When it comes to your personal data, Apple loves (correctly) to say "all of our user's data is encrypted, we can't access it even if we wanted to, so we cannot respond to this government request for data"
When it comes to application distribution, all of Apple's courage immediately disappears. They could say "We don't sign or control apps distributed through third party app stores, that's out of our hands, so we cannot respond to this government request". But, they chose not to. It was a choice, and Tim Cook chose an ugly, dishonorable, cowardly path.
To protect their users they chose to include a feature that allows them to remotely kill nefarious apps on all devices, regardless of how they got installed. A consequence of that is that they cannot answer government requests to kill apps with “I'm sorry, Dave. I'm afraid I can't do that”.
Was that the right trade-off? I’m not sure, but AFAIK, they aren’t allowed to add alarming warnings when users add alternative stores, so they can’t put up signs “you’re leaving the safe area”, so I can see why they made this choice.
In this case they didn't remove the app from the users' devices, they “removed Alternative Distribution functionality from iTorrent’s Developer Portal without any warning.”
So they revoked the right of the developer to publish on other stores, and don't allow publishing that app on their own store.
Beside of those apparent "government sanctions-related rules in various jurisdictions" cited as reason by Apple (whatever that means), they now demonstrated that they still have indirect control over the offering of ALL digital markets.
So regardless in which market you want to publish, you still need to remain in good standing with Apple.
Combining that with Apple's ability to observe the install-base of iOS-devices it's quite a conflict of interest. (The least nefarious being Apple courting successful apps from other stores to come over to Apple)
You may own the device, but everything running on top of it is part of a service in control of Apple.
It would be great if vendors would be mandated to clearly separate communication about the product and the services on top, so they would have to compete again on actual product functionality, but so far it's not the case...
Unlocking/jailbreaking/installing your own software should be legal. I own the device, I should be able to do with it as I please without breaking cybersecurity laws. The issue is this covers IP/Platform Code and covers jailbreaking as that’s a form of reverse engineering in violation of the agreement you signed when you bought the device. It fucking sucks.
No, you definitely don't own Apple's developer portal or any related infrastructure. If you did, then you wouldn't have anything to complain about, you could just fix it.
And of course you don't own iOS -- were you under any impression otherwise?
I don't really understand this culture of buyers remorse. If you don't buy FOSS, you don't get FOSS.
So you’re saying if I buy a computer, I don’t own that computer?
This is what it is. I own this device in my pocket. I should be able to install, tinker, take apart, said device - granted voiding its warranty - without a company bricking the device intentionally or removing software from the device simply because I chose a p2p network over a centralized one.
Stop defending this. Once you sell something, it’s sold. It’s no longer yours. You may have made it, you may support it, but it’s no longer yours.
They didn’t deliver software. A 3rd party did. Stop making straw-man arguments to defend their actions. If the app was pulled from the normal App Store, fine, that’s Apple’s prerogative. But a 3rd party store? The app signing shouldn’t be used a weapon against software “you don’t like”.
Apple revoked notarization -- which is delivered as a service from their computers.
If you don't like that the phone connects to Apple's servers and uses the data delivered, then you shouldn't have bought a product that works that way. Or alternatively, you can take it apart and change it. Nobody is stopping you.
But Apple doesn't owe you an ongoing service that works exactly the way you like just because you bought one of their devices.
You cannot (generally) install and run apps that aren't (recently) notarized, though. They do owe the service inasmuch as they require it for installing and running apps.
Yeah, the OS preinstalled on the phone functions that way. But this is not in opposition to your ownership of the physical device. You can do still do whatever you want with the phone. Grab a hot plate and pull off the NAND, chuck the whole thing in a blender, anything -- knock yourself out.
By analogy, if food was sold with poison in it, "hey man, you bought it, just remove it if you don't like it. not a chemist? crack a book buddy". And now imagine you had no means of producing your own food and all food sold contained poison.
If unlocking an iPhone and running e.g. AOSP on it were feasible, people would be doing it. And you know that. Your argument is disingenuous.
Food with poison in it is both criminally and civilly illegal, and it puts peoples lives in danger.
Equating something like this to closed source software is why some people don’t take FOSS seriously.
You might think I was being facetious, but I’m being completely serious: the only way for FOSS to compete is by producing good products and bringing them to market. If FOSS advocates keep trying to fight some software licensing culture war instead of producing good technology, they’re not going to change anyone’s mind. 99.999% of people do not give two shits about a software license, they just want to use a damn phone.
It was an analogy. You're moving the goalposts and ignored the latter point.
And I'm not a foss advocate, I just want to be able to run software of my choosing and without spyware, as has been the case since the advent of personal computing.
As a side note, legality seems irrelevant to your position. What if a world government mandated optional sideloading + unlocking? Wouldn't you then argue against that law?
I know it’s an analogy. I just think it was a bad one. The desire for nerds to run unusual software on their phone is not really a life or death situation. I think it’s important to remember that in context, the number of us who care about this issue rounds to about zero. Most people using a phone don’t care.
I also want to run the software of my choosing. But there’s not a single phone you can completely do that with. Some of this is due to design decisions, some of it is due to corporate lock-in, and some of it is due to regulatory requirements.
I wouldn’t be against a law requiring side loading and unlocking, I would be in favor of it. This only addresses part of the software on a phone, though. There’s a lot of software on a phone beyond user space applications.
But I do think it would be reasonable to put some hurdles to make it difficult to do. There are completely valid reasons to protect the average user from being scammed by malicious software.
It sounds like we largely agree, then, so I'm not sure what you were arguing in the first place. That because the companies are legally able to do this and that [hardware-based] jailbreaking is possible in theory, it can't be opposed?
To your other point, firmware is another battle entirely and currently has less practical value.
Yet it happens all the time. More than half of Android phones are infected. So again, a poor argument for security. If anything, by opening it up, we (the collective nerds) could help harden it. Protect it. Improve it.
Why can't they add a "this app is not verified by apple, we can't guarantee it's safe" popup? Making people jump through ridiculous hoops (like jailbreaking) would violate the DMA, but surely not a simple matter-of-fact warning? Windows does the same with unsigned apps, as do many version of Android.
Because they want to cripple alt stores and ignore the DMA for as long as they can to protect the 30% extortionate rate their position as the sole provider allows them to force on developers.
The deliberate crippling of third-party stores is a clear example of malicious compliance, something Apple is well known for when facing regulatory pressure.
It's neither new nor surprising. Think about it: the Netherlands' dating app payment pricing trick, South Korea's alternative billing law, the US anti-steering injunction in Epic v. Apple, the Core Technology Fee for the EU's DMA, their ridiculous 'right to repair' process, etc.
What’s striking is how often parts of the discussion around Apple completely ignore this known pattern, instead leaning on apologetic corporate narratives about safety, integrity, privacy, or the environment.
I am against most of the (current!) regulatory pressure on Apple, but regardless of whether one supports these regulations, we can talk honestly about this practices of malicious compliance or even corporate disobedience. They exists in the world regardless of our personal stance on regulation (or Apple).
Generally speaking: If a tech giant does something and there are several possible motives, one of which is profit or power consolidation, and the others are different things, it is always profit/power. They did not start out a giant after all.
Telling these people about threat modeling completely destroys their arguments. The arguments are lazy, a thin veneer for corporate profiteering, rent seeking, and restrictive behavior.
Youre right - granny isn't installing unsigned binaries and anyone proclaiming otherwise is just bullshitting you.
The reality is that there is no security here. We have massive, glaring holes in the systems we use. Adding a door lock when there's a giant hole in the wall next to it does nothing.
Granny is being scammed via phone, but nobody wants to fix that. I wonder why? Hm, maybe money has something to do with it.
This granny is mythical - granny isn't installing unsigned binaries off an alternative app store. Let's not argue dishonestly - we both know how scams actually happen. That statistic is less than worthless in this context.
If you had told me many years ago end users would be opening powershell prompts and willingly copy pasting commands into them to infect themselves with infostealer malware, i wouldn't have believed you yet here we are with ClickFix
> I’m not sure, but AFAIK, they aren’t allowed to add alarming warnings when users add alternative stores, so they can’t put up signs “you’re leaving the safe area”, so I can see why they made this choice.
I thought you meant "why couldn't they have done so in the first place, without ever giving themselves the ability to killswitch any apps at all, and just show a scary looking message?".
“The gatekeeper shall not engage in any behaviour that undermines effective compliance with the obligations of Articles 5, 6 and 7 regardless of whether that behaviour is of a contractual, commercial or technical nature, or of any other nature, or consists in the use of behavioural techniques or interface design.”
Because Apple is not allowed to discourage the use of other distribution methods, and such a popup implies that an app provided via other channels is "less safe" than an app provided by Apple.
> Windows does the same with unsigned apps, as do many version of Android.
This is not the same. Windows states that they cannot verify the origin of the app because its not signed. In the current state Apple thoroughly verified the origin of the app, and the app is also signed.
Imagine a guy standing in front of your grocery store telling you that "the food in this store did not pass quality control of Walmart, so we can't guarantee that it's safe"
I still don't see the problem. Apple can say this app wasn't verified for safety by Apple because...it wasn't. I see an argument for them having to have a setting to disable the nag screen, but it's just stating a fact, just like Windows says "this app is not signed, you can't verify it comes from the correct publisher".
The walmart comparison makes no sense. A better comparison is the operator of a mall putting up a sign saying the products the stores in there sell are not verified by them. Often a store chain also owns malls, so Walmart saying "the things in the Walmart in the WalmartMall are ours and we vouch for their quality, but the other stores in the mall are independent and not vetted by Walmart.
It's only weird because it's so obvious nobody would think otherwise for a mall. But apparently people expect different for phones, which does make sense given Apple hasn't allowed third parties until now.
> I still don't see the problem. Apple can say this app wasn't verified for safety by Apple because...it wasn't.
In the context of this popup, Apple is not just the manufacturer of the device, it is the operator of a competing marketplace. The fact that they suddenly present themselves and state that they did NOT verify this app implies that the quality of the products offered in that market are somewhat inferior to what Apple themselves are offering. <-- This is anti-competitive behavior
> It's only weird because it's so obvious nobody would think otherwise for a mall.
No, it's weird because Walmart has no business telling customers of OTHER markets that THEY don't vouch for its quality.
In this Metaphor Walmart was already caught and ordered to stop hindering other players from competing on equal grounds, so naturally Walmart cannot put someone in front of every competing store to cast doubt on their offering.
If an OS needs antivirus for this, that OS has been designed wrong (excluding Linux, FreeBSD etc as the target audience isn't regular end users) in the first place.
An OS should NOT need antivirus, it needs proper sandbox and containerization.
- defense in depth means adding such an extra layer is a good idea
- an app can 100% stay within its sandbox and still be nefarious. For example, a password manager could secretly send all your passwords to Mr(s) Evil.
It also wouldn't have a competitive feature set if that were the case -- syncing across devices is a bog standard feature for password managers.
Also, the possibilities for nefarious apps that aren't thwarted by sandboxes are endless: social engineering and phishing are very common and effective.
There is no OS sandboxing and containerization which would prevent an internet facing software, like browsers, to be part of bot networks.
These are good to have, just like how it's good to have an antivirus. In some cases.
Most of the people download things which were checked before with an antivirus (like Play Store, App Store, GMail), or they don't really download anything outside of browsers (e.g. on desktop), so most of the people (almost everybody in case of percentage) don't need that much protection than 20 years ago. I also don't need neither OS level sandboxing, containerization, nor antivirus by default, because I know how to prevent compromise even without those. I, of course, use those when they are needed, when for example I install or browse something risky. But then I use a full blown VM, or an ultra sandboxed browser, and I know the risk, that there is nothing I can really do, if they use a vulnerability of my hardware for example.
It wasn’t their choice to make. The user purposefully installed the app from a 3rd party store. That sounds like user intent. If Apple cared about their users, they would allow a user to use without caveat. Including installing whatever software they wish so long as it worked on the platform.
This is right to repair. This is ownership. When you buy some hardware, you should be allowed to install any software you wish, provided it works and you have the technical know how to do so.
>they chose to include a feature that allows them to remotely kill nefarious apps on all devices, regardless of how they got installed.
Huh, I sideload some pretty nefarious apps all the time on my iPhone and have been doing so for about a decade, and they have never got remotely killed or removed.
It would be trivial for Apple to push out silent targeted OS updates to specific individuals that would log decryption keys and send them to Apple, enabling Apple to decrypt that specific user's data.
Remember, Apple is the same company that cooperated with the NSA to secretly log and feed user data to the NSA starting back in 2012, as revealed by Snowden's heroic disclosure of the PRISM program (which was ruled unconstitutional by a federal judge).
Apple's privacy-protecting image is nothing more than marketing.
Apple is actually far worse at protecting your privacy than Google.
On iOS, you cannot install any apps without an Apple Account, and even some preinstalled apps (like Pages, Numbers, Keynote, GarageBand, iMovie) cannot be used before you assign them to an Apple Account.
On Android, you can install any app from any third-party store without having any accounts. There's a store called Aurora Store that even lets you install apps from Google's Play Store without an account as well, so, you can even install all the mainstream apps, all without any accounts.
What do you mean by your data being protected by vast amounts of encryption? Can you verify those claims beyond trusting what Apple tells you? Isn’t the commenter above insinuating that a targeted individual can be compromised anyway?
If iPhones had flaws in the encryption or security, they WOULD be exploited and monetised.
A zero day remote attack on an iOS device is worth so much money that you have to be _really_ ethical as a hacker not to sell it and report it to Apple for a small reward instead.
The last time one was deployed "publicly" was against Jeff Bezos (or his wife) - one of the top10 richest people in the world anyway. And then it was patched for everyone.
Apple is the only one that effectively knows the Real Name of all their users, because you cannot do anything on an iOS device without signing up for an Apple Account first.
It's virtually impossible to sideload anything on an iOS device without extensive developer know-how; but for Apple itself to do a targetted attack, would be a trivial task.
Android is the privacy heaven by comparison.
It's relatively trivial to get started with F-Droid and Aurora Store, and then you can install whichever apps you need, without providing any identifying information system-wide, without needing anything beyond the Android device itself.
No PCs, no mandatory 0days, no exploits, no specific software/hardware requirements, no warez, no copyright infringement, just pure free software and a few warning dialogues from Google about the dangers of installing the third-party apps, before you can do whatever you wish with the hardware you paid for, on any Android device of any vendor.
The difference is the open source software is auditable - Apple necessarily isn't. Its not the same.
Its not a user interface problem either, that's just a lame excuse. iMessage is end to end encrypted and is arguably one of the most pleasant to use messengers.
Apple is very explicitly and deliberately building their systems to forcibly collect massive amounts of user data that they can and do provide to the federal government.
While it is true that close to all companies will comply with lawful orders (but not EVERY company, FWIW: Lavabit famously shut down instead of handing over SSL keys to feds), it is possible to design systems in such a way as to protect FAR more user data privacy than Apple does. Case in point: review the contents of Signal's subpoena response a few years ago:
This isn't a sham privacy claim like the kind made by Apple that requires you to trust the provider, either. Signal's clients are famously open source - something Apple does not do for pretty much any part of iOS or Mac OS:
Additionally, most of the Signal server's source code (nix the anti-spam components) is open source, as well as the libsignal library used across the clients and server alike:
Apple could be this transparent if they wanted to. They choose not to be, because the truth is, they do not actually care about user privacy, they are constantly collecting massive amounts of telemetry, user data, and user metadata from every single device they make, and they have been proven to share this data extensively with the federal government via the Snowden leaks, even in spite of the few actions they take publicly to maintain the marketing illusion of being a company that cares about user privacy, such as in the wake of the San Bernardino shooting.
Why is Apple taking the harder route then? Like having Maps go through proxies and get the route in small bits so that Apple's servers don't know who is going where, for example?
Meanwhile Google is giving you notifications about "would you like to review <this exact tiny shop you were just in>", because they are the good guys?
The TSA performs security theater, where they take the harder route, yet fail to even detect, let alone stop 95%+ of yesterday's threats, to say nothing of today's or tomorrow's threats:
As for the deeper why: it's more important to the US government for passengers to feel safe than it is for passengers to actually be truly safe.
Likewise, it's more profitable for Apple to make its customers feel their data is private than it is for Apple to make their customers data actually be truly private.
Apple is not privacy-preserving company.
Apple is marketed as a privacy-preserving company.
No, an iOS 0day _is_ less valuable. Every exploit acquisition program pays out more for an Android RCE than it does for an iOS RCE. And it's not surprising: give iMessage a mean look and a .png that looks funny and it breaks under the pressure.
The rest of the thread above is merely the delusions of an Apple fanboy, followed by dozens of people listing out reasons why an iPhone is more vulnerable to attacks, both from external actors _and_ from Apple collecting massive amounts of data and having total remote control of "your" device.
> On Android, you can install any app from any third-party store without having any accounts. There's a store called Aurora Store that even lets you install apps from golgle's Pay Store without an account as well.
I thought Google recently announced changes to this requiring a developer account to side load.
Yes, Google did announce of the plans, but those changes aren't active yet, and they plan to start enforcing them in only several APAC countries where sideloading is far too popular and gets abused far too much.
Hopefully, they'll see just how ineffective their measures are, and abandon before applying the plans to the rest of the world.
> where sideloading is far too popular and gets abused far too much.
Why do we consider user installation of software abuse? Plenty of people install software from non-play repositories simply to prevent Google from getting data about their app profile.
The issue I spoke of, is not by the user, but by the fraudsters tricking people into installing malicious apps.
I disagree that such protections (at the expense of the power users) are necessary, but, OTOH, you cannot just ignore such issue existing in the first place, because it does exist, and Google already does have the tools to combat it (by scanning all apps regardless of origin, and blocking malicious ones).
The unspoken part is, now that the functionality exists, it will be rolled out in more and more countries because it allows governments to directly control what apps users have access to. My response to Chat Control in the EU, if all efforts to stop it were to fail, was always "well, I have an Android, so I'll just install whatever app that isn't backdoored". But if Chat Control passes, this exact functionality will eventually be used to ensure that I can only use backdoored apps.
There is no way to abuse it "too much". In fact there is no way to abuse it at all. "Sideloading software" means "installing software on my own damn machine". You can't abuse installing software on your own machine.
That is indeed one area of privacy but I wouldn’t say that Apple is far worse. There is countless number of examples where this just simply isn’t true.
Also regarding the App Store, you don’t have to enter a credit card, you can make an account with a new email address.
What's worse than the inability to NOT have a permanent standardised real-name identifier on your device at all times and on all devices?
Apple has really questionable security as well. There's lots of people who have reported Apple randomly asking for Apple Account passwords all of a sudden in popups, on both iOS and macOS, the same way as malware would; or forcing password resets every day or every week.
BTW, do you know how many customer accounts did Apple terminate in 2024? It's 128'961'839 — nearly 129 million customer accounts terminated in just one year.
Wouldn't Apple have just done exactly that when they faced public and state pressure to unlock the iPhones of mass shooters, such as the San Bernardino shooter or the Pensacola shooter? That was their golden opportunity, but instead they refused, went to court, and forced the FBI to pay third parties to break into the phones. That's the opposite of your espionage scenario.
If Apple never decrypts a user's data, then this debate will never resolve, because there will always be people who insist that Apple's teetering on the precipice of logging decryption keys and decrypting a user's data – or worse, that they've already done it and we're just waiting for another heroic whistleblower to reveal their corruption.
> Remember, Apple is the same company that cooperated with the NSA to secretly log and feed user data to the NSA starting back in 2012, as revealed by Snowden's heroic disclosure of the PRISM program (which was ruled unconstitutional by a federal judge).
PRISM compelled Apple to provide the NSA with access to cloud data they already held under FISA orders. Apple was not installing spyware on people's devices as you seem to be implying.
>PRISM compelled Apple to provide the NSA with access to cloud data they already held under FISA orders.
Cloud data that's supposedly encrypted with encryption keys Apple pinky promises they don't have, right?
>Apple was not installing spyware on people's devices as you seem to be implying.
I am very clearly not implying this is currently happening - just that there is nothing theoretically preventing this from happening, and the company already has a history of secretly cooperating with illegal government surveillance programs to provide cleartext user data - user data that they love to present an image of protecting vigorously.
> It would be trivial for Apple to push out silent targeted OS updates to specific individuals that would log decryption keys and send them to Apple.
I don't think they even need to do that. They are in control of the encryption process and obviously already process the data to create a persona of the user (after which it is no longer considered "user data")
You haven't noticed that the tyrannical agencies, aka "intelligence" agencies in the west no longer white and throw tantrums about "going blind" and "black holes" etc. regarding Apple device encryption?
I do not get the impression that they just forgot and stopped being traitors.
I mean, you can just look it up instead of spreading conspiracies.
Apple put in functionality that makes it impossible for them to unlock phones and added additional controls to make brute forcing infeasible. The fight was fought, they had it out in court, and it's done.
If that wasn't true, literally all iPhones would be backdoored by the Russians and Chinese lol. Law enforcement is utterly incompetent when it comes to technology, you think they wouldn't immediately leak keys or access?
I regret to inform you that the latest leaked Cellebrite support matrix [1] (from summer 2024) showed that all iOS devices on then-current iOS versions could be forcibly unlocked by law enforcement in AFU state (After First Unlock, following a reboot) using their software.
The only devices that successfully resisted their attempts were Google Pixels running GrapheneOS. According to those documents Cellebrite hasn't had the ability to crack them open since 2022. There's an updated matrix for Android from February [2] which indicates that this hasn't changed on the Android side.
We don't know what Apple does or doesn't do. They might not be able to unlock iPhones in their normal state, but what stops Apple from instructing your device to silently install a specially crafted update which makes that possible, prior to your arrest? I don't think that there is anything stopping them.
You also said "[...] and added additional controls to make brute forcing infeasible." which isn't true as demonstrated by Cellebrite's capabilities. They can take the latest iPhone running the latest iOS and unlock it for you for a price (allegedly only with a warrant which law enforcement can always get).
> If that wasn't true, literally all iPhones would be backdoored by the Russians and Chinese lol.
This comparison also doesn't hold up because "Russians and Chinese" don't have physical access to our devices (seemingly required for most of these exploits) while law enforcement who arrested you does, and they can easily ship your device to Cellebrite's lab if need be.
There's no blind faith involved. Apple has one of the best security teams in the world. If they decided to punch a hole in their flagship product security, I am very certain at least one engineer would speak up about it.
Some more context from the linked github issue[0], the app was removed because of European sanctions against Russia, it seems that the app developer who now lives in Malta, has a Russian background.
What is interesting is that it's Apple enforcing these sanctions, rather than AltStore.
The amount of control that Apple exercises over these alternative app stores, really does seem to be against the spirit of the DMA.
That’s also weird to me. I don’t have current 2025 info on the sanctions, but back in early 2022 I had a colleague with Russian citizenship who was living in Ireland (with proper permission to live and work - I think even permanent residence). He was exempted from the nationality-based sanctions because of his EU residence, although he did have to prove it to e.g. his banks.
Do the sanctions applicable in 2025 apply even to EU residents of Russian nationality or origin without such an exemption, or is this person covered by more narrow sanctions like one which name him individually, or is Apple going beyond the sanctions rules here for a store they don’t even operate?
Edit: reading the linked GitHub discussion more closely, it seems that he expects to benefit from the same exemption as I was describing, with the problem being twofold: one, the developer had neglected to update his personal info in Apple’s dev portal - not Apple’s fault, at least assuming that sanctions enforcement is their job at all in this scenario. But two, Apple has taken a long time to react to this guy providing proof of his Maltese residence, so that’s on them for being an unresponsive bottleneck.
> But two, Apple has taken a long time to react to this guy providing proof of his Maltese residence, so that’s on them for being an unresponsive bottleneck.
Someone I know has Maltese citizenship. From the stories they've told, the unresponsive party might not be Apple.
(At one point, my friend had to show up at the Maltese immigration office in person to get them to respond to an inquiry.)
The proof of residence that he said he sent Apple was his Maltese residence permit, so unless Apple verifies provided documents with the issuing authorities (honestly doubtful), the bottleneck is within Apple and/or anyone to whom they outsource these appeals.
And 3, Apple asking for a photo of the ID instead of using eID so the entire process can be tap > Face ID (in your country’s eID app) > done.
Also for some reason on App Store Connect, Apple is asking for a country of birth, not citizenship so with that alone, it’s unclear to me how can they make a determination at all.
Once again, our random spawn point (of which we have no control) is interfering with what we can and can’t do in life. Oh and Apple totally not getting how people live and move in the EU.
My understanding is that the EU sanctions themselves do care about place of birth, separately from citizenship, not just Apple’s implementation. I’ve certainly seen such a question in non-Apple implementations of these sanctions.
As for not supporting eID, yeah that isn’t great, but so many people have non-electronic EU residence permits (including me within the last few years - though I don’t have Russian origin or citizenship) that they’d have to support the non-eID flow regardless. Maybe they wanted one fewer flow to implement, or maybe they felt that eID verification didn’t meet their compliance needs. No idea there.
last time I checked if there are no sanctions against you personally you shouldn't have any troubles?
I believe sancitons lists are public so that has to be verifiable by searching for "Daniil Vinogradov". Quick search on EU sanctions tracker [0] did not yield any results. Neither did [1]. So what's up with that?
That statement cannot be taken at face value. Russian developers and Russian registered entities are freely publishing apps on App Store. EU sanctions do not prevent that.
> What is interesting is that it's Apple enforcing these sanctions, rather than AltStore.
That's quite a red flag. Apple demonstrated that despite their seemingly compliance with the EU DMA, they are still indirectly in control of ALL digital markets.
This is still an uneven playing field, and I hope the EU is not blinded by this "feature demonstration" of Apple now...
Lots of Russian apps and services registered in Malta or Cyprus, but their devs continue to live in Russia. And naive users think they’re using a European app or service. For example Adguard.
It's not the first time I've noticed you spreading this misinformation on HN, so let me respond.
Most of AdGuard's staff relocated in 2022, and I (CTO and co-founder of AdGuard) personally live in Limassol, Cyprus. We commented on that publicly, but it seems that random forum posts often regarded as more reliable sources of information.
I am totally fine with anyone not trusting AdGuard for any reason, but please keep your statements factually correct.
PS: Sorry for sticking a small promo in the comment, but this year we're organizing the annual summit (adfilteringdevsummit.com) for ad blockers' devs on our home turf in Limassol, a perfect opportunity to meet us, other ad blockers and even browsers' devs.
If you've still got most of your devs working in Russia, and it looks like that from your github projects, I'm not sure what part of the comment you responded to is not correct or misinformation.
Most of the employees relocated including senior staff, devs and people with access. We still have some contractors working from there, mostly in support service, content and qa. Not "most" or "a lot", but nevertheless.
We encourage people to move closer to the head office, but as long as it's not required by law, we’re not going to force people to move out, as I know very well how hard it is.
> and it looks like that from your github projects
You do realize that a russian name != working in Russia, right?
> I'm not sure what part of the comment you responded to is not correct or misinformation
The parts where:
1. It's implied that the company is just "registered".
2. It's implied that the company is not European.
3. It's said that devs reside in Russia.
All three are factually incorrect.
AdGuard has been around for 16+ years, and throughout this time I've seen similar accusations many times. I am generally fine with them — that's life — but today I just wasn't in the mood, sorry for that. Anyways, this is one more reason to have more code published to open source, a win-win for all.
The AdGuards CTO and cofounder just replied to my comment, called it misinformation, but then confirmed that a large amount of their team continues to work from Russia.
If you trust Devs working in Russia with you or your companies dns security, you’re insane.
His detailed clarification came post my reply to you. Prior to that his statement was that most of their employees were no longer living in Russia. Which implied that some percentage of employees still lived in Russia. He claifies that it’s just contractors and supporter without access, which is much better that some of their employees still working from Russia.
AdGuard would still be outside my comfort margins because of exposure to the Russian government through friends and family.
Thanks for understanding and sorry if my comment sounded too harsh. Over the past few years we went through a lot and when I hear that AdGuard is just registered I may overreact.
What for your position, I respect it and as much as I’d like to say otherwise, under certain circumstances it can be reasonable.
Indeed, I thought the whole point of alternative app stores is that it’s not Apple’s decision any more whether an app can be installed or not. This looks like another case of malicious compliance.
There is a lack of proof that the developer is linked to a sanctioned entity. Not saying it isn't, but The Verge should be at least trying to verify that IMHO (instead of taking the statement at face value); I'd even trust a "we verified it but won't publish to protect the developer".
I believe it was the Apple fee monopoly that was the central thrust of the anti-trust case, not open distribution of apps themselves. The goal was to allow storefronts to compete on fees.
If Apple was banning apps from alt stores but keeping them listed in their own store, then it would be a legal issue.
I personally I think it defeats the purpose as well, but I'm more concerned with the right for people to do what they wish with their own device. These antitrust court cases can get pretty specific with what they are addressing.
You're talking about the US case I believe. Alternative app stores were born out of the EU Digital Markets Act which Apple has been brazenly violating since day 1.
The purpose of the DMA is to eliminate gatekeepers' stranglehold over the market and promote competition by forcing them to compete on equal footing. Apple's compliance strategy thus far has been to create an appearance of compliance (alternative app stores, what more do you want??) while fully retaining their chokehold in strategic areas like notarization and core technology fees which completely undermine the goals of the DMA. They remain a gatekeeper who imposes taxes on competition and retains the ability to kill your project (or business) without a due process.
Aren't they both anti-trust problems? Suppose Apple bans apps that compete with some service they offer themselves. Allowing them to be banned in alternate stores as long as Apple also bans them in their own store is clearly not going to make that better, right?
if you move from ban to, systematically hinder updates, despotic interpretation of store TOS/Guidelines/Rules, APIs their apps can use and others can't which affect competitiveness of the apps, not having to pay their own fees, randomly removing top apps from the app store front/ranking/promotion, TOS which make competing impossible etc.
> I believe it was the Apple fee monopoly that was the central thrust of the anti-trust case, not open distribution of apps themselves.
This was not just subject of the anti-trust case, it's Apple being expected to comply with the EU Digital Markets Act.
(The DMA defined objective criteria to identify a scaled market of digital goods with an uneven playing field for all players. Apple was found to have created such a market and was ordered to rectify this)
Totally, the only ""freedom"" that they have is the free development program... But they can cancel your account at any time if they wish for "abusing" it, and you even have to refresh apps every week.
Difference is in the fact they don’t have any incentive in checking submitted apps to alternative stores. Does it even launches? Does it use private APIs that will break tomorrow? Who cares. Surely not Apple. It’s on that alternative stores.
But if they asked to block an app due to breach of a law, they will oblige.
Your argument was that this is a distinction without a difference. I pointed out the difference: apps on alternative app stores exist until Apple is legally forced to remove them.
from torrentfreak > "No further context was provided, but the developer purportedly had a Russian developer account, despite living in Malta."
"seems the issue is related to government sanctions" - so he is still connected to the Russian government then?!
btw, Malta is a good place for Russian agents, Sergey Gorokhovsky is one such and he oversees White House Personnel while telling everyone he's not Russian
I’ve never managed to get this torrent client working myself. I paid money for Altstore, but I’ve only ever found some emulator. I think I just don’t understand how it works.
Just now: I open Altstore, see an ad for the Epic Games Store, I tap it, the install button at the top sends you in a loop back to the same page, nothing happens. Oh, there’s another button (lower on the "page"): Install on iPhone or iPad, I tap that, then another button, Install. I tap it. New screen: Open the Epic Games Store on your home screen. Except that there is no Epic Games Store anywhere on my device.
And that’s basically all my experiences with Altstore.
The idea is really nice, indeed, which is why I paid for it immediately (just 1-2 euros or so I believe) but I never got anything out of it, ah well.
Not to play devil's advocate here and also IANAL but:
If (as as it is) Apple is still controlling apps via notarizarion/digitally signing apps of and recognizing developers, and if the app is developed for something that would land Apple in legal trouble (e.g. it makes it easy to freely and illegally download music and Apple also has legal contracts with record labels as they have Apple Music, and not only legal but it also affects Apple's own music revenue too) as the app has passed explicit notarization of Apple (in other words: Apple "knowlingly" allowed them and greenlighted them by notarizing the app), wouldn't it cause legal trouble for Apple?
For that, it's the logical behavior for a company like Apple to stop allowing the app.
Again, I'm not supporting it, but I can imagine where it's coming from and that makes sense from a business perspective as torrenting on mobile has almost no legal use cases. We all know you have not installed it to download your favorite Linux distro to your iPhone.
If the ability to remove apps obligates them to remove apps, then that is a strong argument for them not to have the ability to remove apps.
It also almost certainly doesn't so obligate them. They aren't acting as an intermediary, they are just incidentally signing the app. The app signing certifies in the first place that they checked the documents of the app devs, and in the second place that they haven't decided to remove the app. But removing the app is an action, not an inaction, they can't be compelled to take it. It would be like the record label saying I had to stop a bootlegger I happened to observe while I was out for a walk.
Legally that sounds about right, but morally, your argument does nothing to defend Apple. They pioneered stealing autonomy from their users. They know governments abuse this [1,2,3]. Yet they prefer to profit off keeping their users prisoner, than give them control of the devices they paid for.
Maybe the first time you chain a man to a tree, you can plead ignorance, that you didn't know wolves would come eat him at night. But by the 100th time, you're as guilty as the wolves.
Actually I didn't mean anything that contradicts your comment. I do agree with what you are saying.
I don't think we should be expecting moral values from any company over a certain size, be it Apple, Google, or anything else. They "care" about privacy as long as they profit from it directly as device/service sales or indirectly with brand value/trust/PR.
And, to clarify, the problem here is not that the company collaborates with governments in policing their own stores, the problem is that they do NOT allow you using any alternative stores.
This is a "have your cake and eat it too" problem.
IMO you can either be a dumb marketplace with common sense moderating and not be responsible for the content on your marketplace, or you can be a curated and secure marketplace, in which case you must necessarily be responsible for the content on it.
1. Not endorsement, but at least a recognition of some sort that Apple recognized the dev and the app and allowed them to publish this app (regardless of which store).
2. AFAIK Apple isn't doing anything illegal by pulling out this app. Malicious compliance? Perhaps. Illegal? Nope. If Apple doesn't do this, then it would indeed attract legal issues due to the first point.
That would be a valid argument if Apple mislead you into buying iPhone under the false premise of „you can install everything you want“. Instead, you either chose to blame Apple for making your phone work exactly as it was intended, or, as customary on the internet, you are blaming Apple for designing device you don’t even own against your expectations of how they should do it.
To be precise, it's not the hardware but rather Apple's operating system software which is restricting what software applications can run on your device. Do you really own the iOS operating system? No.
I don't know precisely where the line is between owning the literal physical atoms and not owning the literal binary blobs of software, but agree or not, it's well understood that buying the right to use software is not synonymous with owning the software. I feel like the hardware–software distinction is a difficult one to square in the context of "owning an iPhone."
Does owning the atoms of your phone entitle you to a mechanism for side-loading your own operating system binaries? I think so. If you buy hardware, there should be a reasonable mechanism for wholesale replacing the supplied operating system software with any alternative you like. Should Apple be required to document how any of hardware works? On that I'm ambivalent but I lean towards yes. But as for how iOS works, I personally think that's regrettably out of scope, because owning the hardware isn't the same as owning the software.
> it's not the hardware but rather Apple's operating system software which is restricting what software applications can run on your device
I disagree - the restrictions also apply at the hardware level. The entire boot process is locked down to prevent people from running their own OS on the hardware. It's nothing like Macs where Asahi Linux exists as an option. If anyone ever discovered how to bypass the restrictions you can count on Apple to fix it.
With respect to allowing people to run their own OS, if you read my post in full, you’d see that we are in complete agreement.
But it’s pretty unambiguous that any restrictions are software, not hardware. It’s just lower level software that runs earlier in the boot/system bring-up process.
DMA has shown us that Apple will do the absolute minimum to comply with changes like this. The fact that Apple is asserting it's power over an app distributed on a third-party store is a whole new example of legal changes not actually giving us what we want.
There's also the location issue. DMA forced Apple to make some changes but only in the EU. Apple is willing to do the work to only comply in regions where they have to. What happens if your country decides that Apple isn't doing anything wrong?
If this is something you care about then you should not buy an iPhone. First change the rules and then buy one when they comply.
While of course not quite apples to apples, it's still interesting to consider what the reaction would be if Apple complied with a government order to block a domain entirely on all its devices. Where, ultimately, is the difference?
This headline is misleading as it seems the issue is with the way countries are sanctioning Russian developers (assuming based off the Russian name) as opposed to being related to torrents.
Ideally you would be able to install what you want on devices you pay for, without being overseen by an external body, thus rendering sanctions irrelevant.
While an option in the design space, and favorable for countries who may have sanctions placed on them, it may not actually be ideal since that means malware authors have free reign.
Yes, users will install malware sometimes. I'm OK with that as long as the rest of us don't have to suffer everything being locked down for their sake.
People need to learn how to use computers without installing malware. In almost every other field, it's normal and expected that people learn how to operate the tools properly; if they don't, then it is their fault. For some reason, technology has ended up different, and we dumb things down endlessly. I am tired of it.
Phones are not designed to be a specialized tool of a field. They are gadgets designed for a general audience of billions of people.
>For some reason, technology has ended up different
Because with computers there is a lot of freedom in how things can be made to work without adding extra cost to the product. They can be designed to be user friendly.
Cars, knifes, power tools, and a million other things are also designed for a general audience of billions of people. And if you do not learn or use these responsibly you'll end up with a lot worse outcomes than getting some malware on your phone.
Take for example power tools. If a sawstop could be implemented to a power tool for free then all of them would offer the feature. Cars also have had a ton of safety features that have become required in order for them to be sold. Dangerous knifes also have been banned from being sold. It turns out that for other tools society didn't just accept that they were unsafe. They improved safety or legislated safety.
A sawstop doesn't spy on you and doesn't stop you from using your saw (why would you want to cut your own hand off?). Meanwhile there is a legitimate reason to want to install applications without the eye of Sauron always watching...
Ultimately, humans love gambling and it's one of the best ways to make money. It will require creating rules via the government to eliminate such apps.
So in the end we got the worst of both worlds in Europe. Apple does malicious compliance while still holding control of app stores while EU users are being kept out of things like iPhones remote screen.
I'm gonna get bashed here because the average HN user is a EU-weeb but if you can't properly write regulations don't do it at all. I'm tired of good intentioned candy colored EU regulation that ends in worst experience for everyone.
As a EU citizen, it is kind of exhausting to read all the pro-EU legislation rhetoric on US-centric websites like HN while witnessing our governments destroying all our institutions and values at home.
EU legislators might not get checks from lobbyists as big as their US counterparts, but they are just as rotten of a bunch.
Not sure why you're being downvoted – this is a perfectly interesting fact.
Presumably the words "chit" and "pat" don't literally mean "heads" and "tails", though, even if they correspond to those sides? If not, what do they mean?
"chit" is derived from "chitra" which means "picture". It translates to face side. "pat" has the same origins as "sapaat" which means "flat"/"plane". So it IS the heads/tails analogue for Hindi and Urdu.
Google does not notarise apps outside of the Play Store on Android, so, no, they will not do exactly that.
My fav App Store on a fresh Android is Chrome, because you can use Chrome to install any other app store, or any app directly from any website.
On iOS, there's no such alternative.
In fact, on iOS, you cannot install ANY app at all until you login into an Apple Account. In fact, even some pre-installed premium apps (Pages, Numbers, Keynote) on iOS cannot be used before you login into an Apple Account.
By comparison, Chrome lets you install any app from any website without providing any identifying information, preserving you privacy. It's very easy to dismiss the login screens when setting up a new Android device, too; something that Apple also makes far more difficult on iOS.
That trial they'll be running isn't even live yet, and isn't even set in stone, either, and is limited to just a few countries in APAC. So, even with the news, it's still 2y away at a minimum for the US/EU.
Part of the big success of sideloading is that few people are doing it in the US/EU, so the attack surface is smaller as a result.
When it comes to application distribution, all of Apple's courage immediately disappears. They could say "We don't sign or control apps distributed through third party app stores, that's out of our hands, so we cannot respond to this government request". But, they chose not to. It was a choice, and Tim Cook chose an ugly, dishonorable, cowardly path.