Skip to main content

Apple on EU iOS changes: Has done its best but DMA makes users less safe

Apple is set to release iOS 17.4 to the public next week with a major update for EU users that allows third-party app stores and more. Now ahead of the Digital Markets Act going into effect, Apple has shared the most up-to-date and comprehensive resource about all the changes and its approach and “efforts to protect user security and privacy in the European Union.”

We learned back in January that Apple would be opening up iOS to third-party app stores in the EU for the first time due to the Digital Markets Act (DMA). Other changes include a new commission structure, third-party default web browsers, and more.

Ahead of iOS 17.4 launching for the public with all the major updates in the EU, Apple has published a 60-page whitepaper covering everything that’s changing. It includes details on all the ways it’s working to ensure security and privacy, but highlights:

These safeguards will help keep EU users’ iPhone experience as secure, privacy-
protecting, and safe as possible—although not to the same degree as in the rest
of the world.

Apple says that its “highest priority is to make great products that enrich our users’
lives around the world” and that protecting users with strong security, privacy, and safety features is a fundamental value.

When it comes to the changes needed to meet the DMA’s requirements, Apple says it built “over 600 new APIs and developer tools.”

Apple says the safeguards it’s put in place for app distribution apply no matter where a developer sells the iOS app, with iOS notarization being a big update that includes both automated and human reviews.

One of Apple’s concerns is that new third-party app stores in the EU are “new and lucrative markets for malicious actors.”

Malicious actors have long struggled to gain access to iPhone because of its best-in-class security and privacy protections. Apple’s integrated approach to platform security has put the iOS ecosystem out of the reach of commodity malware—in fact, cybercriminals have never succeeded in getting a single widespread consumer malware attack on iOS. They have learned that Apple’s integrated approach to platform security makes most malware infection attempts a lost cause. The production and distribution of malicious software requires significant resources, and iPhone’s strong defenses have prevented these efforts from seeing meaningful return on investment, further lowering the device’s attractiveness as a target.

When it comes to alternative app store payment options, Apple warns about the loss of safety and security features built into its App Store:

To support the changes we’ve announced to comply with the DMA, we are also introducing the ability for developers in the App Store to use alternative payment options to complete transactions for digital goods and services within their apps in the EU. This opens up new options for developers, but it also means users of those apps will not have the same protections and benefits they have come to rely on through Apple’s private and secure commerce system, including In-App Purchase (IAP)—such as easy subscription cancellation, a centralized purchase history page, parental controls like Ask to Buy, or protections from predatory tactics like those that aim to trick users into paying a different amount for a digital good than advertised. The burden will fall on users to figure out for themselves, on an app-by-app basis, what benefits and protections might be available to them—and who they should contact for help when transactions go wrong, as AppleCare agents will have limited (if any) ability to assist them.

Top comment by 5723alex

Liked by 11 people

EU iOS 17.4 users (read mail sent to Apple in the white paper) should worry even if they don't intend to use sideloading, 3rd party payment system... as the 'backdoor' code in embedded in iOS 17.4.

Apple should have added a yes/no option to add the code during iOS 17.4 installation so users could accept/decline the new options.

View all comments

As we previously covered, other changes to protect and inform EU users with iOS 17.4 will include

  • App Store product page labels — that inform users when an app they’re downloading uses alternative payment processing.
  • In-app disclosure sheets — that let users know when they are no longer transacting with Apple, and when a developer is directing them to transact using an alternative payment processor.
  • Expanded data portability on Apple’s Data & Privacy site — where EU users can retrieve new data about their usage of the App Store and export it to an authorized third party.

Apple believes that the work it’s done to comply with the DMA and protect users “will continue to make iPhone the most secure, most privacy-protecting, and safest smartphone available in the European Union today-giving users the great product they expect from Apple.”

But Apple believes that it’s not as safe as the iPhone experience for users everywhere else in the world.

Check out the full whitepaper here.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Michael Potuck Michael Potuck

Michael is an editor for 9to5Mac. Since joining in 2016 he has written more than 3,000 articles including breaking news, reviews, and detailed comparisons and tutorials.


Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications