I think with Apple's latest changes to the Core Technology Fee, we're starting to see some of the elements that might actually work when all's said and done. Specifically, developers self-reporting company revenue — I think the only way to make the CTF fair is to have a flat fee, per year, that scales based on how much money your company makes. If you make $0, you pay $0. If you're Spotify, you pay $Ms. That takes away Apple's per-install tracking; devs don't need a nanny, they need a partner
@stroughtonsmith The amount owed to Apple should be capped at some point. It's unrealistic that if your business makes $∞, then you owe Apple $∞. Software licenses aren't based on income. In music production for example, you pay around $300 for a digital audio workstation (DAW), then you can produce a song that might make millions in revenues. You won't pay the DAW developer any cut of your revenues. Plus, macOS developers don't pay any CTF.
It's May 1. Instagram for iOS just got updated. It still sends the device's system uptime to remote servers. Starting today developers are no longer allowed to access this API without providing a reason. And in no way can the app send the value off-device. #Privacy#InfoSec#iOS#Apple
As expected, Safari handles the "marketplace-kit" scheme in the background without user interaction. The scheme triggers an internal process that sends a unique clientID to the alternative marketplace server.
The clientID is unique per marketplace, device, and account combination. Surprisingly, any website can trigger sending the unique clientID to the alternative marketplace server.
(2/3)
In theory, websites coordinating with an approved alternative marketplace can use the clientID to track users across websites. All a website needs to do is add a call to the "marketplace-kit" URI Scheme, supply the required parameters, and attach it to an HTML button. We were able to verify this theory in a proof-of-concept website. After obtaining the clientID, we made the remote server terminate the communication. #iOS didn't show any error or alert. #DMA#Apple#EU#privacy#infosec
PWAs won't work on iOS, but only in the EU.
Q: Why is it a big deal?
A: 🧵
Most businesses choose PWA apps because they want to:
1- Avoid app stores
2- Write one code for both iOS and Android
With Apple removing PWA support in iOS for EU users, businesses now have to:
1- Write a PWA app for Android users and iOS users outside the EU
2- Write a native app for iOS users in the EU
Soon after that, businesses will realize that they have to adjust their plan:
1- Drop support for PWA for iOS because they already have a native iOS app which all iOS users can use
2- Since they already develop and maintain two apps (native iOS app and a PWA for Android), it's wiser to drop support for PWA altogether and develop a native app for Android too.
In the end, Progressive Web Apps will disappear. Although Apple has removed support for PWA in the EU only, the ripple effect of this change is poised to end PWAs entirely. This means businesses will have to rely on app stores and their gatekeepers again.
Regardless of whether you are a business or developer in or outside the EU, you will be affected. This is why you should sign this letter:
Apple support for Progressive Web Apps has always been minimal. Look no further than searching for "PWA" on Apple Developer website; 0 hits. But Apple's move to support PWA push notifications lured developers into thinking that Apple would empower PWAs more in the future.
.....
This was also confirmed by supporting PWAs in macOS Sonoma. As a result, developers invested more in PWAs. This is why developers are extremely disappointed with Apple's unexpected decision to remove PWA support in iOS 17.4 for EU users. Many saw the support of push notifications as a positive signal. In hindsight, that was a bait.
Many EU businesses outsource web development to developers in countries outside the EU. #Apple should provide a method for non-EU developers to test or simulate the behavior of PWA apps as if they were EU users. Especially because Apple didn't allow developers much time before announcing this breaking change.
@voxpelli@cyclingfisch The apps do open as normal websites, but developers outside the EU should be able to test that themselves. The cache is acting very weirdly. I will be testing on the Release Candidate and check if that has been fixed. I will publish a video about that.
@voxpelli@cyclingfisch Yes, the browser and all "bookmarks" added to the Home Screen share the same storage. But this is expected, because they are just bookmarks. I wasn't able to clear the cache. Nothing worked.
Magento, a company based in Berlin offering hosting and e-commerce platform, posted a video illustrating to their EU customers the significant impact of removing PWA support in iOS 17.4 on their services.
@voxpelli This is really true. Developers are using this term with their average users. And to explain what a PWA is they utter "Progressive Web App". I wonder what an average user thinks when they read "Progressive Web App". It sounds more like a music genre 😂