Apple stresses security risks of complying with EU's Digital Markets Act

Apple's whitepaper details its compliance with the EU

To comply with the new Digital Markets Act (DMA) in the European Union, Apple must for the first time allow third-party app stores onto the iPhone. It has previously published a whitepaper strenuously protesting against the dangers of this side-loading, and now it's repeating that disagreement, saying it has to comply, but is working to protect EU users.

"By requiring that all apps on iPhone be distributed through a single trusted source, the App Store, we were able to accomplish our goal of protecting users more effectively than any other platform," says Apple in its new whitepaper. "While our efforts to protect users and developers alike are never complete, iOS has never allowed a widespread consumer malware attack on users-which is exceptional for a 17-year-old, modern computing platform."

"Starting this year, the European Union's new Digital Markets Act (DMA) requires us to take a new approach in our work to serve our EU users," it continues. "This required us to change the uniquely successful approach that we've employed to protect users' security and privacy and keep them safe."

"The new options we're introducing to comply with the DMA necessarily mean we will not be able to protect users in the same way," it says. "To keep offering users the most secure, most privacy-protecting, and safest platform — in line with what users expect from Apple — we've designed and implemented new safeguards that will help to protect and inform them."

"While the changes the DMA requires will inevitably cause a gap between the protections that Apple users outside of the EU can rely on and the protections available to users in the EU moving forward," continues Apple, "we are working tirelessly to make sure iPhone remains the safest of any phones available in the EU by reducing the risks introduced by these necessary changes-even though we cannot entirely eliminate such risks."

The almost 14,000-word whitepaper has similar criticisms on practically every one of its 32 pages. The pages list how third-party apps and app stores will now be notarized and at least some reviewing done of them, but not including any checking to do with problematic content such as pornography, or piracy apps.

"Let's be clear," it concludes. "Apple builds multiple layers of security into its devices and systems. We will do everything possible to reduce these risks. But for all the reasons explained, the risks will increase."

The whitepaper does not touch on issues associated with Apple's fees for sales through rival app stores. Those fees have been heavily criticized by rivals.

What the Digital Markets Act entails

The European Union's Digital Markets Act has been years in the making, and is key to the EU's aims of policing Big Tech firms.

In 2022, once the DMA had been approved by the European Council, the EU began a process of determining which firms fit what it describes as being gatekeepers. These are companies who have an online platform with over 45 million active users monthly, and also at least a 75 billion Euro market captalization.

Gatekeeper firms are subject to regulations such as the one regarding the App Store, where they must allow third-party alternatives. There are also issues around messaging services being required to interoperate with rivals, though Apple's iMessage has escaped that through not reaching the gatekeeper threshold.