This Week's Sponsor:

Textastic

The Powerful Code Editor for iPad and iPhone — Now Free to Try

Posts tagged with "regulation"

EU Fines Apple €500 Million for Digital Markets Act Violations

In a press release issued today, the European Commission (EC) announced that it has fined Apple €500 million for violations of the EU’s Digital Markets Act. The EC also fined Meta €200 million.

The EC’s press release explains that:

Under the DMA, app developers distributing their apps via Apple’s App Store should be able to inform customers, free of charge, of alternative offers outside the App Store, steer them to those offers and allow them to make purchases.

The Commission found that Apple fails to comply with this obligation. Due to a number of restrictions imposed by Apple, app developers cannot fully benefit from the advantages of alternative distribution channels outside the App Store. Similarly, consumers cannot fully benefit from alternative and cheaper offers as Apple prevents app developers from directly informing consumers of such offers. The company has failed to demonstrate that these restrictions are objectively necessary and proportionate.

In addition to the fine, the EC has ordered Apple:

…to remove the technical and commercial restrictions on steering and to refrain from perpetuating the non-compliant conduct in the future…

The Commission also closed its investigation into Apple’s user choice obligations under the DMA, finding that the company’s browser choice screen and interface for setting new default apps to satisfy the DMA’s requirements.

An unnamed Apple representative speaking to CNN criticized the fine:

A representative for Apple said the fine is “yet another example of the European Commission unfairly targeting” the company and forcing it to “give away (its) technology for free.” It added that it plans to appeal the decision.

We have spent hundreds of thousands of engineering hours and made dozens of changes to comply with this law, none of which our users have asked for. Despite countless meetings, the Commission continues to move the goal posts every step of the way.

The EC’s fines aren’t surprising given the long history and tenor of the investigation. What remains open as a point of potential future disputes is Apple’s compliance with the EC’s new order. As stated by its representative to CNN, Apple also plans to appeal today’s decision.

AltStore PAL Releases AltStore Classic for EU iPhone Users

AltStore PAL, the alternative app store for iPhone users in the EU, celebrated its first anniversary today with a whopper of an update. AltStore PAL 2.2 now includes AltStore Classic as one of its catalog of apps. That’s right, a store within a store, which allows users in Europe to sideload hundreds of non-notarized apps.

If this sounds odd, it is, but there’s a method to the madness. AltStore Classic allows users to install DolphiniOS, an emulator that uses JIT (Just-In-Time) compilation, which is necessary to emulate more recent games and isn’t allowed by Apple on iOS out of the box. Alongside AltStore PAL 2.2, the AltStore team released StikDebug, an AltStore PAL app that allows any app sideloaded with AltStore Classic to use JIT.

I’m in the U.S., so I haven’t tried AltStore Classic, but judging from what I’ve seen on Reddit, JIT can make a big difference for emulators. EU users can read more about the update to AltStore PAL and AltStore Classic in the update’s release notes.

Permalink

European Commission Orders Apple To Improve Third-Party Device Integration

Just as I was linking to Eric Migicovsky’s post about the disadvantages third-party smartwatch makers face when trying to integrate with the iPhone, the European Commission (EC) released a pair of related specification decisions regarding Apple’s Digital Markets Act compliance. The first covers iPhone connectivity with third-party devices:

The first set of measures concerns nine iOS connectivity features, predominantly used for connected devices such as smartwatches, headphones or TVs. The measures will grant device manufacturers and app developers improved access to iPhone features that interact with such devices (e.g. displaying notifications on smartwatches), faster data transfers (e.g. peer-to-peer Wi-Fi connections, and near-field communication) and easier device set-up (e.g. pairing).

The other decision focuses on the process of interoperability:

The second set of measures improves the transparency and effectiveness of the process that Apple devised for developers interested in obtaining interoperability with iPhone and iPad features. It includes improved access to technical documentation on features not yet available to third parties, timely communication and updates, and a more predictable timeline for the review of interoperability requests.

An unidentified spokesperson for Apple responded with a statement to 9to5Mac:

Today’s decisions wrap us in red tape, slowing down Apple’s ability to innovate for users in Europe and forcing us to give away our new features for free to companies who don’t have to play by the same rules. It’s bad for our products and for our European users. We will continue to work with the European Commission to help them understand our concerns on behalf of our users.

This decision shouldn’t come as a surprise to anyone who has been following our DMA coverage. It’s easy to understand why Apple is unhappy about this decision, but it’s also just as easy to understand how the status quo holds back competition. There are no easy answers to any of this, but as difficult as this may be for Apple to do while upholding its privacy, security, and other standards, I’m glad the EU is pushing for change and hope those changes spread to other corners of the globe.

Pebble’s Inherent Disadvantages on the iPhone

It’s been just shy of one year since the U.S. Department of Justice and 15 states sued Apple for antitrust violations. It’s not clear what will become of that lawsuit given the change of administrations, but as it stands today, it’s still an active case.

One of the things that is hard about a case like the one filed against Apple is cutting through the legal arguments and economic jargon to understand the real-world issues underlying it. Earlier this week Eric Migicovsky one of the Pebble smartwatch founders who resuscitated the device this week, wrote an excellent post on his blog that explains the real world issues facing third-party smartwatch makers like Pebble.

Among other things:

It’s impossible for a 3rd party smartwatch to send text messages, or perform actions on notifications (like dismissing, muting, replying)….

It’s worth reading the post in its entirety for the other things third-party smartwatch makers can’t do on iOS, and as Migicovsky explains, things have gotten worse with time, not better. Since the Pebble’s time, the complaint against Apple adds that:

  • You must set notifications to display full content previews on your lockscreen for them to also be sent to a 3rd party watch (new restriction added in iOS 13).
  • Apple closed off the ability of smartwatches after Pebble to negotiate with carriers to provide messaging services, and now requires users to turn off iMessage (disabling iOS’s core messaging platform) if they want to take advantage of such contracts between a third-party smartwatch maker and cellular carriers.

The Apple Watch is great. There isn’t another smartwatch that I’ve even been tempted to try in recent years, but is that because no one has been able to make a good alternative or hasn’t because the disadvantages third-party wearables face are too great?

I’d like to see Apple focus on finding ways to better integrate other devices with the iPhone. There are undoubtedly security and privacy issues that need to be carefully considered, but figuring those things out should be a priority because choice and competition are better for Apple’s customers in the long run.

Permalink

Apple Challenges UK’s Demand for iCloud ‘Back Door’

Yesterday, the Financial Times reported that Apple has filed a complaint against the UK government seeking to overturn a secret order demanding that it create “back door” access to iCloud. Apple has not commented on whether it received an order because doing so would violate UK law. Instead, the company announced that it would remove Advanced Data Protection, the feature that enables end-to-end iCloud encryption, from the devices of UK customers. However, that move did not end the dispute because the UK order reportedly applies not just to the iCloud accounts of UK citizens but also anyone outside the UK that British security services have a judicial warrant to investigate.

The Financial Times’ sources say that Apple has appealed the British government’s order to the Investigatory Power Tribunal, a judicial body that handles disputes with UK security services. If accurate, the challenge is believed to be the first of its kind. The Financial Times further reports that a hearing on Apple’s challenge to the order may take place as early as this month, although it is unclear to what degree the hearing will be made public.

Permalink

Apple to Eliminate Advanced Data Protection for iCloud Accounts in the UK

A couple of weeks ago, I linked to a report from The Washington Post, which said that the UK government has demanded that Apple create a back door to access the encrypted iCloud data of Apple’s customers. Today, instead of creating the access the UK demanded, Apple announced it will remove Advanced Data Protection for its UK customers, which is the feature that allows users to end-to-end encrypt their iCloud data.

In doing so, Apple told 9to5Mac:

Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature. ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices. We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy. Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.

This is a real shame to see and something I hope doesn’t spread to other countries, but I’m not optimistic that will be the case.

UK users who have enabled Advanced Data Protection will need to disable it to continue using their iCloud accounts. More details on the process and time frame for doing so are expected from Apple soon.

Permalink

The UK Demanded That Apple Grant It Access to Encrypted Storage Globally

Joseph Menn, writing for The Washington Post:

Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post.

The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies. Its application would mark a significant defeat for tech companies in their decades-long battle to avoid being wielded as government tools against their users, the people said, speaking under the condition of anonymity to discuss legally and politically sensitive issues.

Menn reports that in response, Apple will likely stop offering encrypted storage in the UK. That does not, however, address the order’s demand for access to storage in other countries.

The UK order reportedly applies to Advanced Data Protection, an end-to-end encryption feature added by Apple in 2022 that ensures that not even Apple has access to users’ cloud storage. Apple is not commenting presumably because to do so would be a criminal violation under UK law, but it did comment in 2024 when given a draft of the order, that has now been issued:

During a debate in Parliament over amendments to the Investigatory Powers Act, Apple warned in March that the law allowed the government to demand back doors that could apply around the world. “These provisions could be used to force a company like Apple, that would never build a back door into its products, to publicly withdraw critical security features from the UK market, depriving UK users of these protections,” it said in a written submission.

As Menn points out, even the F.B.I., which has pressured Apple to offer backdoor access to its encrypted services in the past, recently endorsed the use of encrypted services to counter recent hacks of U.S. communications systems.

I don’t think any government should have this sort of access over their citizens’ data, but the UK law is particularly egregious because it applies worldwide. Tech companies have faced government pressure for this sort of access for years. On the surface, it may seem like a good way to ‘catch the bad guys,’ but once the backdoor is created, there’s no way to ensure it will be used only by ‘the good guys.’

Permalink

Epic Games Announces iOS Store Expansion in the E.U.

The Epic Games Store, which is available in the E.U. on iOS as a result of the Digital Markets Act and globally on Android, is expanding.

During a press briefing, Epic’s Tim Sweeney said:

Our aim here isn’t just to launch a bunch of different stores in different places, but to build a single, cross-platform store in which, within the era of multi-platform games, if you buy a game or digital items in one place, you have the ability to own them everywhere.

As part of the store expansion, The Verge’s Lauren Feiner reports that Epic will cover Apple’s E.U. Core Technology Fee charged on free games for the first 12 months. Epic will also offer monthly free games, and eventually, weekly freebies. The new games aren’t available just yet, but should be soon.

It’s good to see Epic expanding its offerings on iOS and Android. Alternative marketplaces have grown slowly in the E.U., but with Epic willing to reduce the financial risk of Apple’s Core Technology Fee, we should start seeing Epic’s store expand more rapidly.

Permalink

EU Seeks Input on iOS and iPadOS Interoperability

In September, I wrote about two interoperability proceedings commenced by the European Commission (EC) against Apple. As I wrote then:

In a nutshell, the EC is unhappy with connectivity between iOS and third-party devices and plans to tell the company how to comply. The second part requires Apple to set up a process for third parties to request connectivity with iOS.

Late yesterday, the EC published two follow-up documents requesting input from EU citizens and companies on the interoperability proceedings. DMA.100203 seeks feedback on these technical aspects:

  • The effectiveness of the measures in practice: if implemented, will the proposed measures result in effective interoperability with iOS for each feature
  • The completeness of the measures: if anything else is needed to ensure effective interoperability for the relevant feature
  • Feasibility of the measures: would there be any difficulties or obstacles in implementing each relevant proposed measure in your connected device or app
  • Timelines: is the proposed timeline for Apple to implement each proposed measure achievable?

Under DMA.100204, the EC is requesting input on the following:

  • Is the mapping of existing frameworks adequate to provide developers with prior information to submit a request and to obtain interoperability?
  • Are the proposed timelines adequate to establish a timely and predictable process that takes into account the specificities of the varying technical needs?
  • Are the proposed measures on communication and feedback allowing adequate developers’ involvement in the process?
  • Are the transparency measures allowing developers to be sufficiently informed about the process and its outcome?
  • Would the proposed process ensure a fair treatment of the requests and accountability for Apple’s decisions?
  • Are the proposed measures adequate to ensure that the request process delivers interoperability solutions that are effective and future-proof?

The deadline for commentary on both EC requests is January 9, 2025.

In response, Apple published a document yesterday explaining how it believes Meta and other companies will “weaponize interoperability,” undermining user privacy and security. As Apple puts it (emphasis in original):

If Apple were to have to grant all of these requests, Facebook, Instagram, and WhatsApp could enable Meta to read on a user’s device all of their messages and emails, see every phone call they make or receive, track every app that they use, scan all of their photos, look at their files and calendar events, log all of their passwords, and more. This is data that Apple itself has chosen not to access in order to provide the strongest possible protection to users.

Interoperability is shaping up to be the field where the fight over opening up more of iOS and iPadOS will be fought. There are places where third-party devices, like many wearables, are at a disadvantage when connecting to iOS. However, deep system-level interoperability necessarily raises potential privacy and security concerns. This isn’t going to be an easy balance to strike, and a lot is at stake, which is why I expect these EC proceedings to be the biggest DMA story of 2025.