> The comment literally says "It's not about security like they've been lying about"
The comment literally says: "All of this just makes it crystal clear what Apple's goal is: to prevent competition. It's not about security like they've been lying about; it's all about maintaining their app store monopoly."
There is no reason for the security measures to be more onerous for the competing thing if they were sufficient for Apple's thing, unless the purpose of the security measures is to prevent competition.
> Without a kill switch, gatekeepers would lose control over apps, making them "strictly necessary."
Gatekeepers having control over apps isn't necessary for security. The device's owner having control over apps is. They can opt into a particular gatekeeper's control if they choose to. How is it "strictly necessary" for the gatekeeper to force them to use one provider of vetting services over another? Isn't the point of the act to enable competition?
> There is no reason for the security measures to be more onerous for the competing thing if they were sufficient for Apple's thing, unless the purpose of the security measures is to prevent competition.
Web Distribution means Apple is handing over responsibilities previously handled by the Marketplace directly to the developer. Allowing developers to police themselves is obviously riskier.
> The device's owner having control over apps is.
This is simply not true. Device owners are hopeless at maintaining the security of their devices.
> How is it "strictly necessary" for the gatekeeper to force them to use one provider of vetting services over another?
There are 2 tiers of "vetting services": 1. Marketplaces determine the appropriate content or type of apps allowed in their listings, 2. Apple determines if an app, developer, or marketplace is an outright threat, e.g. if an app turns out to be a scam, or if a bug in an app exposes an exploit, it is "strictly necessary" for Apple to be able to yank the app immediately.
> Web Distribution means Apple is handing over responsibilities previously handled by the Marketplace directly to the developer. Allowing developers to police themselves is obviously riskier.
Doesn't that depend on who the developer is? Certainly it isn't the case that no one exists who the user might trust at least as much as Apple.
> This is simply not true. Device owners are hopeless at maintaining the security of their devices.
"Device owners" includes substantially all people. Many of them are not hopeless and are entitled to make their own decisions. Some of them are even more qualified to do it than the people Apple has reviewing apps.
The hopeless people may be better off sticking to trusted stores, but they can do that without prohibiting others from doing otherwise.
> There are 2 tiers of "vetting services": 1. Marketplaces determine the appropriate content or type of apps allowed in their listings, 2. Apple determines if an app, developer, or marketplace is an outright threat, e.g. if an app turns out to be a scam, or if a bug in an app exposes an exploit, it is "strictly necessary" for Apple to be able to yank the app immediately.
That doesn't change the question. How is it "strictly necessary" for Apple to do that, rather than whoever the owner of the device chooses to do it? It would obviously be possible for a third party like Symantec, Malwarebytes or the makers of uBlock to do the same thing.
Sure, the amount risk probably varies, but you are talking about going from a Marketplace that implements some level of app review to no-review. It's more risk.
> Many of them are not hopeless ...
Exactly, and "many" is not enough. It's not possible to design a special switch only for those qualified "many" - and only them. Platform owners and the EU insist on protecting the unqualified everyone else too.
> How is it "strictly necessary" for Apple to do that, rather than whoever the owner of the device chooses to do it?
It's not in the sense that someone else could do it, but the DMA doesn't require it, so obviously no gatekeeper will. Also, it's a terrible idea because there's no market for it. Everyone already expects it to be free.
> Sure, the amount risk probably varies, but you are talking about going from a Marketplace that implements some level of app review to no-review. It's more risk.
Only if the developer isn't as trustworthy as Apple. In fact, it could be lower risk even if they are less trustworthy than Apple, when it's their own app, because someone who is less competent but not overtly malicious who posts their own app is much less likely to be supplying malware than a general-purpose store that tries to vet everything but accepts submissions from just anyone at all including overtly malicious actors, and could thereby miss something.
And the user, in choosing which alternate stores or developers to trust, can decide that.
> It's not possible to design a special switch only for those qualified "many" - and only them.
Well of course it is. In the worst case scenario you could make the switch irreversible and then once enabled the device could never add another store. But that's really no different than requiring a device wipe to change it back, because a wiped device should be no different than a new device that never had the switch enabled to begin with.
> It's not in the sense that someone else could do it, but the DMA doesn't require it, so obviously no gatekeeper will.
Isn't whether it's "strictly necessary" the condition on which they can demand it?
> Also, it's a terrible idea because there's no market for it. Everyone already expects it to be free.
How is it free? They're charging $100/year and a percentage on top of that.
The comment literally says: "All of this just makes it crystal clear what Apple's goal is: to prevent competition. It's not about security like they've been lying about; it's all about maintaining their app store monopoly."
There is no reason for the security measures to be more onerous for the competing thing if they were sufficient for Apple's thing, unless the purpose of the security measures is to prevent competition.
> Without a kill switch, gatekeepers would lose control over apps, making them "strictly necessary."
Gatekeepers having control over apps isn't necessary for security. The device's owner having control over apps is. They can opt into a particular gatekeeper's control if they choose to. How is it "strictly necessary" for the gatekeeper to force them to use one provider of vetting services over another? Isn't the point of the act to enable competition?