Exclusive: Apple’s Phil Schiller says alternative app stores expose iPhone users to major risks. He’s right

Next month, in EU member states, third-party app stores will appear on the iPhone for the first time in the device’s history. The change was prompted by the European Commission’s Digital Markets Act (DMA), which is designed to ensure that there’s more competition in the tech industry by forcing giants such as Apple, Google, Meta, Microsoft, and Amazon to open up some of their platforms so that smaller companies can better compete. In Apple’s case, the DMA mandates that the company allow competing app stores on the iPhone.

The DMA is a very business-focused bit of legislation, so naturally most of the discussion surrounding the law is about how it will benefit smaller companies by allowing them to compete with tech’s major players. Hardly anyone mentions how the changes will affect individual consumers. When they do, the assumption is that iPhone users in the EU will now have more choice regarding where they download apps, and since choice is good, users will benefit no matter what.

But for the privacy- and security-minded, it’s obvious that this is not entirely true. As a matter of fact, with alternative app stores on the iPhone, its users in the EU could now be more vulnerable to privacy and security threats than they were before, according to Apple Fellow Phil Schiller, who heads the company’s App Store.

“These new regulations, while they bring new options for developers, also bring new risks. There’s no getting around that. So we’re doing everything we can to minimize those risks for everyone,” Schiller told me in a recent discussion about the privacy and security impact of the European Commission’s Digital Markets Act.

Of course you might expect the head of Apple’s App Store to say this, but it’s a possibility that other security-minded people have also pointed out. Even Apple competitor Google acknowledges the increased security threats to its more-open Android platform. The company has published figures showing that at the end of September 2023, 0.153% of Android devices, even with Google Play Protect enabled, had installed potentially harmful apps. Less than two-tenths of a percent might not sound bad, but considering that there are 3 billion Android devices in the world, that’s as many as 4.5 million phones infected with potentially harmful apps. (Apple wouldn’t share how many iPhone users it has in the EU, but on Thursday Apple’s CFO, Luca Maestri, said that the EU market represents about 7% of global App Store revenue.)

Buyer beware

So what are the risks for iPhone users in the EU who decide to download apps from alternate app stores? The most obvious ones involve malicious apps. These are apps that hide nefarious code or purposely misrepresent what they are and what they do. An example of a malicious app is one that executes code that sends all of your keystrokes back to the developer, or purports to be a photo editor but also has hidden code that allows it to turn your iPhone into a cryptocurrency mining device.

Love or hate Apple’s “walled garden” approach of mandating that all apps be available through its App Store, it helped enable Apple to monitor, to a high degree, all apps made for the iPhone and identify any that could harm users. Apple says that in 2022 alone it rejected nearly 1.7 million app submissions because they failed to meet the App Store’s high privacy, security, and content standards.

With alternate app stores, Apple will have much less power to stop nefarious apps from hitting users’ iPhones. However, Schiller and company aren’t just throwing up their hands and saying it’s the other app stores’ problem. Quite the contrary. Apple still wants iPhone users who use alternative app stores to have the best and safest iPhone experience possible, and it has created tools to help developers in alternative app marketplaces make their apps as secure as possible under the requirements of the DMA.

“We’ve put together over 600 new APIs for developers to give them the tools to build a marketplace, install an app, let the user have control of that process,” Schiller says. “We’ve done a lot of core engineering [to help make things easier for alternative app store developers], and we’re going to continue to.”

Schiller notes that Apple has also come up with a number of new protections to help mitigate risks for users who download apps from alternative app stores. These include a notarization process for all iPhone apps regardless of which app store they are available on. Before an app can be installed on the device, developers must submit it to Apple, which will run a selection of automated tasks to scan for malicious code and malware; it will also receive a baseline human review. If no issues are found, Apple will notarize the app, giving it a digital key to enable its installation on an iPhone.

It’s important to note, however, that this notarization process isn’t as in-depth as the App Store’s traditional review, which also checks, among other things, that an app is following content rules. Still, this notarization should be enough to stop a malicious app that’s attempting to mimic a real app (say, from Facebook or Starbucks) from being installed on a user’s iPhone.

Schiller says that before a third-party app is installed on a user’s iPhone, a sheet will pop up on the user’s screen showing basic details, such as the app’s name and developer, a description with screenshots of what the app is, and the app’s age rating. Apple has also built new settings into the iPhone’s Settings app that allow users to easily see which apps were downloaded from which app store—giving users control over the app stores installed on their iPhone.

“The user can choose what they want their default marketplace to be, whether it’s our App Store or some other app store,” Schiller explains, assuring that no marketplace downloaded to an iPhone can install any apps on the device until the user says it’s okay. “You have a place to go in Settings now to see the marketplaces you’ve approved and to turn off approval. And you can see what apps you’ve installed from that specific marketplace if you get concerned later.”

Brace for new content

Schiller is quick to point out that despite these new security measures, there are limits to the protections that Apple can provide to users who allow alternative app marketplaces to operate on their iPhones. The company has virtually no control over the content of apps from those marketplaces—even if that content is objectionable or harmful.

“Ultimately, there are things that we have not allowed on our App Store—things that we didn’t think would be safe or appropriate,” Shiller says. “It will not be our decision whether those other marketplaces have the same terms and limitations.”

So yes, for the first time, apps dedicated to pornography can be run on the iPhone. This should be something parents are aware of, because the DMA does not give Apple the legal right to forbid certain types of app stores from operating on its platform, nor does Apple have the ability to prevent a child from downloading such an app store onto their iPhone.

Apple also has no control now over apps that contain other harmful content that can run on its iPhones. This means it’s entirely possible that apps with neo-Nazi content, for example, could soon be available through various alternative app stores, provided that they don’t break local laws. The same goes for apps that allow for the creation of deepfakes or that are designed to spread misinformation. Also, if an app from one of these marketplaces infringes on the intellectual property of another company—say, one that lets users stream pirated Netflix shows—copyright holders would need to work with the alternative app marketplace, not Apple, to rectify the situation.

For more than 15 years, Schiller says, “we have dealt with a lot of input from families, from governments, on things that we need to do to try to either not allow certain kinds of objectionable content on our App Store, or give users control over that experience to decide what’s best for themselves—and we have rules around that,” Schiller says. “Those rules will not apply in another marketplace unless they choose to make rules of their own, [with] whatever criteria they come up with. Does that increase the risk of users, and families, running into objectionable content or other experiences? Yes, it does.”

It’s also important to note that due to technical limitations, apps purchased through alternative app stores won’t be able to take advantage of some family-friendly iPhone features, including Family Purchase Sharing, which allows apps to be shared by family members, and Ask to Buy, which requires minors to get permission from their parents before buying an app. (This is true of apps in Apple’s App Store that can also now opt to use alternate payment processors—another requirement of the DMA.)

If you purchase apps through alternate app stores, you will need to give them your payment details and try to deal with those stores—or the individual developers—if you want a refund for an app or in-app purchase. Apple is powerless to help users get refunds for apps from alternative marketplaces or apps on its own App Store that now choose to use a payment processor other than Apple. You also will not be able to use the dead-simple option found in Settings to instantly cancel current subscriptions. Instead, cancellation requests will need to be dealt with through the specific app store or developer.

An illusion of choice

While the DMA was mainly designed to help small companies compete with their larger counterparts, one of the main end-user benefits frequently touted is that now iPhone users in the EU will have more options regarding where they download their apps from.

The thing is, this might not necessarily be how things end up, and it’s entirely possible that if a user wants a certain app, they may be forced to download it from a certain app store. A developer may choose to remove its app from Apple’s App Store and instead sell it only through its alternative app store. This is what Epic seems to be doing with its Fortnite game, announcing that it will be making it available via its new alternative iPhone app store.

But if that’s the only place it’s going to be available, where’s the choice? You may say, “It’s just a game,” but it’s possible that other billion-dollar companies with lots of apps may choose to sell them only through their own app stores, where they have more control over user data (and may offer fewer user privacy protections than Apple does). Even smaller developers may choose to host their apps only in an alternative marketplace, which the user would have no choice but to use if they want the app. And if that app is critical to your business or workflow, abandoning it isn’t an option.

“Those situations will force many users into having to say ‘okay’ to marketplaces without knowing a lot about them,” Schiller says.

The iPhone is not the Mac

Of course, many critics of Apple will attribute the company’s concerns to mere fearmongering. It’s posturing, they’ll say—Apple simply wants to maintain the status quo for financial reasons, and that’s why it’s never opened up the iPhone to alternate app stores before the DMA forced it to. They’ll cite the fact that while Apple has always required iPhone apps to be downloaded from the App Store, Mac apps have been available for download from anywhere. If the company doesn’t see the ability to download apps from anywhere onto the Mac as a threat, why does it say the same openness is a threat to the iPhone?

To me, the answer is obvious: Because the iPhone holds so much more sensitive data about a user than a Mac ever will. It holds our debit and credit card numbers, plane tickets, and medical records. It holds our real-time location and the places we frequent the most. It holds our student IDs and government-issued driver’s licenses. It even holds the literal keys to our homes and automobiles.

It’s logical, then, why Apple believes it has a duty to offer robust protections against malicious apps and developers who may not have the most noble intentions—a duty it can fulfill with its App Store acting as a gatekeeper.

Apple’s App Store may still be your best option

I understand why some iPhone users would see the appeal of alternative app stores: Alternative marketplaces can focus on hosting certain types of apps that may appeal to a niche community; they may also allow for a more diverse or experimental range of apps that might not have a chance of getting through Apple’s App Store review process; and, for whatever reason, they may desire an alternative app store’s payment provider. Don’t get me wrong, I support initiatives that make it easier for smaller businesses and startups to compete with the tech behemoths.

But there is no denying that the changes the DMA brings will almost certainly force users to assume more risk, despite Apple having worked with the European Commission to understand the new regulations and implement them while keeping users’ safety in mind. Over the past two years, Schiller tells me, Apple has met with EC representatives more than 50 times to fully grasp the regulations and dedicated “hundreds and hundreds” of engineers and other employees to determining how to implement them.

What worries me is that iPhone users have grown accustomed to the safety and security Apple’s App Store provides, and they may just assume that these other app stores offer the same protections. But those protections cost Apple a lot of cash to build and maintain—and smaller, alternative app stores, no matter how noble their intentions, just may not have the ability to maintain such a high degree of security.

Users who decide to download apps from alternative app stores deserve to be made aware of the increased risks that come with doing so—something that hasn’t been widely publicized in all the reporting surrounding the DMA. This is especially important for parents of children who use iPhones to understand, since all app stores may not offer the content moderation that Apple’s does.

Of course, just because EU users will soon be able to download apps from alternative marketplaces doesn’t mean they’ll have to. For his part, Schiller stands by the App Store as continuing to be the best—and safest—place from which to download apps to the iPhone.

“I have no qualms in saying that our goal is going to always be to make the App Store the safest, best place for users to get apps,” he says. “I think users—and the whole developer ecosystem—have benefited from that work that we’ve done together with them. And we’re going to keep doing that.”

https://www.fastcompany.com/91021439/apple-phil-schiller-iphone-app-store-alternative-eu-risk-security?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss