Apple is making big changes to the App Store in Europe due to new EU rules. Could this mean iPhones will be more vulnerable to hacking?
ADApple is opening small cracks in the iPhone’s digital fortress as part of regulatory measures in Europe that seek to give consumers more choice – at the risk of creating new avenues for hackers to steal personal and financial information stored on the devices.
The overhaul launched last Thursday in the European Union represents the biggest changes to the iPhone App Store since Apple introduced the concept in 2008.
Among other things, people in Europe can download iPhone apps from stores not operated by Apple and get alternative payment methods for in-app transactions.
European regulators hope the changes mandated by the Digital Markets Act, or DMA, will loosen the grip Big Tech’s “digital gatekeepers” have gained over the products and services consumers and businesses use as they become increasingly dominant forces in everyday life.
The measures came into effect just days after EU regulators fined Apple nearly 1.8 billion euros for preventing competition in the music streaming market.
Apple has sharply criticized the new regulations for unnecessary security risks for iPhone users in Europe, exposing them to more scams and other malicious attacks launched from apps downloaded from outside its ecosystem and increasing the spectrum of unsavory services that sell pornography, illegal drugs and other content that the company has long banned in its App Store.
Despite efforts to maintain security measures while complying with the new rules in the 27-nation bloc, Apple warns that “the changes required by the DMA will inevitably cause a gap between the protections that Apple users outside the EU can rely on and the protections available to users in the EU which progresses”.
Apple’s warnings should be taken with a grain of salt, experts say.
Mobile device management is “completely different” from third-party app stores, and Apple is “deliberately confusing it here to muddy the waters,” said Michael Veale, an associate professor at University College London who specializes in digital rights and regulation.
“Apple’s App Store is not a proxy for corporate data security — apps inside it regularly send data to insecure cloud servers, hidden third-party trackers and more,” he said.
Apple compliance is a ‘mockery’
Some smaller tech companies like music streaming service Spotify and video game maker Epic Games are also attacking the ways in which Apple respects DMA as little more than a facade that “mocks” the intent of the regulations.
“Instead of creating healthy competition and new choices, Apple’s new terms will raise new barriers and strengthen Apple’s hold over the iPhone ecosystem,” Spotify, Epic and more than two dozen other companies and alliances wrote in a March 1 letter to the European Commission, the executive arm of the EU which supervises the DMA.
Epic, which makes the popular game Fortnite, also claims that Apple is already brazenly violating the DMA by rejecting an alternative iPhone app store that it planned to launch in Sweden. Epic argued that Apple thwarted its bid to compete in retaliation for harsh criticism issued by CEO Tim Sweeney, who led the largely unsuccessful antitrust case against the iPhone App Store in the US.
In response, EU regulators said Thursday they want to investigate Apple over allegations it blocked Epic’s app store. Apple was defiant, saying it “decided to exercise that right” to launch an app store based on Epic’s past behavior.
Europe’s changing digital landscape is forcing changes at other tech powerhouses such as Google and Facebook, but the new regulations strike at the heart of Apple’s philosophy of maintaining an iron grip on every aspect of its products.
This “walled garden” approach pioneered by the late co-founder Steve Jobs starts with meticulous hardware design and then extends to all the software that powers the devices as well as oversees the commerce that takes place on them.
That approach has built an empire with nearly $400 billion (€365 billion) in annual revenue — a success Apple attributes to the trust it has built over decades of vigilant stewardship of the iPhone and other popular products such as the iPad, Mac and Apple Watch.
Even Epic’s Sweeney admitted that one of the reasons he uses the iPhone is because of the strong security measures Apple has put in place to prevent hackers and protect the privacy of its users. This happened during testimony at a trial in May 2021 that resulted in a US judge ruling that the App Store is not a monopoly.
ADIn that ruling, the judge required Apple to begin allowing links to external payment options within iPhone apps in the US. That’s a request the company began allowing earlier this year after the U.S. Supreme Court declined to hear an appeal on the issue.
No changes for Apple outside the EU
Apple – which is making changes in Europe through iPhone software updates – still doesn’t allow alternative iPhone app stores in the US or more than 100 other countries outside the EU.
European regulators seem confident that the benefits to consumers from greater competition will outweigh any increased security risks.
One potential upside is lower prices for in-app digital transactions if competing stores charge lower commissions than the 15 to 30 percent fees Apple has imposed for years.
But critics have raised doubts that will happen because Apple still plans to charge fees after app downloads reach relatively low thresholds and has put up other hurdles that will make it daunting for alternatives to make significant inroads in Europe.
ADApple insists that the security issues created by DMA are of such concern that it has heard from government agencies — particularly those in defense, banking and emergency services — that want to ensure they can block employees with iPhones from accessing apps distributed outside Apple’s walled garden. .
“All of these agencies recognized that sideloading — downloading apps outside of the App Store — could compromise security and put government data and devices at risk,” Apple said.
Veale, the digital expert, shot back.
“Any company or government that believes ‘apps from the App Store are secure’ may need to refresh their security and data protection teams or policies,” he said.