Getty Images
Apple has changed its stance on allowing web apps on iPhones and iPads in Europe and will continue to allow users to place them on their home screens after iOS 17.4 arrives. They will, however, have to be “built directly on WebKit and its security architecture,” rather than running in alternative browsers, which is how it worked until the new law forced the issue.
After the European Union’s Digital Markets Act (DMA) required Apple to open up its mobile devices to alternative browsers, the company said it would completely remove the ability to install web apps on the home screen. In a question-and-answer section for developers, titled “Why don’t EU users have access to web apps on the Home screen?”, Apple said the “security and privacy issues” of foreign web apps are “complex and would require solving them.” given other DMA requirements and very low user acceptance of web apps on the home screen,” led the company to “remove the web apps feature on the home screen in the EU.” Any web application installed on the user’s home screen would simply return them to their preferred web browser.
Apple further warned of “malicious web apps,” which, without the isolation built into its WebKit system, could read data, steal permissions from other web apps, and install further web apps without permission, among other things.
That response prompted an inquiry from European Commission officials, who asked Apple and app developers about the impact of potentially removing web apps from the Start screen. It also prompted a survey by the Open Web Advocacy group. Apple has until March 6 to comply with the DMA. Apple’s move to block web apps strongly suggested that allowing web apps powered by Safari, but not other browsers, could violate DMA rules. Now some aspects of that cautious approach have changed.
Under an updated version of that section heading, Apple reiterates its security and privacy concerns and the need to “build a new integration architecture that doesn’t currently exist in iOS.” But because of the requirement to continue offering web apps, “we will continue to offer existing home screen capabilities in the EU,” Apple writes.
A long, strange road to where web apps are now
Apple has long offered web apps (or progressive web apps) that open as a separate app rather than in a browser tab. Web apps installed this way offer greater persistence and access to device features, such as notifications, cameras or file storage. Apple co-founder and then-CEO Steve Jobs initially praised web apps as “everything you need” to write “amazing apps” rather than dedicated apps with their own SDK. Four months later, the iPhone SDK was announced, and Apple announced its enthusiastic desire for “native third-party apps on the iPhone.”
Although Apple does not disclose App Store revenue in its earnings statements, its services division posted an all-time record of $22.3 billion in the fourth quarter of 2023, including “all-time revenue records” in the App Store and other offerings.
As part of its DMA compliance as a “gatekeeper” for certain systems, Apple must also allow sideloading for EU users, or allow the installation of iOS apps from stores other than its own official App Store. This week, more than two dozen companies signed a letter to the Commission complaining about Apple’s implementation of the App Store rules. Developers who want to use alternative app stores will have to agree to terms that include a “Core Technology Fee”, requiring a fee of €0.50 per app, every year, after 1 million downloads. “Few app developers will agree to these unfair terms,” the letter claims, and thereby deepen “Apple’s exploitation of its dominance over app developers.”
In a statement provided to Ars, Apple said its “approach to the Digital Markets Act was driven by two simple goals: to comply with the law and to reduce the inevitable, increased risks that DMA creates for our EU customers.” It noted that Apple employees “spent months talking to the European Commission” and “created more than 600 new APIs and a wide range of development tools in just over a year.” However, Apple said that the changes and safeguards it has put in place cannot fully “eliminate new threats created by DMA”, and the changes “will result in a less secure system”.
That’s why, Apple said, it restricts third-party browsers, app stores and other DMA changes to the European Union. “[W]We are concerned about their impact on the privacy and security of our users’ experience—which remains our North Star.”