"If you’ve ever built a web app, then your users will suffer. Remember, it’s a world wide web, including the European Union."
"Create a PDF with the following information:"
(me, reading that paragraph: '...what? why?')
--
[Edit]: I concluded from the bullet-list on why that is requested, but it would help to introduce that intention before instructing me to do something
PWAs are already a separate “island” of storage and share nothing with Safari App…
Microsoft does it all the time with Edge on Windows.
Currently PWA's open in an app that wraps Safari's engine to display the content and provide features but is not normal Safari. They interpret this to violate the browser choice law.
Their solution is to turn that feature off and go back to the icon just spawning the system default browser just like any link since that feature already existed.
To support true PWA's they probably have two choices:
1. Implement a standard WebView API that any engine can support then use that web view api for the PWA shell.
2. Do what Android seems to do and have a api that allows an app to create new launcher icons separate from the main app that starts the main app with parameters like url=https://pwa.com mode=pwa. Then if you create a PWA from Chrome it spawns Chrome if created from Safari it spawns Safari with whatever PWA UI they want. On Android it seems to make a little icon bottom right letting you know the parent app.
#1 is arguably more complex than #2, both are new api's for iOS that don't exist. #2 is on most desktop OS's like MacOS but not on iOS as far as I know.
Apples position is they don't want to put any resources in to creating a new api that could introduce new security surface area unless mandated to. Obviously their motives are not pure but it is a defensible position.
I think #2 would be a good feature adding flexibility to many apps, but the various shenanigans that apps could cause with that would need to be considered.
IIRC this is exactly what it does after the change. It now just launches the bookmark in a normal browser instead of a browser with the UI hidden.
Are there any people who actually prefer no PWAs at all over Safari-engine PWAs?
The truth is usually a lot less interesting than the hypothesis.
Being able to install software without needing an OK from the hardware manufacturer has been standard for over 40 years now. People do it on Windows PCs, on Linux PCs, on MacBooks and on Android phones, and that very clearly has not caused the extinction of the dinosaurs yet :)
The document Apple has published to me reads like it's written by a 5 year old that just was served too many sweets shortly before bed time.
IMHO this is about revenge, not about platform security.
This is not the case in Safari[1].
Edge on windows, the same edge on windows that got caught slurping up chrome tabs recently?
Browsers are now the same size code base wise, as operating systems. They are in fact tiny OS's with permissions models and execution environments.
I think the author makes the point that safari made a lot of progress, they paid for a lot of work, that they are throwing away. Spite is a reason, but security is also a reason... We have seen how bad things can be when browsers cohabitate on desktops, putting up hard walls now solves the problem before it starts. Phone users aren't loosing (much) of anything, taking away something that they didn't have and didn't exist MIGHT be for security reasons...
See MS stealing chrome tabs.
[1] https://help.apple.com/pdf/security/en_US/apple-platform-sec... [PDF]
You’re talking about a user who has gone out of their way through multiple scary Apple warnings to change their browser engine.
And even once they do that, they’re likely to be installing one of Firefox, Chrome, or Edge, all of which have as good if not better security histories than Safari.
For sure Apple doesn't like the macos security model and would want way tighter control on what's allowed to run, if it could get away with it. But it's not about what Apple wants, it's about what they're asked to do.
I deal with weird stuff my parents have installed on their Macs every time I visit… so far I haven’t had to do that with their phones. If I wanted them to use a Firefox browser engine on their phone I’d get them an Android.
It's only because Apple's legal wrangling failed that Android even exists today.
I remember how few Mac viruses there were back in the 90's vs. the PC platform. I don't think it had anything to do with System 7 security. ;-)
I'm not sure though if it wouldn't in fact hurt Apple's brand to give up the fight and instead install a big lever you can throw when you set up your iOS device that says, "Turn off security". Apple seems to be saying instead, you have choice — buy an Android.
I've never owned an Android though so I can say, is it rife with malware and other security compromises? Is the platform as hardened as iOS? Or it another case where the market is not as appealing as the iOS market to malware developers?
I suspect my dad is just clicking anything that gets in the way of his puzzle games. Not sure what gets mom.
I like having that choice.
Few times I couldn't submit an app because of it.
Every time I submit a bug, there first reaction is try it on safari; most of time it was server issues so it didn't resolve it. But sometimes it actually did where I didnt expect it.
(2) Those high-ranking politicians almost certainly already make heavy use platforms that allow "side-loading" and alternative browsers. That means the attack surface doesn't change much from where it is right now.
I wonder how Apple will respond when high-ranking politicians acknowledge that security is a personal responsibility that Apple was unfit to provide in the first place. That will be a fun discussion, albeit further down the proverbial line.
I mean, if they had the choice not to buy Apple, they might buy something that they're unprepared to handle, so what you're saying necessarily implies that they have no non-Apple choices at all, or at least no choices that aren't just as locked down as Apple and run in just as hidebound a way.
With all sincerity, fuck you and fuck everybody who thinks like you.
Thank you.
When the companies reached a settlement over it, the judge threw it out because it was so hilariously low compared to the three billion dollars that these companies stole from their employees.
https://en.m.wikipedia.org/wiki/High-Tech_Employee_Antitrust...
This isn’t some new development. Apple has long been without a moral compass, even when Jobs was at the helm. It continues today.
Assumes or tries very hard to make the alternative as difficult as possible? From a company that prides itself in improving and simplifying UX the dark patterns aren't mistakes.
If you don't have a Windows license, you can get a trial VM from here https://developer.microsoft.com/en-us/windows/downloads/virt...
Yes it is a pain that Apple doesn't offer a simple webpage for subscription management.
This is awesome. I don't have to chase down fifty-eleven other sites to manage the things I subscribed to on my phone or iPad, including the services I buy from Apple itself. It's an extremely consumer-friendly aspect of the platform, and one I would miss very much if I switched to something else.
But yes, to use this feature of the platform, you need to have access to the platform. As you have discovered, though, Apple DOES have a phone option as well, though I'm sure it's less convenient to use.
Honestly, it just seems like you were primed to be annoyed about Apple, and have failed to realize your complaints look pretty thin.
I understand it would be nice if you can login to a website and cancel, but reads as if you make your mistake of not taken your iPad, or cancelling in time a fault of others.
Because, when you buy an Apple device, they shove free trials for subscription services down your throat in the hopes that you'll do exactly this. And it's not strange that they don't use it: the first thing you discover after starting the free trials is that they're useless and full of shovelware.
Come on, of course that's ridiculous.
Of course a reasonable person would expect to be able to cancel a subscription without needing the device it was created on when they used an account that you can log into from basically anywhere.
If I bought an iPad and subscribed to something, and then accidentality dropped it off a cliff, or out of a plane, or lost it in the sea, and I decided you know what, I don't want any more Apple stuff, you can be damn sure I'd expect to be able to cancel any subscriptions I had on that account (you know, the account you can log into from any computer or device), from somewhere other than on the device itself.
Suggesting anyone should expect otherwise is insanity.
tl;dr; I paid to get away from scam, turns out I fell into one.
it indicates to me a lack of ideas about the future
reacting rather than preparing
That's not meant to be rude "Anti-Apple", that's what their business strategy is obviously based on, including implementing lots of features to prevent their users from voluntarily providing attention or sharing valuable information for free to anyone without Apple's involvement.
If that's your strategy, someone forcing you to allow your customers to roam free is quite a big threat. Something you might be willing to spend one of your trillion dollars to fight against.
So I believe we haven't seen the peak of this yet...
'If you don't cannibalize yourself, someone else will'
Apple is now existentially committed to recurring revenue like a crackhead loves crack.
It was obvious to me when I bought a $1600 iPhone and within 5 minutes of setting it up it began nagging me for $5 for iCloud storage. When even Google has figured out how to not nickel and dime your most profitable customer segment and Apple hasn’t, you know something’s wrong.
Expect one of the most clever companies in the world to put a majority of their mental energy into rentseeking of all kinds, from cloud storage to content rentals (music and tv and movie subscriptions) to AppleCare and every other possible thing (Fitness, Arcade, the perpetual iPhone upgrade thing, etc). It’s going to be subscriptions forever.
I expect them to be wildly successful from a revenue standpoint with this plan. Their products (that ugly-ass Ultra watch and tiny bass-free Homepod mini, for example) and nag-filled no-privacy UX have taken a hit and will continue to do so. They’re just consumption devices for Apple Music and iMessage (your attachment history for which drives iCloud storage upgrades). I’m surprised they haven’t figured out a way to charge something for FaceTime yet.
This is why they are fighting the DMA - their position as rentseeker is directly responsible for a double digit percentage of the profits of the most valuable company in the world for the next two dozen years. We are talking about literally trillions of dollars hanging in the balance here. How much fight do you think they will bring to bear on this for that much revenue?
There is zero product UX that is insanely great coming out of Apple these days. The actual engineering behind things like Homepods, AVP, the watch, AirPods, and the Mx silicon is absolutely insane, but it doesn’t inspire users in the UX anymore - it’s all in the background. The AVP is literally the cutting edge of hardware at that price point and all people say about it is that it’s too heavy. The products can’t exist without the engineering, but the users don’t know or care and don’t get the elation and delight that Apple used to be explicitly known for. It’s just “GPU performance and battery life go up and to the right again this year (and sometimes new colors)”.
It’s all just scaffolding to play back consumer media (the marginal cost of which asymptotically approaches zero) so they can extract the recurring rents.
I wouldn’t be surprised if they ever do make a car that they offer it as lease-only.
Imagine I have some PWA at home screen now, working with Safari engine. I changed my browser to Chrome, let's say it stopped working. 90% of the users will blame Apple software update instead of the Chrome choice.
And as a developer, you'd simply check that your PWA works with Safari, Firefox and Chrome.
> You can read Apple’s announcement on being forced to comply but as you do you so, I’d like you to remember one thing: every nightmare scenario they describe for the security of users in the EU is exactly what currently happens on Macs everywhere in the world.
There's 1.5 billion iPhone users vs 100 million Mac users, Apple believes that at least part of the reason for that difference is the security model of iOS. E.g., arguably the largest changes Apple has made to the Mac since introducing the iPhone is implementing security measures based on iOS.
It’s beyond hilarious, after years of seeing Apple users fight back against the idea that the Mac’s better security relative to windows Windows has anything to do with its smaller user base, to see Apple users insist that the Mac’s smaller user base relative to the iPhone is what makes it more secure.
Are you saying there was some dispute between where folks were saying Mac's tigher security someone made the platform less popular? I've never heard this. (Also for the record, I personally wouldn't make any case about Mac's security being better than Windows.)
Also side point, I said this is what Apple believes, not "Apple users". I.e., I don't think anyone cares what I think, but Apple behavior on a number of fronts points to Apple believing this (e.g., sandboxing in Mac App Store, reading between the lines of the App Store restrictions, notarization).
What you are really trying to say is that Apple doesn't actually believe the security model is important, instead it's just about collecting money from the App Store, that's a valid interpretation, I just believe that Apple values the iPhone's long-term popularity higher than it values the short-term profits from the App Store. The fact that they can have both is mighty convenient for Apple.
It’s also not clear that the EU requires the PWA engine to also be replaceable but I’m personally in favor of that so we’ll stipulate that’s the case as well.
The term “security model” is doing all the work here.
The EU has no requirement for the “security model” to be changed. They require the browser engine to be replaceable.
The argument that Apple’s security model is the only one that can provide security is not sufficient. Those making this argument need to also prove that the browser engine can only be secure when made by Apple.
And yet the entire history of computing, and especially the history of browsers, browser engines, and app engines in general, have consistently shown that no one company has a monopoly in being able to make secure browser engines, competitive pressure has helped security across the board, and non first party browser engine makers have often made far more secure browser engines than the first party makers.
Apple fans are obscuring the issue by shouting “security model”. The real question is why this security model is irrecoverably damaged by replacing a first party browser engine by a third party one.
And why Apple, at a time of much greater computing power, much more advanced computer science, and far more advanced in browser engine theory and technology, is unable to do what Microsoft was forced to do 2 decades ago.
I guess so?
[1] Untrue, apparently, but nonetheless something some people did: https://appleinsider.com/articles/21/08/25/dont-set-your-old...
Sorry, what? Are they implying that iPhone's security isn't built inside the OS itself, but somehow depends on having every app pass their 30 second review on the store? That doesn't seem right.
> exposure to illicit, objectionable, and harmful content due to lower content and moderation standards, and increased risks of scams, fraud, and abuse
Like the deepfake video ads of politicians trying to sell me crypto that I constantly see on YouTube or Meta's apps, all coming from the official store?
We're getting to the point where browsers can do really cool things and they're scared of losing their 30% mafia like tax.
It's the browser wars all over again.
One day she was like "ugh! I forgot my phone charger at home" and I was like "your phone uses USB-C now. I have dozens of those lying around."
She kind of tilted her head and said "huh. that's convenient." Like, she'd simply never thought about it that way before.
Browsers represent a significant attack surface since they can run code and also transmit data across the network. So when they are allowed to exist now Apple has either two options. One is to do the simple way and remove progressive web apps or extensively test and perform security analysis on all of the new browser engines.
A better compromise would be to make new browser engines have extensive testing by the developer themselves. So, what's the point ? It feels similar to the GDPR where I get a popup and I click disallow all cookies except for essential ones.
This seems the best way to actually implement the directive because it is not only low effort but most secure. We would have a better compromise for testing to be done by the browser engine developer or Apple but its more likely security holes would fall through.
And in fact, they are not being honest in this very case. Their entire spiel is based on the idea that the 3rd party browsers will be malicious, and permit data sharing between different PWAs. It's a risk they've just made up, because they're already making all kinds of other security requirements on 3rd party browsers before allowing them on the platform. They could just have made this one of those requirements.
But would this have legal implications? Could the browser vendors argue they are discriminated against if PWA apps do not open in their browser?
I think this whole thing puts the finger on how fluid the borders have become. What is an app, what is an API, what is a service? Is Safari an Apple API for PWA apps? Or is a PWA app running by mandate on Safari when the user has selected another browser as default somehow wrong legally or ethically?
I really can't wait to clean the first malicious browser out of a relative's iPhone and try and unsubscribe from Tim Sweeny's app store with his own 30% margin to spend on blackjack and hookers.
The new status quo will be worse than the old one.
Note I'm mostly an Android user.
I’m a user and a developer and I’m convinced this is not what’s best for users.
Newsflash incoming for you.. Just about none of your users will (1) care (2) used the "PWA" in the first place.
It's really not that common to add apps to the home screen. Among very technical users, it's a fair bit more common though.
There is no native app for The Session, but you can install it on your phone nonetheless. Lots of people have done that. After a while they forget that they didn’t install it from an app store: it behaves just like any other app on their homescreen.
Maybe you don't believe this but it was addressed.
Apart from opening in a browser window rather than as a full-screen app, is this going to behave significantly differently from before?
