Apple vs the Law

(formularsumo.co.uk)

377 points tempodox | 5 comments | 11 Jul 25 06:49 UTC | HN request time: 0.001s | source

Show context

grishka ◴[11 Jul 25 07:28 UTC] No.44529279[source]▶

> "...unfortunately, it's impossible to do all the complex engineering to comply with the Commission's current interpretation of the DMA..."

There's nothing complex and impossible about removing some "if" statements responsible for code signature enforcement.

replies(9): >>44529310 #>>44529322 #>>44529363 #>>44529431 #>>44529446 #>>44529695 #>>44530078 #>>44531016 #>>44531269 #

interpol_p ◴[11 Jul 25 07:40 UTC] No.44529363[source]▶

>>44529279 #

It’s extremely complex. I’m not debating whether they should comply - they should. But it’s gonna cost them years of engineering effort, and maintenance far into the future. See, for example, BrowserEngineKit

https://developer.apple.com/documentation/browserenginekit

They needed to engineer, maintain, document and support a whole class of APIs so that third parties can create their own competitive browser engines (that offer JIT, etc) while still maintaining iOS sandbox security. There are going to be hundreds of frameworks, thousands of APIs, that will need to come to ensure compliance with the DMA

replies(2): >>44529396 #>>44529401 #

idle_zealot ◴[11 Jul 25 07:47 UTC] No.44529396[source]▶

>>44529363 #

Or, they could just let their pocket computers run the software users download and install, like every single other computer ever made and sold, rather than special-case engineer padded cells for every use-case, application class, or bit of interoperability.

replies(3): >>44530059 #>>44530285 #>>44533417 #

1. interpol_p ◴[11 Jul 25 15:40 UTC] No.44533417[source]▶

>>44529396 #

That is an oversimplification of what I stated.

Apple has a significant engineering challenge to turn their current operating system into something that allows side-loading similar to what Google offers. It's not a matter of "commenting out an if statement"

The current developer SDKs Apple offers are strongly tied to their services, which cost them money to run. So first thing is, they have to decouple that so developers can implement applications using a baseline SDK that does not use Apple services (no iCloud, no Maps, no HealthKit and so on)

I think it would be great for users if they did do this. It would be akin to what Google does by shipping and updating Play Services separately from the base Android install

The reason I linked BrowserEngineKit is because if you want to do this properly, you have to build something like Apple has built with that framework (which was built to comply with these policies). Take for example, implementing your own JIT: because arm64e uses pointer authentication, the system uses PACs to ensure that pointers into executable code have not been tampered with. Apple now develops and supports a whole slew of APIs like `be_memory_inline_jit_restrict_rwx_to_rw_with_witness()` in order for developers to manage this themselves.

You saying "just let their pocket computers run software users download and install" is not like every single other computer ever made and sold. This is a gross oversimplification of the modern state of computing, both on mobile and on desktop. There are reasons you don't want random developers loading code into your OS kernel, and Windows and macOS both have protections for this (though the CrowdStrike crashes recently shows what happens when those protections are lax!)

replies(1): >>44533446 #

2. msgodel ◴[11 Jul 25 15:42 UTC] No.44533446[source]▶

>>44533417 (TP) #

If Apple gave the users root and let them run arbitrary software and just didn't sign certificates for their infrastructure (for push for example) this wouldn't be a problem. Supposedly they've already even developed a VTE for iOS. All they need to do is have a toggle under settings to disable signature checking and ship the VTE so people have an escape hatch and everyone would probably calm way down.

replies(1): >>44533568 #

3. interpol_p ◴[11 Jul 25 15:49 UTC] No.44533568[source]▶

>>44533446 #

Sure, I'd be into that. But that would not comply with the DMA I think? As in, Apple still has a ton of work to do, engineering wise, if they are to make their platform available to all in the way specified by the DMA

For example, I don't think it would fly that they could say to the EU: users who want a third-party browser just have to enable root access and lose access to all Apple services and authentication

replies(1): >>44533682 #

4. msgodel ◴[11 Jul 25 15:57 UTC] No.44533682{3}[source]▶

>>44533568 #

Ah I forgot Apple advertises managing SSO as a feature of iOS and not an external service like sane people would.

Well. I guess they'll have to choose between opening it up like every other company does or acknowledge that it's a separate pay for service then.

They do a lot of that kind of thing and my answer for all of it is the same: Open it up to everyone or acknowledge it's a pay-for cloud service that has nothing to do with the actual phone OS. If people have root they can (and will) develop their own services that won't need that which would comply with the DMA.

replies(1): >>44539105 #

5. interpol_p ◴[12 Jul 25 03:43 UTC] No.44539105{4}[source]▶

>>44533682 #

Yeah, who knows if the EU would see it that way. They may require Apple to provide first-party APIs that are equivalent in power to what they offer developers who submit via the App Store. Either way, my post was pointing out that it is non-trivial engineering effort to do this, and I think that's still the case.

Hell, just releasing my own personal code as open source — auditing it, decoupling libraries, removing internal stuff, it's a huge multi-week effort for me to do. For any company with as much code as Apple, it's pretty daunting

↑