Apple is opening small cracks in the iPhone’s digital fortress as part of a regulatory clampdown in Europe that is striving to give consumers more choices — at the risk of creating new avenues for hackers to steal personal and financial information stored on the devices.
The overhaul rolling out Thursday only in the European Union represents the biggest changes to the iPhone’s App Store since Apple introduced the concept in 2008. Among other things, people in Europe can download iPhone apps from stores not operated by Apple and are getting alternative ways to pay for in-app transactions.
European regulators are hoping the changes mandated by the Digital Markets Act, or DMA, will loosen the control that Big Tech’s “digital gatekeepers” have gained over the products and services that consumers and businesses use as they become more dominant forces in everyday life.
The measures took effect just days after EU regulators fined Apple nearly $2 billion (1.8 billion euros) for thwarting competition in the music streaming market.
Apple has lashed out at the new regulations for unnecessary security risks to iPhone users in Europe, exposing them to more scams and other malicious attacks launched from apps downloaded from outside its ecosystems and raising the specter of more unsavory services peddling pornography, illegal drugs and other content that the company has long prohibited in its App Store.
Despite trying to maintain security safeguards while also adhering to the new rules in the 27-nation bloc, Apple is warning that “the changes the DMA requires will inevitably cause a gap between the protections that Apple users outside of the EU can rely on and the protections available to users in the EU moving forward.”
Apple’s warnings should be taken with a grain of salt, experts say.
Managing mobile devices is “totally different” from third-party app stores, and Apple is “deliberately confusing it here to muddy the waters,” said Michael Veale, an associate professor at University College London who specializes in digital rights and regulation.
“Apple’s App Store is not a proxy for corporate data security — apps within it regularly send data to insecure cloud servers, to hidden third-party trackers and much more,” he said.
Some smaller tech companies like music streaming service Spotify and video game maker Epic Games also are attacking the ways Apple is complying with the DMA as little more than a facade that’s making a “mockery” of the regulations’ intent.
“Rather than creating healthy competition and new choices, Apple’s new terms will erect new barriers and reinforce Apple’s stronghold over the iPhone ecosystem,” Spotify, Epic and more than two dozen other companies and alliances wrote in a March 1 letter to the European Commission, the EU’s executive arm overseeing the DMA.
Epic, which makes the popular game Fortnite, also contends Apple is already brazenly violating the DMA by rejecting an alternative iPhone app store it planned to release in Sweden. Epic asserted Apple thwarted its attempt to compete as retaliation for scathing critiques posted by CEO Tim Sweeney, who spearheaded a mostly unsuccessful antitrust case against the iPhone App Store in the U.S.
In response, EU regulators said Thursday that they want to question Apple over allegations it blocked Epic’s app store. Apple was defiant, saying it “chose to exercise that right” to boot the app store based on Epic’s past behavior.
Europe’s shifting digital landscape is forcing changes at other technology powerhouses such as Google and Facebook, but the new regulations strike at the core of Apple’s philosophy of maintaining ironclad control over every aspect of its products.
This “walled garden” approach conceived by late co-founder Steve Jobs begins with the meticulous design of the hardware and then extends into all the software powering it devices, as well as overseeing the commerce occurring on them.
The approach built an empire with nearly $400 billion in annual revenue — success that Apple traces to the trust it has built through decades of vigilant management of the iPhone and other popular products such as the iPad, Mac and Apple Watch.
Even Epic’s Sweeney acknowledged that one of the reasons he uses an iPhone is because of the staunch security measures that Apple has deployed to thwart hackers and protect the privacy of its customers. That came during testimony in a May 2021 trial resulting in a U.S. judge ruling that the App Store isn’t a monopoly.
In that decision, the judge required Apple to begin allowing links to outside payment options inside iPhone apps in the U.S. It’s a requirement that the company began to allow earlier this year after the U.S. Supreme Court refused to hear an appeal on that issue.
Apple — which is making changes in Europe through an iPhone software update — still doesn’t permit alternative iPhone app stores in the U.S. or more than 100 other countries outside the EU.
European regulators appear convinced that the benefits consumers stand to reap from more competition will outweigh any increased security risks.
One potential positive is lower prices for digital transactions within apps if competing stores charge lower commissions than the 15% to 30% fees Apple has been imposing for years.
But critics are raising doubts that will happen because Apple still plans to charge fees after app downloads reach relatively low thresholds and have set up other hurdles that will make it daunting for alternative options to make significant inroads in Europe.
Apple insists the security problems hatched by the DMA are so worrisome that it has been hearing from government agencies — especially those in defense, banking and emergency services — wanting to ensure they will be able to block employees with iPhones from accessing apps distributed from outside Apple’s walled garden.
“These agencies have all recognized that sideloading — downloading apps from outside the App Store — could compromise security and put government data and devices at risk,” Apple said.
Veale, the digital expert, pushed back.
“Any firm or government who believe ‘apps from the App Store are safe’ may need to refresh their security and data protection teams or policies,” he said.
___
AP Business Writer Kelvin Chan contributed from London.
Copyright © 2024 The Associated Press. All rights reserved. This material may not be published, broadcast, written or redistributed.