Tim Hardwick
Apple has published a report highlighting its concerns about how some companies could “exploit” the EU’s Digital Market Act (DMA) interoperability requirements to access sensitive user data. The report comes on the same day the European Commission launched a consultation on proposed measures to request interoperability with Apple’s iOS and iPadOS operating systems.
The DMA, which came into force this year, requires major platform holders like Apple to give third-party developers equal access to iOS and iPadOS system tools and features. One of the Commission’s meetings is focused on the process Apple has set up to review interoperability requests submitted by developers and third parties for iOS and iPadOS. While Apple says it is fully committed to upholding the rules of engagement to ensure fair competition, the company is concerned about unintended consequences arising from the law’s interpretation that could have a negative impact on user privacy.
Apple’s report specifically cited Meta, which has made 15 separate requests “and continues to receive” for access to Apple’s technology stack. According to Apple, Meta’s requests included access to features such as messaging capabilities, AirPlay, CarPlay, and the App Intents framework. Apple warns that if granted as requested, these permissions could potentially allow Meta apps to access a variety of user data, covering messages, phone calls, photos, app usage, and passwords on their devices.
“In many cases, Meta attempts to modify functionality in ways […] that appear completely unrelated to the actual use of Meta’s external devices, such as Meta smart glasses and Meta Quests,” Apple says. The report goes on to say:
“If Apple were to grant all of these requests, Facebook, Instagram, and WhatsApp could allow Meta to read every message and email on a user’s device, see every phone call they make or receive, track every app they use, scan all of their photos, view their files and calendar events, log all of their passwords, and more. This is data that Apple itself has chosen not to access in order to provide the greatest possible protection for users.”
In the report, Apple is keen to highlight its long-standing support for developer access to device features through more than 250,000 APIs, but always with privacy protections built in. The company points to historical examples, such as the implementation of TouchID and microphone access, where developers can take advantage of these features while maintaining privacy and control.
The report is particularly concerned about companies with previous privacy violations that are potentially circumventing GDPR protections with DMA requirements. Apple notes that while it processes data on the device when possible, other companies can use that information for their own purposes. “Third parties may not have the same obligations to maintain user control on their device as Apple does, and may choose to move user information to their servers where they can aggregate, profile, and monetize the individual’s personal data,” Apple warns.
Apple’s post highlights its commitment to reviewing and implementing compatibility requests in accordance with the DMA whenever possible, but the company argues that solutions must preserve the integrity of the platform and protect user privacy. As a way to achieve this, Apple describes its four-stage process for handling compatibility requests, which includes an initial assessment, project planning, development, and release phases.
“We will never waver from our fundamental commitment to the privacy and security of our users,” Apple adds. “We trust that the EU will strive to implement compatibility requirements in a way that complies with the GDPR.”
Yesterday, Meta responded to Apple’s criticism, saying that “every time Apple is accused of anti-competitive behavior, they defend themselves by citing privacy violations that have no basis in fact.” However, Meta itself has been criticized for privacy violations several times in the past. Just this week, Ofcom in the UK said it was investigating Meta’s Instagram for “turning a blind eye to child sexual abuse advertising,” while a new report from MLex found that more than half of UK scams involve Meta’s platforms.
Meta was also fined €251 million ($265 million) by the Irish Data Protection Commission over a 2018 Facebook hack that affected three million accounts in Europe and exposed children’s names, contact details, locations and data. Meta is expected to appeal the decision.
The Commission’s engagement procedure began in September 2024 and is due to be completed within six months of its opening.
Note: Due to the political or social nature of the discussion on this topic, the thread is located in our Political News Forum. All forum members and site visitors can read and follow the thread, but posting is limited to forum members with at least 100 posts.
Tags: European Commission, European Union, Meta[ 133 comments ]
