And for web browsers, which are basically an inner-OS, making sure that plug-ins can't read arbitrary content from the pages you visit.
And given that "phone" is an app, that it can't wiretap all your calls.
Also, one of the fights between Apple and Facebook was basically stuff which, by my reading, was stuff Facebook wanted to do which was illegal under GDPR: https://www.cnbc.com/2022/02/02/facebook-says-apple-ios-priv...
There's also stuff which is bad for the device, but I'm not sure if it really ought to be Apple's responsibility to prevent, like crypto miner libraries running on-device as an income stream for the developer.
"This keyboard app requires access to network resources, do you want to allow this?" Or better yet, let the operating system block apps from using both network resources and keyboard api's.
> And for web browsers, which are basically an inner-OS, making sure that plug-ins can't read arbitrary content from the pages you visit.
My web browser allows me to choose when I want an extension to have access to a web page.
> "And given that "phone" is an app, that it can't wiretap all your calls."
I'm gonna guess it does this with a man-in-the-middle attack. "The operating system has detected that this phone app always calls the same number. We have disabled it for security reasons." Also if you buy a phone, it might be reasonable to let there only be one phone app.
I'm kind of tired of people claiming the hand-holding argument, that apple helps people who do not understand technology. My sister uses apple devices exclusively, but at her work, her employer regularly does tests for phishing and she always fails. It is time people get educated about how to use their computing devices. These devices have been around long enough that people who fall for obvious scams should be considered incompetent.
And what makes you think Apple can stop these apps on their own app store before they cause harm?
I sense this pervasive belief on HN that Apple's reviews are infallible, or that they magically catch malware, when in reality it's just some low ranking person installing the app and navigating through it to spot obvious flaws, usability issues, rule breaches, and ensure that the developer doesn't try to direct users to their website to purchase a subscription for cheaper, the usual anti-competitive stuff.
Unless you can point out a step in the review process where a security expert sits down and reverse engineers the app, and every subsequent update, to verify that it doesn't steal user data?
It's only when someone raises the suspicion that things get looked into, reported and taken off the store. At least web extensions have the benefit of being written in Javascript which is easier to inspect. At no point does Apple ask you to hand over source code.
It is not Apple's job to protect its customers from third party stores malware. They just have to build a secure OS with a safe apple store while allowing third parties to provide stores.
Yes... it is.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A... (section 64 paragraph 3)
> In all cases, the gatekeeper and the requesting provider should ensure that interoperability does not undermine a high level of security and data protection in line with their obligations laid down in this Regulation and applicable Union law, in particular Regulation (EU) 2016/679 and Directive 2002/58/EC. The obligation related to interoperability should be without prejudice to the information and choices to be made available to end users of the number-independent interpersonal communication services of the gatekeeper and the requesting provider under this Regulation and other Union law, in particular Regulation (EU) 2016/679.
"the gatekeeper and the requesting provider"
Apple is still on the hook in combination with the requesting provider that doesn't intentionally deploy malware.
Apple is likely claiming that Epic has in the past demonstrated clear and willful circumvention of their own security and rules. Apple would be putting itself at risk by allowing Epic to deploy applications given Epic's past history of intentionally trying to harm Apple's reputation and would compromise Apple's high level of security in data protection that it is required to follow under Union law. Apple would likely state that Epic has shown that it would intentionally break the law to harm Apple - and that's a believable concern.
From this link[1]:
> Obligations for very large platforms that reach more than 10% of the EU’s population to prevent abuse of their systems by taking risk-based action and through independent audits of their risk management systems.
They have a mandate to prevent abuse of their platforms from other apps or third party app store. This is in conjunction with opening up the same ecosystem for everyone else.
[1]:https://commission.europa.eu/strategy-and-policy/priorities-...
