Meet the New Boss

Apple’s response to the E.U.’s Digital Markets Act has arrived. In theory, this is the biggest ever change to the way native apps are distributed and sold on iOS. Between the complexity and caveats, however, this is not a Mac-like software experience on the iPhone — though I am not sure I fully understand what it is.

Let me back up to December 2022. I hate quoting myself but, well, here is something I wrote in response to a Bloomberg report from Mark Gurman about Apple’s Digital Markets Act preparations:

It will be interesting to see how Apple frames this shift for its European customers. It has spent years claiming its first-party App Store policies are a reason why people buy iPhones. While it can continue to promote its own App Store as the best option, it would look silly if it created the impression of reducing security for European users while rolling this out. The same is true of its privacy stance if, as also reported by Gurman, it makes its Find My network more permissive to third-party trackers. Apple may also want to preserve its existing strategy wherever regulators do not require its software and services to be more interoperable, but that could make it look like European customers have more choices than users in, say, the United States — which they probably will.

The answer to this public relations conundrum is found in a bitter press release. The tone is not really a surprise; I guess I would also be frustrated if I were required to change the way my platform has worked for sixteen years. But, still, it is quite something to read paragraphs like this one:

The new options for processing payments and downloading apps on iOS open new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats. That’s why Apple is introducing protections — including Notarization for iOS apps, an authorization for marketplace developers, and disclosures on alternative payments — to reduce risks and deliver the best, most secure experience possible for users in the EU. Even with these safeguards in place, many risks remain.

Or these two sentences describing how Safari will present a list of third-party browsers on first launch:

This change is a result of the DMA’s requirements, and means that EU users will be confronted with a list of default browsers before they have the opportunity to understand the options available to them. The screen also interrupts EU users’ experience the first time they open Safari intending to navigate to a webpage.

To be fair, confirmation screens are probably not the best way to drive browser diversity. The status quo also sucks: arguably the only reason why Google Chrome is not wholly dominant is because of decisions made by platform vendors like Apple and Microsoft. Then again, the state of the browser market is evidence of how little competition matters when people have familiar choices.

Back to the App Store; Apple is making several changes in the E.U., including:

  • Third-party payment processors can be used within apps, and developers can also link to external payment destinations from within an app.

  • Lowered commission of 10–17%, down from 15–30%, with an optional use of Apple’s payment processor at an extra 3%.

  • Third-party browsers can now use different browser engines.

In addition to these and other E.U.-specific changes, Apple is permitting streaming game apps worldwide.

The headline announcement is the addition of third-party app stores in iOS — and, it seems, only iOS. Apple has built MarketplaceKit to facilitate this, will require Notarization of all applications regardless of distribution channel — which sounds different than the MacOS Notarization process because it involves real people — and has an extensive explanation of its rationale for this system. This is not really “sideloading” or the Mac-esque experience some have been envisioning because these “marketplace apps” — as Apple is calling them — will be the only other way of installing native iOS apps. The way you will get the marketplace apps themselves, Apple says, is via the web, but other kinds of third-party software are not able to be installed on an iPhone this way. In other words, you can download apps from an app store or the App Store.

In the questions-and-answers section near the end, it says its “traditional business model has reflected the value” of the platform, and these new E.U. rules have “separate[d] out the many ways Apple creates value for developers”. To bridge the gap, it will charge a Core Technology Fee of €0.50 under certain conditions, which is in line with what I expected would happen. In its press release today, Apple says almost all developers will pay the same or less, and less than one percent will need to pay the Core Technology Fee. Many of those are probably the massive developers you can immediately think of. Notably, this is the first time entirely free applications will pay any kind of per-user fee to Apple, and it is not cheap.

Developers are not automatically opted into this new arrangement. They will be able to choose whether they stick with the current terms, or agree to the new terms — but the new contract is required to distribute an app through a different marketplace, or to use a different payment processor. In return, developers get lower commission, but must pay the Core Technology Fee if they exceed one million annual E.U. installs of their app.

That is my rundown of these changes and I think I got everything right, but there is a lot I missed out on. I think David Barnard has a very good Twitter thread with more details, and Jason Snell at Six Colors has a good overview. I thought this was a particularly keen observation by Snell:

I have to think that Apple will have a team of security people watching carefully as these features roll out across the EU. But there will also be a team of PR people ready to publicize any incident that feeds into Apple’s narrative about the DMA endangering EU citizens.

I fully expect unscrupulous people will take advantage of this new arrangement and Apple will spread the word. But it is not as though the App Store itself is free of scams; Michael Tsai has an entire category of posts dating back more than a decade. Even if scams make their way into third-party marketplace apps, a real person at Apple has seen and approved them, as explained in the question-and-answer segment:

The Notarization process involves a combination of automated checks and human review to help ensure apps are from credible parties, free of malicious content like malware, function as promised, and don’t expose users to egregious privacy and security risks or fraud.

This is still Apple’s platform and it still wants it to be safe. It remains to be seen whether the E.U. will view today’s announcements as sufficiently compliant with the letter and spirit of the DMA, and I suspect there will be questions about the amount of control Apple will retain, and the Core Technology Fee it will charge.

I have two questions:

  1. Will any of this be worthwhile for developers? If Apple’s numbers are accurate, it makes the E.U. look like a more desirable region for iOS app distribution. At least there are options and choices.

    On a related note, one wonders if it will be beneficial for users. As I wrote in my self-quote above, Apple says the App Store is part of users’ buying decisions. That is, it seems to believe people use iPhones in part because of the way it controls its available software. The problem is that it will be difficult to get a sense of whether users actually value the App Store on its merits if these new features are not popular amongst developers.

  2. Is this foreshadowing similar changes to Apple’s other restricted platforms, or perhaps expanding them worldwide? Earlier today, I would have thought this is a plausible take. But the more I think about it, the more I believe Apple will continue its established path until other governments force a change. I would be happy to be proven wrong, especially if this policy change is ultimately beneficial to developers.

So, knowing all of that, how would one go about getting their hands on these updates? Apple says all of these things will be rolling out in March, and the new APIs and frameworks are included in the iOS 17.4 beta seed released to developers earlier today.

These features are only available to E.U. users, and Apple is being as restrictive with these changes as it is for censorship in China. One cannot simply change their iPhone’s region in Settings to an E.U. member state. As previewed last year, there is a new process that validates feature availability based on, according to Filipe Espósito of 9to5Mac, the billing address on file and the device location, among other qualities.

Still, if Apple can be an Irish company for tax reasons, my iPhone should be able to become Irish for device control reasons.

It does leave me with one final question: how are developers outside the E.U. able to test compliance with these new capabilities? Perhaps I missed this in the documentation, but it seems like this may be one additional restriction to keep these alluring features geographically gated. Pity.

Even if this is not everything developers and advanced users may have hoped for, it is a radical shift for Apple’s non-Mac platforms. There is much to look forward to, and some things to be worried about. Mostly, though, this leaves many questions because of the cautious and confusing approach Apple is taking. There are perhaps good, well-founded reasons for doing so, and I do not think it is always intending to be as brutal as its decisions appear. But Apple’s relationship with developers has been on rocky ground for years and its latest policies are a reminder of the company’s control. Meet the new boss? Well, you know how that goes.