The EU forced Apple to allow the purchase and installation of applications without the App Store. Efforts to ensure that these capabilities are used as safely as possible have been extensive. Details continue to evolve based on feedback from gun regulation developers, and many more changes are planned for EU customers over the next year. However, Apple continues to express concern that the Digital Markets Act, which enforces all of these changes, could come at a cost.
Perhaps this is the clearest expression of this. The concern comes from Gary Davis, Apple's data privacy officer. In an interview with iCulture, Davis summarizes his view of the risks of DMA. In short, the view is that it would be cheaper to target iPhone users who use non-Apple payment methods and marketplaces.
What worries us, and what can also be read in the white paper, is that the “costs” of attacking iOS may go down. This is because of these new potential ways to attack users. ;This can be done through alternative marketplaces or alternative payment methods. We may see attacks we've never seen before. The costs of developing an iOS exploit are still very high. . Our team at the security lab is trying to increase these costs more and more so that attackers don't have to attack iOS.
This is what worries us at the moment. moment. We just don't know how it will develop. That's why we show people who download apps from these alternative sources a special screen with additional information. We hope that, along with the notarization process, users will retain the same trust.
In the brief interview, Davis avoids commenting on the economic outlook for payment methods and competition in the EU iPhone market, given that it is coming out outside of its purview.
I think this gets something right about DMA: regulation can be good for stimulating competition, but at the same time be a step backwards in terms of security. It's a win-win for Apple to control cash flows and potential attack vectors. But the DMA doesn't exist to please Apple or improve platform security.
The price of regulating market competition may be user safety. Or maybe it won't be a problem, thanks in large part to the way compliance is enforced. But it is reasonable to fear that the cost of penetrating attack vectors will be lower than before.
