Tim Cook Meets EU Antitrust Chief Ahead of iPhone App Sideloading Deadline

[I7guy]

Is micro-regulation even a word?

Don't know. I coined it.

And who says this is micro-regulation?

I do, imo.

As someone who emits an opinion that is 100% in line with Apple PR, you cannot expect any real person here to swallow that as a real fruit.

I could give a you know what, who doesn't agree with my opinion. This is the internet after all.

No one except big players is defending Apple, that should teach everyone already far enough as to what people want, or if they see their choices artificially hamstrung by Apple who is controlling a platform of massive influence, and who basically controls all the economy therein, unsupervised.

Or people are defending Apple, who don't want to see the ecosystem go down the toilet.

Freedom is not our only right, at least not in the EU, we also have rights of consumer protection, the protection of competition, and the prevention of bad actors executing their monopolistic control.

Sure that's the EU, but nowhere on MR says I need to tow the party line of DMA EU supporters.

Apple will comply because losing a market means losing money,

Apple will comply because it obeys laws, not because this is a particularly fantastic piece of legislation.

and they would rather lose integrity than money. They followed all the laws in the US, China and Russia and I think it's fair to follow a very simple request from the EU to follow our laws as well.

You don't like the laws, fine, but I and everyone I know do like the laws,

I don't see everyone here cheerleading these laws are the bees-knees.

and that also includes people outside of the EU. I even know people who wanna buy an EU model going forward because it will allow the sideloading.

We also both know that it will not even affect aunt Dolores because aunt Dolores won't know how to turn on sideloading.

No, but it may affect aunt delores because here favorite app, may not be on the apple app store going forward and possibly future apps may be scamware, malware or phishware.

 

[makitango]

Because another person was “lol you know nothing about software development”. Again let’s be civil here. I wasn’t the one that started it.

Again, anyone can say anything, claim to be anyone or to know everything. Doesn't mean that we are and it adds zero credibility. On top of that, what we do for a living, it simply does not say anything about how good or bad we are in our jobs.
That sentence, if it happened like that, was probably a bit offensive but that's not the same as an insult. I believe it was a nod to the fact that software development has a way different nature than what Apple tries to project in order to defend their 30% cut and prohibitation model (and those two things are the things that are targeted here), and proper software development would already solve what Apple wants us to believe the review process is doing (which we already know it isn't).
Again, I am sorry but I have to agree with that person in the point that any software developer, let them be junior or senior, or just a mere student, should know better than to put trust in a model or workflow which is an absolute joke to security because the people who review are not engineers. Someone who is not an engineer does not deserve our trust in security.

All the engineers work on the OS and that is where the tweaks have to be implemented.

The blocking of app choice is the other big thing. Apple chooses for us, we cannot choose the app when the app's developers aren't allowed to put it on the platform, App Store or otherwise. If I want a p***hub app and p***hub wants to make an app but is not allowed to release it, then this is against the sense of an open market.

 

[1284814]

Plus, if we install malware or modify the OS, we don‘t lose warranty for hardware.
Apple tried to force that onto customers until the law knocked on Apple‘s door.

Exactly, i

 

[makitango]

Or people are defending Apple, who don't want to see the ecosystem go down the toilet.

Apple will comply because it obeys laws, not because this is a particularly fantastic piece of legislation.

I don't see everyone here cheerleading these laws are the bees-knees.

No, but it may affect aunt delores because here favorite app, may not be on the apple app store going forward and possibly future apps may be scamware, malware or phishware.

The same way the macOS ecosystem is going down the toilet because of sideloading?

Apple complies with the law not because it wants to follow the law but because it wants the money which it gets by following the law. Which is why I pointed out why they oblige with laws that even enable bad actors to assault the people whom they promise to protect in their hypocritical code of conduct.

Aunt Dolores has to be as tech-savvy as us in order to find the location of an .ipa whose developer had so much money that it could climb search results before it got unsigned.
The nature of security of sideloaded apps will be no different than on macOS. Try to find me a Spotify clone which is malware, and show me how their app is still signed and how easy it is to find the .pkg or .dmg. It simply isn't, it's not a real-world scenario and you know it. Yet you still spread the hysteria.

 

[I7guy]

The same way the macOS ecosystem is going down the toilet because of sideloading?

Red-herring the two are completely different ecosystems. The iphone has over a billion users (give or take). That is a lot of incentive for criminal activity relating to scamware, malware and phishware.

Apple complies with the law not because it wants to follow the law but because it wants the money which it gets by following the law.

Apple follows the laws because they follow the laws. Just like you and I follow the laws. That doesn't make every single law that we follow outrageously good in their own right.

Which is why I pointed out why they oblige with laws that even enable bad actors to assault the people whom they promise to protect in their hypocritical code of conduct.

Throw the baby out with the bathwater.

Aunt Dolores has to be as tech-savvy as us in order to find the location of an .ipa whose developer had so much money that it could climb search results before it got unsigned.

While I don't have a crystal ball, criminals are usually very inventive on how they get to scam people. They must be all juiced up with the additional avenues the EU is providing.

 

[InvertedGoldfish]

Only if you start installing apps from less than reputable sources and/or developers does that become an issue. In your case, since you've proven you don't want to sideload, I don't see what's the problem for you?

It’s the roundabout way some nefarious stuff will get side load installed

I’m sure some people are ecstatic about the EU threatening Apple to force side loading
Id also wager folks outside of the EU in the intelligence community are pushing for all this behind closed doors

But hey, it’s for “the consumers” ba ha ha ha

 

[makitango]

Red-herring the two are completely different ecosystems. The iphone has over a billion users (give or take). That is a lot of incentive for criminal activity relating to scamware, malware and phishware.

Apple follows the laws because they follow the laws. Just like you and I follow the laws. That doesn't make every single law that we follow outrageously good in their own right.

Throw the baby out with the bathwater.

While I don't have a crystal ball, criminals are usually very inventive on how they get to scam people. They must be all juiced up with the additional avenues the EU is providing.

People bring up Windows, of course I can bring up macOS. Apple is conveniently not mentioning macOS here and neither are you for no legitimate reason other than having less users, which doesn't change the fact how sideloading works and how you can accrue attention. In fact, a certificate can be revoked much faster on a platform that is more relevant to them, money-wise.

The way you can lure users to dark places doesn't depend on your platform. Sideloading is thus the exact same issue in iOS like on macOS.

I didn't throw anyone out of anywhere. I was bringing up a point where Apple does things for money which are objectively not good and hypocritical, which means that when they lie there, they can lie anywhere. Their argument for security in the review process is a promise of empty words.

Yes, criminals must be so inventive and so happy when the most efficient way to scam people is unsupervised. Sending you messages to go to a website and "log in" with your credentials. No criminal would be so stupid to obtain fundamental development skills to spend time and money to develop an app which nobody will know about because said unknown criminal-turned-dev is still an unknown criminal without the means to gain exposure.
Again, why can't you stay in the real world?

 

[Samplasion]

I’m sure some people are ecstatic about the EU threatening Apple to force side loading
Id also wager folks outside of the EU in the intelligence community are behind all this

If they find a way to escape the sandbox then bravo, Apple's OS is not as secure as they claim, sideload or no sideload

It’s the roundabout way some nefarious stuff will get side load installed

I'm having trouble understanding this sentence but if you're implying the App Store contains no malware whatsoever then you're wrong.

 

[makitango]

It’s the roundabout way some nefarious stuff will get side load installed

Is that in your crystal orb? Your crystal orb seems to have never heard of macOS.

Id also wager folks outside of the EU in the intelligence community are pushing for all this behind closed doors

Any competent member of the intelligence community already knows that root access is the way to go, or backdoors. Go ask China, they have successfully made Apple to do that for years, in exchange for some dollar.

But hey, it’s for “the consumers” ba ha ha ha

Since I am a consumer and the majority of EU consumers want that as well, it's not a joke.

 

[InvertedGoldfish]

If they find a way to escape the sandbox then bravo, Apple's OS is not as secure as they claim, sideload or no sideload

I'm having trouble understanding this sentence but if you're implying the App Store contains no malware whatsoever then you're wrong.

Isreal and that state sponsored hacking ground has a reach far outside of “the sandbox” even the US has used their spyware on its own citizens before

The second part, App Store isn’t perfect, but dropping what few safeguard iOS has from a place like the NSO group being able to much more easily install their exploits and hacks onto journalists phones by advertising them as a email client or something is really not good for anyone but the state, for sure not “the consumers”

 

[Samplasion]

Isreal and that state sponsored hacking ground has a reach far outside of “the sandbox” even the US has used their spyware on its own citizens before

So if you're aware of your iPhone being a spying device, why do you keep using it? Seems a bit hypocritical given the context of the discussion. After all, the most secure type of phone is an old school flip phone

The second part, App Store isn’t perfect, but dropping what few safeguard iOS has from a place like the NSO group being able to much more easily install their exploits and hacks onto journalists phones by advertising them as a email client or something is really not good for anyone but the state, for sure not “the consumers”

So you think a group of hackers who can bypass the sandbox can't bypass the sideload if restrictions? The same restriction that have been bypassed since forever ago with tweaks such as AppSync?

 

[I7guy]

People bring up Windows, of course I can bring up macOS. Apple is conveniently not mentioning macOS here and neither are you for no legitimate reason other than having less users, which doesn't change the fact how sideloading works and how you can accrue attention. In fact, a certificate can be revoked much faster on a platform that is more relevant to them, money-wise.

Windows has had it share of malware. I can post some links if you are interested. I'm not bringing up mac os, because it's not in the same league as 1B i phone users.

The way you can lure users to dark places doesn't depend on your platform. Sideloading is thus the exact same issue in iOS like on macOS.

Yes it does depend on the platform.

I didn't throw anyone out of anywhere. I was bringing up a point where Apple does things for money which are objectively not good and hypocritical, which means that when they lie there, they can lie anywhere. Their argument for security in the review process is a promise of empty words.

That's the definition of throwing the baby out with the bathwater. Saying there is one instance of a bad app on the app store and apple doesn't do a good job and other third party app stores will do better...is the very definition of "throwing the baby out with the bath water".

Yes, criminals must be so inventive and so happy when the most efficient way to scam people is unsupervised.

That's what I'm saying.

Sending you messages to go to a website and "log in" with your credentials. No criminal would be so stupid to obtain fundamental development skills to spend time and money to develop an app which nobody will know about because said unknown criminal-turned-dev is still an unknown criminal without the means to gain exposure.

Having an unsupervised vector of attack is exactly what a criminal would want. No?

Again, why can't you stay in the real world?

I'm in the real world. But I wonder about some of these posts.

 

[InvertedGoldfish]

Is that in your crystal orb? Your crystal orb seems to have never heard of macOS.

Any competent member of the intelligence community already knows that root access is the way to go, or backdoors. Go ask China, they have successfully made Apple to do that for years, in exchange for some dollar.

Since I am a consumer and the majority of EU consumers want that as well, it's not a joke.

I have a very very good crystal ball, it’s called history, and most of the future is simply a rerun of the past

I love the argument, it’s the same old government already has like super powers so no sense trying to secure anything, well if they really did have these CSI TV show level abilities they wouldn't be trying to attack the existing safeguard like no side loading and message and storage encryption as hard as they have.

Per the consumer thing, it’s funny that something directly and clearly attacking consumers like slowing down phones and tricking consumers to upgrade, most governments at most said Apple can not have its 120% markup on phones anymore, select victims now get a settlement of like $90, so now for being shady trying to make money, Apple is punished…with only being able to have 100% markup 😂


Yeah its all about the consumers 🙄

 

[InvertedGoldfish]

So if you're aware of your iPhone being a spying device, why do you keep using it? Seems a bit hypocritical given the context of the discussion. After all, the most secure type of phone is an old school flip phone


So you think a group of hackers who can bypass the sandbox can't bypass the sideload if restrictions? The same restriction that have been bypassed since forever ago with tweaks such as AppSync?

Yeah that’s practical…

 

[makitango]

Isreal and that state sponsored hacking ground has a reach far outside of “the sandbox” even the US has used their spyware on its own citizens before

The second part, App Store isn’t perfect, but dropping what few safeguard iOS has from a place like the NSO group being able to much more easily install their exploits and hacks onto journalists phones by advertising them as a email client or something is really not good for anyone but the state, for sure not “the consumers”

The App Store has no safeguarding element. It has curation. Apple wants to project the idea that those are the same but even they know that no one who knows their stuff will believe that.

1. Windows has had it share of malware. I can post some links if you are interested. I'm not bringing up mac os, because it's not in the same league as 1B i phone users.

2. Yes it does depend on the platform.

3. That's the definition of throwing the baby out with the bathwater. Saying there is one instance of a bad app on the app store and apple doesn't do a good job and other third party app stores will do better...is the very definition of "throwing the baby out with the bath water".

4. That's what I'm saying.

5. Having an unsupervised vector of attack is exactly what a criminal would want. No?

6. I'm in the real world. But I wonder about some of these posts.

1. You are not bringing up macOS because it simply voids your argument.
2. raising awareness about apps that are actually malware does NOT depend on the platform.
3. We are not talking about one instance and we don't even know the real number. You know that Apple does a good job? Are you on the team? We already know all the things where it went sideways and it's enough proof that it isn't, we don't need to see more.
4. That's not what you're saying and you know it. I was bringing up the point how unfeasible it is for a bad actor to go to the lengths of developing an app while not even being able to raise enough awareness for it so that even a smaller but established app gets sidelined. We all know it and so do you, stop painting ghosts on the wall.
5. It's supervised by iOS Gatekeeper, the same way the macOS Gatekeeper works. If that is not working, then Apple has zero ability to use the word security with integrity.
6. You're not acting like a natural person, you sound more like a contractor on Apple's behalf. You are drawing up scenarios which are too hypothetical.

 

[InvertedGoldfish]

The App Store has no safeguarding element. It has curation. Apple wants to project the idea that those are the same but even they know that no one who knows their stuff will believe that.

1. You are not bringing up macOS because it simply voids your argument.
2. raising awareness about apps that are actually malware does NOT depend on the platform.
3. We are not talking about one instance and we don't even know the real number. You know that Apple does a good job? Are you on the team? We already know all the things where it went sideways and it's enough proof that it isn't, we don't need to see more.
4. That's not what you're saying and you know it. I was bringing up the point how unfeasible it is for a bad actor to go to the lengths of developing an app while not even being able to raise enough awareness for it so that even a smaller but established app gets sidelined. We all know it and so do you, stop painting ghosts on the wall.
5. It's supervised by iOS Gatekeeper, the same way the macOS Gatekeeper works. If that is not working, then Apple has zero ability to use the word security with integrity.
6. You're not acting like a natural person, you sound more like a contractor on Apple's behalf. You are drawing up scenarios which are too hypothetical.

Has the appstore allowed purpose built masquerading hacks and spyware,like the what the NSO group produces, on the AppStore?

 

[makitango]

Has the appstore allowed purpose built masquerading hacks and spyware,like the what the NSO group produces, on the AppStore?

Has iOS allowed for its operation to continue?

 

[1129846]

Red-herring the two are completely different ecosystems. The iphone has over a billion users (give or take). That is a lot of incentive for criminal activity relating to scamware, malware and phishware.
.

I don’t call it a red harring as time and time again it is the example that kills your entire argument so you counter is like my 3 year old of no no no and ignoring it.

It gets pointed out that Android has side loading in its store and no big change and the well if you like it get Android and again the refusing to address it with head in the sand refusing to deal with the things that completely blow your argument out of the water.

So you are free to do the 3 year old stance with big words of No I don’t hear it argument but does change the fact that you will move goal post when pointed out massive issues with your entire argument.

 

[InvertedGoldfish]

Has iOS allowed for its operation to continue?

No my understanding is they patched the zero day exploits nso group used to attack their customers devices

So back to my question, has the appstore allowed spyware and malware like the nso group makes on the AppStore masquerading as benign apps??

 

[I7guy]

I don’t call it a red harring as time and time again it is the example that kills your entire argument so you counter is like my 3 year old of no no no and ignoring it.

It gets pointed out that Android has side loading in its store and no big change and the well if you like it get Android and again the refusing to address it with head in the sand refusing to deal with the things that completely blow your argument out of the water.

So you are free to do the 3 year old stance with big words of No I don’t hear it argument but does change the fact that you will move goal post when pointed out massive issues with your entire argument.

As I said earlier, I don't believe we will do anything except go around in circles on this.

 

[makitango]

No my understanding is they patched the zero day exploits nso group used to attack their customers devices

So back to my question, has the appstore allowed spyware and malware like the nso group makes on the AppStore masquerading as benign apps??

Has the App Store not allowed it?

 

[I7guy]

The App Store has no safeguarding element. It has curation. Apple wants to project the idea that those are the same but even they know that no one who knows their stuff will believe that.

1. You are not bringing up macOS because it simply voids your argument.
2. raising awareness about apps that are actually malware does NOT depend on the platform.
3. We are not talking about one instance and we don't even know the real number. You know that Apple does a good job? Are you on the team? We already know all the things where it went sideways and it's enough proof that it isn't, we don't need to see more.
4. That's not what you're saying and you know it. I was bringing up the point how unfeasible it is for a bad actor to go to the lengths of developing an app while not even being able to raise enough awareness for it so that even a smaller but established app gets sidelined. We all know it and so do you, stop painting ghosts on the wall.
5. It's supervised by iOS Gatekeeper, the same way the macOS Gatekeeper works. If that is not working, then Apple has zero ability to use the word security with integrity.
6. You're not acting like a natural person, you sound more like a contractor on Apple's behalf. You are drawing up scenarios which are too hypothetical.

1. Not bring up macos because it is not in the same league as 1B iphone users.
2. It does depend on the platform.
3. What I do know is opening up an unsupervised avenue of malware is not good for anyone.
4. This is denial that a problem could exist.
5. Tell me the inner workings of how this will all come together. We would all like to understand how Apple will implement this.
6. Better to focus on the post content, than the poster content. This is my opinion of the direction this will go.

 

[Abazigal]

Here's the interesting thing. I don't expect much to change for EU users or developers, yet there are clearly many people here who clearly expect a lot to change. They somehow believe this will lead to iOS being as open as the PC, or that it will somehow lead to developers being able to eschew Apple's 30% cut and their profit margins subsequently cratering. I honestly still don't think this will be the case.

Complying with the letter of the DMA does not mean capitulating to the spirit of the DMA. The idea that Apple will just roll over and give up the control over their own platform is frankly pretty naive. I expect sideloading to be off by default, to be relatively inaccessible, and developers will still have to pay Apple a 27% cut, even if it ends up costing Apple more to police this than what they bring in.

Either way, this is going to be an exciting few months. The impending release of the Vision Pro, then this, followed by a rumoured iPad refresh.

 

[InvertedGoldfish]

Has the App Store not allowed it?

Lol, no I have not seen a download for pegasus spyware on the AppStore lol


In addition

“Apple Inc in a lawsuit against US-based cybersecurity startup, Corellium, alleged that it sold its virtualization technology to the NSO group and other such "bad actors" and actively encouraged them to find 0-day exploits.”


Also interesting, Apple files lawsuits while the EU on the other hand

“The Israeli spyware firm NSO Group on Tuesday told European lawmakers at least five EU countries have used its software and the firm has terminated at least one contract with an EU member country following abuse of its Pegasus surveillance software.”

Pegasus used by at least 5 EU countries, NSO Group tells lawmakers

NSO Group ‘made mistakes,’ its chief lawyer says.

www.politico.eu

So yeah, I have a hard time thinking the EU wanting the ability to side load random software onto iOS and circumvent the AppStore is all about “the consumers”

 

[Ethosik]

Again, I am sorry but I have to agree with that person in the point that any software developer, let them be junior or senior, or just a mere student, should know better than to put trust in a model or workflow which is an absolute joke to security because the people who review are not engineers. Someone who is not an engineer does not deserve our trust in security.

How the hell is what I stated a direct impact on my knowledge or experience as a developer where you all need to start questioning it?

You all basically are saying Apple employees are just "monkeys pressing approve on apps" and ALL I SAID was Apple needs to have a more thorough app review process. NOWHERE did I mention code reviews, handing over your code to junior devs, etc. There are MANY MANY things Apple can do that DOES NOT require junior devs. So I really don't understand why this was even brought up in the first place.

Bottom line, here are the scenarios.

1) Apple can improve the App Review process
2) Apple cannot improve the App Review process

If you all agree with #2, then you all CANNOT say Apple is just "monkeys pressing approve" since they are doing the most they can do. If you all agree #1 is possible, then we are aligned and you just questioned my knowledge for nothing?

None of what I said should have resorted in insults/attacks/questions of my software development knowledge. It is just unnecessary and uncalled for and it is not how you have civil conversations.

Point me to a statement that directly links IN ANY WAY to software development? ALL I SAID was Apple needs to have a more thorough app review process. And there are hundreds of different ways to handle this that don't even involve the coding of the application.