With the release of iOS 17.4 this month Apple will finally allow people to install third-party app stores on their iPhones, a move that will stop short of allowing sideloading but still allow Apple to comply with the European Union's Digital Markets Act. But the company continues to argue that the move, which it opposes, will make iPhones less safe for those who use them in the region.
Apple has been beta testing the iOS 17.4 update for weeks and is expected to release it to the public next week ahead of the DMA's March 6 deadline. That deadline will require a number of things, including support for third-party app stores, with Apple saying that it has had to build more than 600 new APIs and developer tools to allow it to fully comply with the EU's requirements.
Now, in a new paper published on the company's security website, Apple says that its requirement for all apps to be distributed via the App Store has allowed it to protect users effectively, and that's about to change. It argues that " iOS has never allowed a widespread consumer malware attack on users, adding that it's "exceptional for a 17-year-old, modern computing platform." The new changes being forced by the DMA, it argues, " mean we will not be able to protect users in the same way."
Security matters
The document, titled Complying with the Digital Markets Act, argues that there will now be a difference between the levels of protections afforded iPhone users in the EU and those in the rest of the world. However, it says it is working to ensure iPhones remain as safe as possible despite the requirement to support app stores other than its own.
"While the changes the DMA requires will inevitably cause a gap between the protections that Apple users outside of the EU can rely on and the protections available to users in the EU moving forward, we are working tirelessly to make sure iPhone remains the safest of any phones available in the EU by reducing the risks introduced by these necessary changes — even though we cannot entirely eliminate such risks," the document explains.
The document then goes on to detail the steps Apple is taking to try and ensure user privacy, security, and safety. Those steps include requiring that all apps be notarized regardless of where they are downloaded from as well as requiring that developers agree to a Developer Program License Agreement regardless of their chosen method of distribution.
Apple also confirmed that it will display app installation sheets "that empower users to make educated choices about the apps they download."
"The sheets display information reviewed during Notarization, such as the app name, developer name, app description, screenshots, and system age rating, and identify the marketplace a user is downloading the app from, all in a clear, standardized form," Apple says. "Developers will not be able to change the content of this sheet after their apps are notarized without going through the process again."
The DMA also requires that Apple allow third-party payment systems to be used and it intends to warn iPhone owners of the risks associated with that, too.
Apple's document continues, outlining the risks that have been reduced, but not eliminated, by the safeguards it will put in place with the release of iOS 17.4.
Notably, the document — which is on Apple's security website and appears to be designed to detail its security plans — also includes emails Apple says its CEO Tim Cook received in support of the App Store and railing against sideloading and third-party alternatives.
You can read the full document, including those emails, on the security portion of Apple's developer website ahead of iOS 17.4's release next week.