> because you are annoyed about some temporary problems
I mean, all problems are temporary, time is money etc. etc. And there are signs that suggest that some of these problems (namely freedom to run your own software) are not going to get resolved soon. Is there something deeper in your thought that I missed?
> These kind of posts get a lot of upvotes, but they do nothing to change corporate behavior.
I don't understand, we are on a discussion forum. Of course writing comments here does not influence what Apple does, that's not what HN is for, I think (I hope) that everyone already assumes that. Why do you feel the need to point that out?
I do? It's a trivially comparable thing? I'm not even talking about ALL prescription drugs. I'm talking about the fact that some have interactions that can kill you. Having "life savings gone" consequences from a random app install is that level of danger.
A non-trivial number of people should probably have to go see a specialist before being able to unlock sideloading in my opinion... which means we probably all would have to. It's annoying, but I actually care about other people.
I have a hard time with this because it's the world we've lived in forever. Everyone knows installing an "app" installs an executable.
Doesnt android require a specific permission to be user-accepted for an installed app to read notifications? I think it's separate from the post-notifications permission.
This seems to be an issue of user literacy. If so, doesn't it make more sense for a user to have the option to opt into "I'm tech illiterate, please protect me" than destroy open computing as we know it?
this. just like how when you start playing a hard esoteric game like an RTS or MOBA, they ask you what your degree of comfort/experience with the genre is to avoid making a pro player go through the tutorial and vice versa.
In an ideal world where governments and corporations weren't trying to lock us into a closed system for massive surveillance and control, during the installation/setup of a mobile phone should be a question about tech literacy and protection. Selecting any option that isn't "I'm tech illiterate, please protect me" should be very annoying. There should be many warnings in uppercase bold red letters telling the user it can be dangerous and listing those dangers. But if I'm a developer and want to patch my kernel or modify the system as I please, I should be able to do so. If i want to install a malware app in a burner phone to study its behavior (or just for fun) I should be able to do so.
There would probably be one or two grandmas that would still somehow choose the pro hacker mode and get scammed down the line, but I think that minuscule amount of harm done is very much preferable to closing out *literally everyone else* from using the devices THEY BOUGHT.
It might not "solve" the problem, but I'd expect it to significantly address the problem no?
I've heard much criticism of it being too heavy-handed, but I don't think I understand criticism that it won't improve security. Could you expand on that?
No. You seem to be implicitly arguing that that unsigned apps are inherently less trustworthy than PlayStore apps. That's a claim that needs to be proven first. And based on the huge amount of documented data exfiltration performed by Google-approved apps, I'm going to say that claim is false.
I'm arguing that a curation process that includes security review is likely to produce a more secure set of software. Admittedly it might be completely ineffective, but I think that's an unreasonable assumption. So some review is more secure than no review. Now I'm not saying "better", you could argue it's a false sense of security, but it's still more security.
> I'm arguing that a curation process that includes security review is likely to produce a more secure set of software
I actually totally agree! There is no external entity users can rely on to make sure apps they download are legitimate. I read the thread from root to this comment and I don't see it mentioned, so I'm not sure if you know this and are just arguing something else but...
There is actually nothing about testing or verifying apps themselves in the announcement made by Google. It's just about enforcing developer verification in some Google service and "registering the apps".
EDIT: I checked your profile, and I now see that you actually work at Google, on Android... Is there something I misunderstood about these announcements?
> you could argue it's a false sense of security, but it's still more security
Well here I don't agree, I would much rather be aware of the dangers than think I'm safe when I'm actually not.
To add to that, I think it's important to point out that the problem of people not understanding how to safely use their devices is in big part caused by technology companies racing to get widest adoption everywhere, both in terms of location and in terms of industries. I'm not against "intuitive UX design" in general, but at it's extreme, it just fuels incompetence. We shouldn't now let them pick the most convenient option, the option that just happens to also increase their powers over the users, as a way to "fix" the problem.
> how is a UI designed that doesn't fuel incompetence?
I'm specifically talking about UX ("how a user interacts with and experiences a product, system, or service"), not necessarily UI.
> how does it do that? (i am not getting hung up on "intuitive", i just mean you argue that the currently used design fuels incompetence)
tl;dr We have a product, we want to make money, we need people to use the product. One of the things that stand in the way, is people not understanding how to use our product. We will make sure they can get started as fast as possible, and not mention how they may hurt themselves with the product, that would scare them away. Hurting yourself with our product is in the broad "don't do stupid things" category. We will never explain the "framework" (in case of an OS I mean apps, that apps can interact with each other and your data, how you can or cannot, control that), even in broad terms. Just click this button and get your solution.
It started with PCs and people not understanding how to not lose their documents. Now that every device is connected to the internet, the problem became worse.
You can now say that "sideloading" is stupid anyway, but this is not the only problem. Another thing that people still usually learn by painful experience is backups. There are fake apps, on both stores. Another thing, in-band signaling. You cannot trust email, phones, whatsapp, messenger... Even if your friend you often chat with is messaging you, they could've just been hacked.
Try to explain that you also cannot trust websites and that even technical people don't have a good way of telling if an email of a website is real.
But at least enrollment is fast and adoption metrics are growing. Since we are already in "move fast and break things" mindset, we will think about fixing such issues when it actually becomes a problem.
To be clear, I'm not saying that making technology easy is always bad, that you should always expose the user to "the elements" and expect them pipe commands in the shell. But I think that often the focus is on only making enrollment fast. "Get started"
What if we actually expected people to understand something about technologies they want to use?
What if we actually expected people to understand something about technologies they want to use?
but that's what we have now, and it's not working.
the implied question is: what if we don't allow people to use technology unless they can demonstrate that they understand it?
is that really something we want to do? this sounds like gatekeeping, elitism, and anti-innovation because if if less people are going to use a technology, then there is less motivation to build it.
remember, i think it was someone at IBM that said that the potential for computers is some small number? and then it grew beyond anyone's wildest expectations?
do you think that would have happened if we had required understanding before we let anyone buy a home computer?
besides education, i don't know how to approach this issue.
> but that's what we have now, and it's not working.
My entire point is that education is the opposite of what we have now. That users are not expected to understand or know anything about IT technologies they use. Not the case with cars, recreational and prescription drugs...
> the implied question is: what if we don't allow people to use technology unless they can demonstrate that they understand it?
It's not exactly my point, but in extreme cases, maybe. I genuinely think that nobody has even tried to educate people about computers. Like, have you seen IT classes in schools? Assuming you are lucky enough for the classes to have any content, you will probably get some lessons in Word and Excel. Maybe some programming. Maybe Paint. But actually using the computer? Dangers of the internet, importance of backups, trusting websites, applications and emails? The concept of application and difference between applications and websites? And those technologies are not "developing" like they were 20 years ago, they are probably here to stay.
> is that really something we want to do? this sounds like gatekeeping, elitism, and anti-innovation because if if less people are going to use a technology, then there is less motivation to build it.
And the alternative Google and Apple present is giving them paternalizing control over the most popular computing device. The say over what people can do with their devices. After they made sure that these devices are embedded into our lives.
I would much rather we slowed down with innovation for a second and resolved such issues first, because the way I see it, it's literally manipulation (also see: dark patterns).
As for the gatekeeping and etilism - Assuming we want a "computing license" (not necessarily what I'm arguing for), is "driving license" also gatekeeping and etilism? Or maybe some amount of gatekeeping is good?
As for anti-innovation - I genuinely think we might have had just enough innovation in the field and it may be time to slow down a little, take a step back and evaluate the results. And I honestly don't see much innovation in apps/computers/web space besides maybe AI, and governments are already working on regulating that.
> do you think that would have happened if we had required understanding before we let anyone buy a home computer?
Home computers were very harmless before the internet, but that's an aside. Assuming the tech is actually useful, not just slightly more convenient than "traditional" alternatives, then yes, I'm sure it would have still grown to sizes it has grown to today. Maybe a bit slower.
> besides education, i don't know how to approach this issue.
Same, I generally do think this whole situation needs more consideration.
Assuming the owner gave the shop the pin. If so, the shop can already steal a lot of data from the phone. Why bother with persistent malware at this point?
You already have to trust the repair shop with your data. Installing persistent malware on phones is already illegal. What's the point of this extra software protection in this case? To prevent a 0.00001% chance hack? The type of hack that would put the repair men in jail?
Not to even mention that modern phones are basically unfixable.
> So basically all the stuff that makes apple devices actually measurably better has to be opened up so that some rando can make a half hacked together attempt at compatibility?
Only the interfaces and protocols. This is not the interesting or expensive part, unlike the implementation. Apple can still have the best implementation of the protocol, and a lot of people will believe that this is the case.
> For what?
So that people are not locked into the ecosystem when they buy the device. The price for the phone is what they pay, not what they will be forced to pay later, for example by only being able to choose airpods or apple watch for full experience later. For example.
> I don't want random bluetooth earbuds from the petrol station to be able to access an API that lets them send transcripts of my calls anywhere they like
First, don't buy them, you don't have to. Second, technically, the API exposed by the device will first need to allow them to connect somewhere online and send any data. That's a separate issue.
Not to mention that, hypothetically, if bluetooth airbuds were able to send data somewhere by themselves, a malicious airbud manufacturer could still use the protocols by reverse engineering them. Not necessarily the case with legit manufacturers. Such lockin only stops legitimate, non-malicious actors.
> and I definitely don't want a low barrier to entry for devices that can airdrop me stuff or paste to my macbook if I'm out and about.
Allowing everyone and anyone to airdrop you stuff is a bad idea anyway. The protocol was reverse engineered too.
> I'd be happy because I have never once bought a non-apple device that I care about connecting to my phone. I'd have to buy a new monitor but that's ok.
And a lot of other Apple users wouldn't be happy.
> All consumer tech right now is literally rebadges or mild modificatioins of stuff from AliExpress and I don't want that in my nice clean ecosystem.
A lot is not. Again, just don't buy it, you have to choose to let such devices to connect to your device.
> If these competitors want to actually compete then how about they make something that's actually better in some way instead of just hamfistedly copying whatever Apple comes up with?
A lot of the time they legitimately want to, but Apple locks them out of certain features. For example, AFAIK, Garmin watches (legitimate company! with an original take on a smartwatch, definitely not copying Apple) are locked from accessing certain iOS features Apple Watch can access.
I replied to someone else in the same vein but having had a garmin watch in the home there was nothing that it would have done better if it was able to work with Apple's proprietary stuff. If random devices of unknown provenance were able to freely connect with Apple devices then the security of Apple's ecosystem would take a hit. This would be bad.
> I replied to someone else in the same vein but having had a garmin watch in the home there was nothing that it would have done better if it was able to work with Apple's proprietary stuff
> If random devices of unknown provenance were able to freely connect with Apple devices then the security of Apple's ecosystem would take a hit. This would be bad.
Random devices are not able to connect over bluetooth to your device without your consent. Then, the bluetooth device can only get as much information as the companion app will allow it to get.
Besides, we have that on Android (and PCs) and the security of these "ecosystems" is not worse because of it.
Your argument seems a little bad faith. Sure, random devices aren't able to connect to my phone without my consent but Apple devices only need that consent once. After they're on my apple account they can connect with my other apple devices seamlessly, no companion apps at any stage.
My AirPods move from my phone to my macbook all by themselves based on which device needs audio and my macbook can ask for my iphone's camera and mic at will. My Apple devices can do this because they have hardware level security to allow for this. The EU wants the same capabilities to be extended to non-apple devices.
This would mean that Apple would have to let devices connect without a companion app and possibly make a backdoor in their hardware security layer or worse allow anyone to incorporate their hardware security into any device.
If some aliexpress buds were able to do that then this would definitely pose a problem. Bad actors should not get access to Apple's proprietary security tech and that tech is one of the reasons that Apple devices have capabilities which non-apple devices do not.
edit: Your original comment makes a couple of good points re: the cost of lockin for consumers. However, I would like to point out that this cost isn't a problem when the locked in devices are as good as they are. Apple's devices routinely either come near to the top or sit at the top of the list of best X devices from many different review sources. If their locked in devices were worse this would make sense but often they are much better than all of their competition. I wouldn't buy any AirPod competitors because they genuinely don't actually represent better value even when they are cheaper than AirPods. Similarly with other devices, I've tried almost everything at one point or another. The first time I used Android I installed it myself on an HTC HD2. When I ditched windows I went with linux before I went with Apple. I've had powerful self built windows machines and Asus gaming laptops and a google pixel and a pebble and tried many more devices without actually owning them myself. Nothing has ever come close to my apple silicon macbook, my old iphone which I'm still using, my 2nd hand cheap ipad mini or my apple watch. I don't buy apple devices because I'm locked in and have no other choice, I buy them because they actually represent good value for me and my use case.
Disney owns the land and their intellectual property, Apple does not and should not own devices and software they already sold. Especially not by imposing artificial software restrictions.
i’m not a fan of apple, but they do build and own their IP and i respect their right to license it on terms they decide. Is it not expropriating them to suddenly say “mighty fine business you made there mister, your competitors who happen to be our citizens would like a piece of that so how about you just hand over some chunks of it so nothing bad should happen to the rest of it?”
Their rights to license stuff they sell should not be unlimited, that's the entire point.
I understand that your second sentence refers to the fact, that the limitation is only in EU. Businesses have to respect local laws. Laws often mentioned in the thread (DMA, GDPR, although we can only suspect that these are the reasons for this lock) apply equally to everyone who wants to do business in Europe. If Apple does not want to respect these laws, they are free to leave. Even better, they can make changes to their devices that work only in EU and leave it as it already is in other countries. Said "competitors" do not necessarily need to be EU citizens, I'm sure many US companies would use that opportunity too.
Local regulations are not foreign to Apple, apparently similar laws are in force in Japan.
As for "some chunks" - interfaces are not protected by copyright, even in the US. Assuming DMA is the problem, nobody is asking for Apple to release details of their implementation, just for them to remove artificial software restrictions that lock apps from other vendors from doing (a small subset!) of stuff only Apple can do.
Smartphones are general computing devices. Apple and Google are a duopoly in the smartphone market, while restricting what users can do with their devices more than Microsoft ever restricted what Windows users can do with Windows. If we continue allowing these companies to go in that direction, we will end up with computers that are as limited as game consoles are, Apple and Google will be the only beneficiaries of that situation.
i agree that to operate in a country (or block of countries) a company must be prepared to respect even the unjust laws. which apple has obviously been willing to do all day long in many parts of the world.
in this case, it really seems to me like the EU is harming consumers who benefit from the coherently-designed, safe (as compared to androland) walled garden in favor of some fairly overtly xenophobic power play against incumbents local champions cannot compete with on the merits. IMO this type of action directly invites retaliation against European companies and interests abroad.
in the related cases of airdrop interop and alternate stores, it is certainly being required that apple release its proprietary IP to competitors.
there are plenty of hungry competitors in the smartphone market beyond apple and google including Samsung huawei and scores of others.
I don't find the laws unjust in any way. Apple did everything they could to take half of the smartphone market, and to me it's totally understandable that the EU government may want to limit their power over this market.
> in this case, it really seems to me like the EU is harming consumers who benefit from the coherently-designed, safe (as compared to androland) walled garden in favor of some fairly overtly xenophobic power play against incumbents local champions cannot compete with on the merits. IMO this type of action directly invites retaliation against European companies and interests abroad.
Apple consumers will still be able to benefit from this amazing walled garden by choosing not to buy non-Apple devices. Other consumers will be able to choose other vendors that will be able to fully interoperate with Apple devices. I don't see any loses for current Apple consumers.
As for the retaliation. Maybe. Remains to be seen. Introducing any regulations brings risk.
> in the related cases of airdrop interop and alternate stores, it is certainly being required that apple release its proprietary IP to competitors
What proprietary IPs?
> there are plenty of hungry competitors in the smartphone market beyond apple and google including Samsung huawei and scores of others.
In terms of operating systems you have these two. I don't think Huawei counts, aren't they sanctioned still? Harmony OS has a very small share in EU either way.
consumers are harmed because Apple is forced to build in a way that expands its qa surface to include hypothetical tbd third-party integrations thus worsening their products, and surely opening up to more fines by the same EU who set them up like this in the first place.
those who stand to benefit from unjust laws are rarely the ones who acknowledge their nature.
in your previous response you seem to claim that samsung is an insignificant player in the smartphone market, and that integrating third-party app stores doesn’t require divulging security-related IP so i’m going to drop the mic right here.
> So if they bring this system in, something which is listening to people real time and using online AI models to translate things, EU might force them to let _any_ 3rd party AI replace it.
If you allow the third party to do that, yes.
> And when someone installs TotallyHonest Co. AI to replace it and there's a massive data leak where they just stored every conversation as-is in an open S3 bucket, who gets the PR flak on HN?
I see this argument often, as often as I hear about leaks. Do you have an instance where Apple was blamed for a leak from a third party? I never heard anybody blaming Apple for Tea app leaks for a recent example, and it is still available on App Store.
Also, an alternative translation app does not have to be provided by a totally random third party vendor. Companies that to me are just as trustworthy as Apple surely will provide alternatives too - Google, OpenAI, Meta, Microsoft or Anthropic.
So I really don't see what's your point here. Don't install the alternatives if you don't trust them.
Can't reference a leak or incident specifically, but when Foxconn (a massive company with 3/4 million employees) had workers jumping from their dormitories and installed "suicide nets" the headlines were always "Apple factory..." - and I checked multiple sites at the time.
Even though quite literally every single piece of major western technology is assembled in Foxconn factories.
It's purely because dissing Apple brings clicks and people arguing on comment sections and social media posts.
--
And about 3rd party translation AI systems. Of course _I_ won't install suspicious ones, but how do you make sure Auntie Liz won't? If you provide an option to do so, grifters will get less tech literate folks to install any kind of crapware.
> Can't reference a leak or incident specifically, but when Foxconn (a massive company with 3/4 million employees) had workers jumping from their dormitories and installed "suicide nets" the headlines were always "Apple factory..." - and I checked multiple sites at the time.
Even though quite literally every single piece of major western technology is assembled in Foxconn factories.
Apple chose Foxconn. It won't get to choose the third parties implementing alternative translation apps. That's the point.
I see that I wasn't specific, but I thought it's obvious given the context.
> And about 3rd party translation AI systems. Of course _I_ won't install suspicious ones, but how do you make sure Auntie Liz won't?
I think you are switching topics from allowing other vendors to use Apple-only APIs to "sideloading".
Educate her. (yes, that's not Apple's responsibility, and they don't even try. We need people to understand what applications can do when installed on a smartphone or a computer. It's a national education issue IMO). If she can't take care of herself anymore - parental controls.
I see the point in having some entity verify legitimacy of applications, but it does not need to be only Apple/Google, like with TLS.
And it really shouldn't be this way. Everyone is tricked into believing that they own devices they bought. And we are somehow supposed to accept that the abilities of the device can be reduced after we bought it just because the vendor said so. Same with (lack of) right to repair.
It's really not ok, nobody (especially here) should accept that.
The first step needs to be people moving out of the denial phase and realizing that we're already there. Our current laws are written that way.
That's the prerequisite to have any significant initiative to move the needle in the right direction. Most people won't care about fighting hard to secure rights they assume they still have in full.
I mean, all problems are temporary, time is money etc. etc. And there are signs that suggest that some of these problems (namely freedom to run your own software) are not going to get resolved soon. Is there something deeper in your thought that I missed?
> These kind of posts get a lot of upvotes, but they do nothing to change corporate behavior.
I don't understand, we are on a discussion forum. Of course writing comments here does not influence what Apple does, that's not what HN is for, I think (I hope) that everyone already assumes that. Why do you feel the need to point that out?
reply