Malcolm Owen
The introduction of third-party app marketplaces for the iPhone in EU countries could be a massive privacy and security problem for users, Apple Fellow Phil Schiller warns, despite Apple's attempts to shore up security before regulatory rules fully kick in.
The EU Digital Markets Act is forcing Apple to open the iPhone up to third-party digital storefronts in EU member states, with the enabling of sideloading and alternative stores alongside Apple's own App Store starting from March 2024 in the iOS 17.4 update.
To prepare for the introduction of the third-party storefronts, Apple has already outlined various ways charges will change, as well as security mechanisms to try and keep users safe. However, Apple warns that cannot protect against every eventuality.
App Store chief and Apple fellow Phil Schiller explained to Fast Company "These new regulations, while they bring new options for developers, also bring new risks. There's no getting around that. So we're doing everything we can to minimize those risks."
The introduction of a third-party storefront means there's a new way for apps with malicious code to be installed onto an iPhone, which could cause many issues to end users. Apple's "walled garden" approach and App Store Review process weed out these apps, with almost 1.7 million submissions rejected in 2022 because of failures to meet privacy, security, and content standards.
Due to the possibility of third-party stores not having as stringent a review process as Apple, the iPhone maker has introduced various elements to improve security, such as notarizing all apps before they can be installed on an iPhone, regardless of the app store.
"We've put together over 600 new APIs for developers to give them the tools to build a marketplace, install an app, let the user have control of that process," said Schiller. "We've done a lot of core engineering, and we're going to continue to."
Users will also see an information sheet showing basic details about the app before installing it, and added more control over marketplace selection too.
App security, but no content monitoring
Even so, Schiller adds that there are limits to Apple's protective measures, with it having no real control over the content of apps from the alternative storefronts, since notarization doesn't check the actual content, only whether the app is secure and not malicious.
"Ultimately, there are things that we have not allowed on our App Store— things that we didn't think would be safe or appropriate," the Apple Fellow said. "It will not be our decision whether those other marketplaces have the same terms and limitations."
While Apple has rules in place to prevent specific types of objectionable content from appearing in the App Store after years of input from families and governments, "Those rules will not apply in another marketplace unless they choose to make rules of their own, with whatever criteria they come up with," Schiller points out.
"Does that increase the risk of users, and families, running into objectionable content or other experiences? Yes it does."
William Gallagher
Christine McKee
AppleInsider Staff
Chip Loder
50 Comments
It’s strange to me at a personal level that the EU would advocate for anything that puts people’s privacy at risk. When I worked on a customer loyalty program in the 90s the biggest pushback we received anywhere was from European governments who were concerned about our system (in the hands of our customers) maintaining personal information about what their customers were buying, like individual purchased items, frequency of purchase, quantity of purchase, and items that tended to be purchased together. We’re talking chips and bananas level stuff but the pushback was very hard.
The apps that exist today on smart devices are capturing, aggregating, correlating, trending, and applying machine learning to far more personal and broadly sourced information related to individuals including location information, financial information, credit information, aggregated data from other point-of-sale sources both online and brick & mortar, online search history, social media, public databases, shared genealogical information, etc. This is nearly fingerprint level stuff. And the EU is perfectly fine letting anyone with the ability to put up a “store front” that can tap into that sort of information with a pinky-promise that that they won’t share it, use it for nefarious purposes, or safeguard it in cardboard boxes stored in their bathroom?
What happens when a shallow pockets ISV with a homegrown storefront breaches your data? Are they going to provide any remedial action? Are you or a class action group going to sue them? For what, to make them sell their PlayStation to pay off the penalty from a court ordered settlement?
No thanks. I think I’ll stay in the garden.
As someone that ping ponged between iPhone and Androids since 2007 (currently with iPhone for a few phone models now and 15PM), let the consumer do what they want BUT add a disclaimer. If they install a 3rd party app outside of the App store and their phone goes all wonky on the software side, Apple will NOT fix it and the consumer has to accept responsibility . I have rooted all of my Android phones and jailbroke my old iPhones in the past, knowing full well that my actions could have consequences and I could install something that I probably should not. I dig the walled garden approach Apple has but honestly, I do miss the freedom I had with Android devices sometimes and if my devices ever went nuts, I simply restored from a backup and lesson learned. Oh And I really love this line
"Ultimately, there are things that we have not allowed on our App Store-- things that we didn't think would be safe or appropriate". A huge portion of the userbase is well over 18 with the ability to think for themselves, and Apple wants to tell people what is appropriate or not based on what, their standards?
Still though I think this is a scare tactic, as installing things from outside of the official app store, will cut into Apples profits.