Apple explains how it will comply with EU laws and how bad they are


Prior to the release of iOS 17.4, Apple has published a detailed whitepaper that explains what changes the company has rolled out to comply with the new EU Digital Markets Act (DMA).

Unsurprisingly, Apple, a company that has appealed its designation in the DMA as a “gatekeeper,” says the major updates that users in the EU will see once iOS 17.4 is released will make them less safe – and the explanation takes 60 pages.

In the whitepaper, the tech giant details all the ways it is working to ensure user security and privacy but then warns: “These safeguards will help keep EU users’ iPhone experience as secure, privacy-protecting, and safe as possible – although not to the same degree as in the rest of the world.”

ADVERTISEMENT

Big Tech companies have to comply with the EU’s DMA by March 6th. Unsurprisingly, the broad legislation, designed to ensure more fair competition between tech companies, is forcing major changes.

Apple would be opening up iOS to third-party app stores in the EU for the first time. Other changes include a new commission structure, third-party default web browsers, and more.

For instance, if you want apps not currently available on the iPhone – like Fortnite – the DMA will provide that capability. However, it’s the third-party apps Apple seems most worried about.

Yes, Apple says it has built over 600 new Application Programming Interfaces and developer tools. It has also put safeguards in place for app distribution and is now introducing iOS notarization “to prevent apps that threaten platform integrity – including threats to user security, privacy, and safety – from reaching the user.”

But in the whitepaper, the company says it’s concerned that new third-party app stores in the EU are “new and lucrative markets for malicious actors.”

“By requiring that all apps on iPhone be distributed through a single trusted source, the App Store, we were able to accomplish our goal of protecting users more effectively than any other platform,” says Apple.

“While our efforts to protect users and developers alike are never complete, iOS has never allowed a widespread consumer malware attack on users – which is exceptional for a 17-year-old, modern computing platform. The new options we’re introducing to comply with the DMA necessarily mean we will not be able to protect users in the same way.”

According to the company, despite new safeguards having been designed and implemented, the changes that the DMA requires will “inevitably” cause a gap between the provided protections inside and outside the EU.

ADVERTISEMENT

That’s also because the changes will “alter the calculus” for bad actors who previously did not seek ways to exploit iOS: “Alongside new options for developers, these changes create new entry points – and potential vulnerabilities – for scammers and cybercriminals.”

Apple is not wrong. In July 2023, Bitdefender, a cybersecurity technology company, said that tens of thousands of Android apps were carrying malware. Android, of course, allows third-party apps, and bad actors only need to persuade users to download and install the malicious ones.

In December 2023, ESET researchers also discovered at least 18 apps that combined spyware with predatory loans and other malicious practices. These apps were downloaded more than 12 million times from Google Play.

Apple says that its “proactive and ongoing monitoring” has made it hard for scammers to gain a foothold on iOS.

“We take action to prevent otherwise legitimate apps from being used to facilitate scams, like the ‘pig butchering’ scam which tricks users into depositing funds for investment into a scam brokerage account on a legitimate investing app. When we learn about such scams, we contact the developer of the legitimate app to stop the scams from proliferating on that app,” says the firm.