This is a weird argument. If I got you right, you argue that walled gardens somehow prevent existence of malware.

But it's not walled garden that's doing it, it's sandboxing that does. Apple holds the keys and distributes the revocation lists, so they have a say in what runs on their devices. Walled garden is all about who has a say in this.

The question is - will you personally download a privacy-violating app in that weird manner via a corporate account or something? If yes, then I can see how exactly you personally want a walled garden for yourself. If no then it really sounds like you want Apple ecosystem rather than a walled garden per se.

(I'm intentionally not talking about some Average Joe, as it's hard to argue about hypothetical figures.)

You’re missing the forest for the trees.

Apple today can tell Facebook “don’t track our users unless they opt in”, and Facebook has to comply or else. Or else what? Or else they get dropped from the iPhone.

Apple with side loading has no power to compel Facebook. Facebook will say “ok. Hey everyone! You can download and sideload the New And Improved app today!”

If you look at the game theory of it, everyone who wants to track (which is almost everyone) will leave the App Store once two or three big apps do it. So Apple will be forced to loosen privacy rules of App Store apps if they want to keep anyone.

> The question is - will you personally download a privacy-violating app in that weird manner via a corporate account or something?

The answer is obviously yes, because there won’t be any apps left in the App Store.

Considering Meta presumably wouldn't be able to advertise alternative sources for downloading their app inside the app store (which is also the case on the play store) I simply can't imagine them or any of the other big developers doing so. Removing their app from the app store would completely annihilate discoverability and would likely lead to either some third party app taking their spot.

Also I can already imagine Apple throwing a bunch of scary warning popups at the user, requiring them to enable this and that in the settings and likely also not allowing to update an app originally installed through the app store using an app file downloaded from another source to make it even more tedious - requiring a reinstall of the app in that case. Can't imagine many users would be willing to go through that chore.

I may be wrong but considering we haven't seen any similar behavior on a significant scale on the play store I just don't see that as an eventual issue - especially considering Android makes installing apps from other sources very easy, necessiting only clicking on a button in a popup and toggling a switch to allow sideloading from within a specific app and even allowing you to update an existing app installed through the play store that way given that the signatures of both match.

I think developers will still be heavily incentivized to either change the behavior of their app or worst case attempt to sue Apple to force them to allow that specific behavior on the app store before moving their app outside the app store will even cross their mind.

This is the crux of it. App Tracking and Transparency is advisory: when you decline tracking, it simply asks the app not to track. There's nothing to force them to comply other than Apple removing apps from the store. It's a similar story to when Apple banned using hardware UUIDs for tracking a few years ago. You still absolutely can do it, it's just that being caught doing so could get you banned from the store.

You contradict your own argument. You recognize Facebook finds ways around it and previously used egregious bullshit, such bullshit that Apple tolerated for years. Yet somehow you believe Apple will protect you, again despite them failing to do so for years.

Avoiding widely used social apps is a great solution. Stop encouraging people to use such apps and believe in a false sense of security. Facebook on your phone at all is giving them far more data than alternatives such as a sandboxed desktop environment, or using a hardened browser. You are not protected by Apple from Facebook here. You just bought into the latest marketing scheme by Apple in their aggressive move to really start prioritizing Apple Ads as a huge moneymaker.

And I say all of this as a huge Apple fan, with multiple Apple devices in rotation. But this encouragement of using the likes of Facebook because "Apple keeps me safe" needs to stop immediately. It was never true and is harming people from seeking proper alternatives.

I don’t agree. I think if the iPhone was open we’d see numerous ad-blocking efforts that would have made facebook’s data siphoning impossible long ago. In my subjective experience, it feels like these companies have more room to do evil things precisely because we the users have no means to fight it in a walled garden, whereas on open computing systems the community (you included) has much more freedom to prevent these sorts of abusive practices.

> I think if the iPhone was open we’d see numerous ad-blocking efforts that would have made facebook’s data siphoning impossible long ago.

Or it would lead to a bunch of apps which instead of blocking Facebook would either siphon all that data or display their own adverts. Scammers would be happy to have such powers. Thank you very much but I like trusting that only I can use my banking app on my phone.

Recent Android releases are approaching parity and Play Store terms could likewise restrict PII. Incentives are also coalescing as Apple expands to services and Google tries to win over privacy conscious customers.

>Incentives are also coalescing as Apple expands to services and Google tries to win over privacy conscious customers.

It's a lot harder for Google to achieve this, given that breaching that privacy has always been a core aspect of Google's revenue, whereas for Apple it has not.

Edit: Dunno why, but in this context I feel like I should mention I'm posting this from a Pixel device that's on a Fi plan.

I think the distinction is that Apple is consistently pushing the definition of "parity" forward, to the extent that Android is always "approaching" parity.

If Apple weren't pushing mobile privacy forward, it's hard to believe that any other major mobile vendor (who benefit from your phone being a glass house) would be taking it seriously.

Apple is no saint – they still need to make more money in 2024 than they did in 2023 – but their business is so successful because their incentives are better aligned (read: not perfectly aligned, just better aligned) on most axes that are relevant to most people.

> And no sandboxing isn’t the solution here. Facebook will just find ways around it. They did some pretty egregious bullshit and had consumers side-loading privacy-violating apps via their corporate account. Apple very publicly revoked their certificate for it. Without the walled garden, Apple would have no leverage to stop bad actors like Facebook.

Apple could still explictly disallow that behavior on the app store and also disallow them from linking to another source directly from the app, just like on the Play store. Meta could be free to live their desires outside the app store (inside the existing app sandbox obviously) and take the hit on discoverability and willingness from users to budge.