Apple has announced a raft of changes incoming to iOS in the European Union — including a new fee for developers — as the iPhone maker prepares to roll out its response to the bloc’s ex ante competition reform, the Digital Markets Act (DMA).
Back in September, the EU designated Apple as one of six “gatekeepers” subject to the DMA, listing the iOS App Store and its browser Safari as “core platform services.” The regulation imposes a series of obligations and restrictions on gatekeepers. In Apple’s case this includes forcing it to accept sideloading of apps, among other changes. The deadline for gatekeepers’ compliance with the DMA is March 7.
Today Apple has announced the availability of iOS 17.4 in beta, which it says will help developers prepare for the changes to its mobile platform that will be rolled out next month to meet the EU’s compliance deadline.
In a background briefing with journalists ahead of the beta launch, Apple said it’s been working on its solution to comply with the DMA for months. But it also warned some of the changes will create new risks for users — repeating a long-standing argument against sideloading that the practice risks reducing iOS users’ security and privacy.
The changes Apple says are incoming for iOS developers distributing apps in the European Economic Area (EEA) include:
- New options for distributing iOS apps from alternative app marketplaces — including new APIs and tools that enable developers to offer their iOS apps for
download from alternative app marketplaces. - New framework and APIs for creating alternative app marketplaces — enabling marketplace developers to install apps and manage updates on behalf of other
developers from their dedicated marketplace app. - New frameworks and APIs for alternative browser engines — enabling developers to use browser engines, other than WebKit, for browser apps and apps
with in-app browsing experiences. - An interoperability request form — where developers can submit additional requests for interoperability with iPhone and iOS hardware and software features.
Last week, details emerged of an offer Apple has made to the EU to try to settle an antitrust proceeding against Apply Pay. Today it suggested those proposed changes to contactless payments on iOS are “DMA-compliant” — including new APIs enabling developers to use NFC technology in their banking and wallet apps throughout the EEA, and new controls that allow users to select a third-party contactless payment app (or an alternative app marketplace) as their default.
Although, as with all the incoming changes Apple is outing today, it will be up to the European Commission, which oversees gatekeepers’ compliance with the DMA, to assess whether or not they meet the law’s requirements.
If EU regulators decide Apple’s changes do not comply with the DMA, it could lead to fines of up to 10% of global annual turnover and force Apple to think again.
New business terms — and ‘core tech’ fee
In parallel to the raft of DMA-focused changes developers will be able to choose to tap into, Apple is also introducing new business terms in Europe — which include the introduction of a new fee, called the “Core Technology Fee.”
This looks intended to ensure that Apple can continue to take a cut in some scenarios, even when developers opt to step outside its walled garden — either for distributing their apps via alternative app stores or by encouraging users to pay for additional content by following a link redirecting them to their own websites to make payments.
iOS apps distributed from the App Store and/or an alternative app marketplace will pay €0.50 for each first annual install per year over a 1 million threshold, per Apple.
Developers wanting to tap into the new capabilities it’s announced today, such as the ability to distribute their apps via alternative app stores, must accept these new business terms.
“The new business terms for apps in the EU are necessary to support the DMA’s requirements for alternative distribution and payment processing,” Apple wrote in a press release. “That includes a fee structure that reflects the many ways Apple creates value for developers’ businesses — including distribution and discovery on the App Store, the App Store’s secure payment processing, Apple’s trusted and secure mobile platform, and all the tools and technology to build and share innovative apps with users around the world.”
Under the new business terms, Apple is also reducing the cut it takes from digital purchases on iOS apps in its App Store: To either 17% on transactions for digital goods and services; or 10% “for the vast majority of developers and subscriptions following their first year,” as Apple puts it.
Apple will also levy a payment processing fee for iOS apps on the App Store wanting to use its own payment tech — of an additional 3%.
But developers can opt to use an alternative payment service provider within their app or link users to their website to process payments outside the App Store — for no “additional fee” to Apple.
Additionally, Apple said developers will be able to choose to stay on its existing business terms — that is, where it collects a commission on in-app purchases within apps distributed on its App Store of 30% (or 15% for small businesses).
Whichever terms developers choose, they will be able to continue using the App Store’s payment processing tech and distributing their apps on Apple’s App Store in the EU, per Apple.
Under the new business terms, the tech giant said it estimates that more than 99% of developers would reduce or maintain the fees they owe it.
It also suggests that less than 1% of developers will pay the Core Technology Fee on their EU apps — as it says this is intended to target only apps that achieve exceptional scale (i.e. by being installed on millions of iOS devices).
Apple is justifying the introduction of the new fee by saying it reflects the value provided by its technology platform and services independent of the App Store’s capabilities and distribution.
While the DMA does demand designated gatekeepers’ app stores open up to sideloading, it does not impose specific business models on them. However, it still remains to be seen whether Apple’s careful restructuring of its business terms in the EU, and the specific choices it’s presenting to developers, will pass muster with regulators.
Article 6(12) of the DMA states:
The gatekeeper shall apply fair, reasonable, and non-discriminatory general conditions of access for business users to its software application stores, online search engines and online social networking services listed in the designation decision pursuant to Article 3(9).
So Apple will need to make the case that the structure it’s devised here is “fair, reasonable, and non-discriminatory” if it’s to avoid falling foul of the DMA.
As part of the changes, Apple is introducing a number of other new features to its platform — which it may well argue justify the new fee — including notarization for iOS apps (it says this will include “a baseline review that applies to all apps, regardless of their distribution channel, focused on platform integrity and protecting users” and will include both automated checks and human review); app installation sheets (which will use information from the notarization process to present users with an overview of what they are about to download in the form of at-a-glance descriptions of apps and their functionality); authorization for marketplace developers (with checks to be made by Apple to ensure marketplace developers commit to “ongoing requirements that help protect users and developers”); and additional malware protections, which Apple says will prevent iOS apps from launching if they’re found to contain malware after being installed to a user’s device.
In today’s briefing with journalists, Apple representatives stressed that the changes the EU is requiring it to make will open up entirely new risks for iOS users.
The company particularly highlighted the security risk of opening up the ability of iOS apps to install other apps on the user’s device (Apple is calling these alternative app stores “marketplace apps”) — something it suggested is a common attack vector for malware. Whereas its representatives claimed there’s never been a widespread consumer malware attack on iOS to date.
While any developer accepting Apple’s new business terms will be able to build alternative app stores (i.e. marketplace apps), they will still have to undergo an app review process by Apple and meet criteria it says is intended to protect users and developers.
Other changes incoming — some of which respond to other DMA demands on how Apple can operate its App Store and Safari browser (while others look intended to encourage iOS users to take special care before they opt for any alternative, non-Apple options) — include a new choice screen that will be presented to iOS users that will let them select their default browser, showing a selection of rival browsers alongside Apple’s own Safari browser; and the ability for developers to offer browsers that are not based on the WebKit browser engine; new App Store product page labels, which Apple says will inform users when an app they’re downloading uses alternative payment processing; in-app disclosure sheets, to let users know when they’re no longer transacting with Apple, and when a developer is directing them to transact using an alternative payment processor; New App Review processes — which Apple says will verify that developers accurately communicate information about transactions that use alternative payment processors; and expanded data portability on its Data & Privacy site — where EU users can retrieve new data about their usage of the App Store and export it to an authorized third party.
Informing iOS users when they’re no longer transacting with Apple is one way it may seek to nudge people to keep paying for third-party apps via its own payment tech. But, on the flip side, Apple may argue this is just a “fair and reasonable” warning to give its users when they step outside its managed ecosystem.
The DMA also allows for gatekeepers to take “strictly necessary and proportionate” measures to ensure third party apps and stores, or the new DMA-demanded interoperability requirements, don’t endanger the integrity of hardware, software or operating systems they provide — with the added proviso that any such measures must be “duly justified by the gatekeeper”.
Another change Apple announced today will enable developers to provide the equivalent of a streaming games app store.
Reacting swiftly to Apple’s move, Epic Games — which sued the tech giant in the US over App Store conditions — cried foul: Dubbing its EU offering as “malicious compliance” filled with “junk fees”.
Comment