Apple today published a whitepaper [PDF] detailing the privacy and security protections that it is implementing in the European Union to keep users as safe as possible while also complying with the requirements of the Digital Markets Act.
As a recap, with the upcoming iOS 17.4 update, iPhone users in the European Union will be able to install apps through alternative app marketplaces rather than the App Store. Several companies are working on marketplaces, with Setapp and Epic Games confirming plans to offer an App Store alternative.
Apps installed through marketplaces are essentially "sideloaded" and are not subject to the standard App Store review process. In an effort to minimize the risk of malware and fraud, Apple has implemented a Notarization process that app marketplaces and the apps sold through those marketplaces must submit to.
Notarization includes both an automated scan and human review to ensure that apps do not contain malware, function as advertised, and do not engage in "egregious fraud" attempts. An app can't be installed on an iPhone using sideloading unless it is signed by Apple through Notarization, and Apple is requiring developers to have a Developer account and provide legitimate details like name, address, and phone number. Apps will need to explain why they need access to sensitive data like the microphone, camera, Face ID, health data, and more, and user consent will also be required for these functions to work after an app is installed.
What Notarization won't do is look at the content of apps. Apps installed through alternative marketplaces can have adult content, copyrighted content, drug-related content, and other features that would not be allowed in the App Store. Apple will attempt to stop apps that impersonate other apps or that have undocumented features, but the company warns that sideloaded apps will not be as secure as those installed through the App Store.
Alternative app marketplaces need to adhere to baseline criteria that requires them to commit to monitoring for and removing malicious apps and providing support to users. Refunds, for example, will need to be provided by the app marketplace because marketplaces use alternative payment methods rather than in-app purchases. Alternative payment methods are also accepted in App Store apps under the DMA.
European users who install an app outside of the App Store will be presented with an app installation sheet that provides the app name, developer name, app description, screenshots, and ratings. Sheets can be turned off for a marketplace in the Settings app, and they also disappear if a marketplace is set as the default store.
Apple says that it has received numerous emails from European users and government agencies that are concerned with the risks of alternative app marketplaces, and Apple promises to "work tirelessly" to protect users "to the extent possible under the law." There is no way for users to opt out of the DMA changes, and Apple suggests that some people may have to use alternative apps against their will. Employers and schools may require an app that is only available through a marketplace, for example.
Much of Apple's whitepaper walks through the risks that iPhone users will need to contend with and the work that alternative app marketplace operators will need to do in order to keep users safe.
Notably, Apple says that the changes that it is making have been discussed with the European Commission, and there have been no concerns raised. The DMA does recognize the privacy risks associated with alternative app marketplaces, and Apple says it is aiming to do what it can to protect and educate users under the new guidelines.
iPhone owners in the European Union who have additional concerns about alternative app marketplaces can read through Apple's full PDF to get a complete picture of the security and safety protections that Apple has put in place and the risks that still remain.
Source: Macrumors