They could fix the problem regardless of whether the app was downloaded from the app store, a third party store, or just sideloaded, so I don't see what you're getting at.
It sounds like you are saying this issue is irrelevant to the App Store.
So how can it reflect badly on their case?
The way it reflects well, is to notice that this is a small hole in their privacy measures which can easily be fixed, and the only reason we are talking about it is that for the most part their privacy controls work well. I.e. it demonstrates their seriousness about privacy.
Because these privacy violations are happening despite their locked down App Store.
> The way it reflects well, is to notice that this is a small hole in their privacy measures which can easily be fixed
Sure, it reflects well on Apple as a whole, but not on the app store. This issue is just as easy to fix for sideloaded apps because it's related to OS level permissions which sideloaded apps would still be subject to.
> Because these privacy violations are happening despite their locked down App Store.
That’s an obviously false comparison. You are comparing against a perfect world, not against the real world.
A valid comparison is against what privacy violations would be happening without the App Store.
As a simple example, we know for certain that Facebook would be a doing a lot more tracking without the App Store, because they have told us in public that they would.
Therefore the App Store is in fact protecting users against large categories of privacy concerns, and this easily corrected hole doesn’t change that.
> That’s an obviously false comparison. You are comparing against a perfect world, not against the real world.
No I'm not, I'm comparing against a world where Apple allows sideloading, and this privacy issue exists in both.
> because they have told us in public that they would.
Source? Apple's new add tracking opt-in thing is on the OS level the same way this location tracking issue is. It would still work if the Facebook app was sideloaded from what I understand.
> Apple's new add tracking opt-in thing is on the OS level the same way this location tracking issue is.
This is a complete misunderstanding of how it works. Apple provides a mechanism for apps to use to identify users who opt-in.
The only thing preventing developers from just ignoring this and using fingerprinting or other identifiers is the App Store rules. A whole bunch of apps have been banned or otherwise forced to stop doing this.
€ It would still work if the Facebook app was sideloaded from what I understand.
No. If the app were sideloaded, Facebook would just implement a fingerprinting solution or provide their own identifier, and ignore Apple’s mechanism.
I could not find any quote like this..not sure why you think it's so trivial to find.
> No. If the app were sideloaded, Facebook would just implement a fingerprinting solution or provide their own identifier, and ignore Apple’s mechanism.
You mean like how they ignored Apples location sharing mechanism and maliciously opened your photos to read metadata?
Or the one a few years back about playing silent audio tracks to stay open in the background?
> I could not find any quote like this..not sure why you think it's so trivial to find.
You won’t find a ‘quote’, but it it’s trivial to educate yourself on this mechanism. E.g. Apple’s documentation. Various articles about ad tracking transparency, etc.
If you haven’t read the technical materials about the subject, why do you claim to understand it?
> You mean like how they ignored Apples location sharing mechanism and maliciously opened your photos to read metadata?
There is no rule against reading the metadata. Yes it’s malicious, but Apple doesn’t currently have grounds for removing the app. The correct solution is to stop leaving the metadata in the file.
> Or the one a few years back about playing silent audio tracks to stay open in the background?
That one was indeed solved by a rule change.
But why do you mention these?
Presumably to support your claim that sideloading would be no different from the App Store when it comes to privacy.
If you understood the mechanisms, you’d know this was false.
You come off as making an ad hominem attack, saying that this information is trivial and if the replier can’t find it then they shouldn’t be commenting on the subject.
If it is true that iOS’s permission model is done on the App Store level and not the OS level, which I doubt by the way, then that is a flaw on Apple’s part and should be fixed.
Otherwise we are relying on arbitrary App Store rules to protect our privacy and security, instead of baked in constructs in the OS. I’m skeptical that Apple would do something so shortsighted.
> You come off as making an ad hominem attack, saying that this information is trivial and if the replier can’t find it then they shouldn’t be commenting on the subject.
It’s not an ad hominem. The commenter made a false assertion about how the mechanism works, which is easily checked.
I’ve pointed to where they can check it. The App Store rules, and apples tech docs. There are also other articles with background.
> If it is true that iOS’s permission model is done on the App Store level and not the OS level, which I doubt by the way,
So you don’t know how this works.
> then that is a flaw on Apple’s part and should be fixed. Otherwise we are relying on arbitrary App Store rules to protect our privacy and security,
That’s exactly what many of the App Store rules are for.
> instead of baked in constructs in the OS.
They don’t rely on the App Store rules ‘instead’. They rely on them in conjunction.
It’s not as easy as you think to rely on baked in constructs in the OS.
A trivial example is that such constructs cannot detect text that lies to the user about why a permission is granted.
Another example is that such constructs can’t prevent an app from communicating with a fingerprinting service or using a
These have to be done by policy.
> I’m skeptical that Apple would do something so shortsighted.
Not really sure what to make of this comment, since you don’t present an accurate model of what Apple is actually ‘doing’.
>> because they (Facebook) have told us in public that they would
They have.
>> You can trivially check this yourself.
You can.
>> You won’t find a ‘quote’
You won’t find a ‘quote’ - that was your word. We’re talking about a technical and legal mechanism here. You will find documents. I’ve told you which ones.
> You're backpedalling
Clearly not.
> and it's really unclear what you're talking about,
That’s because you haven’t taken the steps needed to understand.
> leading me to assume you're making it up or misrepresenting something.
That’s and unfortunate and incorrect assumption. You can check but you choose not to.
Perhaps it’s not trivial for you to check this. Maybe you are unable to make sense of technical and legal documents for yourself. If so, I am sorry to have assumed that you could.
> If it's so trivial to find why can't you produce it?
I have told you where to look. It doesn’t seem like you want to. Perhaps you are unable.
Now that this vulnerability has been identified, they can fix it and solve the problem for their users.