Apple’s upcoming iOS 17.4 update for the iPhone will bring a big change for a subset of iPhone owners. For the first time, Apple is allowing users in Europe to download third-party app stores and install apps from sources other than the company’s official App Store.
But that change comes with major security risks, as Apple points out in a new white paper outlining its plan to verify these apps through a new process known as iOS Notarization.
Apple allows third-party apps to be installed on iPhones in Europe to comply with the European Union’s 2022 Digital Markets Act, or DMA, which is intended to enforce fair and open competition in the technology sector. The company has also come under increased pressure to open up iOS to alternative app stores in recent years following its high-profile legal battle with gaming giant Epic Games. The maker of Fortnite has sued Apple and Google over their app store rules, which take up to 30% of money earned from in-app purchases and through the app marketplace.
Read more: iOS 17.4 RC: Your iPhone might get these new features soon
Watch this: 10 hidden iOS 17 features you must try on your iPhone
Apple has long maintained that its App Store policies protect its users from malware and other digital threats. The new white paper reiterates that view while introducing safeguards, such as a new notary verification process for iOS, intended to protect iPhone users who download third-party apps.
The program uses automated and human reviews to verify that a third-party app is “free of known malware and other security threats, generally functions as advertised, and does not expose users to outrageous fraud,” according to the white paper’s description. The scan also applies to every update to the app, to prevent attackers from getting into the malware later. It is an extension of the notary authentication process that Apple uses for its Mac software.
Notarization won’t be nearly as robust as the “nutrition label” information in the App Store listing, since it lacks content disclosures and in-app purchases. But it will still give users more context about the app by providing them with descriptions and screenshots before they install it. If an app is flagged for malware, Apple will warn users before they run it.
Anyone creating a third-party iPhone app will still need to sign up for the Apple Developer Program, which includes registering a legal name, phone number, and address. In some cases, Apple will ask for additional proof of identity, such as a government identification number.
Those who join the developer program must sign a license agreement that requires them to comply with local laws and avoid fraud. The rules also require that their apps not spam or otherwise abuse users. If they break the contract, Apple terminates it and the app is blocked (even though the developer is not). Apple noted that in 2022, the company terminated more than 400,000 App Store developer accounts for fraud and prevented the creation of more than 100,000 other fake accounts.
17 hidden iOS 17 features you should definitely know about
See all photos
Ultimately, there’s only so much control Apple can exert outside of the App Store. But the company has developed basic criteria for alternative application markets, which serve as guidelines to protect users. This includes committing resources to monitoring and mitigating malicious applications and providing customer support. In the white paper, Apple mentions how much effort it has invested in maintaining the App Store since it was launched in 2008 and encourages other storefronts to invest the same amount.
Although Apple will allow developers to accept payments outside of the App Store, the company warns users that their financial protections will not apply. These include easy subscription cancellation, parental controls such as Ask to Buy, and protection against being charged a different amount than advertised. If users fall victim to predatory practices, “AppleCare agents will have limited (if any) ability to help them,” the white paper says.
While Apple’s document includes its share of scare stories for users and developers — including a warning that alternative app markets could host pirated apps that steal the work of honest developers — it’s also an acknowledgment that the EU’s new DMA regulations are changing the rules of app access on mobile devices . But it’s also worth noting that it’s in Apple’s best interest to keep people inside the App Store, given that it’s a key part of Apple’s lucrative services business. It’s unclear when or if other regions will gain access to non-App Store apps, but this system provides a blueprint that Apple could apply elsewhere.