Apple Confirms iOS 17.4 Removes Home Screen Web Apps In the EU

Apple has now offered an explanation for why iOS 17.4 removes support for Home Screen web apps in the European Union. Spoiler: it's because of the Digital Markets Act that went into effect last August. 9to5Mac reports: Last week, iPhone users in the European Union noticed that they were no longer able to install and run web apps on their iPhone's Home Screen in iOS 17.4. Apple has added a number of features over the years to improve support for progressive web apps on iPhone. For example, iOS 16.4 allowed PWAs to deliver push notifications with icon badges. One change in iOS 17.4 is that the iPhone now supports alternative browser engines in the EU. This allows companies to build browsers that don't use Apple's WebKit engine for the first time. Apple says that this change, required by the Digital Markets Act, is why it has been forced to remove Home Screen web apps support in the European Union.

Apple explains that it would have to build an "entirely new integration architecture that does not currently exist in iOS" to address the "complex security and privacy concerns associated with web apps using alternative browser engines." This work "was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps," Apple explains. "And so, to comply with the DMA's requirements, we had to remove the Home Screen web apps feature in the EU." "EU users will be able to continue accessing websites directly from their Home Screen through a bookmark with minimal impact to their functionality," Apple continues.

It's understandable that Apple wouldn't offer support for Home Screen web apps for third-party browsers. But why did it also remove support for Home Screen web apps for Safari? Unfortunately, that's another side effect of the Digital Markets Act. The DMA requires that all browsers have equality, meaning that Apple can't favor Safari and WebKit over third-party browser engines. Therefore, because it can't offer Home Screen web apps support for third-party browsers, it also can't offer support via Safari. [...] iOS 17.4 is currently available to developers and public beta testers, and is slated for a release in early March. The full explanation was published on Apple's developer website today.

Ok....

[King_TJ]

Seems to me like that all makes sense. Is anyone *really* that worked out that they can't launch a web page from a home page icon on their iOS device anyway?
I know there are going to be special cases out there (like corporate issued phones that use some web app the employer built). But wow -- I haven't used a web app on my iPhone since the original iPhone was released and only allowed those to start with!

Re:Ok....

[dgatwood]

Seems to me like that all makes sense. Is anyone *really* that worked out that they can't launch a web page from a home page icon on their iOS device anyway?

Home screen apps are not like web pages. They're a full-screen experience with no window chrome. Yes, this change breaks things quite badly. And Apple knows this. They also know that once third-party browsers get a foothold, people will want to have web apps running in other browsers, because Safari just isn't nearly good enough, and they aren't willing to spend the money to build a better browser that can actually compete in a free market. So instead, they're taking away features from EU users so that other browser vendors won't be able to compete as visibly.

And no, it does not make sense. This was a simple problem that had a simple solution — creating APIs to allow apps to register a home screen item that calls openURL with a specific app-defined URL scheme to launch that app. It would have taken all of one hour for an engineer to implement this, max. But instead of implementing that solution, Apple decided to abuse European users for daring to demand the right to run the browser of their choice by taking away functionality that some of them depend on, and using the DMA as a pathetic excuse.

They're hiding behind "security", throwing shade at other browsers, and making ludicrous claims about one web app stealing data from another web app that are not based on anything other than hypothetical designs of hypothetical browsers that do not even exist yet. In reality, absolutely nothing prevents any other browser vendor from creating an entirely isolated cookie and data storage environment for each web app, and whether or not they do so has no bearing whatsoever on whether Apple should allow those apps to create full-screen web apps. After all, the security of third-party apps is not Apple's problem.

No, this is just one more bullshit abuse by Apple, attempting to control what users do on devices that they own, and their decision flies flagrantly in the face of the rules that the EU is imposing on them.

This is inexcusably childish behavior by Apple, and it is in the best interests of everyone, whether in the EU or not, for the EU to bury Apple under a mountain of sanctions so big that their stock price drops ten bucks on the first day. It's the only thing companies like that understand.

Re:Ok....

[jenningsthecat]

No, this is just one more bullshit abuse by Apple, attempting to control what users do on devices that they own and their decision flies flagrantly in the face of the rules that the EU is imposing on them.

Yes - it's called 'malicious compliance'. And compliance it is - I would amend a part of your sentence to say "their decision flies flagrantly in the face of the spirit of the rules... "

This is inexcusably childish behavior by Apple, and it is in the best interests of everyone, whether in the EU or not, for the EU to bury Apple under a mountain of sanctions so big that their stock price drops ten bucks on the first day. It's the only thing companies like that understand.

I agree wholeheartedly, and I hope it happens. I'm getting mighty sick of this corporate "tail wagging the dog" shit we see so much of.

Re:

[gweihir]

Others have tried it before and failed. Apple will fail as well.

Re:

[luvirini]

Indeed. In the past EU competition authorities have taken a very dim view of companies trying to drag their feet(read as: Billions in fines). I think that it will be no different for Apple.

Re:

[NoMoreACs]

Indeed. In the past EU competition authorities have taken a very dim view of companies trying to drag their feet(read as: Billions in fines). I think that it will be no different for Apple.

How is this "non-compliance" or "malicious compliance"?

EU sez "Must allow other Browsers": Check!

EU sez "All Browsers must allow Equal Footing. None can be Favored.": Check!

So, now tell me how this is Non, or "Malicious", Compliance?

Keep in mind that Apple said they couldn't guarantee Safety and Privacy before the deadline. That implies that they may very well change this restriction at a later date. Apple didn't set the Deadline, nor the other Conditions; the EU did.

Re:

[gweihir]

I suggest you wait for the ruling of the of the EU court when Apple is appealing what will likely be a record fine. That ruling will explain all the finer details to you and you cannot fake-argue with it either.

Re:

[NoMoreACs]

I suggest you wait for the ruling of the of the EU court when Apple is appealing what will likely be a record fine. That ruling will explain all the finer details to you and you cannot fake-argue with it either.

I was asking the Parent.

Re:

[dgatwood]

How is this "non-compliance" or "malicious compliance"?

EU sez "Must allow other Browsers": Check!

EU sez "All Browsers must allow Equal Footing. None can be Favored.": Check!

Does not reduce competition with the App Store: Epic fail

Web apps compete with native apps. The whole point of requiring Apple to open up their platform is to encourage competition, and this has the effect of dramatically reducing competition, tightening up Apple's monopolistic control over the iOS platform.

They literally did the exact opposite of what the EU demanded.

This is flagrant noncompliance.

Re:

[NoMoreACs]

How is this "non-compliance" or "malicious compliance"?

EU sez "Must allow other Browsers": Check!

EU sez "All Browsers must allow Equal Footing. None can be Favored.": Check!

Does not reduce competition with the App Store: Epic fail

Web apps compete with native apps. The whole point of requiring Apple to open up their platform is to encourage competition, and this has the effect of dramatically reducing competition, tightening up Apple's monopolistic control over the iOS platform.

They literally did the exact opposite of what the EU demanded.

This is flagrant noncompliance.

You are full of shit.

Too bad; I actually respected your opinion. Not no more.

Re:Ok....

[gweihir]

EU officials have already signalled that this illegal behavior will not be tolerated. Apple is subject to the law, just like any other enterprise. I predict this will get very expensive for them. EU rules can result in a fine of up to 5% of annual turnover. A prohibition to sell the affected devices can then be the next step.

Re:

[gweihir]

Read up on what is happening and the statements made. I am not here to fill the void between your ears. Just a hint: Anti-competitive practices are illegal in the EU.

Re:

[NoMoreACs]

Read up on what is happening and the statements made. I am not here to fill the void between your ears. Just a hint: Anti-competitive practices are illegal in the EU.

Yes of course; but exactly how is making every browser, including Safari, work the Same "Anti-Competitive"? Apple's Browser was "downgraded", too?

I don't think "Anti-Competitive" means what you think.

Could be that empty space between your ears.

Re:

[dgatwood]

Yes of course; but exactly how is making every browser, including Safari, work the Same "Anti-Competitive"? Apple's Browser was "downgraded", too?

Because it's not just about other browsers competing against Safari. It's also about web apps competing with native apps sold through Apple's store. And by doing this, they've taken away the mechanism by which that happens.

You can't bulldoze an entire category of competition under the guise of leveling the playing field for another type of competition and expect to not get fined massively.

Re:

[radarskiy]

"a simple problem that had a simple solution — creating APIs to allow apps to register a home screen item that calls openURL with a specific app-defined URL scheme to launch that app"

The actual problem is forcing other people's programs to change. What do you do if the user is trying to create a web app icon from a browser that has not implemented that API? What browser do you use for web app icons made before there were multiple browsers?

I will grant that calling it a "security problem" is bullshit.

Re:

[dgatwood]

"a simple problem that had a simple solution — creating APIs to allow apps to register a home screen item that calls openURL with a specific app-defined URL scheme to launch that app"

The actual problem is forcing other people's programs to change. What do you do if the user is trying to create a web app icon from a browser that has not implemented that API?

A browser that has not implemented the API won't have a button in its user interface to save the web page as a web app, so that question is entirely moot. The DMA doesn't require other browsers to get web app support for free. It just requires that the facilities offered to Safari/WebKit also be offered to other browsers. Whether they choose to use them or not is their decision.

What browser do you use for web app icons made before there were multiple browsers?

The browser that created it. Same as for any web app icon made after there were multiple browsers. It's the only approach that

Re:

[dgatwood]

iOS 16.4 allowed PWAs to deliver push notifications with icon badges

Re-read this part, then try to use your imagination to get why this wouldn't have taken one hour, max

You really don't get it, do you? PWA features are features OF THE BROWSER. Apple doesn't have to give third-party developers those features. It just has to make sure nothing prevents them from implementing comparable features.

And although push notifications *can* be server-generated, they can also be app-generated. There are already APIs by which a background daemon running as part of a third-party browser could "send" a push notification on behalf of a web page. And given that side-loaded apps are pre

Re:Ok....

[Space cowboy]

Oh, that's all, is it.

Yep, you're right 1 hour max /s.

Browsers are the most insecure attack surface of any aspect of modern computers. Apple's s/w is built using standard engineering decision-making - can we rely on X being there ? Why yes we can, so we can delegate this function to that system framework which we've tested is all secure.

Except that all breaks down when someone installs a 3rd party browser. Now the security model of the system depends on the security model of the installed browser, and that's just not acceptable. It may be the user's fault that they installed but you can guarantee that Apple will be holding the can at the end of any argument over why their nudes are now all over the internet.

Re:

[dgatwood]

Browsers are the most insecure attack surface of any aspect of modern computers. Apple's s/w is built using standard engineering decision-making - can we rely on X being there ? Why yes we can, so we can delegate this function to that system framework which we've tested is all secure.

You seem to have missed the whole point of this conversation:

• Apple is *required* by law in the EU to allow the user to choose other browsers for handling tapped URLs and similar. Apple doesn't get a choice in that. Therefore, any security risk related to delegating that function to a browser will exist in the exact same way regardless of whether Apple makes home screen apps work for other browsers.
• Home screen apps are created by the user explicitly saving a website to an icon on their home screen. That

Re:

[serafean]

> And although that could definitely have security implications, once again, there's no significant new attack surface introduced by allowing users to save web apps to the home screen that doesn't already exist by allowing users to visit those websites using a different browser in the first place. This is simply basic common sense here.

Safari & webkit MAY be using APIs that aren't publicly documented and available. If that API exports OS features, 3rd party browsers won't have access to that.
I'm no

Re:

[Junta]

If their first party web browser had access to "private" APIs, then they connected the "most insecure attack surface of any aspect of modern computers" straight to a 'dangerous' API.

I feel like the simpler answer leans a bit toward Apple just wanting to close a door that might threaten the dominance of Swift based applications on their platform. If an exceptionally capable 'web browser' comes along and through PWA becomes a fantastic option to publish most applications in a way that can support Windows, ma

Re:

[dgatwood]

Safari & webkit MAY be using APIs that aren't publicly documented and available. If that API exports OS features, 3rd party browsers won't have access to that.

Most of what web browsers do is stuff that other apps also do — accessing photos, saving data to disk, making network requests, etc.

I'm only aware of think of two things WebKit does that other apps can't do: JIT compiling (running unsigned code generated on the fly) and forking multiple processes with cross-process access to the backing store of windows. But opening up those capabilities is a non-negotiable part of allowing other browser engines on the platform.

Either way, you're missing the point of

Re:

[NoMoreACs]

Oh, that's all, is it.

Yep, you're right 1 hour max /s.

Browsers are the most insecure attack surface of any aspect of modern computers. Apple's s/w is built using standard engineering decision-making - can we rely on X being there ? Why yes we can, so we can delegate this function to that system framework which we've tested is all secure.

Except that all breaks down when someone installs a 3rd party browser. Now the security model of the system depends on the security model of the installed browser, and that's just not acceptable. It may be the user's fault that they installed but you can guarantee that Apple will be holding the can at the end of any argument over why their nudes are now all over the internet.

This exactly what I have been saying for years as the reason behind Apple's proscription against 3rd-party Rendering Engines.

And their Decision to remove Web App support, even for Safari, under the conditions imposed by the EU (time limits and requirement that all Browsers be treated Equally), falls directly in line with that thinking.

Anybody who thinks this is in any way Retaliatory is a Fool and/or a Troll,

Re:

[dgatwood]

Oh, that's all, is it.

Yep, you're right 1 hour max /s.

Browsers are the most insecure attack surface of any aspect of modern computers. Apple's s/w is built using standard engineering decision-making - can we rely on X being there ? Why yes we can, so we can delegate this function to that system framework which we've tested is all secure.

Except that all breaks down when someone installs a 3rd party browser. Now the security model of the system depends on the security model of the installed browser, and that's just not acceptable. It may be the user's fault that they installed but you can guarantee that Apple will be holding the can at the end of any argument over why their nudes are now all over the internet.

This exactly what I have been saying for years as the reason behind Apple's proscription against 3rd-party Rendering Engines.

Apple told everyone the reason behind their ban on third-party engines, and it has nothing to do with rendering. Nothing prevents someone from porting Chrome or Firefox to iOS today, so long as they hack it to use JavaScriptCore (Safari's JavaScript engine).

The effective ban on third-party browsers is actually about code execution. Safari uses just-in-time compilation to run JavaScript at a usable speed. Allowing browsers to do JIT means crafting a way to allow those browsers a special exception for runn

Re: Ok....

[Junta]

It seems to be reasonable, we don't have access to their implementation details but we do have experience to have a rough feel for how these sort of features should be implemented.

On the other side of the argument is taking Apple's word for it. So if their goals are to mitigate risk to app store revenue and iPhone exclusivity by working to prevent anything but swift applications to run as first class citizens.. yeah they are not going to say that. Of course they are going to rationalize their position wi

Re:Ok....

[ceoyoyo]

You can still launch a web page from a home page. That's what the summary is talking about with 'bookmarks.'

What you can't do is launch a special webapp that looks like a regular app, i.e. full screen with no browser stuff around it. I expect Apple doesn't even use Safari proper for that, but rather has a little app that just consists of a full screen webkit component. But that is arguably "a browser" and it certainly is treated differently than any random browser you might install.

Re:

[thegarbz]

I expect Apple doesn't even use Safari proper for that, but rather has a little app that just consists of a full screen webkit component.

If that were the case they wouldn't be concerned about the potential competition from browsers and it also wouldn't have fallen under the DMA. All of Apple's submissions to the EU regarding the DMA have been specifically about protecting the use of Safari on their device.

Re:

[NoMoreACs]

I expect Apple doesn't even use Safari proper for that, but rather has a little app that just consists of a full screen webkit component.

If that were the case they wouldn't be concerned about the potential competition from browsers and it also wouldn't have fallen under the DMA. All of Apple's submissions to the EU regarding the DMA have been specifically about protecting the use of Safari on their device.

Not Safari; WebKit.

Re:

[ceoyoyo]

No. That's the newspaper article summary. The issue is webkit.

Safari itself is an app with a webkit view and a few ancillary controls like an address bar and back/forward buttons. You have long been welcome to make your own browser on iOS, provided it was likewise a webkit view. In fact, millions of people have the Google Chrome app installed.

You couldn't use something other than webkit though. Even Google has to use Apple's webkit, not their own.

Re:

[NoMoreACs]

You can still launch a web page from a home page. That's what the summary is talking about with 'bookmarks.'

What you can't do is launch a special webapp that looks like a regular app, i.e. full screen with no browser stuff around it. I expect Apple doesn't even use Safari proper for that, but rather has a little app that just consists of a full screen webkit component. But that is arguably "a browser" and it certainly is treated differently than any random browser you might install.

Great Point!

Re:Ok....

[HumanEmulator]

Seems to me like that all makes sense.

Except of course, it's obvious bullshit. The reason for disabling web apps is because the Safari engine goes out of its way to cripple the usefulness of web apps. If you could switch to Chrome or potentially another engine, that engine could easily make native OS features available to web apps, making web apps as powerful as native ones. A user could then install a web app icon on the home screen, and you'd have a system as easy to use as the App Store, but completely outside of it.

Re:

[NoMoreACs]

Seems to me like that all makes sense.

Except of course, it's obvious bullshit. The reason for disabling web apps is because the Safari engine goes out of its way to cripple the usefulness of web apps. If you could switch to Chrome or potentially another engine, that engine could easily make native OS features available to web apps, making web apps as powerful as native ones. A user could then install a web app icon on the home screen, and you'd have a system as easy to use as the App Store, but completely outside of it.

Citation, please.

Re:

[Junta]

Generally poking around Mozilla documentation will show areas where Safari opts out of various features:
https://developer.mozilla.org/... [mozilla.org]

So they seem to have held back their own browser a bit. So another engine may well facilitate "PWA is just as good as a Swift application for an uncomfortably large number of applications"

There's a risk iOS would become just an implementation detail of a web based application layer, probably managed by Google in Chrome rather than Apple themselves.

Re:

[NoMoreACs]

Generally poking around Mozilla documentation will show areas where Safari opts out of various features:
https://developer.mozilla.org/... [mozilla.org]

So they seem to have held back their own browser a bit. So another engine may well facilitate "PWA is just as good as a Swift application for an uncomfortably large number of applications"

There's a risk iOS would become just an implementation detail of a web based application layer, probably managed by Google in Chrome rather than Apple themselves.

LOLWUT?!?

Re:

[Pieroxy]

If you could switch to Chrome or potentially another engine, that engine could easily make native OS features available to web apps, making web apps as powerful as native ones. A user could then install a web app icon on the home screen, and you'd have a system as easy to use as the App Store, but completely outside of it.

That's already the case while using WebKit's webview. Browsers can do all that today. Chrome, Firefox, etc.

Re:

[NoMoreACs]

Which is also a security nightmare. The whole reason Safari doesnâ(TM)t let you do that is because then any website would have access to native hardware. Bluetooth, WiFi, location data, encryption keys, full screen control

Apple is right that customers would rather have it disabled than shit vendors without privacy consideration (Google, Facebook etc) under duress of the DMA law have access to my encryption keys simply because the EU demands it (and that is eventually what DMA is all about, one aspect is that companies need to escrow encryption keys with the EU government).

Precisely what I have been saying for years.

Re:

[Pieroxy]

The whole reason Safari doesnâ(TM)t let you do that is because then any website would have access to native hardware. Bluetooth, WiFi, location data, encryption keys, full screen control

Nope. Even native apps don't have access to all that (save full screen control). They require permissions. Just as websites do on Chrome and Firefox on any laptop.

Re: Ok....

[beelsebob]

The trick is that the web apps no longer behave like apps. Instead they launch in the browser, and have all the browserâ(TM)s normal back/forward/bookmark functionality. That in turn screws up a lot of web apps that donâ(TM)t expect those buttons to be available.

Re:

[Junta]

Note that a PWA may "just be a web page", but generally speaking you can do a *lot* with "just a web page" nowadays.

A PWA can be granted access to sensors, camera, microphone. It can use WebGL or WebGPU, so you can render competent 3D graphics. It can obviously stream video, with all the DRM the provider would care for. A PWA can even exist and run offline, if the server is down. For such applications, you only need a web connection to do initial install. The "web" ecosystem has evolved to be a viable ta

Re:

[laie_techie]

Seems to me like that all makes sense. Is anyone *really* that worked out that they can't launch a web page from a home page icon on their iOS device anyway? I know there are going to be special cases out there (like corporate issued phones that use some web app the employer built). But wow -- I haven't used a web app on my iPhone since the original iPhone was released and only allowed those to start with!

My young children take piano. They access one website to view videos and materials and another site to record their practicing. Based on the age of my children, it was convenient to put bookmarks on their home screen. I would have to read the actual verbiage of the law to see if simple bookmarks on the home screen would be allowed. Of course I live in the USA, so this shouldn't affect me.

Eurocrats

[ThePhilips]

If Apples believes that this kind of shenanigans would impress EU bureaucrats, they are mistaken.

You don't force bureaucrats make decisions*. They are not good at that, and bureaucratic/legalistic thresholds are too high. But once the decisions are made, they are very good (stubborn even) at sticking with them.

*That's what for politicians are!

Re:Eurocrats

[aergern]

I don't have to carry around a lightning cable so .. the "Eurocrats" as you call them did a fucking solid on that one. I don't give shit what you or anyone else says. 99% of what I use daily takes a USB-C cable and now it's 100% so I'm quite satisfied with this. And they did follow the law on this one. /shrug

Re:

[ThePhilips]

Eurocrats is what even they themselves are calling themselves. It's the word to differentiate the EU member states govt people from Brussels's admin (COM) people.

Re:

[ArchieBunker]

The EU was also responsible for cell phone companies (besides Apple) standardizing on micro usb. Remember before that how every single phone had it's own unique charger cable?

Re: Eurocrats

[beelsebob]

*but* notably, if theyâ(TM)d fully succeeded in that standardisation, USB-C would never have been a thing and weâ(TM)d be stuck with a sub-par solution.

Re:

[NoMoreACs]

The EU was also responsible for cell phone companies (besides Apple) standardizing on micro usb. Remember before that how every single phone had it's own unique charger cable?

And that EU saber rattling about forced standardization on that absolute shitshow, microUSB, is EXACTLY what caused Apple to Develop Lightning in the first place!!!

USB-C wasn't even ratified at that time; so Apple couldn't have just jumped to that (not to mention they would have been excoriated for THAT, too!).

Stop with the Revisionist History. Check the Timeline and prove me wrong. But you can't.

Re:

[AmiMoJo]

I've been looking for a way to convert older devices to USB C for years. Replacing Micro USB and Mini USB ports with C ports is difficult as they are all quite small and there are different solder pads for different brands. It may be easier to just stick a converter into the port, but they can be a bit chunky. Maybe some Shenzhen company will miniaturize them one day.

I've had more success converting barrel connectors and proprietary ones to USB C. You can buy a "USB PD trigger" on AliExpress that is a littl

Re:

[serviscope_minor]

You can buy a "USB PD trigger" on AliExpress that is a little board that asks a Power Delivery capable charger for 9V, 12V, 15V, or 20V. I haven't seen arbitrary voltage ones yet.

How do you mean arbitrary voltage? There's configurable chips.

I've got a bucket full of old bricks for random hacking. I wonder how long it will be before I junk the lot.

Re:

[AmiMoJo]

I mean PD 3 supports not just the fixed voltages of 5, 9, 12, 15, and 20. You can ask for an arbitrary voltage, I think in 100mV or maybe 10mV steps.

It's supposed to be for battery charging where you just ask for a voltage calculated to produce a certain charging current, but it could also be useful for appliances that need odd voltages. Well, as I said, most don't really need those voltages at all.

Re:

[serviscope_minor]

Holy shit that's amazing! Also includes constant current mode. I had no idea.

Apart from the quite high minimum voltage of 3.3V a decent PD3.1 charger is better than my bench supply.

Re:

[serviscope_minor]

https://lectronz.com/products/... [lectronz.com]

This?

Re:

[AmiMoJo]

Similar, but they do smaller ones on AliExpress. They have ones that can fit inside the plug housing.

Re:

[Pieroxy]

Apple was most likely a year or two away from using USB-C on their phones as Apple already migrated all macs and all iPads at that point.

A lot of fuss for nothing

And now everyone is forbidden to use anything else than USB-C. We'll see in 10 years if that was a good idea or not.

Re:

[Vertigo Acid]

Get A to C adapters that fit inside the port and only carry the C to C

Re:

[moronoxyd]

Here in Android land, we have moved to power adapters with USB-C port years ago, so that we only need USB-C to USB-C cables.
Maybe you should direct your complaints to Apple who were dragging their feet about fully adopting USB-C (note that the iPad and Macs had already been using USB-C for a while!).

Re:

[serviscope_minor]

Here in Android land, we have moved to power adapters with USB-C port years ago, so that we only need USB-C to USB-C cables.

Have we? Most of my wall warts are USB-A, I never bothered to buy new ones. I've got some A-C cables kicking around.

Re:

[Plumpaquatsch]

Yeah, thanks to Apple that proposed the USB-C port to the USB Consortium (around the time they shipped Lightning). You'd be using USB 3.0 Micro-B instead. That would be this beauty [av-connection.com]. You are welcome.

Re:

[Computershack]

Yeah, sorry, but my old iPad still has Lightning. But at least my old Lightning cable plugs into the USB-A port build into my desk. For my new iPhone I will need a special USB-A to USB-C cable. Thanks EU. Oh, and the EU didn't send me an USB-C to USB-C cable either, so I will have to get one of those too, so I need to cary two cables now. OTOH we still have a box full of unused USB-A to USB-B cables, whatever were these for anyway?

I have a M2 Macbook Pro. Thanks to the EU forcing Apple to adopt this I now use my Apple charger and charge cable it came with plugged into the wall next to my armchair to charge my Macbook Pro, my Samsung Galaxy S10 phone, my ROG Ally handheld gaming PC, my Xbox Series X gamepad, my Samsung Tablet. I can also use my 100W 4 port USB C charger in my home office to charge my MBP. I used to have a 5 port USB-A charger but it's now consigned to the drawer as slowly everything in my house has migrated to USB C o

Re:

[Pieroxy]

The MacBooks were using USB-C *years* before the EU got interested in all of that. The EU has nothing to do with your scenario, and is likely having a negligible effect on USB-C being on iPhones as Apple already migrated all macs and all iPads at that point. It probably just forced Apple to change their plug a year or two earlier than that planned to.

A lot of fuss for nothing

And now everyone is forbidden to use anything else than USB-C. We'll see in 10 years if that was a good idea or not.

Re:

[Plumpaquatsch]

Well good for you that you only need to charge one of these things at a time.

Re:

[Brett Buck]

I doubt they care about impressing EU apparatchiks, they are just an annoyance to be satisfied in the cheapest and most expedient manner. The rest of the world will move on.

Re:Eurocrats

[dgatwood]

Shenanigans? They explain the reasoning. It's a security issue and would take a massive undertaking to make it safe for 3rd party browsers to utilize. Since very few people use the feature, they're not prioritizing it.

That's pure, unadulterated horses**t. The DMA doesn't require Apple to open up its app's data stores to other browsers, only to allow other browsers to provide the features that it provides.

A web app consists of a special URL with a special icon that launches a browser in a chromeless window. To comply, all Apple had to do was provide an API for storing a custom app icon that opens a different browser with a custom URL scheme of the app developer's choosing, thus allowing other browsers to save their own home screen web apps if they so choose.

There is approximately zero additional security risk caused by being able to open a URLs in a chromeless window from the home screen compared with the user visiting the site directly, so long as the browsers are not foolish enough to allow websites to save apps to the home screen without an explicit user interaction, and even if they did, the additional risk would be minimal. Either visiting that page from that browser is safe or it isn't. Launching it from the home page doesn't make it suddenly less so.

No, Apple is *choosing* the most obtuse and irrational interpretation of the law deliberately, as a f**k you to the EU for forcing them to allow browser competition. They should be sanctioned accordingly.

Re:

[tlhIngan]

A web app consists of a special URL with a special icon that launches a browser in a chromeless window. To comply, all Apple had to do was provide an API for storing a custom app icon that opens a different browser with a custom URL scheme of the app developer's choosing, thus allowing other browsers to save their own home screen web apps if they so choose.

There is approximately zero additional security risk caused by being able to open a URLs in a chromeless window from the home screen compared with the us

Re:

[dgatwood]

OK, why don't you implement it? You have 1 day to do it.

Because I don't work at Apple, so I don't have access to the source code for coreservicesd or whichever background daemon handles the SPI call from Safari that creates web app launch containers in a format recognizable by frontboard and don't have a way to ship something as part of the SDK.

Oh, you also need to make it so those web apps don't break if the user changes browsers.

No, you absolutely do NOT need to do that. Nothing in the DMA requires all web browsers to share private data with one another.

A web app is by its very nature inherently tied to the browser that created it. Even if web

Re:

[AmiMoJo]

Why only 1 day? Why does the OS developer need to make sure 3rd party browsers don't break web pages?

In the EU, following the letter of the law rarely works. Where there are questions or disputes, the EU has a court that tends to side with the intention of the directive, and the consumer.

If PWA developers or users complain about these rules, the "we followed the letter of the law" argument won't save Apple from a hard slap down.

Re:

[NoMoreACs]

Why only 1 day? Why does the OS developer need to make sure 3rd party browsers don't break web pages?

In the EU, following the letter of the law rarely works. Where there are questions or disputes, the EU has a court that tends to side with the intention of the directive, and the consumer.

If PWA developers or users complain about these rules, the "we followed the letter of the law" argument won't save Apple from a hard slap down.

Well, if an OEM must GUESS at a Subjective "Spirit of the Law" Standard, then the EU Courts are a Joke.

In the US, "Spirit of the Law" is considered ONLY if the Plain Text of the Law is not Followed; but the putative Defendant Argues that they are still in Substantial Compliance with the Spirit of the Law, and that they should not be found in non-Compliance as a Matter of Equity.

Anything else is Fundamentally Unfair.

Re:

[AmiMoJo]

They can just ask if it's unclear. Even the letter of the law is often ambiguous.

Re:

[NoMoreACs]

They can just ask if it's unclear. Even the letter of the law is often ambiguous.

Yes, it is. But at least it is an actual document you can refer-to.

And how do you know that Apple "can ask"? Can you ask Congress to explain if some proposed activity is Prohibited?

Re:

[AmiMoJo]

This is the EU, not America. They can ask.

Re:

[drinkypoo]

OK, why don't you implement it? You have 1 day to do it.

This has been coming for months. Apple has chosen not to do anything about it for months. Pretending that it's a sudden and unexpected crisis is Apple PR's job, not yours. Unless of course you work for Apple, in which case you're obligated to disclose that fact.

Re:

[NoMoreACs]

Shenanigans? They explain the reasoning. It's a security issue and would take a massive undertaking to make it safe for 3rd party browsers to utilize. Since very few people use the feature, they're not prioritizing it.

That's pure, unadulterated horses**t. The DMA doesn't require Apple to open up its app's data stores to other browsers, only to allow other browsers to provide the features that it provides.

A web app consists of a special URL with a special icon that launches a browser in a chromeless window. To comply, all Apple had to do was provide an API for storing a custom app icon that opens a different browser with a custom URL scheme of the app developer's choosing, thus allowing other browsers to save their own home screen web apps if they so choose.

There is approximately zero additional security risk caused by being able to open a URLs in a chromeless window from the home screen compared with the user visiting the site directly, so long as the browsers are not foolish enough to allow websites to save apps to the home screen without an explicit user interaction, and even if they did, the additional risk would be minimal. Either visiting that page from that browser is safe or it isn't. Launching it from the home page doesn't make it suddenly less so.

No, Apple is *choosing* the most obtuse and irrational interpretation of the law deliberately, as a f**k you to the EU for forcing them to allow browser competition. They should be sanctioned accordingly.

And which HTML Renderer would be responsible for Rendering the Content in this Hypothetical "Chromeless Window"?

BZZT! You lose!!!

I honestly thought you knew more about software development than that; but I see that that is obviously not the case.

Re:Eurocrats

[dgatwood]

Clearly you don't understand how web apps work. They're not simply a bookmark as you're suggesting.

I've written web apps. Many times. And I've worked under the hood in WebKit's code base. So yes, I absolutely do understand how web apps work.

From the operating system's perspective, they're literally just a bookmark, with some additional browser-specific magic to tell the browser engine to launch in a chromeless window. That's it.

From the browser perspective, yes, there's a lot of extra "stuff" — manifest support, segregated local storage, segregated cookie stores, etc. — but A. all of that stuff works in a normal browser window even without it being saved to the home screen (or at least it did the last time I checked), and B. exactly none of those features are Apple's problems. They are the browser vendor's problems. Apple's only responsibility is to get out of their way and provide comparable operating system facilities, which means two things:

• Adding an app icon with an arbitrary CFBundleID (for push notification purposes)
• Delivering push notifications to the OS

The push notifications are almost certainly sendable with the existing APIs (see my previous comment [slashdot.org]), which means what's left is a glorified bookmark with app icon styling and a bundle ID for push notification badging. And they must already have some kind of SPI for doing that as part of support for Safari creating these smart bookmarks.

So I would expect this to require nothing more than a public API that wraps an existing SPI, likely with some bundle ID reasonableness checks (more specifically, requiring all of the bundle IDs to be prefixed with the bundle ID of the web browser that created it). Single-digit lines of code.

I mean, some of that code could be hacked-together spaghetti with unreasonable assumptions, and for all I know, they may have let part of Safari itself install the app container with elevated privileges, in which case it could take a little more time to clean up their bad architecture, but it really shouldn't be a big task. The only reason they're painting it as a herculean task is because they know that allowing home screen apps from other browser vendors will invite unwelcome competition.

this is not how web apps works

[the agent man]

They include permanent local storage. Local store in Safari gets wiped after 7 days rendering most web apps useless.

I do know when you worked with web apps but must have been years ago

Add to Home Screen was the only way to create PWA on iOS

Re:

[NoMoreACs]

I've written web apps. Many times. And I've worked under the hood in WebKit's code base. So yes, I absolutely do understand how web apps work
Writing a PWA, HAS ABSOLUTELY NOTHING TO DO WITH KNOWING HOW THEY ARE STORED ON A HOME SCREN AND ARE HANDLED BY THE OS
A PWA is nt much more than single page web app.

So your claim you have written some seems pretty far sketched.

Your claim that one can make a framework/API, and the code behind it, to handle an infinite amount of not invented yet browsers, in 15 minutes, is completely ridiculous. Idiotic at best.

In 15 minutes you can not even make a bullet list with the obvious problems that need to be tackled. And certainly not write a single line of code.

ChatGPT could!

[Ducks]

J/K.

Yeah, dgatwood is a FRAUD and a TROLL. He FINALLY Outed Himself!!

Re:

[dgatwood]

What they removed is the extra ability to send push notifications from the webserver to their web app and have it show up as a bubble on the icon.

Unless I'm missing something, that's not really true.

For many home-screen web apps to be useful, locally stored data must be available to the web app.

A bookmark, as far as I'm aware, always opens in the current browser, which means that the web app has access only to data stored in the current browser.

So when the user changes the default browser, if all they have is bookmarks, they effectively lose all of their locally stored data until they switch the default browser back. This is not an acceptable user e

Re:

[Pieroxy]

Clearly you don't understand how web apps work. They're not simply a bookmark as you're suggesting.

Yes they are. That's very precisely what they were on iOS. And able to run and start full screen and offline. That, they are not anymore.

Re:

[jonwil]

The "this is for security" argument is BS IMO.

A home screen web app is simply an icon on the home screen that, when pressed, triggers a "load this URL in Safari and pass it this special flag" action. Safari is the one that interprets the special flag and displays the app in the special full screen mode or whatever it is.

All Apple would need to do is to add a method for icons to go on the home screen that would (when activated) trigger Firefox or whatever along with the same special flag. What the individual

Re:

[WankerWeasel]

That's not true. They also have other access a bookmark doesn't including notifications access, background refresh and other access.

Re:

[NoMoreACs]

The "this is for security" argument is BS IMO.

A home screen web app is simply an icon on the home screen that, when pressed, triggers a "load this URL in Safari and pass it this special flag" action. Safari is the one that interprets the special flag and displays the app in the special full screen mode or whatever it is.

All Apple would need to do is to add a method for icons to go on the home screen that would (when activated) trigger Firefox or whatever along with the same special flag. What the individual 3rd party browsers do when they get the information is up to them.

Make it so that the API involved triggers a UI confirmation prompt (so that users know that what icon is being added, which browser it's going to open in and what URL the icon will go to) and there shouldn't be any real security problems.

Sez you.

I trust the people who wrote the OS to know just a little bit more than some Rando who has never seen the Code in question.

Re:

[NoMoreACs]

Not entirely, PWA have access to lots of APIs. The problem with the legislation is that any app can now serve a PWA because according to the legislation any app needs to be trusted, which will lead to ads serving PWA of a mock web browser etc which is actually not uncommon on Android to see (for taking over bank applications etc)

Which all the self-proclaimed "experts" on here are either ignorant of, or conveniently forgetting.

Excellent News

[bubblyceiling]

I have always had a problem with providing more and more hardware access to what essentially is “untrusted 3rd party code”. Normally, users have to install an app, which requires multiple steps & user interaction, to be able to be to run 3rd party code on their device.

Web apps bypass all of that user interaction requirement and browsers will provide them with deep access to the hardware, just by loading a web page. This can be made even easier using things links Rich Previews. The webpage

Re:

[drinkypoo]

Bummer for you, they aren't getting rid of them. They are just making them shittier. Now they will have a browser window wrapped around them, where formerly they were full screen. But by all means be a good iFanboy and cheer for this deliberate enshittification that Apple did instead of doing something competent.

P.S. Do you remember that the original iPhone concept was to have ONLY PWAs?

Re:

[laxguy]

Now they will have a browser window wrapped around them, where formerly they were full screen.

oh. my god. the horror. let me call my therapist to see if we can work through this trauma.

Re:

[drinkypoo]

oh. my god. the horror. let me call my therapist to see if we can work through this trauma.

Maybe they can help you with your Stockholm syndrome.

Re:

[laxguy]

grow up

Re:

[drinkypoo]

grow up

You mean like getting past brand worship?

Re:

[laxguy]

no one is worshipping anything you emotionally stunted 6 year old. grow up.

Re:

[Computershack]

Considering that there are many examples of browser vulnerabilities leading to a complete takeover of the OS, I think it is a great idea to limit the access of webapps and to treat them like untrusted 3rd party code. There needs to be a solid boundary between apps that have some sort of code review & WebApps. Thus I think getting rid of PWAs is an excellent idea

All well and good but the user will have visited the website anyway so they've already been exposed to the risk so adding the ability to put a shortcut on the home screen doesn't increase the risk.

Re:

[Pieroxy]

What are you smoking? Web apps don't have any more privileges than the websites they are extracted from when running in the browser. If you choose to let them access hardware bits, it's your choice. Just like in the browser.

Re:

[NoMoreACs]

I have always had a problem with providing more and more hardware access to what essentially is “untrusted 3rd party code”. Normally, users have to install an app, which requires multiple steps & user interaction, to be able to be to run 3rd party code on their device.

Web apps bypass all of that user interaction requirement and browsers will provide them with deep access to the hardware, just by loading a web page. This can be made even easier using things links Rich Previews. The webpage is loaded automatically and 3rd party code run, without any user interaction.

Considering that there are many examples of browser vulnerabilities leading to a complete takeover of the OS, I think it is a great idea to limit the access of webapps and to treat them like untrusted 3rd party code. There needs to be a solid boundary between apps that have some sort of code review & WebApps. Thus I think getting rid of PWAs is an excellent idea

This!

Apple explains why

[dbu]

The full explanation given by Apple below, missing from the article's summary. In short: The system that today guarantees isolated security and privacy for each web application is built into WebKit, not the core of iOS, and alternative browsers could theoretically implement a not-good-enough replacement that would lead to security issues.. Apple cannot or will not verify this in other browsers, and does not want to build an entirely new security architecture in iOS. However, it still wants to ensure the se

Re:

[erik.martino]

The real reason is that PWAs are good enough for many applications and games. When opening up for alternative browsers, you are also breaking the monopoly of the app store and Apple payment monopoly, because you cannot block individual PWAs. They can control the supported feature set of PWAs on Safari but not on Chrome or other browsers. Chrome are free to add more and more features to PWAs until the whole Apple eco system has been fully undermined. If they block third party browsers from creating PWAs but

Re:

[MancunianMaskMan]

that makes sense.
Here I use PWA on Fedora (MS Teams, if you must know) and it's using Chrome, while I use Firefox for everything else. EU rules don't forbid any of that.

Re:

[dbu]

Your claim that Apple would abuse its monopoly by blocking third-party browsers from creating PWAs is moot, as the functionality will be removed for all browsers. And the suggestion that PWAs might challenge the App Store and payment monopoly somehow overlooks the additional changes made to comply with the EU requirement to break the App Store monopoly by allowing third-party stores. However, Apple's hidden motivation may be to prevent PWAs from circumventing the new conditions and restrictions it has place

Re:

[NoMoreACs]

The real reason is that PWAs are good enough for many applications and games. When opening up for alternative browsers, you are also breaking the monopoly of the app store and Apple payment monopoly, because you cannot block individual PWAs. They can control the supported feature set of PWAs on Safari but not on Chrome or other browsers. Chrome are free to add more and more features to PWAs until the whole Apple eco system has been fully undermined.

If they block third party browsers from creating PWAs but let Safari continue doing so, they are abusing their quasi monopoly and they will be sitting ducks for the EU to issue hefty fines.

Oh fucking STOP IT!

The EU Forced this; not Apple!

Re:

[coofercat]

> That's why it's removing this feature.

No - Apple is removing the feature for its own reasons. They could have just said that PWAs have to use Webkit (for now), but all other browsing can be done however the user wants. Meanwhile they could work with other browser vendors to make sure they make one compliant with their security requirements. They could also force the browser instance to be sandboxed in some way, so it doesn't matter what the vendors does, it still stays compartmentalised.

My suspicion is

Re:

[dbu]

> That's why it's removing this feature.

No - Apple is removing the feature for its own reasons. They could have just said that PWAs have to use Webkit (for now), but all other browsing can be done however the user wants.

No, it's not possible, as allowing a WebKit browser (like Safari) to have capabilities that others don't would constitute discrimination, contrary to EU expectations.

Meanwhile they could work with other browser vendors to make sure they make one compliant with their security requirements.

They could also force the browser instance to be sandboxed in some way, so it doesn't matter what the vendors does, it still stays compartmentalised.

Either Apple cannot or will not verify this in other browsers, and does not want to build an entirely new security architecture in iOS.

My suspicion is they looked at how much PWAs were used, and decided it wasn't worth spending the money to do a proper job, so instead they decided to piss off a few Europeans instead.

Indeed not worth the money or how they put it : Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration

Re:

[NoMoreACs]

The full explanation given by Apple below, missing from the article's summary. In short: The system that today guarantees isolated security and privacy for each web application is built into WebKit, not the core of iOS, and alternative browsers could theoretically implement a not-good-enough replacement that would lead to security issues.. Apple cannot or will not verify this in other browsers, and does not want to build an entirely new security architecture in iOS. However, it still wants to ensure the security and confidentiality of all apps. That's why it's removing this feature.

Perfect!

Logical, and exactly what I have been saying for years as to why third-party Rendering Engines are disallowed on Apple OSes other than the admittedly somewhat less-secure (but not at all restrictive) macOS.

So what's the practical impact?

[stevenm86]

What is the practical impact on regular browser users, if anything? I don't use armor care about PWAs. Does this mean I have to move to Europe to avoid all those stupid "ADD THIS PAGE TO YOUR HOME SCREEN!!!!!11111oneoneelecencos(0)" banners half the sites I visit?

Apple trying to win the blame game.

[Computershack]

Apple are doing this to try to get users up in arms so that they protest the EU Commission/Parliament and get the laws changed. However what they fail to realise is that the EU is not the USA. Unlike the USA where a large number of the citizens could tell you who their senator was most people in the EU whilst they could tell you who their local, regional and national politicians are couldn't tell you who their MEP is. In the EU people don't have the mistrust of government like they do in the USA. Therefore