this post was submitted on 01 May 2024
54 points (100.0% liked)

Technology

37717 readers
382 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Apple's grudging accommodation of European antitrust rules by allowing third-party app stores on iPhones has left users of its Safari browser exposed to potential web activity tracking.

Developers Talal Haj Bakry and Tommy Mysk looked into the way Apple implemented the installation process for third-party software marketplaces on iOS with Safari, and concluded Cupertino's approach is particularly shoddy.

all 11 comments
sorted by: hot top controversial new old
[–] akrz@programming.dev 20 points 6 months ago (1 children)

What kind of Apple propaganda is this?

[–] SnotFlickerman@lemmy.blahaj.zone 19 points 6 months ago* (last edited 6 months ago) (1 children)

If you'd read the article, you'd have realized it's specifically because of a bad implementation by Apple of their URI scheme for handling links.

They're literally suggesting users use Brave over Safari because it isn't susceptible to cross-site scripting in the same way.

They urge iOS users in Europe to use Brave rather than Safari because Brave's implementation checks the origin of the website against the URL to prevent cross-site tracking.

This is anything but Apple propaganda. It's literally calling Apple out on a huge failure of their own design.

[–] akrz@programming.dev 4 points 6 months ago (1 children)
[–] SnotFlickerman@lemmy.blahaj.zone 6 points 6 months ago (1 children)

Then I retract my statement and hope you have a good day.

[–] akrz@programming.dev 6 points 6 months ago

Let’s agree on that 🤝 and thanks for the explanation anyway 🫡

[–] some_guy@lemmy.sdf.org 16 points 6 months ago (2 children)

Apple – which advertises Safari as "incredibly private" – evidently has undermined privacy among European Union Safari users through a marketplace-kit: URI scheme that potentially allows approved third-party app stores to follow those users around the web.

I don't see Apple deliberately sabotaging their platform to maliciously comply and blame the regulation for making users less safe. This was probably an error caused by quick development to comply within a set timeline that will be resolved in the future through software changes.

[–] ultratiem@lemmy.ca 4 points 6 months ago

Yeah that’s just some real tin foil shit

[–] narc0tic_bird@lemm.ee 9 points 6 months ago

I'd say it's probably an oversight. I don't want to downplay this, it definitively needs to be addressed in some way. But it's not like there are many marketplaces out there yet (so far the only one I know of is AltStore PAL, and I doubt the creator is out there to track a bunch of people's web activities).

[–] Nivekk@kbin.social 5 points 6 months ago* (last edited 6 months ago)

I guess if you download something claiming to be Safari on a third party app store, you get what you deserve??

How else does third party app support lead to a Safari security hole?

[–] autotldr@lemmings.world 2 points 6 months ago

🤖 I'm a bot that provides automatic summaries for articles:

Click here to see the summaryApple's grudging accommodation of European antitrust rules by allowing third-party app stores on iPhones has left users of its Safari browser exposed to potential web activity tracking.

Developers Talal Haj Bakry and Tommy Mysk looked into the way Apple implemented the installation process for third-party software marketplaces on iOS with Safari, and concluded Cupertino's approach is particularly shoddy.

A website offering an alternative software marketplace can include a button that, when tapped in Safari, launches a marketplace-kit: request that is handled by a MarketplaceKit process on the EU user's iPhone.

Apple doesn't allow third-party app stores in most parts of the world, citing purported privacy and security concerns – and presumably interest in sustaining its ability to collect commissions for software sales.

Second, Apple's MarketplaceKit – its API for third-party stores – doesn't validate the JSON Web Tokens (JWT) passed as input parameters via incoming requests.

Back when Apple planned not to support Home Screen web apps in Europe – a gambit later abandoned after developer complaints and regulatory pressure – the iGiant justified its position by arguing the amount of work required "was not practical to undertake given the other demands of the DMA."


Saved 77% of original text.