Users will be faced with a dialog saying "to use Facebook, you must accept XYZ", and their only options will be to accept or to not use the app. Facebook will detect empty or fake data and lock the user out unless they acquiesce.

> Let Apple offer users the option

That's easy to say, and much more difficult to implement than it sounds.

Careful: There's a lot of nuance in how these kinds of options are presented to the user. Depending on how they're designed, "the general public" will default to yes or no; or get frustrated / overwhelmed with pedantic permission dialogs.

Thus, part of "Let Apple offer users the option" is a commitment to studying how that option is presented, and the overall implications of such an option.

You mean like on Android? Hell nowadays you can choose "approximate location" instead of tracking people. App permissions have come a long way.

We need devices fully under control of users. Neither Apple, nor Meta should be able to sniff aground once the device lands in costumer's hands

> or fake empty responses without telling the app.

I thought the value proposition of the walled garden was that no app was malicious so this is a non-issue.

> All their other “products” are just suction pipes for hoovering up that data.

I don't think that's true for their VR/MR hardware. That's Meta's attempt to get a product that is _not_ like that, but which instead gets them in a position similar to where Google and Apple are for phones. I.e., where they own the platform and can profit off of that.

Apple chooses to ask the user for permission about certain things, but they're not beholden to that "like any other app". No app can e.g use your microphone in the background to listen for trigger words, no other app can analyse your photos for search without a permission dialog, no other app can transmit nearby BSSIDs + GPS location in the background for the purposes of building a location services system. Apple does all these things. Apple is absolutely not doing things "like third party apps do".

I just got a new iPhone two weeks ago (corporate mandated:(.

I don't recall messages, photos, apple maps, notes, camera, calendar etc asking me detailed permissions. I think health did ask for some.

Installing equivalent Facebook messenger, Google photos, Google calendar, etc also of course did.

(Greediest award goes to whatsapp which basically doesn't work unless you grant it full access to contacts boo)

No they don't. It is literally impossible to create competitors for Apple's native apps and companion devices/accessories no matter how many permission prompts the user approves. That is what this entire complaint is about.

They certainly don’t. We’re talking about apps like Phone, Messages, Photos, Files and system stuff like app tracking (Screen Time etc.).

There are several reasons for a platform to not want to offer 3p interop, from security to privacy to competition, but the DMA is targeted EU regulation to mandate interop specifically for the big tech cos’ platforms and this is one of the first major tests of the law.

> Should you be using a Meta headset while you're driving?

The Meta HUD glasses seem like they're definitely designed to be used while driving, and provide a safer way to access info like notifications than looking down at your iPhone. That isn't "Apple data and APIs" this is a notification that someone needs to display on their HUD.

Really, the fact that Apple doesn't want to allow this sort of thing pretty clearly demonstrates they're acting in bad faith.

It’s part of the API:

https://developer.apple.com/documentation/contacts/cnauthori...

The documentation for ContactAccessButton suggests only presenting it if you have limited access:

https://developer.apple.com/documentation/contactsui/contact...

edit: but that’s intended to be used specifically to respond to a contact search. I don’t use WhatsApp, but a “persistent notification” sounds unrelated to ContactAccessButton.

No? For this particular case if the api exposed a bunch of bogus contacts then the WhatsApp app would be displaying and autocompleting non-existent contacts to the user throughout the UI, which would be a horrible UX.

There are cases where you can fake data and cases where you need to be able to block access and the apps should respect that.

> If this is still possible, then Apple fucked up the implementation of this feature, as clearly there should be no way to differentiate not having bothered to fill out a ton of contacts and having limited access for an app to see your contacts

If you only allow a subset of your contact, WhatsApp proceeds to not display contact information for everyone and to disable the whole status feature.

My assumption was that WhatsApp was heuristically detecting the lack of full contacts access. I figured they looked at the number of contacts to down from a couple hundred (pre-iOS 18) to 5, and assumed I limited access. However, it could totally be a detectable API response to the app as well.

"Every user would check that option" is obviously incorrect. When given the option not to share information, a great deal choose not to. I won't pull a percentage out of thin air, but peoples tendency towards "deny" when given the option is the reason for a lot of the dark patterns that exist (e.g. spamming address book permission dialogs, non-compliant cookie dialogs) and for spying as much as possible without permission. Asking permission for things that might be considered invasive is still the ethical thing to do, and in the early days of computing before the profit motive became overwhelming, developers tended to do the ethical thing, unlike today.

> The reality is that most users don't ever read any message the phone gives to them, they just treat it like any other popup and press yes.

The only part I disagree with is that it's limited to phones, it absolutely isn't. It's any computing device, be it a general purpose PC, a tablet, a phone, your car's infotainment system, what have you.

The large majority of the population does not understand how these devices work, and what kinds of problems they can create if used unsafely, and they don't care to know. And like, I get why: life is complicated enough as it is. Simple fact is when Joe Consumer pulls a new TV out of it's box and it comes with the contrast and color saturation through the ceiling so everything looks like shit, and motion smoothing is adding 60ms of delay to the response of connected hardware, he's fine with that. I don't like that for him, and I wish he wasn't, but most people just don't care. Most people want to speed run whatever damn things they gotta click to make the stupid light and noise machine do what they need it to do, so they can resume their idle time.

That's why if we actually want to make progress on reigning in these socially corrosive services, we need not just options, but a set of default settings, mandated by law, that respects user privacy. As a user of electricity, I do not need to be informed about how electricity works to safely use my outlets. As a user of water, I do not need to be informed about how plumbing works to safely take a shower. I shouldn't need to know jack about smartphones or computers either in order to not have my personal information used to sell me gross new flavors of Coke.

> Every user would just check that option and press yes.

Not if it's available in the developer options, or has more other sorts of friction to check the box. Or if it has a red warning label with the phrase "may increase the chance of hackers stealing your data and impersonating you".

One just has to make it unattractive enough to most.

I found MIUI's solution to this quite well designed, even if it's a little infuriating when altering permissions for a list of apps. There's a big red warning with a user friendly description of the danger and a countdown to prevent quick click through, locked behind an "I accept the risk" checkbox. You need to read at least one UI element that says "danger" before you can complete the interaction.

If such popups were introduced in iOS, they should be universal, of course, and the same danger prompts should show for Apple's software as for their competitors. Apple won't do that (outside of the EU) but it'd be a solution to the data hunger without compromising market accessibility too much.

A good alternative would be for Apple to remove APIs entirely, including for themselves. If they consider some data and some interactivity to be too dangerous for users, perhaps they shouldn't be messing with it either.

Apple makes a habit out of exaggerating the dangers of complying with any regulation. Just a bit of fear mongering gets their fans in a state where they'll maintain Apple's walled garden even when they stand to benefit from it being opened up.

I would support that, too.

I'm not sure how you read the above list and got the impression that meta wanted "total access like this to the phones, networks and data of every phone in the US". "Connectivity to all of a user’s Apple devices" probably means mDNS access for device discovery, rather than root access on all devices or whatever. Same for "Wi-Fi networks and properties". They probably want a list of wifi networks so they can connect to them, rather than low level access so they can run packet captures or whatever. Yes, even the limited access described above presents privacy issues, but there's no need to be hyperbolic and characterize it as "total access".

Apple has shown recently that they are more than OK giving Europeans and some parts of Asia a different iOS experience than the rest of us.

If they are “forced to open up” in the EU it doesn’t mean they will here.