Like a Bouncer at a Bookstore: Texas' App Store Accountability Act

I wish Texans realised that sovereignty over your own computer was in the same camp as the right to bear arms - the power to control your own life and not have someone else control you. Maybe this is a sign they're starting to get it.

This law is terrible and I hope it isn't implemented, but it's enabled by the locked down and centralized nature of iOS and the way most people get apps on Android, the Play store.

Once you try Android, you can't go back. I used an iPhone all my life, but a few months ago I switched to GrapheneOS and the FOSS software ecosystem is fantastic.

On iPhones, if a government doesn't want an app, like those ICE tracking apps, they can force Apple to remove them and no-one can install them. On Android, I source more than 90% of my apps from GitHub.

Dispelling FUD about Android:

1. The Google locking down Android only affects devices with privileged Play Services. GrapheneOS will not be affected because play services are not installed by default, and if they are installed, they are sandboxed and wouldn't have that authority.

2. If you were on a stock Android distribution, it's not that bad to wait 24 hours once. Yes, Google could make it worse, but that's just speculation. Their monopoly is being challenged to an extent through the GrapheneOS attestation, and will hopefully become illegal under anti trust law.

The change is only in play servics, AOSP takes a lot of steps to protect your privacy.

3. Causes for incompatibility on GrapheneOS are either exploit protections catching problems with an app, which can be disabled, or the app explicitly banning alternative operating systems as security theatre.

Only a small portion of banking and government apps completely ban GrapheneOS. Over 99% of apps are compatible. App developers have to add additional measured to break their app on GrapheneOS. I have over 40 apps and none are broken or have broken.

Some banking apps are officially supporting GrapheneOS through their privacy respecting attestation.

As more people use GrapheneOS, more apps will be pressured to support it. For example, although VW recently banned GrapheneOS, Hyundai and Kia have added express support for GrapheneOS in their apps.

I don’t mind Apple’s walled garden in the abstract, but the fact is they’ve been a terrible steward of their App Store. If you search for an app to do something small but useful, instead you’re presented with an ocean of identical apps that all have $10 a week subscription fees. The golden age of “hey I’ll just go on the App Store and buy something handy for $3” has long past, and a lot of those few-dollar apps have switched to a subscription plan anyway, meaning the money you spent was thrown away.

> requires parents to approve every app download and re-approve use of apps every time a “significant change” is made

Sounds good to me! We keep being told that parents should do a better job and this helps!

This law is terrible and I hope it isn't implemented, but it's enabled by the locked down and centralized nature of iOS and the way most people get apps on Android, the Play store.

Once you try Android, you can't go back. I used an iPhone all my life, but a few months ago I switched to GrapheneOS and the FOSS software ecosystem is fantastic.

Dispelling FUD about Android:

The change is only in play servics, AOSP takes a lot of steps to protect your privacy.

Some banking apps are officially supporting GrapheneOS through their privacy respecting attestation.

As more people use GrapheneOS, more apps will be pressured to support it. For example, although VW recently banned GrapheneOS, Hyundai and Kia have added express support for GrapheneOS in their apps.

That’s great for Kia, but if I owned at VW it doesn’t do me much good.

Same problem with banking apps.

That’s great for Kia, but if I owned at VW it doesn’t do me much good.

Same problem with banking apps.

My point was that more apps practicing this security theatre are adding compatibility for GrapheneOS because it's rapidly growing in users.

> requires parents to approve every app download and re-approve use of apps every time a “significant change” is made

Sounds good to me! We keep being told that parents should do a better job and this helps!

With one exception: app stores should be forbidden from verifying the age of legal adults.

That's not parents doing a better job, it's just more government overreach.

My point was that more apps practicing this security theatre are adding compatibility for GrapheneOS because it's rapidly growing in users.

That's not parents doing a better job, it's just more government overreach.

With one exception: app stores should be forbidden from verifying the age of legal adults.

Stupid impossible requirement

This week, CDT joined the Internet Society (ISOC) and New America’s Open Technology Institute (OTI) to file an amicus brief supporting Students Engaged in Advancing Texas (SEAT) and the Computer & Communication Industry Association (CCIA) in their challenge to Texas’s App Store Accountability Act. The law requires app stores to verify the ages of all of their users and, for minor users, requires parents to approve every app download and re-approve use of apps every time a “significant change” is made — a term broadly defined. App stores must also share age-related data with every app to implement the laws requirements. The district court issued a preliminary injunction preventing the law from going into effect and observing the law was “akin to a law that would require every bookstore to verify the age of every customer at the door.” The Fifth Circuit stayed the injunction pending appeal finding that the law should be subject to a lesser standard of scrutiny that it would be more likely to survive. Now the Fifth Circuit is considering the case in more detail.

Our brief argues that the App Store Accountability Act should not survive either standard of scrutiny applied by the courts. It cites to CDT research showing that parents and their children are exceedingly skeptical of age verification requirements and concerned about the ways they invade privacy. It further argues that parents and children find requirements that parents’ granularly control kids’ online lives to be invasive and overly burdensome. Both of these points underscore the chilling effect the App Store Accountability Act will have on accessing critical speech and other online services for kids and adults alike.

Finally, the brief argues that Texas could have taken a more privacy-protective and less speech-restrictive approach to helping children and their families achieve more appropriate experiences online. For example, Texas could have required the implementation of a voluntary age signaling system, giving parents, teens, and children the ability to choose which apps receive their age data to facilitate appropriate experiences.

Read the full brief.

Hacker Times

Hacker Times

Like a Bouncer at a Bookstore: Texas' App Store Accountability Act

Discussion

Discussion

Related Reading