Apple’s biggest mid-cycle iPhone update is coming soon (here’s exactly when) and it’s bringing with it major upgrades for all iPhone users, everywhere, including a major security upgrade to iMessage. But the biggest changes are for iPhone users in the EU, in response to the Digital Markets Act. Today, Apple explained to me what these changes mean and how it could affect all users—especially if the US or UK governments decide to follow suit with their own legislation.
Apple iOS 17.4 will change everything
March 2nd update below. This post was first published on March 1, 2024.
The changes for iPhone users in the EU are comprehensive. Apple is being asked to open up its iOS system to allow sideloading of apps in alternative markets, to allow non-WebKit-based web browsers that support Safari, and to allow other payment mechanisms beyond Apple Pay on the phone.
Apple has now released a 32-page white paper explaining that while it has taken all possible measures to maintain the privacy and security of iPhone users, it cannot guarantee that things will be as secure as they were.
Apple explained to me that it has introduced new features to protect users, but that it won’t be able to protect users the way it can with the current deal. The white paper says, “To comply with the DMA, we’ve created new options for developers and users—and built over 600 new APIs and development tools to enable these changes. The new options include enabling sideloading so that EU users can download apps through app markets other than the App Store, enabling alternative payment processing methods in the App Store, and many other changes. This has required us to change the uniquely successful approach we have taken to protect and protect the security and privacy of our users.”
Some organizations, such as banks for example, have been in contact with Apple expressing concern, saying they want to stay in the App Store only and may even consider not allowing their apps to be downloaded to any device that has the apps loaded on the side. . Currently, Apple has no way to notify the bank, for example, whether an iPhone has downloaded an app from an external market or not.
Apple is wary of how predatory payment techniques, mobile ransomware and consumer spyware could target the iPhone if it is deemed more vulnerable or less secure.
For me, the key phrase in the white paper is this: “In practice, EU users will lose the choice to stay on the App Store only and retain all of Apple’s industry-leading protections, even if that’s what they’d prefer.”
Of course, users can simply choose to stick exclusively to the App Store, WebKit-based web browsers like Safari, and Apple Pay payments.
And some people will want to have apps on their phones that aren’t in the App Store. Apple is also concerned about this, saying it won’t have control over external content: “This means that Apple won’t be able to block apps with content that Apple wouldn’t allow in the App Store—such as apps that distribute pornography, apps that promote tobacco use, or vape products, illegal drugs or excessive amounts of alcohol, or apps that contain pirated content (or that otherwise steal ideas or intellectual property from other developers)—not to become available on alternative app markets.”
Spotify has already responded to the white paper, saying that Apple is trying to “scare everyone about privacy and security.”
The changes coming to iPhone are in a few days, but it may take a few weeks or longer to see the effects.
Update as of March 2nd. There has already been a very strong response to Apple’s DMA changes, and it’s fair to say they haven’t been very positive. (This is an example of the British art of understatement.) Avery Gardiner, Spotify’s global director of competition policy, spoke to the Press Association news agency, as reported by Martyn Landi in The Independent. Gardiner said Apple’s warnings that the iPhone needs to be made less secure to comply with the Digital Markets Act (DMA) are tantamount to saying that “the only way for privacy and security is to allow a monopolist to continue to abuse monopoly power.”
Gardiner, Spotify’s head of competition policy, said the idea that security and privacy could only come from Apple’s own App Store was “simply not true”.
“If Apple was the only way to keep things private and secure, why didn’t Android users abandon Android in droves for Apple due to privacy and security concerns? They didn’t,” she told the PA news agency.
I think that’s true, but it’s also likely that a good portion of iPhone users will stay loyal to Apple precisely because they enjoy impeccably good security and privacy.
Gardiner pulled no punches, saying: “This is their global tactic – to scare everyone about privacy and security. Tell them that the only way for privacy and security is to allow the monopolist to continue abusing monopoly power. I understand why they do it, but it’s not true.”
She continued: “Apple has announced a number of proposed rules that are inconsistent with the DMA. “At the most basic level, it is a bizarre idea that you have to opt into an onerous new fee structure in order to take advantage of the rights granted to you by the European Parliament. The DMA is really clear: app stores must allow developers to communicate offers for free. Those are the words. It doesn’t say ‘as long as you opt for a onerous new fee structure that would impose a huge tax on you’.
Ultimately, she said, “It is, apparently, inconsistent with the DMA, and the commission will have to open an investigation unless Apple changes its tune.”