Apple on iOS changes in the EU: did everything possible, but DMA makes users less secure

Apple is set to release iOS 17.4 to the general public next week with a major update for EU users that will allow third-party app stores and much more. Ahead of the implementation of the Digital Markets Act, Apple has shared the most up-to-date and comprehensive resource on all the changes, its approach and “efforts to protect the security and privacy of users in the European Union.”

Back in January, we learned that Apple would open iOS to third-party app stores in the EU for the first time under the Digital Markets Act (DMA). ). Other changes include a new fee structure, default third-party web browsers, and more.

  • Apple announces support for third-party iPhone app stores in the EU coming with iOS 17.4.
  • Here's how Apple will label apps to inform and protect EU users when sideloading apps.
  • Apple announces lower fee structure for apps in Europe.
  • Apple will allow third-party browsers and websites by default. engines on the iPhone, but only in the EU.

Ahead of the public release of iOS 17.4 with all the major updates in the EU, Apple has published a 60-page white paper detailing all the changes. It includes detailed information on all security and privacy practices, but emphasizes:

These protections will help ensure EU users' iPhone use is safe and secure
and as secure as possible, although not to the same extent as in the rest of the world.

Apple says its “highest priority is to make great products that enrich the lives of our users
worldwide” and that protecting users with strong security, privacy and security features is a fundamental value.

As for the changes needed to comply with DMA requirements, Apple says it has created “more than 600 new APIs and tools developer.”

Apple says the security measures it has put in place for app distribution apply no matter where the developer is selling the iOS app, and iOS notarization is a major update that includes both automated, as well as human verification.

One of Apple's concerns is that the new third-party app stores in the EU are “new and lucrative markets for attackers.”

Attackers have long tried to gain access to the iPhone due to its best-in-class security and privacy protection. Apple's integrated approach to platform security has made the iOS ecosystem inaccessible to conventional malware—in fact, cybercriminals have never been able to mount a single widespread consumer malware attack on iOS. They learned that Apple's integrated approach to platform security renders most malware infection attempts hopeless. Producing and distributing malware requires significant resources, and the iPhone's robust security prevents these efforts from generating a meaningful return on investment, further reducing the device's attractiveness as a target.

When it comes to Alternative Payment Options in the App Store, Apple warns of the loss of security and safety features built into its App Store:

To support our announced changes under the DMA, we are also providing App Store developers with the ability to use alternative payment options to complete transactions for digital goods and services in their apps in the EU. This opens up new opportunities for developers, but also means that users of these apps won't have the same protections and benefits they've come to rely on through Apple's private and secure commercial system, including in-app purchases (IAPs) such as centralized unsubscriptions. a purchase history page, parental controls such as Ask to Buy, or protection against predatory tactics such as those aimed at getting users to pay a different amount than advertised for a digital item. Users will have the burden of figuring out for themselves, on a per-app basis, what benefits and protections may be available to them, and who they should contact for assistance if transactions go wrong, as AppleCare agents will have limited (if any) ability to assist them.

Best comment from 5723alex

Liked by 11 people

iOS 17.4 EU users (read the email Apple sent in the whitepaper) should be concerned, even if they don't intend to use an unpublished third-party payment system… as a “backdoor” code built into iOS 17.4.

Apple should have added a yes/no option to add code during iOS 17.4 installation so users could accept/reject the new options.

View all comments

As we said before, Other changes to protect and inform EU users iOS 17.4 will include

  • tags on App Store product pages that inform users when an app they download uses alternative payment processing .
  • In-app disclosure tables – which tell users when they are no longer transacting with Apple and when the developer recommends they transact using an alternative payment system.
  • Enhanced data portability to Apple Data & Privacy Site – where EU users can obtain new data about their App Store usage and export it to an authorized third party.

Apple believes that the work it has done is compliant with the DMA and User Protection “will continue to make iPhone the safest, most privacy-protected and most secure smartphone available today in the European Union, providing users with the great product they have come to expect from Apple.”

But Apple believes it is not as secure as the iPhone for users around the world.

Read the full whitepaper here.

Leave a Reply