The introduction of third-party app marketplaces for the iPhone in EU countries could be a massive privacy and security problem for users, Apple Fellow Phil Schiller warns, despite Apple’s attempts to shore up security before regulatory rules fully kick in.
The EU Digital Markets Act is forcing Apple to open the iPhone up to third-party digital storefronts in EU member states, with the enabling of sideloading and alternative stores alongside Apple’s own App Store starting from March 2024 in the iOS 17.4 update.
To prepare for the introduction of the third-party storefronts, Apple has already outlined various ways charges will change, as well as security mechanisms to try and keep users safe. However, Apple warns that cannot protect against every eventuality.
App Store chief and Apple fellow Phil Schiller explained to Fast Company “These new regulations, while they bring new options for developers, also bring new risks. There’s no getting around that. So we’re doing everything we can to minimize those risks.”
The introduction of a third-party storefront means there’s a new way for apps with malicious code to be installed onto an iPhone, which could cause many issues to end users. Apple’s “walled garden” approach and App Store Review process weed out these apps, with almost 1.7 million submissions rejected in 2022 because of failures to meet privacy, security, and content standards.
Due to the possibility of third-party stores not having as stringent a review process as Apple, the iPhone maker has introduced various elements to improve security, such as notarizing all apps before they can be installed on an iPhone, regardless of the app store.
“We’ve put together over 600 new APIs for developers to give them the tools to build a marketplace, install an app, let the user have control of that process,” said Schiller. “We’ve done a lot of core engineering, and we’re going to continue to.”
Users will also see an information sheet showing basic details about the app before installing it, and added more control over marketplace selection too.
App security, but no content monitoring
Even so, Schiller adds that there are limits to Apple’s protective measures, with it having no real control over the content of apps from the alternative storefronts, since notarization doesn’t check the actual content, only whether the app is secure and not malicious.
“Ultimately, there are things that we have not allowed on our App Store— things that we didn’t think would be safe or appropriate,” the Apple Fellow said. “It will not be our decision whether those other marketplaces have the same terms and limitations.”
While Apple has rules in place to prevent specific types of objectionable content from appearing in the App Store after years of input from families and governments, “Those rules will not apply in another marketplace unless they choose to make rules of their own, with whatever criteria they come up with,” Schiller points out.
“Does that increase the risk of users, and families, running into objectionable content or other experiences? Yes it does.”