"open and transparent"
Those are two words that are not in the Cupertino lexicon.
They prefer the "you're holding it wrong" attitude.
Digital rights advocacy organizations contend that Apple has failed to comply with its interoperability obligations under the EU's Digital Markets Act (DMA). The groups made their case in a letter [PDF] asking competition watchdogs to do more to ensure Apple's compliance with the Article 6(7) of the DMA. The letter is the …
Simply denying access is not a privacy control, it's just bloody-mindedness.
What if I want to back up my contacts to an external location or service? Or synchronise them into something (maybe a mail service or social network account aggregator)?
I'd absolutely not want Meta to have access to my contacts. Every time they ask I tell them where to go. But to remove the option entirely isn't the solution.
Similar arguments can be made for other services and features, and batted away just as easily.
This is just Apple wanting to keep the wall around their garden as high as they can. On the one hand I don't blame them for that, but on the other hand this is why we can't have nice things outside of walled gardens. Which sucks.
As someone who remembers when the big platforms had APIs that allowed for a choice of clients and for more interoperability, I'm not on Apple's side here. To allow this behaviour is to set a bad precedent in the industry.
I'd absolutely not want Meta to have access to my contacts
They ALREADY have access to most of your contacts list - they have access to it via the access others granted to Facebook when it asked. So Meta may not know your entire contacts list but they probably know over half of it, through the people who granted access to theirs. If your friend gives up their contact list and you are in it, now Meta knows who you are (name, phone number, maybe even address, birthday etc. depending on what they've filled in) and one entry in your contacts list! Then another and another until it has a pretty good picture of who your contacts are even if it doesn't have the full list. It might not get your mom who doesn't use social media or your doctor who doesn't have their office contact in Facebook, but it is getting way more than you or I are comfortable with and we have no way of preventing it!
Most people just approve stuff like this because they either just say "ok" to everything, figure "I don't have any privacy anyway it is pointless to resist" or accidentally click the wrong thing when the dialog comes up (and by then it is too late to undo once you've done it because it isn't like they would delete that info they've already collected if you removed permission) So you and I might be rightly horrified at the idea of Meta having access to our iMessage/SMS content from Messages, and know we would never grant them that access but how much of our currently private conversations would be ingested into Meta's AI because the people we're talking to are dumb enough to give permission for Meta to access it?
I'm sorry, but merely HAVING the capability for something so privacy destroying is a big risk, even to those of us who would never ever approve it. Heck even people who NEVER have and never will use Facebook, Instagram, WhatsApp or anything else Zuck has touched are affected by Meta's current ability to download contact info from people who allow it, and would be even worse affected by the capability Zuck wants to have permission to mass download iMessage/SMS conversations.
And therein lies the big problem.
In here we are a self selecting subset of people who mostly understand this stuff, and can say no (when covid hit, I was asked to join a WhatsApp group for "keep in touch" non-work stuff - I point blank refused to have it on my phone as I think it was just after they'd made it "permit slurping everything or it doesn't work" mode). But SWMBO is the epitome of the opposite - really doesn't understand why even installing WhatsApp in her phone is a problem for me and everyone else she has in her contacts.
But if we take the approach "can't have X because someone might do something bad with it", quite quickly we won't have anything.
TBH, the answer to "Meta would slurp stuff" would be for the authorities to haul in Meta and threaten to throw their executives in prison until they comply with the privacy laws their business model relies on ignoring. IMO, things like the WhatsApp app should be declared illegal since it's impossible to install and use it without a) the user breaking the law, and b) the user conspiring with Meta for Meta to break the law. But as long as the authorities do nothing, Meta will continue.
Remember when Apple lost a case against Samsung, and coded their web site to hide the notice they had been told by the court to put there ? IIRC their legal team were called before the judge and told that if it wasn't fixed then an executive would be in a cell - so it got fixed in a timeframe the court had been told was impossible. We need more of that against all these big outfits who are running rings round the authorities in their blatant and wilful ignoring of multiple laws.
I'd agree with you if Apple were some scrappy upstart who have limited resources.
But as of last September they had $65 billion in cash (or cash equivalents) available to them. They have a steady source of income, high profitability, and could be described as a "destination employer" who a lot of people would like to have on their CV.
So Apple can do this. It's a solvable problem - it's just about permissions and customer education.
If they were motivated to provide secure access to data on their platforms, they could do so. It probably wouldn't even dent their assets.
Instead they choose not to even try to produce a solution. Mostly so that they can preserve their walled garden.
"I'd agree with you if Apple were some scrappy upstart who have limited resources. But as of last September they had $65 billion in cash (or cash equivalents) available to them. They have a steady source of income, high profitability, and could be described as a "destination employer" who a lot of people would like to have on their CV."
Which tells us that a huge number of people are prepared to pay a premium to live in Apple's walled garden. And whilst that's not for me, IMHO it should be Apple's prerogative to set the rules, not some bunch of unelected bureaucrats who've failed in their core job of establishing an EU tech sector, or growing the EU economy.
If customers don't like Apple's rules, they can buy a different device, if developers don't like Apple's rules they can withhold their apps or services from the company's products. It's odd that bureaucrats prattle on about "market forces", yet seem so intent on interfering.
But it's not a free market.
You would be right if there were (say) 10 different vendors, actively competing on features etc. But there are only 2 - Apple and Android. So the choice is do I want to be in that walled garden, or the other walled garden - there is no "not a walled garden" option for users to flock to.
Similarly for devs, if they want users to be able to use their apps, then they have to have them on the platforms people use.
There's an analogy with the John Deere and repairability issue. Some people say "why do people still by Deere then ?" - to which the answer is that there isn't really all that much choice, and what other choices there are are doing similar things.
“So Apple can do this. It's a solvable problem”
Not really, not also run a viable business. The key thing you fail to understand about business, is that you need to be all-in, all the time. Everything you do as a company, and as a team, needs to be about *earning money for the business*, and it needs to be focused on that. It’s the kind of thing that people think you are stupid for saying, and yet (more than) half the companies out there do not do this any more, and are in the process of dying. If you are in a team, and you don’t know the financial case for what you personally do day-to-day, then you are in the wrong half.
What you *can’t* do is take a $50bn business, take 5% of your staff and “do another thing”. With that 5% just being a cost of doing business, for compliance. If you can subcontract that bit out, all well and good. But if you can’t, if it’s too tightly integrated (technically) or affects other moving parts of the business…..then you’ve got 5% of your staff whose job is no longer aligned with the core of making the market. Soon enough, it’s 10%. Then it’s 50%.
Pretty quick, you are a “compliance organisation”. Everybody is busy, worked off their feet, doing “stuff” that they believe is “necessary”. But no new products are actually coming out of the factory. And those that are, have low sales…..because the product definition is written by govt/compliance. And the sales you do have, are to *other* compliance organisations, who are totally ignorant of the value proposition you are failing, and which are at best static or slowly dying so those sales decline by 5% per year. Sucking on the teat, but not actually earning money. Think IBM.
But what you can do is take 5% of your staff and "do another thing" that means you're not going to be fined big money. It's a matter of how big the threatened fine will be; if it's several times higher than the cost of complying, it's worth the cost to comply.
For Airdrop etc probably not an issue. But an example given was allowing "stuff not approved by Apple" to have access to contacts. If you allow that, then that allows the likes of Meta to slurp people's contacts. This is mentioned in other comments higher up.
We, and ElReg commentards are probably almost all sensible people who would click "no,f-off" to the request to allow the likes of WhatsApp, FaecesBorg, etc., apps to do this - even when there may be multiple clicks needed to say no, using buttons carefully hidden from view if you don't scroll, and such deviant tricks. But I would suggest the majority will just do whatever gets them to the app for the least hassle - which is always going to be "click the big green yes button" that fills half the screen. Such techniques to steer users into accepting are illegal in the EU - but the likes fo Meta have built an empire on ignoring data protection and privacy laws, and the authorities have done "not a lot" to stop them.
> Meta communications director Andy Stone responded with his opinion that Apple is really saying “They don't believe in interoperability. In fact, every time Apple is called out for anti-competitive behavior, they defend themselves on privacy grounds that have no basis in reality."
And Meta is the last organisation I’m going to listen to regarding anything involving privacy.
Yes.
But why should Apple be the one deciding who I am permitted to trust?
If I want to back them up to Bobs Burgers And Contact Storage, why does Apple get to say no?
A gatekeeper should only be ensuring that I can find the Bob I want, nobody else can pretend to be Bob, Bob can't do anything unless I explicitly give Bob permission, and that I can easily revoke that permission.
And the alternative is ? By the time you've ruled out Android because Google is as bad as Apple, and the likes of Samsung also install their own uninstallable rubbish, you don't have much choice left.
It really is a choice as to which of Apple and Google is going to screw you less - or at least use lube while they are doing it.
I agree 100%, but from Apples point of view, they will be getting the bad publicity when some tabloid launches a story about how Bobs Burgers and Contact Storage sold some poor users contact details they grabbed from an Apple phone.
We've seen this with android - over the years, many decent lower-level abilities have been removed completely because bad actors were abusing them, and android was blamed for being insecure.
They moved options to the normally hidden developers menu, and then even made it so some things could only be enabled by connecting via a USB lead and connecting over that. But in each case, the dodgy software said "to get this whizzo new free money app for free, follow this procedure"... and then android again gets blamed.
I heard similar on TV recently - a couple were being scammed and the scammer led them to believe that they were the bank, and that the couple had to phone the bank to transfer their money to another - the scammer even told them something like "the person at the bank will tell you you're being scammed, but that's just our secure audit. Ignore them", and they did, and lost all their money.
However, I still hate the extra lockdown on android these days because of stupid users, and tabloid misinformation.
Yeah, in the sane world.
But all the "dodgy apps stole my money" reports are because someone did exactly that,
Here's a random Google result I just got on the subject. Look at the headline, and the layperson will clearly see this as "android bad", but it's only due to people authorising the specific privilege.
Yes, preferably with at least 2 strongly worded warnings in red indicating what you are about to do?
Years ago, I did this on my stuff. If someone wanted to remove a row from the customers table, they got a standard warning. If the customer had open invoices, the first message warned of the consequences. If they proceeded, the final warning was " [username] - Confirm that you REALLY want to delete [customer] with open invoices!". In Australia a customer said that they could tell from my software that I was English - Initially polite; then fairly polite, but threatening.
So would I, but some dodgy apps have been known to tell; the users exactly what to do, and warn them that any "scary messages" that are produced are "for other, evil apps"
Take side-loading - you have to go through all sorts of warnings, and hoops, and then enable something in a submenu to work.
And even THEN you have to grant an app specific permissions for it to work, yet still people are getting caught. So much so, that Google is now restricting what side-loaded apps can do regardless, which will cause many problems for those of us who legitimately sideload.
https://www.androidauthority.com/android-15-restricted-settings-sideloading-3481098/
There's data "leaking", i.e. not with the user's knowledge or permission, and then there's interoperability. Things like "oops, Apple Mail is 'having trouble' logging into Gmail again", or "that software can use the mic and camera, but only on the 'public' API, not the one Apple uses that works so much better" isn't a question of data leaking. It's telling the user "you're doing it wrong" despite the user being the one who is trying to tell Apple what the USER wants to do.