Apple’s biggest interim iPhone update ever is ready (here’s exactly when), and it will bring with it big upgrades for all iPhone users everywhere, including a huge security upgrade to iMessage. However, the biggest changes are for iPhone users in the EU, in response to the Digital Markets Act. Today, Apple explained to me what these changes mean and how they could affect all users—especially if the US or UK governments decide to follow suit with their own legislation.
Apple iOS 17.4 is about to change everything
March 3 update below. This post was first published on March 1, 2024.
The changes for EU iPhone users are comprehensive. Apple is being asked to open up its iOS system to allow sideloading of apps in alternative markets, to allow non-WebKit-based web browsers that support Safari, and to allow payment mechanisms other than Apple Pay in phone.
Apple is now out a blank paper which spans 32 pages and explains that while it has taken every precaution it can to maintain the privacy and security of iPhone users, it cannot guarantee that things will be as secure as they have been.
Apple explained to me that it has introduced new features to protect users, but that it won’t be able to protect users the way it can in the current setup. The white paper says: “To comply with the DMA, we’ve created new options for developers and users—and we’ve built over 600 new APIs and developer tools to enable these changes. New options include enabling sideloading so that EU users can download apps through in-app purchases outside of the App Store, enabling alternative ways to process payments in the App Store, and many other changes. This required us to change the uniquely successful approach we used to protect users’ security and privacy and keep them safe.”
Some organisations, such as banks for example, have approached Apple with concerns, saying they want to remain in the App Store only and could even consider not allowing their apps to be downloaded on any device that has downloaded apps to it. Right now, Apple has no way of telling a bank, for example, whether an iPhone has downloaded an app from an external marketplace or not.
Apple is wary of how aggressive payment techniques, mobile ransomware and consumer spyware could target the iPhone if it is found to be more vulnerable or less secure.
For me, the key phrase in the white paper is this: “In practice, users in the EU will lose the option to remain App Store-only and retain all of Apple’s industry-leading security, even if that’s what they’d prefer .”
Of course, users can simply decide to stick exclusively to the App Store, WebKit-based web browsers like Safari, and Apple Pay payments.
And some people will want to have non-App Store apps on their phones. Apple is also concerned about this, saying it will have no control over external content: “This means that Apple will not be able to prevent apps with content that Apple would not allow in the App Store—such as apps that distribute pornography, apps that encourage the consumption of tobacco or vaping products, illegal drugs or excessive amounts of alcohol, or apps that contain pirated content (or that otherwise steal ideas or intellectual property from other developers)—from being made available in alternative app markets.”
Spotify has already responded to the white paper, saying that Apple is trying to “scare everyone about privacy and security”.
The changes coming to the iPhone are a few days away, but it may take a few weeks or more to see what the effects are.
Update March 2. There has already been a very strong response to Apple’s DMA changes, and it’s fair to say that they’re not exactly positive. (This is an example of the British art of understatement.) Avery Gardiner, Spotify’s global director of competition policy, spoke to the Press Association news agency, as reported by Martyn Landi at The independent. Gardiner said Apple’s warnings about having to make the iPhone less secure in order to comply with the Digital Marketing Act (DMA) amounted to “the only way to have privacy and security is to allow a monopoly to continue to abuse monopoly power’.
Gardiner, Spotify’s head of competition policy, went on to say that the idea that security and privacy could only come from Apple’s App Store was “simply not true”.
“If Apple was the only way to keep things private and secure, why didn’t Android users abandon Android in droves for Apple due to privacy and security concerns? They don’t have it,” he told the PA news agency.
I think that’s true, but it’s also possible that a large portion of iPhone users remain loyal to Apple precisely because they enjoy the perfectly good security and privacy on board.
Gardiner pulled no punches, saying: “That’s been their tactic globally – scare everyone about privacy and security. Tell them that the only way to have privacy and security is to allow a monopoly to continue to abuse monopoly power. I understand why they do it, but it’s not true.”
He continued, “Apple has announced a set of proposed DMA non-compliant rules. “At the most basic level, the idea that you have to opt into an onerous new fee structure in order to take advantage of the rights afforded to you by the European Parliament is strange. The DMA is really clear: app stores must allow developers to communicate offers for free. These are the words. It doesn’t say “as long as you opt for a onerous new fee structure that would tax you hugely”.
Finally, he said, “It is prima facie, non-compliant with the DMA, and the Commission will need to open an investigation unless Apple changes its pace.”
March 3 update. Industry heavyweight Mark Gurman from Bloomberg has added his voice to the expectation that the iPhone is about to change for good with the introduction of iOS 17.4.
In his last Power On Newsletter, Gurman talked about the changes coming to iPhone users in the EU in the coming days. Since the changes are EU-specific, it seems the expectation is that customers elsewhere will want them.
I suspect that many iPhone users, perhaps most, are happy with the situation and value the security and privacy of Apple’s system more than the ability to download extra apps or different web browsers, but who knows?
According to Gurman, Apple is ready for investigations. He says, “Apple is just days away from releasing iOS 17.4, which brings a wave of changes to the European Union. This includes the ability to download apps outside of Apple’s App Store—a process known as side loading—as well as from third-party app markets and new web browser engines. Third-party developers will also have access to the iPhone’s tap-to-pay chip. The changes come in response to the EU’s Digital Markets Act, which comes into effect on March 7. (If you’re in the US, UK, Australia, or anywhere else outside the 27 countries that make up the EU, you’re out of luck.)”
I think it is certain that the US, UK and Australian governments will be among those watching closely to see if the new system being introduced by the DMA is something they should also adopt.
I also think they will take the time to see exactly how the chips fall in Europe before they commit, watching to see how secure the new system remains after the changes are introduced.
Gurman says, “Apple knows that customers elsewhere will want these features.” That’s certainly true, though whether those customers will be anywhere near the majority of iPhone users is a moot point, I’d say.
He continues, “So they’re already telling AppleCare support people to brace themselves for incoming questions about this. They have told customer service reps not to speculate on when or if this will happen. If you’re a longtime Power Onreader, you already know the answer: It will never happen, unless Apple forces it to. Time and again, Apple has said its reluctance to adopt sideloading is because it doesn’t want to compromise the security of its platform. That could be true, but the bigger concern may be that it will undermine revenue from the App Store.”
I have no doubt that security is absolutely at the forefront for Apple, but it’s true that there are also revenue concerns here.
It’s worth adding that other companies are skeptical of Apple’s stance. You’ve seen what Spotify’s global director of competition policy had to say over the past few days as wellopen letter has been sent to the European Commission by 34 companies, including Spotify, Deezer, Epic Games and others.
The letter states: “Apple’s new terms not only ignore both the spirit and the letter of the law, but if left unchanged, they make a mockery of the DMA and the important efforts of the European Commission and EU institutions to make digital markets competitive.” . There are many elements in Apple’s announcement that are not DMA compliant.”
It also describes some of the terms as “unbelievable,” saying that “Apple is offering app developers an unworkable choice between staying with its current terms—which are apparently not DMA compliant—or choosing new terms, implying that only application developers opting into the new terms will benefit from DMA.”
He also criticizes the basic technology fee, which Apple will charge developers to cover the cost of providing services and technology. He says, “With a heavy transaction fee and a core technology fee (CTF), few app developers will agree to these unfair terms. These fees will prevent app developers from providing seamless in-app experiences for consumers and hinder fair competition with potential alternative payment providers.
“Apple claims that ‘the changes include new controls and disclosures, as well as expanded protections to reduce privacy and security risks posed by DMA.’ This disguises unfounded privacy and security concerns at the expense of user choice.”
Strong opinions are expressed there. It’s safe to say that this feud is set to continue.
