Pixel Envy

Written by Nick Heer.

Archive for March 29th, 2022

Privileged App Store Behaviour for Disney Plus Subscriptions

Max Seelemann:

iOS biz people… Subscription price increase as mere NOTICE instead of having to confirm, else subs expires.

Is this new behavior for everyone or exclusive to Disney+?

Normally when developers increase the price of a subscription, the user is supposed to be prompted several times to agree to the new rate. If they do not, their subscription will not automatically renew.

In this case, an App Store sheet is informing users that a price change is happening. The most obvious action is an “OK” button on the sheet. There is no “Cancel” button, but there is tiny text above the “OK” button that says “review your subscription” if someone wants to cancel.

This is not generally available to developers.

Michael Tsai:

In a few years, we’ll be told there was already an “established program” for this.

Yet another special arrangement between large companies. Does anyone still think it is a mystery why developers do not trust the App Store process?

The problem is not that Apple gives special privileges to larger or more trusted developers. That can make sense — can you imagine how many crappy CarPlay apps would distract drivers if any app could use that entitlement? The problem is that Apple continues to peddle the lie that it treats every developer the same. That is completely untrue, and Apple’s representatives know it is untrue.

Update: Nikhil Nigade:

Every one seems to be missing an important bit here: this was ready to go when Disney wanted it.

Did it ship with iOS 15.4? Prior to that?

Excellent questions. Has this quietly been in iOS for years, or was this behaviour created between Apple and Disney specifically for this circumstance?

The Possible Impact of the Digital Markets Act on Messaging Privacy

Casey Newton interviewed Will Cathcart, who runs WhatsApp, about the unknown effects of the E.U.’s recently advanced Digital Markets Act. Cathcart has concerns about what this means for the ability of a specific platform to control for spam, and is one of many who worries about what messaging service interoperability may mean for security and privacy:

Over the weekend, cryptography experts sounded the alarm about this idea, saying that platforms might not be able to do this in a way that leaves messages encrypted. As Alex Stamos of the Stanford Internet Observatory put it to me: “Writing the law to say ‘You should allow for total interoperability without creating any privacy or security risks’ is like just ordering doctors to cure cancer.”

[…]

[…] it’s clear that, to the extent that there might be a way for services like iMessage and WhatsApp to interoperate and preserve encryption, that way has yet to be invented.

At the very least, it hasn’t yet been built.

To be clear, it does not appear that the draft law mandates the creation of no privacy or security risks; the segment posted by Benedict Evans — the full draft text is currently confidential — says platform providers must create a “high level of security and personal data protection”. It is about finding an appropriate level of risk with the caveat that it will never get to zero. But the core of the question seems correct: is there a way to make encrypted messaging services work together while ensuring negligible difference in security and privacy levels?

It is worth reading Newton’s piece in full because it is quite good, but this paragraph bugged me:

It’s also worth asking what interoperability will actually do to make the messaging market more competitive. Email is an open, interoperable standard and has been for decades; but today, Apple, Google, and Microsoft own around 90 percent of the market. Meanwhile, the market for messaging apps is much more dynamic even without interoperability: it includes apps from Meta, Telegram, Signal, Snap, and others.

In the second sentence, Newton conflates the open protocol of email with the market share of email clients. These are not comparable — at least, not in this way. For what it is worth, in terms of email servers that W3 Techs is able to query, Google and Microsoft do indeed dominate, but the third most popular provider is Newfold Digital Group, better known as the worst collection of hosts on the web. This is followed by a list of over a hundred other providers used by at least 0.1% of all domains.

Since it is an open standard, anyone with the technical knowledge can deploy an email server or create a client to improve upon it. That benefits users because the ability to use email is not tied to any specific company, and someone may use a client with a feature set that is more appealing to their needs. Imagine if you could download an iMessage client that gave you capabilities Apple’s own app does not, or removes unnecessary features.

In the final quoted sentence above, Newton says the messaging market is more competitive. I am not sure that is correct — it is not possible to separate protocol from client, so a direct comparison is not fair. But it is possible there are so many messaging clients used by so many people because each of our friends use a different mix. We are never trying to use messaging apps; we are only trying to communicate with people. It would be great if all of my messages from any provider could be collected in a single application in much the same way that my emails from different accounts on different hosts all appear in the same inbox. I would prefer that. But it is not possible with today’s applications, so I must switch between a handful of apps to chat with all of my friends.

Remember Adium? That is a great piece of software I have not touched in about ten years as phone-centred messaging clients have replaced desktop-based ones. Something like that could be possible again. If that is possible, it cannot be at the expense of privacy and security.