- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
The US Department of Justice and 16 state and district attorneys general accused Apple of operating an illegal monopoly in the smartphone market in a new antitrust lawsuit. The DOJ and states are accusing Apple of driving up prices for consumers and developers at the expense of making users more reliant on its iPhones.
That’s kinda true, but not what I was getting at. Android has restrictive background processing limits and the APIs around it keep getting more restrictive and the OEMs like Samsung keep ignoring the rules of how things should work and break your apps when you do it right anyway… Ultimately it’s incredibly difficult to write an app and guarantee background work.
Apple, is even worse on its restrictions of background work, but Apple owns the OS and and can bypass it all for their watch.
Apple will never get to bypass the fuckery you have to deal with on Android, only the Android OEMs get that.
I could be totally wrong, IANAL, but I think this has more to do with how Apple restricts access of features or services to third-parties than anything else…
For example, Apple offers Apple Pay on the iPhone. They claim it is highly secure due to hardware end-to-end encryption and that not even Apple has access to the data. Because of these beliefs and others, Apple doesn’t allow any other Pay or wallet application on the iPhone or app store. Other companies like Google, Visa, MasterCard, etc have tried to submit Pay / wallet applications to the iPhone app store, but Apple denies them because it claims access to the NFC hardware APIs would reduce security.
In this example, Apple stands to gain everything as the sole digital Pay / Wallet proprietor on the iPhone just based off of a “wink, wink, nod, nod” type of response. Yes, while Apple’s response could be accurate, letting third-parties have access to the hardware NFC APIs would reduce security, Apple is making that decision from a monopolistic point of view.
It would be different if Apple didn’t have a digital Pay / Wallet system or if Apple allowed the companies to have the application on the iPhone / app store but maybe it had to go through a more thorough security approval process.
Now take for example how Apple operated back in 2008 / 2009 when it released GPS Navigation support on the iPhone. They partnered with Garmin (Garmin had access to the Assisted / GPS APIs); however, Garmin wasn’t the only third-party able to submit a GPS Navigation application. In the end, Apple eventually created their own Maps with Turn-by-turn navigation and I think we all know how shit that was for a long time, but imagine if they had gone Apple Maps from the get-go and blocked third parties forcing people to use their tech only…
What do you do though if Apple is telling the truth and allowing 3rd party wallets would degrade the security even for their own wallet?
I would ask them to prove that claim in court for starters.
I would ask them why they feel they’d be liable for users who installed and gave permission to an app that would use NFC readers for payments.
I would ask them why access to the NFC reader by a 3rd party app in any way allows access to Apple Pay’s stored, encrypted data (which it doesn’t need)
I would ask why permission settings and security validations couldn’t be made on API calls with the potential to be harmful. Even for third-party app stores, Apple could still require app reviews and code signing for any apps that want to conduct financial transactions; they just don’t want to because they’ll make less money from Apple Pay.
Apple often handholds user flows and restricts access to features because non-technical folks might be tricked into installing a malicious or insecure service, and Apple stuff is built for non/technical people. But, on the flipside, they often leverage this position to wall you into their garden. This is the problematic practice that needs to be addressed.
Perhaps they aren’t lying, but claims about security often involve theoretical weaknesses that aren’t practical to exploit in the real world. Apple is very skilled at making sure those claims align with their business interests.
It would not. It’s really as simple as that, saying as someone with two degrees in cyber security and 7 years of experience as a security consultant for various companies from small shops to multinational businesses, banks, and insurance companies.
I would love to see their threat modelling to justify what they’re saying to brainwash their acolytes… It’s a pure strawman to justify their bullshit.