Apple’s biggest-ever mid-cycle update for the iPhone is about to land (here’s exactly when) and it will bring with it big upgrades for all iPhone users, everywhere, including a huge security upgrade to iMessage. But the biggest changes are for iPhone users in the EU, in response to the Digital Markets Act. Today, Apple explained to me what those changes mean, and how it could affect all users—especially if the U.S. or U.K. governments decide to follow suit with legislation of their own.
Apple iOS 17.4 is going to change everything
David Phelan
March 3 update below. This post was first published on March 1, 2024.
The changes for EU iPhone users are comprehensive. Apple is being required to open up its iOS system to allow sideloading of apps in alternative marketplaces, to permit web browsers not based on WebKit which underpins Safari, and to let other payment mechanisms beyond Apple Pay on to the phone.
Apple has now released a white paper which runs to 32 pages and explains that while it has taken every precaution it can to keep iPhone users’ privacy and security in place, it can’t guarantee that things will be as safe as they were.
Apple explained to me that it has introduced new features to protect users but that it won’t be able to protect users in the way it can in the current arrangement. The white paper says, “To comply with the DMA, we have created new options for developers and users—and built over 600 new APIs and developer tools to enable these changes. The new options include enabling sideloading so that EU users can download apps through app marketplaces other than the App Store, enabling alternative ways to process payments on the App Store, and many other changes. This required us to change the uniquely successful approach that we’ve employed to protect users’ security and privacy and keep them safe.”
Some organizations, like banks, for instance, have been in touch with Apple expressing concern, saying that they want to remain only in the App Store and could even consider not allowing their apps to be downloaded on to any device that has sideloaded apps on it. Right now, Apple doesn’t have a way to tell a bank, for instance, if an iPhone has downloaded an app from an external marketplace or not.
Apple is wary of how predatory payment techniques, mobile ransomware and consumer spyware could be focused on the iPhone if it’s deemed to be more vulnerable or less secure.
For me, the key phrase in the white paper is this: “In practice, users in the EU will lose the choice to solely remain on the App Store and keep all of Apple’s industry-leading protections, even if that is what they would prefer.”
Of course, users can simply decide to stick exclusively to the App Store, to web browsers like Safari based on WebKit and to payments through Apple Pay.
And some people will want to have apps not in the App Store on their phones. Apple is concerned about this, too, saying it will have no control of external content: “This means Apple won’t be able to prevent apps with content that Apple wouldn’t allow on the App Store—like apps that distribute pornography, apps that encourage consumption of tobacco or vape products, illegal drugs, or excessive amounts of alcohol, or apps that contain pirated content (or that otherwise steal ideas or intellectual property from other developers)—from becoming available on alternative app marketplaces.”
Spotify has already responded to the white paper, saying Apple is trying to “scare everybody about privacy and security.”
The changes coming to the iPhone are just days away, but it may take some weeks or longer to see what the effects are.
March 2 update. There’s already been a very strong response to Apple’s DMA changes and it’s fair to say they’re not exactly positive. (This is an example of the British art of understatement.) Avery Gardiner, Spotify’s global director of competition policy spoke to the Press Association news agency, as Martyn Landi reported in The Independent. Gardiner said Apple’s warnings about having to make the iPhone less secure in order to comply with the Digital Markets Act (DMA) equated to saying “the only way to have privacy and security is to allow a monopolist to continue to abuse monopoly power.”
Gardiner, Spotify’s competition policy lead, went on to say the notion that security and privacy could only come from Apple’s own App Store was “just not true”.
“If Apple were the only way to keep things private and secure, why haven’t Android users left Android in droves for Apple over concerns about privacy and security? They haven’t,” she told the PA news agency.
I think that’s true, but it’s also likely the case that a fair chunk of iPhone users stay loyal to Apple precisely because they enjoy the irreproachably good security and privacy on board.
Gardiner didn’t pull any punches, saying, “This has been their tactic globally – scare everybody about privacy and security. Tell them that the only way to have privacy and security is to allow a monopolist to continue to abuse monopoly power. I understand why they’re doing it, but it’s not truthful.”
She went on, “Apple has announced a set of proposed rules that do not comply with the DMA. “At the most basic level, the idea that you have to opt in to an onerous new fee structure in order to avail yourselves of the rights granted to you by the European Parliament is bizarre. The DMA is really clear: App stores have to let developers communicate offers free of charge. Those are the words. It doesn’t say ‘as long as you opt into an onerous new fee structure that would impose a massive tax on you’.
Finally, she said, “It is on its face, not compliant with the DMA, and the commission is going to need to open an investigation unless Apple changes its tune.”
March 3 update. Industry heavyweight Mark Gurman from Bloomberg has added his voice to the expectation that the iPhone is about to change for good with the introduction of iOS 17.4.
In his latest Power On newsletter, Gurman talked about the changes coming to iPhone users in the EU in the coming days. Since the changes are EU-specific, it seems that the expectation is that customers in other places will be wanting them.
I suspect that many iPhone users, perhaps most, are happy with how things are, and value the security and privacy of the Apple system more than the ability to get extra apps or different web browsers, but who knows?
According to Gurman, Apple is prepared for inquiries. He says, “Apple is just days away from releasing iOS 17.4, which brings a wave of changes to the European Union. That includes the ability to download apps outside Apple’s App Store—a process known as side loading—as well as third-party app marketplaces and new web browser engines. Outside developers will also get access to the iPhone’s tap-to-pay chip. The changes come in response to the EU’s Digital Markets Act, which takes effect on March 7. (If you’re in the US, UK, Australia or anywhere else outside of the 27 countries that make up the EU, you’re out of luck.)”
I think it’s bound to be the case that the U.S., U.K. and Australian governments will be among those watching closely to see if the new system the DMA introduces is something they should be adopting as well.
I also think they’ll bide their time to see exactly how the chips fall in Europe before committing, watching to see just how secure the new system remains after the changes are introduced.
Gurman says: “Apple knows customers elsewhere will want these features.” That’s surely true, though whether these customers will be anywhere near a majority of iPhone users is a moot point, I’d say.
He goes on, “So they’re already telling AppleCare support employees to brace for incoming questions about it. They’ve told customer-service representatives not to speculate on when or if that will happen. If you’re a longtime Power Onreader, you already know the answer: It will never happen unless Apple is forced to do it. Time and time again, Apple has said that its reluctance to adopt side loading is because it doesn’t want to undermine the security of its platform. That could be true, but the bigger concern may be that it will undermine App Store revenue.”
I have no doubt that security is absolutely at the forefront for Apple, but it’s true there are also revenue concerns at play here.
It’s worth adding that other companies are skeptical of Apple’s stance. You’ve seen what Spotify’s global director of competition policy has had to say, and in the last days, an open letter has been sent to the European Commission from 34 companies, including Spotify, Deezer, Epic Games and others.
The letter says, “Apple’s new terms not only disregard both the spirit and letter of the law, but if left unchanged, make a mockery of the DMA and the considerable efforts by the European Commission and EU institutions to make digital markets competitive. There are a myriad of elements in Apple’s announcement that do not comply with the DMA.”
It also describes some of the terms as “egregious”, saying “Apple is offering app developers an unworkable choice between staying on its current terms—which are manifestly not compliant with the DMA–or opting into new terms, implying that only app developers opting into the new terms will benefit from the DMA.”
It also criticizes the Core Technology Fee, which Apple will levy against developers to meet the costs of providing services and technology. It says, “With a hefty transaction fee and a Core Technology Fee (CTF), few app developers will agree to these unjust terms. These fees will deter app developers from providing seamless in-app experiences for consumers, and will hamper fair competition with potential alternative payment providers.
“Apple claims ‘the changes include new controls and disclosures, and expanded protections to reduce privacy and security risks the DMA creates.’ This is masquerading unfounded privacy and security concerns to the detriment of user choice.”
Strong opinions being voiced there. It’s safe to say that this controversy is set to continue.
Follow me on Twitter.
Laura Adams is a tech enthusiast residing in the UK. Her articles cover the latest technological innovations, from AI to consumer gadgets, providing readers with a glimpse into the future of technology.
