Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals
25 comments

The EU Forces Open Apple’s Walled Garden

Apple has announced extraordinary changes to how iOS apps will be distributed in the European Union. In short, Apple’s App Store will no longer be the only source for iOS apps, and the company is making it known in the clearest possible terms that it’s not happy about it.

Apple’s changes were forced by the European Commission’s Digital Markets Act (DMA), passed by the European Parliament in 2022. Under the DMA, Apple is considered a “gatekeeper” of “core platform services.” As such, Apple cannot prevent its users from doing business with third parties on that platform, nor can Apple give preferential treatment to its own services.

To be fair, the DMA exists because the EU wants to protect its smaller businesses and users from abuses by entrenched tech giants running large online platforms. Whether the DMA’s requirements are the best way to accomplish those goals is a conversation worth having, but it’s undeniable that some large online platforms have behaved in anticompetitive and monopolistic ways that harm users and smaller businesses.

Here is a brief summary of what EU iPhone users can expect in the upcoming iOS 17.4 release, anticipated sometime in March 2024:

  • Alternative app marketplaces: Developers will be able to create and run “alternative app marketplaces.” Don’t call them app stores! AltStore, a gray market alternative app store, has announced plans to launch an official version in the EU. We would be surprised if Apple-nemesis Epic Games doesn’t try to launch its own alternative store.
  • Alternative payment providers: Developers will be able to offer in-app purchases without going through Apple’s system. They can either link to their own websites for payment or support alternative payment methods like PayPal.
  • Browser choice: Safari will no longer be the default default Web browser. After installing iOS 17.4, users will have to pick a default browser from a list of options.
  • WebKit-free web browsers: Apple has long allowed Web browsers other than Safari in the App Store and has even allowed you to set one as a default, but it was a somewhat meaningless choice since those browsers—like Chrome and Firefox—had to use the same WebKit rendering engine as Safari. So you were really just using Safari with a different skin. Google will now be able to provide an EU version of Chrome that uses its Blink rendering engine, and Firefox can ship a version with its Gecko engine.
  • Contactless payments without the Wallet app: It will be possible for developers to access the iPhone’s NFC hardware directly to make contactless payments without going through Apple’s Wallet app. Additionally, Apple will provide an “interoperability request form” where developers can request access to other hardware and software features.
  • Expanded data portability: EU users will have increased options on Apple’s Data and Privacy site to see their App Store data and export it to authorized third parties.

Note that these changes do not allow sideloading apps downloaded directly from websites, as Mac users have been accustomed to for decades. Every app must still be downloaded from an app marketplace, whether Apple’s App Store or someone else’s. However, you’ll download those alternative app marketplaces from the Web: “Marketplace apps may only be installed from the marketplace developer’s website.”

Also, as John Gruber of Daring Fireball points out, many of these changes, such as alternative app marketplaces and non-WebKit Web browsers—are coming only to the iPhone and not the iPad.

Apple Doth Protest

If this all seems very confusing, that’s at least partially intentional on Apple’s part. The company was emphatic about how it is complying with the new EU requirements only under duress.

Apple’s announcement is so bitter that we assume the PR team was biting into whole grapefruits while writing it. The press release laments:

The new options for processing payments and downloading apps on iOS open new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats.

The announcement also quotes Apple Fellow Phil Schiller, in his best “disappointed dad” voice:

The changes we’re announcing today comply with the Digital Markets Act’s requirements in the European Union, while helping to protect EU users from the unavoidable increased privacy and security threats this regulation brings. Our priority remains creating the best, most secure possible experience for our users in the EU and around the world.

Phil Schiller isn’t mad at you, EU. He’s just… disappointed.

For years, Apple has argued that its heavy-handed App Store approach was the only way to keep its platforms secure (while guaranteeing itself a nice cut of developer revenue in exchange for developing and maintaining the platform). But as Rich Mogull correctly foresaw in “Apple’s App Store Stubbornness May Be iOS’s Greatest Security Vulnerability” (8 April 2022), that same heavy-handed approach backfired and inspired the EU to go after Apple’s walled garden with a crowbar.

Apple may be exaggerating for effect, but it’s not wrong. These changes will make Apple’s platforms less secure going forward; it’s just a matter of to what degree, which is why the company is taking every conceivable measure to protect users.

How Apple Plans to Protect Users

Just because apps can be distributed outside Apple’s walled garden doesn’t mean they will escape Apple’s review.

iOS apps distributed outside of the App Store will be notarized by Apple, much like how apps are notarized in macOS. This step gives Apple a lever to prevent or ban misbehaving apps. However, there are a couple of key differences.

  • While macOS offers a way to bypass notarization so you can install any app you’d like, Apple does not provide this as an option for iOS.
  • Notarization under macOS is largely automatic, but the iOS process will involve some degree of human review.

That human reviews checks to “ensure apps are free of known malware, viruses, or other security threats, function as promised, and don’t expose users to egregious fraud.” However, according to John Gruber, who has had multiple briefings with Apple, apps distributed through app marketplaces will not be rejected for content. For example, while Apple will never allow adult-rated apps in the App Store, they will be permissible in app marketplaces.

Besides a baseline app review, iOS will present an app installation sheet that summarizes basic information about the app when you install an app from an app marketplace. Also, Apple will perform background malware scans when installing such apps.

Additionally, alternative app marketplaces are subject to stringent “ongoing requirements.” Not just anyone can open an app marketplace. Among other things, developers need a healthy line of credit:

In order to establish adequate financial means to guarantee support for developers and customers, marketplace developers must provide Apple a stand-by letter of credit from an A-rated (or equivalent by S&P, Fitch, or Moody’s) financial Institution of €1,000,000 prior to receiving the entitlement. It will need to be auto-renewed on a yearly basis.

Of course, Apple touts these many security measures with yet another bitter disclaimer:

However, Apple has less ability to address other risks — including apps that contain scams, fraud, and abuse, or that expose users to illicit, objectionable, or harmful content. In addition, apps that use alternative browser engines — other than Apple’s WebKit — may negatively affect the user experience, including impacts to system performance and battery life.

And developers may have a bitter pill to swallow if they decide to accept the new path the EU has forged for them.

Thorny Questions for Developers

Apple is giving developers two mutually exclusive choices. They can take the blue pill and keep things largely as they are now. Developers distribute their apps only through the App Store, use Apple as their payment processor, rely only on the WebKit rendering engine, and pay Apple a straight 30% or 15% commission.

However, developers who choose the red pill open a whole new world of alternative app marketplaces, third-party payment processors, and other freedoms, but they also face a complicated new business reality. And there is no going back:

Developers who adopt the new business terms at any time will not be able to switch back to Apple’s existing business terms for their EU apps. Apple will continue to give developers advance notice of changes to our terms, so they can make informed choices about their businesses moving forward.

If developers choose the new business terms, they can keep their apps on the App Store in addition to alternative app marketplaces and pay lower commissions of either 10% or 17%. That sounds good, but the math gets more complicated. If developers also want to use Apple’s payment processor, they will pay an additional 3% fee. Additionally, if an app is a hit, with one million or more first annual installs in the EU, the developer will pay a Core Technology Fee of €0.50 for each additional install per Apple account (which includes new downloads, re-downloads, and updates) once every 12 months. Free apps from nonprofit organizations, academic institutions, and government entities are exempt from this fee.

The new business terms also allow developers to opt out of Apple’s systems in the EU entirely and pay the company only the Core Technology Fee, but then they’re on their own for distribution, payments, and other liabilities associated with EU law.

Apple has created a fee calculator to help with the complicated math, but developers may not like the results. Developer Nikita Bier ran some numbers and estimates that some developers may only keep a small fraction of their revenue or even owe Apple money.

Relaxed Game Streaming and Sign In with Apple Rules

There are changes for everyone outside the EU as well.

First, Apple now allows game-streaming apps in the App Store. Services like Xbox Cloud Gaming and Nvidia’s GeForce Now let you play hardware-intensive games without high-end hardware. The game’s code is processed on a remote server, and the video is streamed to your device. This move likely means many more gaming options will soon be in the App Store. (Hopefully, some of these services will come to the Apple TV.)

Second, developers can now offer apps that feature “mini-apps, mini-games, chatbots, and plug-ins” for an additional in-app purchase.

Third, in the past, if an app offered the option to sign in with a Google account or other third-party authentication service, it also had to present the option to use Apple’s service. That’s technically no longer the case. Developers can also now offer “third-party or social login services” in their apps without being forced to include the Sign In with Apple option, but they must offer “an equivalent privacy-focused login service instead.” That may be a tough hurdle to clear for many developers, so the previous policy may effectively remain.

The EU as App Store Guinea Pig

Apple is overwhelmingly clear about the extent to which it feels these requirements are wrong-headed and will hurt the user experience. The company likely fears, and rightly so, that other jurisdictions around the world will demand similar concessions. After all, the infrastructure is already in place. Or—even worse–other countries might demand different concessions.

The EU has made itself a testbed for this type of governmental intervention. While Apple is begrudgingly complying, it clearly hopes—and is doing its best to ensure—that developers stick with the status quo. Apple’s announcement takes pains to highlight every possible negative of these changes, including security risks, fraud concerns, offensive content, user confusion, and reduced battery life. And you can be sure Apple will be quick to point out every such failure and explain how it could have been prevented if the EU hadn’t tied its hands.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About The EU Forces Open Apple’s Walled Garden

Notable Replies

  1. Apple’s condescending and greedy management has only itself to blame for this. A spirit of compromise and adjustments to the onerous fee structure might have taken the air out of this controversy.

  2. Corporations exist to produce goods and profits for their shareholders…and while one ma6 not like Apple’s approach…Epic and others have zero rights to use Apple’s systems and servers without compensating Apple. They’re not a monopoly…while they make the vast majority of profit in the smartphone business they sell about 25% of all phones. Many users like and prefer the closed ecosystem…warts and all…because overall it provides more security and privacy than Android. The EU is completely wrong here…and I hope Apple sticks to their principles. This is severe overreach…just like the proposed changes in the UK Investigatory Powers Act which propose that the UK declare worldwide jurisdiction over end to end encryption. Nuts.

  3. I’ve never seen a company welcome regulation. I’m sure if it were up to Tim, he’d get to make his own rules. But as we all learned back when we were small children, the world doesn’t work like that. Apple wasn’t willing to compromise, so they got forced by written law. And then it’s the EU’s way or the highway. Obviously, they chose not to forgo billions in sales. That’s the way the real world works. A story as old as time.

    What I’m more curious about is if they will be allowed to squeak by with what has been termed “malicious compliance” or if the EU will now tighten the vice to make sure Apple complies with the goals of their legislation (weaken gatekeepers’ restrictions on consumer choice) rather than just bare minimum.

    @jcenters is absolutely right in sensing that Apple is about as public in throwing a tantrum as they could be without appearing ridiculous, but in the end that’s just posturing. It will be more interesting to see what actually happens. Will the EU allow them to force devs to choose between business as usual vs. more choice but made financially as unviable as possible? And even more interesting, what will the outcome of all this be? Will consumers actually face better conditions? Will iPhones eventually become more like Mac? Or will Apple be allowed to uphold what I’m sure they would prefer to be considered the new paradigm?

  4. I can see two things in effect happening:

    1. Most users won’t be interested in wasting their time with third-party “marketplaces” in the first place.

    2. Most devs (outside Epic, or a few larger game companies), won’t bother offering their apps outside Apple’s store.

    The second of these two will be down to Apple’s deliberately greedy rules they’d have to follow, making doing so almost completely pointless from both a profit and additional admin point of view.

  5. Please don’t impugn individuals. Apple is acting rationally from its perspective and working to maximize shareholder value, etc. etc. We can disagree with or be critical of Apple’s words and actions, just as we can disagree with or be critical of the Digital Markets Act’s approach, but I don’t want discussion devolving into insult.

    I think you’re spot on here, as @jcenters pointed out in the article by referencing @rmogull’s article about how Apple has brought this on itself.

    It appears that Apple’s negotiating stance is usually from a position of dominance, which may work well in the business world where money talks. (Though the situation with Massimo and the blood oxygen sensor shows that it doesn’t always provide a quick or smooth resolution.) And it seems to work well enough in the courts, such as with the Epic lawsuit, though that may be more a case of Apple lawyers making sure that what the company does is legally defensible.

    But I would wonder if Apple has tried to play the same level of hardball with the EU regulators and other government representatives. Particularly if the other tech giants did the same thing, that may have caused the EU to dig in its heels. And now Apple is doubling down with a set of regulations that may pass muster—the EU will presumably rule on whether they meet the letter of the law—but certainly do little to address the spirit of what the EU was trying to accomplish.

  6. Just a reminder that I’m going to continue deleting messages that try to drag the conversation off into the weeds of opinion about financial systems or forms of government. Stick to Apple, folks.

  7. Apple is at 25% and growing while the competition is either static or shrinking. Do you like the word “oligopoly” better? Corporations are ruthlessly rational and Apple’s behavior is exactly what I would expect. You can complain about EU excesses, but ask yourself what Apple could have done differently over the last decade to enhance shareholder value while addressing legitimate anticompetitive concerns.

  8. @ace To be clear, I’m not impugning individuals. I’m impugning Apple Management. Big difference!

  9. Well, that’s just it—Apple management is composed of individuals, a few of whom I’ve known for years, and they are not greedy or condescending people. They’re acting as a group in what they believe are the best interests of the company, and individuals or factions within the group may even disagree with the eventual decision. There’s seldom unanimity in large companies.

    And we can disagree with or criticize the company’s actions, but there’s no utility in being insulting about it.

  10. By far the best take I’ve seen on this issue is Steven Sinofsky’s very long essay:

    The key here is that Sinofsky’s was at Microsoft for decades and went through this whole “product design forced by regulation” when the US Govt and the EU forced Microsoft to make changes to their product and it didn’t go well.

    A great read.

  11. None of the possible futures I see preclude me continuing on merrily as I am.

    So be it.

    Not sure any party in this has behaved all that well, and to @ace’s point, it’s difficult when political/economic viewpoints color commentary.

    As a loyal 40 year Apple user and happy-to-be EU citizen with US ties, I’m just curious as to the outcome.

  12. That’s going to be the right question.

    The arguments used in these discussions is “it’s better for the consumer”. Time will tell, because one way “better for the consumer” is interpreted implies “lower pricing due to competition”. My fear is I can’t see any developer in an independent store lowering prices when they know people will pay the App Store price and pocket what they would have paid to Apple.

  13. Is this about how Apple charges devs or about that “other” devs want to bypass Apple’s fees? I’m all for not having “side-loading” apps because I put a reasonable trust in Apple’s platform. However, if Apple isn’t watching the store, pun?, and there are app that want to bypass Apple’s QC and control… what’s the best solution? Is the EU only looking to protect its users or is there something else? I work with some from the EU and privacy is policy…I know Apple gathers information for its own internal metrics and doesn’t resell but how this will affect apps is something to watch.

    I’m also empathic to companies that code and market programs (apps) like those that used to sell software from their website (a cost) that then had to move to Apple’s store front (cost) and lower prices to move but don’t get exposure? Or that devs have to pay 33% (I’m guessing?) to Apple to have their apps there, and wait for approval, and base their exposure on reviews and such? What a rat race!

    BTW, I notice that when I’m in the app store, to update apps, I have to drag down the window to see latest (within a day or so posted update) for more updates! That little red notification might show 4 but drag down the window to refresh, and you’ll see it now at 8 or more! Right? Oh and most of the apps I see pushed on the App store are games! I mean literally, games! Sorry if you play games on your iPad or iPhone, but I don’t. Oh and who else is annoyed that when there is an app update, e.g. Youtube, its information about the update is gimmicky! Not informative, but just something immature like, “We’re cleaning the pipes and freshening up things!” … Not what I call “informative”.

  14. The description of each new version is provided entirely by the publisher. If an app (like YouTube) isn’t providing useful descriptions, you need to complain to them.

    If it’s from a small publisher, they might even respond. For apps from Google or Meta or other big corporations? They probably don’t care.

  15. Tee hee! That’s a great exchange! I’m with Sebastiaan de With on this one.

    Further, I suspect that more than 95% of IOS users won’t bother with third-party stores. And most developers, save the ones with monstrous cash flows where 1% more makes a big difference, won’t bother either.

    Dave

  16. Thanks for finding and updating it, Flash!

  17. Who is EU trying to help here? Not the users anyway. It used to be fairly safe to give an iPhone to an elderly person. With the new stores it will be bigger opportunities to scammers. Not a good idea. I hope there will be a way to turn off the possibility to b uy from another AppStore.

  18. I’ll be interested to see how this works in practice.

    I assume it won’t be possible to just click a link to an app-installer from a web page or mail message. I assume you’ll need to install an app-store ('scuze me, “marketplace”) app from Apple’s app store, which will in turn be able to install apps from its servers.

    So hopefully this won’t end up being any less secure than pre-existing loopholes, like installing configuration profiles to grant access to a corporate app server, which have been abused by people trying to evade Apple’s app store.

    And I would like to think that parental controls (or something similar) will let you restrict the ability to install third-party marketplace apps, just like they can be used to limit installation of other apps.

  19. From what I’ve read, each store will have to have their own special app. The user will have to install that app and agree to terms after seeing Apple’s dire warnings about less security, Apple not taking responsibility, the alternate marketplace handling refunds, etc. Apps cannot be installed without this agreement and the user can revoke permission at any time, disabling any of those apps already downloaded and installed.

    Apple will have the ability to “turn off” any store that doesn’t behave and I believe that will disable all the apps from that store (for sure it will stop any updates).

    Also, the user can only have one version of an app installed at a time, so if a user had say, Facebook from the App Store, they’d have to delete it in order to install a version of Facebook from an alternate marketplace. Apparently this helps prevent app data loss from having two versions of the same app installed.

    Another thing I like is that the app’s description for side loaded apps will be hard-coded into the app before it is digitally signed by Apple, so it can’t be modified without another review. That way even if a sleazy alternate marketplace tries to give a different description of an app, the user will see the real (accurate) description when they click on it. This should prevent a store from promoting an app as one thing and then it does something else. Very clever.

  20. Another interesting point Gruber makes, is that even Epic won’t be able to offer its own solely-Epic game store.

    Firstly, because their dev ac was cancelled by Apple due to the Fortnite fiasco (so they’d seemingly have to use their other Unreal Engine dev ac in order to do so, i.e. as “The Unreal Store”, presumably). But mainly because any store has to offer products within its product category(s) –eg. games– from any developer; presumably meaning they’d have to sell non-Epic games too?

    On a separate point, any dev that goes for the new business terms option cannot go back to the current business terms. That effectively makes it all a huge gamble for almost all devs to make. There’s no trial and error: you’re either all in on the current business terms or completely out of it…forever.

  21. I’m pretty sure this is going to the topic of much more discussion.

    I cannot imagine the EU is just going to be ok with this. They have no interest in allowing Apple to make the new alternate system unnecessarily unattractive in order to push people towards maintaining the status quo. The EU wants to see the status quo be the unattractive alternative. If Apple stipulated that devs wanting to run their own competing app store, would have to accept Apple filling their letterbox with poop every morning, the EU would most certainly immediately crack down on that provision. I see them doing the same here because with the conditions the way Apple has set them up (cost prohibitive, no option to switch between systems later, etc.), it’s highly unlikely anybody — much less the large houses with some political weight to throw around — will be choosing the new system over the old and for the EU that would constitute failure. Quite public too so can’t have that.

    OTOH it’s also quite obvious to me, Apple won’t just forgo business in the EU. So I suppose it will come down to Apple trying to buy/lobby their way to weak regulation (or at least regulation with built-in loopholes) vs. the European Commission trying to impose its views on what healthy competition looks like via legislation. And to increase the stakes, Apple certainly knows very well the rest of the world is watching. Whatever they end up giving the EU, others could ask for the same (just consider the global effect GDPR had, or long before, CA state clean air regulation on the entire US auto market) right away. Apple might well be willing to exit the Eritrea market, but Canada? Or Japan? Korea? This is bound to be exciting and I’d say the fight has only just begun.

  22. Epic will using the new Apple structure in the EU to bring Fortnite back to iOS. From their year in review (courtesy Gruber):

    Update on Epic’s return to iOS in Europe: Developer account secured!

    We’ve received our Apple Developer Account and will start developing the Epic Games Store on iOS soon thanks to the new Digital Markets Act. We plan to launch in 2024. Epic Games Sweden AB will operate the mobile Epic Games Store and Fortnite in Europe, with the Store team leading development.

    Epic Games Sweden has 3 studios and 60+ employees.

    https://store.epicgames.com/en-US/news/epic-games-store-2023-year-in-review

Join the discussion in the TidBITS Discourse forum

Participants

Avatar for ace Avatar for jcenters Avatar for Simon Avatar for tommy Avatar for silbey Avatar for romad Avatar for neil1 Avatar for xdev Avatar for jimthing Avatar for FlaSheridn Avatar for Shamino Avatar for Dafuki Avatar for macanix Avatar for david_blanchard Avatar for Technogeezer Avatar for olsson Avatar for rpotts