Highlights

• EU Digital Markets Act prompts Apple to introduce third-party app stores in 2024.
• Apple’s rigorous App Store review process blocks 1.7 million apps in 2022 for security concerns.
• Over 600 new APIs developed by Apple to ensure secure third-party app installations.
• Apple emphasizes user control but cannot guarantee content appropriateness in alternative storefronts.

Apple Fellow Phil Schiller has raised concerns over the security and privacy implications for iPhone users in the EU, as Apple prepares to comply with the EU Digital Markets Act by introducing third-party app marketplaces.

Starting in March 2024 with the iOS 17.4 update, this legislative requirement will allow sideloading and alternative digital storefronts alongside the existing App Store in EU member states.

While this opens up new avenues for developers, it also presents significant risks to end users.

Potential Risk to Apple Users

The “walled garden” approach of Apple has traditionally safeguarded users against malicious software, with the App Store’s rigorous review process rejecting nearly 1.7 million app submissions in 2022 alone, due to privacy, security, and content standard failures.

The introduction of third-party storefronts, however, introduces a potential pathway for harmful apps to be installed on iPhones, circumventing the stringent security measures Apple has in place.

In response to these regulatory changes, Apple has been proactive in implementing security mechanisms to mitigate risks, including the notarization of all apps, which ensures they are secure and non-malicious before installation, regardless of the originating app store.

Phil Schiller Not Sure of Third Party Apps

Schiller highlighted Apple’s efforts in engineering over 600 new APIs to support developers in creating secure marketplaces and installing apps, emphasizing user control throughout the process.

Additionally, an information sheet will be provided to users prior to app installation, offering basic details about the app and enhancing marketplace selection control.

Despite these measures, Schiller acknowledges that Apple’s ability to protect users is not absolute, especially concerning the content of apps from alternative storefronts.
Notarization focuses on security rather than content, leaving the door open for apps that Apple would typically restrict due to objectionable content.
The onus will be on these third-party marketplaces to establish their own rules and limitations, which may not necessarily align with Apple’s established standards aimed at protecting users and families from inappropriate content.

In an interview with Fast Company’s Michael Grothaus published today, Apple’s former marketing chief and current App Store head Phil Schiller said there are privacy and security risks associated with these alternative app marketplaces:

“These new regulations, while they bring new options for developers, also bring new risks.

There’s no getting around that. So we’re doing everything we can to minimize those risks for everyone,” Schiller told me in a recent discussion about the privacy and security impact of the European Commission’s Digital Markets Act.

Another risk is that the App Store’s strict rules surrounding objectionable content might not extend to alternative app marketplaces, according to Schiller:

“We have dealt with a lot of input from families, from governments, on things that we need to do to try to either not allow certain kinds of objectionable content on our App Store, or give users control over that experience to decide what’s best for themselves—and we have rules around that,” Schiller says. “Those rules will not apply in another marketplace unless they choose to make rules of their own, [with] whatever criteria they come up with. Does that increase the risk of users, and families, running into objectionable content or other experiences? Yes, it does.”

Schiller’s comments reiterate many of the risks that Apple outlined on its website:

If not properly managed, alternative distribution poses increased privacy, safety, and security risks for users and developers.

This includes risks from installing software from unknown developers that are not subject to the Apple Developer Program requirements, installing software that compromises system integrity with malware or other malicious code, the distribution of pirated software, exposure to illicit, objectionable, and harmful content due to lower content and moderation standards, and increased risks of scams, fraud, and abuse.

Apple has less ability to address these risks, and to support and refund customers regarding these issues. Even with safeguards, many of these risks remain.

FAQs

What changes are coming to the iPhone app ecosystem in the EU?

Due to the EU Digital Markets Act, Apple will allow sideloading and third-party digital storefronts alongside the existing App Store in EU member states, starting with the iOS 17.4 update in March 2024.

How has Apple traditionally protected its users against malicious apps?

Apple’s “walled garden” approach, including a rigorous review process, has protected users by rejecting nearly 1.7 million app submissions in 2022 for failing to meet privacy, security, and content standards.

What is app notarization, and how does it help with third-party app installations?

App notarization is a security measure implemented by Apple to ensure all apps, regardless of their source, are secure and non-malicious before being installed on an iPhone, as part of Apple’s effort to mitigate risks from third-party app marketplaces.

Can Apple control the content of apps from alternative storefronts?

While Apple can secure apps through notarization, it does not control the content of apps from third-party storefronts. This means apps that Apple would typically restrict could be available through alternative marketplaces.

What changes is Apple making in response to the EU’s DMA legislation?

Apple is complying with the European Union’s Digital Markets Act by allowing third-party app downloads and offering developer consultations to navigate these changes effectively, ensuring a smooth transition for app distribution and payments in the EU.

How can developers learn about the new guidelines affecting the App Store in the EU?

Developers can request 30-minute online or in-person consultations with Apple’s team to discuss changes impacting iOS, Safari, and the App Store in the EU, including alternative distribution and payment methods.

What was Apple’s revenue in Fiscal Q1 2024, and how did it compare to expectations?

Apple reported a revenue of $119.58 billion in Fiscal Q1 2024, surpassing analyst expectations and indicating strong sales across iPhone, Services, and other product lines, despite slight shortfalls in Mac and iPad revenues.

How significant is the EU market to Apple’s App Store business?

The EU accounts for approximately 7% of Apple’s global App Store revenue. Despite the small percentage, the recent regulatory changes pose new challenges and opportunities for Apple in the European market.

Will Apple’s compliance with the DMA affect its financial performance?

While Apple CEO Tim Cook acknowledges the challenges posed by the DMA compliance, the company remains focused on preserving its ecosystem’s privacy, security, and usability. The full impact on financial performance remains to be seen in future quarters.

What is Apple’s new policy regarding third-party app stores?

Apple announced plans to allow third-party app stores in Europe, including a “Core Technology Fee” for apps sold outside its App Store and a €1,000,000 letter of credit requirement for opening an app store.

Why is Apple’s new policy being criticized?

Critics, including Spotify’s CEO, argue that Apple’s new policy imposes high financial burdens on developers, especially smaller ones, potentially stifling innovation and diversity in the app market.

What did Spotify’s CEO say about Apple’s new app store policy?

Spotify CEO Daniel Ek criticized Apple’s policy in a blog post, calling it “extortion” due to the combination of the per-install fee and restrictions on in-app payments.

How does Apple’s policy affect smaller app developers?

The requirement of a €1M letter of credit and per-install fees pose significant financial challenges for smaller developers, potentially excluding them from establishing their own app stores.

Are there potential legal implications for Apple’s policy?

Apple’s approach to DMA compliance is expected to lead to legal challenges, with accusations that the company is making it difficult and costly to leave its App Store.

Also Read: EU’s DMA Pushing Apple to Enable App Sideloading on iPhones

Also Read: Apple Announces iOS, Safari, and App Store Changes in EU to Comply with DMA

Also Read: Apple Faces Criticism Over New Third-Party App Store Policy in Europe

Also Read: Apple Adapts to EU Digital Markets Act with Developer Consultations and Q1 Earnings Success