Apple is opening small cracks in the iPhone’s digital fortress as part of regulatory measures in Europe that seek to give consumers more choice – at the risk of creating new avenues for hackers to steal personal and financial information stored on the devices.
The overhaul, which launches only in the European Union on Thursday, represents the biggest changes to the iPhone App Store since Apple introduced the concept in 2008. Among other things, people in Europe can download iPhone apps from stores not operated by Apple and get alternative ways to pay for in-app transactions .
European regulators hope the changes mandated by the Digital Markets Act, or DMA, will loosen the control Big Tech’s “digital gatekeepers” have gained over the products and services consumers and businesses use as they become increasingly dominant forces in everyday life.
The measures came into effect just days after EU regulators fined Apple nearly $2 billion (€1.8 billion) for preventing competition in the music streaming market.
Apple has sharply criticized the new regulations for unnecessary security risks for iPhone users in Europe, exposing them to more fraud and other malicious attacks launched from apps downloaded from outside its ecosystem and widening the spectrum of unsavory services that sell pornography, illegal drugs and other content that the company has long banned in its App Store.
Despite its efforts to maintain security measures while complying with the new rules in the 27-nation bloc, Apple warns that “the changes required by the DMA will inevitably cause a gap between the protections that Apple users outside the EU can rely on and the protections available to users in the EU which is progressing.”
Apple’s warnings should be taken with a grain of salt, experts say.
Mobile device management is “completely different” from third-party app stores, and Apple is “deliberately confusing it here to muddy the waters,” said Michael Veale, an associate professor at the University of London who specializes in digital rights and regulation.
“Apple’s App Store is not a proxy for corporate data security — apps inside it regularly send data to insecure cloud servers, hidden third-party trackers and more,” he said.
Some smaller tech companies like music streaming service Spotify and video game maker Epic Games are also attacking the ways in which Apple respects DMA as little more than a facade that “mocks” the intent of the regulations.
“Instead of creating healthy competition and new choices, Apple’s new terms will set up new barriers and strengthen Apple’s hold over the iPhone ecosystem,” Spotify, Epic and more than two dozen other companies and alliances wrote in a March 1 letter to the European Commission, the executive arm of the EU which supervises the DMA.
Epic, which makes the popular game Fortnite, also claims that Apple is already brazenly violating the DMA by rejecting an alternative iPhone app store that it planned to launch in Sweden. Epic claimed Apple thwarted its bid to compete in retaliation for harsh criticism issued by CEO Tim Sweeney, who led the largely unsuccessful antitrust case against the iPhone App Store in the US
In response, EU regulators said Thursday they want to investigate Apple over allegations it blocked Epic’s app store. Apple was defiant, saying it “decided to exercise that right” to launch an app store based on Epic’s past behavior.
Europe’s changing digital landscape is forcing changes at other tech powerhouses such as Google and Facebook, but the new regulations strike at the core of Apple’s philosophy of maintaining an iron grip on every aspect of its products.
This “walled garden” approach pioneered by the late co-founder Steve Jobs starts with meticulous hardware design and then extends to all the software that powers the devices as well as oversees the commerce that takes place on them.
That approach has built an empire with nearly $400 billion in annual revenue — a success Apple attributes to the trust it has built over decades of stewardship of the iPhone and other popular products like the iPad, Mac and Apple Watch.
Even Epic’s Sweeney admitted that one of the reasons he uses the iPhone is because of the strong security measures Apple has put in place to prevent hackers and protect the privacy of its users. This happened during testimony at a trial in May 2021 that resulted in a US judge ruling that the App Store is not a monopoly.
In that ruling, the judge required Apple to begin allowing links to external payment options within iPhone apps in the US. That’s a request the company began allowing earlier this year after the U.S. Supreme Court declined to hear an appeal on the issue.
Apple — which is making changes in Europe via iPhone software updates — still doesn’t allow alternative iPhone app stores in the US or more than 100 other countries outside the EU.
European regulators seem confident that the benefits to consumers from greater competition will outweigh any increased security risks.
One potential upside is lower prices for in-app digital transactions if competing stores charge lower commissions than the 15% to 30% fees Apple has imposed for years.
But critics have raised doubts that will happen because Apple still plans to charge fees after app downloads reach relatively low thresholds and has put up other hurdles that will make it daunting for alternatives to make significant inroads in Europe.
Apple insists that the security problems created by DMA are of such concern that it has heard from government agencies — particularly those in defense, banking and emergency services — that want to ensure they can block employees with iPhones from accessing apps distributed outside of Apple . fenced garden.
“All of these agencies recognized that sideloading — downloading apps outside of the App Store — can compromise security and put government data and devices at risk,” Apple said.
Veale, the digital expert, shot back.
“Any company or government that believes ‘apps from the App Store are secure’ may need to refresh their security and data protection teams or policies,” he said.
___
AP business writer Kelvin Chan contributed from London.