The separate-binary requirement makes it completely DOA, so they're still breaking the law. Deliberately. It bans actions that make it unlikely for browsers to adopt alternative engines. And they mandate no sharing of login-state with any other app from the same developer, despite violating that themselves (Safari sync is turned on by default, no encryption by default). Funny. And they mandate blocking third-party cookies, great but completely inappropriate for an OS to impose. The most hilarious:

> Prioritize resolving reported vulnerabilities with expedience [...] Most vulnerabilities should be resolved in 30 days, but some may be more complex and may take longer.

Apple does not comply with this.