Apple’s iOS 17.4 update will see the iPhone maker open up its app store and iOS ecosystem to outside parties for the first time ever. In a game-changing move, the iPhone maker will comply with the EU Digital Markets Act by allowing app side-loading from March when iOS 17.4 launches, Apple said in an announcement.

The change coming in iOS 17.4 will be welcomed by iPhone users in the EU who would like the same flexibility Google’s Android users enjoy. But Apple has warned that sideloading and the associated changes that need to be made to iOS and its ecosystem as a result open up iPhone users to major security risks.

Many experts agree. The beauty of iOS from a security and privacy perspective is the closed ecosystem approach, which contrasts with Android’s open marketplace. Because Apple owns the hardware and software of iOS, the iPhone maker has far better control over security. From iOS 17.4, this will change for EU-based users, but Apple says it is doing all it can to keep you as safe as possible.

What’s Changing In iOS 17.4?

The Digital Markets Act aims to boost competition by preventing tech giants such as Apple from acting as “gatekeepers” dominating the marketplace. From iOS 17.4 Apple is adding new options for distributing iOS apps from alternative app marketplaces “including new APIs and tools that enable developers to offer their iOS apps for download from alternative app marketplaces.”

It will also add a new framework and APIs for creating alternative app marketplaces, “enabling marketplace developers to install apps and manage updates on behalf of other developers from their dedicated marketplace app.”

It addition, developers will be able to use browser engines other than WebKit, for browser apps and apps with in-app browsing experiences.

Apple is also sharing DMA-compliant changes impacting contactless payments. This includes new APIs enabling developers to use NFC technology in their banking and wallet apps throughout the European Economic Area, Apple said. In the EU, Apple is also introducing new controls that “allow users to select a third-party contactless payment app—or an alternative app marketplace—as their default.”

Where Will Sideloading Be Available?

Apple said the changes coming in iOS 17.4 will be available in the EU, but what exactly does that mean, given that the UK is no longer a member? According to reports, the UK will be exempt from the changes, for now at least.

In its press statement, Apple described how the new capabilities “will become available to users in the 27 EU countries beginning in March 2024.”

Those 27 countries are: The EU countries are: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden.

But the UK does have its own version of the DMA, the UK Digital Markets Bill, which is going through approval at the moment and could eventually force Apple’s hand.

How Will Sideloading In iOS 17.4 Work?

As you might have gathered, Apple isn’t particularly happy about the changes. And sideloading won’t be openly available, 9to5Mac reports. Apple is instead maintaining an element of “walled garden” by allowing only certain app stores it calls “App Marketplaces” to distribute apps. These must follow Apple’s rules and stipulations.

Meanwhile, Apple will check your device is eligible for sideloading changes via a system dubbed “country”, which combines information including your Apple ID billing address, location country, region set in iOS Settings and what type of device you are using.

As 9to5Mac notes, the system also checks whether the device comes from China to restrict sideloading—although it’s not clear why. You will be able to see the region of your device via a new section in the “About This iPhone” menu, with additional details about the system to become available in an as-yet-unpublished support article on Apple’s site.

Other changes for EU users in iOS 17.4

Other requirements under the DMA include changes to Apple’s Safari browser. While iOS users already have the ability to set a third-party web browser as their default, Apple needs to go further to comply with EU rules.

Reflecting the DMA’s requirements to ensure users know there is a choice, Apple said it is also introducing a new choice screen, which will pop up when users first open Safari in iOS 17.4 or later. “That screen will prompt EU users to choose a default browser from a list of options,” Apple said.

What Are The Security Risks?

Apple says a more open ecosystem that comes with the DMA means it has less ability to address other risks, “including apps that contain scams, fraud, and abuse, or that expose users to illicit, objectionable, or harmful content.”

Apple says its anti-tracking feature, App Tracking Transparency will continue to work with apps distributed outside of the App Store. “However, the DMA’s requirements mean that App Store features—including Family Purchase Sharing and Ask to Buy—will not be compatible with apps downloaded from outside of the App Store.”

The “one golden security measure” keeping iPhones safe is the fact apps are downloaded from within Apple’s App Store ecosystem, says Jake Moore, global cybersecurity advisor at ESET. “Opening this up to unchecked third parties would potentially enable threat actors to use Trojan horses and malware within apps to target devices,” he warns.

Sean Wright, head of application security at Featurespace is more conflicted about Apple’s iOS 17.4 changes. “The closed ecosystem does initially appear that it would be more secure and less prone to malicious apps, but this isn’t always the case.”

In addition, Wright concedes that there hasn’t so far been “a significant issue” with the ability to install apps from other locations in Android.”

What Is Apple doing To Boost Security?

Apple said in its announcement that it is introducing new safeguards to boost security. These include Notarization for iOS apps, an authorization for marketplace developers and disclosures on alternative payments. It says this will “reduce risks and deliver the best, most secure experience possible for users in the EU.”

However even with these safeguards in place, “many risks remain,” Apple said.

What To Do

It’s not ideal for security-conscious EU iPhone users—many of whom use Apple devices because of their secure by design credentials.

From iOS 17.4, people need to be more mindful of where the apps they download are from, Moore says. “Savvy Android users have been used to this since the beginning, but now Apple users will need to do more due diligence in order to protect their devices and data.”

When making purchases through third-party markets, users should be mindful that they are providing their payment information to third parties, says Boris Larin, principal security researcher at Kaspersky’s GReAT. “Apple has stated that it will not be in a position to issue refunds in such cases.”

When iOS 17.4 does launch, Wright thinks most people will still stick to the official app stores. “This certainly would be my recommendation for users,” he says.

I agree. While the iOS 17.4 changes are a huge change for EU iPhone users, it’s still possible to keep your iPhone secure. Check all apps before downloading—including the reviews—and if you are worried, limit your downloads to Apple’s official App Store only.

Update 01/29 at 05:18 EST. This article was first published on 01/26 at 06:44 EST. Updated to include information on which countries exactly will be affected by the iOS 17.4 change and what this means for UK users.

Share.
Exit mobile version