Apple is telling European customers that new EU competition laws will make iPhones less secure after the company is forced to open its platforms to third-party app stores. The company, which isn’t exactly happy about it, has published a 32-page white paper outlining the risks arising from the EU’s big experiment.
The official adoption of the Digital Markets Act (DMA) in the EU means that Apple has to make several changes to its App Store and business models. Changes include introducing support for third-party app stores, opening up to payment systems other than Apple Pay, and more.
Changes are only implemented in the EU in response to the DMA; they are not currently available outside the block.
‘Apple’s goal is to protect users’
Until now, only applications purchased from the Apple App Store could be installed on iPhone devices. That’s changing under the DMA, although Apple warns that the change means it won’t be able to offer users the same degree of protection it could within its walled garden. However, customer protection remains Apple’s goal.
In the white paper, Apple continues to argue that this will negatively impact EU customers as its platforms will become less secure. Threats can include social engineering, fake apps, fraudulent apps, spyware, and ransomware. The white paper also provides a detailed explanation of the work Apple has done to support the DMA requirements, including the development of more than 600 APIs.
In moving into compliance, Apple emphasizes that its goals are to maintain the security and privacy of its users while simultaneously becoming compliant with EU laws. Much has already been reported.
“While the changes required by the DMA will inevitably cause a gap between the protections that Apple users outside the EU can rely on and the protections available to EU users in the future, we are working tirelessly to ensure that iPhone remains the most secure of all phones available in the EU by reducing the risks that these necessary changes bring – although we cannot completely eliminate such risks,” Apple said.
Risks and rewards
In practice, part of the model means that if a customer chooses to use an external app store or payment system, they will be presented with a series of on-screen warnings warning them that they are leaving the Apple-verse.
Apple also insists that app developers who sell software outside of its stores share basic information, such as the app name, developer name, app description, images and age rating. The idea is that customers can better understand what they are getting and then decide whether to trust the source.
Companies that offer apps through their own stores must also commit to monitoring, detecting and removing malicious apps. They must also be able to provide ongoing customer support. If they don’t, Apple will strip them of the right to offer their own store.
I’ve heard that issues with downloaded apps are one of the reasons people visit Apple stores for help, and it seems inevitable that many users will continue to do so if a third-party store is problematic. My understanding is that Apple will continue to help people where they can, but they will no longer hunt down developers for refunds.
The tyranny of choice
The document explains that customers still have some choice.
People will not be forced to use app stores and/or third-party payment systems. But as key applications move to other outlets, it will become more of a challenge to maintain the life provided by Apple for customers who want it.
Despite the hype around exempting customers from the so-called “Apple tax”, people who enjoy the safety of the platform do exist, and the Apple white paper provides a number of emails to illustrate this, one of which says:
“I am writing to you because I am afraid of the next update that is planned for the European Union. I actually believe that the security of iPhones and iPads and all other devices will be massively compromised if this update is installed. I really don’t want to install this update. I’m afraid. I’m very afraid of it and I think it makes the iPhone a little less secure as it is.”
A bit of history repeating itself
Apple’s decision not to support third-party apps at all when the iPhone was first introduced caused a lot of controversy. (Apple soon reversed course and introduced support for them.)
At the time, Apple co-founder and CEO Steve Jobs said: “We’re trying to do two diametrically opposed things at once: provide an advanced and open platform for developers, while at the same time protecting iPhone users from viruses, malware, privacy attacks, etc. This is no easy task .”
He also warned — prophetically — of the unique risks of mobile, always-connected devices.
“Some claim that viruses and malware are not a problem on mobile phones — that’s simply not true. There have already been serious viruses on other mobile phones, including some that spread silently from phone to phone over the mobile network. As our phones become more powerful, these malware will become more dangerous.”
The latter argument is valid, especially in light of some of the zero-day \ viruses that are currently being exploited and weaponized by private surveillance companies.
The always-connected nature of smartphones, along with the sheer wealth of personal data they contain, is fundamentally different from the nature of Macs and other personal computers. And they get hacked too.
Device management systems can limit side loading
Apple confirms that some large companies are extremely concerned about the changes in the EU. He explains that government agencies inside and outside the EU see the risks of that move.
“Several have told us they plan to block sideloading apps on every device they manage,” Apple’s white paper says. “All of these agencies recognized that sideloading — downloading apps outside of the App Store — could compromise security and compromise government data and devices.”
Apple has also created device management APIs that allow administrators to disable sideloading on managed devices to protect business users.
What happens in the EU, stays in the EU – for now
The EU’s experiment in opening up Apple’s ecosystem to third-party downloads will be closely watched by regulators everywhere.
Apple is under pressure to open its App Stores worldwide. But if it significantly diminishes the user experience or generates the scale of danger that Apple warns about in its report, others might want to think twice before ordering similar moves.
To some extent, the EU decision could also be fueled by growing nativism among decision-makers there, who are becoming increasingly aware that all the big tech platforms are run by American, not European, companies.
When will Apple open?
Apple will introduce these new measures with iOS 17.4. They will only be available in 27 EU countries. Apple has posted detailed information about these changes on its developer support page.
Follow me on Mastodon or join me at AppleHolic’s bar & grill and Apple Discussions groups on MeWe.
Copyright © 2024 IDG Communications, Inc.