Apple highlights security risks associated with compliance with the EU Digital Markets Act

Apple whitepaper details EU compliance

Apple has published an official document detailing describes how it is working to protect EU users and highlights the risk of opening the iPhone to rival app stores.

To comply with the new Digital Markets Act (DMA) in the European Union, Apple must allow third-party app stores on iPhone for the first time. It previously published a white paper strongly protesting the dangers of this sideloading, and now repeats that dissent, saying it must comply but is working to protect EU users.

“By requiring that all apps on iPhone be distributed through one trusted source, the App Store, we have been able to achieve our goal of protecting users more effectively than on any other platform,” Apple said in a new document. “While our efforts to protect users and developers are never complete, iOS has never allowed a widespread consumer malware attack on users, which is exceptional for a modern 17-year-old computing platform.”

Starting this year, the European Union's new Digital Markets Act (DMA) requires us to take a new approach to how we serve our EU users,” he continues. “This required us to change the uniquely successful approach we have taken to protect the security and privacy of users and keep them safe.”

“The new capabilities we are introducing to comply with DMA necessarily mean that we will not be able to protect users in the same way,” it says. “To continue to offer users the safest, most privacy-protecting, and most secure platform—consistent with what users expect from Apple—we have developed and implemented new security measures to help keep them safe and informed.”

“While the changes required by the DMA will inevitably create a gap between the protections Apple users outside the EU can expect and the protections available to users in the EU in the future,” Apple continues, “we are working tirelessly to ensure iPhone remains the safest of all phones available in the EU by reducing the risks associated with these necessary changes, although we cannot completely eliminate such risks.”

The nearly 14,000-word white paper contains similar criticisms on virtually every one of its 32 pages. The pages outline how third-party apps and app stores will now be notarized and, at the very least, subject to checks, but not including any checks related to problematic content such as pornography or pirated apps.

Let's be clear,” he concludes. “Apple builds multiple layers of security into its devices and systems. We will do our best to reduce these risks. But for all the reasons explained, the risks will increase.”

The white paper does not address issues related to Apple's commission for sales through competing app stores. These fees have been heavily criticized by competitors.

What the Digital Markets Act entails

The European Union's Digital Markets Act has been years in the making and is key to the EU's goals of controlling big tech firms.

In 2022, after the DMA was approved by the European Council, the EU began the process of determining which firms qualify as what it calls “gatekeepers.” These are companies that have an online platform with more than 45 million monthly active users, as well as a market capitalization of at least 75 billion euros.

Gatekeeper companies are subject to rules such as those surrounding the App Store, where they must allow third-party alternatives. There are also concerns about messaging services needing to interoperate with competitors, although Apple's iMessage has avoided this without reaching the gatekeeper's threshold.

Leave a Reply