opens in new window

PRESS RELEASE

January 25, 2024

For developers, the changes include new options for app distribution and payment processing

For users, the changes include new controls and disclosures, and expanded protections to reduce privacy and security risks the DMA creates

CUPERTINO, CALIFORNIA Apple today announced changes to iOS, Safari, and the App Store impacting developers’ apps in the European Union (EU) to comply with the Digital Markets Act (DMA). The changes include more than 600 new APIs, expanded app analytics, functionality for alternative browser engines, and options for processing app payments and distributing iOS apps. Across every change, Apple is introducing new safeguards that reduce — but don’t eliminate — new risks the DMA poses to EU users. With these steps, Apple will continue to deliver the best, most secure experience possible for EU users.

The new options for processing payments and downloading apps on iOS open new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats. That’s why Apple is introducing protections — including Notarization for iOS apps, an authorization for marketplace developers, and disclosures on alternative payments — to reduce risks and deliver the best, most secure experience possible for users in the EU. Even with these safeguards in place, many risks remain.

Developers can learn about these changes on the Apple Developer Support page and can begin testing new capabilities today in the iOS 17.4 beta. The new capabilities will become available to users in the 27 EU countries beginning in March 2024.

“The changes we’re announcing today comply with the Digital Markets Act’s requirements in the European Union, while helping to protect EU users from the unavoidable increased privacy and security threats this regulation brings. Our priority remains creating the best, most secure possible experience for our users in the EU and around the world,” said Phil Schiller, Apple Fellow. “Developers can now learn about the new tools and terms available for alternative app distribution and alternative payment processing, new capabilities for alternative browser engines and contactless payments, and more. Importantly, developers can choose to remain on the same business terms in place today if they prefer.”

The changes for EU apps reflect the European Commission’s designation of iOS, Safari, and the App Store as “core platform services” under the Digital Markets Act. In March, Apple will share new resources to help EU users understand the changes they can expect. That includes guidance to help EU users navigate complexities the DMA’s changes bring — including a less intuitive user experience — and best practices for approaching new risks associated with downloading apps and processing payments outside of the App Store.

Available for developers’ apps around the world, Apple also announced new options for streaming games, along with more than 50 forthcoming reports in areas like engagement, commerce, app usage, and more.

Changes to iOS

In the EU, Apple is making a number of changes to iOS to comply with the DMA. For developers, those changes include new options for distributing apps. The coming changes to iOS in the EU include:

New options for distributing iOS apps from alternative app marketplaces — including new APIs and tools that enable developers to offer their iOS apps for download from alternative app marketplaces.

New framework and APIs for creating alternative app marketplaces — enabling marketplace developers to install apps and manage updates on behalf of other developers from their dedicated marketplace app.

New frameworks and APIs for alternative browser engines — enabling developers to use browser engines, other than WebKit, for browser apps and apps with in-app browsing experiences.

Interoperability request form — where developers can submit additional requests for interoperability with iPhone and iOS hardware and software features.

As announced by the European Commission, Apple is also sharing DMA-compliant changes impacting contactless payments. That includes new APIs enabling developers to use NFC technology in their banking and wallet apps throughout the European Economic Area. And in the EU, Apple is introducing new controls that allow users to select a third-party contactless payment app — or an alternative app marketplace — as their default.

Inevitably, the new options for developers’ EU apps create new risks to Apple users and their devices. Apple can’t eliminate those risks, but within the DMA’s constraints, the company will take steps to reduce them. These safeguards will be in place when users download iOS 17.4 or later, beginning in March, and include:

Notarization for iOS apps — a baseline review that applies to all apps, regardless of their distribution channel, focused on platform integrity and protecting users. Notarization involves a combination of automated checks and human review. 

App installation sheets — that use information from the Notarization process to provide at-a-glance descriptions of apps and their functionality before download, including the developer, screenshots, and other essential information.

Authorization for marketplace developers — to ensure marketplace developers commit to ongoing requirements that help protect users and developers.

Additional malware protections — that prevent iOS apps from launching if they’re found to contain malware after being installed to a user’s device.

These protections — including Notarization for iOS apps, and authorization for marketplace developers — help reduce some of the privacy and security risks to iOS users in the EU. That includes threats like malware or malicious code, and risks of installing apps that misrepresent their functionality or the responsible developer.

However, Apple has less ability to address other risks — including apps that contain scams, fraud, and abuse, or that expose users to illicit, objectionable, or harmful content. In addition, apps that use alternative browser engines — other than Apple’s WebKit — may negatively affect the user experience, including impacts to system performance and battery life.

Within the DMA’s constraints, Apple is committed to protecting the privacy, security, and quality of the iOS user experience in the EU as much as possible. For instance, App Tracking Transparency will continue to work with apps distributed outside of the App Store — asking a user’s permission before a developer tracks their data across apps or websites. However, the DMA’s requirements mean that App Store features — including Family Purchase Sharing and Ask to Buy — will not be compatible with apps downloaded from outside of the App Store.

When these changes come into effect in March, Apple will share more detailed resources explaining the options available to users — including best practices for protecting their privacy and security.

Changes to Safari

Today, iOS users already have the ability to set a third-party web browser — other than Safari — as their default. Reflecting the DMA’s requirements, Apple is also introducing a new choice screen that will surface when users first open Safari in iOS 17.4 or later. That screen will prompt EU users to choose a default browser from a list of options.

This change is a result of the DMA’s requirements, and means that EU users will be confronted with a list of default browsers before they have the opportunity to understand the options available to them. The screen also interrupts EU users’ experience the first time they open Safari intending to navigate to a webpage.

Changes to the App Store

On the App Store, Apple is sharing a number of changes for developers with apps in the EU, affecting apps across Apple’s operating systems — including iOS, iPadOS, macOS, watchOS, and tvOS. The changes also include new disclosures informing EU users of the risks associated with using alternatives to the App Store’s secure payment processing.

For developers, those changes include:

New options for using payment service providers (PSPs) — within a developer’s app to process payments for digital goods and services.

New options for processing payments via link-out — where users can complete a transaction for digital goods and services on the developer’s external website. Developers can also inform EU users of promotions, discounts, and other deals available outside of their apps.

Read More