Regular readers will recall that the UK competition regulator, CMA, investigated Apple and Google’s mobile ecosystems and concluded there is a need for regulation. Although they were initially looking mostly at native app stores, but quickly widened that to looking at how Apple’s insistence on all browsers using WebKit on iOS is preventing Progressive Web Apps from competing against single platform native apps.
CMA has announced its intention to being a market investigation specifically into the supply of mobile browsers and browser engines, and the distribution of cloud gaming services through app stores on mobile devices, and seeks your views. It doesn’t matter whether you are not based in UK; if you or your clients do business in UK, your views matter too.
I am a UK-based web developer and accessibility consultant, specialising in ensuring web sites are inclusive for people with disabilities or who experience other barriers to access–such as living in poorer nations where mobile data is comparatively expensive, networks may be slow and unreliable and people are generally accessing the web on cheap, lower-specification devices. I write in a personal capacity, and am not speaking on behalf of any clients or employers, past or present. You have my permission to publish or quote from this document, with or without attribution.
Many of my clients would like to make apps that are Progressive Web Applications. These are apps that are websites, built with long-established open technologies that work across all operating systems and devices, and enhanced to be able to work offline and have the look and feel of an application. Examples of ‘look and feel’ might be to render full-screen; to be saved with their own icon onto a device’s home screen; to integrate with the device’s underlying platform (with the user’s permission) in order to capture images from the camera; use the microphone for video conferencing; to send push notifications to the user.
The benefits of PWAs are advantageous to both the developer (and the business they work for) and the end user. Because they are based on web technology, a competent developer need only make one app that will work on iOS, Android, as well as desktop computers and tablets. This write-once approach has obvious benefits over developing a single-platform (“native”) app for iOS in addition to a single-platform app for Android and also a website. It greatly reduces costs because it greatly reduces complexity of development, testing and deploying.
The benefits to the user are that the initial download is much smaller than that for a single-platform app from an app store. When an update to the web app is pushed by a developer to the server, the user only downloads the updated pages, not the whole application. For businesses looking to reach customers in growing markets such as India, Indonesia, Nigeria and Kenya, this is a competitive advantage.
In the case of users with accessibility needs due to a disability, the web is a mature platform on which accessibility is a solved problem.
However, many businesses are not able to offer a Progressive Web App, largely due to Apple’s anti-competitive policy of requiring all browsers on iOS and iPad to use its own engine, called WebKit. Whereas Google Chrome on Mac, Windows and Android uses its own engine (called Blink), and Firefox on non-iOS/iPad platforms uses its own rendering engine (called Gecko), Apple’s policy requires Firefox and Chrome on iOS/iPad to be branded skins over WebKit.
This “Apple browser ban” has the unfortunate effect of ham-stringing Progressive Web Apps. Whereas Apple’s Safari browser allows web apps (such as Wordle) to be saved to the user’s home screen, Firefox and Chrome cannot do so–even though they all use WebKit. While single-platform iOS apps can send push notifications to the user, browsers are not permitted to. Push notifications are high on business’ priority because of how it can drive engagement. WebKit is also notably buggy and, with no competition on the iOS/iPad platform, there is little to incentivise Apple to invest more in its development.
Apple’s original vision for applications on iOS was Web Apps, and today they still claim Web Apps are a viable alternative to the App Store. Apple CEO Tim Cook made a similar claim last year in Congressional testimony when he suggested the web offers a viable alternative distribution channel to the iOS App Store. They have also claimed this during a court case in Australia with Epic.
Yet Apple’s own policies prevent Progressive Web Apps being a viable alternative. It’s time to regulate Apple into allowing other browser engines onto iOS/iPad and giving them full access to the underlying platform–just as they currently are on Apple’s MacOS, Android, Windows and Linux. Therefore, I fully support your proposal to make a reference in relation to the supply of mobile browsers and cloud gaming in the UK, the terms of reference, and urge a swift remedy: Apple must be required to allow alternate browser engines on iOS, with access to all of the same APIs and device integrations that Safari and Native iOS have access to.
I am a UK-based web developer and accessibility consultant, specialising in ensuring web sites are inclusive for people with disabilities or who experience other barriers to access–such as living in poorer nations where mobile data is comparatively expensive, networks may be slow and unreliable and people are generally accessing the web on cheap, lower-specification devices.
Although I am UK-based, I have clients around the world, including the USA. And, of course, because the biggest mobile platforms are Android and iOS/iPad, I am affected by the regulatory regime that applies to Google and Apple. I write in a personal capacity, and am not speaking on behalf of any clients or employers, past or present. You have my permission to publish or quote from this document, with or without attribution.
Many of my clients would like to make apps that are Progressive Web Applications. These are apps that are websites, built with long-established open technologies that work across all operating systems and devices, and enhanced to be able to work offline and have the look and feel of an application. Examples of ‘look and feel’ might be to render full-screen; to be saved with their own icon onto a device’s home screen; to integrate with the device’s underlying platform (with the user’s permission) in order to capture images from the camera; use the microphone for video conferencing; to send push notifications to the user.
The benefits of PWAs are advantageous to both the developer (and the business they work for) and the end user. Because they are based on web technology, a competent developer need only make one app that will work on iOS, Android, as well as desktop computers and tablets. This write-once approach has obvious benefits over developing a single-platform (“native”) app for iOS in addition to a single-platform app for Android and also a website. It greatly reduces costs because it greatly reduces complexity of development, testing and deploying.
The benefits to the user are that the initial download is much smaller than that for a single-platform app from an app store. When an update to the web app is pushed by a developer to the server, the user only downloads the updated pages, not the whole application. For businesses looking to reach customers in growing markets such as India, Indonesia, Nigeria and Kenya, this is a competitive advantage.
In the case of users with accessibility needs due to a disability, the web is a mature platform on which accessibility is a solved problem.
However, many businesses are not able to offer a Progressive Web App, largely due to Apple’s anti-competitive policy of requiring all browsers on iOS and iPad to use its own engine, called WebKit. Whereas Google Chrome on Mac, Windows and Android uses its own engine (called Blink), and Firefox on non-iOS/iPad platforms uses its own rendering engine (called Gecko), Apple’s policy requires Firefox and Chrome on iOS/iPad to be branded skins over WebKit.
This “Apple browser ban” has the unfortunate effect of ham-stringing Progressive Web Apps. Whereas Apple’s Safari browser allows web apps (such as Wordle) to be saved to the user’s home screen, Firefox and Chrome cannot do so–even though they all use WebKit. While single-platform iOS apps can send push notifications to the user, browsers are not permitted to. Push notifications are high on business’ priority because of how it can drive engagement. WebKit is also notably buggy and, with no competition on the iOS/iPad platform, there is little to incentivise Apple to invest more in its development.
Apple’s original vision for applications on iOS was Web Apps, and today they still claim Web Apps are a viable alternative to the App Store. Apple CEO Tim Cook made a similar claim last year in Congressional testimony when he suggested the web offers a viable alternative distribution channel to the iOS App Store. They have also claimed this during a court case in Australia with Epic.
Yet Apple’s own policies prevent Progressive Web Apps being a viable alternative. It’s time to regulate Apple into allowing other browser engines onto iOS/iPad and giving them full access to the underlying platform–just as they currently are on Apple’s MacOS, Android, Windows and Linux.
Developing a Report on Competition in the Mobile App Ecosystem – The U.S. National Telecommunications and Information Administration is preparing a Report on Competition in the Mobile App Ecosystem, following Biden’s Executive Order to address the problem of “dominant tech platforms undermining competition and reducing innovation”. Includes PWAs and #AppleBrowserBan in scope.
New to the web platform in April – Discover some of the interesting features that landed in stable and beta web browsers during April 2022. By Rachel Andrew
Bundle Buddy – “Visualizing what code is in your web bundle, and how it got there” for all your “we had great DX writing this, why is it so slow and such a network hog and why are our customers using our competitors’ fast apps instead?” needs
In the USA, the National Telecommunications and Information Administration (NTIA) is requesting comments on competition in the mobile application ecosystem after Biden signed Executive Order 14036 on Promoting Competition in the American Economy:
today a small number of dominant internet platforms use their power to exclude market entrants, to extract monopoly profits, and to gather intimate personal information that they can exploit for their own advantage. Too many small businesses across the economy depend on those platforms and a few online marketplaces for their survival
NTIA is looking for “concrete and specific information as to what app developers, organizations, and device (i.e.,phones; tablets) users experience, and any potential challenges or barriers that limit app distribution or user adoption”. Written comments must be received on or before 11:59 p.m. Eastern Time on May 23, 2022.
Several of its questions encompass Apple hamstringing Progressive Web Apps by requiring all iThing browsers use its own bundled WebKit framework, which has less power than Safari or single-platform iOS apps. Here are some of the questions:
How should web apps (browser-based) or other apps that operate on a mobile middleware layer be categorized?
What unique factors, including advantages and obstacles, are there generally for app development — especially start-ups — that are relevant for competition?
Are there studies or specific examples of the costs or advantages for app developers to build apps for either, or both, of the main operating systems, iOS and Android (which have different requirements)?
What other barriers (e.g.,legal, technical, market, pricing of interface access such as Application Programing Interfaces [APIs]) exist, if any, in fostering effective interoperability in this ecosystem?
How do policy decisions by firms that operate app stores, build operating systems, or design hardware impact app developers (e.g., terms of service for app developers)?
How do, or might, alternative app stores (other than Google Play or the Apple App Store), affect competition in the mobile app ecosystem?
What evidence is there to assess whether an app store model is necessary for mobile devices, instead of the general-purpose model used for desktop computing applications?
Is there evidence of legitimate apps being rejected from app stores or otherwise blocked from mobile devices? Is there evidence that this is a common occurrence or happens to significant numbers of apps?
Are there specific unnecessary (e.g., technical) constraints placed on this ability of app developers to make use of device capabilities, whether by device-makers, service providers or operating system providers, that impact competition?
I urge American developers to send comments to NTIA, whether you’re in favour of Apple allowing real browser choice on iOS by setting Safari free, or against it. You’re welcome to use Bringing Competition to Walled Gardens, our response to a similar investigation by the UK Competition and Markets Authority for inspiration/ cutting and pasting. Make your voice heard!
OMG let it be true: The leaked “final” version of the Digital Markets Act: A summary in ten points – “Article 5 point (e) has been expanded to capture instances where the gatekeeper requires business users to offer or interoperate with a web browser engine. This is most likely meant to address Apple’s policy of requiring all browsers running on iOS to utilize Apple’s WebKit browser engine”
Learn PWA – A course that breaks down every aspect of modern progressive web app development
CSS Parent Selector “In this article, I will explain the problem that :has solves, how it works, where and how we can use it with some use-cases and examples, and most importantly how we can use it today.”
Mobile data costs fall but as demand for internet services surges, progress remains too slow – “almost one billion people live in countries where basic internet access remains unaffordable. And even in countries where 1GB is priced at less than 2% of average monthly income, income inequality means that basic internet access will still be out of reach for many lower-earners.”
Designing for Children – “An evolving guide that aims to refine a new standard for both design and business to direct the development towards products and services that have ethics and children’s best interests at their core.”
Download icons, logos, and vector SVGs from any site SVG Gobbler is a browser extension that finds the vector content on the page you’re viewing and gives you the option to download, optimize, copy, view the code, or export it as an image.
Staybl is a browser for Parkinson’s patients, with “customizable tremor compensation tremor compensation, high-contrast design, a particularly legible font, and general ease of use.”
Warp – a new terminal written in Rust – looks very promising, with lots of useful features. Beta is free to download on Mac (other platforms coming)
Beanstalk cryptocurrency loses $182m of reserves in flash ‘attack’ – ‘Code is law’ cryptotwats lose $182m in a manoeuvre perfectly legal according to its own code, then go sobbing to the FBI. My Decentralised thoughts and Proof of Prayers are with them in this difficult time.
Browsing with assistive technology videos – EXCELLENT short videos (<5 mins) that show you how people using screen readers, keyboard-only, screen magnifiers etc use the web. And narrated ASMR-style by “Mr Mellifluous” Pattypoo Lauke
Going Dutch – The continuing saga of Apple’s conflict with the Netherlands Authority for Consumers and Markets (ACM) — the Dutch equivalent of the U.S. Federal Trade Commission. By John Gruber, so expect some reality distortion field.
Using Google Fonts Breaches GDPR – “The Bavarian state court in Munich, Germany, on 20 January 2022, decided that using Google fonts in your site breaches the GDPR” (the linked version. Self-hosting doesn’t breach GDPR, and is better for performance by eliminating another DNS lookup)
Behavioral ad industry gets hard reform deadline after IAB’s TCF found to breach Europe’s GDPR – “the regulatory sanction prohibits behavioral advertisers from using the IAB’s so-called “Transparency and Consent Framework” (TCF) to bypass user consent by claiming legitimate interest as a legal base to track and profile web users.” I don’t know what IAB TCF is, but I bet it smells like bums.
No, Apple Did Not Crowdfund :focus-visible in Safari – Uncle Eric sets the record straight: “The addition of :focus-visible to WebKit was lead by the community, done by Igalia, and contributed to WebKit without any involvement from Apple except in the sense of their reviewing patches and accepting the contributions.”
Talking of Igalia, Wolvic is an open source browser “that opens a portal to the Web and all it has to offer, including immersive games, videos, and environments built for XR” from your chums at Mozilla and Igalia
The Costs of Exclusion: West Africa Regional Report (PDF) – The Alliance for Affordable Internet (A4AI) has qualitative evidence of the economic impact that digital technology has on women’s lives — and the economy at-large — in Ghana, Côte d’Ivoire and Nigeria.
As you’re probably heartily sick of me telling you, the deadline to send comments to the UK monopoly regulator about its interim report on the mobile app ecosystem is 5pm on 7 February.
As the report is massive, many people will be put off reading it, although I’ve summarised it. But you can still let the regulator know what you think, with my handy persona-based email starter kit! Just choose one from the following, add any details from your personal experience you deem appropriate, paste into your email client and send it to mobileecosystems@cma.gov.uk
“As an iOS user, I am appalled that Safari was leaking my data for almost 2 months before it was fixed. On any other OS, I would use a different browser, but Apple’s App Store rule 2.5.6 requires all browsers to use its WebKit engine. If Apple can’t protect me, let me choose another browser”
“As a web developer, my job is made much harder because Safari lags behind other browser engines. I can’t usefully ask iOS users to choose another browser because Apple’s App Store rule 2.5.6 requires them to use Apple’s engine. This makes development more costly.”
“As a business owner, I would like to use mature, robust web technologies to deliver a Progressive Web App to Android and iOS. Apple’s App Store rule 2.5.6 cripples PWAs on iOS, so I must distribute and maintain 2 separate apps, greatly increasing costs and requiring payment to Apple.”
“As an Apple shareholder, I think it’s great that people can’t employ free technologies used on the web for 20 years to compete with native apps in Apple’s App Store. The revenue from developer licenses and the 30% fee we levy sure tastes good. Long live rule 2.5.6!”
It would be useful to tell them as many of these as is appropriate
If you are a UK resident, or your organisation does business in UK
A brief summary of the interests or organisations you represent
whether you are providing any material that you consider to be confidential, and explain why this is the case; and if the response contains confidential information, please also provide a non-confidential version of your response alongside it.
The specific ways in which unfair App Store or Browser choice policies have hurt your business (think lost revenue, increased costs, bugs, etc.)
Specific missing features and bugs that cause your ongoing business harm
What you would like CMA to do (e.g., alternative browser engines on iOS) and between the web and native (e.g., the inability to offer a lower-cost, higher service web experience vs being forced into app stores)
If you are an individual (ie you are not representing an organisation), please indicate whether you wish for your response to be attributed to you by name or published anonymously
Okay, okay, so perhaps the title is a little hyperbolic. But this is a very important week. The UK monopoly regulator, the Competition and Markets Authority (CMA), is investigating Apple and Google’s mobile app stores. The opportunity for comments closes at 5pm UK time on 7 February. Here are some pre-written sample emails you can use. (If you’re in the USA, contact your elected senator; things are getting serious in Washington, too.)
if you are a UK developer, or non-UK but do business in the UK, you can let CMA know what you think about Apple’s refusal to allow other browser engines on iOS. iDevice owners can download something called Chrome or Firefox, but they are branded skins of WebKit, the same engine that Safari uses and Apple controls. This is because of Apple’s App Store rule 2.5.6:
Apps that browse the web must use the appropriate WebKit framework and WebKit Javascript.
The leak was reported to the WebKit Bug Tracker on November 28, 2021 as bug 233548.
Update (Wednesday January 26th 2022): Apple has released Safari 15.3 on iOS and macOS where this vulnerability has been fixed.
For almost two months, iOS web users’ data was vulnerable–and downloading a differently-named browser would not have helped, because of Apple’s rule 2.5.6.
The lack of browser choice on iOS means that Progressive Web Apps can’t be distributed on iOS as they can on all other browsers. This means that developers either have to use a much less reliable technology like React Native (from Facebook) or make two apps, one for Android and one for iOS (and, potentially, a web app). This greatly increases development and testing costs for businesses. And, of course, developers must pay fees to Apple to be in their developer programme, plus a percentage to be listed in the App Store.
making it easier to switch browser, resulting in greater competition between browsers
requiring Apple’s operating system to allow third-party browser engines on iOS, or in the alternative to require Apple to allow web app developers greater interoperability with its mobile ecosystem
addressing the ability of Apple and Google to exercise market power by using browser settings to favour other parts of their mobile ecosystems, in particular digital advertising.
If you agree (or disagree) with any of these suggested requirements of Apple, please email CMAbefore 7 Feburary.
It would be useful to tell them as many of these as is appropriate
If you are a UK resident, or your organisation does business in UK
A brief summary of the interests or organisations you represent
whether you are providing any material that you consider to be confidential, and explain why this is the case; and if the response contains confidential information, please also provide a non-confidential version of your response alongside it.
The specific ways in which unfair App Store or Browser choice policies have hurt your business (think lost revenue, increased costs, bugs, etc.)
Specific missing features and bugs that cause your ongoing business harm
What you would like CMA to do (e.g., alternative browser engines on iOS) and between the web and native (e.g., the inability to offer a lower-cost, higher service web experience vs being forced into app stores)
If you are an individual (ie you are not representing an organisation), please indicate whether you wish for your response to be attributed to you by name or published anonymously
It doesn’t have to be long, but we need CMA to see how Safari (and lack of alternatives) hurts developers, and businesses, and ultimately consumers. Perhaps you could derive inspiration from this response by Jeremy Keith or Aaron T. Grogg. You *will* be listened to; they listened to me (twice!) and I’m no cleverer than you. The final report is due to be published in June 2022.
Our provisional findings suggest Apple and Google’s substantial market power across mobile operating systems, apps stores and browsers could be negatively affecting consumers. People aren’t seeing the full benefit of innovative new products and services such as cloud gaming and web apps. Our provisional findings also suggest customers could be facing higher prices than they would in a more competitive market. Apple and Google take many decisions on behalf of their users to protect their security and privacy online – in some cases this has an impact on a user’s ability to make their own choices.
The report is gargantuan, and I haven’t read it all yet. It also deals with App/Play Store approval processes, and advertising, but these are aspects of the industry that concern me less than Progressive Web Apps. On PWAs, it’s pretty damning. Here are some choice quotes; emphasis is CMA’s.
Page 226-7:
Apple therefore benefits from higher usage of native apps on iOS. By requiring all browsers on iOS to use the WebKit browser engine, Apple is able to exert control over the maximum functionality of all browsers on iOS and, as a consequence, hold up the development and use of web apps. This limits the competitive constraint that web apps pose on native apps, which in turn protects and benefits Apple’s App Store revenues.
we have not identified compelling evidence to date that suggests that, for dedicated browser apps, the potential impacts on competition and users from Apple’s WebKit restriction is justified on security grounds
We further consider that the limitation on the feature support that browsers on iOS can offer is likely to be significant. This appears to be particularly the case with respect to supporting web apps.
In addition to potentially harming the functionality of competing browsers within Apple’s ecosystem, we consider that the WebKit restriction may also serve to support Apple’s highly profitable position in the distribution of native apps through its App Store, and in parallel the market power of its operating system… web apps could in principle also serve to undermine the indirect network effects of native app distribution
Page 378-9:
We concluded in Chapter 5 that a significant contributing factor to the market power of Apple and Google in relation to mobile browsers is the restrictions that they – and in particular Apple – are able to place on rival browsers. We have therefore identified a number of potential interventions aimed at removing these restrictions. These interventions are summarised below:
Apple does not permit the use of third-party browser engines within its mobile ecosystem – all browsers are required to use its browser engine, WebKit. We have not identified compelling evidence to date that suggests that, for dedicated browser apps, the potential impacts on competition or consumers from Apple’s WebKit restriction are justified on security grounds. We are therefore seeking to assess the merits of a requirement for Apple to allow alternative browser engines on iOS, at least for dedicated browser apps. This could be implemented by requiring Apple to permit third-party browser engines to interoperate with its iOS operating system, subject to those browser engines meeting conditions that would address any risks that might arise from a greater choice of browser engines (for example, complying with appropriate quality and security standards).
Restrictions on the functionality of all browsers on iOS: as a possible alternative to requiring Apple to allow alternative browser engines, Apple could be required to enable access to specific features for browsers using WebKit on iOS, including supporting web app functionality. This could bring benefits from web apps providing a stronger competitive constraint on the App Store and the Play Store, while also reducing barriers to entry in the supply of new operating systems. We agree that, without appropriate safeguards, there are potential security and privacy risks associated with greater third-party interoperability with the iOS ecosystem.612 We are initially of the view that the costs and security risks associated with requiring access to core functions on the phone, such as push notifications, screen rotation and full screen capability should not be disproportionate.
API access for rival browsers: we also have concerns regarding the differences in APIs that are available to Safari and Chrome by comparison with third-party browsers. This could be rectified by a requirement for Apple and Google to ensure that all browsers within a particular mobile ecosystem have access to directly comparable features and functionality through APIs. To the extent that some of the APIs and other functionality may be proprietary or increase costs for Apple and Google, such an intervention would also need to mandate the terms of such interoperability in a way that provides for access on fair and reasonable terms, potentially with guidance about how this would work in practice.
In its responses to our questions, Apple raised a number of concerns that introducing third-party browser engines, or increasing the interoperability of WebKit, could introduce privacy and security risks. Apple submitted that Webkit offers the best level of security, and has cautioned that ‘mandating use of third-party rendering engines on iOS would break the integrated privacy, security, and performance model of iOS devices’. Apple considers that by requiring apps to use WebKit, it is able to address security and privacy issues across all browsers on the iPhone for all iPhone users, quickly and effectively, and that ‘this is especially true when it comes to security vulnerabilities that have to be fixed as soon as possible in order to mitigate potential exploits by bad actors’.
7.73 However, as discussed in Chapter 5, the evidence that we have seen to date does not suggest that there are material differences in the security performance of WebKit and alternative browser engines. Further, and as discussed in Chapter 5, other parties have suggested that the impact of a browser engine on overall device security can, to a certain extent be limited.
Digital Markets Unit
The CMA is going to set up a permanent regulatory body called the Digital Markets Unit (DMU). This will have broad powers to enforce a code of conduct and apply interventions on activities by firms that have been given Strategic Market Status (SMS) in relation to activities in the scope of the CMAs Market Study. The DMU is currently operating on a non-statutory basis but it is intended that the government will introduce legislation to put the regime on a statutory basis when legislative time permits.
It is expected that while the DMU can only apply these regulations in the UK that they will cooperate with other regulators and the impacts will be global. Manchester has been picked as the head office of the DMU and they expect to hire 200 full time employees.
Strategic Market Status
In order to be regulated by the DMU a firm must be designated Strategic Market Status (SMS) in at least one digital activity. The test for SMS has three components:
The activity must be at its core digital
The firm must have substantial and entrenched Market Power arising from this activity that is unlikely to be removed by competition in the short or medium term
Must have a strategic position meaning the use of this market power will be particularly widespread or significant
Both iOS and iOS Safari are recommended by the CMA as being designated strategic market status.
What’s next?
If you have opinions or comments, you’re invited to send them by 7 Feb. And, as I’ve seen, they will be listened to: mine were, and I’m no cleverer than you. The final report is due to be published in June 2022.
Afterword
I just wanted to point out that I’m not an evil shill for Google, Soros or even the Illuminati. I just bought a new Macbook Pro, I greatly respect the Apple WebKit engineers and standards experts I’ve met over the years, and think Apple’s accessibility team is second to none. I just want Apple’s management to set Safari free.
As you may know, every browser on iOS is actually just a branded re-skin of WebKit, the engine that Safari uses, because Apple won’t allow other engines on iOS.
Supporters of the Apple Browser Ban tend to give one of three reasons (listed here from most ridiculous to most credible):
The web shouldn’t be “app-like”, it’s for documents only
Privacy and security are protected by not allowing non-Apple code on devices
This doesn’t really make sense when non-Apple apps are allowed on iOS, which can leak data so valuable that Amazon and eBay will pay you to use their apps rather than web. Apple’s most recent zero-day vulnerability was exploited along with a flaw in WebKit, and so left all users exposed because users of other “browsers” are forced to use WebKit. Stuart Langridge has a great post going deeper into Browser choice on Apple’s iOS: privacy and security aspects.
Updated 9 Feb 2022: And, of course, Apple kept quiet about a WebKit bug that leaks user’s data, leaving it unpatched for almost two months.
Project Zero’s analysis of 2021 bugs shows that WebKit was by far the slowest to patch security vulnerabilities:
WebKit is the outlier in this analysis, with the longest number of days to release a patch at 73 days. Their time to land the fix publicly is in the middle between Chrome and Firefox, but unfortunately this leaves a very long amount of time for opportunistic attackers to find the patch and exploit it prior to the fix being made available to users. This can be seen by the Apple (red) bars of the second histogram mostly being on the right side of the graph, and every one of them except one being past the 30-day mark.
Allowing other rendering engines leads to Chromium taking over the world
This one kind of makes sense. After all, Opera abandoned its Presto engine and Microsoft abandoned Trident, and both went to Chromium. Firefox risks sliding into irrelevance due to inept lack of leadership. If Apple were forced to allow Chrome onto iOS, then domination would be complete!
The interesting predicate of this argument is that Apple intend to keep Safari as the sad, buggy app that they’ve allowed it to wither to, because it has no competition. I emphatically do not want Chromium to win. Quite the opposite: I want Apple to allow the WebKit team to raise its game so there is an *excellent* competitor to Chromium.
WebKit is available on Windows, Linux and more. Safari was once available on Windows, but Apple silently withdrew it. SVP of software Eddy Cue, who reports directly to Tim Cook, wrote in 2013
The reason we lost Safari on Windows is the same reason we are losing Safari on Mac. We didn’t innovate or enhance Safari….We had an amazing start and then stopped innovating… Look at Chrome. They put out releases at least every month while we basically do it once a year.
There is browser choice on MacOS, and 63% of MacOS users remain with Safari (24% use Chrome, 5.6% use Firefox). As everyone who works on browsers knows, a capable browser made by the Operating System’s manufacturer and pre-installed greatly deters users from seeking and installing another. There is no reason to believe it would be different on iOS. (Internet Explorer on Windows isn’t a counter-example; there were much better alternatives, long before Edge came along.)
But let’s set out aspirations higher. Imagine a fantastic Safari on iOS, Mac, Android, Windows and Linux, giving Chrome a run for its money. If anyone can take on Google, Apple can. It has talented WebKit engineers, excellent Standards experts, a colossal marketing budget, and great brand recognition.
If Apple allowed Safari to actually compete, it would be better for web developers, businesses, consumers, and for the health of the web. Come on, Apple, set Safari free!
