The public dismissal of the evidence these researchers presented in the last few weeks was surprising. It isn't truly important whether the App Store is an integral component of iOS, which it practically is until Apple becomes compliant with the provisions of the Digital Markets Act, it merely compounds their legal issues due to ignoring user intent when iOS analytics are disabled.
The main issue here is that Apple has been collecting personal data for years through its own apps without informed consent, which is in breach of GDPR. You need to ask for express consent to collect personal data in the form of non-essential user analytics, having a privacy policy and a toggle in settings to opt out of data collection is not enough, and it does not matter if the data collection is done by a website, app or an operating system.
It was particularly frustrating to see people argue that it's just an older version of iOS, when the reality is that one needs to hack an iPhone to see how this data is being syphoned off, and that jailbreaks for new iOS versions can be prohibitively expensive to achieve. Despite that, researchers pointed out that they see similar encrypted packets being sent with a recent iOS version.
I think it's worrying that consumers can't inspect the traffic of a device they own, and this is also an area that should be regulated so that our rights are respected.
The biggest issue imho is that the device is tethered by the vendor. You can't use it (practically) without being connected to Apple. This should change. I should be able to buy a product and use it with anyone's services. Otherwise, I bought a service and not a product.
You're right, and this is what the Digital Markets Act will help achieve. Though considering how tech companies behave in the face of new consumer rights (see how it took Google half a decade and multiple fines to show a GDPR compliant consent popup with a REJECT ALL button), it will be a couple more years before you can install a third-party app store on iOS or sideload an app.
> You also have no idea what your phone is sending the carrier or any other service provider.
Ah, so now you play the fatalist backdoor card. Well, the good news is that we do know some of what your iPhone sends back home. We know that every time you launch an app, both Apple and Akamai receive data about what app you opened and when. We know that Apple has private API entitlements for circumventing your VPN rules. We know that Apple actively and directly works with the NSA and CCP to enable domestic surveillance capabilities.
So, you're right! Hacking your device only gives you a small window into the horrors of your software vendor. If we could totally decrypt all of Apple's traffic alongside the SIM's baseband transmissions, nobody would every say 'privacy' and 'iPhone' in the same sentence again.
In the longer term Apple has a bigger issue here (though related to GDPR) : being a US company it's effectively illegal in the UE.
And after several attempts to pretend that US laws like the Patriot Act that remove non-US citizen rights were compatible with the EU Charter of Fundamental Rights have been struck down by the Court of Justice of the EU (after the US has been caught violating these rights) it's starting to be hard to imagine what kind of agreement can possibly happen between the USA and the EU that would make US companies legal again...
The main issue here is that Apple has been collecting personal data for years through its own apps without informed consent, which is in breach of GDPR. You need to ask for express consent to collect personal data in the form of non-essential user analytics, having a privacy policy and a toggle in settings to opt out of data collection is not enough, and it does not matter if the data collection is done by a website, app or an operating system.
It was particularly frustrating to see people argue that it's just an older version of iOS, when the reality is that one needs to hack an iPhone to see how this data is being syphoned off, and that jailbreaks for new iOS versions can be prohibitively expensive to achieve. Despite that, researchers pointed out that they see similar encrypted packets being sent with a recent iOS version.
I think it's worrying that consumers can't inspect the traffic of a device they own, and this is also an area that should be regulated so that our rights are respected.