Welcome to Day 13 of #epicvapple. @joshua_sisco and @BobbyAllyn are doing double duty and are back in court again today.
Apple’s Michael Schmid, who works with game developers, will be back up on the stand this AM. After he’s done, Craig Federighi, senior vice president of software engineering at Apple, will testify followed by Dominique Hanssens, Apple’s marketing/survey expert
YGR says she works every weekend during trial because she has "hundreds of other cases" and those do not end at the end of the trial day.
CEO Tim Cook will testify at 8:15 am on Friday, Apple's Doren says.
Apple's Michael Schmid is resuming the stand. He is being examined by Apple lawyer Jay Srinavasan.
Schmid is head of games development for the App Store. Apple works with hundreds of game developers, some weekly. It's a global team so they work with developers all over the world, he says.
In the App Store right now, there are podcast apps. Those would be labelled as either news or entertainment, Schmid says. Apple's podcast app predates the App Store.
Game developers generally focus on games and not other types of apps, Schmid says. The technology also sets them apart. They generally use Unreal Engine or Unity to build games and are on the leading edge for graphics and other technology, he says.
Most other app developers are focused on subscription revenue, but games not as much. They tend to focus on in-app purchases, Schmid says.
YGR got a note that the public line isn't working, so we're paused for technical issues. And back to basketball talk about Warriors v Lakers.
YGR says she will be interested in how judicial proceedings will be once things are "back to normal." In her view, the pandemic has allowed much more public access than before since they've had to learn to use tech tools.
And we are back on now.
Is there a way for a user to avoid the Apple commission in making an in-app currency purchase? Srinavasan asks. Developers can make purchases available on other platforms. It's at the discretion of the game developer, Schmid says. Users get to choose where to buy.
Srinavasan is now going to have Schmid demonstrate how to do this with the game Hearthstone. playhearthstone.com/en-us
Schmid says you can buy card for this game on PC, mobile web, desktop web, Apple and Android.
Schmid made a video for how to do this on his phone. He is now narrating it aloud.
He opens the Hearthstone app and shows he has no cards. He goes to mobile web and the website battle.net and buys a card deck. And then logs back into the app and there are now cards there.
He now says he's going to try and demonstrate with Candy Crush using a video he made on his phone.
Candy Crush and King.com try to push users the app on the phone, but Schmid says you can request the desktop version of the webpage, login and then buy gold bars.
Are there other games that allow this functionality? Srinavasan asks. Yes, it's up to the developer. PUBG mobile and Call of Duty mobile also allow buying on mobile, Schmid says.
There are also some developers like Roblox and Fortnite that have gift cards in brick-and-mortar stores, Schmid says. Those are redeemed online and then can be used on mobile apps.
Apple invests a "tremendous amount of time and energy" in game developers, Schmid says, with business and marketing support, engineering support and developer tools and products.
"We want to be the best platform to develop a game or app in the world," Schmid says. Apple has to compete to get developers on its platforms, he says, like Google Play, consoles and PCs. They are also competing with cloud gaming now, he says.
Developer tools include APIs and AppStore Connect to help build the business on the App Store, he says.
Business tools include AppStore Connect include TestFlight to manage distribution of beta software. There are app analytics and information on sales and trends to manage revenue, Schmid says.
Engineering support includes WWDC that allows developers to interact with Apple engineers, Schmid says. There are also phone calls, emails and in person meetings that the engineering team takes part in with developers.
Schmid said he recalls Apple engineers working with Epic on a problem involving the memory footprint of Fortnite.
Apple provides marketing and editorial support, both owned and paid. Apple's owned marketing includes e-mail list, App Store pages and its social media accounts, Schmid says.
Chapter 2 of Fortnite was big day in which Apple let Fortnite take over the games tab and it wrote a story, Schmid says. Also Apple would tweet or retweet Fortnite content on Twitter, he says.
Apple aggregated all the ways we communicated with users about Fortnite and it involved 500 million communications (many email but also tweets). Schmid says they would collect that information in the regular course of business.
Paid marketing is when they buy ads, Schmid says. In August 2020, after Epic sued, he worked with internal teams to investigate the support that Apple provided to the company during their relationship. "I was the most familiar with the account," he says.
In the last 11 months before Fortnite left the App Store, Apple spent just under $1 million. It was more than they spent on other games, he says, and more than they've spent on any game since.
Schmid was initially the person on point for Epic. “It was a pretty demanding relationship,” he said, mentioning 5 AM phone calls and Christmas phone calls. He would describe the Apple-Epic relationship was "tumultuous."
"Fortnite was the hottest game at the time," Schmid says. "It was worth that effort to bring it to users." Fortnite was reviewed more than 200 times while it was in the App Store.
Epic requested expedited App reviews more than 80 times in 2020, Schmid says.
Fortnite was always bringing new content to the game and it was important to the business to bring that content quickly. Because they were working on that, they didn't fix some "systemic" issues they had with respect to submitting on the App Store, Schmid says.
Schmid is looking at a March 2019 email he sent asking for expedited review of a Fortnite update. "It almost feels like they are abusing expedite process," an Apple colleague says. Schmid says he doesn't think they were abusing it, though there was a "systematic" issue
Now looking at an Oct. 31, 2019 email between Schmid and Epic with another expedite request. An Apple colleague was complaining that Epic always submitted patches as an "emergency"
Schmid said he couldn't push back on Epic's expedite requests because of the possibility that iOS users would be left behind. "I didn't think it was appropriate" to deny Epic, he says.
Schmid is now reading from an August 2019 email chain in which Epic thanked him for helping put through an update quickly.
Another email between Epic and Apple. Epic executive thanking Apple for some help with a collaboration between Fortnite and HouseParty.
On the day Epic put in its hotfix, Schmid's contact at Epic sent an e-mail to him. "My takeaway was he was sympathizing with me," Schmid says. Epic's lawyer objects. YGR says she's not sure it's relevant.
Srinavasan ends. Epic's Lauren Moskowitz is now up.
Before he moved to Apple, Schmid says he did work on some console games, though mostly mobile games. He can't recall any games that were only Android.
Moskowitz asks about the "Sign in With Apple" feature. "You need to sign up for an account with a developer?" Moskowitz says. Schmid says he can't answer because it's a nuanced question.
Epic had some difficulty with Sign in With Apple because it wasn't allowing the company to collect information it needed to verify if accounts needed parental consent, Moskowitz says. Schmid said he wasn't aware.
Schmid says he uses Sign in With Apple, except on games he's played since before the feature was available.
Are you aware that Facebook publicly stated that Apple told them they were not to tell the public about the 30 percent commission? Moskowitz asks. Schmid says he isn't aware of that.
Are you aware that Apple offered expert testimony about what can and cannot be done on a website? Moskowitz says. Schmid says he didn't know. So you didn't know there was discussion about Candy Crush last week, she asks. Schmid says he didn't know.
Moskowitz asks whether Schmid left out steps in his Candy Crush demo. He says no. Moskowtiz points out that he didn't log in. Schmid says he was already logged in.
You can Sign in With Apple on the Candy Crush website? Moskowitz asks. Schmid says he doesn't know. Are you aware that if use Sign in With Apple, it wouldn't work? she asks. Schmid says he's not aware of that.
Now we are going to walk through this in real time in the court.
When you go to the Candy Crush app, you can sign in with e-mail, continue with Facebook or continue with Apple.
It does not say anywhere go buy gold bars on our website, does it? Moskowitz says. No, Schmid says. He acknowledges that it violates Apple rules to say in native app they can buy things elsewhere.
Epic's person has logged into Candy Crush using their Apple account.
Now they are going to King.com, the developer of Candy Crush.
Moskowitz says you have to "trick" the browser into thinking its a computer. Schmid says its not a trick and that he thinks users know about how to "request a desktop website" (Note: I just learned how to do this for this demo)
(I am not very tech savvy. I also learned how to make a website icon on my home screen from this trial. I guess I'm learning useful things?)
Moskowitz is showing that you can't use the Sign in With Apple feature on King.com website. "That's the developer's choice," Schmid says. "They have not enabled that."
Moskowitz says we are not going to do a "painful reenactment" for Hearthstone (thank god.)
Moskowitz notes that Schmid only needed to make one-click in his videos because he was logged in on both the app and into battle.net on his browser and already had his credit card info in there. He agrees.
Schmid says there is a feature called Promoted In-App Purchase that lets users buy in-app currency directly from the App Store rather than going into the app and buying it there. He can't recall any particular games using it right now.
YGR asks if the price was the same in the app and on the website where he bought it. Schmid said his purchase on the website included tax but the tax was included already if he had bought in the app.
HouseParty is not a game, Moskowitz says. Schmid says it has games inside it. But he confirms HouseParty is not a game.
If Epic had wanted to categorize Fortnite as a general app instead of a game, would Apple have allowed that? Moskowitz asks. Schmid said that App Review might have overrule that.
Schmid confirms that App Review can overrule a developer's choice of category for their app in its review.
Entertainment is a separate category from Game, Schmid confirms. Both the entertainment and game categories use the words "app," "interactive" and "entertain."
Schmid says he is aware that press is covering this trial. He says he hasn't read the coverage and wasn't aware of Trystan Kosmynka's testimony that Roblox is not a game.
YGR notes that she ordered witnesses not to read about the trial.
They are now looking at this article theverge.com/2021/5/14/2243…
Schmid confirms that he visited Roblox website two days ago.
In the case of Roblox, Apple doesn't review the user-created content, Schmid confirms.
Apple recently revised Schedule 2 to the Apple Developer Program License Agreement, Moskowitz says. They are now looking at it. It is dated March 2021.
She is now reading from Section 7.1 of the agreement. It allows Apple to withhold payment due to developers in certain circumstances.
Schmid says he has never had to deal with this provision.
YGR asks about the date of this update. Moskowitz says this wasn't in the DPLA prior to March 31.
Schmid says he doesn't have anything to do with App Review so he doesn't have any understanding of what Apple considers this update to mean.
Now they are discussing the definition of an affiliate.
Schmid says his understanding is anyone related to a developer. He confirms under that both Tencent and Sony would affiliates of Epic.
Moskowitz reveals she plays Candy Crush and her level is "embarrassingly high"
Moskowitz asks if Schmid knows how much Apple made from Fortnite. He says over $100 million. So they spent $1 million on advertising but earned $100 million, Moskowitz asks. Schmid said the $1 million was only over the last 11 months for Fortnite, he doesn't know how much more
Schmid says his team does track how much revenue a game brings in after its featured in the App Store.
He testified his team did not do that in his deposition, Moskowitz reads it aloud.
Schmid says he doesn't know the size of Apple's social media presence in comparison to Epic's.
Apple benefited substantially from having Fortnite on the App Store, Moskowitz says. Schmid agrees.
At some point in time, Schmid had a convo with Epic about creating a character based on Steve Jobs. He says it wasn't his idea though he did follow up on it.
They are now talking about the Rogue Agent pack slashgear.com/fortnite-rogue…
Apple asked for Rogue Agent to be exclusive, Schmid confirms.
Looking now March 2020 email is discussing a "tear sheet" that Apple created to report for an executive how the developer is doing in the App Store. There 115 million downloads of Fortnite from launch in 2018 to date. 79 million were the result of search
Morning break for 20 minutes
And we're back. Epic's Lauren Moskowitz is cross examining Apple's Michael Schmid.
When Apple changed to iOS 12, it caused some issues related to memory. Moskowitz asks Schmid about an email in which it says 1 Apple engineer was working with Epic and 8 engineers to resolve the issues.
After App Review happens, an app has to go through propagation, which can take up to 24 hours, Schmid confirms. On average it takes 72 hours once a developer submits an app for it to go through app review and propagation, he says.
Schmid says he can't recall a time he has refused an expedited request for any game developer.
Epic complained several times about the length of time it took Apple to propagate the game, Schmid confirms. It would take the consoles seconds or minutes, but Apple talked longer, Moskowitz says.
Moskowitz turns over the witness. Srinavasan is back up for redirect.
Srinavasan turns back to the videos Schmid played on buying currency through web browsers. Srinavasan asks the videos be admitted into evidence. Moskowitz objects.
To be equal to both sides, YGR says she won't admit it. She says the court of appeals can try to do this themselves
Schmid says if a developer offers a third-party login like Login with Facebook, they have to offer Sign in With Apple. But King.com did not offer Sign in With Apple on its website. Apple makes it available on web and app, he says.
Most developers allow users to remember their password on their website, Schmid says. Most apps remember them. Schmid agrees that within the gaming industry, users generally save their passwords.
YGR is now asking questions. There's been a lot of discussion about gamers in this trial. Has Apple done any studies or profiles in terms of gamers as a separate and distinct customer base? Yes, Schmid says.
How much money does Apple make from gamers versus regular iPhone users? she asks. If you look at revenue from games, its billions of dollars generated, Schmid says.
When you look at title gamer, that's where I get uncomfortable. His wife plays Scrabble Go every day. In a traditional sense, she wouldn't be consider a gamer. But he would consider her one.
Are you saying all app users are also gamers? YGR asks. No, he says. If we are saying a gamer plays a game once a week, its a very large percentage of users, Schmid says.
Within the context of revenue, do you do analysis, she asks. They do analysis on game revenue, but Schmid says they don't split users into groups.
The vast majority of games are free. Premium games are still a business but much smaller than a decade ago, he says. Few games are able to crack the subscription model, Schmid says. It's much smaller than in-app purchases though
Moskowitz has a follow up. Do you have personal knowledge or is that something you'd have to look up? she asks. He says he couldn't say off the top of his head.
Schmid is now done. Apple's Craig Federighi is up now.
Apple lawyer Jason Lo is going to do the questioning (I believe)
Federighi is senior VP of engineering. He's going over his resume. He worked at Oracle and Next Computer, which was acquired by Apple.
He primarily works on the engineering of the operating systems, including iOS, iPadOS and MacOS.
MacOS and iOS share a kernel, but "there are tremendous differences," Federighi says.
The smartphone market was going to touch many more people than computers. It needed a security architecture that was different, he says.
"We wanted to radically rethink people's relationship with apps," Federighi says. On computers, people download software infrequently. On the phone, they thought people might download apps all the time so they wanted to create a system that would be secure end-to-end
iOS ecosystem is quite popular, there are more than 1 billion devices, he says. There's a large market out there to potentially attack. iPhone users are more likely to download apps by far, than Mac users. That means there are lots of opportunities for attackers in apps
iPhones are attractive targets because they have personal info, cameras, microphones, know your location, Federighi says. They can unlock your office or bank account, making them very valuable to attackers.
There are less than 1/10th of the number of Macs as iPhones, Federighi says. Mac users generally only install a handful of apps when they set up the computer, he says. iOS users are accustomed to getting new apps all the time
Federighi is now looking at a demonstrative of different types of attacks. Scam apps: ones that don't give users what they say they will. Vandalism and sabotage: software that exists to do damage, can be pranks or take out systems.
Ransomware: getting someone to pay money to avoid embarrassing/confidential info released or regain control of a system that has been taken over by an attacker
Surveillanceware: if you can get access to camera/microphone you can spy on a user. a key logger is also one type
Info stealing: stealing information. A common one is fake banking apps that are trying to get your account credentials, Federighi says
New slide with how attackers use malware. After develop it, they have to figure out how to package it to get someone to download it, Federighi says. A common one is a "trojan," where users get something extra with a legit app or software.
Phishing is another, where they send you an email that seeks to trick the user to download something, he says.
The OS has defenses to attack bad software, Federighi says. But attackers often seek to fool the user into giving the software access it needs.
Federighi says Apple seeks to provide many, many layers to protect users. "We try to stack up many layers of defense," he says. There are three broad categories: malware scans, signatures/certifications, sandboxing
"Very often malware is operating not by circumventing the technical mechanisms but by fooling the user into giving them what they need," Federighi says.
The iOS ecosystem could fund a large attacker base, like it has for Windows, Federighi says. The Mac attracts less attention.
There are automated checks in app review, Federighi says. Those ensure the app actually works. Then there's a human policy review within App Review.
App Reviewers check for 1) marketing description, which offers information on the developer and what the app is supposed to do. Federighi says this often foils attackers because they are trying to impersonate another popular product
2) functionality, making sure the app performs what its supposed to be; 3) entitlements, a list of what core things the app wants to access like contacts or microphone; 4) physical safety, checking for apps that are inherently risky for users or would lead to unsafe behavior
"A computer can't actually tell 'Is this an accurate marketing description,'" Federighi says. Centralized software distribution, ie the App Store, is "critical to ensuring the user is getting software from a reliable source"
Sideloading would bypass the human review, Federighi says. YGR, there are multiple stores on the Mac. If it can happen on the Mac, why shouldn't we allow the same stores to exist on the phone?
iOS has a "dramatically higher bar" for security. Mac doesn't meet it, Federighi says. Today we have a level of malware we don't find acceptable on the Mac, he says. Android also has a "considerable" malware problem. "With iOS we've aspired to create something far more secure"
Every report I've read shows infections of malware on Android 30x as on iOS, he says. "The results in the real world are dramatically different," Federighi says. "iOS has so far succeeded in staying ahead of the malware problem"
On Mac, "it's an endless game of whackamole" with malware, Federighi says.
The Mac has been part of a system where there's an expectation of openness and users expect a degree of flexibility. That comes with a certain level of responsibility. With iOS, children even infants can operate and be safe, he says.
On Mac, have to block certain types of malware every week, Federighi says. On iOS they have never needed tools focused on it. He said in one week, there were 130 malware problems on Mac and only three on iPhone, one of which didn't involve the App Store.
They are now looking at a marketing document related to MacOS. (I think its this one: apple.com/macos/security/)
Lo read out part of this graph
Now reading the last sentence here
"We believe, in PC-class devices, the Mac is the safest possible," Federighi says.
Removing the App Store as the central place for software "would subject iOS users to a huge decrease in their safety," Federighi says.
Since last May, 130 types of Mac malware. One of those infected 300,000 systems, Federighi says. We do see a good part of that malware is surmounting notarization defense. 110 instances were cases because unknown malware, they passed notarization, he says.
Nation-state level or espionage attacks use previously unknown zero-day exploits to attack rivals or journalists. These are not the things that affect the average person, but can be extremely perilous, Federighi says.
Those attackers have to be very surgical in how they are used because Apple shuts them down quickly, he says. The nation-state attack is not something the average user would ever confront.
A major concern is protecting user privacy as well, Federighi says. When consumers use apps and websites, there is information collected about activity and can be combined with personal information, sold to data brokers and used, he says.
This information can be used to sell advertising, or to activate you politically, or put you in a filter bubble, Federighi says. We try to ensure users are in control of their private information, he says.
Apple tries to minimize data collection by restricting apps to only information they need, Federighi says.
Apple wants apps to be transparent with users about what information they are using, Federighi says. He is now talking about their privacy labels.
Now he is describing the new App Tracking Transparency requirements.
In addition to security oriented parts of app review, there are some requirements in app review related to transparency and user control, Federighi says.
"Many of these policies, we know of no way to purely enforce them on device," Federighi says. It is important for human to look. There are many that would like to avoid these privacy controls. "They are only enforceable through app review and central distribution"
Now moving on to the Enterprise Program. (You can do anything like create an app to order from the employee cafeteria, he says)
(Is it just me or does anyone else feel like Federighi is thinking about Facebook when he talks about companies misuing private information and wanting to get around Apple's privacy policies?)
Enterprise apps aren't reviewed by Apple, Federighi says. "This has been an area of significant abuse," he says. There has been a pattern of fake companies and setting up alternate app stores full of virus and Trojan software.
If anyone and everyone could distribute apps to iOS users "it would be a pretty devastating setback for iOS security," Federighi says. It would become commonplace for users to be directed to download software subject to malware.
What about just a few stores? Lo asks. "I don't know how that would work," Federighi says. "What mechanisms would there be?" As you see with Enterprise program, there's a lot of fraud that goes on.
Couldn't more conservative users just keep going to Apple's App Store? Lo asks. Unfortunately not because developers might only make apps available through alternative app store or sideloading, he says.
If a user needs that app for works, school or to be in the right social group, they will go where it's available, Federighi says (He is totally talking about Facebook).
"There is an exploitation innovation model out there," Federighi says. Microsoft had a lot of problems back in the day. They continue to be the most exploited platform because there is a base of attackers.
We are in lunch recess until 1:15/4:15.
Back now. Federighi is back up on the stand.
The App Store is a trusted source for apps and users are very free about downloading new things from developers, Federighi says. If they become more wary and have to be less trusting of downloading apps, that would be bad for newer developers.
"I would have grave concerns" if the control over user privacy handed off to a third-party, Federighi says. People buy an iPhone because of our "unique" security and privacy, he says.
Do you believe Apple incentivized to protect security and privacy of iOS users? Lo asks. Absolutely, Federighi says. We have invested "tremendously" in creating and maintaining.
Federighi says he is part of the work on human interfaces, how to move between apps, swiping etc. Apps are the center of the user experience on iOS. For streaming apps, each streaming game has to be distributed as a distinct app, he says.
Are there privacy control reasons for that? Lo asks. Yes, Federighi says. There are privacy and management reasons. Users set parental controls on set on an app basis.
If there was one streaming app, you'd have to give the aggregator app access to everything, Federighi. There would be no way to tell at the system level which individual game needs what.
How does Apple look at games with user-created content? Lo asks. So long as it feels like different parts of one experience, we think of it as one game, Federighi says. That's different than a streaming service, he says. You want the user model and interface model to match.
Media like music or video has always been managed in collections, Federighi says. These are not different application experiences. They play the same way no matter what you are watching, he says. "We draw a real distinction for playing and managing apps" than media
Lo is done. Epic's Yonatan Even is up now.
The current model by Apple is favorable to developers? Even asks. Broadly speaking, yes, Federighi says.
Even is asking about a Nokia study that Federighi mentioned twice. Federighi says he wasn't involved in the study, it's just something he read.
At his deposition, Federighi said he didn't have any data on malware in third-party app stores. "Yes," Federighi says, but I have that data now.
On the Enterprise program, a company had to be vetted by Apple first, correct? Even asks. Yes, Federighi says, they claimed to be a business. To the extent these stores operated, that was a failure on Apple's part, Even asks. "I wouldn't characterize it that way," Federighi says
From 1999 to 2009, Federighi worked at Ariba. When he returned, he did not take over direct responsibility for iOS until 2012, he says.
He wasn't at Apple when the first iPhone launched or when the App Store launched. When he took over iOS in 2012, he wasn't on the ERB, Federighi says. You have no first-hand knowledge about the design that went into App Store, Even asks. Yes, Federighi says.
They are now looking at Nov. 2007 internal presentation by Apple on allowing third-party apps on the operating system that would become iOS.
It was written by leaders of Apple's security team at the time, Even just established.
This white paper requires Apple sign-on but separates it from distribution, Even says. "This envisions the possibility of that option," Federighi says. It doesn't say Apple needs to do distribution for safety, Even says. Federighi says it didn't seem to reach a conclusion
Even is now asking about the Apple Platform Security white paper, which Federighi's team puts together each year.
Even hasn't said which year they are looking at, but the newest one is here support.apple.com/guide/security…
Reading from this graph
You understand it is possible to open up iOS without taking out Apple's App Store? Even asks. Yes, Federighi says. The user can decide, Even says. If they are willing to be limited to what apps are in the App Store, he says.
If the user purchases only from the App Store, she would have the same security as today, Even says. No, Federighi says, because the environment would change.
Even is now reading from the deposition Federighi gave. When asked that question at his deposition, he said yes.
Your concern is that certain apps might not be available in Apple's store and would guide users to other app stores, Even says. Federighi says that is one concern.
In the world as it exists today, Apple would be able to offer a much bigger audience than any other company since its App Store is preinstalled? Even says. There's a web browser installed, Federighi says, they can search that way.
The App Store has a reputation for privacy, reliability and all other app stores would have to start from scratch, Even says. Steam has a reputation, Federighi says. Epic has a reputation. They aren't starting from scratch.
On MacOs, Apple runs a notarization service. There's nothing preventing Apple from scanning for additional things, Even says. Federighi says it could be difficult technically.
Even asks if they could use PhotoDNA to look for pornography. Federighi says no, that wouldn't work. Even points out this is what YouTube and TikTok do today.
"I think that would not be practical," Federighi said. You could have a portion of notarization have some form of human review, Even says. That is incorrect, Federighi says.
Now reading this from that White Paper
Gatekeeper can be set to only allow apps from the Mac App Store and a parent can set up parental control that only allow a child to download from the Mac App Store, Evens says. Federighi says that is correct
You could implement all the protections on MacOS on iOS? Even asks. Technically, yes, Federighi says.
Apple had record sales of Macs in 2020, Federighi agrees though he says he doesn't recall actual users. There are more than 100 million active Mac users today.
They are now looking at this webpage: apple.com/education/k12/
Even points out that Photoshop and AutoCAD are not available in the Mac App Store. Federighi agrees.
This page doesn't raise any concerns about that software not being available on the Mac App Store, Even says. Federighi says this is not a security document.
It doesn't say that you should buy an iPad instead of a Mac, Even says. Not explicitly, Federighi says. We talk about malware. It doesn't say that anywhere on here, Even says. Federighi then agrees.
Federighi says he is not involved in the day-to-day process of running Apple's app review. He doesn't know how much time each reviewer spends with an app.
Looking at an August 2013 email by Federighi about an app that was approved by app review and later changed its behavior. Federighi said there was nothing app review could do to prevent this kind of a potential malware attack. "That's correct," Federighi says.
Federighi confirms there are no native gaming streaming apps on the App Store.
They are talking about an email from 2017 discussing LiquidSky (a now defunct game streaming service) en.wikipedia.org/wiki/LiquidSky
Even shows Federighi a Privacy Label and hows him where it says the information is not verified by Apple. That's his last question.
Lo is now back up. Federighi says while he said in his deposition he didn't have data about malware, he was able to get it afterward.
Federighi said he is concerned that in a world with more app stores, while an iPhone user would have the same level of technical protections, the level of attacks, the sophistication of the cyberattacks would change.
On the Enterprise program, even if Apple does a sophisticated background check upfront, sometimes those certificates are passed on afterward to non-legit places, he says.
Lo returns to the 2007 white paper written by Apple's security experts about creating the iPhone. Federighi says understandings about security have evolved in the past 14 years.
Even with code sign-in, do you have a view if it would be safer or more secure for Apple to distribute apps? Lo asks. "I have a very strong view that centralized app distribution and review are central to the safety of our users," Federighi says.
Returning to the security of Mac, Federighi says its safer than PC. Even in environments like K-12 or education, those systems are well locked down and can't install applications. "They have to be managed carefully."
If Apple were to institute human review in notarization, would the fact that developers be allowed to distribute outside it impact the effectiveness of that review? Lo asks. On Mac, if notarization were to become a bigger obstacle, developers might start going around it, F says
It's closing time, but Lo says he has 10 more minutes, so YGR says he can finish so Federighi doesn't have to come back tomorrow.
If Apple instituted notarization and Gatekeeper on iOS, "I believe that would be a significant downgrade" in security for users, Federighi says.
We are back on that marketing page for K-12 student. Federighi says Apple positions Mac as offering flexibility on software, peripherals, multiple monitors. iPad touches a wider audience, can be a child's first device. It provides pencil and touch and portability
On privacy labels, Federighi says, the labels are the responsibility of developers and if Apple receives information it is not correct they will work with the developer to make corrections to the label. Apple does also audit them, he says.
Going back to that 2013 email, it referred to a Jekyll and Hyde app, Federighi says. Those often can't get through human review more than once, he says.
Lo finishes. Even had said he only had a few questions
Federighi is done and YGR excuses him.
And we're done for the day. Just two more days to go....

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Leah AntiTrustButVer1fy Nylen

Leah AntiTrustButVer1fy Nylen Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @leah_nylen

20 May
Day 14 of #epicvapple. I feel a bit like a marathon runner entering the last few miles. The end is in sight, just have to get there.
Today's reporters are @mslopatto and @Siliconlaw. We're getting a few more expert witnesses from Apple today: UCLA's Dominique Hanssens; James Malackowski, CEO of Ocean Tomo; and Aviel Rubin from Johns Hopkins
YGR says she felt "too much stress" to watch the Warriors-Lakers game last night.
Read 229 tweets
18 May
Doren returns to the sexual terms. There are categories of things we don't want on our store like pornography, Schiller says. When you have categories of apps, like dating apps, developers will try to find where the line is. "It's not an easy task," he says.
It would be inappropriate for Apple to reject dating apps because of the people who use them, Schiller said.
Nudity is allowed for medical apps, but pornography is not permitted, Schiller says. "It's been a very difficult topic," he says of porn. Apple sets rules like the display of genitalia to help the app reviewers, Schiller says.
Read 58 tweets
18 May
Now it's adding podcasts, Forrest says. Schiller says that is iTunes not App Store.
Schiller says he receives regular reports on how much Apple is earning in search ads through the App Store. They are looking at one (which is sealed).
You are aware IAP requires developers to choose a price from a price tier, Forrest says. Schiller agrees. The prices must end in .99.
Read 47 tweets
18 May
And now, back to our regularly scheduled #epicvapple coverage. Apple's Phil Schiller will be back up on the stand this morning. Expect him to have a tougher reception today as Epic's Katherine Forrest gets her chance at questioning.
Today and tomorrow, we have @joshua_sisco and @BobbyAllyn as the in-court reporters.
If Schiller finishes today (he might or might not depending on the cross examination), Apple's Michael Schmid, head of game business development for the App Store, is up next.
Read 160 tweets
18 May
And lastly, my fave topic of all: SEPs. Last night, @JusticeATR filed a letter with the 5th Circuit.
Some background: the Trump admin DOJ AAG Makan Delrahim had strong views on the intersection of antitrust and IP, views that contradicted those held by the Obama DOJ.
Under Delrahim, DOJ weighed in on a number of private #antitrust cases with "Statements of Interest" expressing views on antitrust-IP. One such case involved Continental Automotive, which had sued Avancii a patent company that owns SEPs needed for connected car tech
Read 6 tweets
18 May
In pharma #antitrust, @oversightdems released a staff report this AM on Abbvie and Humira oversight.house.gov/sites/democrat…
@OversightDems Among the findings, Abbvie knew Humira, a blockbuster arthritis drug, would face biosimilar competition in 2017, so it took steps to delay that until 2023. The company's internal documents estimate that cost the U.S. health care system $19B
Abbvie has sought or obtained 250 patents related to Humira, the report found. The company has invested a lot of its R&D into a Humira “enhancements” program to protect against biosimilar competition.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!