The deadline for the adoption of the new rules imposed by the Digital Markets Act, the European law created with the intention of making the large digital platforms more open and competitive, will expire on March 7th. In the case of Apple, the most important news concerns iOS: starting from version 17.4, arriving most likely on Tuesday 5th, users resident in European Union countries will be able to install apps via alternative stores to the official one.
The announcement of the first alternative App Store (with subscription)
Anyone expecting an immediate explosion of alternatives to the App Store will be disappointed. So far only MacPaw, a well-known Ukrainian software development company, has announced that it has joined the procedures developed by Apple to comply with the DMA. The software house will bring the Setapp Mobile subscription service to the iPhone, a sort of Netflix of applications that users can access with a monthly subscription of around 10 euros. Setapp, which is already available on Mac today, will arrive in beta in April and will offer an assortment of utilities, business apps and other software for productivity, design and creativity.
MacPawās choice is significant in particular because adhering to the new DMA rules is a one-way street: Apple predicts that developers who adopt alternative routes to the App Store in the future will not be able to distribute apps through the official channel managed by the company. Not only that: for applications with more than one million installations per year, Apple imposes a fee of 50 cents per app installed, a āCore Technology Feeā. The measure, they say from Apple, is compensation for the intensive use of the software development and app distribution tools made available to all developers.
Fortnite returns to iPhone and iPad and Xbox and Nvidia games arrive by Bruno Ruffilli 29 January 2024
The report: the risks for users
In the meantime, in view of the changes that will arrive in the next few days, Apple has published a new āwhitepaperā on the changes imposed by the DMA. The company reiterates that the regulatory requirements will make iOS less safe for users in the European Union. However, the document also illustrates the initiatives undertaken to minimize risks for users, within the limits imposed by compliance with European rules.
The three macro risk areas indicated by Apple concern predatory digital payment techniques, the spread of ransomware and malware, and the increase in spyware attacks against users. In the first case, Appleās argument is that the DMA rules on alternative payments offer more choice to developers, but at the same time reduce protections for buyers.
āUsers will not have the same protections and benefits offered by Appleās private and secure payment system [..] such as ease of canceling your subscription, centralized purchase history page, parental controls such as Ask to Buy, or protections from predatory tactics such as those that aim to trick users into paying a different amount for a digital good than advertised ,ā the report reads. āUsers will also have the burden of figuring out for themselves, on an application-by-application basis, what benefits and protections may be available and who they should contact for help when transactions fail, as AppleCare support agents will have an ability limited (if any) assistance to themā.
In the case of ransomware, malware and spyware, Appleās position is equally straightforward: reducing the protections offered by App Store controls opens up new opportunities for the distribution of malicious apps. The burden of control, the company explains, will now pass into the hands of developers and above all the managers of alternative app stores. The implication is that, having fewer resources and experience, these third parties will not be able ā even with the best of intentions ā to guarantee the standards of security and privacy protection offered by the App Store.
App āSpotify pays nothing to Apple.ā This is how Cupertino defends itself from a possible EU fine by Bruno Ruffilli 23 February 2024
Risk mitigation
However, the adoption of European legislation is not a truly free-for-all: in the white paper, Apple outlines the procedures which, despite the presence of alternative forms of app installation, will guarantee at least basic security of the platform. First of all, to develop and distribute applications ā both on the App Store and on alternative platforms ā you will always need a developer account. To open it, you must provide identification and detailed tax information.
Despite this, Apple says, hundreds of thousands of fraudulent developer accounts are discovered and closed every year.
The company then introduced the app āNotarizationā procedure, similar to that already provided for registering and signing applications for the Mac.
āApple will electronically sign every app distributed on iOS in the EU, regardless of distribution mode, and this signature will be required for any app on iOS,ā the document reads. āBefore signing any app, Apple will analyze it (using a combination of automated tools and human review) to verify that it is free of malware and other security threats, that it generally works as advertised, and that it does not expose users to egregious fraud. By carrying out these checks in the first place, we can help prevent cyber attacks and other threats before they spread to other users.
This process is an extension of Notarization for macOS; Apple has been scanning and signing software distributed on macOS for years to ensure it is free of known malware. This worked well, and weāve adapted it to iOS, including new improvements to meet the unique needs of the platform. However, Notarization does not cover app content, commercial practices, or provide other user protections available through the App Store.ā
Furthermore, in order to open and manage an alternative app store, it will be necessary to provide Apple with specific guarantees to confirm that the company managing it is serious, and has the capabilities and resources to guarantee at least a basic review and control mechanism of the apps.
Finally, Apple has developed some specific pop-ups that are presented to users when installing apps outside the App Store or paying with alternative systems.
The app install popup āreflects the data that the developer submits about their app and which is then checked for accuracy during notarization.ā
According to Apple, it serves to inform users of how the app was initially presented and what its stated purpose was when it was submitted to Apple for reviewā, to prevent āflicker appsā from deceiving users with an appearance or a fraudulent description. In the case of payments with systems external to the App Store, the popup warns of the risks associated with the use of circuits external to those controlled by Apple.
WhatsApp revolution: hereās what will change with the new European rules by Vincenzo Tiani 19 February 2024
The Spotify protests and beyond
Spotify, Epic, Deezer, Paddle and 30 other developers and trade associations sent a letter to the European Commission on Friday protesting the way Apple has chosen to comply with the DMA and calling for swift and decisive action against the company. Cupertino.
According to the signatories, the Notarization procedure, the Core Technology Fee, the payment and installation warning pop-ups and other procedures ādo not meet the obligations of European lawā and would be āa mockeryā to the detriment of developers and the āEuropean Union.
Spotify, Epic and the others also argue that imposing a definitive choice between the App Store and alternative stores, with no ability to revisit the decision in the future, places an undue burden on developers. It will now be up to the EU to decide whether the way in which Apple has adapted to the DMA complies with the legal requirements or not. Specifically, imposing a definitive and irreversible choice on developers between the App Store and alternative stores does not appear to specifically violate any EU guidance, as in both cases basic access to the platform is guaranteed.
Web Apps for iOS are back
In the meantime, however, Apple has backtracked on one of the indirect consequences of the DMA, namely the deactivation of Safari Web Apps. Web apps, introduced with iOS 16, allow you to save a site and use it as if it were a native app directly from the Home screen. Web apps have access, via the Safari browser engine, WebKit, to some basic system functions (mainly notifications).
According to Appleās interpretation of the DMA, the need to open to engines other than WebKit would have enabled web apps based on other systems, potentially dangerous given the impossibility of limiting access to other key functions of the system, such as the microphone or the camera. This is why Apple had chosen to give up an iOS function, rather than open up to a total liberalization of web applications.
However, on the eve of the publication of iOS 17.4, here is the change of heart: the Web Apps will remain active. The reason for this backtracking is not yet clear, but the most likely hypothesis is that the reading of the DMA by Appleās legal department was a little too stringent. Apple may have received a guarantee, perhaps from the European Commission, regarding the possibility of imposing WebKit as the only engine available for Web Apps on iOS.
App Economy Apple revolution: it will be possible to install apps from other digital stores on the iPhone by Bruno Ruffilli 25 January 2024
What is the Digital Markets Act
The Digital Markets Act is the new regulation on digital markets, approved by the European Parliament on 5 July 2022 together with the Digital Services Act (DSA), which regulates digital services. The two rules together constitute the Digital Services Package, in force from 2 May 2023, but fully operational only from spring 2024.
The DMA was created to counter the abuse of a dominant position by the so-called gatekeepers, those companies that have control over access to digital markets due to their greater economic and financial availability, the high number of users or the capacity to act as intermediaries. This is the case of Google, Amazon, Apple, Meta and Microsoft (but not only), which play an infrastructural role, establishing standards and rules that everyone must adapt to. The objective of the regulation is to prevent incorrect behavior by Big Tech and encourage innovation and competition in digital markets.
In detail, the Digital Markets Act applies to companies that provide browsers, messaging services or social media to at least 45 million monthly end users in the EU. At the same time, they must have 10,000 annual business users, a market capitalization of at least 75 billion euros or an annual turnover of 7.5 billion euros. Due to its size, turnover and degree of market penetration, the Cupertino company can undoubtedly be considered a gatekeeper from various points of view.