I am not sure this is as much of a tension as you make it sound: where is the obligation that a marketplace administrator will be blamed for any and all breaches of data privacy trust from a participating (likely malicious) third party?

According to GDPR, the app developer is the "data controller" and thus ultimately responsible. Only in the case where Apple knowingly participated in unlawful behavior is it likely to be held accountable, and even then, in addition to the app developer. Obviously, if we are not talking about leaks from the actual App Store system (eg. Apple account logins and user data).

So while it sounds plausible, the legal framework is exactly not what you describe here — Apple can claim to want better protection for customers by not allowing third party apps, but EU rejects that (it can similarly extend to app store itself) and pushes for competitive landscape with DMA instead.

▲

macintux an hour ago | parent | next [-]

Apple certainly is held responsible for such breaches by the public. And, believe it or not, I think they feel responsible for protecting their users.

▲

MBCook an hour ago | parent | prev [-]

But this isn’t a normal app. Apple is the one handing over all the data to the AI service.

Couldn’t someone argue that they “knowingly participated“? Do you think they want that risk?

	▲	microtonal 31 minutes ago \| parent [-]
		Like they now hand over all your contacts, your location, calendar entries, microphone access, camera access. If you choose to do so. Nothing holds them from having designed this as an API that others can use where the user has permission toggles of what data they want to share with the LLM provider.