I switched to using PWAs for social media apps for similar reasons the author outlines. A pleasant, but somewhat unintended consequence is that I just use them a lot less because the experience is pretty bad. It makes me a little sad because I’ve always believed in the PWA dream, but the reality is that they’re bad because companies certainly don’t want to make an experience that rivals the app they really want you to download.
Expected, but just leads to reinforcing the idea that PWAs won’t ever be as good when every one people try from someone with a popular app is so awful.
What's funny is that desktop versions of websites in a lot of cases are responsive, and work fine on small screen. BUT at the same time the mobile version is crappy and lacks some features (or just shows "download our app").
Recently I've set up Firefox on Android so that it always run in desktop mode. I needed to also change screen width in about:config, because otherwise everything is too small. But after this websites seem to work better.
I have had a FOSS web app for learning arithmetic for quite a few years. I occasionally review it, and make changes. Each year Chrome and Safari both nip at the edges of what allows a PWA to be OK. No one really cares until one has to write documentation helping folks install the PWA and avoid issues that did not affect the PWA a few years ago. I mean really, are Tim and Sundar really that afraid ?? I guess so. They have dozens of millions on the line. Capitalism... gotta luv it.
PWAs can be good, but for a lot of social media, they're only as good as their website experience. Many (most) companies seem to make their website intentionally slow and buggy, probably with the idea that users only need to use their web UI for a short while because they lost access to their apps or something.
For instance, I've installed Mastodon as a PWA and it performs great. Photoprism also works so well I haven't even bothered to look for an app.
The absolutely batshit insane part is that the 'native apps' are almost certainly created using web technologies which call the exact same APIs as the web app.
There's zero reason the web apps should be so slow.
You can't use Facebook Messenger on the web at all, unless you go to Facebook and switch to the desktop version. Then it's a simple matter of zooming in without accidentally clicking anything, using their fiddly interface to load up the conversation you're interested in, and get bounced around the screen as the input focus changes around.
I was wondering if it's just me. I am using Brave on iOS with all the possible blockers enabled, so I'm not surprised when some website doesn't work well. Instagram literally freezes solid after 5-15s of being on the website, so I usually only quickly scan the top 2-3 posts in the feed. I only follow people I know personally, so this is usually enough to do once or twice a day and stay up to date. If I see a close friend posted a story I kinda want to see then it usually takes two or three hard closes of the browser to actually see it. Sucks, but sucks less than being mental gamed into doomscrolling every time I get an app notification.
By the stopwatch it takes 3x longer for me to upload a photo to the Instagram web app than it does to Mastodon. Facebook's blue website works pretty well but the Instagram site comes across like something that was vibe coded in a weekend or maybe a straw man that was made to prove SPAs are bad. Contrast that to the Mastodon application produced by a basically unfunded application that's fast and reliable.
Just hours ago I couldn't even copy-paste a description of a post I drafted in another app. Literally nothing happened when I tried to paste. No console errors, no feedback, nothing.
It was a bit of a longer one, but still far below Instagram's supposed character limit. The fact that they somehow broke copy-paste functionality really baffles me.
Surely at some point some team that writes this has to demo it and someone checks it. After however many years of it not working, surely that's strategic, not accidental.
It's such a pervasive pattern and somehow always in the direction: the app works better than the website. If there even is a website.
Sometimes it goes the other way, in fact enough it's a running gag that the banner that says "Download our app for a better experience" at sites like Reddit ought to have one of these
I don't know if big companies even know how to make web apps. Honestly. Which is extra insane to me because there's so much investment in web technologies. On my team at $BigTech there's like 1 or 2 people out of 30 people on our team that knows web, the rest are mobile. I'm a web guy but I refuse to touch our web-app because they butchered the tech stack and I don't have the energy to deal with that BS. We still have an mobile-web version distinct from the 'desktop' version because.... I don't know why, whoever wrote it never learned about responsive web design and we never bothered to move out of the stone ages because if people want to use the app on their phone, they should download the native app of course! And by "native" I mean we built our own half-baked framework so that we could cross-compile for Android and iOS.
Also I don't think these people know how capable PWAs are. There's very little you can't do in a web-app that you can do with a native app.
Native phone apps give me the creeps. I assume the developer's are able to track me in various ways even without my giving permissions. Is that an unfounded fear on my part?
Can an app uniquely identify me if I don't give it
control over my phone number / nearby devices?
Can apps geo-locate me if the location permission has not been granted? (seems like they could just make a network request to their servers and use the IP address of the request for a rough idea).
I _really_ wish using the network was a permission (even if it was an "advanced mode" thing).
Android 15 supports Private Space [0] that is essentially a separate profile you can install apps into that you can put to sleep. Basically I put all low trust apps into it, but can still access easily enough.
Network is a permission on Android, it's just that phone manufacturers and likely Google don't want you to be able to control it. Most custom ROMs, including GrapheneOS expose it properly, often at the install dialog.
Some time ago, I used a module for Xposed on Android called XPrivacy which did exactly that. Yes, creepy app, you can have my location. It's Antarctica.
It does look like Xposed has successors, but my current approach is to just be selective about installing apps.
I use netguard and forbid network access by default for all apps. Mildly annoying for apps that need network access as I have to approve, but it's worth it.
On play store you can see the permissions that an app uses and they are grouped by category. Have full network access is set in the "others" category, same as notifications and vibration. This is a category where (supposedly) permissions are automatically granted.
But to be honest, other similar dangerous permissions like "view network connections" and "receive data from internet" are also there, categories are for "camera", "microphone" etc.
I suppose that the average user is more concerned about specific features, and since basically almost all apps require internet it may be there to avoid noise.
Still, an "internet" category would have been nice...
In the beginning of Android / iOS, just installing an app and registering was enough for the company to get your device's MAC address and thus your indoor location with accurate precision.
They could access your Wi-Fi network's BSSID (whose location is often public due to wardriving databases), and in public places, they had partner companies (malls, airports, etc.) whose routers would triangulate your position based on Wi-Fi signal strength and share information like "John is in the food court near McDonald's."
All of this happened without you even needing to connect to their Wi-Fi, because your phone used to broadcast its MAC address if the Wi-Fi was simply on. But now your MAC is now randomized, but it took a lot of time for Google / Apple to this.
An app can use the VPN API to intercept network traffic. This is all done with plenty of security popups (one to inform you an app is trying to register as a VPN, the another popup when it's first activated, and the while it's active there's a permanent notification that says "your connection may be monitored" with a quick button to kill the VPN).
The API is supposed to let apps do things like "route intranet/corporate app traffic over a VPN, let other traffic go through", but you can just as easily use it to drop traffic destined for certain addresses (such as ad servers), or to drop all traffic for specific apps. It's also possible to make decisions like "let this app connect to the internet on wifi but not on data".
It should be noted that system applications (phone OS, Google, sometimes carrier apps) can bind to specific network interfaces bypassing this API entirely. This means you can't use this API to 100% block internet access to preinstalled apps, even though apps will need to explicitly implement networking code to bypass such firewalls.
It should be noted that Google doesn't really like apps abusing the VPN API like this, in past because of the massive privacy risk. Google cut a bunch of these apps from Google Play, though there's not much they can do about APKs you download from F-Droid or github.
Simply your IP address can be used to track you so any app or website you visit knows roughly where you are with every http request unless you use an always on VPN. It can also fingerprint you in various ways without the need for any special permissions.
Agree with you about fingerprinting (also a bummer). I guess the difference here though is that I must be actively engaging with a website in order for it to be tracking me, but an app (I assume) can be tracking me basically whenever it wants.
iOS always asks for permissions. I suspect the same is true for unrooted Android.
But the general pattern is that you install some stupid vendor crapplet, and the first thing it does, is ask for every permission on your phone. Native apps can access a lot more stuff than ones restricted to a WebView sandbox. That's why they want you to use them.
You realize that if you are concerned about apps tracking you without you explicitly giving it your location, a website could do the same since there are browser APIs that can retrieve the same information only gated by the same OS controls?
When you go to a website, they have always known the originating IP address.
100% agree. The level of tracking has gotten to absurd levels.
I needed a couple of grocery items and happened to be next to an Amazon Fresh. Cool, let’s try it! Went in, found everything I needed and went to self checkout. When it was time to pay, the machine wouldn’t accept Apple Pay. I ask an employee who helpfully informs me that I can pay with physical cards or my Amazon account.
I didn’t have my physical cards, nor wanted to do my Amazon account so I had to leave empty handed. Why don’t they accept Apple Pay? Because they can’t track you. If you use a physical card, they can likely link that card number to an Amazon account and thus attribute the purchase to a person. If you pay with contactless payment they get a one time token that they can’t tie to anyone.
IIUC, contactless payment via apple pay does have a secondary card number of sorts that's linked to your original card.
I once accidentally paid for AppleCare with apple pay (a mistake), so when at some point I switched phones I had to get new secondary card numbers tied to my physical cards. The old secondaries went away when I wiped my old phone, so AppleCare was no longer able to draw the monthly payment. The number in the invoice was likewise not the original physical card number, but some other number.
Whether the secondary numbers are easier or impossible to track is certainly a question, but I believe there's always a number.
Walmart is the same. I believe it's very very slightly more expensive to process Apple Pay payments (Apple's getting a tiny fractional amount of the sale), and this was the actual sticking point.
Walmart rolled out their own QR code payment plan just so they didn't have to revshare anything. When you're the size of Walmart, you can get away with those types of decisions even though they are technically very much inferior
Payment services like credit cards demand a significant fee for a (nowadays) technically trivial service: instant cash-free payments. These could be replaced with modern instant bank transfer standards, like FedNow in the US:
These don't require external middle men (like credit card companies) and are therefore almost free. Unfortunately the US is late to the party (in India and some other countries these are already widely used for years), so many banks don't support FedNow yet.
If they were really concerned about interchange fees, they wouldn’t accept American Express cards either. The difference between the interchange fees of Visa vs Amex is much greater than tap to pay versus non tap to pay.
There is a reason that there are a lot more places that don’t accept Amex than don’t accept tap to pay. You see this a lot internationally.
Just this year alone, every mom and pop place I went to in Costa Rica, Canada, UK and France accepted Apple Pay but only merchants in the UK widely accepted Amex.
Costco used to take exclusively Amex. So it is possible.
In any case, it’s not only the transaction cost but also the availability of an alternative. Forcing a different credit card network is different friction than forcing swipe vs tap. (Or using the Walmart app.)
Do you have any evidence that Walmart negotiated a special deal with Amex to the lower their fees to match Visa and MC?
There are plenty of companies that don’t accept Amex and every Amex user knows that they need to carry a none Amex card with them. Either that or they have never left the country which is doubtful for the Amex demographic.
And I have no idea why this is even an argument on a post about companies wanting you to use their app
No, they don't. Apple isn't involved with the transaction processing at all, the phone just acts as an EMV device to transmit the payment details to the terminal.
> I’ve had shop staff tell me about some discount if you download their app, and when I decline, say something like “It’s really easy! Here, just give me your phone and I’ll do it for you.”
This behaviour is pretty prevalent worldwide, I believe. Especially the phone plan setup use case happened to me in Bangkok, too. This happens to me in India at gas stations, cafes and even local supermarkets. All want me to install their apps, and the first step is to log in with my mobile number.
With auto-detection of mobile numbers/Google Accounts on Android, it's even easier to create an account in one click.
One possible future to look forward to is one where everyone is essentially forced to become a commodity player that exposes an API for your AI Agent to order food, book a rideshare, book a ticket, check flight status or whatever. I don't think they'll go willingly but the market may force their hand.
Giving your phone number is just as bad. I was buying stuff at World Market and they had big signs touting 20% off some things... but when you got the counter they told you didn't get that unless you coughed up your real working mobile number so you could receive some BS code.
> but the new trend is surveillance pricing. A company will know that you just got paid and so charge you just a bit more for your chicken nuggets than they do when you haven’t been paid in two weeks.
First of all, no, a company has no idea when you get paid. The reality of lots of apps (like McDonald's) is discount pricing. You pay full price at the store if you're a rich person who can't be bothered with apps. Downloading an app and creating an account is the modern equivalent of cutting out coupons or buy-10-get-one-free cards -- price-conscious consumers will go to the trouble and get cheaper prices. They're just loyalty programs. Price discrimination like this is nothing new, and it lets rich people subsidize the lower costs for people with less money.
These apps run in sandboxes. There's not much to surveil. Obviously don't grant them permissions to see your contacts or track your location all the time. Will the app be able to tie all your purchases to a single identity? Of course. But the stores already do that anyways if you use the same credit card for each purchase.
I don't mind downloading apps for the 5-10 stores/restaurants I go to most. Beyond that, I obviously won't because it's too much of a hassle. But the loyalty discounts I get save me real money. I have no problem with that.
Its more than coupons. These apps track your location, usage and so on then sell this data to a 3rd party. Coupons don’t do that. Do you read full useragreement you accept when installing apps? Most people wouldn’t understand the legalese in those.
A coupon could still be an image you find online that can be scanned and that’s it. Apps are totally not necessary unless they squeeze something out of the user.
To you and me, the consumer, the value of an app is "the same" as the old loyalty cards. But the value to the company is huge! How often you open the app (how often are you thinking about their food), how often you accept an offer, what the price of the offer is, what card you used to pay, where were you when you opened the app etc etc.
Going to be fun times when in 10 years time they sell all that information to your health insurance provider for them to go "Holy hell" and jack your insurances prices up 5 times over.
That's a beautiful strawman argument; let me have a tussle with it to see if it holds on its own.
First, let's not miss the forest for the trees. We're engaging in a common "hacker" watering hole. Our opsec skills are very likely not representative of what your average person has, and the point of the article is to educate the average person.
Second, most of those apps require you give your pound of data upfront, or they won't work correctly until you grant permissions.
Next, it's not the same if the establishment I'm buying chicken nuggets from ties down my credit card to my identity or if it does the same plus a ton of extra data that I've been forced to grant.
Also, one of the main concerns from the article is surveillance pricing... So yeah, you sure "saved" a bunch ($100) over the course of 1 year at a restaurant, but overall you're worse off because some data broker managed to have all airlines raise your flight prices by $500 because they learned that you're going to have to attend your best mate's wedding.
And last, but not least, the article mentioned the binding arbitration clause that one blindly signs away when accepting the app's ToS:
> Walking into a restaurant to buy a cheeseburger, there’s no way a company can force you to enter a contractual agreement that includes binding arbitration. Downloading an app, however, requires agreeing to a “Terms of Service,” and those can absolutely include a binding arbitration clause, and that clause can be applied even to cases outside the app. This happened to Jeffrey Piccolo when his wife died of food poisoning in a Disney World. Disney made a motion to dismiss because a couple years back, Jeffrey had signed up for a free trial of Disney+, which included a binding arbitration clause, which meant that if Jeffrey wanted to complain about how Disney murdered his wife, they’d have to settle it out of court with a mediator that Disney hired. No jury, no judge, no oversight. [...]
> A company will know that you just got paid and so charge you just a bit more for your chicken nuggets than they do when you haven’t been paid in two weeks.
I know there's various data apps can collect. On iOS at least it seems like you have to grant permission for the app to access most of it. But how on Earth is this supposed to work? How does the app on my phone know if I just got paid?
Using the website doesn’t get you around these clauses either. It’s more like “don’t agree to terms you don’t read”. Chatgpt can help spot things like this without much effort now, but about every single business is going to have an arbitration clause.
indeed, been preaching this kind of thing for ages. the main apps i keep on my mobile are my web browser, my comms apps (element, telegram and signal), and some other stuff from f-droid like retro music, ffupdater, newpipe, termux and stuff like that.
any social things i add as pwa through the browser.
not interested in any of those fast food or store apps. never selling ad-space (and privacy) on my own device to save $2 on a hamburger and some fries, and even if i did want them, chances are high they wouldn't run on my device anyway (feature not bug) lol
thankfully in my area, we have some good local places where you can order food just fine over their website. and if it didn't work over the website, i can simply do it the old-fashioned way, pick up the phone and say "i'd like to place an order for XYZ.."
This is all true. But I work in a company where the folks are actually nice guys. Lately we wanted more people to use the apps so we could block bots more aggressively on web because it is getting annoyingly expensive
And surely a for-profit extrajudicial court system that holds a monopoly on extrajudicial courts is going to be a fair and impartial resolver of disputes, especially when the defendant is essentially a valued repeat customer and the plaintiff is some nobody and not a major revenue source. What could possibly go wrong?
Arbitration between businesses acting in good faith makes perfect sense. Arbitration between an individual customer of a large corporation is nothing but a violation of that individual's basic rights.
"never hand your phone over the counter" - do people actually hand over their phones to random strangers? I'd never do that unless I really know the person
For all of these same reasons, I never signed up for the "member rewards" program at the local grocery store. I did read the terms and conditions once, when I needed a good laugh.
It's definitely dystopian: "we reserve the right to be judged by the judge we have been treating to yearly all-inclusive vacations and to whom we've been paying his grandchildren's college tuitions."
Generally agree with the sentiment, I basically only have banking apps, messaging apps, and a browser on my phone.
I am skeptical, though, of the price discrimination claims. If McDonald's decides that the right price of a Big Mac for me is $1 and for you $4, that creates an arbitrage opportunity. You can pay me $3, and I pocket $2. The result is that I buy more big macs, and they bump my price up. You buy less, and they take your price down. Now it just trades at the market rate it was before, but with more steps.
Arbitrage between McDonalds burgers doesn’t really work. It’s not a meaningful open market - someone paying $1/burger can’t go in and buy 100 burgers and sell them to someone else for $3. For one reason, it’s illegal. For another, no one would buy them, they’d think it’s a scam.
At least in most areas of the US, selling food is illegal without various inspections, a clean commercial kitchen, and so on. There are usually exceptions for homemade baked goods and prepackaged goods, but nothing that would apply here.
This assumes the information is clear and consistent enough across time and distance for arbitrage to happen. Pricing in-app, per customer, changing per day would introduce too much unpredictability for most customers to attempt arbitrage. If people in a group all check their apps, and the person with the best prices orders for everyone, it could work in the context of a shared meal.
But imagine trying to sort out X number of people who each want a different basket of items from, say, the Walmart app. Each of those items fluctuating daily in price for each customer independently makes arbitrage almost prohibitively difficult to coordinate.
The best case scenario is something like Steam sales, where a wishlist function notifies you when items you've "watched" are on sale. There are third parties like, for example, Deku Deals that track this pricing data across time for console games.
But Amazon is already trying to banish external AI agents from any access to its data. And what does a price history graph even mean if prices are specific to each customer and stochastically varied each day to induce impulse purchases?
what stops anyone from creating a third party order book that allows people to submit bids and offers on price discriminated items? It can match buyers and sellers just like a stock exchange.
The vendors who want you to just buy things in their app will treat any such exchange adversarially, and will ultimately always have the upper hand.
They can respond with litigation, as Amazon already is against third-party LLM agents accessing their marketplace. They can respond by banning accounts for violating the terms of service, making examples out of those who profit the most. They can watch the external marketplaces and cancel (undelivered/unfulfilled) sales they believe are linked to arbitrage.
All they need to do is make it inconvenient enough to discourage 80-90% of customers from participating in arbitrage.
But they are doing this all for what? Won't the market average out to the same unit price at the end of the day even if they can successfully create discriminatory spreads?
Just another confirmation that the majority of the IT industry depends on spying in order to be profitable and for developers to make a good living. It’s a disgrace really.
An annoying trend I've noticed is being asked for phone number or email at checkout (IRL). I bought a blood pressure meter a few days ago, and the salesman asked "what phone number should I put on the order?" Zero. Fuck off. I guess most people just answer out of reflex, or believe it's required to complete the purchase. It's creepy and irritating.
As a teenager I worked at a discount store, and sometimes ran the service desk, which (among many other things) involved processing returns. The returns form included a spot for "phone number", to which some customers would respond, "my number is unlisted". We honored that. Today in the USA, it seems the phone number is the new Social Security Number, which everybody wants to use for tracking. Stores used to give out physical discount cards (which I wasn't keen on either...) but now (obviously because it saves them money) so many stores have switched to a system where your account is tracked through a phone number or an app or both. No thank you.
The more effective way to do this that is popping up everywhere is a loyalty program that uses your phone number as the identifier. Buy 10 coffees, get one free, but the purchases are only tracked if you input your phone number.
I often use my old landline number when stores ask me for a phone number. I gave it up about 20 years ago. I feel a little sorry for the guy who has it now (only a little sorry) because whoever it was reassigned to, probably gets many spam calls on my behalf.
I feel sorry for their database because I was a teenager with a bunch of guitar pedals and an ongoing need for 9V batteries. I made up a LOT of phone numbers.
Already pisses me off that companies make a profile of me based on credit card numbers. I’ve had this number for decades. I’m sure you could build a complete profile of me based on my cell number, and this is the only “social” site I use. I got off fb in 2008, never even joined the rest (twitter, insta, reddit, et. al.) just because my phone number has been raped out of anyone else who has my name and number in their phone.
This is dumb. Websites have many more ways to track you across websites than apps have to track you if you don’t explicitly give them unnecessary permissions.
You realize that the same OS settings also are used to enable websites to read your GPS, camera and microphone?
If you don’t trust your operating system to follow your instructions when using an app, then why do you trust the same operating system with your browser?
Do you have any evidence to support your conspiracy theory?
Native apps have privileged access to far more personal data on your device. A website has, what, cookies and fingerprinting? You can already mitigate this on Firefox but even if not, it isn't in the same league
Expected, but just leads to reinforcing the idea that PWAs won’t ever be as good when every one people try from someone with a popular app is so awful.
Recently I've set up Firefox on Android so that it always run in desktop mode. I needed to also change screen width in about:config, because otherwise everything is too small. But after this websites seem to work better.
For instance, I've installed Mastodon as a PWA and it performs great. Photoprism also works so well I haven't even bothered to look for an app.
There's zero reason the web apps should be so slow.
Uber for example doesn't seem to work from my phone browser.
What surprises me is how many engineers must be involved in this kind of scummy shit and keep it tightly under wraps.
It was a bit of a longer one, but still far below Instagram's supposed character limit. The fact that they somehow broke copy-paste functionality really baffles me.
It's such a pervasive pattern and somehow always in the direction: the app works better than the website. If there even is a website.
https://en.wikipedia.org/wiki/Poop_emoji
Remember when uber wouldn't work for regulators either?
https://en.wikipedia.org/wiki/Controversies_surrounding_Uber...
And then their app is just a webview wrapper. But that still gives them more access to your device.
Also I don't think these people know how capable PWAs are. There's very little you can't do in a web-app that you can do with a native app.
Can an app uniquely identify me if I don't give it control over my phone number / nearby devices?
Can apps geo-locate me if the location permission has not been granted? (seems like they could just make a network request to their servers and use the IP address of the request for a rough idea).
I _really_ wish using the network was a permission (even if it was an "advanced mode" thing).
[0] https://support.google.com/android/answer/15341885?hl=en
What I want to do is hide my address book and gallery from the app.
It does look like Xposed has successors, but my current approach is to just be selective about installing apps.
But to be honest, other similar dangerous permissions like "view network connections" and "receive data from internet" are also there, categories are for "camera", "microphone" etc.
I suppose that the average user is more concerned about specific features, and since basically almost all apps require internet it may be there to avoid noise. Still, an "internet" category would have been nice...
They could access your Wi-Fi network's BSSID (whose location is often public due to wardriving databases), and in public places, they had partner companies (malls, airports, etc.) whose routers would triangulate your position based on Wi-Fi signal strength and share information like "John is in the food court near McDonald's."
All of this happened without you even needing to connect to their Wi-Fi, because your phone used to broadcast its MAC address if the Wi-Fi was simply on. But now your MAC is now randomized, but it took a lot of time for Google / Apple to this.
https://netguard.me/
https://github.com/M66B/NetGuard/blob/master/ADBLOCKING.md
The API is supposed to let apps do things like "route intranet/corporate app traffic over a VPN, let other traffic go through", but you can just as easily use it to drop traffic destined for certain addresses (such as ad servers), or to drop all traffic for specific apps. It's also possible to make decisions like "let this app connect to the internet on wifi but not on data".
It should be noted that system applications (phone OS, Google, sometimes carrier apps) can bind to specific network interfaces bypassing this API entirely. This means you can't use this API to 100% block internet access to preinstalled apps, even though apps will need to explicitly implement networking code to bypass such firewalls.
It should be noted that Google doesn't really like apps abusing the VPN API like this, in past because of the massive privacy risk. Google cut a bunch of these apps from Google Play, though there's not much they can do about APKs you download from F-Droid or github.
Given it's a "VPN", would it work alongside real VPN?
Even browsers can identify* you, if they really want to.
*not as cleanly though, could be tricky for fingerprinting to track one user across different devices/browsers/netowrks.
Recent discussion on fingerprinting: https://news.ycombinator.com/item?id=46016249
https://localmess.github.io/
But the general pattern is that you install some stupid vendor crapplet, and the first thing it does, is ask for every permission on your phone. Native apps can access a lot more stuff than ones restricted to a WebView sandbox. That's why they want you to use them.
No thankee.
When you go to a website, they have always known the originating IP address.
Given the security record of app stores, probably not.
I needed a couple of grocery items and happened to be next to an Amazon Fresh. Cool, let’s try it! Went in, found everything I needed and went to self checkout. When it was time to pay, the machine wouldn’t accept Apple Pay. I ask an employee who helpfully informs me that I can pay with physical cards or my Amazon account.
I didn’t have my physical cards, nor wanted to do my Amazon account so I had to leave empty handed. Why don’t they accept Apple Pay? Because they can’t track you. If you use a physical card, they can likely link that card number to an Amazon account and thus attribute the purchase to a person. If you pay with contactless payment they get a one time token that they can’t tie to anyone.
(It appears that Amazon Fresh has not opened any locations in MA. That's fine with me.)
I once accidentally paid for AppleCare with apple pay (a mistake), so when at some point I switched phones I had to get new secondary card numbers tied to my physical cards. The old secondaries went away when I wiped my old phone, so AppleCare was no longer able to draw the monthly payment. The number in the invoice was likewise not the original physical card number, but some other number.
Whether the secondary numbers are easier or impossible to track is certainly a question, but I believe there's always a number.
https://en.wikipedia.org/wiki/FedNow
These don't require external middle men (like credit card companies) and are therefore almost free. Unfortunately the US is late to the party (in India and some other countries these are already widely used for years), so many banks don't support FedNow yet.
Apple charges for the interchange.
This is the same reason that Walmart doesn’t accept it.
Walmart doesn’t accept Apple Pay because they want you to use their app and think they are big enough not to.
You can pay with credit card swipe/insert.
You cannot pay with credit card tap-to-pay, or mobile device.
Swipe versus tap-to-pay has literally nothing to do with an app. But it's because of the extra charge.
---
It's funny that you know it's more expensive, and yet claim that is unrelated.
There is a reason that there are a lot more places that don’t accept Amex than don’t accept tap to pay. You see this a lot internationally.
Just this year alone, every mom and pop place I went to in Costa Rica, Canada, UK and France accepted Apple Pay but only merchants in the UK widely accepted Amex.
Walmart will have a negotiated deal with Amex.
Costco used to take exclusively Amex. So it is possible.
In any case, it’s not only the transaction cost but also the availability of an alternative. Forcing a different credit card network is different friction than forcing swipe vs tap. (Or using the Walmart app.)
There are plenty of companies that don’t accept Amex and every Amex user knows that they need to carry a none Amex card with them. Either that or they have never left the country which is doubtful for the Amex demographic.
And I have no idea why this is even an argument on a post about companies wanting you to use their app
https://www.cnet.com/personal-finance/credit-cards/why-wont-...
https://www.macrumors.com/2025/01/23/walmart-reiterates-why-...
https://www.al.com/shopping/walmart/apple-pay/
https://www.igeeksblog.com/does-walmart-take-apple-pay/
This behaviour is pretty prevalent worldwide, I believe. Especially the phone plan setup use case happened to me in Bangkok, too. This happens to me in India at gas stations, cafes and even local supermarkets. All want me to install their apps, and the first step is to log in with my mobile number.
With auto-detection of mobile numbers/Google Accounts on Android, it's even easier to create an account in one click.
See ya, jerks.
> but the new trend is surveillance pricing. A company will know that you just got paid and so charge you just a bit more for your chicken nuggets than they do when you haven’t been paid in two weeks.
First of all, no, a company has no idea when you get paid. The reality of lots of apps (like McDonald's) is discount pricing. You pay full price at the store if you're a rich person who can't be bothered with apps. Downloading an app and creating an account is the modern equivalent of cutting out coupons or buy-10-get-one-free cards -- price-conscious consumers will go to the trouble and get cheaper prices. They're just loyalty programs. Price discrimination like this is nothing new, and it lets rich people subsidize the lower costs for people with less money.
These apps run in sandboxes. There's not much to surveil. Obviously don't grant them permissions to see your contacts or track your location all the time. Will the app be able to tie all your purchases to a single identity? Of course. But the stores already do that anyways if you use the same credit card for each purchase.
I don't mind downloading apps for the 5-10 stores/restaurants I go to most. Beyond that, I obviously won't because it's too much of a hassle. But the loyalty discounts I get save me real money. I have no problem with that.
A coupon could still be an image you find online that can be scanned and that’s it. Apps are totally not necessary unless they squeeze something out of the user.
To you and me, the consumer, the value of an app is "the same" as the old loyalty cards. But the value to the company is huge! How often you open the app (how often are you thinking about their food), how often you accept an offer, what the price of the offer is, what card you used to pay, where were you when you opened the app etc etc.
Going to be fun times when in 10 years time they sell all that information to your health insurance provider for them to go "Holy hell" and jack your insurances prices up 5 times over.
But sure, we got 20c off a burger.
First, let's not miss the forest for the trees. We're engaging in a common "hacker" watering hole. Our opsec skills are very likely not representative of what your average person has, and the point of the article is to educate the average person.
Second, most of those apps require you give your pound of data upfront, or they won't work correctly until you grant permissions.
Next, it's not the same if the establishment I'm buying chicken nuggets from ties down my credit card to my identity or if it does the same plus a ton of extra data that I've been forced to grant.
Also, one of the main concerns from the article is surveillance pricing... So yeah, you sure "saved" a bunch ($100) over the course of 1 year at a restaurant, but overall you're worse off because some data broker managed to have all airlines raise your flight prices by $500 because they learned that you're going to have to attend your best mate's wedding.
And last, but not least, the article mentioned the binding arbitration clause that one blindly signs away when accepting the app's ToS:
> Walking into a restaurant to buy a cheeseburger, there’s no way a company can force you to enter a contractual agreement that includes binding arbitration. Downloading an app, however, requires agreeing to a “Terms of Service,” and those can absolutely include a binding arbitration clause, and that clause can be applied even to cases outside the app. This happened to Jeffrey Piccolo when his wife died of food poisoning in a Disney World. Disney made a motion to dismiss because a couple years back, Jeffrey had signed up for a free trial of Disney+, which included a binding arbitration clause, which meant that if Jeffrey wanted to complain about how Disney murdered his wife, they’d have to settle it out of court with a mediator that Disney hired. No jury, no judge, no oversight. [...]
I have no words to describe how depraved that is.
I think it's also saving me money!
I know there's various data apps can collect. On iOS at least it seems like you have to grant permission for the app to access most of it. But how on Earth is this supposed to work? How does the app on my phone know if I just got paid?
any social things i add as pwa through the browser.
not interested in any of those fast food or store apps. never selling ad-space (and privacy) on my own device to save $2 on a hamburger and some fries, and even if i did want them, chances are high they wouldn't run on my device anyway (feature not bug) lol
thankfully in my area, we have some good local places where you can order food just fine over their website. and if it didn't work over the website, i can simply do it the old-fashioned way, pick up the phone and say "i'd like to place an order for XYZ.."
You only need to make two changes to make your native app a better choice than your web portal, even for privacy:
1) Make your app open-source, and remove all the tracking.
2) Don't make a web portal. Your website should just be a website that displays information, not 5 MB of JS+WASM with a load of security issues.
McDonalds doesn't hire them either. But, they will pay a bigger share of the arbitration fees than you do.
>they’d have to settle it out of court with a mediator that Disney hired
It would be a mediator hired by JAMS, a neutral 3rd party.
Arbitration between businesses acting in good faith makes perfect sense. Arbitration between an individual customer of a large corporation is nothing but a violation of that individual's basic rights.
I am skeptical, though, of the price discrimination claims. If McDonald's decides that the right price of a Big Mac for me is $1 and for you $4, that creates an arbitrage opportunity. You can pay me $3, and I pocket $2. The result is that I buy more big macs, and they bump my price up. You buy less, and they take your price down. Now it just trades at the market rate it was before, but with more steps.
Says who?
>For another, no one would buy them, they’d think it’s a scam.
I think what's needed is a third (fourth?) party as I outlined in a sibling comment
But imagine trying to sort out X number of people who each want a different basket of items from, say, the Walmart app. Each of those items fluctuating daily in price for each customer independently makes arbitrage almost prohibitively difficult to coordinate.
The best case scenario is something like Steam sales, where a wishlist function notifies you when items you've "watched" are on sale. There are third parties like, for example, Deku Deals that track this pricing data across time for console games.
But Amazon is already trying to banish external AI agents from any access to its data. And what does a price history graph even mean if prices are specific to each customer and stochastically varied each day to induce impulse purchases?
They can respond with litigation, as Amazon already is against third-party LLM agents accessing their marketplace. They can respond by banning accounts for violating the terms of service, making examples out of those who profit the most. They can watch the external marketplaces and cancel (undelivered/unfulfilled) sales they believe are linked to arbitrage.
All they need to do is make it inconvenient enough to discourage 80-90% of customers from participating in arbitrage.
https://en.wikipedia.org/wiki/555_(telephone_number)
I feel sorry for their database because I was a teenager with a bunch of guitar pedals and an ongoing need for 9V batteries. I made up a LOT of phone numbers.
“Nope.”
Already pisses me off that companies make a profile of me based on credit card numbers. I’ve had this number for decades. I’m sure you could build a complete profile of me based on my cell number, and this is the only “social” site I use. I got off fb in 2008, never even joined the rest (twitter, insta, reddit, et. al.) just because my phone number has been raped out of anyone else who has my name and number in their phone.
If you don’t trust your operating system to follow your instructions when using an app, then why do you trust the same operating system with your browser?
Do you have any evidence to support your conspiracy theory?
These are from the Firefox website
Of course it also knows your device, operating system version, screen resolution, phone orientation, etc.
Not to mention that websites can track you across other websites.
What information do you think apps have without your permissions that websites don’t?
https://developer.mozilla.org/en-US/docs/Web/API/Geolocation...
https://developer.mozilla.org/en-US/docs/Web/API/Acceleromet...
https://developer.mozilla.org/en-US/docs/Web/API/Navigator/g...
https://www.w3schools.com/tags/av_prop_volume.asp