>>> Use memory-safe programming languages, or features that improve memory safety within other languages, within the alternative web browser engine at a minimum for all code that processes web content;
AFAIK all major engines are written primarily in C++. This "features that improve memory safety" is worryingly vague, and we already know Apple goes out of it's way to make these rulings less useful.
I wouldn't be surprised if they rejected both Firefox and Chrome on these grounds.
did the judge say it had to be written in a memory safe language? Honest question. Otherwise, this seems just like they're looking for a loophole knowing neither their browser nor chrome or Firefox are written in completely memory safe languages. Seems like grounds for a big fine.
I have my doubts. Do they even provide any support for apps on the app store? At the same time they’re paing truck load to lawyers and are about to fork off 10-20% of their global revenue for playing a subborn teenager.
Personally I think you can lower the cost by just making it difficult on the end-users side. If you put a scary pop up and require the password and bury it in the setting then boom, grandma who doesn't know the difference between wifi and the internet won't have issues.
(FYI you've submitted this comment twice about 1.5 minutes apart. I've voted for the older one rather than this one. Mods/dang: maybe the two reply sets should be merged?)
Allowing alternative app stores and browsers is likely to lead to more security issues, more users using tech support resources because a dodgy app downloaded from a 3rd party app store they installed broke their phone in odd ways and will likely increase expenses without increasing revenue.
Because let's be honest, most of the population does not even understand the idea of "app store" beyond THE app store the same way they don't understand the idea of "search engine" beyond Google Search. If Chrome only allowed you to use Google Search as the search engine, most people wouldn't complain. This is the same. As long as they can download their [insert Big Tech Company here] walled garden app, most will not complain. But if their phone starts misbehaving because of a rogue app from a dodgy app store or phones suddenly get more expensive to compensate for higher costs incurred by Apple for their development and support of third party app stores and browsers most will complain.
UPDATE: getting downvoted for pointing out the reality. Most people are not hackers. They don't want customisation options. They are happy with a default store or browser as long as it is good enough. If you want options, Android is there
> Allowing alternative app stores and browsers is likely to lead to more security issues
This is a false argument because even the first party offerings have security and privacy issues. Apple has redefined what "privacy" and "security" means to imply "only things we make" as a sort of selling point. Yes, they make OK things, but who is to say someone can't make something better? Cooler? Funkier?
Also, what happens when the entire planet is vulnerable to the same flaws? It's rhetorical - you get security companies offering services to unlock and decrypt devices for anyone willing to pay them. And what happens when Apple decides to say... remove XX category of apps by a government request? You end up with people owning very expensive slabs of glass and titanium because they weren't allowed to look for apps elsewhere. Apple's way is not the way.
> Because let's be honest, most of the population does not even understand the idea of "app store" beyond THE app store the same way they don't understand the idea of "search engine" beyond Google Search.
I think you should show more respect for your users. Walled garden should be an opt in/out. Not long ago most of the population didnt know how to use a PC beyond turning it on, and lots of people thought Windows 95/98/2000 as equivalent to their PC.
> Allowing alternative app stores and browsers is likely to lead to more security issues, more users using tech support resources because a dodgy app downloaded from a 3rd party app store they installed broke their phone in odd ways and will likely increase expenses without increasing revenue.
I commented this already, but I would expect iOS sandboxes apps in such a way that it doesn't have any impact on other parts of the phone even if the app is hacked for example.
> their tech support not being ready to face new problems.
One of the largest, most valuable companies on the planet which ships phones, computers, makes their own chips, operates their own cloud service, builds frontier tech devices, but their tech support can't handle some new problems? Does that really seem likely? Or a problem that they couldn't solve if they wanted to?
They are just trying to uphold their monopoly seriously.
Anyway, it will come the one or the other way — everywhere. It's just a matter of time, but on top people will fingerpoint even more at Apple, and it will have a much broader negative impact for Apple than simply by introducing it. With all their recent acting they are just confirming that's all about market power and greed.
All of these requirements look good for user security and privacy. I don't want apps to bring their own Blink or WebKit fork with all sandboxing and cross-site tracking protection disabled. I'm fine with apps bringing their own engine with the goal of performance or better user experience. These requirements enforce those expectations.
There seems to be a concern that Apple will use these requirements to ban every single alternative including Blink and Gecko. I doubt that is the case since the purpose of these changes is to allow reliable, responsible players to run their engines on iOS without giving the keys to the kingdom to every app that requests it. Banning Google or Mozilla would not satisfy the EU requirements. Banning BlinkButItAlsoMinesCrypto is fine.
The only additional thing I'd want as a user is transparency. I want to know if an app with a WebView is using WebKit, Blink, Gecko or EngineNobodyHasEverHeardOf.
> I don't want apps to bring their own Blink or WebKit fork with all sandboxing and cross-site tracking protection disabled
Facebook's apps happily do this with the built-in WKWebView and then injects its own malicious Javascript to ensure it spies on what's within the page. You do not need to run a separate browser engine to do this.
It's disappointing that the rhetoric about Apple's anti-competitive restrictions being for "security" still persists to this day especially on a technical forum.
>>> Be distributed solely on iOS and/or iPadOS in the European Union;
I assume this means you have to release a separate App like "Firefox EU" to be able to use Gecko, right? Practically speaking, would any major players actually do it? It just sounds unlikely to me but I may miss something.
> I assume this means you have to release a separate App like "Firefox EU" to be able to use Gecko, right? Practically speaking, would any major players actually do it?
I can imagine browser makers creating names like “Freedom browser, by Firefox”, “Courage browser, by Brave”, “Live on the Edge, by Microsoft”, and so on.
If you read their requirements you can infer why they’re doing this: security. They absolutely do not want users’ phones hacked by a 3rd party browser bug. Nor do they want a 3rd party browser phoning home with user data.
Absolutely the last thing they want is Facebook shipping their app as a browser which bypasses all of Apple’s privacy protections.
There's still app reviews? If Facebook really did ship as a browser, they could just reject it. Just like they reject everything else that goes against their (unwritten) rules.
The alt stores discussion is really <1% of users that'll use it and I don't think is an issue (but anyway, they are policing that too)
Even if someone got unsigned machine code execution on V8's or SpiderMonkey's JIT, the same could happen on JavaScript Core. All browsers could be vulnerable to something like this (it's just a matter of time before a vulnerability appears), and Apple should be focusing on securing their app sandbox.
In terms of privacy and third party apps, isn't the protection domain name based? Those are native apps, so browser protection wouldn't work.
I’d say nowadays it’s 30% for privacy/security reasons and 70% for profit.
Phoning home with user data does not require any browser engine, this has happened many times. Weather apps were selling gps data of their users (and some probably still are).
(1) chrome has a better security record than Safari so they are not protecting users by disallowing it. in fact they're doing the opposite. Preventing users from using more secure broswers
(2) the privacy protections are already circumvented in current WebView based browsers. How do you think Firefox iOS is able to sync all your history?
Arguably they're doing it to prevent any erosion of their native app market. other browsers provide more features like full screen support and PWA support, both of which are ways of providing app experiences that don't go throu apple's cash cow $$$$$ store
I'm all for Apple opening up to other browser engines on iOS but at the same time I'm worrying that this is gonna end up in furthering Chrome as "the web" over time.
Especially considering iOS is far from having majority marketshare in EU compared to Android... this feels like forcing a minor player (iOS in EU) to help a major player (Chrome).
Readit News
>> You must do the following:
>>> Use memory-safe programming languages, or features that improve memory safety within other languages, within the alternative web browser engine at a minimum for all code that processes web content;
AFAIK all major engines are written primarily in C++. This "features that improve memory safety" is worryingly vague, and we already know Apple goes out of it's way to make these rulings less useful.
I wouldn't be surprised if they rejected both Firefox and Chrome on these grounds.
Because let's be honest, most of the population does not even understand the idea of "app store" beyond THE app store the same way they don't understand the idea of "search engine" beyond Google Search. If Chrome only allowed you to use Google Search as the search engine, most people wouldn't complain. This is the same. As long as they can download their [insert Big Tech Company here] walled garden app, most will not complain. But if their phone starts misbehaving because of a rogue app from a dodgy app store or phones suddenly get more expensive to compensate for higher costs incurred by Apple for their development and support of third party app stores and browsers most will complain.
UPDATE: getting downvoted for pointing out the reality. Most people are not hackers. They don't want customisation options. They are happy with a default store or browser as long as it is good enough. If you want options, Android is there
This is a false argument because even the first party offerings have security and privacy issues. Apple has redefined what "privacy" and "security" means to imply "only things we make" as a sort of selling point. Yes, they make OK things, but who is to say someone can't make something better? Cooler? Funkier?
Also, what happens when the entire planet is vulnerable to the same flaws? It's rhetorical - you get security companies offering services to unlock and decrypt devices for anyone willing to pay them. And what happens when Apple decides to say... remove XX category of apps by a government request? You end up with people owning very expensive slabs of glass and titanium because they weren't allowed to look for apps elsewhere. Apple's way is not the way.
I think you should show more respect for your users. Walled garden should be an opt in/out. Not long ago most of the population didnt know how to use a PC beyond turning it on, and lots of people thought Windows 95/98/2000 as equivalent to their PC.
I commented this already, but I would expect iOS sandboxes apps in such a way that it doesn't have any impact on other parts of the phone even if the app is hacked for example.
Of course your local kiosk guy would have no issues.
One of the largest, most valuable companies on the planet which ships phones, computers, makes their own chips, operates their own cloud service, builds frontier tech devices, but their tech support can't handle some new problems? Does that really seem likely? Or a problem that they couldn't solve if they wanted to?
I have used everything else (Symbian, Windows 8 phone, Windows 10 Phone, various Androids including pure Google Pixels).
They have all been tragically subpar compared to my experience with iPhone and iOS.
Other people want the choice. And they're getting it. But that doesn't affect you at all.
There seems to be a concern that Apple will use these requirements to ban every single alternative including Blink and Gecko. I doubt that is the case since the purpose of these changes is to allow reliable, responsible players to run their engines on iOS without giving the keys to the kingdom to every app that requests it. Banning Google or Mozilla would not satisfy the EU requirements. Banning BlinkButItAlsoMinesCrypto is fine.
The only additional thing I'd want as a user is transparency. I want to know if an app with a WebView is using WebKit, Blink, Gecko or EngineNobodyHasEverHeardOf.
Facebook's apps happily do this with the built-in WKWebView and then injects its own malicious Javascript to ensure it spies on what's within the page. You do not need to run a separate browser engine to do this.
It's disappointing that the rhetoric about Apple's anti-competitive restrictions being for "security" still persists to this day especially on a technical forum.
>> To qualify for the entitlement, your app must:
>>> Be distributed solely on iOS and/or iPadOS in the European Union;
I assume this means you have to release a separate App like "Firefox EU" to be able to use Gecko, right? Practically speaking, would any major players actually do it? It just sounds unlikely to me but I may miss something.
Its a mess, thanks apple.
I can imagine browser makers creating names like “Freedom browser, by Firefox”, “Courage browser, by Brave”, “Live on the Edge, by Microsoft”, and so on.
Absolutely the last thing they want is Facebook shipping their app as a browser which bypasses all of Apple’s privacy protections.
Then why aren’t chrome, Tik-tok, etc. banned?
The alt stores discussion is really <1% of users that'll use it and I don't think is an issue (but anyway, they are policing that too)
In terms of privacy and third party apps, isn't the protection domain name based? Those are native apps, so browser protection wouldn't work.
Phoning home with user data does not require any browser engine, this has happened many times. Weather apps were selling gps data of their users (and some probably still are).
(1) chrome has a better security record than Safari so they are not protecting users by disallowing it. in fact they're doing the opposite. Preventing users from using more secure broswers
(2) the privacy protections are already circumvented in current WebView based browsers. How do you think Firefox iOS is able to sync all your history?
Arguably they're doing it to prevent any erosion of their native app market. other browsers provide more features like full screen support and PWA support, both of which are ways of providing app experiences that don't go throu apple's cash cow $$$$$ store
I don't own an iPhone. Could for example firefox on iPhone (that uses webkit?) not phone user data home?
Deleted Comment
Deleted Comment
> Be distributed solely on iOS and/or iPadOS in the European Union
These jokers. This is the usual malicious compliance.
Interesting, I wasn't aware that Lockdown Mode disabled JIT. Does it do that system-wide, or only for third party apps?
https://daringfireball.net/2024/06/apple_disables_webkits_ji...
I wonder if chrome will implement their sandbox on IOS first because of this
Especially considering iOS is far from having majority marketshare in EU compared to Android... this feels like forcing a minor player (iOS in EU) to help a major player (Chrome).