Well, certainly don't rely on forums to get your legal info. Feel free to consult someone versed with data protection regulations in countries where your app is available.

It doesn't, at least not under GDPR and not in that scenario. Contoso is a "[personal] data controller" and SAP is a "data processor". Contoso has a legal responsibility for all personal data and for all its vendors.

Contrary to a popular opinion, GDPR is fairly logical and close to common sense.

It gets murkier with "joint data processing" (a cursed cop-out for scenarios like Facebook acting both as a data processor for a website's ad tracking and as a data controller for its own ad tracking at the same time), but the scenario you described is not that.

No, it's true. On-device actions count in the eyes of the law. "This app processes the user's data on-device, does not allow other apps to access the data, and optionally copies it to a server that the user provides" is a description.

No. Data processor has a special meaning (at least under GDPR) and requires you to be a separate entity from the data controller (article 4(8) of GDPR). Just because you process data, will not make you a data processor. A software developer is neither a controller, nor a data processor per se, but the question is why the software processes any personal data. If there is no third person on whose behalf you process data, you might still easily be a data controller and all the privacy related obligations primarily rest on this role. Controllership does not depend on sending any data to remote locations/other apps outside the phone etc., but more on whether there is any personal data processed in the app at all and if there is, the reason for that processing. If you're not processing any personal data, you'll not be a controller, but if you do, you'll be unlikely to be able to skip this responsibility altogether. Considering you'll be the only one knowing exactly what your software can and cannot do with what kind of personal data, you'd better at least explain that to the user. Surely, developers of some software (e.g. compilers) will never be data controllers even if the software can compile software to process personal data... But for many frontend software, like apps, there is no such easy way out unless not processing any personal data at all, including usage data, which is also not an easy thing to do. But that doesn't mean you can just skip the obligation towards the store manageer who says you HAVE to provide a privacy policy even if you don't process any personal data. Similarly, processing for "purely personal or household activity", even by automated means is outside the scope of GDPR in EU, but that will not save you from the privacy policy obligation towards Apple or whomever.

Correct. They are using my software to process their input.

As the app developer you clearly control the means of processing, you are the data controller. You may have opted for “offline processing” which simplifies your compliance, but it is still processing under your control (and subject to change in future updates, which needs to come with a change to your data processing policy with informed user consent).

Uh-huh. Are we getting privacy policy for sed and grep next?

EDIT: meant to reply lower.

Google (knowingly?) benefits from the current posture of defaults.

You can't one click install a web app, nor is it the expected user behavior.

The "might be harmful" and buried system dialogues mean that 0.001% of users will ever do this. It's completely unviable.

In a sense this might be worse behavior. Google gets to skirt regulatory scrutiny, yet functionally enables zero companies and users to leverage this path.

The app store controls what food ordering and dating apps are allowed to exist. So it's not a "to this person specifically" situation, but certain things don't make it to the market.

(personally I'm in the middle on this: some quality control is valuable, and probably essential for anything with access to user data or payment services. But the store is also anti-competitive.)

I see. Thank you for the clarification.

It’s still a lame review of social media commentary and not a novel take

A cherry picked measure of some rando who thinks Apple is taking money off the table that would be ours if not for Apple; free the market from this Kraken!

More banal free market retail capitalism demands from the IT crowd who would be Tim Cook themselves.

When someone here defines novel mathematical axioms, humanity will have reason to be impressed. Iterating inside the same old knowledge bubble and skill set is uninspiring; the demand to create an economic brand and build a flock of sycophants is sad old roleplay

This is news to me regarding the level of shittiness of Apple's marketing. Do you have any sources? If not that is OK. I don't think it's outside the realm of feasibility that this is so. It's not an extraordinary claim. Apple executives have the aura of "good guys" but that is merely a public facing facade.

I've found out even seasoned (but more often junior) devs and other folks have trouble accepting that their job is just another cog in some corporate machine where their added value or morality of job is often sorta grey area, without clarity even on the shade of it.

It can be banking, it can be ad business, or any other morally questionable endeavors, its the same story. Don't blame them per se, they don't know better and life would look suddenly pretty bleak with cold hard look in the mirror. Maybe the only clear failure IMHO is to not have something much more important defining who you are to yourself, your self-worth to say. Because then this becomes rather unimportant aspect of your existence and the need for elaborate invention of new convenient truths is much lower.

I’ve never understood why one would take time out of their lives, go to an online forum, and simp for a trillion dollar corporation or a billionaire. What are they getting out of it? MegaCorp isn’t going to give you a coupon for defending their honor online. Their CEO isn’t going to come to your birthday party. Their PR team isn’t going to send you a nice letter on parchment thanking you. What does one get out of putting finger to keyboard in defense of a megacorp? You see it all the time on HN and it is bizarre.

You see teens/low income people with a new iphone and its their identity.

I had a teacher call me poor for having an Android. I made 4x more money than her in a year, and decided to let her know that.

I also let her know that a phone I can get for $30/mo isnt much of a status symbol. Unemployed teens are able to afford it somehow.

You understand that this is an entirely separate argument about an entirely separate issue right? Even if Apple did do that, presumably it wouldn’t change their process for listing things on their curated App Store.

Well first, read my post. I'm not talking about Macs.

I think this is a cultural divide for young developers, because older developers wouldn't think twice about my comment, but clearly it's an unpopular opinion.

In carpentry, your hammer doesn't tell you what you can and cannot fasten.

No commercial, professional engineering tools require features for consumers, like favoriting items, for them to be distributed.

If that's lost on you, then I have no idea what you think a professional tool is, but there's no world I operate in where you and I share the same idea of it.

Yes, how would I know how else it might use the camera?

If the reviewer simply looked at the app description or opened the app they would have that context. Not hard. Just laziness.

It shouldn't be the developer's burden to ensure that the reviewer is operating above the reading level of a toddler. I am sorry that your boss apparently cannot, but that's not justification for all industries to operate that way. The purpose of a camera app is to take photographs. A user who downloads a camera app probably wants to use it to take photographs. This is something a child can understand. If I have to hold the reviewer's hand and explain what a camera is, I severely question whether that reviewer is qualified to be doing that job.

The text is not for the reviewer, it's for the user of the app.

Imagine the ridiculous level of explanatory humdrum apps would need to conjure if they were to explain themselves to uninterested people pressed for time like that reviewer you described?

in every one of those the camera is used for photography though

I love Apple products, and use their phones and computers.

I absolutely agree that my phone should be allowed to run whatever code I want without their having approved it.

Is the argument now better for having come from a different person, or am I misremembering what an ad hominem attack is?

If I could install whatever app I wanted on an iPhone, I would definitely try one out and very likely switch to using it over Android.

I actually did have an iPod Touch back in the early days of iOS, but it did not play well with my non-mac desktop, so I sold it and haven't owned an Apple device since then. But I am totally willing to give them another chance.

But to answer your question- because free markets require regulation to keep them free. If Google and Apple are allowed to have an unregulated duopoly, they will abuse that position to force out competitors and prevent new ones from entering the market.

I own a Mac Book Air from mid-2012. I run nixos on it. It does what I tell it to. When it dies, I will have to figure out if I will have the same control on the next one I buy - if not, I won't buy it. It's not a theoretical argument.

It sounds like they are looking for plausible excuses, not necessarily what's going on or using common-sense. This seems ripe for LLM automation.

Agree that there's not zero room for improvement.

I just think that it's a silly reason to reject this app.

(And I say that as someone who used to work at Google in the Android org - and I'd make the same comment if the Play Store did it.)

While I believe that the app store reviewer was being dense on purpose, I agree that this is a better prompt.

All right, mister smarty pants. Let's hear it then: What is a better explanation than "this app need camera permissions, because it takes photos, because it is a fucking camera app"?

There's strict, and there's kafkaian. It's not as if the reason why a camera app would require the camera is pretty obscure, especially if neither the app nor the permission text changed that much between reviews.

I'm totally on board with the idea that permission requests should include complete context, separated from any product description written in the App Store.

For example, there's the case where you download an app today, and don't get around to trying it for hours or days or longer. Curt "duh-style" permissions requests are user-hostile.

Apple insists that developers "try harder". In almost all cases, this is the right choice for the user.

Sometimes it's hilariously wrong, of course! There are humans in the review loop, and I've been on the wrong side of some epic ridiculousness. But on the whole, they're usually more frequently right than wrong. I'll take it.

Look, I am no happytoexplain but I think your position comes from deep ignorance of how the App Review process works and how it is advertised. You've written a lot of words about how you think someone just gets given the prompt in a vacuum and is supposed to judge that, and then explain why that is actually a good thing. Let me tell you, that is absolutely now how Apple describes the review process. I gave you a short answer because quite frankly this is an easy thing to look up yourself, and I feel like you should have done so before posting your rationale.

Easy solution: don't buy into the ecosystem if you don't want the primary feature of the ecosystem.

For example, I'm not going to buy Sonos speakers ever. It doesn't mean they should be outlawed for their practices.

> why not have a toggle to allow sideloading like android

Because then your grandmother will turn on that toggle as instructed by the fraud-center in South Asia, install a keylogger watching her banking activity when she sends you that $5 for your birthday, so they can drain that inheritance you were counting on.

See the article right here on HN about Python devs applying for jobs and being prompted to self-pown.

TL;DR:

There are more people susceptible to fraudulent instructions by bad actors than there are people qualified to evaluate consequences of running unvetted code.

Have such stores popped up on the Android system? I'm assuming such a system would be possible there but do not know.