From this article, it does sound like it’s a newer development:
> Goals for Hacking for Defense
> A decade ago, our goal for the class was to teach students Lean Innovation methods while they engaged in national public service. We wanted to familiarize students with the military as a profession and help them better understand its expertise, and its role in society. We also hoped the class would show our sponsors a methodology that builds problem understanding before writing requirements.
> The class still does all this, but now that the DoW is buying from startups and defense venture capital is abundant, the class has turned into a national security incubator. Most of our teams form defense companies.
I think the server-side stuff will be a mix of users & developers paying. I have seen this info in several places:
> PCC delivers a powerful server model without compromising privacy: data is never stored, used only for the request, and independently verified. It's integrated with the OS and iCloud, so there's no authentication or API keys, no token cost to developers, a daily per-user limit (higher with iCloud+), and eligibility for apps under 2M downloads.
I’ve got a 2023 Mac Studio M2, and was dismayed by the M3 & later. So I’ve been trying to track down more details. That specific device list is only for:
> Apple’s most powerful on-device model and the features it enables, like expressive voices and more advanced dictation, […]
On other devices, I think there’s still on device support (just not with the “most powerful model”), for these devices:
> Apple Intelligence and Siri AI in iOS 27, iPadOS 27, macOS 27, watchOS 27, and visionOS 27 are available on iPhone 16 models or later, iPhone 15 Pro, iPhone 15 Pro Max, iPad mini (A17 Pro), MacBook Neo (A18 Pro), iPad models with M1 or later, Mac with M1 or later, Apple Vision Pro, Apple Watch Series 9 or later, Apple Watch Ultra 2 or later, and Apple Watch SE 3 when paired with an Apple Intelligence-enabled iPhone nearby.
They’re actively asking developers to index all the content in their apps, to provide Personal Context that Siri can use for user requests. And to create/index the actions available in the app.
So, where developers comply, all of that content is now accessible to those alternative implementations.
It’s not full read/write of the phone, and it’d exclude obvious secrets like passwords, but it is quite far reaching access.
I don’t know what sort of restrictions they can put on the alternative implementations. Can I vibe code one and have it live in a week? or is there a minimum bar?
We may have a different view of what 'giving access' means in this context.
The way I see it: If a user willingly (1) installs another AI app like deepseek and (2) willingly gives it access to 'full phone and app data' with a warning screen or setting of whatever that seems... like a good thing?
I may not agree with those users that it's worthwhile providing their full private data to [some AI startup X] or [Some Chinese or US AI company that will hover up as much for their own use] but if the EU forces Apple to provide this as an option, that sounds good to me.
The whole point of the regulation is that the data on the device is _the user's_ data and if Apple can have its AI services work with the user's data, competitors should be able to do the same.
From my (admittedly European) perspective it looks like Apple is just throwing a tantrum here.
I don’t have the EU perspective, which might be changed by things like GDPR, but I prefer Apple’s stance that “no one should have this data, not even us”.
One reason is that the data on a user’s phone isn’t solely owned by them. Some of it is shared with other people, or “belongs” to someone else: chat, email, shared documents, photos of people, contact information, etc.
In a corporate environment, this is more explicit: you have access to company information, so the IT department controls what apps you can install / run, because individual EEs won’t always make the best choices.
Second, I think app developers are more likely to share more data, if they know that the shared data doesn’t leave the user’s control. And that (presumably) makes the feature work better. If I’m developing an app, I’ll think twice about indexing any sensitive data, if I don’t know where it was going to end up.
Maybe you missed the 'or sent to private cloud' part of the announcement, it's not just local-llm only.
Don't get me wrong, just like you I personally would also prefer LLM-integrations with a privacy-focused provider and I think Apple is a good party to get that from (assuming they're using good models and keep their privacy guarantees here...)
But in the end you're still often 'sending data to an LLM provider', and the EU enforcing them to also let that be competing LLM providers still doesn't sound like a bad thing to me.
If Mistral would give the same privacy guarantees: great! If a company wants to use their enterprise OpenAI subscription: great! Etc. etc.
Let's allow for some competition here and not force a specific LLM-provider onto users just because they like the Apple hardware and software ecosystem.
> Maybe you missed the 'or sent to private cloud' part of the announcement, it's not just local-llm only.
I saw that. Maybe you’re unfamiliar with Apple’s Private Compute Cloud? It’s intended to allow cloud computation on data without making the data available to anyone, which I think backs up my interpretation that apple’s stance is “no one should have this data, not even us”
We designed Private Cloud Compute with core requirements that go beyond traditional models of cloud AI security:
* Stateless computation on personal user data: PCC must use the personal user data that it receives exclusively for the purpose of fulfilling the user’s request. User data must not be accessible after the response is returned to the user.
* Enforceable guarantees: It must be possible to constrain and analyze all the components that critically contribute to the guarantees of the overall PCC system.
* No privileged runtime access: PCC must not contain privileged interfaces that might enable Apple site reliability staff to bypass PCC privacy guarantees.
* Non-targetability: An attacker should not be able to attempt to compromise personal data that belongs to specific, targeted PCC users without attempting a broad compromise of the entire PCC system.
* Verifiable transparency: Security researchers need to be able to verify, with a high degree of confidence, that our privacy and security guarantees for PCC match our public promises.
- - - -
Second, according to their press release ([1] and a sibling comment elsewhere in this chain), they’ve been trying to find a way to allow interoperability without giving full access to everything. Unsuccessfully, so far. So it’ll be interesting to see where it goes, but I’m sympathetic to their current stance.
Could the restriction not be the device owner choosing to use it? If some rando vibe coded an app and the os told me all the things it can access, I'd probably want to trust the developer before installing it. Why do I need to beg Apple's permission to use software better than their first party offering?
Because you made the choice to trust Apple when you bought an iPhone. And while you may make a deep study of who is providing your alternative AI app (is that even possible with openAI or Copilot or Gemini?), the average use will pick something shiny and lose their savings when it transfers their bank balance outside the country.
> the average use will pick something shiny and lose their savings when it transfers their bank balance outside the country.
Couldn't you make a more believable straw man, please? The "Nigerian prince wants to send you billions" is really tired. Try something more emotional! Hackers will steal your kid's photos and post them on pedophile forums or something. This will resonate better with uninitiated and allow to easier lobby monopolistic practices. Good luck!
Just because I bought an Apple product doesn't mean I made the choice to trust them globally across everything I do on my device, when did this become a binary that the hardware vendor must also be the only trusted software and service vendor? I like my MacBook because I trusted Apple to build great hardware, a pretty okay os, and services I don't give a shit about. I won't buy an iPhone because Apple has removed the ability to distinguish between those things on that platform.
Surely there's something better we can do than say "the average user is a dumbfuck better consolidate all control with Apple".
Sounds like Apple offered to implement that, but it didn’t fit the EU’s requirements.
I suspect if you paid apple enough money, and were willing to prove that your personal Private Cloud Compute did meet their requirements, it wouldn’t be impossible.
I think there’s a case that Apple’s commitment to privacy here will increase participation by 3rd party developers.
For example, if I’m maintaining a secure chat app, I think I’d be more likely to adopt the APIs to share the chat messages with the system AI due to Apple’s promises that the data will either be processed On Device, or in their Private Compute Cloud.
If I instead believe that sharing the chat messages with the system AI would cause those messages to be sent to unknown-to-me other entities, I think I’d be less likely to participate in the new API.
This user might be okay with their data going to this other provider, but what about the people they’re messaging? I have a responsibility and a commitment to _all_ of my users to protect their data.
I might not be able to control what any specific user does with the data, but proactively writing the code that sends the chat messages to this other system is something that I have control over.
> This user might be okay with their data going to this other provider, but what about the people they’re messaging? I have a responsibility and a commitment to _all_ of my users to protect their data.
That's nice of you but your users are going to just copy-paste data to and from ChatGPT anyway.
I think the difference is in the scale. I think Apple’s asking you to index / share all of the data from your app. Virtually no user is going to copy & paste every single message into ChatGPT.
And so I think there’s a meaningful difference between the app donating all the data automatically, vs making the data available to the user who is free to share what they want.
That’s not your data, why do you think you have the right to prevent the user from doing what they want? Other users shared that chat data with each other, you have no right to that data, so as an app developer I’d say you should not care about the API.
Clicking through to the query for the first chart, I see the peak of ~300k in May of 2020, and it was ~3k in April of 2026 (the last complete month). I’m flabbergasted.
I don’t know how I feel about it. I’ve been on one side, looking at usage numbers of older iOS versions, and arguing that low single digit percentages were fine to stop supporting with the new version.
On the other hand, I view my kindle as an appliance, and I don’t need it to have updated functionality. I think this is true of many electronics: digital cameras, printers, misc USB peripherals, etc. I believe Amazon could easily support the APIs it uses, and keep delivering me books that I’ve paid for or borrowed.
Financially, I suspect the kindle devices have a much longer lifetime than iPhones do, and Amazon is still making $$ off of old kindles.
If there were TLS concerns, a partial disablement (ex: can’t buy books from the device) would be way more acceptable than a complete cutoff. I’ve seen suggestions that it’s a DRM issue, and if that’s the primary motivation, it’s pretty disappointing.
I'm supporting a 30 year old product, the oldest one in the field are 20+ years old, we still support them.
I'm just in the process of developing a lifecycle policy, being able to cut off support for a 12 year systems would make my life much more full of joy.
(This may be a very ungenerous reading of your comment, so my apologies if this is not what you mean.)
The phrase that jumps out at me is:
> being able to cut off support for a 12 year systems would make my life much more full of joy
I think this is a nearly-poetical capturing of the core problem.
The focus is on the joy and well-being of the maintainer, not the impact to all the people who will be impacted by this change. Possibly some people rely on these devices and it adversely impact their joy and livelihood when support is ended.
> Possibly some people rely on these devices and it adversely impact their joy and livelihood when support is ended.
This happens over and over again in tech.
its true and i agree with you as a user
on the other hand, some software gets harder and costlier to support the longer its out there (think spec changes, security issues, updates in law etc), and even paying a normal subscription for it can cause roi to go negative, especially when factoring in opportunity cost for a business (help the old users or spend that time/money making a new feature for the majority)
my thought on it is if its a subscription, maybe for some software, the longer someone uses the old version the subscription cost could go up slowly, or if its a one-time purchase, after x years they could just buy a support ticket or something...? for ad-supported software i have no ideas...
We only had to, because some buerocrats certified IE6 for some processes and did not bother to update with the real world that moved beyond that piece of garbage. So ... thanks for bringing back bad memories.
You try building software with a version of Delphi that wont run on something newer than windows 7 and tell me how well that works out for you.
Some of those customers cannot be upgraded without hardware replacement, we can sell them a brand new system that will do everything (and more) their old one will, but they dont want to spend the money, and we are happy to take the money for support (the old CAPEX vs OPEX argument).
Some of this is sorta easy, its COTS hardware, but we also have much older systems that due to component obsolescence I simply cannot build replacements anymore. 10+ years of support ought to be enough for 90% of the products out there, at some point the answer really is “upgrade your hardware” - we didn’t sign up to indefinitely support not just hardware (much of which we cannot build spares for) much less the software ecosystem around the hardware.
Long term I plan on increasing support renewal costs for systems that are older than 10 years old to encourage hardware refreshes.
Like I still have to have XP VM’s to build firmware for older products, when is it reasonable to cut off service and support?
Supporting is a word that means many different things.
It’s ok to stop providing updates to old software and hardware.
It’s OK to not support ancient devices when writing news software.
It’s not ok to make old devices inoperable if they are using the old software and don’t need updates.
Will my old Kindle stop being able to show me the books I bought and downloaded to it? Or will it become impossible to buy new books? If it’s the earlier, it’s borderline criminal. If it’s the latter, I’m unhappy but understand realities.
This isn't about hardware "lasting", it's about basic software functionality on older hardware intentionally being disabled. Somewhat similar to Apple's Batterygate.
This is nothing at all like Apple. This is like having to continue to support BMP files in the browser for the next 20 years while fixing any potential exploits that are discovered and deciding there aren’t enough users to justify that expense and risk.
Nobody is insisting that the physical kindles last forever, not that the software that they run be upgraded to support all the new bells & whistles of newer devices.
The point is that e-books are basically a data format plus a reader, and if the data format hasn't changed (it hasn't) and a reader is still working, what is gained by preventing that reader from being given new data to present?
amzn doesn't have to "provide support" for old kindles, but they also don't need to prevent them from downloading ebooks.
This isn’t sabotage, this is deprecation. Keeping old systems working that communicate with servers is a constant expense and a security vulnerability. No one can afford it.
I have a customer that had to be talked into ending support for a product they built in the 80s and provided unlimited, material cost only, repair plan for.
They replaced the product, but they kept buying the parts and updating the software for the old one. And customers were absolutely still sending back their broken ones getting at cost replacements.
It was like looking at a well engineered, thoughtfully maintained hole in the bottom of a cruise liner.
There are companies that will make deals with tens of thousands of book publishers and provide storage and access for millions of books, magazines and comics? I suppose they will do it for free?
For (others) reference the oldest bits of code in our software are from the mid-late 90’s and the oldest systems still paying for support rely on parts to build that is not available at any price, its all just made of unobtainium, whereas I can sell them a brand news that does everything they have today and more.
I'm not sure if they ever changed away from it, but early generation kindles were running an old version of embedded java (4 I think? Pre-generics), that was already quite painful to deal with, with the team having to maintain their own forks, build tools etc. because nothing supported it. Reportedly there wasn't a way to actually upgrade the version either. While I wish they'd support them longer, I'm not surprised that they've finally decided it's not worth it.
> Goals for Hacking for Defense
> A decade ago, our goal for the class was to teach students Lean Innovation methods while they engaged in national public service. We wanted to familiarize students with the military as a profession and help them better understand its expertise, and its role in society. We also hoped the class would show our sponsors a methodology that builds problem understanding before writing requirements.
> The class still does all this, but now that the DoW is buying from startups and defense venture capital is abundant, the class has turned into a national security incubator. Most of our teams form defense companies.
reply