is evolving as an evil corporate, but they seem to have a real security and privacy concern on this issue

Evil does indeed lead to real security and privacy concerns.

beeboobaa
0 replies
4h32m

but they seem to have a real security and privacy concern on this issue

That's always how they spin their FUD. They already have an app sandbox in place for all fo their apps. Sideloaded, PWA, or not.

agust
0 replies
6h1m

Just like they had when asked to support alternative browser engines, but the DMA formally mandates it, sot they did comply and allowed them.

All other OSes support web app installation from any browser, including macOS. This is a lot more secure than installing any native app.

This is just Apple spreading FUD as an excuse to keep preventing web apps from competing with native apps.

rpdillon
0 replies
5h38m

I've been thinking about this and I think Apple has two motivations.

1. The DMA is striking at the heart of their revenue model by targeting the app store. Tim Cook testified before Congress and said that Apple would be "giving up our total return" on their intellectual property if they did not monetize the app store aggressively. So my read is that this move is intended to prevent a shift to PWAs as a way to get around the new policies.

2. Legislation like the DMA, if successful, could spread to other countries, much in the same way the link tax spread from Australia to Canada. I think Apple has an explicit goal to make this legislation as painful as possible, for both the legislators and the citizens, so that other countries do not attempt to pass similar laws.

There was a time between 2007 and 2011 where I bought Apple computers and was a big fan. These days, despite the very cool new processors Apple has released, it's very hard for me to see them as anything other than antagonistic. What a fall from grace.

stephc_int13
4 replies
20h43m

The technical justification are bullshit.

They simply could ask browser vendor to follow strict rules, that they can check themselves. This is not like they would have to verify dozens of browsers every day. Only a few per months, top.

jeremyjh
2 replies
20h27m

They are not saying it is impossible, only that they have not done it. How long do you think it will take to spin up such a review and certification program? How much will it cost, and how many sales will they lose because of the lack of this feature in the EU?

veeti
1 replies
19h54m

There will already be a review and certification program for third party browsers that want the required entitlements (https://developer.apple.com/support/alternative-browser-engi...), so why don't you ask Apple?

jeremyjh
0 replies
18h34m

Because I read their statement, which makes it pretty clear that there are additional security considerations beyond what is needed for a browser application.

TheGlav
0 replies
20h27m

Browsers need to run javascript to be competitive browsers. It would be practically impossible to check even simple "strict rules".

Roark66
2 replies
11h40m

low usage This is hilarious. As a developer, if PWAs work properly I'm much more interested in writing them, test them on ios and market them to ios users. If the feature is uncertain, or outright broken like now of course no sane, businesses sense driven dev will spend the time to build a PWA app specifically for iOS.
rahkiin
1 replies
10h54m

I have never used PWAs, so could you elaborate what you mean with ‘work properly’? What happens now that is not ideal?

willlma
0 replies
7h48m

Now that push notifications and long-term localstorage are disabled, a PWA can't compete. Not being able to send notifications to your user is a huge drawback for many types of apps, and limiting localstorage means that offline capabilities are limited, so PWAs will require increased access to a network as compared to native apps.

lukan
1 replies
8h50m

"EU users will be able to continue accessing websites directly from their Home Screen through a bookmark with minimal impact to their functionality. "

Does this "minimal impact to their functionality" mean, the app will loose its local data after 7 days of not using the app, like it is for normal websites? That is a pretty heavy impact.

beeboobaa
0 replies
6h16m

It means apple is lying, again

kelnos
1 replies
10h0m

My hat's off to Apple PR on this one: they came up with some spin for why they were adding a malicious component to how they are complying with the DMA.

They're likely not lying when they say that it's more difficult to maintain their security standards while at the same time allowing any browser engine to run PWAs. But this is a problem they absolutely could solve, and a company with Apple's size and skill absolutely has the resources to make this work. But they've chosen not to.

Another option would be to actually engage with EU regulators on the issue, and see if they could carve out an exception -- temporary or otherwise -- to allow them to require PWAs to run under their existing WebKit-based framework, regardless of the default browser. But they've again chosen not to do that.

PWA adoption is likely as low as Apple claims. I think they're toeing a line here: because Home Screen Apps are a bit of a niche feature, they can break it without pissing off too many users, but also give a subtle middle finger to the EU. "Poor Apple users, Apple just has to disable a feature some people like because of the evil, overreaching EU and its burdensome DMA!"

This is a shame in that I personally think we all should be relying less on mostly-closed-source, proprietary apps for everything. While the web platform is a bit of a mess, it actually does (or could) offer the same functionality that native apps do, especially if Apple and Google had worked on that sort of thing over the past 15+ years rather than pushing native apps so hard. We'd be in a much better place if that were the case: consider the savings in time and money if every company out there could just write a single PWA and not have to build two completely separate apps for iOS and Android. (Yes, I know there'd be some extra people dedicated to fixing issues caused minor but significant-enough differences between the platforms, but it'd still be a ton less work than two apps for two different platforms.)

Also consider how much easier it would be for other smartphone platforms to break into the space, if all existing apps (as PWAs in my imaginary smartphone-utopia) would run on their platforms without much work. A big reason I will likely never adopt an alternative smartphone platform is because none of the apps I rely on day-to-day exist on them. Even though I'd absolutely love to ditch Android, but don't consider iOS any more palatable.

Anyway, that ship sailed a long time ago. I'm still bitter about it, though.

Ultimately this won't matter much. The number of people using PWAs on iOS is probably a rounding error. Restrict that to only people in the EU and it's even smaller. But Apple still gets in a jab at the EU over this, and most affected users will likely side with Apple on this one.

troupo
0 replies
9h52m

While the web platform is a bit of a mess, it actually does (or could) offer the same functionality that native apps do

I beg people making these claims to look outside their web bubble for at least a nanosecond.

especially if Apple and Google had worked on that sort of thing over the past 15+ years rather than pushing native apps so hard.

Google couldn't care less about "as good as native". If they did, this project wouldn't have been started by devs from Microsoft (of all companies) in 2020: https://open-ui.org

consider the savings in time and money if every company out there could just write a single PWA and not have to build two completely separate apps for iOS and Android.

Yes, you should be building native apps for each platform unless your "app" is a barely functioning text-only page.

glenjamin
1 replies
19h50m

Am I missing something?

Couldn’t they allow you open PWAs in Safari, or fall back to opening a URL in another browser?

Is there some part of the DMA which demands full feature parity?

graeme
0 replies
19h21m

Is there some part of the DMA which demands full feature parity?

Very likely the EU wouldn't like them prioritizing their own browser for a feature

vundercind
0 replies
18h16m

Oh wow. I'd assumed, in earlier discussions about this, that Apple'd just keep forcing Safari-only for PWA installation and use.

Does the rule not allow that? If so... yeah, as a user deep in their ecosystem and once-developer for the platform, hard agree on this. Whatever their other motivations (and Apple are masters at arranging things so that their interests happen to coincide with legitimate concerns about UX) the user-facing issues expressed are worth worrying about.

shmerl
0 replies
20h52m

> Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration architecture

Translation from Apple talk to real talk: allowing competing browser engines will undermine our grip on the market through lock-in to the engine we fully control. We don't want to lose power. As control freaks, we'll do all we can to sabotage it.

sgift
0 replies
20h49m

so, tldr: Apple tries to bullshit the EU again. EU commission - get them.

They say themselves it would be possible to be compliant with the DMA without removing what is obviously competition they don't like. But they try to take the road which - just by chance, obviously, the security is the real reason - helps them to keep more people away from competition. I don't buy it.

rmbyrro
0 replies
6h8m

That's very informative, thank you.

The "community note" of HN.

oddevan
0 replies
17h46m

Feels like the same kind of malicious compliance with the rest of their DMA changes:

1. WebKit has access to special OS-level APIs that allow it to install and power web apps. 2. The DMA requires support for alternative browser engines with the same abilities as WebKit. 3. It is reasonable to assume this requirement extends to PWAs. 4. By taking away WebKit's ability to power PWAs, all browser engines are now on a level playing field.

_Could_ they have done it differently? Maybe, maybe not: software development always takes longer than you think, and throwing more engineers at a problem doesn't always make it go faster. Do I think they saw another chance to be petulant and took it? Yes.

So yeah, I'm disappointed, but no more here than with the rest of Apple's DMA response.

mo_42
0 replies
5h41m

I think the DMA is not the best legislation. Some parts don't require regulation whereas missing parts definitively require regulation. For example, I cannot publish my app in the app store. I don't need an alternative market. I'd like to have an anti-discrimination law for app publishers (side note, I'm not trying to publish a porn app, just a small productivity app for a limited audience).

In a previous comment [1], I considered abandoning Apple. With this official statement, I'll actually switch to Android. I'll welcome the F-Droid store very much.

Apple, I've been your customer since 2006. I started with the iPod. During this time I had a significant fraction of your lineup. I'm not affected by your changes but I'm using some PWAs. With this erratic behavior, I'm afraid you kill features that I'm using.

[1] https://news.ycombinator.com/item?id=39299007#39299469

fennecbutt
0 replies
8h28m

Without this type of isolation and enforcement, malicious web apps could read data from other web apps and recapture their permissions to gain access to a user’s camera, microphone or location without a user’s consent

Sounds like Apple is saying webkit is insecure and to not use safari or iOS webviews because if they can't be trusted to run a PWA then they can't be trusted for anything ;3

carlosrg
0 replies
20h57m

Didn't Apple made a comprehensive list of requirements for alternative web browsers and web browser engines so they are secure and don't compromise the user's security? (https://developer.apple.com/support/alternative-browser-engi...)

I'm a little confused. So that long list of requirements is useless for PWAs?

Some people will actually believe this. I'm utterly disgusted by Apple and their arrogance regarding the DMA, and the way they've managed all of this. My perception of them has completely changed. However, they seem very obedient when China asks them to censor apps or, for example, limit AirDrop when there's a protest going on.

breather
0 replies
12h45m

This would be a lot easier to believe if they allowed you to stop apps from accessing the internet. As they don't, I simply don't buy any argument they make from a privacy or security perspective.

al_borland
0 replies
18h16m

It makes sense. This is one of the many reasons why I’m not in favor of the government demanding things of Apple, it’s not like people don’t have another platform to choose from.

As the governments demand more and more, I predict we will see several monkey paw moments.

WWLink
0 replies
18h43m

Apple's argument was the iOS was a robustly secure platform AND the app store made it even more secure. The reality of the situation looks more like the app store was a bandaid over a maybe-not-as-robustly-secure-as-we-hoped platform.

addicted
48 replies
21h38m

I don’t think Apple’s pettiness is gonna work in their favor.

I am not in the EU but my next iPhone is almost certainly not gonna be an iPhone despite me having used a non iPhone for about 6 months in the last 15 years.

Their throwing their customers under the bus just to throw a tantrum in the EU does not bode well for how they would treat their customers in other situations.

shusaku
9 replies
18h58m

This is exactly why this legislation is stupid: if you don’t like the way Apple does things just buy an android.

matheusmoreira
5 replies
16h47m

But I do like the way Apple does things. To be specific, I want to buy Apple hardware and I want to run Linux on it.

What I don't like is the little digital fiefdom they created. When we buy stuff, we're supposed to own them. The problem is they just refuse to give us the keys to the machines. So we absolutely should make it a matter of law.

bloppe
4 replies
15h32m

While I agree philosophically about owning stuff, this isn't about that. If the only problem were "Apple doesn't give you the keys", then competition is a solution.

The problem is network effects. An app developer cannot just choose to develop for Android, because maybe 90% of their business comes from iOS users. A user cannot just choose to use Android, because half their friends use iOS and cannot have a decent group chat experience outside iMessage. So, choice is illusory.

The point is to make the choice real. In this case "giving you the keys" is really about giving app developers more freedom to choose how to reach users.

Giving Apple users more control over their own freely-chosen devices is more like right-to-repair. Similar, but kinda different.

matheusmoreira
3 replies
13h45m

If the only problem were "Apple doesn't give you the keys", then competition is a solution.

A solution. The solution is to make them to do what's good for us by force of law. We can't afford to wait a century for some open mobile hardware platform to become available to us. We want good products now. Apple computers are good products and we should have every right to run whatever software we want on them now.

There is no technical impediment to it, the only reason they don't let us do it is it would destroy the little digital fiefdom they have created for themselves. Digital fiefdoms should not be allowed to exist in the first place. Society should actively work to dismantle them. Giving us the keys to the machine will swiftly put an end to them.

The problem is network effects.

Absolutely. Network effects should work to our advantage, not theirs. Basically anything that lets corporations "own" users should be straight up illegal.

A user cannot just choose to use Android, because half their friends use iOS and cannot have a decent group chat experience outside iMessage.

We should mandate interoperability there too. Why is it that every corporation gets to have their own messaging system? They should all work with each other via the same protocol. Just make sure that end-to-end encryption is fully supported and there will be no problem.

Actually here's an even better idea. Just make it legal to reverse engineer and interoperate regardless of what contracts say. People will do it adversarially if they need to. Make it so you don't need their permission. Make it illegal for corporations to retaliate against users for using things like an alternative messaging client. Get rid of nonsense like anti-circumvention laws. Then all of this will just happen on its own via market forces with no need to actually regulate anything.

https://www.eff.org/deeplinks/2019/10/adversarial-interopera...

In this case "giving you the keys" is really about giving app developers more freedom to choose how to reach users.

It's really not. Developers can't reach users because Apple owns them. User freedom means developers can bypass Apple and reach them directly.

JayPalm
2 replies
10h0m

Do you not consider the software part of the product? By any reasonable measure, the software is the product, and the hardware enables that product to operate.

matheusmoreira
0 replies
2h49m

Do you not consider the software part of the product?

No.

By any reasonable measure, the software is the product, and the hardware enables that product to operate.

That's what they want people to believe. It's actually just a general purpose computer. They put "IP" on it and suddenly they own it forever and control everything people do and if you resist it's felony contempt of business model.

MrDresden
0 replies
9h11m

By that same logic my Android devices or any other computer I own should only run the operating system that it came with when I bought it.

I have run Linux on my Android phones, and Windows on my computers that came with Linux.

Why should a owner of a piece of hardware be locked into one software stack, just because it's the one the device came with?

nonethewiser
1 replies
15h35m

The EUs solution? More reactive legislation.

xvector
0 replies
15h10m

The EU does not know how to innovate, only legislate.

mr_tombuben
0 replies
10h6m

This entire mindset is wrong and is exactly what the DMA is trying to address. Apple, Google and other big tech companies aren't just small random companies whose product you can switch between every time they do something you dislike. Due to a lack of interoperability there's huge switching cost associated. They're digital gatekeepers with platform effects massively working in their favor.

Zagitta
8 replies
20h6m

I hope EU comes down HARD on them for trying to pull this shit

buzzert
7 replies
15h26m

What exactly does that look like, in your mind? The EU coerces Apple engineers to work for free?

the_gipsy
2 replies
10h20m

Apple want sell shiny device. Law say "don't trick customer". If apple trick customer, apple not allowed to sell no more.

mulmen
1 replies
9h53m

Trick the customer how? By winning a sale in a competitive marketplace? The whole value proposition of Apple products is that they Just Work. PWAs reduce Apple’s ability to do exactly the things that make their devices appealing to consumers.

the_gipsy
0 replies
8h58m

It was an explanation of general consumer protection laws in response to a bizarre interpretation of that type of law.

Barrin92
2 replies
14h41m

I'd personally love a sort of anti-trust czar who can just very unbureaucratically slap large tech companies with sensitive fines.

If you had someone like that in charge and the moment companies engage in malicious compliance (for example cookie acceptance dark patterns) you go "now you pay 2% of your revenue in fines, you pull the same thing again we'll double the fine next month", how long does it take until companies play ball?

JayPalm
1 replies
10h5m

Just imagine all the corruption that would be possible!

MrDresden
0 replies
9h15m

You do realise that this position is by appointment by a council made up of members voted in by representative democracies, right?

That there are checks and balances (courts and oversight committees) that weigh in regularly on decisions made by these kinds of appointed offices, right?

johnnyanmac
0 replies
11h49m

To work for their salary to comply with the country they serve in and still continue to be a trillion dollar company. Yes. I don't know why people are trying to spin this as if Apple operates on thin margins.

In the very worst case, they either get fined out the ass until it's unprofitable to play these games, and/or sanctioned as a whole and lose the whole EU market, a market of 750m users. What other business gets to ignore laws and still operate in that land?

toyg
6 replies
21h9m

They're desperately hoping that their fanbois will howl so much, that MEPs will relent.

andix
3 replies
18h40m

Even the biggest fanboys will understand it's Apples fault. The laws apply to all the manufacturers and just Apple "thinks differently".

crossroadsguy
2 replies
17h45m

Then you don’t know Apple fanboys. If Apple releases an automatically installing iOS patch that bricks everyone’s iPhones (including theirs) unless they agree to subscribe to a Hardware Maintenance Plan™ of 19.99 USD per month, the first reaction from fanboys would be “Was waiting for Apple to do something like this. This is how it is supposed to work. It took them so long. Good on them getting rid of non-serious iOS users”. And this chorus will come long before Apple had to say anything on the matter in a press release or so.

tobyhinloopen
0 replies
11h42m

Truth. Many Apple fans are not only fine with everything, they will defend it hard

andix
0 replies
5h38m

How right you are, just a few comments apart: https://news.ycombinator.com/item?id=39394424

montagg
1 replies
18h29m

I don't understand. How do you see disabling a feature that few people use leading to riling people up so the EU reverse itself?

johnnyanmac
0 replies
11h55m

I don't get it either, but that seems to be the plan. Either peer pressure or they are just dragging their feet in inevitable litigation. Trying to get a few more years of max monetization before a niche of users and apps exist outside of IOS (without jailbreaking, if that's still a thing).

the_gipsy
6 replies
10h16m

Im going to ditch my iPhone in favor of a Pixel. This attitude has pushed me over the edge, and the device isn't really any better than Android. Some aspects yes, but other are much worse. Dark patterns like the appstore/web/browsers restrictions and iCloud upselling are a big no-no. Never again.

visarga
4 replies
9h31m

my last Pixel had shit battery compared to iPhone, buyer beware

MrDresden
1 replies
9h25m

And all my Pixels (Pixel 1, Pixel 3 and now Pixel 6a) worked flawlessly for years after purchase.

Whereas two separate family members had constant issues with their iPhones.

Beware of anecdotal evidence.

reissbaker
0 replies
8h31m

Yup, my Pixel 8 Pro has great battery life. +1 on don't trust random internet anecdata.

the_gipsy
0 replies
8h19m

My current iPhone has shit battery compared to my slightly less shitty previous pixel's battery.

fauigerzigerk
0 replies
5h57m

I own a Pixel 7a and an iPhone 14. Battery life is too similar for me to notice a difference. I never systematically tested it though. Pixel 6 was the same as well.

The only phone I owned recently that had really terrible battery life even when new was the iPhone 12 mini.

thebruce87m
0 replies
4h9m

I still can’t fathom how people can look at the pixel range with their multi-generational emergency call issues and still think “yep, that’s the phone for me”.

akmarinov
5 replies
21h7m

Whatever they manage to eek out in the EU, is the future of what iOS will be in the US and worldwide eventually. If they go with fully fledged PWAs that the other browser engines will enable - there’s little reason to use the Appstore, hence Apple losing their 30% commission.

From their perspective it’s not so much throwing a tantrum but clawing and screaming their way into giving up as little revenue as possible.

johnnyanmac
1 replies
11h58m

We also know 70% of revenue comes from games. And there's no way proper game is going run on a PWA.

I also invoke Android again... PWAs exist, Google still holds the lions share. Google has freaked out about it too and is being sanctioned as we speak for it, but most customers simply aren't going to look for an alt app store outside of niche uses.

sakjur
0 replies
7h40m

If we’re looking at a game that doesn’t use a lot of hardware resources like Candy Crush or Angry Birds, those could possibly run quite well as a PWA?

nonethewiser
0 replies
15h36m

It could very easily be worth it to maintain a gimped iOS for Europe. We’re talking about a lot of money here.

jkestner
0 replies
20h44m

And as a developer, I see how I'm going to be collateral damage, and am less likely to do anything that gives Apple more power over me and my customers. If that means a bookmarked web app, so be it.

bloppe
0 replies
17h12m

Idk if you have kids, but tantrums usually involve trying to claw and scream your way into not giving something up

JadeNB
3 replies
21h25m

I am not in the EU but my next iPhone is almost certainly not gonna be an iPhone ….

Next phone, right?

shaan7
1 replies
21h18m

Thats just parent's way of playing around with all the AI models reading this page xD

CaptainFever
0 replies
14h52m

As a large language model, hey!

addicted
0 replies
18h17m

lol good call.

To be honest an iPhone and a phone have been synonymous for me for 15 years. The 6 months was a period of madness (or genius, considering I actually loved it) when I was using a Windows Phone, until basically all the 3rd party apps I used dropped support.

buzzert
1 replies
15h32m

I'm not really sure what you're getting at—the statement is that it was too much work to make the feature compliant with the rules of the DMA, so the feature was removed since few people used it.

Are you arguing that Apple is lying about how much work it was to execute that?

Arch485
0 replies
12h7m

Yes

tobyhinloopen
0 replies
11h44m

I ditched Apple for this reason (and their storage upgrades pricing)

Android is fine but it's not as smooth as iOS. Still, I hate what Apple has become.

nonethewiser
0 replies
15h38m

I am not in the EU but my next iPhone is almost certainly not gonna be an iPhone despite me having used a non iPhone for about 6 months in the last 15 years.

Did you just subconsciously equate phones to iPhones in your rebuke of Apple?

dclowd9901
0 replies
11h56m

What customers? The ones that use PWAs? I would bet a good portion of my arm that fewer than 10% of Apple’s user ship relies on PWAs.

This is Apple saying “if it’s important to you dozen folks out there who use PWAs or care about installing a non-web view browser on your phone, that you can continue doing that, we’re not the company for you.”

They won’t blink because who gives a shit?

deminature
43 replies
21h34m

In combination with the 'Core Technology Fee' that financially cripples any developer that tries to release a popular app outside the official app store, this is pathetic behavior. Hopefully the EU smacks them down for this temper tantrum at being forced to adhere to the DMA. They are trying to flex their market power and should be reminded they operate within a system of laws that doesn't bend for anyone, regardless of their size.

SllX
20 replies
21h14m

I’m going to be level with you: there is nothing so great about PWAs that they’re worth mandating or protecting by law in any jurisdiction and the EU doesn’t owe it to you to try.

Web developers like them. That’s it, and their PWA advocacy completely disregards what a privacy and security nightmare they can be without proper safeguards, because this little device I carry around in my pocket is 1) always with me and 2) stores a lot of information about me 3) has a full sensory array installed within it.

Every new feature browsers add for better hardware access gets immediately disabled on any system I manage: cameras, mics, USB access, sensors, location, notifications, local storage, the whole works because the alternative is letting every website access those or getting spammed with access requests on every site I visit and the more crap that is added, the longer it takes me every time I setup a new browser install from scratch. Why disable them at all? Because 99% of these new features are primarily used to build a better supercookie to track and profile people without their consent. The actual marketable reasons are a secondary use at best.

So if it’s not on Apple’s priority list to build out whatever they need to support and allow other browsers to support PWAs in a secure and privacy conscious manner, good for them. Web developers who want to circumvent Apple’s fees entirely don’t need to be anywhere near their top priority and can wait. For Apple: users come before developers, and App developers before web developers.

deminature
10 replies
20h53m

I'm not a fan of PWAs either, but disabling them instead of allowing them to continue to run is an incredibly bad faith response to the DMA.

SllX
9 replies
20h49m

Not if the alternative is allowing other browsers to install them without a privacy and security architecture in place first.

Even if Apple thinks it’s worth doing, that takes time, and web developers aren’t worth prioritizing for them when they have a lot of other ground to cover building out a new system of APIs and entitlements to comply with the DMA’s other requirements.

deminature
8 replies
20h44m

The user is warned already on the App Store that installing apps from third-parties comes with certain risks via 'scare screens'. There's no reason they can't do the same for PWAs.

SllX
4 replies
20h40m

They probably will if they ever re-enable it in the EU, but they also built out over 600 new APIs and an accompanying system of entitlements to go with that scare sheet such that even if it’s “riskier”, they’re not just throwing up their hands and saying “alright devs, we scared them a little, so now go do whatever the hell you want”.

EDIT: I should also add that of those 600, that includes APIs Apple built out specifically for third-party browsers.

deminature
3 replies
20h38m

I think PWA developers are going to be pretty unsympathetic to 'your PWA is going be available again in the EU at some unspecified time in the future, when some Apple product manager decides to prioritize it for a given year's roadmap and it's all in the interests of protecting users from unspecified privacy and security threats that nobody seems to be able to define'. Most importantly, the EU may feel the same way.

SllX
2 replies
20h27m

Well to correct you, my position is more “Apple might re-enable this” more than “will”, which from their perspective I’m guessing is even worse and they will be more unsympathetic to it.

Personally I think Apple will, but I have enough doubts that I don’t want to make that claim.

Most importantly, the EU may feel the same way.

That’s the rub. The EU has been arbitrarily writing new laws which mostly target foreign tech companies that don’t quite read “show me your bellies so we can pick out the choice cuts” but they’re pretty close. So the EU might do a lot of things, but if there’s an argument against them doing that, it’s what I said in my first comment above: it’s not worth any jurisdiction’s time to do so. That includes the EU.

You might need to support some technologies to get government contracts, but nobody ever mandated you had to support POSIX or J2ME or whatever to sell a computer or phone to regular people. That would be asinine, and a PWA mandate would also be asinine.

deminature
1 replies
20h12m

The arbitrary laws that the EU has been writing are the one of the last bulwarks consumers have against the creeping power of tech giants and these companies are making more money than ever in spite of regulation, so it doesn't seem to be affecting them too adversely.

SllX
0 replies
19h29m

The biggest abuses in tech come down on the adtech side of things where in order for them to make money, they need to know who you are, and they will do everything within their power to make sure that they do with or without your consent.

Telecoms companies (in which I am including carriers) also often fall within this because they are often envious of adtech companies and want what they have and can theoretically make better guarantees about who somebody is.

Not supporting PWAs isn’t in the same league, but I would also add to that: running a popular messenger, running a popular search engine, and controlling distribution of software on a popular phone platform. Spinning up new laws around terminology designed to have bad PR (“gatekeepers”) is pretty damn arbitrary as far as lawmaking goes.

zadokshi
2 replies
20h31m

No one meads “scare screens”.

I’m. It sure what I think about this yet, but I’m pretty sure I’m going to land on “allowing less privacy aware browsers to run web “apps” with heightened privileges seems like a recipe for disaster.

Maybe in the long term ther is a way to do it well. But for now I’m not sure.

deminature
1 replies
20h28m

Every app on iOS is sandboxed and the damage they can do is very limited. There's risks involved in opening up to third-party apps, and PWAs are only marginally more dangerous. Non-WebKit based browsers don't even exist today, this is not a real problem and won't be for some time.

The obvious solution for now is to enable WebKit PWAs and turn on PWAs for other as-yet uninvented custom browsers as they release, testing for privacy as they get released.

rahkiin
0 replies
7h14m

I think the pwa arch might be different. Running in the same app (safari) with multiple open screens, but with soft sandboxing like tabs have.

They would need new apis and architecture around PWA to support this for any browser I think.

Also, they are not allowed to have Safari-only OS features anymore due to DMA so allowing PWAs only in safari would be against the law

WirelessGigabit
8 replies
20h20m

There is little difference on iOS between a PWA and a website which has a WebKit view and hosts a website.

The only reason PWAs were interesting on iOS was to get an app on iOS, while feeling relatively native, without paying Apple.

SllX
7 replies
19h26m

Apple can make security guarantees about their own rendering engine that they can’t for any other rendering engine.

It’s not about what PWAs are like in Safari, it’s about what they’re like in third-party browsers that have to by law be allowed to do whatever Safari can do with their own fully enabled rendering engines.

ambigious7777
5 replies
18h55m

Apple could just say something like, "This app comes from a 3rd party browser engine, and it may not be secure. Are you sure you want to install this app?". Not too much effort, but still keeping the functionality.

SllX
4 replies
18h20m

I mentioned this in another comment but they built out over 600 APIs and a system of accompanying entitlements to comply with the DMA, they’re clearly not at this point just for PWAs going to throw up their hands and a scare sheet and say “good enough for government work, devs: do what you want now”. EU iPhone customers are still iPhone customers. The security and privacy considerations don’t go away just because a new law was passed.

ambigious7777
3 replies
18h9m

Obviously, those considerations must be considered. However, as I said, adding a simple confirmation prompt would be plenty enough.

I think what is happening here, is that Apple is going like, "I don't get my market control, you don't get your shiny new features." Other phone platforms allow you to do things, that may be unsafe or insecure, but still plenty useful.

Also, running a PWA really isn't that unsecure/unprivate as visiting a website. They both can access and ask for the same information or permissions. Really not that different.

By your logic that PWAs are unsecure, then should iOS not support rendering webpages due to "security concerns"?

SllX
2 replies
17h36m

However, as I said, adding a simple confirmation prompt would be plenty enough.

That would be enough for you. That is apparently not enough for Apple, and you can tell that isn’t enough for Apple by their actions because despite the fact that there were less expensive and time consuming ways they could have complied with the whole rest of the DMA, the only feature regression they’ve had is PWA support in the iPhone version of Safari.

By your logic that PWAs are unsecure

That is not what I said. Here’s what I actually said not that long ago:

Apple can make security guarantees about their own rendering engine that they can’t for any other rendering engine.

It’s not about what PWAs are like in Safari, it’s about what they’re like in third-party browsers that have to by law be allowed to do whatever Safari can do with their own fully enabled rendering engines.
ambigious7777
1 replies
17h27m

Yes, so rather than allowing other browsers to have PWAs with a warning, they instead don't allow anyone to do it.

Allowing so may be insecure, but at least provide a way.

SllX
0 replies
17h21m

Correct. Maybe one day they’ll return, but probably not without a brand spanking new security and privacy architecture tailored for PWAs.

tsimionescu
0 replies
8h56m

And yet Safari is often less secure than Chrome or Firefox. So this is all about control, not security.

robertoandred
10 replies
21h4m

This IS adhering to the DMA. Every browser engine is treated the same.

ajross
8 replies
19h11m

Deliberately removing useful features from your own product so that you don't have to let other people implement the same features may be technically conforming to the letter of the law, but is clearly violating it in spirit. The spirit of the law is platform interoperability: your control over the platform shouldn't restrict what other people can make it do (be it "run an app store" or "run a web app").

riscy
4 replies
18h57m

When did it become illegal to take features away from a products or create derivative products with different features? The “spirit of the law” most certainly is not what you’re imagining.

If they wanted, they could remove the App Store from iOS in EU, or pull the iPhone from the EU market entirely. Apple isn’t required by the DMA to part of a digital market at all.

johnnyanmac
0 replies
11h44m

When did it become illegal to take features away from a products or create derivative products with different features? The “spirit of the law” most certainly is not what you’re imagining.

Depends on the laws and advertising. Sony got dinged for removing the "Other OS" option on the PS3. A feature you can definitely argued "nobody used" (and as someone who tried, the experience for anything but basically headless Linux was atrocious. You had access to almost none of the hardware for this). Still lost the case.

I wouldn't bet on Apple losing on that specifically. But it sounds like this is all adding up towards another big slap in a future Case.

gkbrk
0 replies
9h7m

If they wanted, they could remove the App Store from iOS in EU

Are they going to provide full refunds for anyone wanting to return their iPhone, along with any apps they have purchased on the App Store?

I doubt Apple wants to scam all their users by taking their money for a smartphone and then taking away the smart parts.

ben-schaaf
0 replies
13h59m

When did it become illegal to take features away from a products

A long time ago? You can't sell a product under the pretense that it does X and then remove X after the fact, at least not in any country with decent consumer protections.

ajross
0 replies
18h44m

When did it become illegal to [...]

That's a question for regulators and lawyers. But in general yes: trying to evade a law instead of complying with its intended application is generally not viewed as unquestionably legal. In criminal law it's sometimes even taken as evidence of guilt!

If they wanted, they could remove the App Store from iOS in EU, or pull the iPhone from the EU market entirely. Apple isn’t required by the DMA to part of a digital market at all.

And if the EU wanted, they could ban Apple products entirely. The point is that no one does stuff like this because there's a general sense that healthy competetive markets are good for everyone, and that the capitalist market will enforce this by punishing actors that try to cheat (in this case, by "trying to make more money by making your product worse").

But sometimes that market enforcement breaks down, in the face of trust/monopoly activities like (in this case) control over a computing platform. And when that happens it's routine for regulators to step in to try to right the ship.

And that ship is listing pretty badly right now. Apple is dancing as close to the edge of predatory monopolism as is possible. Again, they literally think they'll make more money by deliberately breaking their own customer's web apps. There's no way at all that's a healthy market. QED.

giantrobot
2 replies
15h16m

No one is obliged to obey anything but the letter of the law. If you want someone to obey the spirit of a law you need to put that in the letter.

tsimionescu
1 replies
8h59m

That is completely wrong. Judges very much care about the spirit of the law, and frequently discuss it in their decisions, both in common law jurisdictions and in other systems.

The justice system is not a computer following logical instructions.

giantrobot
0 replies
3h4m

Judges can talk about the spirit of the law all they want. If they don't base decisions on the letter of it they'll set themselves up to be overruled on appeal. Prosecutors also can't bring up charges on violating the spirit of a law.

impossiblefork
0 replies
19h42m

I think that's very unlikely.

I interpret 6 (a) as basically requiring you to be able to install whatever software you like and to provide no mechanism whereby any fee can be demanded for such installation to be possible.

Apple tries to get around this by this core technology stuff, but APIs aren't even subject to copyright protection, and it's also basic interoperability stuff. I don't think the courts will see it the way I interpret your comment.

kryptiskt
10 replies
21h8m

Yeah, this isn't a parlor game, I have no idea why they think the antitrust pressure will abate by such bad faith nonsense moves. Next step for the EU is to make Tim Cook choose whether he wants to be CEO of the device side or service side of the broken up Apple. It's clear that fining them is useless.

lannisterstark
9 replies
20h46m

Ah yeah man EU is totally gonna break up apple.

Some of y'all need to be reminded to be realistic.

leifross
5 replies
17h12m

On the contrary, this tantrum by no means works to lessen the growing idea that control of the platform should be put into the hands of a independent third party.

While not European in origin, the platform holds and manages tremendous value for us, to the extent where small changes can cause mayor economic disruption, and Apple has not been managing it fairly.

And for a state actor, which exists to serve the common good, it is not acceptable that a single company holds and abuses this kind of power.

xvector
4 replies
15h7m

The EU is economically meaningless on the grand scale. They are only 7% of Apple's revenue, and similarly low for other companies. And every day they become a less profitable market to operate in. The EU holds power only as long as the rest of the world is willing to deal with its BS.

Trying to "break up Apple" is simply not within the EU's power as Apple is worth more than the EU's whole tech industry combined. Apple would simply leave and the whole region would be left with shiny bricks.

If the EU pursues this with big tech at large it will find itself in the 80s. It needs US big tech far more than US big tech needs it.

mordae
0 replies
9h10m

Not really. If this goes on, EU will simply cozy up to China a bit more. Let's see how Washington will react to that.

leifross
0 replies
8h46m

Last time I checked, Apples holdings are all based in Ireland. So from a legal standpoint, it's a Irish company, held accountable by EU law. It can't "simply leave".

fundatus
0 replies
9h9m

The EU's single market is the second largest economy (GDP nominal) in the world after the US and before China.

akie
0 replies
11h11m

If US big tech doesn't need the EU, then why do they keep on bending to its will?

smoldesu
1 replies
17h44m

The US might. Microsoft narrowly avoided a company breakup over web browser policies, it seems entirely feasible that Apple's App Store could lead down the same path.

johnbellone
0 replies
9h58m

Or any of their embedded features. Apple Pay, for example.

deminature
0 replies
20h42m

The DMA has potential fines of 20% of global annual revenue for non-compliance. Apple is playing with fire here. Laws like GDPR and DMA are designed to be just as scary for big entities as small.

johanneskanybal
26 replies
21h5m

As a European dev I want apple to fail super hard and implode. They used to be so cool and make slick hardware for their nische but now I'm happy to use worse hardware as long as they disapear from the face of the earth.

amelius
6 replies
20h52m

Yes, that's the way I feel too. I learned to program on an Apple ][ that I loved, before Jobs started his nefarious business practices. Woz's Apple was cool. Jobs' Apple makes me feel like they want to enslave developers, or at least milk them to the last drop.

deminature
2 replies
19h3m

It's only turned really cynical under Cook, chargers no longer included, cables sold separately from chargers to nickel and dime customers, refusal to adopt standards like USB-C unless threatened in court, refusing to pay patent license fee for blood O2 monitoring on the Apple Watch and trying to scalp all the talent from the company instead, anti-competitive behavior in the EU. Jobs version of Apple was pretty benign compared to the win-at-any-cost Cook version of Apple.

mission_failed
0 replies
8h20m

Nonsense. Adobe had a flash to ios system ready to go to allow all flash apps to run, and Jobs deliberately blocked it from working, leading to the eventual death of flash.

Jobs was one of the main bastards behind screwing over engineer's pay.

Under Jobs we had soldered ram and ridiculous upgrade prices, changing magsafe port sizes just because, dropping OS support for official Apple modems when the majority of the world still had dialup, flaking cases and dodgy screens and phones that have to be held the right way, water sensors that react to humidity and void warranty, locking down ios upgrades to prevent downgrading, ebook price fixing...

FirmwareBurner
0 replies
18h39m

HN will call all that as "innovation"

ambigious7777
2 replies
18h7m

I feel like that maybe Apple's ideas or innovation has begun to run dry. Now they're just trying to milk every single penny before they become a background player.

mouzogu
1 replies
12h16m

2013 was the peak for me. iPhone 6 and Macbook Air 2013 the last good devices.

i have macbook pro m2 at work and just typing into the terminal is laggy. plus random crashes, apps refusing to start no legacy app support.

my windows 10 is much much more stable.

their phones being turned into a super fragile glass brick with no consideration of hand ergonomics is peak hubris.

and the face ID, pure marketing gimmick that doesnt evenb work better than fingerprint or basic camera unlock.

they are purely marketing company now.

ambigious7777
0 replies
3h59m

First time I've heard Windows being more stable than MacOS, haha. I do own a Pro M2, and the experience is alright. My terminal is fine, but I also do get the crashes, and there's a lot of things that just bug me about the system.

xvector
5 replies
15h5m

As an American dev I can't wait to see tech companies leave the EU and leave it in shambles as the EU realizes it never learnt how to innovate, only legislate and rent-seek from our companies.

Frankly, the region needs us far more than we need it.

tobyhinloopen
0 replies
11h38m

As an EU dev, yes please.

arlort
0 replies
12h24m

Frankly, the region needs us far more than we need it.

If that were what companies genuinely felt they'd already have left, but pecunia non olet, even if you have to pay taxes on it

Moreover essentially the only relevant systemic differences between the US and Europe in the tech sector are:

- pre-existing capital

- a better financial system and regulations (of the financial system) in the US (or rather, a combination of quality and size)

- better bankruptcy laws

Even if one of the big companies left the market that'd just leave space for a (at first) slightly worse product/products to fill the niche. Not exactly "shambles"

Scoring6931
0 replies
13h21m

If it wasn't for Turing your job might not have been a thing. If it wasn't for Tim Berners-Lee, we might not have been here having this discussion.

Hint: neither is/was American. Just to throw some examples.

MrDresden
0 replies
9h3m

And the US could take a few pages out of the EU's playbook on how to make sure companies, and the state, treat their people as human beings.

Frankly the US needs it far more than the EU needs it's tech sector.

0______0
0 replies
13h4m

What a dim witted argument. Go read a book on macroeconomics.

gear54rus
5 replies
20h55m

They ain't never been cool. The shit practices they are trying to defend were there from day 1 and are baked into their DNA. Treating their users like stupid animals that don't know what's good for them is what they do. And they will fight tooth and nail to continue to do it. Even as EU tries to kick their predatory ways out of them.

To think there's a hardware thing in 2024 that does not allow its owner to compile and install arbitrary software while still calling itself a smartphone is just laughable.

It's a good thing people are starting to wake up to this even on legislative level.

pb7
3 replies
20h0m

Most users are stupid though. Reminder that a US congressman once grilled Google's CEO about whether Google was tracking his iPhone's precise location. And this one was smart enough to con his way into Congress.

"I have an iPhone, and if I move from here and go over there and sit with my Democrat friends, which would make them real nervous, does Google track my movement?" -- Ted Poe

https://www.cnet.com/tech/mobile/google-ceo-pichai-grilled-o...

jeroenhd
1 replies
19h54m

"I have an iPhone, and if I move from here and go over there and sit with my Democrat friends, which would make them real nervous, does Google track my movement?" -- Ted Poe

The thing is, if this was a real life situation, and he would seek out and politically collaborate with/stalk and listen in on his Democrat friends, there's a good chance Google would know. Not because of a digital AirTag Google installed on his phone, but because of the tracking and data analysis Google has access to.

The indirection and hidden mechanisms Google (and other data trading companies) use are impossible to comprehend for normal people, and they're banking on that to continue being allowed to do that.

pb7
0 replies
19h39m

The point was that he has no idea where the boundaries around between Apple and Google and what is within the realm of possibility of abuse and what is strictly impossible without him tapping "accept" via a system prompt. It is not possible for Google to track his location without him granting permission to do so on his iPhone. It is not possible to get precise location data without a prompt and a blue system indicator. It is not possible to get repeated location data without iOS eventually notifying you of the background activity (even the stock Weather app is not immune to this). All of this is because Apple has fine control over the system.

deminature
0 replies
18h28m

Google does track your movement with alarming levels of detail, just not to that level of granularity. https://support.google.com/maps/answer/6258979?hl=en&co=GENI...

amelius
0 replies
20h45m

Treating their users like stupid animals that don't know what's good for them is what they do.

The problem I have with that is that they are selling a ContentFilter as an integrated part of their OS, when it can be a separate, optional part, and even offered by a third party.

Also, they equate AppStore == ContentFilter, which are clearly two separate concepts.

sreejithr
4 replies
17h33m

Stop this bureaucracy in the EU and build something for a change. Shipping for EU is stupid hard. And you guys are declining in economy. Pretty soon, there won't be any economic arguments to continue doing business in EU with all the cost of this bureaucracy involved.

flessner
3 replies
16h58m

1) You can predict the future economic state of the EU as well as the next person

2) Most of the "bureaucracy" that hits small to medium sized companies is the GDPR, which any business with the slightest of integrity should have no problem to follow

xvector
2 replies
15h3m

You can easily use the dearth of meaningful consumer technology companies in the EU and their absurd overindexing on regulation as a predictor of what the EU's economy will look like.

While the rest of the world dives into technology and AI, the EU will become a backwater, because the EU does not know how to craft regulation that balances innovation and "consumer good." It literally only focuses on the latter at all costs. And as technology eats the world, this will be the death of the EU.

sensanaty
0 replies
8h15m

And the US, with their monopolistic gigacorporations that outright buy politicians in exchange for fucking over every single worker and even their customers en-masse is your idea of progress and innovation? All of that abuse is worth it because we'll get a slightly less shitty chatbot powered by stolen content?

Have you somehow missed all the genuine horror stories coming out of Amazon warehouses, right there on American soil? Or the thousands upon thousands of people getting laid off with impunity on a dime at the beginning of this year?

In a decade from now these megacorps will be sucking everyone in the US dry to make the scumbags C-levels a couple of cents a year richer at everyone else's demise, and yet you're glorifying this as some sort of "progress". Well no thanks, I'm happy with the EU and a lot of what they're doing to keep these psychopathic, comic-book tier villainous megacorporations from wrecking havoc upon everyone in the name of making stakeholders marginally wealthier.

MrDresden
0 replies
8h44m

Tell me, how do you see life being in the Consumerism States of America in the future where the handful of mega corporations, that will have been allowed to behave and merge for monopolistic dominance with impunity for decades, will have such power and size that their employees will work in horrifying conditions for wages that barely (if even) can support them, all the while making the very few individuals at the top richer than any individual or group ever would need to be. All in the name of innovation.

You'll have plenty of shiny consumer items to select from (most if not all actually designed and manufactured over seas to keep costs down of course).

And if you are good litle drone you might just keep the current job long enough to scrounge together enough to buy the shiny item, so that it will signal to everyone that you are truly one of the pack that everyone around you so desperately needs to feel as being a part too.

This isn't some scifi reality that won't come to pass.

What worker protection do tech workers in the US actually have? How about the conditions in Amazon's 'fulfillment centers' (this term is down right Stalin-esque btw)? UPS drivers?

How many mergers have there been in the aeronautical sector since WW2 (hint, used to be 50+ companies and now there are 5).

And what is currently happening with the US airline manufacturer (the singular other manufacturer of its size compared to the EU' Airbus)?

I could go on, and on, and on but am hoping that you are smart enough to get the point I'm making.

buzzert
1 replies
15h25m

You don't have to wait for Apple to fail? You can use free software phones today. The Librem 5 is a good example.

bsimpson
0 replies
11h54m

Isn't that the one that's super expensive, ships like an unreliable Kickstarter, and lives in a Linux ecosystem that's just a sad replica of old smartphones?

niutech
20 replies
19h45m

Bad move from Apple. It's time to boycott iOS and move to FOSS alternatives, such as: AOSP, Ubuntu Touch, GNOME Mobile, KDE Plasma, Sailfish OS. Personally I am using both UBports and Sailfish OS and I appreciate the privacy they provide.

As a possible workaround to fullscreen PWAs in iOS in the EU, I propose a convention to append some hash to the Web App Manifest start_url, e.g. #__pwa__, then set the default iOS web browser to e.g. Firefox, then add the PWA to the home screen from it with this special hash. When a user clicks on a PWA icon in the home screen, it would open in the default browser (e.g. Firefox), the browser then checks if the newly opened tab is opened from external source and its URL ends with #__pwa__ and if so, then hides the UI providing a fullscreen viewport for the opened PWA.

dbtc
15 replies
19h38m

What's a good device to replace my iphone 13 mini?

crossroadsguy
4 replies
17h39m

I have looked. If you look for a clean experience and not an OS that tracks your every breath and every shake, none. Absolutely none.

If you care about a sanely sized phone and not a phablet, then double absolutely none — as in there’s no option in Apple’s stable either. Been using my 14 for some 9 months after 12 mini and every time I look at this monstrosity I regret moving to iPhones because I kinda knew they’d stoop down to be like Androids eventually.

Anyway, so no option really. Again, I have looked.

Did you mean to replace 13 mini without any such criteria I have mentioned above? Well, then go to any phone listing site or Amazon and filter Android devices based on cost and features and just buy the one that fits the bill. Because you didn’t say anything else.

niutech
3 replies
10h33m

You haven't looked at Xperia XA2/X/XZ2/XZ3/10 on Sailfish OS, have you?

crossroadsguy
2 replies
8h27m

And do what with it? Use it to make campaign videos so that my bank will allow it or make apps for it? Or my stock broker? Or the pharmacy app? Or the delivery app? Oh, or maybe I should apply for a visa so that I can travel to somewhere where that is sold? Yeah, makes sense.

niutech
1 replies
5h2m

All my banks are accessible through Angelfish web browser. If you need Android apps, Sailfish OS supports them. Or else install AOSP.

We live in XXI century, there is something like Internet, you don't have to travel in order to buy a phone, see e.g. eBay.

crossroadsguy
0 replies
4h23m

Indeed 21st century. That’s why I wish you luck in getting out of that sheltered bubble whatever and wherever it is.

bhelkey
3 replies
18h11m

I have enjoyed my Zenfone 10. It's a little Taiwanese phone that's a comparable size.

Specifically, I like its battery life, its camera, and that it has a headphone jack.

layer8
2 replies
17h9m

The Zenfone 10 is almost the same size as the regular iPhone (a tad bit narrower, a tad bit thicker, same weight). The form factor is not like the iPhone mini.

bhelkey
1 replies
16h30m

The form factor is not like the iPhone mini.

Compared to the iPhone 13 mini the Zenfone 10 is 15mm taller, 3.9mm wider, and 1.75mm deeper.

dbtc
0 replies
15h47m

It's the same height as the regular iphone and the width is right in the middle. I understand that's quite small for a mobile device these days. Thanks for the rec.

accoil
3 replies
18h53m

What do you like about it? Size?

brikym
2 replies
18h24m

There aren't many small phones that aren't cheap and nasty. iPhone minis are small and premium which is rare. The android manufacturers really need to try harder. 6" is basically a tablet. It's really unnecessary for phones to be as big as they are today. UI designs have gotten more sparse and wasteful of screen real estate.

niutech
0 replies
8h59m

Being affordable is an advantage, unless you want to put on the ritz with a premium locked iPhone. For example Sony Xperia XZ2 Compact is a nice affordable smartphone.

accoil
0 replies
8h45m

I feel that. I used to run Xperia Compacts, but I think Sony stopped making them. Currently have a Unihertz Jelly 2, and while I really like it, occasionally I'd come across an app that did not expect such a small screen.

redox99
0 replies
18h16m

Regular S24. Yeah it's quite bigger, but still manageable.

niutech
0 replies
10h33m

Xperia XA2, Xperia X, Xperia 10, Xperia XZ2 Compact with Sailfish OS.

MrDresden
2 replies
8h34m

I love selfhosting/flashing as much as the next person, but why do you believe going AOSP would be the next step away from iOS?

Someone moving of iOS should just pick up a Nokia device with a stock standard Android OS. It will serve them fine without all the hassle of flashing.

If they want a higher end device with stock Android, go for a Pixel.

niutech
1 replies
5h8m

Because it's replacing one closed OS for another closed OS. AOSP is open source and unlike stock Android it doesn't have a bunch of preinstalled spying apps from Google/Samsung/you-name-it which you cannot easily uninstall.

Plus Nokia is no more: https://www.gizchina.com/2024/02/01/mobile-phone-brand-trans...

MrDresden
0 replies
2h45m

A common user can not be expected to go through with flashing an Android device. A technical user, sure.

But a technical user could also simply go and disable much of the offending apps via `adb` effectively removing them (without uninstalling them) from the device. This is a much less drastic move than flashing a device.

And contrary to belief, Google is not monitoring everything that happens on the device. Let's give the aluminum hat a bit of a rest here.

pb7
0 replies
19h26m

Nah, I'm good. I'm going to happily continue using my current phone. You do you though.

aetherspawn
10 replies
19h24m

I am on Apples side here. I have been a macOS and iPhone user for over a decade now, but have had Android devices and I use Windows for games and work.

I think what the EU has done to Apple is unfair. It is unfortunate in my opinion that they can’t just tell them to get stuffed. They have had to build probably 100-million LOCs just so EU have the right to pick their own browser, and yet Safari works just fine. In fact the great thing about Safari (and Apple knew this) is that compatibility was really good precisely because everyone on mobile was using the same browser. Now I’m just waiting to get those stupid “only supported in Chrome” pop ups on my mobile phone too..

Their core strategy has always been to keep cost low by supporting one hardware, one browser engine, one App Store. That’s how they kept things lean and integrated. The EU has forced them to take an approach that is fundamentally different to what made them successful. Some might say - who cares? It only affects the EU right? That’s to be seen.. we all might be affected globally from the security bugs caused by the unhardening of the OS required to conform to EU standards. And this huge code base is going to cost something to maintain and I doubt we won’t pay for that either.

k8svet
2 replies
15h39m

They have had to build probably 100-million LOCs just so EU have the right to pick their own browser

haha are you serious?

aetherspawn
1 replies
10h8m

There are literally 1000s of new APIs and I can only imagine what the web services, OS/kernel side and test infrastructure looks like, so I am thinking it’s in the 10-100mLOC ballpark.

fundatus
0 replies
8h57m

Ahem, you do realize that Safari on iOS exists right? Only thing Apple is doing here is exposing the same APIs they used to implement Safari to non-Apple devs. Probably with some adjustments, but certainly not millions of lines of code.

v512
0 replies
7h46m

how would you feel about having option to only use Safari on your macOS?

seszett
0 replies
18h1m

In fact the great thing about Safari (and Apple knew this) is that compatibility was really good precisely because everyone on mobile was using the same browser.

What a weird take.

Safari is the minority browser that takes so much work because of its quirks. The largest mobile browser by far is Chrome (65% vs 25%) and while it might be different in your particular bubble (probably the US? it's the only market where Apple is dominant afaik) it's well known that Safari is the equivalent of Internet Explorer in the bad old days.

sensanaty
0 replies
13h28m

Safari is the IE10 of today. Every single feature we build out, we need to test it thoroughly on Safari because stuff that works in FF/Chromium just doesn't work the same in Safari. A sizeable chunk of our frontend codebase has a bunch of workarounds specifically for Safari because of its quirks.

Their core strategy has always been to keep cost low...

You realize this is Apple we're talking about right, the company with the most outrageous pricing strategies?

chrisjj
0 replies
2h59m

Their core strategy has always been to keep cost low by supporting one hardware, one browser engine, one App Store.

No-one is asking them to support more than one browser engine or App Store.

Just to stop blocking them

c-cube
0 replies
17h2m

keep cost low

Have you seen the price of Apple devices?? They're anything but low. If Apple has to reduce a bit their margin because they lose their monopoly I won't be shedding tears for them.

brikym
0 replies
18h20m

yet Safari works just fine

I laughed. Clearly you've never tried building a halfway complex web app.

Dah00n
0 replies
9h42m

Safari works just fine

No, it does not. It is the old Internet Explorer of our day. It is by far the worst of all the browsers. This is like saying "this car from Apple with square wheels work just fine" and not at all acknowledge that every single road in the world had to be made bumpy to allow for this and made them worse for everyone else. Try developing for it.

bloppe
8 replies
17h16m

So, here's Apple's concern, which is valid: every website (PWA) should have isolated storage (cookies etc), and independent access to system resources (webcam etc) confirmed by the user on a per-site basis. I think we can all agree that's how things should be.

Previously, Safari handled these requirements because it's a modern browser (isolated storage has been a cornerstone of browser security for a long time), and had special privileges in iOS to configure per-site user permissions, whereas normal apps only had app-wide permissions.

Luckily, Chrome already has isolated per-site storage because it's also a modern browser. If it didn't, the world would probably explode.

That leaves per-site permissions as the only real problem. I'm sure the Chrome-on-iOS team would do whatever it takes to make this a good user experience, but let's assume for the sake of argument that this would actually be a burden for Apple to support.

How does disabling PWA functionality change the security situation whatsoever? Users preferring Chrome would just load the sites in Chrome as a bookmark, which has no meaningful difference from a "security" perspective. Users strictly using Safari obviously have a strictly-worse experience. Who does this help? What is made more secure by disabling this?

cherioo
7 replies
16h37m

The difference is, whether or not, when iOS user clicks an icon to open an ”app”, they can be confident whether or not the app is “secured” or not.

Hypothetically, without apple doing this, opening a PWA1 app can caused its data to be siphoned off by PWA2, up to isolation of the browser.

Whether or not that is a legitimate enough concern is up to each individual.

bloppe
6 replies
16h16m

I just don't understand what PWA's have to do with any of this. There is nothing that a PWA can do that a regular Chrome window would not be able to do. Apple is being force to support the latter. What's wrong with continuing to support the former?

If it all boils down to "Apple users expect Apple to have control over everything, and if that expectation is violated, it will be really bad", then I'm sure EU regulators will handle it. Is there anything I'm missing from a security perspective?

dagmx
5 replies
15h36m

The Apple FAQ itself answers the second side of this.

If a browser can add PWA, they can claim they’re installing an app, and it would not be clear to a user that they have a web app, not an isolated app.

Now, none of these pseudo apps are guaranteed to be sandboxed from each other but the user cannot differentiate between apps that do provide security.

survirtual
2 replies
5h56m

PWAs adhere to the same-origin policy, and all browser security policies associated. This means isolated storage (indexed db & local storage), isolated permissions, etc. Every modern browser has support for this.

One webpage accessing the resources and data of another webpage is among the most basic of things globally known to be disallowed. This sandboxing reasoning is extremely bad faith.

dagmx
1 replies
3h25m

Your argument hinges on a browser being a good citizen. The DMA makes no such requirement.

survirtual
0 replies
2h17m

Apple could trivially audit browser apps and provide warnings if they do not adhere to basic security policies literally every browser has implemented. This is a basic, user friendly approach.

Their behavior is akin to a small, bratty toddler throwing a little tantrum, but instead of being a small toddler, it is one of the largest corporations on the planet. Their "little tantrum" impacts lives and livelihoods, because they are upset a population has reps that actually represent them.

I hope they get what they deserve.

hu3
1 replies
3h52m

Now, none of these pseudo apps are guaranteed to be sandboxed from each other...

Except they are! Any browser worth their salt have been doing isolation since the dawn of time.

Or do you really think bing.com can manipulate google.com cookies and storage?

dagmx
0 replies
3h26m

Your qualifier is the issue: “Any browser worth their salt”

Yes, a good browser does. But you’re still leaving it up to each individual implementation, and the DMA rules that Apple cannot judge accordingly.

givemeethekeys
7 replies
21h45m

It's news like this that makes me want to trade my iPhone for the closest Android phone.

zshrc
6 replies
14h47m

Then do it and stop complaining. This isn’t a charity it’s a company. What company doesn’t have their best interest in mind? Don’t even say a FOSS company like Red Hat because that would be bull.

throwaway49849
4 replies
10h50m

The social contract has been that these big companies benefit from the free work of open source maintainers, and they continue to work together to support open standards. This latest maneuver from Apple, while well within their rights, is a big FU to everyone who builds and maintains the software that they depend on. They've broken the contract by continuing to hobble open web tech.

throwaway49850
3 replies
9h17m

That has never been the social contract.

I hate this outcome as much as the next guy and I'm sure Apple could have continued to support PWAs if they wanted to. And they should have done it.

That being said, I'm tired of the argument that OSS maintainers are being owed anything (beyond gratitude). They publish their software under licences they themselves choose. As long as someone follows the license, they are good.

If you don't want your work to be used for commercial activities in exchange for nothing, then don't publish it under a license permitting that.

throwaway49849
2 replies
7h37m

I don't mean to imply that the OSS maintainers are owed anything, because I don't believe that. There is still a social contract without anyone being owed anything. You haven't really given an example of why you don't think it exists.

Also, to what do I owe the honor of you creating a username based on mine, specifically to reply to me?

throwaway49850
1 replies
6h33m

The maintainers say in the LICENSE files that their creations can be used by anyone for commercial activities with no strings attached. Once they say that, no one who wants to use the creation has any responsibility to uphold any social contract. But I'm just repeating myself.

Also, to what do I owe the honor of you creating a username based on mine, specifically to reply to me?

If you want to stay anon, then so can I.

throwaway49849
0 replies
4h34m

A social contract is not defined by a LICENSE file.

Developers are under no obligation to create new software for a hostile company's products. Let's see how many vision pro apps get created if Apple keeps shitting on open standards.

v512
0 replies
7h54m

The country you lived for past 10 years started curbing the freedom then the solution is "just change country" is it? Ofcourse its a solution but not the only solution. You don't have right to say that just move away and stop complaining, that's not how things work.

w4
6 replies
19h35m

I’m primed to be upset with Apple these days, but this doesn’t seem like an unreasonable position. The EU is forcing them to do a bunch of work to support alternate browser engines, this in turn creates a bunch of additional work if Apple wants to fully support PWAs, and PWAs aren’t really in Apple’s financial interest to begin with, so f-it. They're not going to spend resources to add support for PWAs in the EU. It's easier to just disable them and call it a day.

It's a rational choice. Apple isn’t a charity, so why would they spend resources on extra work that they didn’t want to do in the first place, given that work is not required for legal compliance. The security spin is clearly nonsense, but other than that I can't really fault Apple for their position on this, even if I wish it were different.

jsnell
3 replies
16h53m

The EU is not forcing Apple to do any work. Apple is choosing to do the work mostly to make competing browsers as limited and non-compelling as possible, while still hoping to stay within the letter of the law. They could in reality comply pretty much by removing their arbitrary restrictions.

It's a rational choice. Apple isn’t a charity, so why would they spend resources on extra work that they didn’t want to do in the first place, given that work is not required for legal compliance.

I mean, the obvious answer would be that it actually is required. And the outcome of that would be that Apple gets a bunch of bad press, pays a ton in fines, and ends up with a consent decree that restricts them more than just acting in good faith would have.

It feels like a really stupid gamble. There's so little to gain from it, in comparison to the cost if the gamble fails. Apple owns their users, lock, stock and barrel. Basically none of them is going to switch to a competing app store or browser even once those exist. And when the users don't move, neither will the developers.

xvector
2 replies
15h1m

Telling a company they must implement an API is absolutely telling them to do work. And you're well within the right to refuse entirely.

mordae
0 replies
8h58m

Well we tell railroad operators how to do their job every day so that multiple companies running the actual trains can coexist and compete. Or even better, we own them publicly. I don't really see a problem in that, do you?

Since smartphones are new railroads, they should be treated as a platform on that the actual innovation happens. They should be robust (so that users can rely on them), neutral (concentrate on their own layer in the stack), adhere to standards (for cross border cooperation) and provide as little friction to competition on top of them as possible.

jsnell
0 replies
6h44m

Except they haven't told Apple to implement any APIs. They've told Apple to stop abusing their dominant market position and allow competing browser engines. Apple needs to do basically nothing to enable that, except to allow the same entitlements they already give Safari for other browsers, and to stop rejecting competing browsers in their policy and review.

(If you disagree, can you name one of the APIs you think the EC has told Apple to implement? Or name the APIs Apple was forced to implement to allow, because allowing competing browser engines would not have been at all possible without them?)

But that'd actually allow competition, and Apple seems to be very insecure about their ability to compete on a level playing field. I don't really understand why. Those 600 new APIs? They're 600 new restrictions.

I wouldn't say that Apple is well within their rights to break the law, and it's surprising to me that anyone would say so. But if they don't want to follow the laws, they are well within their rights to leave the market. (Now, there's of course no chance that Apple leaves the EU. After all, they still continue to operate in China and cooperating with the Chinese authorities, because they make a lot of money there.)

throwaway49849
0 replies
11h37m

PWAs aren’t really in Apple’s financial interest to begin with, so f-it

Translation: Apple hates developers who believe in open tech, despite being built on mountains of foundational open tech, like every other company.

janaagaard
0 replies
36m

It's a rational choice.

Yes, I agree here. To me, this feels like the cookie legislation all over again, in the sense that the end result was a lot of annoying cookie banners instead of websites stopping the usage of cookies. And yes, I know that answering 'no' in these banners reduces the amount of cookies used, but I am seeing more and more websites where things like videos don't work unless you accept cookies.

mantenpanther
6 replies
10h6m

Regardless of who is the bad guy here, the outcome of this is just devastating for the free web. For me the future trajectory of Apps were PWAs, which worked reasonably well lately. As small company, creating one App that works everywhere and is available without AppStores was just great. Much money spent on PWAs just wasted.

This is a terrible outcome, again caused by "well meant" but unpractical EU regulation.

LaGrange
3 replies
10h5m

ROFL. This isn't "unpractical EU regulation" but once again a corporation doing malicious compliance. At some point they really should just get banned from the market with any IP rights getting invalidated.

mantenpanther
2 replies
9h49m

The EU gave Apple an argument to kill PWAs (because the investment to support them is not worth it for them), while Apple does not like PWAs anyways. Bad for the citizens of the EU.

LaGrange
1 replies
9h16m

while Apple does not like PWAs anyways

[citation needed].

PWAs give Apple an out from having certain apps (for example, FetLife) on the App Store without making the phone a non-starter for people who want to use them. As much as Apple likes its walled garden, it likes the walls just fuzzy enough to not piss people off into migrating.

Apple just want to make the regulation itself annoying.

mantenpanther
0 replies
8h43m

And annoying it is. I'm not on the side of Apple here, but also question the way regulators work, because lately the outcome of IT-regulation in some cases seems to be a net negative for citizens.

andy_ppp
1 replies
10h1m

Why can’t the user be given the option of PWAs working like they do now with Safari or this new system that clearly sucks.

It’s obvious Apple is having a temper tantrum about being regulated, but it’s not wise for a company to behave like this.

mantenpanther
0 replies
9h53m

No denying that, but the objective outcome is bad.

ivan_gammel
6 replies
20h43m

Very questionable argumentation. This can be seen from two different angles:

1. PWA is a native wrapper for a web application, not a browser. It is supposed to be limited to the app website. DMA does not tell Apple that every app with embedded WebView should offer users possibility to switch the engine. Why PWA should be treated differently here? I‘d rather clarify this with regulators first, before harming end users.

2. There’s no browser engines currently supporting PWA on Apple mobile devices. Apple has enough resources and time to figure out how to sandbox PWAs on other engines together with the first browser vendor that decides to offer such support and commit engineering resources to this project. In the meantime current solution could stay simply because it does not hinder any competition.

I’m not a legal expert, so maybe I miss something here. But Apple statement does not look convincing to me.

Someone
4 replies
20h17m

DMA does not tell Apple that every app with embedded WebView should offer users possibility to switch the engine.

I don’t see how that’s related to the issue being discussed.

In the meantime current solution could stay simply because it does not hinder any competition.

Why do you think “you can install a third party browser, but if you do, you can’t add PWAs to the Home Screen” doesn’t hinder competition?

jdminhbg
1 replies
19h16m

Why do you think “you can install a third party browser, but if you do, you can’t add PWAs to the Home Screen” doesn’t hinder competition?

Because you can't add PWAs to the Home Screen if you use the first-party browser, either. The whole point of this article is they're turning off PWAs for Safari so that they're all on the same feature footing.

Someone
0 replies
10h22m

The comment I replied to said “In the meantime current solution could stay”. In context, I can’t interpret “the current solution” else than as what’s in shipping iOS now.

seszett
0 replies
18h14m

Why do you think “you can install a third party browser, but if you do, you can’t add PWAs to the Home Screen” doesn’t hinder competition?

Is there any reason that you couldn't just install a third-party browser and add PWAs to the home screen that use WebKit as a rendering engine?

Why would these two different things affect each other?

ivan_gammel
0 replies
19h49m

I don’t see how that’s related to the issue being discussed.

PWA is not a browser, it is a native app using a browser engine to render a specific website.

Why do you think “you can install a third party browser, but if you do, you can’t add PWAs to the Home Screen” doesn’t hinder competition?

I literally explained it in my comment you are replying to, but I can repeat. Competition does not exist yet. Browsers do not offer PWA support out of the box, it is a feature to be implemented separately from rendering engine. See Firefox on Windows for an example — it doesn’t support PWA out of the box. This feature has to be built: if Apple were to hinder the competition, they would resist it by not offering the APIs. But they can offer them through the cooperation with vendors, even if those APIs do not exist yet. Say, Mozilla comes and asks for APIs: Apple starts negotiating and proposes the compatibility requirements and a reasonable timeline. They both work on their part and eventually Firefox is released with PWA support. Who would fine or sue them if it worked this way? How the violation of DMA could be proven?

janaagaard
0 replies
44m

In the meantime current solution could stay simply because it does not hinder any competition.

As I understand it, this is specifically not allowed by the DMA, since it would be considered an unfair advantage to Safari, if that browser/engine was the only one allowed to run PWAs.

hardcopy
4 replies
20h30m

Sigh. This is a huge headache for me.

https://lemmy.world/post/12001569

(I develop https://github.com/aeharding/voyager)

leifross
3 replies
19h18m

I feel you, I am the sole developer of https://ember.ly

Certainly feels great to have your livelyhood kicked to the curb by some rich american megacorporation throwing a tantrum.

The worst part is that probably 40 percent of the development time has been trying to wrangle my way around weird rendering quirks in safari, never again. My next site will have a banner suggesting safari users open the site in firefox..

Symbiote
2 replies
18h27m

As a Norwegian / Norwegian company, is there even any politician you can write to?

leifross
0 replies
17h26m

Norway as an independent actor is too small to carry any weight in this matter. Our best bet is to hedge our interest as an extended member of the European Union, and even there we have a limited say.

almostnormal
0 replies
17h40m

Ask the users to return their broken phones, demand a full refund, and buy an android instead.

ttarr
3 replies
20h44m

These kind of news make me feel happy that I'm Apple, Microsoft and Google* free.

Phone is ungoogled Android.

system2
2 replies
12h38m

Ironic that Android was mostly developed by Google.

v512
0 replies
7h41m

Exactly why its a bad look for Apple right? Android is open, you don't need to have Google apps to make it work on other hand you can't even install Firefox/Chrome on iOS.

MrDresden
0 replies
8h24m

But isn't it lovely though, the ability to not be beholden to the original developer with the device you own?

It should bring hope to the hearts of all device owners that are currently firmly under the bootheel of device manufacturers.

brikym
3 replies
21h2m

I'm actually thinking of switching back to Android because of this bullshit. There are a lot of niche web apps I use, particularly for local things, that just won't be developed into an iOS app because it's not viable.

tonoto
1 replies
20h44m

Android user since ~2010 (before that, Symbian).. I tried one of Apple's "Pro" phones with IOS 2021, last year I went back to Android and back to freedom even if it is Google's walled garden. Still, being able to control many aspects of the phone (choice of browser, do I need to mention different volume controls, can compile own stuff, automation) is unbeatable. To me using iPhone left me with the same crippled feeling that I would have if someone forced me to use Windows on a computer. On the plus side, my screen time was actually lower during those two years..

MrDresden
0 replies
8h21m

..even if it is Google's walled garden.

But it isn't.

As an owner of the device, you can install anything you want on it, from any source you'd like.

SJetKaran
0 replies
15h31m

I just moved to a second hand iPhone. My next mobile won't certainly be an Apple one.

Alifatisk
3 replies
20h36m

Bummer, so all these recent news about Apple allowing push notifications and PWAs to iPhone was for nothing?

mnau
1 replies
19h59m

If you are ouside of EU, it wasn't for nothing.

EU is only sixths of world GDP and shrinking.

Alifatisk
0 replies
19h33m

That’s a big if

sccxy
0 replies
20h34m

I guess they realized that if they opened up too much of their walled garden, there was no going back.

pantulis
2 replies
9h39m

Perhaps it has already been said but, didn't Steve Jobs state that "The SDK is the web", on the original iPhone launch?

yreg
1 replies
9h38m

He did, but strategies change over time.

pantulis
0 replies
6h5m

Even Steve changed when the App Store was launched, of course!

nonrandomstring
2 replies
20h26m

Said it before and it seems clearer every day, that we're in an era reminiscent of the 1920s with big mobs fighting it out. One of the old games back in town is protection rackets [0], digital forms of ransacking, vandalism, threats and "tax" collecting are all the rage dontchyknow.

Everyone's got their "security" to give you. But it ain't your security, and it ain't compatible with noone else's.

Nice app store you got here. Shame if anything might 'appen to it!

[0] https://en.wikipedia.org/wiki/Protection_racket

joshxyz
0 replies
16h37m

love this.

history often rhymes and really rhymes on this one.

dclowd9901
0 replies
11h57m

Since when has a protection racket given you choice of protection?

hurril
2 replies
10h41m

Can I as an EU citizen please opt out of this nonsens?

bomgar
1 replies
10h38m

Yes. Don't buy apple anymore.

hurril
0 replies
3h29m

How about: don't be in EU anymore?

dev1ycan
2 replies
17h18m

Why is Apple given so much leniency? just give Apple a 5 year ban in Europe, you'll see how quickly they decide to start begging and complying.

zirror
1 replies
12h10m

I think I agree, if that is legally possible. I don't think apple provides any important infrastructure like Amazon, Microsoft and Google do. It's basically a luxury company. Might be bad for the people who already own iOS devices and need it to survive in one way or another (e.g. as a wallet).

dev1ycan
0 replies
9h55m

Well apple could still operate the devices that they've sold, they just wouldn't be able to sell for a specified period of time, doubtful apple removes support anyways because then they customer trust.

chocoboaus2
2 replies
18h27m

Red rag to a bull

The EU is going to absolutely see this as Apple spitting in its face.

alex_suzuki
1 replies
6h40m

You're counting on EU regulators understanding what a PWA is, and how it is a potential threat to Apple's walled garden. I think that's being optimistic.

chrisjj
0 replies
2h45m

Well, thanks to Apple, those regulators have only to read the national news.

badrabbit
2 replies
11h31m

If for example the EU instituted rules in the steel industry that harmed US companies, US politicians would fight back and start a trade war.

Why is it not the case with apple? They undermine the entire concept of free market capitalism by forcing companies to do unprofitable things instead of letting consumers vote with their wallets by using alternative products of which there are many.

There is no anti-competitiveness or harm to consumers. No one is telling car makers to allow standardized engine parts. Ferrari can make every part of the car unique and incompatible with other car makers so long as it meets safety standards, so why is apple special?

My theory is the EU has benefited a lot from fining rich US tech companies, they get votes from european techies who don't get capitalism and extra revenue. And the US is docile because they need EU support against China.

hamandcheese
0 replies
11h26m

Well, probably because the digital markets act isn't an Apple Tax. It merely provides more freedom to users.

They undermine the entire concept of free market capitalism by forcing companies to do unprofitable things instead of letting consumers vote with their wallets by using alternative products of which there are many

If this truly forces unprofitable behavior, we should expect Apple to pull out out Europe. But I would bet my life that doesn't happen.

Dah00n
0 replies
9h24m

Ferrari can make every part of the car unique and incompatible with other car makers so long as it meets safety standards, so why is apple special?

This is complete nonsense. No-one is forcing Apple to make their screen compatible with a Samsung phone, or a part inside an AirPod fit inside a Bose headset.

The owner of a car can by law use third-party shops and retain warranty 100%. The third-party shops can buy parts for the car. They can access the data of the car with the tools that are needed, and they can install similar parts made by a third-party factory without voiding the warranty. Your example is as far away from Apple ecosystem as you could possibly get.

For an example, I have always used a third-party shop for my cars and when the engine needed to be replaced in one because of a known weakness showing up, I got the new engine as I should even though the car had never seen an authorized dealer since the day I bought it. Try doing that with an iPhone.

What you are describing is the opposite of what you claim. You are describing anti-competitiveness and monopoly abuse.

torartc
1 replies
20h6m

Is there anything we can actually do to push back on this? I get we can long term just not buy their products, but it feels like there needs to be more urgent action then that.

jeroenhd
0 replies
19h51m

I don't think so. Either the EU takes action (assuming what Apple does is illegal, though I doubt it) or you'll have to vote with your wallet.

Perhaps your best bet would be to loudly proclaim Apple's user-hostile behaviour as the reason you're switching to another brand of phone, so non-tech people also learn about Apple's hissy fit, but I doubt it'll do much to their bottom line.

thatha7777
1 replies
9h58m

Frankly, Apple's position enrages me.

It's okay that Apple doesn't like a European law. As a US-based company, it makes sense that it feels like a foreigner is meddling in their affairs... It's okay that they continue to have the hubris that Apple, and Apple alone, knows what's best for everyone.

However... the democratically-elected institutions of the EU represent a total of 447 million people. Most technologists I know in the EU are pro-DMA.

It doesn't feel like Apple has ever engaged in any kind of external discussion around this, or any kind of acknowledgment that there may be an issue with their current policies.

It's like walking it the courtroom with bloody hands and screaming in an obviously fake British accent "MURDER?!? THAT IS RIDICULOUS, Your Honor. I AM WEARING A TUXEDO."

Apple's arguments at every single junction have been nothing short of ridiculous. My favorite one:

"Apple operates 5 distinct App Stores: the iOS App Store, the macOS App Store, the iPadOS App Store, etc..., and only the iOS one is big enough to be a "gatekeeper"." [0]

COME FUCKING ON. HIRE BETTER LAWYERS.

[0]: https://ec.europa.eu/competition/digital_markets_act/cases/2...

MrDresden
0 replies
8h28m

They didn't need better lawyers. There wasn't an argument for them to use, better than the one you mention.

Apple (and by extension it's product line), is monopolistic. And they know it.

stevefan1999
1 replies
10h47m

That's why I almost wouldn't buy a new Apple product anymore, with their draconian Chinese model (Apple as the big parent), and instead I crack Apple's product to assert my freedom (I do use Hackintosh, by the way).

The only exception is an iPad Pro (M1) because there aren't good competitions in the market. Over the time I'm starting to think about replacing it with an Android tablet but I'm still yet to find one with a decent pen and memory.

Alas, to quote Benjamin Franklin, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety". You gave up your liberty to be colonialized by Apple, and now you get neither Liberty nor Safety in the future eventually.

jocaal
0 replies
2h14m

Android tablet but I'm still yet to find one with a decent pen and memory

I don't have one, so take with grain of salt, but I've seen reviews of the Galaxy Tab s9 Ultra are pretty good [0]. Super expensive though. Also as a bonus, android is possibly getting a VM [1], so in the future you might be able to install full fat linux on high quality tablets.

[0] https://www.youtube.com/watch?v=sl0UUhmaiDU

[1] https://source.android.com/docs/core/virtualization/architec...

pseudony
1 replies
19h54m

On the point of trusting (big) Apple to keep us safe.

This was linked in a similar discussion today. Either they knowingly provide backdoors for state actors or they are being so incompetent that it is laughable. Zero interaction remote exploit of hardware features designed to circumvent their own security measures? Why ?

Seriously, find someone worthy of your trust, because that isn't Apple

https://www.kaspersky.com/about/press-releases/2023_kaspersk...

stonegray
0 replies
18h22m

I trust Apple more for this decision, not less. PWAs used WebKit to allow untrusted code (any website in this case) to safely execute on the phone. In the EU now, you can modify or replace that layer of trust (browser engine) and restricting camera access and local storage seems reasonable; these limitations are expected for websites.

I expect 3rd-party engines in the EU may choose to allow this, for example by launching in Chromium in full screen w/ additional permissions, but I'm glad this attack surface is reduced at least for right now.

d1sxeyes
1 replies
5h32m

I’m a bit of a hobby coder, and I have enjoyed writing small, home cooked apps (https://www.robinsloan.com/notes/home-cooked-app/) and publishing them as PWAs that my friends and family can enjoy. I can’t justify an annual 99 USD for an Apple developer licence, and my family have a mix of iPhones and Androids.

This step makes it much less possible for me to do this kind of “home cooked” development, and it makes me sad.

I think Apple would do well to offer a solution for folks like me, maybe a significant discount (or free?) developer accounts for folks with apps with fewer than 50 users or no App Store access, etc.

But I guess they don’t really care, which is sad.

axelthegerman
0 replies
4h48m

But I guess they don’t really care, which is sad.

Hit the nail on the head there.

Currently they care about protecting their iOS monopoly. I'm not sure there is much they care about more.

PWA, alternative browsers, alternative app stores are all just little pawns in the iOS/Android duopoly game

I too was very excited that PWAs are finally here and work everywhere. I thought being open web technology they wouldn't go away easily - guess what Apple always finds a way.

They really just are the new Microsoft from the old days

akmarinov
1 replies
21h3m

Since iPadOS doesn’t get alternative stores and alternative browsers - I wonder whether PWAs will still work on iPads in the EU. That’d be funny.

hardcopy
0 replies
19h52m

They still work on iPadOS

Razengan
1 replies
18h56m

Browsers should only display documents, not apps.

That's what operating systems are for.

Just give native apps what made the web popular in the first place:

• Ability to instantly launch any app just by typing its "name"

• No need to download or install anything

• Ability to revisit any part of an app just by copy/pasting some text and sharing it with anyone.

That's what ultimately matters to end users.

postalrat
0 replies
18h46m

The problem is systems developers haven't been able to settle one any platform for multi-platform apps. They a head start of decades before web browsers became popular and couldn't pull it off. Failure after failure.

InsomniacL
1 replies
7h21m

So you can build a website that runs on iPhone using some other browser engine that requests permission to use the camera...

But if you want to move that website into a PWA that runs on iPhone that uses some other browser engine that requests permission to use the camera then, that browser engine can't be trusted?

rahkiin
0 replies
7h9m

I think PWA integration architecture needs to be rebuild for supporting different browsers and it was not a priority because of low usage (their words).

I can imagine an architecture where every pwa does not run a whole Safari instance but just a tab. Then all those ‘app looking’ pwas run in the same actual app.

Or they just dont trust google to make no native apps anymore for the app store…

Fizzadar
1 replies
21h43m

Honestly Apple’s response to the DMA changes is pathetic, they’re acting like a petulant child. I really hope the EU throws the book at them. Will believe it when I see it, fingers crossed.

Fizzadar
0 replies
21h42m

I say all this as a MacBook, iPhone and AirPods user (:

5evOX5hTZ9mYa9E
1 replies
21h28m

The good news is that DMA contains private right of action. Might as well start drafting the responsive court filings already, March 8th is just around the corner.

simongray
0 replies
6h18m

Can you provide a bit more context, please.

Private right of action? March 8th?

whatsthatabout
0 replies
21h4m

Wanted to try an android phone for some time again anyways, thanks apple :)

throwaway49849
0 replies
11h39m

The amusing thing is that on-homescreen PWAs were the only way iOS supported web push notifications. They could 100% do it in the browser, like every other browser does. But they won't, because they're openly hostile to open web technologies.

szasamasa
0 replies
8h19m

web apps are websites with standalone

the name "install" is bad and the wording is NOT a web standard, NOTHING is installed

the question is web capabilities

one core capability is caching and offline via service workers

no need for "install" for this

"installing" a web app does not even need anything anymore, not even offline or service workers... it is ONLY switch to standalone and get a launch button or be integrated into app launchers on OS

behind "install" is a bad and immature web app manifest api, it is a draft... the wording install must go

it is one of MANY possible web capabilities for a web domain to be able run standalone and get a button

apple cannot ban this since a shortcut to chrome cannot be deemed unsafe, where then CHROME decides to run standalone or not

the real problem is NOT that safari kills standalone

they try to kill a lot of web capability, like service workers, and NOT JUST FOR SAFARI

I mean this will not stand, you CAN stay apple-level-safe (whether it is more or less than other platforms) by CHOOSING safari

it is an obvious CHOICE to be granted to trust google, mozilla or microsoft and their web security model to stay safe with THEM on the web

no argument why this should not be allowed if other native apps are allowed

and come on, even mac os is safe with service workers in chromium

system2
0 replies
12h42m

Sounds like the web developers who depended only on PWA will have to learn Swift very quickly.

swellbastion
0 replies
2h26m

It's worth noting that Android solved this problem a long time ago. Home screen shortcuts just open in whatever browser you created the shortcut with. If apple hasn't fixed this a year from now, it'll be a clear indication that they are taking this as an opportunity to disadvantage the web platform.

smeagull
0 replies
20h48m

Seems like a very unreliable platform to me.

rjmunro
0 replies
5h49m

To allow other browser engines on iOS, why do Apple have to do anything except change the policy of the App store to not reject them?

ranger_danger
0 replies
13h42m
pulse7
0 replies
9h47m

This is a political action to angry consumers so that they complain to local governments... a type of sabotage...

pseudospock
0 replies
18h53m

I have to admire Apple's pettiness about it. Malicious compliance at its best.

pompino
0 replies
9h12m

Apple is fearmongering that if the user installs a browser of their choice, the phone would get rooted in seconds and the user would have their data stolen. Yeah, how about they fix that ?

piyush_soni
0 replies
6h22m

One day everyone will realize, Apple is one of the most toxic companies ever.

pierrebai
0 replies
20h41m

Come on now, if it was /that other company/ you'd be saying it without a pause.

FUD

See? Not hard to say, even when it is Apple and not Microsoft. The concept that browser allow one web site to read the storage of other sites is ludicrous. SuuuuuUUUuuure Apple can't /guarantee/ that the browser has no bug... which assumes Apple can somehow prove their own browser is bug-free. Plus, what prevents Apple from launching separate instances with separate data permissions for WPA? That's is 99% certainly what they did with their own WebKit-based solution.

FUD FUD FUD

pcdoodle
0 replies
19h11m

Does this mean all PWAs will no longer work in airplane mode?

nmstoker
0 replies
17h18m

Is this something that other browser suppliers could revert by having their browsers support PWAs or is there something at the OS level that makes that impractical/impossible?

moi2388
0 replies
10h11m

Good. Fuck PWAs

mediumsmart
0 replies
9h20m

I don't want the internet in an iOS device, only in the browser. On purpose.

malermeister
0 replies
20h33m

https://www.youtube.com/watch?v=VtvjbmoDx-I

Apple has become the IBM in their famous 1984 ad. "A garden of pure ideology", indeed.

macinjosh
0 replies
19h42m

Apple ducking sucks.

ijhuygft776
0 replies
15h1m

I always knew Apple was an evil company... glad to see them finally admitting it...

hamandcheese
0 replies
17h48m

Are there any notable PWAs out there? I can't think of any that I use.

Sadly, it seems like if given the choice, most companies want you to install a Real App, probably for better snooping.

gargs
0 replies
21h18m

This is the courageous Apple we've all been waiting for. One that doesn't think twice about antagonizing its users just to throw a tantrum.

dontdoxxme
0 replies
20h32m

Probably easier to leave the EU than get Apple to listen.

dilippkumar
0 replies
17h24m

There have been several comments along the lines of: "Why should I trust apple and their security, but not that of a third-party web browser?"

I don't have an answer for you. But I want to recommend this talk from 7 years ago: https://www.youtube.com/watch?v=BLGFriOKz6U

That alone convinced me. Apple knows what it is doing when it comes to device security. Today, I trust them with my most sensitive data and sleep peacefully at night.

danhau
0 replies
8h38m

Does this mean Apple has killed PWAs in the EU?

browningstreet
0 replies
3h22m

So many laypeople that I know don’t even use bookmarks.

I’m a Linux geek with macOS and Windows in the house and I’ve never used a PWA.

I just can’t get excited over this one.. technical, political.. Apple is doing what I’d expect from a company being told how to build and change their product.

And since I don’t want to live in a Dell world running Windows paired to an Android phone of any kind, I personally am inclined to give them a pass on their obstinance. There’s very little in the tech world that runs as cleanly as iOS on an iPhone.

(And yes I’d love to run Linux on my mobile desktop but it’s all really terrible and not even close to a whisper of a starter. And I’ve tried them all.)

Not an Apple apologizer, just ranking them against the performance and quality of the alternatives.

anon373839
0 replies
19h44m

It’s disappointing to see that Apple’s spin job is apparently working (based on some of the comments here). While it sounds superficially plausible, it’s actually quite deceitful.

For example, the argument that one web app could steal the permissions of another web app is predicated on the assumption that a non-Apple browser engine will fail to sandbox the apps. But *the exact same* threat vector will exist for non-Home Screen web apps accessed through third party browsers. That’s because ordinary websites ALSO have the ability to request access to microphones and cameras, and it will be up to the developers of the browser engines to ensure that these permissions are properly sandboxed. Apple won’t be able to eliminate this risk without breaking vast numbers of sites that people use every day.

In truth, a PWA is no different from a website. It’s built using the same technologies and APIs. The main difference is that it can run in full-screen mode like an app, and it has its local storage cleared less often. These are nice extras that benefit users who choose to “install” such apps, and they carry no special security risks.

andy_ppp
0 replies
9h57m

Why can’t Apple continue to provide the normal way progressive web apps function when Safari is selected (that work like they do outside of the EU) and provide this other system for alternative browsers makers?

I don’t believe they are trying to abide by the spirit of the EU law and are trying their best to behave extremely poorly towards it in how they are complying, choosing the most user hostile interpretations possible. I hope the EU issue the maximum fine.

Vinnl
0 replies
19h3m

I'm guessing now that the app store had been designated as a gatekeeper and that alternatives app stores are technically allowed, it no longer has to pretend that PWAs are a Viva alternative?

RockRobotRock
0 replies
18h29m

What a petulant move

Mindwipe
0 replies
6h47m

Apple are being actively dishonest in their justification here.

If you work at Apple and are reading this, it's time to start asking serious questions about why your company is happy to lie to the public and lawmakers to try and juice their revenue.

KingOfCoders
0 replies
12h55m

When companies and the state collide, and the state is serious about the issue, the companies lose. Always. I know they want to win and the CEOs ego - I can imagine Cook in his office - is hurt, so "Ok, then you don't get PWAs!", and for some time companies get away with it (especially startups operating a grey area until they get enough customers), but in the end, the state wins. Because it can put people in jail and the company can't.

Ajedi32
0 replies
19h49m

Honestly this doesn't bother me as much as some of the other malicious compliance Apple has been doing. It sounds like Safari had a pretty tight level of integration with the operating system in order to allow PWAs, and creating secure APIs to allow other 3rd party browsers to achieve the same thing would have been expensive. So in order to avoid giving preferential treatment Safari over competing browsers without incurring that cost they had to remove PWA support.

Obviously long-term what should happen is that Apple should build out those necessary APIs, then re-introduce PWA support to Safari and 3rd party browsers, but I personally feel like the EU trying to legislate an entirely new platform feature into existence like that would be a step too far.

Some of the other concerns with Apple's recent moves (like them trying to charge developers for installs that don't go through Apple's App Store, and that Apple therefore has nothing to do with) are a far bigger issue.

23B1
0 replies
20h37m

AAPL's recent behavior has really degraded the brand for me personally.

Like I won't be buying the Vision Pro because I'm not really sure I want to get further locked into their ecosystem if they're this hostile towards the will and rights of the people who buy their products.