Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy Apple

Apple's Cook Says Circumventing App Store Would Harm User Privacy (bloomberg.com) 122

Apple Chief Executive Officer Tim Cook said that proposed app store regulations in the U.S. and European Union would put iPhone users' privacy at risk. From a report: "If we are forced to let unvetted apps onto iPhones, the unintended consequences will be profound," Cook said during a keynote address at the Global Privacy Summit on Tuesday in Washington. "Data-hungry companies would be able to avoid our privacy rules and once again track our users against their will." Apple is under global scrutiny over app store policies. The EU is working on legislation that would force the company to allow apps to be installed from outside the Apple App Store, threatening Apple's grip on its platform and potentially limiting its ability to collect a commission from developers.
This discussion has been archived. No new comments can be posted.

Apple's Cook Says Circumventing App Store Would Harm User Privacy

Comments Filter:
  • Wrong framing (Score:5, Insightful)

    by rgmoore ( 133276 ) <glandauer@charter.net> on Tuesday April 12, 2022 @12:08PM (#62440580) Homepage

    Of course this is the wrong framing, so it gets key points wrong. Allowing third party app stores won't force bad apps onto anyone's phone; it will still require affirmative steps by the user to allow those apps on their phones. People who want to trust Apple to look after their privacy and security will be free to do so. People who don't trust Apple, or trust some third party provider more, will be free to trust those people instead. People who just want apps that Apple has decided to exclude for whatever reason would be free to take a risk and install them.

    • Of course this is the wrong framing, so it gets key points wrong. Allowing third party app stores won't force bad apps onto anyone's phone; it will still require affirmative steps by the user to allow those apps on their phones. People who want to trust Apple to look after their privacy and security will be free to do so. People who don't trust Apple, or trust some third party provider more, will be free to trust those people instead. People who just want apps that Apple has decided to exclude for whatever reason would be free to take a risk and install them.

      I don't think framing matters much in most religions... sorry... couldn't help myself (pauses his ipod to post).

    • Re:Wrong framing (Score:5, Insightful)

      by bjdevil66 ( 583941 ) on Tuesday April 12, 2022 @12:39PM (#62440712)

      You're thinking like... well, you're actually thinking and analyzing the issue.

      Many Apple users like myself don't want to think about it. I own Apple stuff because I don't want to waste my time thinking about it. I just want to trust it blindly and move on with my other daily tasks (Elastic Search development ATM, etc.) and fun.

      I'll take Tim Cook's nanny state on this issue because I trust him on the privacy issue as much as a reasonable, paranoid person can trust a CEO of a trillion dollar company (not much, but more than not at all). And that trust (especially in my illusion of iOS's superior security) is easier when my phone's walled garden's underlying ecosystem (iOS devices) is never exposed to a non-critical risk like this (allowing these types of apps).

      There's Android OS for that. I guess it's where "separate but equal" actually makes sense? You want a white phone - pretentious, has an easier path to use, full of "walled garden privilege" and believing it's superior? Go iPhone. You want a black phone, that works hard and gets the job done like iOS, but is definitely different in ultimately cosmetic, meaningless ways - and may have some trust issues and shady characters lurking in its dark corners? Go Android. (I can't believe I'm posting this crap... LOL).

      • I use an iPhone because Apple's the only company still making phone-sized phones (though I suppose I'm in the minority on that), and for iMessage. The walled garden aspect is just annoying. If Apple finally did enable real sideloading (not that crap it has now where you've gotta use a leaked enterprise certificate or self-sign the app every 7 days), the first thing I'd do is install Kodi and RetroArch.

      • by Merk42 ( 1906718 )
        If Apple were forced to allow 3rd party app stores, but you chose not to use one of them, it would change how you use your device how exactly?
        • by tlhIngan ( 30335 )

          If Apple were forced to allow 3rd party app stores, but you chose not to use one of them, it would change how you use your device how exactly?

          When has that ever been the case?

          I have an Xbox, but I want to play a PS5 game. I'm now forced to buy a PS5 in order to play that game. I didn't want a PS5.

          OK too extreme. I'm a Linux user. I need to run a Windows only program. Now I have to install Windows and all that jazz. (VM, dual partitions, whatever).

          Too extreme? OK, try again.

          I have a PC running Windows. I get

          • by Merk42 ( 1906718 )
            Who was forcing you to get those games in your analogy? I think your analogy assumes those games would all be available in the single store.

            If multiple stores having different, though sometimes overlapping, product availability is so bad, let's just ban all retail stores and force everyone to shop exclusively at Amazon.
      • by rgmoore ( 133276 )

        Sure. But the point is that if you're happy with the way Apple is running things, you'd be free to keep it. It would even be the default, so you'd get exactly what you have now with zero effort. But someone who wanted an app that Apple decided to exclude from the app store would be able to run it rather than being stuck.

        Many of those apps are probably garbage and would cause the exact problems Tim Cook is talking about. But the real sticking point is that Apple is using its role as gatekeeper to deman

      • This doesn't force you to think about it don't go into the setting, don't turn on side loading, don't think about it. You will only turn on side loading if you are already thinking about it.

        You maybe right most apple users won't think about it and will not bother, side loading. The only time this might happen is if you its a major must have title that you trust. The developer can always offer you a version that is 43% more expensive to cover the apple tax. That's right in order to make the same amount of mo

        • And the problem is that by turning off your brain, you fall prey to the things you're trying to avoid... and get charged with it anyway. The privacy labels are a lie. Apple sells your privacy, just like Google (see their iad selling dept), their apps gather just as much info (if not more because you don't want prompts to confirm.) Malware gets on the store, and there cannot be as many eyes on it because... how could companies (or you) look for malware? They can't, you don't have access to the executabl
    • by Ed_1024 ( 744566 )

      That is all very well but what about the non-techie who just clicks through everything, i.e. everyone who has not got a /. user ID. iOS is great for that at the moment because almost everything is off by default, there is vetting of apps plus they can get pulled for bad behaviour.

      Out of those who got an iPhone or iOS device knowing about the restrictions it came with, who wants lots of alternative app stores and payment methods? I certainly do not, this is one of the positive features that attracted me to i

      • But it's not safe. Privacy is equally 'free' to app developers (linked elsewhere in the comments). Malware (and other non permitted apps) gets into the store with an alarming frequency considering theres human "gatekeepers".
  • Lets face it, App makers if allowed to bypass the Apple Store, will take advantage of all the stuff they can, so they can "offset the price of the software" by collecting and selling a lot more data then they can with Apple being a the Cop of saying that is too much.

    I think non App Store Apps will need to be restricted in some way, such as not having access to as much info as other Apps, or a limited set of IP range it can connect to.

    While Google isn't so strict, with multiple App stores. the issue is the D

    • I think non App Store Apps will need to be restricted in some way.

      What is to stop developers from doing whatever they want? That isn't how the OS or Swift works. If you are trying to get them to develop something like that, why? They already have a stellar review system. Also, the paid-for apps cover the expense of running the App Store and notification services that all free apps rely on. The system works wonderful today. There is nothing to fix.

    • Re: (Score:3, Insightful)

      by Powercntrl ( 458442 )

      While Google isn't so strict, with multiple App stores. the issue is the Devices have varying amount of features and compatibility making information gathering more difficult.

      Facebook doesn't seem to be having any problems getting their snoop on with the Android version of their app, otherwise you'd hear them protesting the same way they do about iOS.

      I think the major difference just comes down to the type of customers using the platform. People expect privacy when they buy an iOS device because it's something Apple's PR department makes a big deal about. Android, on the other hand, is maintained by an advertising company. You pretty much know what you're in for (unless you d

  • Vetted apps (Score:2, Insightful)

    by RitchCraft ( 6454710 )
    The number of apps getting through the app store that spy on you happens all the time. So nothing new here. Your next excuse Cook?
    • Re: (Score:2, Insightful)

      by saloomy ( 2817221 )
      Fuck off. They are found and fixed. "All the time" is relative, and would be negligible in comparison to the free-for-all if Apple's review system wasn't in the way. Just compare iOS to the shit-show Windows is. Ransomware and the like, no thanks.

      Your next excuse Cook?

      None is needed. The App is a private platform. One they run better than anyone else's.

      • Cook? Is that you? Wrong side of the bed today?
      • Re:Vetted apps (Score:4, Interesting)

        by moronoxyd ( 1000371 ) on Tuesday April 12, 2022 @01:03PM (#62440824)

        Fuck off. They are found and fixed.

        Often enough by third parties because Apple didn't find them. And then Apple takes their sweet time removing the apps, unless there's a media frenzy about it.

      • Apple and Android are about the same: https://arxiv.org/pdf/2109.137... [arxiv.org]

  • ... if the choice to circumvent the app store was made by the end user, Apple can probably disavow responsibility if the user wants to do that with their device.
    • He's also completely wrong. It's easy to imagine a scenario where someone creates an alternative app store heavily focused on security, and only vetted apps are allowed in the store.

      We've already seen similar things with Linux distros, for example Kali Linux that is focused on security, or Qubes which is more secure than iOS.

  • I Pay For This. (Score:4, Insightful)

    by Arzaboa ( 2804779 ) on Tuesday April 12, 2022 @12:24PM (#62440642)

    I like Apple products because of all the reasons Tim Cook says. I totally get the arguments of the other side, but if they don't like the terms, then go do Android.

    I have used Androids and Apples. Androids are a total mess. I never figured out what was safe and what wasn't. No one watches that app store. Does that mean apple is perfect? No. Does that mean apple has more control over their eco-system? Yes.

    --
    Perfection is not attainable, but if we chase perfection we can catch excellence. - Vince Lombardi

    • What about the things I may like in iOS that you don't? Will you be just as understanding or should I tell you to go to Android as well? Or should we instead put our big boy pants on and agree that informed choice is something to be valued?
    • I have used Androids and Apples. Androids are a total mess. I never figured out what was safe and what wasn't. No one watches that app store. Does that mean apple is perfect? No. Does that mean apple has more control over their eco-system? Yes.

      Apple's app store is filled with malware similar to Google there is no meaningful difference between them. The presence of centralized app stores is itself generating large perverse incentives for developers to do this crap.

      Those who have something to offer have to compete with free. Those who just want to put out crap with minimal effort to get paid for spying on users leverage audience, search index and distribution channels to do it. The result is a race to the bottom. Most have no clue what their ap

    • Androids are a total mess...No one watches that app store...Does that mean apple has more control over their eco-system? Yes.

      This is all a lie.

    • Or you can just not install the alternative ecosystem on your device. Then Apple will be rewarded for what their marketplace solution offers instead of forcing everyone to use it. The benefits of the hardware and OS can be independent of the store.

      Android is not a homogenous set of devices, so testing is broader. Meaning you're more likely to see issues on the corner cases.

      This is independent of monitoring of the store. There is no reason to think allowing other stores to be installed would change the q

    • by MobyDisk ( 75490 )

      We need a company that vets apps based on private, safety, and security; but does not reject apps because they disagree with the company's political views.

  • Anyone else remember when Apple claimed (to the govt (FCC?)) that jailbreaking the iphone was going to lead to terrorists taking down the cell network?

    The mobile space is a damned mess for users, and that's by design. (nearly) Any other computer that would be otherwise considered multi purpose, allows the owner to separate management functions from daily functions (i.e. admin/root vs unelevated). This phantom menace created in the mobile space is one wholly of teh design of the mobile OS vendors.

  • Apple is seeing the handwriting on the wall. This is the beginning of the scare campaign--not entirely illegitimate--against apps not vetted through the app store. Much like MacOS apps that are not fully signed and credentialed by Apple, iOS will likely present the user with all sorts of warnings and hoops to allow side loaded apps, a practice that will likely also be challenged. Apple's claims are not without merit. It is not known whether independent app stores will work hard enough to minimize malware and spyware.

    I buy Apple's claims. The reality is that it is far too easy for hackers and developers with bad intentions to overwhelm app stores with little resources for enforcement of privacy and to take advantage of people. As people above have mentioned, even the App Store is not impervious to devious apps. So, what guarantees can the consumer have that rolling out third party stores will not play out as Apple claims?

    • "developers with bad intentions"

      You mean like Apple and Facebook.

      Sorry Charlie but Apple does not have your best intentions in mind. Apple has it's profits in mind. Apple wants a closed system where they take a large cut.

      You can fuck off now.
      • You’re right, Apple does have their profits in mind. They have decided that in a sea of companies that don’t give a flying fuck about your privacy they will be the only major mobile platform vendor to make every effort to protect their user’s personal information. In doing so, they will attract users who value privacy to their platform and also increase loyalty which will in turn increase revenue. They don’t do it perfectly, but it’s better than anything else out there. Don

        • by dgatwood ( 11270 )

          You’re right, Apple does have their profits in mind. They have decided that in a sea of companies that don’t give a flying fuck about your privacy they will be the only major mobile platform vendor to make every effort to protect their user’s personal information.

          Oh, horses**t.

          If Apple truly cared about privacy, they would work with Google to standardize a mechanism for end-to-end encryption that works across devices by all vendors, including group messaging. They have not. Instead, they take advantage of the inability to do so as a way of driving sales to teens, because nobody wants to be the one person whose messages show up in a different color. And how many years has it been? Oh, yeah. 11 years.

          If Apple cared about privacy, they would properly open up their

          • Thatâ(TM)s the point. Android exploits user data. So why would apple come up with a standard that puts android on equal footing and enables Google to exploit apple user data? Itâ(TM)s consistent with their privacy argument. Their profit motive doesnâ(TM)t negate this, and as others have noted, apple are putting a price tag on privacy, and many are willing to pay it. A lot of people claim that apple is no better than Google, but nobody really substantiates the claim.

            • by dgatwood ( 11270 )

              Thatâ(TM)s the point. Android exploits user data. So why would apple come up with a standard that puts android on equal footing and enables Google to exploit apple user data?

              *rolls eyes*

              And how, exactly, do you think other phone vendors could exploit end-to-end–encrypted data? It is, by its very definition, never stored or transmitted in an unencrypted state. It quite literally cannot be exploited beyond some very minimal on-device searching, or else it no longer qualifies as end-to-end–encrypted.

              A lot of people claim that apple is no better than Google, but nobody really substantiates the claim.

              I did, and you completely dismissed the argument. How many others have done so whose arguments you dismissed?

              Either way, your question completely misses the point. It's

              • by dgatwood ( 11270 )

                Err... "then we'll talk". Stupid muscle memory.

              • Thank you for the thoughtful response. My contention is that android does additional snooping once the data is decrypted for the user to consume. I defer to you on the possibility of that happening,

                If truth in advertising carries any weight, then the consumerâ(TM)s only choice for privacy is apple. No one else makes appleâ(TM)s claims. You are correct that such claims do not constitute any proof, but what other choice do consumers have in a deregulated market?

                • by dgatwood ( 11270 )

                  Thank you for the thoughtful response. My contention is that android does additional snooping once the data is decrypted for the user to consume. I defer to you on the possibility of that happening,

                  Any evidence supporting that contention? Snooping on end-to-end–encrypted data that resides on a user's device surreptitiously would be the sort of behavior that, if proven, would likely lead to mass resignations in response. It would be a blatant abuse of user trust. So I would be very, very surprised if such a thing were happening.

                  If truth in advertising carries any weight, then the consumerâ(TM)s only choice for privacy is apple. No one else makes appleâ(TM)s claims. You are correct that such claims do not constitute any proof, but what other choice do consumers have in a deregulated market?

                  Advertising has never been about truth. Advertising is about spin. You can't outright lie, but that doesn't mean that Apple, by talking about privacy-enhancing featur

                  • Hey man, they got lawyers to make sure they can't get sued over claims in ads. So, if Google is not making the same claims, then there is a difference.

      • No, I mean hackers who would want to steal money from you. Or to eavesdrop on you. One who want to do illegal things.

        Take, for example, uberâ(TM)s illegal harvesting of data even after its app was deleted. It took apple a while to wake up to that. How much better would a smaller outfit do?

        Your hatred is driving you to misread the text.

      • No, I mean hackers who would want to steal money from you. Or to eavesdrop on you. One who want to do illegal things.
        Take, for example, uberÃ(TM)s illegal harvesting of data even after its app was deleted. It took apple a while to wake up to that. How much better would a smaller outfit do?
        Your hatred is driving you to misread the text.

    • by dgatwood ( 11270 )

      This is the beginning of the scare campaign--not entirely illegitimate--against apps not vetted through the app store. Much like MacOS apps that are not fully signed and credentialed by Apple, iOS will likely present the user with all sorts of warnings and hoops to allow side loaded apps, a practice that will likely also be challenged. Apple's claims are not without merit.

      Apple's claims ARE entirely without merit. iOS, in addition to having a traditional multi-user UNIX architecture under the hood, also has a highly advanced sandboxing mechanism that is designed specifically to restrict what data a given app process can access. And in macOS, they even have additional sandboxing features that make it possible to provide things like file pickers to access files owned by other apps in a manner that can't be faked by the app.

      Do you honestly mean to tell me that with a multiuse

  • Greed (Score:4, Insightful)

    by dark.nebulae ( 3950923 ) on Tuesday April 12, 2022 @12:39PM (#62440714)

    This whole argument is just about greed.

    Users aren't begging for some alternate app store access.

    Its just big companies wanting to take the money that Apple is collecting and Apple wants to keep what they are getting. There's nothing noble or righteous going on here, its all about getting a larger slice of the pie...

    • by mark-t ( 151149 )

      Users aren't begging for some alternate app store access.

      I would say that we don't really know that's true.

      For example, we don't know what the demand would be for R rated or X rated apps, while such apps may be violation of app store policies and unable to get approval.

      Also, Apple tends to disapprove of virtual machine apps, which end users may also want, but are typically also in opposition to Apple's app store policies.

      • I think you're arguing that users would want some say in what the marketplace allowed, but not necessarily "hey let's throw out all of the controls and install anything from anywhere with zero validation and control..."

      • People on this site always confuse “what slashdot users want” with “what real people want”.

        • by mark-t ( 151149 )

          Of course, because everybody knows that minority demographics aren't "real people".

          :eyeroll:

    • Users aren't begging for some alternate app store access.

      I am going to need to the source of your data on that one. At a minimum, there is at least one user who has jailbroken many iphones and installed secondary app stores (Cydia?). That person is me. I have not bought anything Apple in ... wow, almost a decade now. Regardless, I want to see the source of your claim because I am finding it EXTREMELY hard to digest.

      • I didn't say 100% of users, just spoke of users generally. Sure there are fringe cases like yourself, but you must admit that the majority of iphone users have not jailbroken their phones. If you walked out on the street asking people with iphones what Cydia is, I doubt you'll get a single person that knows....

        Sure there are exceptions, my argument is they are not the majority. If the majority of iphone users wanted alternative stores, this would be a much bigger deal.

  • If this legislation actually passes I imagine Apple will start marketing "Portable Gaming Consoles w/ Cellular". If the governments start going down the road of forbidding centrally managed software ecosystems I don't see how Sony/Microsoft can defend selling AMD PCs that are locked to their AppStores. Nintendo's primary console is kissing cousins to Apple's iPads.

    I could see Apple going as far as adding joysticks to their phones.
    • Somebody always has to make this flawed analogy, and the difference is that gaming consoles aren't advertised and sold as general purpose computing devices.

      Notice how Nintendo/Sony/Microsoft has never run a "There's an app for that" commercial for their gaming consoles.

      • iPhones aren’t marketed as general purpose computing devices. They are marketed as personal mobile communications devices. And that doesn’t even matter anyway, it is an apt comparison. It’s only bad because it’s Apple.

    • by Rhipf ( 525263 )

      I don't see how Sony/Microsoft can defend selling AMD PCs that are locked to their AppStores

      As far as I know there are no PCs sold that are locked to the Microsoft app store. There isn't even a mechanism in Windows to do this. The closest possible thing to a "locked" Windows PC is a computer that comes with Windows S mode installed. Even those computers aren't locked to the Microsoft store though since it is a simple process to convert a Windows S mode computer to a "normal" Windows computer.
      If you are considering game consoles as PCs then you may have an argument to make but that is outside my pe

  • Easy Fix (Score:2, Interesting)

    Throw up a message warning the user on 3rd party store install.

    • Throw up a message warning the user on 3rd party store install.

      Not easy. Compare with the web browser and SSL/TLS situation and how that evolved.

      It's gone from a passive lock icon, to a click to continue warning, to buried hidden settings and possibly restarting the whole browser with an argument putting it into a special insecure mode. It all depends on the degree of how insecure it is too, because some things can still be clicked through with enough effort.

      And that's for accessing an untrusted website, running untrusted code on your system should be taken far more

    • The apple acolyte fanboys disapprove of the post

  • Everyone claiming that third party app stores should be an option that users can enable or disable if they want to don’t get it. Attackers will find ways to trick users into enabling the third party app stores and downloading malware. It will be the dawning of a new era for iOS users to get scammed and hacked. Yes, I know that the app store isn’t 100% secure either, but it’s a hell of a lot better than opening the flood gates.

    The only people I hear bitching about third party app stores are

    • by Powercntrl ( 458442 ) on Tuesday April 12, 2022 @01:09PM (#62440850) Homepage

      People get talked into driving to Western Union and wiring money to scammers. Should we close Western Union because some people are fucking stupid, too?

    • The only people I hear bitching about third party app stores are Android users who already have that capability. What do you care?

      We want to be sure that Android phone makers know that we don't want them to mimic Apple's behavior since they seem to do it with all of Apple's other greedy/braindead/controlling behaviors.

    • Users that can be tricked in a presumably secure OS deserve to be tricked. (This is with the obvious exception for state-sponsored targeted attacks that can victimize everybody.) So either iOS isn't as secure as it claims to be, or Apple users are more clueless than the average Jean or Jane.
      • I think you underestimate the cluelessness of your average person. There are lots of very smart people who for some reason have trouble with technology.

        The only people who deserve to get tricked are idiots who think they are buying NFTs.

        • I think you underestimate the cluelessness of your average person. There are lots of very smart people who for some reason have trouble with technology.

          The only people who deserve to get tricked are idiots who think they are buying NFTs.

          Granted. As for NFTs, that's beyond clueless. It's as if we've gone beyond intellectual property into pure intellectual profit.

    • So what you are saying is Apple's security is Shit as they can't ensure informed consent?
  • Facebook exists. Clearly some people do not value privacy.

    Customers, even their customers have the right to decide for themself how much privacy they want.

    Some will prefer the privacy of Apple, other want the right to save money by not paying Apple a tax on software Apple did not create.

    Just because you make an expensive luxury item does not mean everyone else has to buy it.

  • This is their stance. Sure. Saying it 100 times doesn't make it any more true. Or novel.

    The only reason I can think of for posting these is to stir up a holy nerd war.

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...