hckrnws

The Reuters report on this is much more detailed: https://www.reuters.com/technology/apple-slams-metas-numerou...

And yes, Meta isn’t denying requesting everything under the sun. Their only retort is Apple’s privacy concerns are anticompetitive excuses. Two things can be true: Apple is only protecting their own interests, and Meta is a terrible would-be guardian of all the data they’re requesting.

Apple shouldn't be allowed to lock down APIs between system components to give themselves a competitive advantage, but that doesn't mean Meta should be allowed decide if they're getting that access. Let Apple offer users the option: allow once, allow permanently, refuse, or fake empty responses without telling the app.

Users will be faced with a dialog saying "to use Facebook, you must accept XYZ", and their only options will be to accept or to not use the app. Facebook will detect empty or fake data and lock the user out unless they acquiesce.

Apple routinely rejects apps that try tactics like this. Otherwise it'd be an easy way around the "Ask App Not To Track" prompt.

>Apple routinely rejects apps that try tactics like this.

This is going to be irrelevant in the EU once sideloading gets popular.

Thankfully the EU also has legislation that makes "share data to use" tactics illegal, so this shouldn't be a problem.

Citation? I think this is not true. The EU law seems to just require explicit consent. So websites and apps can ask whether user wants to share data to keep using them for free or pay a subscription fee.

Article 7.4 and recital 43 of GDPR cover that.

Article 7 https://gdpr-info.eu/art-7-gdpr/

Recital 43 https://gdpr-info.eu/recitals/no-43/

Those two in combination stop companies processing data for unrelated task to the services they provide. And it's indeed true and already been applied, see this: https://www.digitalguardian.com/blog/google-fined-57m-data-p...

A "consent or pay" model is sadly widely used, but it's at least very controversial and probably illegal. No data protection agency has gone on record to say it's definitely illegal and no fines have been given out IIRC, but the EDPB had some tactfully negative things to say about it [0], and the Czech DPA has ordered at least one company to cease the practice in a preliminary ruling [1]. (Which the company seems to be completely ignoring, as is sadly common.)

[0]: https://en.wikipedia.org/wiki/Consent_or_pay [1]: https://uoou.gov.cz/urad/povinne-zverejnovane-informace/svob...

How are you going to enforce this against app developers outside of the EU?

Fines equivalent to 10% of global revenue, and extradition orders.

Imagine a country extraditing their app developer to the EU of all place lmao.

Yes

Imagine it. Fear it!

Facebook likes getting some of that sweet money from EU advertisers.

EU can block payments from EU to Facebook.

Different threat model. You're thinking of big tech companies like Meta, who are big enough to warrant regulatory attention. I'm thinking of fly-by-night shady app developers that make flashlight/weather/"security"/IoT/game apps, that fly under the radar because they're too small.

To a first approximation, the small apps don't matter because they're small.

If that doesn't work, set up a deposit requirement like Apple wanted for the 3rd party stores and then walked back. Do something wrong, lose the deposit and the entitlements.

Not really the kind of apps people would sideload?

Exactly the type of apps people would sideload. Little things that somehow violate App Store rules abusing APIs, lying about app capability, just being ethically dubious.

Use flash to create seizures, nudity people realtime, hack your ex, damage the device, cheat at games, spam your enemies, etc.

There is an infinite use case for tiny malicious apps finding malicious or gullible users and with side loading there are going to be stores created to appear very legitimate when their intentions are actually illegal.

I think the EU has very noble intentions while completely failing to understand that society is a wreck and a lot of money is made through extortion and fraud. Their apparent fix is to make the OS developers still responsible for what is installed while taking away funding for it. I am guessing the end game is more taxes and government intrusion on private devices to fix the problems they are purposely creating.

Android is way more popular in the EU than iPhone, allows sideloading, and I am not aware of these issues being rampant with it ?

While sideloading is possible on Android, it appears to be sufficiently difficult that Google isn't effective with the argument that this makes them "not a monopoly".

As a tech person I find this weird, but then I remember the relevant XKCD: https://xkcd.com/2501/

But then the argument that opening iOS up is going to cause security issues isn't effective either.

Why so?

Surely if normal people can't do a thing, even if only because it's too complicated or inconvenient, normal people aren't going to be a big source of security issues due to that thing.

The reason I would rather we'd kept walled gardens (plural is fine, given that monopolies are also bad) is that I expect such apps will quickly become sideloaded soon after it becomes possible.

We shall see — that may simply be a security mindset paranoia on my part.

Anti free choice mindset.

Truly free choice is an illusion; the best we can do is a force of law to keep players from tilting the playing field in their own favour.

People might not sideload a flashlight app, but they're probably going to sideload an IoT app (especially if they bought the corresponding product first) and games (especially if their friends are peer pressuring them into it).

Then the EU can stop them from selling their products to EU customers, since as soon as you’re providing services to EU customers you’re obliged to play by EU rules

>Then the EU can stop them from selling their products to EU customers

So you want the EU to play whack-a-mole with fly by night IoT vendors, some of which might be shipping directly from China? Or do you want to fix this with even more regulation, like requiring licenses to import IoT products or whatever?

> So you want the EU to play whack-a-mole with fly by night IoT vendors

Yes

Like they do with other online criminals

Yeah, I'm sure the EU sending angry letters to nameless IoT company in shenzhen is going to be very effective.

> Yeah, I'm sure the EU sending angry letters to nameless IoT company in shenzhen is going to be very effective.

I would expect them to use a heavier hammer to whack that mole....

Once side loading is available, the stupids will do it for “freedom” or whatever.

Regulating the AppStore makes sense. Proliferating lots of them is the most inane policy decision ever.

In a discussion thread about Meta (which follows EU law) launching an app in the EU using their alt App Store laws; why would you further move the goalpost just for arguments sake?

>In a discussion thread about Meta

1. characterizing this as a "discussion thread about Meta" is a stretch. While the OP is about meta specifically, it's fairly obvious that as of a comments up, the discussion is about the behaviors of app developers in general, rather than what Meta is specifically doing.

2. Discussing unintended side effects isn't "moving the goalposts". If we're talking about the student debt crisis, and someone brings up the idea of student loan forgiveness, it's not "moving the goalposts" to bring up concerns about inflation.

Unless I'm missing something, Apple only has to provide these new requested APIs to users in the EU. I presume Apple will keep everything as-is in other countries, just like with app sideloading.

What makes you think it will get popular? Android has had it forever and almost nobody uses it.

I do wonder if Apple could have saved itself a lot of aggravation by allowing side loading from the start.

For the people who choose to sideload, yes. How's that an issue?

Why would a normal person want to sideload?

Because it's crazy to think that the two dominant app stores are going to have policies that exactly match people's needs, and that they'll implement those policies competently.

Syncing files with Syncthing is no longer possible on Android because the Android team won't fix the performance of storage access framework, for example. This is 100% on Google, not Syncthing.

But I can still use SyncThing-fork because it's on FDroid. Similarly for the Fossify apps, Quillnote, KeepassDX, Privacy Browser, and dozens of others.

Apple will never put in the effort to make a community that thrives on sharing open source apps that are not profit driven. It's simply not in their DNA. And I don't want to have to live in a world where every developer that wants to make a mobile app has to pay a tithe to the overlords of Google and Apple. They will always claim that they're fixing security problems by acting as an intermediary, but there's no way for them to do that without replacing my choices with theirs, and nothing in Google's or Apple's decision-making history indicates they're better equipped to make decisions governing my machines than I am.

So why would a normal person want to sideload? Because they don't want Google and Apple telling them what software they can install on devices they purchased.

I sideload on android because the apps on f-droid are better than google play. So I would imagine the same would apply to iOS. With sideloading you can run open-source software that works in a straightforward way and isn't intentionally crippled so that it can be monetized.

The last time I used iOS I found the app store quality was also really bad. People listing "free apps" that immediately require you to start an expensive monthly subscription to use. The effect on the mobile games industry has been so disastrous that people would rather carry an entirely separate mobile device on them just to play "real games".

On google play or the app store you can play a mobile version of minecraft with microtransactions for $7. With sideloading you can just play a full version of the more popular java edition PC game, for free. (pojavlauncherteam.github.io). I think that sums up the sideloading experience.

It's not going to get popular.

I don't know man?

I have to think if Apple were mandated to be more open to competitors they would not be allowed to reject apps on this basis.

This problem is just multifaceted and far reaching. Not sure how to go about solving it?

I have often used phones without bothering to comprehensively fill out an address book, and should everyone be required to own random network devices or even to take a lot of photos? The only data I can think of which maybe you could "detect" is fake would be the user's extremely course location, but that's only because you might be able to guess at it yourself, at which point the device's data isn't even relevant anymore.

This idea that apps are going to strong arm data out of users seems like one of those talking points which sounds good but doesn't pen out, but somehow simultaneously is used to prevent users from being able to increase either their freedom or their privacy. The status quo sucks, and is in the best interests of both overlords: Facebook knows if it has permission or not, and Apple can claim the only reason they won't abuse this knowledge is if you allow them curation control.

These days, that's true for pretty much everything...including my Android Phone and my iPhone and much software on my laptop. Hell, it's true for a lot of websites too.

Not saying it doesn't suck, only that it is very ordinary and ubiquitous.

> Let Apple offer users the option

That's easy to say, and much more difficult to implement than it sounds.

Careful: There's a lot of nuance in how these kinds of options are presented to the user. Depending on how they're designed, "the general public" will default to yes or no; or get frustrated / overwhelmed with pedantic permission dialogs.

Thus, part of "Let Apple offer users the option" is a commitment to studying how that option is presented, and the overall implications of such an option.

The thing is, at some point users must become comfortable with "pedantic permission dialogs." Users must take responsibility for knowing how software works and the motivations of its creators. Trying to outsource those decisions to corporations and government simply isn't working. Since computer users (I include phone users in that definition) can no longer trust software developers (Apple, Meta, etc.) to be ethically trustworthy (think: high-trust society devolving to low-trust society), users must take this burden upon themselves; if they refuse to, then the battle is already lost no matter what globogiantmegacorp "wins."

> Users must take responsibility for knowing how software works and the motivations of its creators.

This doesn't seem reasonable. Let's try to apply the logic elsewhere:

> Patients must take responsibility for knowing how medicine works and motivations of its creators/prescribers.

Requiring everyone to have deep technical knowledge about anything they use would prevent everyone from using more than the things they are experts in. So, there needs to be either a technological regression, or something to help defend users from unethical practices. The only entity really in a position to do that is a government, for better or worse.

> Patients must take responsibility for knowing how medicine works and motivations of its creators/prescribers.

This is true. If you blindly trust whatever your doctor says, you are going to have a bad time in the current medical system. Doctors are incentivized to push pills because they get kickbacks from the pharma industry. This is pretty well known (https://www.propublica.org/article/doctors-prescribe-more-of...)

When it comes to Elective surgeries, perscriptions. etc. you need to do your own research to how these things work and make an informed decision for yourself. Ultimately, if you're an adult, you are responsible for your own body and your own equipment.

It's not a matter of deep technical knowledge, it's shallow technical knowledge and political knowledge of what institutions are trustworthy.

> Trying to outsource those decisions to corporations and government simply isn't working

I don’t follow. What is wrong with the status quo?

> What is wrong with the status quo?

Businesses are deciding who lives and who dies, instead of people being allowed to have their own choice in the matter. These businesses make decisions based on data stolen from users. If the data were on paper in a person's home, it would be considered private and inaccessible.

Why should a company decide that they should have access to your every move and every data, just because you purchased something from them? Why should a company decide what you're allowed to do with your device? A business shouldn't be permitted to decide these decisions for you without your fully informed consent.

That's what's wrong with the status quo.

It's funny, you're first sentence "Businesses are deciding who lives and who dies, instead of people being allowed to have their own choice in the matter" to me meant "Apple deciding who can and can not do business with users of iPhones"

The status quo is that Apple has this power on top of the power to collect 30% for all digital transactions (or be denied on the store) and the power to force Apple Pay support to be required (or be denied on the store). Apple also has the power to collect all the data but deny it to others.

That's the status quo that the EU is addressing.

Note: I don't want FB to have my data. I also don't want Apple to have those powers enumerated above.

> The status quo is ...

> That's the status quo that the EU is addressing.

> Note: I don't want FB to have my data. I also don't want Apple to have those powers enumerated above.

Yes, and I concur.

>Note: I don't want FB to have my data. I also don't want Apple to have those powers enumerated above.

In an ideal world that would be great. However, right now it is either Apple of Google when it comes to smart devices for average consumers. Kinda like political dichotomy in US politics.

Democracy will not function with an educated public. And dumbing down choices are just a way to get give power to megacorp and political institutions.

> Democracy will not function with an educated public.

What makes you think that?

> dumbing down choices are just a way to get give power to megacorp and political institutions

Yes, and an educated public would find better ways to convey the same information because they can use their education to build a new thing, or build regulations or laws where they see a need, or build defenses against adversaries without sacrificing privacy. You can't do that with your local public (eg, citizens) if your citizens aren't able to comprehend the problems they're encountering.

> Democracy will not function with an educated public. What makes you think that?

Sorry now I can't edit the parent comment now. That was miss type (bad keyboard). Meant to say "Democracy will not function with OUT an educated public. Happy New Year!

You mean like on Android? Hell nowadays you can choose "approximate location" instead of tracking people. App permissions have come a long way.

>You mean like on Android? Hell nowadays you can choose "approximate location" instead of tracking people.

Apps can and do detect this and deny access certain features. For instance the mcdonalds app won't give you offers if you choose approximate location.

And there's nothing wrong with that. If users don't have the will power to close and delete the app when faced with such a situation then that's on them. An adult has the right to decide that their privacy is worth a 50 cent discount off a shitty burger.

All fun and games until the grocery app does the same.

We need devices fully under control of users. Neither Apple, nor Meta should be able to sniff aground once the device lands in costumer's hands

> or fake empty responses without telling the app.

I thought the value proposition of the walled garden was that no app was malicious so this is a non-issue.

The rename from Facebook didn't change the base nature of that company. Their product is selling user data. All their other “products” are just suction pipes for hoovering up that data.

> All their other “products” are just suction pipes for hoovering up that data.

I don't think that's true for their VR/MR hardware. That's Meta's attempt to get a product that is _not_ like that, but which instead gets them in a position similar to where Google and Apple are for phones. I.e., where they own the platform and can profit off of that.

> I don't think that's true for their VR/MR hardware.

They literally record the cameras and 'screen', then send it off to their servers.

The VR hardware absolutely spies on you. Even if you tell it not to, it still shows up in the mobile app.

And in what way are they then selling that data (which is what the person I replied to talked about)? Just the fact that the data is being sent to a server doesn't mean much. Tons of modern products relies on literally recording your data and sending it off to a server.

They literally don't.

That's true - their revenue from VR/MR hardware is less than 2.5% of revenue though. Meanwhile, ads make up the other 97.5% of their revenue. 97.5% of everything Meta does is to hoover the data and sell it. It's effectively their entire business, while VR/MR stuff is a little side project.

Dude they tried to force you to log in with your Facebook account to use your hardware. Everything made by that wretched company is tainted.

That's true, but then, I'm not saying that the Quest is an offline-only device without cloud features. I'm saying that Meta didn't invest $63 billion just to create a "suction pipe for hoovering up that data". They have much bigger ambitions than that.

If they have other ambitions, those ambitions haven't materialised yet. Selling decent hardware at a loss and profiting from hoovering up user data is all Facebook has accomplished with the Quest so far from what I can see.

Did they back off of that? I have an older oculus I can dig out if I can safely walk its data off from Meta

The last time I complained about this someone mentioned they "only" force a Meta account and not a whole Facebook identity.

That's a distinction without a difference to me. I will not be purchasing hardware that requires a cloud account. Especially not a peripheral.

Xbox is pretty popular while requiring a Microsoft account.

Since we are in this thread - Apple requires you to use an Apple account on laptops, phones, watches, tablets, etc.

Owning the platform + selling user data = double the profits.

You seriously think they will pass on this golden opportunity?

> Meta is a terrible would-be guardian of all the data they’re requesting.

Do you have any examples of Meta misusing this sort of data in the last 7 years?

Also Apple's own apps request permissions the same way third party apps do

Apple chooses to ask the user for permission about certain things, but they're not beholden to that "like any other app". No app can e.g use your microphone in the background to listen for trigger words, no other app can analyse your photos for search without a permission dialog, no other app can transmit nearby BSSIDs + GPS location in the background for the purposes of building a location services system. Apple does all these things. Apple is absolutely not doing things "like third party apps do".

I just got a new iPhone two weeks ago (corporate mandated:(.

I don't recall messages, photos, apple maps, notes, camera, calendar etc asking me detailed permissions. I think health did ask for some.

Installing equivalent Facebook messenger, Google photos, Google calendar, etc also of course did.

(Greediest award goes to whatsapp which basically doesn't work unless you grant it full access to contacts boo)

I had to contact someone in Europe so I started using WhatsApp. It does work without granting access to contacts, but it seems I can't even assign a name to a number without the contacts permission, so thousands of messages later the contact is still a bare number. Really scummy behavior. I probably would have caved if I had a number of contacts. And no iPad app, wtf.

WhatsApp on Android has the same behaviour. Most of my conversations show as a bare phone number because I decided not to give it all my contacts.

However, WhatsApp groups show a name, so that's a workaround if you are using WhatsApp with someone you know well: Make a group for the two of you.

When a friend went to install WhatsApp for their iPad, they succeeded!

Then they said it wasn't working properly. Unfortunately that's because app store search brought up misleading third-party WhatsApp apps for the iPad. If you weren't paying attention, it was too easy to think you were installing the official app from WhatsApp. I didn't notice the app was third-party at first either, and I was very surprised to find no app at all from WhatsApp itself on closer inspection, amidst a page of search resulrs all claiming to be it.

>WhatsApp on Android has the same behaviour. Most of my conversations show as a bare phone number because I decided not to give it all my contacts.

It was actually worse (at least as of a few years ago) because they didn't allow you to manually input phone numbers. You either need the other party to message you first, or use a wa.me deeplink (eg. wa.me/12125551234).

I would have settled for something like the Instagram “iPad app”: a phone-sized rectangle in the middle of a black background. Alas, they don’t even allow that, hence all the fake crap you can easily download by mistake. And the web app is pretty bad on iPads, thanks in no small part to Apple.

Can you initiate a conversation? My experience with WhatsApp is that if I don't give it access to contacts, other people have to initiate conversation. I cannot just tell it to start a chat with phone 123 456 7890 (this is on Android).

I guess it's debatable whether that's categorized as "it works" :>

I can “enter a phone number to start a new chat” on iOS, with a big warning about contacts on top.

No they don't. It is literally impossible to create competitors for Apple's native apps and companion devices/accessories no matter how many permission prompts the user approves. That is what this entire complaint is about.

They certainly don’t. We’re talking about apps like Phone, Messages, Photos, Files and system stuff like app tracking (Screen Time etc.).

When you first set up an iPhone (and other hardware like AirPods, for example) you are asked whether to share anonymized usage data with Apple. Saying "No" at that screen turns off a whole swath of data collection.

I wonder what specific examples you are aware of that are not disabled in this manner?

No one's talking about "anonymous usage data". The topic at question is primary data available to first party apps (even if they remain on device), often synced to iCloud and available to say, Siri. I'm sure I accepted a bunch of EULAs when turning on iCloud and Siri, but Facebook will argue they've shown you their EULA too. That's not "request permissions the same way third party apps do", and some of the data can't even be requested through normal permission prompts, which is why Meta is forcing Apple's hand with the EU stuff.

This argument is silly and goes well beyond the spirit of the EU law.

As if Meta has to suddenly show Apple all of its goods now too. Giving Apple access to all Facebook or Instagram data and letting them decide where to draw the line.

Stop letting the distaste for Apple effect reason and sanity.

> Giving Apple access to all Facebook or Instagram data and letting them decide where to draw the line.

Meta is running an app store on Instagram that Apple is using?

Apple turned on a “feature” without announcing it that would send data about every single on your private photos to their servers recently.

https://bsky.app/profile/matthewdgreen.bsky.social/post/3lef...

Yeah, I suspect this AI thing is going to be a fork in the road for Apple. The buzz is that AI is amazing and with everyone tripping over themselves to add it to their products, marketing is going to be asking for things quickly and dismissing any pushback on perceived privacy.

If enough blogs expose these things (if they are actual privacy concerns — I mean I am already storing the photos themselves on Apple's iCloud, so) then I expect Apple to back off and make the feature opt-in in an upcoming release.

And…?

Meta’s request for interoperability is regarding their hardware, not their flagship apps, if you take it at face value.

They want their glasses and headsets to integrate as tightly as an Apple Watch or Vision Pro to show messages and other notifications, connect to WiFi, and share files with an iPhone, but Apple uses private APIs for their own devices. Meta says that is anticompetitive and the APIs should be public.

Apple lays out their rebuttal in detail here and it’s clear Meta asked for everything in the hopes that Apple will settle for some of these things: https://developer.apple.com/support/downloads/DMA-Interopera...

>Meta’s request for interoperability is regarding their hardware, not their flagship apps, if you take it at face value.

>They want their glasses and headsets to integrate as tightly as an Apple Watch or Vision Pro

Not agreeing or disagreeing but that makes much more sense.

As someone who’s personally worked on dozens of M&A driven vertical integrations and “ecosystems” (lol)…interoperability is inherent to being a first party.

3rd parties aren’t going to get the same access or treatment for a number of reasons…many of which Apple has outlined.

There are several reasons for a platform to not want to offer 3p interop, from security to privacy to competition, but the DMA is targeted EU regulation to mandate interop specifically for the big tech cos’ platforms and this is one of the first major tests of the law.

I think one of my personal issues with allowing Meta to access these private APIs is that they may not take "don't allow" for an answer.

I have WhatsApp to talk to some family and I recently disabled allowing all contacts in iOS 18. WhatsApp now has a persistent notification at the top of messages to "Allow All Contacts".

If Apple allows users to choose whether or not to give Meta access, and users choose "no", Meta can lock them out of the service entirely (e.g., "you can't use this Meta Quest headset without allowing access to your messages").

That being said, Apple is definitely fighting for its own interests here as well. It would obviously benefit them to sell their own watches, headsets, earbuds, etc.

Here's the thing, take a look at just a bit of what Meta is demanding:

*AirPlay Continuity Camera

*App Intents

*Devices connected with Bluetooth

*Apple Notification Center Service

*iPhone Mirroring

*CarPlay

*Connectivity to all of a user’s Apple devices

*Messaging

*Wi-Fi networks and properties

Now ignoring the obvious societal dangers in this request. (I mean really? Should you be using a Meta headset while you're driving?) The scope of data that they are asking for is breathtaking. All the data, wifi, messages and notifications of not only every iphone in the US, but all of the user's other devices as well. To potentially include their cars.

We need to really think deeply about how we set up access to Apple data and APIs. Requests like this are putting me more in the "deny all requests" camp. If tech companies can't be at least a little more reasonable, then I don't think they should have access to our data.

> Should you be using a Meta headset while you're driving?

The Meta HUD glasses seem like they're definitely designed to be used while driving, and provide a safer way to access info like notifications than looking down at your iPhone. That isn't "Apple data and APIs" this is a notification that someone needs to display on their HUD.

Really, the fact that Apple doesn't want to allow this sort of thing pretty clearly demonstrates they're acting in bad faith.

Does anyone think Meta would give users the option to deny such a request and work properly? It's not a difficult question.

> I have WhatsApp to talk to some family and I recently disabled allowing all contacts in iOS 18. WhatsApp now has a persistent notification at the top of messages to "Allow All Contacts".

If this is still possible, then Apple fucked up the implementation of this feature, as clearly there should be no way to differentiate not having bothered to fill out a ton of contacts and having limited access for an app to see your contacts; and since this is so obviously easy to do correctly, it frankly sounds actively malicious: there is a set -- probably a very small set -- of engineers and product managers who chose to build this incorrectly, in order to continue to maintain the status quo of the proxy war between Apple and Meta, to our detriment.

It’s part of the API:

https://developer.apple.com/documentation/contacts/cnauthori...

The documentation for ContactAccessButton suggests only presenting it if you have limited access:

https://developer.apple.com/documentation/contactsui/contact...

edit: but that’s intended to be used specifically to respond to a contact search. I don’t use WhatsApp, but a “persistent notification” sounds unrelated to ContactAccessButton.

No? For this particular case if the api exposed a bunch of bogus contacts then the WhatsApp app would be displaying and autocompleting non-existent contacts to the user throughout the UI, which would be a horrible UX.

There are cases where you can fake data and cases where you need to be able to block access and the apps should respect that.

> If this is still possible, then Apple fucked up the implementation of this feature, as clearly there should be no way to differentiate not having bothered to fill out a ton of contacts and having limited access for an app to see your contacts

If you only allow a subset of your contact, WhatsApp proceeds to not display contact information for everyone and to disable the whole status feature.

My assumption was that WhatsApp was heuristically detecting the lack of full contacts access. I figured they looked at the number of contacts to down from a couple hundred (pre-iOS 18) to 5, and assumed I limited access. However, it could totally be a detectable API response to the app as well.

At the very least, for apps that require this much access, such "interoperability" should be off by default with a big warning that says:

[ ] Check here if you want to share all your data (or something more precise) with Meta. Warning: possibly insecure. Use at your own risk.

Every user would just check that option and press yes. The reality is that most users don't ever read any message the phone gives to them, they just treat it like any other popup and press yes. Take a look at any normal person using a phone when a permission notification appears or an error appears: they won't even read it, just press any button that closes it as fast as possible.

There's good reason to not have this prompt and not give these abilities to applications. Apple's reason to oppose the DMA and Meta here might be different, though.

"Every user would check that option" is obviously incorrect. When given the option not to share information, a great deal choose not to. I won't pull a percentage out of thin air, but peoples tendency towards "deny" when given the option is the reason for a lot of the dark patterns that exist (e.g. spamming address book permission dialogs, non-compliant cookie dialogs) and for spying as much as possible without permission. Asking permission for things that might be considered invasive is still the ethical thing to do, and in the early days of computing before the profit motive became overwhelming, developers tended to do the ethical thing, unlike today.

> The reality is that most users don't ever read any message the phone gives to them, they just treat it like any other popup and press yes.

The only part I disagree with is that it's limited to phones, it absolutely isn't. It's any computing device, be it a general purpose PC, a tablet, a phone, your car's infotainment system, what have you.

The large majority of the population does not understand how these devices work, and what kinds of problems they can create if used unsafely, and they don't care to know. And like, I get why: life is complicated enough as it is. Simple fact is when Joe Consumer pulls a new TV out of it's box and it comes with the contrast and color saturation through the ceiling so everything looks like shit, and motion smoothing is adding 60ms of delay to the response of connected hardware, he's fine with that. I don't like that for him, and I wish he wasn't, but most people just don't care. Most people want to speed run whatever damn things they gotta click to make the stupid light and noise machine do what they need it to do, so they can resume their idle time.

That's why if we actually want to make progress on reigning in these socially corrosive services, we need not just options, but a set of default settings, mandated by law, that respects user privacy. As a user of electricity, I do not need to be informed about how electricity works to safely use my outlets. As a user of water, I do not need to be informed about how plumbing works to safely take a shower. I shouldn't need to know jack about smartphones or computers either in order to not have my personal information used to sell me gross new flavors of Coke.

> Every user would just check that option and press yes.

Not if it's available in the developer options, or has more other sorts of friction to check the box. Or if it has a red warning label with the phrase "may increase the chance of hackers stealing your data and impersonating you".

One just has to make it unattractive enough to most.

I think we saw how well this approach worked with the cookie popups post GDPR. It doesn't really work. At this point I feel most people have some idea of how their data is used and sold and if they continue to use Meta apps, its because they think the tradeoff is worth it. There are either no alternatives or strong network effects that make Instagram, Facebook, Whatsapp etc a worthwhile choice in many cases and we know it.

Sadly, I think you're right. I recently got one of those "Can we share your data with our partners" popups and the number of partners it declared (in a tiny font) was... *1,583*. People either do not notice this stuff or just do not care.

The problem with the cookies thing though is that it didn't mandate that websites should work well WITHOUT cookies. The cookie popups aren't bad but often the only option is "necessary cookies". We should have a "no cookies" option, too.

There are necessary cookies for sites to operate. For example, you need a cookie for authentication or a server-side e-commerce basket.

True. But those sites should only enable them when you decide to create an account/login.

That would address a very different need, though: accessibility vs. data protection.

This is the heart of the issue though. Most users don't care unless you purposefully go out of your way to scare them with enough melodrama and dark patterns as to border on outright dishonesty. It's not an issue of them being informed, they just genuinely do not care about the risk when the actor is a familiar megacorp because their viewpoint is that if billions of dollars can't keep the data safe then it was never going to be genuinely safe anyway.

Especially if the person already uses Messenger or WhatsApp for personal conversations etc. Meta already has control over their important data at that point (chat logs and phone calls, probably location history). What more could be on the device other than web browsing and photos. It's the same thing with trusting Microsoft or Google - they already have access to all your data via control of the entire operating system and could in theory do anything with it. So users have to trust them to psychologically be ok with using those devices at all.

And of course - often apps ask for permissions they don't need at opprotune time ie "enable development mode to get 100 more gems" or "enable notifications to use this app"

If that is truly a foregone conclusion then we should eradicate the megacorps, not pander to them or negotiate with them.

Why? Not philosophically why but genuinely why? The consumer isn't less for their choice, if they saw people suffering damage they found concerning they'd actually be hesitant. And at the same time it's not like equivalent open solutions are going to emerge, we've had decades of cyber-activist products meant to 'empower' users by providing similar functionality to the commercial products of their time and they almost never catch on and if they do they reach a critical mass where they just evolve into data hungry companies themselves. If users would rather pay with data than money maybe the right solution is just to make sure there's simply an opt-in point at all rather than implementing some pointless thicket of UI weeds for them to wade through just to make their device do what they want.

1. Corporations are too powerful and responsible for too much tragedy of the commons, especially with regard to global trade.

2. The end goal of corporations is ultimate wealth concentration and the destruction of local economies.

3. Corporations combined with technology means too much technological growth at too fast a pace

The world would be better off without the biggest 10 of them for sure.

If a user wants to turn on a clearly labeled setting to share a bunch of data with Meta, it should not be Apple's role to stop them even if you and I might think that's a stupid thing to do. Android's solution for more dangerous permissions is to make the user open the settings app and pick the apps to grant it to from a list, which seems like the right amount of friction to kick people out of autopilot and make them actively decide whether that's something they want to do.

If it's anyone's job to limit how Meta can collect and use data despite the express consent of the user, it's governments, not Apple.

I found MIUI's solution to this quite well designed, even if it's a little infuriating when altering permissions for a list of apps. There's a big red warning with a user friendly description of the danger and a countdown to prevent quick click through, locked behind an "I accept the risk" checkbox. You need to read at least one UI element that says "danger" before you can complete the interaction.

If such popups were introduced in iOS, they should be universal, of course, and the same danger prompts should show for Apple's software as for their competitors. Apple won't do that (outside of the EU) but it'd be a solution to the data hunger without compromising market accessibility too much.

A good alternative would be for Apple to remove APIs entirely, including for themselves. If they consider some data and some interactivity to be too dangerous for users, perhaps they shouldn't be messing with it either.

Apple makes a habit out of exaggerating the dangers of complying with any regulation. Just a bit of fear mongering gets their fans in a state where they'll maintain Apple's walled garden even when they stand to benefit from it being opened up.

“Effective but infuriating” UI treatments aren’t good enough for consumer electronics. Do you remember the UAC popups in Windows Vista, and how that got turned into a punchline on late-night standup and even in Apple’s own TV ads? Apple even did a little bit of this with the new filesystem permissions upon upgrading to (I think) Sierra, and got pilloried for it, even by experienced technology users. The thing you’re talking about would be many times more invasive.

> A good alternative would be for Apple to remove APIs entirely, including for themselves. If they consider some data and some interactivity to be too dangerous for users, perhaps they shouldn't be messing with it either.

I don’t want this and it doesn’t make any sense. I trust Apple as a vendor in a way I don’t trust third-party developers (or else I wouldn’t have purchased an iPhone), and it’s entirely reasonable to grant them permissions I don’t grant anybody else. Removing those entirely makes my phone considerably less useful.

Only if Apple's uses of that data have to go through the same flow, with equally scary text.

I would support that, too.

We have decades of experience going back to Vista that this does not work.

Users trust companies like Apple, Google etc not to place them in harm's way.

And so when prompts like this are shown they will quite happily approve without even reading the words.

I get a similar warning (Complete with red symbols and forced waiting so you're "forced" to read) when installing external APK's on Android While it feels like something Apple wouldn't do, it's a workable solution

Here are some of Meta's ask according to Apple...

https://developer.apple.com/support/downloads/DMA-Interopera...

  AirPlay Continuity Camera
  App Intents
  Devices connected with Bluetooth
  Apple Notification Center Service
  iPhone Mirroring
  CarPlay
  Connectivity to all of a user’s Apple devices
  Messaging
  Wi-Fi networks and properties

Wow.

I mean, where does a company get the balls to demand total access like this to the phones, networks and data of every phone in the US? These companies have zero fear of us as a people.

(They have zero respect for us as well, but that's another issue.)

I'm not sure how you read the above list and got the impression that meta wanted "total access like this to the phones, networks and data of every phone in the US". "Connectivity to all of a user’s Apple devices" probably means mDNS access for device discovery, rather than root access on all devices or whatever. Same for "Wi-Fi networks and properties". They probably want a list of wifi networks so they can connect to them, rather than low level access so they can run packet captures or whatever. Yes, even the limited access described above presents privacy issues, but there's no need to be hyperbolic and characterize it as "total access".

“Probably” is doing a lot of heavy lifting here. I’m not sure why Meta deserves the benefit of the doubt with a horrible privacy track record as shown in multiple judicial districts throughout the globe.

Can we see the interoperability requests that meta submitted? That would clarify if the shade is legit.

While I don't trust Meta, at all, I can see some reasons for legitimate requests. This could for API access so that the Meta VR headset could work as a substitute for Apples own, in some cases, or Facebook Messenger and iMessage interoperability. I sort of doubt that this is what Meta is trying for, but that would reasonable.

It's probably a bit of both. One part Apple being monopolistic jerks and one part Meta wanting to hoover up even more private data. One issue I can see is that the EU would side with Meta, knowing that the EU privacy laws will protect its citizens, but Apple has to consider the ramification for all users, including those not protect be the GDPR. So Apple is forced to open up and Meta will start using the opening to suck up private information on its American users.

Apple has shown recently that they are more than OK giving Europeans and some parts of Asia a different iOS experience than the rest of us.

If they are “forced to open up” in the EU it doesn’t mean they will here.

From another comment here.

https://developer.apple.com/support/downloads/DMA-Interopera...

Well I hope all these interoperability regulations come with eventually forcing messaging services to expose their APIs and allow 3rd party clients so that we can use a crowdfunded FOSS client for messaging and ditch all this malware from our phones.

I got rid of all of Facebook and Google apps and services years ago I really hope they won’t get anything as they clearly can’t be trusted with any data. See Noyb.eu for illustration.

If Meta is successful in gaining access to iPhone user data, will this be exclusive to Meta or would Apple be required to open access more broadly?

More broadly, but not unconditionally. They can apply reasonable (definition of that can be another point of contention) restrictions via their app review process as long as the restrictions are applied consistently to all applicants.

[dupe]

Earlier discussion: https://news.ycombinator.com/item?id=42457073

maybe the time has come for them to actually use this:

https://www.macobserver.com/tmo/article/apple_granted_patent...

it will burn down their own playhouse too of course

Seems oxymoronic as Meta doesn’t allow interoperability in order to maintain its walled garden. Apple does the same but it’s generally done in the space of privacy- security and privacy going hand in hand. I have little faith in government, any government, when it comes to technology. Either through ignorance or motive, they usually make decisions that result in less privacy, less security.

Is this Hacker News? This is way bigger than Meta. Should individuals have the freedom to access to their own phone data without needing to be a device manufacturer? Or should we depend on case by case approval of access that is outside of the users hands and something only big companies can do?

Framing it as being about `Apple vs Meta` is exactly the line of thinking that Apple wants, and it does a disservice to real Apple users, who have repeatedly been locked into a ecosystem where they have little control of their own data, where even sharing photos over Bluetooth isn't even an option! It's so locked in it's really unreasonable to frame this as being about Meta. Of course users should be able to give none / empty / fake or even real data to Meta if they so choose. But really this is about Apple, user rights, the EU, and a more fair playing field. If you read the PDF Apple put out, they are not offering any kind of middle solution, they are just saying they will, as usual, review case by case device partnership opportunities as it pleases them.

I dunno, I'm sure people have beef with Apple but Zuck's always taken other people's projects and acted dishonestly and their violating the terms with Whatsapp should be cause for breakup, and something like Apple is absolutely necessary (fine grained permissions) to stop the slurp-all-your-contacts parade that Zuckerberg loves

[dead]

Everyone wants more access to your (i)Phone

Apple's iPhone.

Meta understands that in an AI agentic world, having access at the OS level is crucial.

The AI becomes significantly more useful if it understands your digital life more. Only Apple has OS level access for agentic AI but Meta wants it too.

> The AI becomes significantly more useful if it understands your digital life more.

"Useful" is misleading. It should be "useful for the big corps for entrenching you further into proprietary technology so that they can take advantage of you later".

> for entrenching you further into proprietary technology

But isn’t this already the case right now? In my opinion this argument is kind of backwards because the lack of (or access to) APIs is precisely what’s preventing us from having alternatives!

Siri is proprietary, closed source, big corp, etc.

Want an open source, community based, interoperable, fully local, etc. assistant/AI? It cannot exist in today's world simply because it requires what Meta asks for.

I dislike Meta very much but I refuse to believe that creating or opening up such APIs would foster „entrenching you further into proprietary technology“.

> But isn’t this already the case right now? In my opinion this argument is kind of backwards because the lack of (or access to) APIs is precisely what’s preventing us from having alternatives!

Yes, it is. The entrenchment is an ongoing process designed to give us short-term benefits that appear harmless. But they slowly add up and produce an ecosystem that is actively harmful and not much better than before (on average).

By the way, I don't argue for or against Meta having access to APIs. I am against Meta entirely -- and the only logical answer to them is to dismantle them.

> Siri is proprietary, closed source, big corp, etc.

Yes, and because of that, it's the only voice assistant I want. I do not want a hyper-intelligent "friend that knows everything about me" because that, without fail, is being sold to me by companies who will need access to every last bit of data about me and my life, who will then host that data somewhere, with some level of security, which I'm not involved in and do not control. And tbh, given my thoughts about how users approach tech, I don't want that for other people either.

Putting aside my feelings about surveillance capitalism and how inherently exploitative and inhumane it is, with full knowledge that all my objections under that umbrella already, for me, constitute a wide and thoroughly researched opinion as to why this shit is horrific for privacy on it's face, but putting it aside:

If companies want access to every last drop of information, every last data point, even assuming an altruistic "we just want to make the best AI assistant we can" against all evidence to the contrary: then there needs to be set, and severe consequences for data breaches for these companies. No more of this "we put up a blog post about it and security researchers got an interview with CNN" no, fuck that shit. If Meta has a breach in it's AI product and as a result of that, whatever hacker org gets the full spread on let's say 5,000 individuals? Then those 5,000 individuals need to be entitled to damages. Firstly anything that impacts their lives needs to be unwound completely; new SSN, any money taken restored, help moving if required, whatever. Secondly they need to be compensated for the emotional toil of spending weeks or months sifting paperwork, sending letters, attending court dates to unwind whatever is done with their identity, and Meta is responsible for ALL of that.

If these companies want effectively root access to my life to provide these services, then I don't think it's unreasonable to say they need to be legally and financially responsible if their negligence causes people to get exposed. And if they're not prepared to take on that liability, then perhaps an AI assistant that knows everything about you is just a product that cannot be made.

I don't think this is an unreasonable view.

All so they can better target ads to you. Who needs cookies?