Apple’s biggest-ever mid-cycle update for the iPhone is about to land (here’s exactly when) and it will bring with it big upgrades for all iPhone users, everywhere, including a huge security upgrade to iMessage. But the biggest changes are for iPhone users in the EU, in response to the Digital Markets Act. Today, Apple explained to me what those changes mean, and how it could affect all users—especially if the U.S. or U.K. governments decide to follow suit with legislation of their own.

March 2 update below. This post was first published on March 1, 2024.

The changes for EU iPhone users are comprehensive. Apple is being required to open up its iOS system to allow sideloading of apps in alternative marketplaces, to permit web browsers not based on WebKit which underpins Safari, and to let other payment mechanisms beyond Apple Pay on to the phone.

Apple has now released a white paper which runs to 32 pages and explains that while it has taken every precaution it can to keep iPhone users’ privacy and security in place, it can’t guarantee that things will be as safe as they were.

Apple explained to me that it has introduced new features to protect users but that it won’t be able to protect users in the way it can in the current arrangement. The white paper says, “To comply with the DMA, we have created new options for developers and users—and built over 600 new APIs and developer tools to enable these changes. The new options include enabling sideloading so that EU users can download apps through app marketplaces other than the App Store, enabling alternative ways to process payments on the App Store, and many other changes. This required us to change the uniquely successful approach that we’ve employed to protect users’ security and privacy and keep them safe.”

Some organizations, like banks, for instance, have been in touch with Apple expressing concern, saying that they want to remain only in the App Store and could even consider not allowing their apps to be downloaded on to any device that has sideloaded apps on it. Right now, Apple doesn’t have a way to tell a bank, for instance, if an iPhone has downloaded an app from an external marketplace or not.

Apple is wary of how predatory payment techniques, mobile ransomware and consumer spyware could be focused on the iPhone if it’s deemed to be more vulnerable or less secure.

For me, the key phrase in the white paper is this: “In practice, users in the EU will lose the choice to solely remain on the App Store and keep all of Apple’s industry-leading protections, even if that is what they would prefer.”

Of course, users can simply decide to stick exclusively to the App Store, to web browsers like Safari based on WebKit and to payments through Apple Pay.

And some people will want to have apps not in the App Store on their phones. Apple is concerned about this, too, saying it will have no control of external content: “This means Apple won’t be able to prevent apps with content that Apple wouldn’t allow on the App Store—like apps that distribute pornography, apps that encourage consumption of tobacco or vape products, illegal drugs, or excessive amounts of alcohol, or apps that contain pirated content (or that otherwise steal ideas or intellectual property from other developers)—from becoming available on alternative app marketplaces.”

Spotify has already responded to the white paper, saying Apple is trying to “scare everybody about privacy and security.”

The changes coming to the iPhone are just days away, but it may take some weeks or longer to see what the effects are.

March 2 update. There’s already been a very strong response to Apple’s DMA changes and it’s fair to say they’re not exactly positive. (This is an example of the British art of understatement.) Avery Gardiner, Spotify’s global director of competition policy spoke to the Press Association news agency, as Martyn Landi reported in The Independent. Gardiner said Apple’s warnings about having to make the iPhone less secure in order to comply with the Digital Markets Act (DMA) equated to saying “the only way to have privacy and security is to allow a monopolist to continue to abuse monopoly power.”

Gardiner, Spotify’s competition policy lead, went on to say the notion that security and privacy could only come from Apple’s own App Store was “just not true”.

“If Apple were the only way to keep things private and secure, why haven’t Android users left Android in droves for Apple over concerns about privacy and security? They haven’t,” she told the PA news agency.

I think that’s true, but it’s also likely the case that a fair chunk of iPhone users stay loyal to Apple precisely because they enjoy the irreproachably good security and privacy on board.

Gardiner didn’t pull any punches, saying, “This has been their tactic globally – scare everybody about privacy and security. Tell them that the only way to have privacy and security is to allow a monopolist to continue to abuse monopoly power. I understand why they’re doing it, but it’s not truthful.”

She went on, “Apple has announced a set of proposed rules that do not comply with the DMA. “At the most basic level, the idea that you have to opt in to an onerous new fee structure in order to avail yourselves of the rights granted to you by the European Parliament is bizarre. The DMA is really clear: App stores have to let developers communicate offers free of charge. Those are the words. It doesn’t say ‘as long as you opt into an onerous new fee structure that would impose a massive tax on you’.

Finally, she said, “It is on its face, not compliant with the DMA, and the commission is going to need to open an investigation unless Apple changes its tune.”

Share.
Exit mobile version