Apple is implementing significant changes to the App Store in Europe due to new regulations. Will this lead to an increase in iPhone hacking?
Apple is loosening restrictions on the iPhone’s security measures in response to regulatory pressure in Europe, aiming to provide consumers with more options. However, this move also raises concerns about potential vulnerabilities that could be exploited by hackers to access personal and financial data stored on the devices.
The overhaul, which begins Thursday only in the European Union, represents the biggest changes to the iPhone’s App Store since Apple introduced the concept in 2008. Among other things, Europeans can download iPhone apps from stores other than those operated by Apple, and they get alternative ways to pay for in-app transactions.
European regulators hope the changes required by the Digital Markets Act, or DMA, will loosen the grip of Big Tech’s “digital gatekeepers” over the products and services consumers and businesses use as they become increasingly dominant forces in everyday life.
The measures came just days after EU regulators fined Apple nearly $2 billion (€1.8 billion) for hindering competition in the music streaming market.
Apple has slammed new regulations for unnecessary security risks for iPhone users in Europe, exposing them to more scams and other malicious attacks launched from apps downloaded from outside its ecosystems, and raising the specter of more unsavory services that peddle pornography, illegal drugs and other products. content that the company has long banned from its App Store.
Despite Apple’s efforts to maintain security measures while complying with the new rules in the 27-nation bloc, Apple warns that “the changes required by the DMA will inevitably create a gap in the protections Apple’s non-EU users can rely on and the protections available to EU users ahead.”
Experts say that Apple’s warnings should be taken with a grain of salt.
Mobile device management is “completely different” from third-party app stores, and Apple is “deliberately mixing it up here to muddy the waters,” said Michael Veale, an associate professor at University College London who specializes in digital rights and regulation.
“Apple’s App Store is not a proxy for corporate data security — the apps it contains regularly send data to insecure cloud servers, hidden third-party trackers and more,” he said.
Some smaller tech companies, such as music streaming service Spotify and video game maker Epic Games, are also attacking the ways in which Apple complies with the DMA as nothing more than a facade that “mocks” the intent of the regulations.
“Instead of creating healthy competition and new choices, Apple’s new terms impose new barriers and strengthen Apple’s position in the iPhone ecosystem,” Spotify, Epic and more than two dozen other companies and consortia wrote in a March 1 letter to the European Commission. The EU executive body that oversees the DMA.
Epic, which makes the popular game Fortnite, also claims that Apple is already brazenly violating the DMA by rejecting an alternative iPhone app store that it planned to launch in Sweden. Epic claimed that Apple scuttled its attempt to compete in retaliation for scathing criticism from CEO Tim Sweeney, who led a mostly unsuccessful antitrust case against the iPhone App Store in the US.
In response, EU regulators said Thursday they want to question Apple over allegations it has blocked Epic’s app store. Apple was defiant, saying it “decided to exercise this right” to launch an app store based on Epic’s past behavior.
Europe’s changing digital landscape is forcing changes at other tech powerhouses such as Google and Facebook, but the new regulations strike at the heart of Apple’s philosophy that every aspect of its products remains under iron control.
This “walled garden” approach, devised by the late founder Steve Jobs, starts with the careful design of the hardware and then extends to all the software that uses that hardware and oversees the trading on it.
The approach created an empire with nearly $400 billion in annual revenue — a success Apple traces to the trust it has built over decades of vigilant stewardship of the iPhone and other popular products like the iPad, Mac and Apple Watch.
Even Epic’s Sweeney admitted that one of the reasons he uses an iPhone is because of Apple’s robust security measures to prevent hackers and protect the privacy of its customers. This happened in a May 2021 trial where a US judge ruled that the App Store is not a monopoly.
In that ruling, the judge required Apple to start allowing links to third-party payment options in iPhone apps in the US. That’s a requirement the company began allowing earlier this year after the U.S. Supreme Court declined to hear an appeal on the issue.
Apple – which is making changes in Europe via an iPhone software update – still doesn’t allow alternative iPhone app stores in the US or more than 100 other countries outside the EU.
European regulators seem convinced that the benefits to consumers from increased competition outweigh the increased safety risks.
One potential positive is lower prices for digital transactions within apps, if competing stores charge lower fees than the 15-30 percent fees Apple has set for years.
But critics are raising doubts about what will happen because Apple still plans to charge fees after app downloads reach relatively low thresholds and has put up other hurdles that make it daunting for alternatives to make significant progress in Europe.
Apple claims that the security issues created by DMA are of such concern that it has heard from government agencies — particularly defense, banking and emergency services — that want to make sure they can prevent iPhone users from using apps distributed outside of Apple. walled garden.
“These agencies have all recognized that sideloading — downloading apps from outside the App Store — can compromise security and put government data and devices at risk,” Apple said.
Veale, the digital expert, pushed back.
“Any company or government that believes ‘App Store apps are safe’ may need to update their security and privacy teams or policies,” he said.