Epic Chief Suspects Apple Broke iPhone Web Apps in EU For Anticompetitive Reasons (twitter.com) 87
Apple is officially cutting support for progressive web apps for iPhone users in the European Union. While web apps have been broken for EU users in every iOS 17.4 beta so far, Apple has confirmed that this is a feature, not a bug. Commenting on Apple's move, Epic CEO Tim Sweeney tweeted: I suspect Apple's real reason for killing PWAs is the realization that competing web browsers could do a vastly better job of supporting PWAs -- unlike Safari's intentionally crippled web functionality -- and turn PWAs into legit, untaxed competitors to native apps.
Re: (Score:1)
*do. What do they think. Just because you don't like certain words is no excuse for bad grammar.
Well, obviously! (Score:1)
competing web browsers could do a vastly better job of supporting PWAs -- unlike Safari's intentionally crippled web functionality -- and turn PWAs into legit, untaxed competitors to native apps.
It's quite obvious why Apple has been dragging its feet at (not) making Safari treat PWAs as first-class citizens - they clearly want iOS users on apps Apple can control/extract revenue from, instead of Steve Jobs' original promise for web apps [youtube.com].
Re: (Score:3, Interesting)
competing web browsers could do a vastly better job of supporting PWAs -- unlike Safari's intentionally crippled web functionality -- and turn PWAs into legit, untaxed competitors to native apps.
It's quite obvious why Apple has been dragging its feet at (not) making Safari treat PWAs as first-class citizens - they clearly want iOS users on apps Apple can control/extract revenue from, instead of Steve Jobs' original promise for web apps [youtube.com].
Or, could it possibly be that, as Apple Stated, Developer Interest in Web Apps, has Historically been Low; so not much effort was put into that API by Apple (chicken meet egg?). One can only wonder what the situation would be if Devs. started Pushing for Web Apps much earlier.
But they didn't.
So, it became a self-fulfilling prophecy: Devs didn't Push; so Apple let the API Frameworks languish. Not ideal; but also not an Evil Plan.
Re: (Score:3)
so Apple let the API Frameworks languish.
So the frameworks languished in the EU, but not in the rest of the world?
That doesn't seem plausible.
Re: (Score:2)
so Apple let the API Frameworks languish.
So the frameworks languished in the EU, but not in the rest of the world?
That doesn't seem plausible.
No, everywhere. Sorry to not clarify.
Answer to "Why Safari (actually, WebKit) has substandard Web App Support".
Re: (Score:2)
as Apple Stated, Developer Interest in Web Apps, has Historically been Low
Not all web apps are PWAs. You'll find plenty of those on the App Store, packaged as native apps.
The actual reason there as been so little apparent interest in PWAs specifically is because Apple has been actively working against them for years.
it became a self-fulfilling prophecy
Yes, but not for the nonsense reasons you suggest. Once again, Apple's refusal to support standards (and other hostile policies) is why there is an apparent disinterest in PWAs on iOS.
Re: (Score:2)
as Apple Stated, Developer Interest in Web Apps, has Historically been Low
Not all web apps are PWAs. You'll find plenty of those on the App Store, packaged as native apps.
The actual reason there as been so little apparent interest in PWAs specifically is because Apple has been actively working against them for years.
it became a self-fulfilling prophecy
Yes, but not for the nonsense reasons you suggest. Once again, Apple's refusal to support standards (and other hostile policies) is why there is an apparent disinterest in PWAs on iOS.
See response to your previous Post.
Re: (Score:3)
You're still wrong.
It's amazing how uninformed you are about this.
Re: (Score:3)
Possibly, sure, but of course it's not. In the past Apple has broken web app features when it made web apps too competitive with native apps. For ex. You could play music in the background through a web app on iOS up until the release
Re: (Score:2)
Possibly, sure, but of course it's not. In the past Apple has broken web app features when it made web apps too competitive with native apps. For ex. You could play music in the background through a web app on iOS up until the release before the one that launched Apple Music. Then suddenly, your phone would no longer let you lock the screen and continue to listen to music. That's not a chicken and egg problem, that's trying to knife the baby before it gets too big.
Are you sure there wasn't a hidden vulnerability that came along with
that handy feature?
And a possible reason for the coincidental timing could be that Apple discovered the vulnerability while they were digging around trying to round up all the pieces-parts of Audio Playback Code in the various OSes, and either just fixed it (breaking the perhaps nice-but-possibly-vulnerable Stsndby Playback in the process); or refactored/moved that code, making that feature impossible.
Plus, I'm not exactly sure what you me
Can we remember (Score:3, Insightful)
Re: Can we remember (Score:2)
Re: (Score:3)
Apple explained why they removed them. To prevent them from being a security issue with 3rd party browsers would require a TON of work and very few people use them, so they're not prioritizing adding that functionality and instead removed it.
Re: (Score:2)
Which is as silly to accept at face value as it would be to accept at face value Epic's perspective when judging the behavior.
For argument's sake, say that Apple is doing it for anti-competitive reasons. Would you expect them to actually admit it, or try to rationalize a vaguely legitimate sounding excuse?
Why is this silly? (Score:1)
Which is as silly to accept at face value
Never done any OS programming have you.
Or indeed any programming where security was even slightly important...
The fact you claim introducing some random alternative browser engine code into an OS kernel is "silly to worry about", makes me very worried about you.
Re: (Score:1)
Like you, Apple is very obviously full of shit:
alternative browser engine code into an OS kernel
LOL! Do you even know what a kernel is? What a joke!
This nonsense about security is nothing more than fear-mongering. Web apps can't do anything more that the browser running them can do. PWAs running in alternative browsers are no more "dangerous" than any other web page. Get a clue.
Re: Why is this silly? (Score:2)
You can easily tell who isnâ(TM)t a software developer in these comments. I too immediately thought âoeoh well of course theyâ(TM)re disabling them thatâ(TM)s a security nightmareâ when the reports started coming in before Apple said a word about why.
Now is money an ulterior motive here? Of course it could be. If it wasnâ(TM)t theyâ(TM)d probably just lock PWAs to Safari.
Re: (Score:1)
A web browser runs in userspace,
Don't know what Springboard is doya.
Re: Can we remember (Score:2)
Re: (Score:2)
Apple isn't worried about other browsers competing with Safari in this case, they are worried about other browsers competing with the App store.
If you can target Chrome and have it be a natural looking application, then there's a chance your app store business gets threatened. If you take PWAs off the table for everybody (including yourself, since you aren't allowed to favor yourself), that is reducing the risk of PWAs getting preffered over a swift application.
I'm surprised PWAs are not a more popular tar
Re: (Score:2, Informative)
Which is obviously bollocks. The PWA would run with the same permissions as the browser, so unless they are saying that browsers and apps in general are a security issue...
Re: (Score:2, Informative)
And they could do malicious things without proper safeguards in place.
"The iOS system has traditionally provided support for Home Screen web apps by building directly on WebKit and its security architecture. That integration means Home Screen web apps are managed to align with the security and privacy model for native apps on iOS, including isolation of storage and enforcement of system prompts to access privacy impacting capabilities on a per-site basis.
Without this type of isolation and enforcement, malic
Re: Can we remember (Score:4, Informative)
But the web browser also has isolation of storage and all that stuff. And besides, once the user chooses to install a 3rd party web browser, that browser becomes responsible for their security. It stores their passwords and credit card details, it stops them being tracked on the web, it blocks malware infected sites and phishing scams.
"We don't trust anyone else to do security" is both rich coming from Apple, and unlikely to satisfy the EU.
Re: (Score:2)
Sure all of them will work in the window like nothing is different but how it links to the OS needs to be rewritten
Re: (Score:3)
Clearly Safari is using an existing OS API. They could just open that up to third party browsers.
It always boils down to Apple saying that they don't trust 3rd party browsers to do the job that Safari does, despite the clear evidence that Safari is far from the more secure browser. In any case, the EU is unlikely to accept that.
Re: Can we remember (Score:2)
Re: (Score:1)
[Epic] has zero chance of getting their apps on the App Store _ever_
Except not really: Apple reinstates Epic’s developer account [9to5mac.com]
Re: (Score:1)
[Epic] has zero chance of getting their apps on the App Store _ever_
Except not really: Apple reinstates Epic’s developer account [9to5mac.com]
I did not know that!
Re: (Score:1)
None of which the EU cares about. This is their rule on digital markets, and the only question is if Apple is compliant.
Re:Can we remember (Score:4, Interesting)
To me it seems Sweeney takes everything personally. Before Epic modified Fortnite, they asked Apple to change multiple terms of service for Epic including letting Epic have their own iOS store, reducing the developer cut to 15%, using their own payment system. Apple responded to that with a no listing all the reasons they did not want to do that. Sweeney seemed to take that rejection as an opening to a holy war and painted Epic as the knight leading a crusade.
Their fight with Valve is even more ridiculous. Valve just has an online store; they do not sign exclusives like Epic. If a developer wants to publish on Steam, GOG, and Microsoft stores, Valve does not prohibit them. Most developers choose Steam as it is the largest store with the most number of consumers. Could Valve charge less? Yes in some cases, but from the beginning Epic tried to make Valve appear as evil for merely existing.
Re: (Score:3)
I don't know much about Tim Sweeney, he might be a real dick, but he's right about Apple. And government regulators around the world are coming around to the same p
Re: (Score:2)
I don't know much about Tim Sweeney, he might be a real dick, but he's right about Apple. And government regulators around the world are coming around to the same point of view. Presumably not because they're "taking it personally".
I take it you did not read the emails in Epic v Apple. You should read them. After Apple turned down Epic's proposed changes, Sweeney was pissed calling Apple "sanctimonious".
. It's always been highly questionable if Apple's position on the App Store was sustainable.
A US court found in favor of Apple for 9 out of 10 points.
. Their approach has been to rake in as much cash they could in before someone stepped in and told them to stop.
Apple's approach is the same as Sony, Microsoft, Nintendo, Blackberry, Nokia, etc. Apple did not invent this model.
Apple's suddenly making concessions left and right.. like announcing they'll allow an Xbox Cloud gaming app and reinstating Epic's developer account. It's never really been about what "Apple wants to do" and it's always been about what Apple could get away with.
And what is the difference between Apple and every
Re: (Score:1)
The EPIC chief tricked apple int accepting an app on the store that wax in massive breach of apples t@cs, had a lawsuit prepared, so he knew what he was doing, lost nine of ten points in their court battle, has zero chance of getting their apps on the App Store _ever_, and is surely an objective observer here
Best Post!
Re: (Score:2)
The other headline today is that Apple restored Epic's developer account.
Re: (Score:2)
and is surely an objective observer here
Your post is the very definition of an ad hominem attack. Yeah Tim Sweeny is a shitstain on the computing world, but that doesn't automatically mean he is wrong. Why not address the point he made. While doing so I invite you to look at Slashdot's previous story on this where several developers actually corroborate what he said.
Are they all pieces of shit, or do you actually want to address the point he made rather than just spit out your logical fallacy?
Predictable (Score:3, Insightful)
Just like the many Apple-Hating Trolls on Slashdot, Sweeney's Opinion and Chest-Beating is as predictable as the sunrise.
But not nearly as welcome.
Re: (Score:2)
That doesn't change the fact that Sweeney is absolutely right about Apple's motivations here. It's so obvious that the only reason to even say it out loud is to call attention to it.
You're free to disagree, but you'll only look like a delusional fan boy.
Re: (Score:2)
Re: (Score:3)
Apple's reasoning is sound. Using web apps with 3rd party browsers creates security issues because they have more access than the typical website mechanism. It would take a ton of work on their part to properly secure things to make it work and very few people use them anyways, so it's much easier and better use of their resources to simply remove such functionality.
Re: (Score:2)
Nonsense. Apple is telling a transparent lie.
Web apps don't have any more access than the browser that's running them. Make it a requirement that browsers ask permission before creating an app icon and the "problem" is solved.
so it's much easier and better use of their resources to simply remove such functionality.
You've been in the reality distortion field too long.
Re: (Score:2)
Clearly you don't know what access they have. They enjoy things like background refresh, access to notifications (both ways), and more. They most certainly are a greater security risk than just the browser.
Re: (Score:2)
Once again, they don't have any greater access than the browser that runs them. Don't be stupid.
Re: (Score:2)
But the browser could, without your permission, add them to your home screen and grant them permission to access your camera, microphone, secure storage, and other browser tabs. WebKit has safeguards in place to prevent that. Other browsers may not, which is why Apple would have to put additional resources into building such requirements and it's simply not worth the investment.
Re: (Score:2)
if we're talking Safari's main competitors such as Chrome, Edge, Brave, Opera and Firefox - they all have similar protections on other environments such as Windows, Linux and Android.
None of them want to get out-lawyered by the European Union into oblivion because of ransomware and cyberattacks from unsavory characters and one would expect them to do due diligence in porting to Apple platforms.
Hypothetically if one is installing a random browser from a random app store written by a Nigerian Prince in Mom's
Re: (Score:2)
Re: (Score:2)
Apple's reasoning is sound. Using web apps with 3rd party browsers creates security issues because they have more access than the typical website mechanism. It would take a ton of work on their part to properly secure things to make it work and very few people use them anyways, so it's much easier and better use of their resources to simply remove such functionality.
Which is exactly why they Disallow third-party Rendering Engines. The Web App API is handled by WebKit; anything else would not be able to be properly vetted.
I've said this for years on here. Haters are Dumb as Trumpers. Never let The Facts get in the way of a good Conspiracy Theory!
Re: (Score:2)
Which is exactly why they Disallow third-party Rendering Engines
You haven't been paying attention. That is no longer the case, at least in the EU, so any bullshit argument against PWAs is just that: bullshit. As I've explained to you already, PWAs can't do anything more than the browser that's running them. PWAs, consequently, are no more dangerous than any other webpage.
At this point, you're ignorance is willful.
Re: (Score:2)
Which is exactly why they Disallow third-party Rendering Engines
You haven't been paying attention. That is no longer the case, at least in the EU, so any bullshit argument against PWAs is just that: bullshit. As I've explained to you already, PWAs can't do anything more than the browser that's running them. PWAs, consequently, are no more dangerous than any other webpage.
At this point, you're ignorance is willful.
If forcing Developers into the App Store is indeed the "Real Reason" for Disallowing PWAs in the EU version of iOS, why haven't they been long-Deprecated in the non-EU versions of iOS?
Non-Sequitur. Your Facts are Uncoordinated!
Re: (Score:2)
As I've already explained to you, Apple has been actively hostile to PWAs for years. Do you need me to explain why again?
My facts are fine. You're just incompetent.
Re: (Score:2)
As I've already explained to you, Apple has been actively hostile to PWAs for years. Do you need me to explain why again?
My facts are fine. You're just incompetent.
I've never been an iOS Dev; but I'm far from ignorant.
Re: (Score:2)
Since they forked webkit into Blink/CEF, Google have been adding more and more APIs to make HTML5 apps first class citizens on Chrome OS. So the attack surface on Chromium-based platforms is actually larger because they support more features.
But to suggest that Chrome OS is any less secure than iOS because of web ignores the dedicated security team(s) within Google tasked with battle-hardening their sand-boxing implementations on Linux and Windows.
The main factor that you can't replace the system browser by
Re: (Score:2)
That bullshit didn't fly when Microsoft tried it either.
Re: (Score:2)
It worked out well for Microsoft in the end - they unentangled a layer of Windows spaghetti code to the point of not having to maintain crappy IE and now piggyback on Google's efforts.
But yeah Apple's argument historically is that they are protecting users from their own freedoms in that they've optimized Safari so it doesn't drain your battery. What sort of spaghetti from 15 years ago lurk in the source code to make it performant on iPhone 1, I wonder. I'm not suggesting that Google could do a better job w
Re: (Score:1)
PWAs shouldn't have appreciably more access than they do as a "web page". It's mostly a matter of how it manifests in "app management" (different launch icon, shows in a different window, does not have browser navigation bar). PWA mechanisms do not suggest an elevation of privilege compared to being in a browser tab.
Re: (Score:2)
They have background refresh, access to notifications, and much more. They are more than just a browser tab.
Re: (Score:1)
Apple's reasoning is sound. Using web apps with 3rd party browsers creates security issues because they have more access than the typical website mechanism.
They're able to do it just fine on macOS
One of the highlighted features in Sonoma [apple.com] is about turning websites into Apps.
I guess macOS uses a different Internet than iOS.
Re: (Score:2)
The feature you pointed out in macOS also utilizes WebKit and the Safari browser, just as iOS does. The issue is with 3rd party browsers and web apps. Clearly you don't understand the difference.
Re: Predictable (Score:2)
iOS: No PWA support for any browser, removed (limited) Safari PWA support
If "security" is the reasoning, then Apple doesn't care about security in macOS?
Re: (Score:3)
Using web apps with 3rd party browsers creates security issues because they have more access than the typical website mechanism.
Nope, apps can't request more permissions than the OS provides. If a third party browser is a security threat it is because Apple allows it to be a security threat through granting it permissions.
so it's much easier and better use of their resources to simply remove such functionality
Apple's ban on third party rendering engine dates back to long before they gave even one iota of a fuck about security or privacy.
Re: (Score:3)
That doesn't change the fact that Sweeney is absolutely right about Apple's motivations here. It's so obvious that the only reason to even say it out loud is to call attention to it.
You're free to disagree, but you'll only look like a delusional fan boy.
So, the fact that, for years and years, approximately ZERO Developers pushed for Web Apps has nothing to do with Apple's lack of attention to the Web App API? Just had to be an Evil Plan. . .
Say, where's Hunter Biden's Laptop?
Re: (Score:2)
First, there are tons of apps that you don't even realize are are web apps because they're packaged as native apps. Second, the reason that web apps aren't more prominent is because Apple is actively working against them. Either by refusing to implement standards or other hostile policies like deleting browser local storage data after just 7 days.
approximately ZERO Developers pushed for Web Apps
You're full of shit. There are countless tools to package web apps as native apps. The advantage, obviously, is that you only need to write an app once. No on
Re: (Score:2)
First, there are tons of apps that you don't even realize are are web apps because they're packaged as native apps. Second, the reason that web apps aren't more prominent is because Apple is actively working against them. Either by refusing to implement standards or other hostile policies like deleting browser local storage data after just 7 days.
approximately ZERO Developers pushed for Web Apps
You're full of shit. There are countless tools to package web apps as native apps. The advantage, obviously, is that you only need to write an app once. No one wants to write an iOS app, and Android app, and then replicate that functionality on the web. It's a ridiculous waste of resources. Odds are good you use or have used web apps without even noticing.
PWAs liberate both users and developers. Apple knows this, which is why they've actively been working against those standards for years.
Ok; so, if that's True (which I believe), then:
1. All such "Native Apps" would *Always* Render with WebKit.
2. It flies in the face of the Assertion that Safari's Support of Web Apps is Substandard; since Web Apps are actually handled by WebKit, not Safari.
Can't have it both ways.
Re: (Score:2)
Wow, you really don't have a clue, do you?
I give up. You're too stupid and uninformed for this discussion.
Re: Predictable (Score:2)
Re: (Score:2)
is as predictable as the sunrise
Yes but what isn't predictable is that occasionally he is right. Occasionally. Like ... maybe this is the only time he's been right and will ever be.
Re: (Score:2)
is as predictable as the sunrise
Yes but what isn't predictable is that occasionally he is right. Occasionally. Like ... maybe this is the only time he's been right and will ever be.
I don't think so; but I do acknowledge the personal need to do more research on this Topic. Slashdot can be quite the Echo Chamber. . .
He is right of course. (Score:2)
Apple will lose (Score:1)
Security issues are genuine (Score:4, Interesting)
Webapps can theoretically do anything limited by the browser. As long as Safari was the browser, Apple could ensure that the apps can do limited things and if they truly wants to write a client app, they have to create an app which will go through additional scrutiny. If it is forced to allow the third party browsers, then that would mean that some third party browser can allow the app to run everything. They can just simulate the whole runtime in the browser interface and now the web app can run the whole native app in it. The browser becomes an app container. Epic can come with its own "Epic browser" which will allow all the games to be run inside the browser (the app will only run in Epic browser, not on any standards compliant browser). Effectively, browsers can allow "native apps" to be run on iPhones without any further apple scrutiny.
Re: Security issues are genuine (Score:2)
Re: (Score:2)
The mistake in your reasoning, for lack of a better word, is the mistaken belief that the container won't receive any scrutiny from Apple. Do you really think they'll just let any app on sight unseen if the developers call it a browser? They are, without question, going to make it as difficult as they possibly can for alternative browsers to make their way onto the platform.
Also, don't forget that installing an alternative browser is entirely up to the user. If you don't want to risk the Epic browser or
Re: (Score:3)
As long as Safari was the browser
This isn't a desktop PC. A browser is governed by permissions granted to it by the OS. Apple is still in control. It's a bullshit excuse, and incidentally Apple's attacks on webapps long predate the days anyone gave a shit about mobile security.
Re: (Score:2)
Security issues are genuine
Everything you said is entirely worthless. The legitimacy of your words depends on the answer to a question: Who is in charge of Security on YOUR device?
If you assume Apple is in charge of Security, then your words have value.
Back here in the Real World(tm), YOU are responsible for your own Security. Even if someone takes choice from you and leaves you handcuffed in the back of a police car on the railroad tracks, YOU are still responsible for your Security because YOU are the one who will die. Did you note
Apple, meet law enforcement... (Score:1)
Apple currently thinks they are above the law. Their mistake will be pointed out to them in a way they cannot ignore. May take a while though. Last I looked, Apple had an annual turnover of $383B. I think a $20B fine will catch their attention nicely.
Re: Apple, meet law enforcement... (Score:2)
Re: (Score:1)
The one deep in delusion here is you.