Phil Schiller warns third-party app stores are a risk to iPhone users
The introduction of third-party app marketplaces for the iPhone in EU countries could be a massive privacy and security problem for users, Apple Fellow Phil Schiller warns, despite Apple's attempts to shore up security before regulatory rules fully kick in.
Apple Fellow Phil Schiller
The EU Digital Markets Act is forcing Apple to open the iPhone up to third-party digital storefronts in EU member states, with the enabling of sideloading and alternative stores alongside Apple's own App Store starting from March 2024 in the iOS 17.4 update.
To prepare for the introduction of the third-party storefronts, Apple has already outlined various ways charges will change, as well as security mechanisms to try and keep users safe. However, Apple warns that cannot protect against every eventuality.
App Store chief and Apple fellow Phil Schiller explained to Fast Company "These new regulations, while they bring new options for developers, also bring new risks. There's no getting around that. So we're doing everything we can to minimize those risks."
The introduction of a third-party storefront means there's a new way for apps with malicious code to be installed onto an iPhone, which could cause many issues to end users. Apple's "walled garden" approach and App Store Review process weed out these apps, with almost 1.7 million submissions rejected in 2022 because of failures to meet privacy, security, and content standards.
Due to the possibility of third-party stores not having as stringent a review process as Apple, the iPhone maker has introduced various elements to improve security, such as notarizing all apps before they can be installed on an iPhone, regardless of the app store.
"We've put together over 600 new APIs for developers to give them the tools to build a marketplace, install an app, let the user have control of that process," said Schiller. "We've done a lot of core engineering, and we're going to continue to."
Users will also see an information sheet showing basic details about the app before installing it, and added more control over marketplace selection too.
App security, but no content monitoring
Even so, Schiller adds that there are limits to Apple's protective measures, with it having no real control over the content of apps from the alternative storefronts, since notarization doesn't check the actual content, only whether the app is secure and not malicious.
"Ultimately, there are things that we have not allowed on our App Store-- things that we didn't think would be safe or appropriate," the Apple Fellow said. "It will not be our decision whether those other marketplaces have the same terms and limitations."
While Apple has rules in place to prevent specific types of objectionable content from appearing in the App Store after years of input from families and governments, "Those rules will not apply in another marketplace unless they choose to make rules of their own, with whatever criteria they come up with," Schiller points out.
"Does that increase the risk of users, and families, running into objectionable content or other experiences? Yes it does."
Read on AppleInsider
Comments
The apps that exist today on smart devices are capturing, aggregating, correlating, trending, and applying machine learning to far more personal and broadly sourced information related to individuals including location information, financial information, credit information, aggregated data from other point-of-sale sources both online and brick & mortar, online search history, social media, public databases, shared genealogical information, etc. This is nearly fingerprint level stuff. And the EU is perfectly fine letting anyone with the ability to put up a “store front” that can tap into that sort of information with a pinky-promise that that they won’t share it, use it for nefarious purposes, or safeguard it in cardboard boxes stored in their bathroom?
What happens when a shallow pockets ISV with a homegrown storefront breaches your data? Are they going to provide any remedial action? Are you or a class action group going to sue them? For what, to make them sell their PlayStation to pay off the penalty from a court ordered settlement?
No thanks. I think I’ll stay in the garden.
"Ultimately, there are things that we have not allowed on our App Store-- things that we didn't think would be safe or appropriate". A huge portion of the userbase is well over 18 with the ability to think for themselves, and Apple wants to tell people what is appropriate or not based on what, their standards?
Still though I think this is a scare tactic, as installing things from outside of the official app store, will cut into Apples profits.
https://www.businessinsider.com/boomer-greed-ruined-economy-gen-z-millennials-labor-shortage-inflation-2023-3?op=1
New browser - all about tracking (money).
Prices are not 15% or 30% less, Money.
Apple just sent this out:
"Price updates
On February 13, pricing for apps and in-app purchases* will be updated for the Benin, Colombia, Tajikistan, and Türkiye storefronts. Also, these updates consider the following tax changes:
Prices will be updated on the Benin, Colombia, Tajikistan, and Türkiye storefronts if you haven’t selected one of these as the base for your app or in‑app purchase."
Are those new store fronts going to do all this bookkeeping for you? Probably not. They're probably only going to work in the EU.
And I think I read somewhere, if you leave the Apple Store, that account does not get to come back.
It's all very shortsighted.
Contact of any kind, be it in person or online, comes with risks.
The App Store itself comes with risks and there is literally nothing Apple can do to really eliminate those risks. We live with them and hope a combination of common sense and common protections will reduce the chances of being impacted.
The risks exist for everyone, though.
Are those 600 APIs risk free? Probably not. Will there be some nasty bugs sitting in them? We live with these risks day to day. Some malicious, some not.
It is also entirely possible for an app store to offer more protections and have a better human review process than the official Apple App Store. I wonder what Phil would say to that?
It can swing both ways but the user must decide, not Apple (or not only Apple at least).
It's also entirely possible that an app store could be more restrictive than the App Store with regards to content.
Anyone who thinks it is dangerous to use non-Apple sanctioned app store will be able to completely ignore third party app stores and any of those risks.
The most important thing though, is that the user will be choosing to do so and not be obliged to pass through one toll gate where only Apple reaps the rewards in detriment to both users and competitors through lack of competition.
At the end of the day, and Phil understands this, it's more about money than security.
The Apple App Store has paid out billions, Apple says. It made a pretty penny in the process (even when taking into account running costs).
What the EU is trying to do is level the field. Choice is part of that.
What you propose is a misnomer.
companies can sell apps. But they pay apple a platform commission just like you do when you sell anywhere, be it brick and mortar stores, online retailers, bookstores, coffee shops, etc.
what you advocate is punishing successful companies and removing their right to earn for their hard earned sales space while propping up the less successful by forcibly making the successful pay for their ride.
You clearly haven't read anything on the DMA/DSA package.
I suggest you do.
"Sorry. That’s not how business work at its core."
You will find that is completely wrong at its core when applied to the situation the EU (with good reason) wants to tackle.
Now, if Apple agreed with you, it would have taken measures well before now to get any wrongs righted.
The fact that it hasn't, says it all and it had margin to do so.
The hard truth is that Apple knows it's a gatekeeper and has been for a while now.
It had a good ride. Google too! And the others.
It's been extremely lucky (the EU banks haven't been) that the EU didn't deem the App Store contract clauses abusive and demand the return of funds to developers and customers.
The complaints never asked for that.
Over the last ten years Spanish banks alone have had to return billions to customers.
If it had been up for consideration I wouldn't like to guess which way that would have gone.
Your idea of how business works is being challenged in the EU, South Korea, Japan (?) and what do you think will happen in the US? The land of the lobby.
Which way do you think things will go there?
People have not had choice. There is no argument about that and one of the reasons Apple probably hasn't fought this legally is that it knows full well that the 'informational' side of the 'contract' with users is not transparent in any way.
Choice was taken from them, in the vast majority of cases without them even knowing because they were never informed.
I have yet to meet an iOS user that has a relatively decent understanding of the restrictions that buying an iDevice brings.
I would love for someone to officially tackle that particular issue.
The EU wants to give that choice back to users.
Apple has made a proposition but, to be brutally honest, I can't see how it meets even the premise of the preamble of the legal text, let alone the text itself.
But we will see.
https://apple.slashdot.org/story/24/02/02/217244/apple-says-eu-represents-7-of-global-app-store-revenue#comments
From poster: ShanghaiBill "America is the biggest App Store revenue source. China and Japan are #2 and #3, followed by the UK, Taiwan, Canada, and Korea. Germany is the first EU country at #8. Australia is #9, and France is #10"
They the EU have no leverage over Apple long term.
I came of age in the tech industry as Linux was finding its footing, and loved the openness of it because I could learn how hardware and software worked from bottom to top. However, in retrospect, while it was fun to learn about technologies which had been reverse engineered and copied from companies like Sun Microsystems, I also realized the effect of such efforts was the devaluation of technology and most of the money from technology products going to the big manufacturing companies, not the engineers who were designing and creating it. Due to the fact that most of the software and hardware was just cloned, commodified components which didn't require much engineering effort to put together. Really just a cheap assembly line of software and hardware with very little true engineering.
And yes, there is a need for commodified technology products in the world to make that technology accessible to all. However, it would be sad to see the whole world made up entirely of cheap, cloned products because there's no incentive to do otherwise.
if you have a product that you want discovered and bought by a certain large audience, you pay a commission to be discovered and bought on said platform and enjoy the rewards.
when you go into a barnes and noble store, you don’t find a competing bookstore operating out of a pop up tent inside. You find books by authors and publishers who’ve partnered with barnes and noble and pay a significant platform fee to be featured at their bookstores. Same thing with Walmart, etc.
payment systems are another thing. You don’t sell an item through Walmart and then set up your own kiosk inside with your own payment system so Walmart can’t make their just due. You use their payment sustem, they account for it and you get your cut. Your barcodes and shipping numbers ensure that your accounting keeps theirs honest, etc.
everybody wins.
sid apple violate any laws in the 15 years or so that the App Store has been running?
Hence the DMA/DSA package.
Business cannot be done at any cost and as you will see right here on AI, a class action suit against the App Store has just been given the go ahead.
You might be swimming against the current.
No one is shafting anyone here.
Apple will have to figure out a way to sandbox those apps so they can't mine data from the phone that they don't generate themselves., like passwords, banking information etc.
What I find bizarre is that Microsoft still have a big monopoly in OS software, Video gaming makers have close software stores and the EU doesn't do anything about those.