Apple has announced changes to iOS, Safari, and the App Store impacting developers’ apps in the European Union (EU) to comply with the Digital Markets Act (DMA).
The changes will not apply in the UK at this stage – although the UK’s Digital Markets Bill, which is currently going through Parliament, is likely to put Apple’s practices under similar regulatory scrutiny.
The changes include more than 600 new APIs, expanded app analytics, functionality for alternative browser engines, and options for processing app payments and distributing iOS apps.
Across every change, Apple is introducing new safeguards that reduce — but don’t eliminate — new risks the DMA poses to EU users. With these steps, Apple will continue to deliver the best, most secure experience possible for EU users.
According to Apple, “the new options for processing payments and downloading apps on iOS open new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats”.
That’s why Apple is introducing protections — including Notarization for iOS apps, an authorisation for marketplace developers, and disclosures on alternative payments — to reduce risks and deliver the best, most secure experience possible for users in the EU.
Developers can learn about these changes on the Apple Developer Support page and can begin testing new capabilities today in the iOS 17.4 beta. The new capabilities will become available to users in the 27 EU countries beginning in March 2024.
“The changes we’re announcing today comply with the Digital Markets Act’s requirements in the European Union, while helping to protect EU users from the unavoidable increased privacy and security threats this regulation brings. Our priority remains creating the best, most secure possible experience for our users in the EU and around the world,” said Phil Schiller, Apple Fellow.
“Developers can now learn about the new tools and terms available for alternative app distribution and alternative payment processing, new capabilities for alternative browser engines and contactless payments, and more. Importantly, developers can choose to remain on the same business terms in place today if they prefer.”
The changes for EU apps reflect the European Commission’s designation of iOS, Safari, and the App Store as “core platform services” under the Digital Markets Act.
In March, Apple will share new resources to help EU users understand the changes they can expect. That includes guidance to help EU users navigate complexities the DMA’s changes bring — including a less intuitive user experience — and best practices for approaching new risks associated with downloading apps and processing payments outside of the App Store.
Changes to iOS
In the EU, Apple is making a number of changes to iOS to comply with the DMA. For developers, those changes include new options for distributing apps. The coming changes to iOS in the EU include:
- New options for distributing iOS apps from alternative app marketplaces — including new APIs and tools that enable developers to offer their iOS apps for download from alternative app marketplaces.
- New framework and APIs for creating alternative app marketplaces — enabling marketplace developers to install apps and manage updates on behalf of other developers from their dedicated marketplace app.
- New frameworks and APIs for alternative browser engines — enabling developers to use browser engines, other than WebKit, for browser apps and apps with in-app browsing experiences.
- Interoperability request form — where developers can submit additional requests for interoperability with iPhone and iOS hardware and software features.
As announced by the European Commission, Apple is also sharing DMA-compliant changes impacting contactless payments. That includes new APIs enabling developers to use NFC technology in their banking and wallet apps throughout the European Economic Area.
And in the EU, Apple is introducing new controls that allow users to select a third-party contactless payment app — or an alternative app marketplace — as their default.
Inevitably, the new options for developers’ EU apps create new risks to Apple users and their devices. Apple can’t eliminate those risks, but within the DMA’s constraints, the company will take steps to reduce them.
These safeguards will be in place when users download iOS 17.4 or later, beginning in March, and include:
- Notarization for iOS apps — a baseline review that applies to all apps, regardless of their distribution channel, focused on platform integrity and protecting users. Notarization involves a combination of automated checks and human review.
- App installation sheets — that use information from the Notarization process to provide at-a-glance descriptions of apps and their functionality before download, including the developer, screenshots, and other essential information.
- Authorisation for marketplace developers — to ensure marketplace developers commit to ongoing requirements that help protect users and developers.
- Additional malware protections — that prevent iOS apps from launching if they’re found to contain malware after being installed to a user’s device.
These protections — including Notarization for iOS apps, and authorisation for marketplace developers — help reduce some of the privacy and security risks to iOS users in the EU. That includes threats like malware or malicious code, and risks of installing apps that misrepresent their functionality or the responsible developer.
However, Apple has less ability to address other risks — including apps that contain scams, fraud, and abuse, or that expose users to illicit, objectionable, or harmful content. In addition, apps that use alternative browser engines — other than Apple’s WebKit — may negatively affect the user experience, including impacts to system performance and battery life.
Within the DMA’s constraints, Apple is committed to protecting the privacy, security, and quality of the iOS user experience in the EU as much as possible. For instance, App Tracking Transparency will continue to work with apps distributed outside of the App Store — asking a user’s permission before a developer tracks their data across apps or websites.
However, the DMA’s requirements mean that App Store features — including Family Purchase Sharing and Ask to Buy — will not be compatible with apps downloaded from outside of the App Store.
When these changes come into effect in March, Apple will share more detailed resources explaining the options available to users — including best practices for protecting their privacy and security.
Changes to Safari
Today, iOS users already have the ability to set a third-party web browser — other than Safari — as their default.
Reflecting the DMA’s requirements, Apple is also introducing a new choice screen that will surface when users first open Safari in iOS 17.4 or later. That screen will prompt EU users to choose a default browser from a list of options.
This change is a result of the DMA’s requirements, and means that EU users will be confronted with a list of default browsers before they have the opportunity to understand the options available to them.
The screen also interrupts EU users’ experience the first time they open Safari intending to navigate to a webpage.
Changes to the App Store
On the App Store, Apple is sharing a number of changes for developers with apps in the EU, affecting apps across Apple’s operating systems — including iOS, iPadOS, macOS, watchOS, and tvOS.
The changes also include new disclosures informing EU users of the risks associated with using alternatives to the App Store’s secure payment processing.
For developers, those changes include:
- New options for using payment service providers (PSPs) — within a developer’s app to process payments for digital goods and services.
- New options for processing payments via link-out — where users can complete a transaction for digital goods and services on the developer’s external website. Developers can also inform EU users of promotions, discounts, and other deals available outside of their apps.
- Business planning tools — for developers to estimate fees and understand metrics associated with Apple’s new business terms for apps in the EU.
The changes also include new steps to protect and inform EU users, including:
- App Store product page labels — that inform users when an app they’re downloading uses alternative payment processing.
- In-app disclosure sheets — that let users know when they are no longer transacting with Apple, and when a developer is directing them to transact using an alternative payment processor.
- New App Review processes — to verify that developers accurately communicate information about transactions that use alternative payment processors.
- Expanded data portability on Apple’s Data & Privacy site — where EU users can retrieve new data about their usage of the App Store and export it to an authorised third party.
For apps that use alternative payment processing, Apple will not be able to issue refunds, and will have less ability to support customers encountering issues, scams, or fraud.
Helpful App Store features — like Report a Problem, Family Sharing, and Ask to Buy — will also not reflect these transactions.
Users may have to share their payment information with additional parties, creating more opportunities for bad actors to steal sensitive financial information.
And on the App Store, users’ purchase history and subscription management will only reflect transactions made using the App Store’s In-App Purchase system.
New Business Terms for Apps in the EU
Also today, Apple is sharing new business terms available for developers’ apps in the European Union. Developers can choose to adopt these new business terms, or stay on Apple’s existing terms. Developers must adopt the new business terms for EU apps to use the new capabilities for alternative distribution or alternative payment processing.
The new business terms for apps in the EU are necessary to support the DMA’s requirements for alternative distribution and payment processing. That includes a fee structure that reflects the many ways Apple creates value for developers’ businesses — including distribution and discovery on the App Store, the App Store’s secure payment processing, Apple’s trusted and secure mobile platform, and all the tools and technology to build and share innovative apps with users around the world.
Developers operating under either set of business terms can continue to use the App Store’s secure payment processing and share their apps on the App Store in the EU. And both sets of business terms reflect Apple’s long-standing work to make the app ecosystem the best opportunity for all developers.
Developers operating under the new business terms will have the option to distribute their iOS apps from the App Store and/or alternative app marketplaces. These developers can also choose to use alternative payment processors in their EU apps on the App Store, across Apple’s operating systems.
The new business terms for iOS apps in the EU have three elements:
- Reduced commission — iOS apps on the App Store will pay a reduced commission of either 10 percent (for the vast majority of developers, and subscriptions following their first year) or 17 percent on transactions for digital goods and services.
- Payment processing fee — iOS apps on the App Store can use the App Store’s payment processing for an additional 3 percent fee. Developers can use a payment service provider within their app or link users to their website to process payments for no additional fee to Apple.
- Core Technology Fee — iOS apps distributed from the App Store and/or an alternative app marketplace will pay €0.50 for each first annual install per year over a 1 million threshold.
For apps on iPadOS, macOS, watchOS, and tvOS in the EU, developers who process payments using a PSP or by linking out to their website will get a 3 percent discount on the commission they owe to Apple.
Apple is also sharing a fee calculator tool and new reports to help developers estimate the potential impact of the new business terms on their app businesses.
Developers can begin testing these capabilities today in the iOS 17.4 beta.