66 comments

[ 3.3 ms ] story [ 198 ms ] thread
> With a quarter-trillion dollars of revenue at stake, and under vigilant public scrutiny, we can expect very careful adherence to the letter of the legislation.

I agree, although given the very long list of questions that the author proposes later in the article... if that much is left unsaid by the letter of the legislation, then this is probably going to be a shitshow.

> What does compliance look like, exactly? For everyday iPhone users, how will you find and install independently-distributed apps? Will they be listed in a separate section of the “App Store” app [...]

What?

> > [...] Will they be listed in a separate section of the “App Store” app [...]

> What?

There is currently an Unlisted Apps (https://developer.apple.com/support/unlisted-app-distributio...) model, so there could conceivably be an "Independent Apps" model that passes unreviewed apps through to a special section of the App Store.

Why wouldn’t the answer be the same as on android: install alternative app stores (like F-Droid). The alternative app stores themselves can be apps.
I think it will, unfortunately, be a lot less interesting than people are hoping for.

1. It will almost certainly be EU-exclusive. Maybe tied to an EU SIM card.

2. It will likely only be on iOS, as that's the only "gatekeeper" operating system that the EU has recognized Apple as having. Apple Watch? iPads? Far less likely to support sideloading.

3. I wouldn't be shocked if sideloading is restricted to Apple-approved 3rd-party App Stores to minimize security risks (no direct installation of an IPA like you would an APK). Which would, arguably, still be compliant.

4. In almost all legal cases including in the US, nobody has recognized Apple's 30% cut as being illegal. Another example is Denmark's dating apps rule, where you can opt-out of using Apple's in-app purchases framework, but Apple will demand a 26% commission through legal contract (basically, you get 4% off for using your own credit card provider). It is possible that apps installed through sideloading will still be legally obligated to give Apple that cut, which would be... very pointless for anything other than emulators and apps that Apple wouldn't normally allow.

5. Apple appears to have successfully argued that iMessage usage, within the EU, is too low to be considered a "gatekeeper," and the EU appears to be in agreement. No interoperability is coming there.

That last part about iMessage, that's the one where I'm doubtful.

I know that Europeans use other apps, I live here. But my point is simple, you buy an iPhone, iMessage is enabled by default. You're going to message someone else on iMessage for sure. So I just don't trust it.

Like, here in Norway, iPhones are very common. iMessage is so ubiquitous. Sure that's only a couple mil users, but it's also just one country. The EU is many countries.

And Norway isn’t in the EU ;)

In the central EU, I mostly see just WhatsApp, rarely Signal and Telegram. However it might be different up in the north though, I dont know that.

Yeah I hit submit before I was going to make that point.
I never heard of anyone using iMessage daily here in France, the platform is basically dead, maybe facetime managed to survive but that's about it. Everybody is using either Messenger or Whatsapp.

The fact that iMessage being marketed as an SMS app and SMS being dead certainly doesn't help.

> It will almost certainly be EU-exclusive

Yes, but that will change once Americans see what EU citizens can do with the same devices they use. It may take a few years.

They can already see that on Android. Let's be honest, no one cares.
I don’t think that’s the same thing. Here people can see they don’t have to give up or change anything in order to get this functionality.

Even if they saw android as having this, that’s a high switching cost.

I’m not convinced of that inevitability. I’ve had Republican Americans argue with me until they were blue in the face about how great the free market is for internet service here in America, and absolutely refuse to entertain the idea that other places do it differently and it works out way better for the consumer. That’s just one example. I guarantee you that once this goes through in the EU there will be a huge pile of news in the US about how the Communists are forcing Europeans to install malware on their iPhones, and that it’s really great how Apple has the Freedom to prevent that from happening here.
Your comment seems to assume that Apple will not actually comply in spirit.

Not a lot of people have seen this, but the compliance report that gatekeepers need to file anually (plus at the start of thd enforcement period) is pretty heavy on those details. Apple will have to provide:

An explanation of how you comply with the obligation, including any supporting data and internal documents, and a detailed description of any measures that were already in place pre-designation or that you have implemented post-designation and that ensure such compliance, including:

a) the relevant situation prior to implementation of the measure and how the measure ensures compliance with the obligations laid down in Articles 5 to 7 of Regulation (EU) 2022/1925; b) when the measure was implemented; c) the scope of the measure in terms of the products/services covered; d) the geographic scope of the measure (e.g. if the implementation of the measure extends beyond the EEA, please specify); e) any technical/engineering changes that were required for the implementation of the measure concerned (e.g. on data flows and internal data usage policies, security aspects, tracking of new metrics, Application Programming Interfaces (APIs), operation system (OS) functionalities, or parameters of ranking algorithms and online advertising auctions); f) any changes to the customer experience required by the implementation of the measure concerned (e.g. changes in the customer interface, choice screens, consent forms, warning messages, system updates, functionalities available, or customer journey to access functionalities); g) any changes to the terms and conditions for end users and business users required by the implementation of the measure concerned (e.g. on the fee structure, level of the fees, introduction of new fees, privacy policy, conditions for access and interoperability and any other relevant clauses); h) any other relevant changes required by the implementation of the measure concerned not covered by the above points e) to g); i) any consultation with end users and/or business users that has been carried out at the stage of the elaboration of the measure and how their input has been taken into account; j) any involvement of external consultants in the elaboration of the measure including a description of the consultants’ mission, whether they are independent from the Undertaking, and a description of their output; k) any alternative measures whose feasibility or implications has been assessed and the reasons for not choosing them; l) any action taken to inform end users and/or business users of the measure and their feedback; m) where applicable, the interaction with measures you have implemented to ensure compliance with other obligations under Regulation (EU) 2022/1925;

n) where applicable, any actions taken to protect security or data pursuant to the relevant provisions in Regulation (EU) 2022/1925 and why these measures are strictly necessary and justified and there are no less restrictive means to achieve these goals;

There's a lot more from where that came from.

I mean, I'm a fan of EU forcing Apple's hand here; but Apple can (and does) hire the best lawyers money can buy, I don't think "you have to file a report explaining why you think you're complying with the rules" is a significant headwind for them.
The commission will then analyze that report. It's a proactive back-and-forth, not rubber-stamping.
Some lawyers will be paid to analyzed the report; but orders-of-magnitude much work will be spend to examine and analyze the actual changes to the store.

The legal (might?) documents help to make a case down the line why their efforts were not up to snuff; but they won't be the _main_ reason why any enforcement actions will or will not happen.

> but orders-of-magnitude much work will be spend to examine and analyze the actual changes to the store.

The compliance report requires Apple to hand in any internal documentation relating to the implementation requirements, including discussion of other options that weren't implemented in the end, plus the reason for them not being picked over the production ones.

It's not legalese. It's substantive company decision-making information.

We're already there because Apple has shown contempt to any sort of legal initiative to open up the platform in the EU. I don't worry about this, they'll just get hit even harder next round if they double down again.
They might try those things.

But what if the EU just turns around and fines them x% of global revenue for that?

The EU law could effectively force Apple to open up. Ex: who says the law only applies to EU sim cards?

What if, the law instead applied to EU citizens, and if an EU citizen happens to have an American sim card, well then that's Apple's problem and they have to allow US sim cards to side load.

Playing clever games could just result in billions in fines and Apple being ordered to change anyway.

This is _unlikely_; but you're being unfairly downvoted — AFAICT that's the EU's stance to GDPR — that it applies to EU citizens _worldwide_, as well as EU _residents_ so a pure region/geolock is not going to cut it.
Interesting. I’m a EU citizen but not resident. Would I be able to convince Meta et al that GDPR applies to me?
You might want to contact some organisations that deal with this, like NOYB [1].

IANAL, and I think the law is... more sophisticated than just "EU citizens worldwide"; but it happens to catch most of bigTech's anyway; because a bunch of their operations are legally running out of Ireland (for tax avoidance reasons) [2]; but I'll readily admit that this mostly something I have seen mentioned online few times and didn't do any deep research on.

[1]: https://en.wikipedia.org/wiki/NOYB

[2]: https://en.wikipedia.org/wiki/Double_Irish_arrangement

No. 3 (only Apple-approved 3rd-party App Stores) is definitely not compliant.

No. 4 (legally obligated to give Apple cut) is flat out wrong. While it might be true that Apple's 30% cut is not ruled illegal, it's a far cry away from Apple having any legal mechanism to enforce a fee after a transaction has happened. Trying to ban 3rd party apps is going to get them into more trouble.

Well, the Digital Markets Act has a paragraph Apple is going to drive a locomotive through in the courtroom.

"In order to ensure that third-party software applications or software application stores do not endanger the integrity of the hardware or operating system provided by the gatekeeper, it should be possible for the gatekeeper concerned to implement proportionate technical or contractual measures to achieve that goal if the gatekeeper demonstrates that such measures are necessary and justified and that there are no less-restrictive means to safeguard the integrity of the hardware or operating system. The integrity of the hardware or the operating system should include any design options that need to be implemented and maintained in order for the hardware or the operating system to be protected against unauthorised access, by ensuring that security controls specified for the hardware or the operating system concerned cannot be compromised. Furthermore, in order to ensure that third-party software applications or software application stores do not undermine end users’ security, it should be possible for the gatekeeper to implement strictly necessary and proportionate measures and settings, other than default settings, enabling end users to effectively protect security in relation to third-party software applications or software application stores if the gatekeeper demonstrates that such measures and settings are strictly necessary and justified and that there are no less-restrictive means to achieve that goal. The gatekeeper should be prevented from implementing such measures as a default setting or as pre-installation."

Are we really sure that Apple won't argue that permitting only 3rd-party App Stores and not individual apps, and imposing contractual obligations on those third party App stores, isn't "proportionate technical or contractual measures"?

Did you read the full thing that you posted?

It answers your question directly.

"The gatekeeper should be prevented from implementing such measures as a default setting or as pre-installation"

So no, Apple would not be allowed to force users to accept such measures.

Did you read it in full before posting your reply? That was a response to the mid-paragraph statement beginning with "Furthermore," which addresses a different exception than the first half.
> demonstrates that such measures are necessary and justified and that there are no less-restrictive means to safeguard the integrity of the hardware or operating system

Example how this would play out:

1. Apple bans every 3rd party app except the ones they approved

2. EU many years later finds that Apple did not hold to the spirit of the law (it was not necessary or justified)

3. Apple is fined for an absurd amount of money

I am willing to bet that Apple has enough smart lawyers to not even try something like this in the first place

Payments have nothing to do with the integrity of the hardware or operating system IMO.
(comment deleted)
Prediction:

iOS will get a stricter form of "System Integrity Protection" (the macOS feature that allows you to disable most of the sandboxing and code signing policy). The process for disabling it will be even more onerous and scary than it is on macOS, which requires rebooting into Recovery mode and typing a command into a terminal.

Third-party app stores and other unapproved software will be available if the user disables SIP, but financial apps and the NFC chip will be blocked.

Therefore nobody will do it, and Apple will say "told you so".

Kids would absolutely disable SIP to get Fortnite and that's a scenario Apple doesn't want. More straightforward sideloading scenarios are more likely.
Even if that means they can't pay using their phone anymore? I know I removed magisk because my banking app stops working with just the manager installed.
Kids probably don't use Apple Pay or banking apps?
I would be shocked if the majority of kids don't have a bank account nowadays. I know I did at 14 despite living in cash-dependent Germany.
Kids doing it absolutely OK with Apple. They’re not going to lose money there.

The problem is the kids parents. When kid borrows dad’s phone and disables banking apps, dad will be upset. When aunt Jane ends up with 12 app stores and “Panterist” apps that don’t work the same as her daughter’s “Pinterest” app, she’s going to blame Apple. Maybe even clog up support. Just look at how much A/B testing causes problems on apps - now imagine the knockoff apps and the support required for unofficial apps.

Regardless of your views on this, Apple claims everything on the App Store is “theirs”. Listen to their marketing copy and court statements. Those apps are theirs to sell, and they think they have a claim to the entire iPhone UX. They obviously can’t manage the crap that will flood the market from 3p app stores. They will absolutely trash the permissions or UX of these apps to protect their image. It’s obviously about the money, but I genuinely believe that Apple leadership will be reacting emotionally viewing those app stores as a threat.

My suspicion is that they’ll make the iPhone “run software” but gate more of the SDK and on-device APIs behind contracts and NDAs. Gaining access to various docs and terms will get way more expensive, and become a legal affair instead of the mostly self-service process it is today. For example, no way they allow you to use HomeKit or WeatherKit or *Kit sdk with a non-AppStore contract.

What I want to know is - will I be able to control system processes and firewall my phone?
Probably not.
There is language in the DMA that explicitly prohibits downgrading device capabilities or software features if a user chooses to exercise their new rights to install 3rd party apps and stores. It also states that 3rd party apps and stores must be allowed to access all hardware and software features of the device. The EU already predicted this move and curtailed it.
Won't Apple just get other companies to do it for them? Consider that Google will already let you root your Pixel, but the McDonald's app will refuse to run if you do.
And then apple gets sued, is forced to release their internal communications in the discovery phase of the lawsuit, and then when their illegal and anti-competitive actions to pressure other companies to do this becomes clear, then Apple gets fined X% of global revenue.

Any hack or loophole that you can think of, the answer is "and then the EU forces apple to pay billions or 10s of billions of dollars".

Are either Google or McDonald's going to get fined billions, then, assuming that nothing with my example changes before March 6th?
(comment deleted)
Thats an interesting question. It is unclear what happens to co-collaborators of legal violations like that.

But, it won't actually come to that, as Apple will simply follow the law, instead of risking 10s of billions of dollars in fines. Because thats what would happen to Apple if they tried to force other companies to go along with their law breaking schemes.

In the case of Google and McDonalds I don't think there was collaboration. The developers of the McDonalds app included root detection code and have their app refuse to load all on their own as part of some ill-considered security scheme. If apps on iOS are able to detect whether 3rd party stores/apps are enabled we may see the same thing play out. I wonder then if just providing the ability to detect other apps like that would be a violation of the DMA, as it gives others apps on the system the ability to degrade their functionality.
Got to be honest, qua customer, I have zero interest in alternative app stores. Maybe I'd care as a developer because I'd have money on the line, but I just have zero interest. And, fwiw, I'd rather have Apple act as my payment intermediary than hand out payment information to more parties.

I'm sure it's great or whatever, but I can't see it.

It’s going to lead to a stream of low quality shitware the likes of which you see in Samsung or Amazon app stores. Those Apple guidelines prevent those being listed in the Apple store.
I expect that one important difference here is that iPhones will still presumably run the Apple App Store out of the box / in parallel to whatever other answers emerge. This differs from the Samsung / Amazon model because the initial store is likely to be less of a disaster, and different distribution mechanisms will perhaps become known for their quality, among other factors.

You could imagine multiple app stores, in which you have a wild-west store but also the default Apple one and a "maker store" one focused on CAD apps and 3D printing gear and whatnot, with different levels of moderation / curation in each.

(An aside -- whenever I look at the Apple App Store's home page, it always seems filled with all sorts of crap I'm uninterested in. I haven't used the Amazon or Samsung stores, but I hardly think the Apple App Store curation process has resulted in a paragon of quality...)

It'll be even worse, because most non-shit apps will stick with Apple's store, so the third party stores will (for the most part) _only_ have low quality apps.
Really? It doesn't bother you that you need to manually navigate to the Amazon web app to buy a Prime movie or a Kindle book, or the equivalents for any other digital assets you might be interested in?
Not really, no. That's how it is now, and I don't care. I imagine I'll continue to not care.
Yep. I'm a pretty staunch believer in free software and freedom. But quite frankly after dealing with all sorts of abusive third party subscription services over the years and dubious quality bits of software, I'd rather be in a market that is controlled as heavily as Apple's is. It is better for the end user than the alternative. Also I don't know any end users who actually give a crap about this. Not one.

I suspect this is really driven because people don't want to pay the 30% and believe that by opening third party app stores they will be able to run their own subscription models etc. Build it and they will come! I doubt it because as mentioned before, no one really gives a crap. Apart from people selling, building apps and a few power users like the ones here who read the general tone from those folk. But again, the millions of users out there don't give a crap.

Really, there are plenty of other ways to make money if your principles are violated heavily by this. The mobile app market place has always and will always be a complete shit show. The successes of a few are promoted as the status quo, when in fact it is an exception. For everyone else it's crap.

Walk away rather than enter the debate if it's a problem. If we stop building apps and propping up the business model, people might start giving a crap.

I am generally onboard with none native AppStore’s provided the platform vendors are able to have sensible defaults that will not confuse or limit what none technical people can do (basically iPhones should ship as they are but users can add none native AppStore’s by jumping through some fairly trivial hoops..)

The bit where it falls down for me is where does it end, if Apple / google are forced to open up their platforms so epic etc can have their own app stores, are Epic etc forced to open up their platforms (the Fortnite store for instance) so others parties can open their own stores within the game?

That would be amazingly ironic if Epic, in its quest to free Apple's App Store, wound up with a court decision that destroyed any profitability of its own...
No because Fortnite isn't an integral part of most people's lives and doesn't underpin a significant portion of the economy.
Meta (and to some extent Google) are going to have to be careful, as the obvious temptation for them is to open their own app delivery mechanism which is far more liberal with data collection and permissions. In the Google case they could probably technical deliver a Play Store for iOS complete with delivering a massive subset of Android apps in an emulated environment.

The problem is just how sticky their apps prove to be once outside the trusted confines of the App Store, and so I wouldn't be surprised if more things stay within the walled garden than we expect.

The other massive question is who will be allowed to run the stores. If you've uploaded an app in the last few years the big change is the number of assertions you have to make about UAC and news content (or lack of) has exploded. It will be curious if the EU end up releasing forces which create widespread new less American filtered media distribution.

While more iOS "appstores" will exist in the coming years, does that really mean those apps will be able to circumvent privacy-related requirements that Apple has set? For example let's take the camera. You have to give an app permission to use your camera. Will another appstore's app just be able to circumvent that? I doubt it. If my assumption isn't the case I'd love to know though!
The question with this mostly comes down to the EU - do they consider this cohesion or punishment on apples part.

Sure it’s easy to say camera security is good, but where does it end… can Apple gate every feature? What about new features? Will Apple open up the settings app to third party apps - will they even be able to be managed centrally?

Many of the privacy/security/data restrictions that Apple imposes on apps are not and can not be enforced by technical means (e.g. just gating APIs behind system-level permission dialogs). They require some combination of manual review, automated code analysis, and just plain old attestations made by the developer (e.g. "we will not sell any of your data or use it for advertising") where the recourse is kicking a developer off the store if they are lying.
It's odd... I feel like I shouldn't feel this way but I actually wish it wasn't happening. I appreciate Apple's gatekeeping, for the sake of privacy and security. As a developer, I also do not object to their cut of sales for providing a straightforward marketing and distribution channel.
Agreed. It confuses me why loud people (who mostly seem to be Android users) push continually for this. I'm content with my walled garden, as most iPhone users seem to be. If I wasn't, I'd use Android. And publishers taking a cut is normal in every industry. I don't see the problem.
None of this will matter unless someone figures out a mainstream use case for non-Apple app store. Maybe Fortnite can be a thing? Maybe Elon Musk can try push his everything app vision? Maybe piracy?

I don't know but Apple's App Store rules, although not perfect, serve the iPhone users very well.

If there was a mainstream use case, it should have happened on Android. Other than that, good for all the geeks out there. iPhones might turne even more versatile and still secure if installing apps from outside of the AppStore is hard enough to discourage a non techie but easy enough so any teenager can do it.

On most cases the Apple's commission is nothing, it's a well deserved fee for Apple making selling and distributing and getting paid for an app a breeze. The only negative IMHO is that it weeds out all the nerdy folks who would like to experiment new things on their device.

Overall, I expect positive outcomes for everyone.

I haven't purchased any apps in many years (despite having an iphone since 2007). The main reason is many of the apps I would have been interested in have moved to a subscription model. I'm not even willing to subscribe to Netflix, much less an app. So all the apps I use today are either ones I purchased one time in the past, are free, or are built in. I'm not sure having more app stores is going to change anything for me.
> I'm not sure having more app stores is going to change anything for me

I'd assume this is exactly the kind of thing that would change how many apps you can get. I avoid the Google Play Store like the plague, because nearly every app is full of ads, costly, or wants a subscription. I've paid for apps previously, but have since moved to acquiring nearly all apps through F-Droid.

What happens to the number of apps you, personally, are willing to install, when an equivalent FLOSS app store shows up for iOS devices?

I would really just love an alternate browser

  I'm Miss Magnolia  Zel Matthew, from Bettendorf IOWA, United States of America. I am a single Mom of two Kids' I was deceived by a guy who I met on social media he made me believe that he could help me invest well and earn a profit within a short period that could get me a house so I entrusted all my savings into the trading stock platform, only for me to find out after 5 months the site shut down and the guy is nowhere to be found, he scammed me, I was at the point of committing suicide when I read an article about (brunoequickhack AT GMAil.com) Crypto Recovery Service and I reached out to them, with their service I got all lost back within 72 hours all thanks to Brunoe Quickhack. brunoequickhack.wixsite.com/my-site