Six Colors
Six Colors

by Jason Snell & Dan Moren

This Week's Sponsor

Clay - A beautiful relationship manager for macOS and iOS, built automatically from email, Contacts, calendar, iMessage, LinkedIn, and more. Try it free for 60 days.

By Jason Snell

Answering the burning questions about Apple’s reported App Store plans

App Store
(Shutterstock)

Lawsuits, new laws, and proposed regulations have been swirling around Apple and some of its core business practices for years now. But on Tuesday came the first report—from Bloomberg’s Mark Gurman, perhaps the most reliable breaker of secret Apple news—that Apple’s planning on changing its App Store policies in major ways.

This is a report with a lot of details, portraying Apple’s reaction to a complex and evolving set of circumstances around the world. But Gurman’s track record strongly suggests that this is real—and it means big changes are afoot for many users of iPhones and iPads.

I have lots of questions, as I know most of you have. Here’s what I think this all means, at least based on what we know right now.

What did Gurman report?

According to Gurman, Apple recognizes that the Digital Markets Act, recently passed by the European Parliament, will probably require major changes to Apple’s business beginning in 2024, and has begun to mobilize its software engineering groups to alter its software and policies to adapt to those new rules. The changes would be a part of the iOS 17 cycle sometime in late 2023 or early 2024.

The highest-profile aspect of the changes would be the ability to install apps on iOS and iPadOS devices outside the auspices of the App Store. Apple might also need to make iMessage interoperable with other messaging systems, though Gurman reports that Apple hasn’t decided if it feels that is necessary. Apple is also moving to provide broader third-party access to various underlying interfaces that are currently reserved for Apple’s own use.

When and where would these changes occur?

The European Union is driving the changes, and most of the rules that impact Apple will take effect in 2024—but Apple’s software-development apparatus is enormous, and it needs to begin moving now in order to be ready when the laws come into effect.

I would expect that many of the changes Apple would make, specifically third-party access to software interfaces currently limited to Apple, would be available to everyone worldwide. It seems unlikely that Apple would prefer a patchwork of rules—instead, it will probably just announce that access as new developer features of iOS 17.

Some specific features—like the ability to add non-App Store software—might not be enabled outside of regions where it is required. I seriously doubt that any dedicated user in, say, the United States will be unable to enable that feature if they really try, but it’s possible that Apple will make such a feature invisible, unofficial, and unsupported outside of the EU. It all depends on just how quickly Apple wants its entire world to change and how worried it is about potentially losing App Store revenue.

One advantage of slow-playing the loosening of restrictions is that if something were to go catastrophically wrong in the EU, Apple might be able to make the case to other regions that it was a mistake. Of course, the other possibility is that none of its warnings about the evils of sideloading come into existence, and it would be left with no cogent arguments about why it’s restricting that freedom from the rest of its users.

Of course, it’s in the best interest of Apple’s users worldwide to have their devices work the same anywhere in the world. Apple knows this. The question is, how much pain is it willing to put itself and its users through in order to not allow the Digital Markets Act to wreck its existing business model in the rest of the world?

How would this work in practice?

It’s one thing to say, “no more App Store exclusivity.” It’s another thing to walk through exactly how that would work in reality—something that it seems everyone at Apple has been doing or is doing right now.

My guess is that Apple will add a switch to the Settings app (probably buried down deep, behind a sign saying Beware of the Leopard) that enables the installation of non-App Store apps. (This is what Android does.) Apple will probably give it a name like “Allow Untrusted Apps” or something similarly scary and will undoubtedly follow any attempt to turn it on with a scary alert on the level of “This App May Kill You“.

Once all the ooga-booga is done, you will be able to install software from third parties. This will probably primarily come via downloads in Safari, and when tapping on an app download link, you’ll probably see yet another warning. I’d also bet on an additional warning when you tap to install the app on your home screen and when you first launch the app. Apple will probably warn you, a lot, and probably ask you to authenticate via password or biometric identification, too.

(While I’ll entertain the idea that Apple will be forced to allow alternative app stores into its own App Store, I kind of doubt it will do so unless it’s literally required in the law. It will make it as inconvenient as possible for users to get to the point where they can leave the App Store—but they won’t stand in their way if they want to do it.)

Once you’ve got an alternative App Store installed, I would imagine that installing a new app will display a warning or demand to authenticate. But beyond that, you’ll be in a new world—installing apps from somewhere else, with your credit card connected to someone else’s payment system.

But what about security?

I don’t know if Apple’s higher-ups considered the evolution of the Mac over the last few years as a testbed for iOS and iPadOS, but I’m sure many people at Apple noticed that macOS has been trying to create a system of guardrails for third-party apps on a system that fundamentally will let users install any software they want. As of today, that’s valuable research that can be repurposed for iOS and iPadOS.

On the Mac, Apple offers a tiered system of security permissions. One setting allows only apps from the App Store. But if your Mac is set to allow software from outside the App Store, Apple does not abandon its responsibilities as the platform owner.

Non-App Store apps are checked to see if they are notarized, which means they’ve been cryptographically signed by a valid Apple developer, uploaded to Apple’s servers, processed by an automated system that’s scanning for particularly bad stuff, and then given a seal of approval by Apple.

Apple makes no real attempts to get in your way and warn you about notarized apps—there’s a warning message the first time you launch it, and that’s it. They just work, though Apple does have the power to kill them (and, in fact, kill all apps on the associated developer account) if they detect dangerous behavior. I would imagine that Apple would want to keep this sort of power on iOS, within legal restrictions.

Notarization warning dialog box

So what about apps that aren’t notarized on macOS? As an Apple representative said on stage at WWDC back in 2019, Apple wants you to be able to run any code you want on the Mac… eventually. But non-notarized apps have to go through some extra hoops.

If you double-click on an app that hasn’t been notarized, you will get a scary message that says, “This app cannot be opened because the developer cannot be verified.” You’re given two options—Cancel and Move to Trash. Harsh! This is designed to stop gullible people from being talked into installing malware.

But of course, there’s a workaround: If you control-click on an app and choose Open from the contextual menu, you’ll be prompted by a different message:

macOS cannot verify the developer of this app. Are you sure you want to open it? By opening this app, you will be overriding system security which can expose your computer and personal information to malware that may harm your Mac or compromise your privacy.

In addition to the textual difference, you’ll be given three options: Move to Trash, Cancel, and… Open. Click Open, and the app is blessed by the system and will run without complaint thereafter.

I imagine that Apple’s approach on iOS would be similar: signed apps would be launched with ease, while unsigned apps of unknown provenance would be installable only after some serious rigamarole. (It’s also possible that Apple would omit support for unsigned apps altogether—but only if it’s not legally untenable to require notarization! It might be.)

macOS also has an active malware scanner and the ability for Apple to rapidly release new malware rules to stop the spread of any app it deems to be malware. I would imagine the same system would be built for iOS.

Opening iOS up to apps beyond the App Store will likely expose some security flaws in iOS that Apple will have to address. The simple fact that apps will be running that were never a part of Apple’s approval process will mean that Apple may need to lock down its security in ways that it never did when it was rejecting any app that misbehaved in certain ways. (Yes, it turns out that the App Store approval process does have a reason to exist beyond just being a way for Apple to exert control over developers and users.)

With all of this, it’s still inevitable that there will be stories about rogue apps on the platform. Apple will probably need to use its kill switch. There might be debates about Apple using that switch irresponsibly—though on the Mac, Apple has been extremely light-handed with the kill switch, as it should.

Won’t this cost Apple money?

Almost certainly, though Gurman’s report suggests that European App Store revenue is probably less than 2% of Apple’s overall revenue. And I’m still convinced that there won’t be an exodus from the App Store or even Apple’s In-App Purchase system due to the convenience offered by the platform owner’s defaults and the power of Apple’s own payment ecosystem.

Also, Apple has shown it has other ways to extract revenue from developers on its platforms. In regions where third-party payment systems were mandated earlier this year, Apple just instituted a royalty for using its platforms, forcing companies to pay 26% of all in-app payments to Apple. Congratulations, you’ve made it outside—now pay us.

There are plenty of ways this could go, so long as the new laws don’t make it illegal. For example, perhaps Apple revamps its developer membership system to change the annual fee to use its tools based on total app revenue (less the official channels) so that a small developer might only pay $1000, but Epic Games might pay $1,000,000. (Bloomberg suggests Apple might charge companies a cut of revenue in return for notarization.)

It remains to be seen what Apple can get away with in this regard, but I would not expect a world where companies are able to make a business out of Apple’s platforms without Apple finding some way of extracting payment. Apple will get its money if it can legally do so.

What about in-app purchases?

An open question is if apple will allow (or be forced to allow) App Store apps to offer third-party payment systems. It depends on the law—I don’t know if Apple has to open up payments within its own silo or if allowing apps to be installed outside the silo is enough. I can imagine Apple telling Amazon that if it wants to write an iOS app that lets users buy Kindle books directly from Amazon via in-app purchase, it’s welcome to—but that version of the app can’t be in the App Store.

The alternative is that we’ll see something like what Apple has implemented in a few countries in a few app categories: A strict warning message followed by the ability to circumvent Apple’s payment systems. Apple might try to charge a fee for all those transactions, and most developers might opt to keep using Apple’s system because it’s just more convenient and offers less friction for users. But some developers—who make a killing on in-app game purchases or who are reselling digital content with tiny profit margins—will probably take advantage of whatever is offered.

What’s the world going to look like after this happens?

You know. Round… blue. Pretty much the same as now. I really have a hard time seeing most members of the public turning off App Store protections and installing separate App Stores. Yes, it will happen, but the Play Store is still the place to be on Android, despite its long-time support for sideloading. In fact, Android developers have found that leaving the Play Store and going it alone is quite bad for business. Bet on the status quo.

But of course, there are those who will be motivated—either by the possibility of an enormous revenue boost or because their apps simply wouldn’t be allowed on the App Store—to go it on their own. Third-party developers will offer apps for download, with FAQ pages on their websites showing how to install their apps.

Some entrepreneurial types will build alternate App Stores. Count on that. Epic Games will absolutely do it, and I’d expect Steam, maybe Amazon, and also services like SetApp to take advantage of this approach.

While so much attention has been given to the squabbling of large tech companies over their cuts of millions of dollars, I’m much more excited about the idea that there are numerous apps that currently can’t exist on iOS because Apple has deemed them unacceptable for policy reasons, many of them inscrutable.

I keep thinking about emulators. Emulators aren’t allowed on iOS, basically. Not only does this cover legally murky video-game emulators (which still exist but are very inconvenient to get up and running), but also legitimate emulators like Parallels and VMWare. You know, an M2 iPad Pro probably can do a good job of emulating Windows 10… and macOS, come to think about it! How about that?

But let’s not forget the chilling effect Apple’s policies have had on iOS software development. How many amazing, groundbreaking, platform-changing apps have simply not been pursued by developers because if they’re rejected by Apple, there’s nowhere for those apps to go? Today, a final rejection by the App Store is a death sentence. In 2024, a developer might create a new app with the hope that it would be approved by the App Store—but would be willing to distribute it themselves as a fallback. And who knows, maybe Apple might adjust its own arbitrary policies to allow a broader selection of apps in the App Store rather than lose those apps to the outside. (It’s happened on the Mac.)

What else might change besides the App Store policy?

Gurman’s report says that Apple is planning on opening up other APIs on the system as a result of the pending EU rules. That means that even if you stay within the App Store ecosystem, you may see apps with more power and access than they had before.

Gurman suggests that Apple is considering not requiring that every app on iOS use the WebKit browsing engine. Currently, every webpage view on iOS is parsed by Apple’s WebKit engine—even if you run Chrome on iOS, you’re running WebKit, not Google’s Chromium engine. If this rule changed, Chrome could be a true alternative browser, not an alternative wrapper around the same browser.

Other areas of hardware access include more app access to Apple’s camera subsystem and to the NFC hardware used for Apple Pay, HomeKey, and other systems. (Apple currently restricts NFC use to its own apps, primarily Wallet.) Some of these changes might be esoteric, but others might be huge! It’s hard to tell right now.

Will this change the iPhone as we know it forever?

Yes, probably. This is a big deal. But I suspect things will change less radically than you might expect in some ways. Apple has benefited from a huge home-field advantage as the platform owner. While those advantages may be watered down, they will still exist. Apple’s in-app purchase system will probably still be the most convenient way for app developers to take payments—but it will now have competition. In the end, most developers might end up staying with Apple while reaping the benefits of Apple having to change its own policies in order to compete with the alternatives.

Perhaps counterintuitively, changes like this may also ultimately improve Apple’s products, making them even more successful than before. Thus far, Apple has chosen guaranteed revenue via exclusivity instead of allowing more competition—even if the competition might make the experience of using an Apple product better. It may discover that some of the things it has been fighting against actually accrue value to its devices. If an iPad can emulate Windows 10 or a Nintendo Wii, or even a Mac, doesn’t that make the iPad a more desirable product?

If Apple has been insisting on complete control merely to protect itself from competition it knows it can’t win, it will be in for a rough ride. But I suspect that Apple’s motivations have been much more about maximizing revenue and control—key tenets of Steve Jobs’s philosophy, which has become a core of Apple’s own corporate culture—and not about feeling it’s unable to compete. That said, there are some areas where Apple has not yet had to compete, and in those areas, it will now need to make more of an effort. That, too, will benefit users—and ultimately, make the iPhone and iPad better.

If you appreciate articles like this one, support us by becoming a Six Colors subscriber. Subscribers get access to an exclusive podcast, members-only stories, and a special community.


Search Six Colors