Apple's malicious compliance: app sideloading will remain impossible on your iPhone

Apple follows EU Digital Markets Act by introducing hefty fines for independent software developers. Expensive fees will restrict the use of alternative app installation.

2024-02-13
Apple's compliance with DMA comes at a high price for developers.
With new EU rules and regulations, Apple is now required to allow the sideloading of apps to iOS devices. In an act of malicious compliance Apple will be allowing the introduction of alternative app stores and installation, but will be charging any developers who take this route absurd commission fees. This form of pay-to-play is more akin to extortion than allowing for more device freedom.
SIGN UP

The European DMA is a great legislation, but unfortunately full of holes like a Swiss cheese. It's meant to break Apple's monopolistic power, but with the malicious compliance that Apple has proposed now, this will not be achieved.

We are quite shocked how brazen Apple is "complying" with the DMA. The EU wanted to break Apple's power with the DMA, but instead the company is dancing around on the EU's nose. This shows the need for a better regulation in the interests of users - and all app developers.

Apple is flexing their tech giant status by raising a defiant though compliant response to the EU's recently launched Digital Markets Act. The new law, among other things, will require Apple to allow for the sideloading of apps on iPhone and iPad devices. Notoriously opposed to this practice, Apple has continued to require developers to use their tightly controlled app store environment if they wish to make their apps available for iOS users.

Google has long had alternative means of installing apps on Android devices like F-Droid or even the Aurora store. It took legal action from the European Parliament in order to finally push Apple to make their devices more accessible to developers wishing to use their own installers. One such company, chomping at the bit to take advantage of this change is Epic Games.

Malicious Compliance at best, mob-style extortion at worst

Apple has now made the move to allow for app sideloading on iOS and will be allowing non-Apple app installers. This major change doesn't come without consequence for software developers who are eager to take the jump outside of the App Store publishing environment. Apps which achieve a high-level of popularity are hit with a massive "Core Technology Fee" which will charge developers .50€ for every first download for an app which has been downloaded more than 1 million times.

For successful projects, this will be a major bill once they pass the finish line. App downloads will not stop at 1 million and Apple will be waiting with an outstretched hand for their cut of the profits. And if this were not enough payout for Apple, they will be counting app updates as additional first installations. This kind of practice will punish independent developers and smaller teams for being successful.

App developers on Twitter are in open outrage about Apple's new policy which is a prime example of malicious compliance:

Apple's heavy fees punish small developers for wishing to publish their software their way. Screenshot of the Apple fee calculator for the new policy in reply to the DMA. Source: Twitter

It seems like Apple is forgetting their roots. Apple was initially a feisty startup and now that they have climbed the top and can force others to use their products and publishing environments, they are kicking the ladder down forcing the next generation to pay outrageous fees. If developers are nice and compliant, sticking with Apple's app store they will be stuck paying the standard 30% commission back to Apple. Either way Apple allowing sideloading will generate them millions in profits.

The only things that are certain are death, taxes, and Apple's high commission fees.

In a report from The Verge, they estimate that if Meta were to launch the Facebook app under these new rules and regulations they would end up paying Apple upwards of €67 million per year. For a tech giant which generates their own massive amount of revenue through advertising and the sale of data, this high entrance fee might be worth stomaching. Small time devs who got lucky when their app went viral may not be capable of paying these kinds of fees, especially if their app falls out of the spotlight and they are left paying enormous commissions.

Apple's Ride or Die Moment

Beyond their threatening posture of sticking with Apple's standard commission structure or choosing their new maliciously DMA compliant policy, Apple is requiring devs to pick a team and play. Once a developer has chosen which way they wish to proceed with distributing their applications, they are stuck with that model. If your company chooses to take the sideloading approach and opt for alternative payments, Apple will not allow you to offer their standard payment model in the future. Your app will be branded with their payment scare banner, which will likely frighten off a number of potential customers who would otherwise buy your app.

Apple is deploying scare tactics to frighten away customers.

After all this is Apple's turf.

If being burdened by these heavy commission fees wasn't enough, developers wishing to offer their iOS apps available for download from their own webpage face even greater humiliation. Apple will be forcing these developers to display a scare banner which tries to scare the end consumer away from a direct download and push them to Apple's App Store. These lazy scare tactics are pushing a scarlet letter upon developers, which is not only disrespectful, but it also denies the possibility that anyone can offer better security than Apple. This claim is far from the truth, as witnessed by their multiple attempts to introduce device side scanning of user devices.

Android vs Apple: Better Options for Sideloading

Google has long been open to allowing sideloading of software on Android devices, even if they push an aggressive monopolistic strategy for locking in search dominance. F-Droid is the largest non-Google app store available for installing free and open source programs on your Android devices. The store functions in the same manner as the Play Store, but doesn't push any ads or track its users. F-Droid even allows for the anonymous downloading and installation of apps. One downside to this repository is that there are some apps distributed in the Google Play Store which may not be available on F-Droid. One workaround for when are apps not available on F-Droid is through the Aurora store. Aurora is an app store, similar to others which allows you to download apps anonymously from the Google Play Store. If these options weren't enough you can also directly install APKs on your Android devices.

For developers these options make rolling out your software and apps much easier than when trying to use the Apple App Store. Publishing on F-Droid, for example, has the major advantage of being zero cost to the developer. This is perfect for small teams or indie devs just looking to launch their program without being forced into steep commission contacts like they would be when publishing for Apple devices. There is also a freedom here for developers which allows them to shop around for the best distribution platform that fits their company size and expectations. This is not the case with Apple.

Apple, while being legally required to allow for alternative app stores which allow similar possibilities like F-Droid and Aurora allow on Android, will only be making these visible after being manually enabled. Apple plans to bury this toggle option deep within the settings menu, so the average user who isn't explicitly searching for app store alternatives will likely never use them. Once again, this is Apple pushing their app store monopoly by making it increasingly difficult for their competition to find footing.

The EU DMA rules are put in place to try and level the playing field and create a space for smaller companies to operate without being forced to kiss the ring of Big Tech. Apple is flagrantly snubbing their nose at these proposals. The current state of affairs is gloomy, but the European Commission will be reviewing the changes put into place by Apple in March of 2024. Until then, if you are looking to sideload apps on iOS 17 you will be doing so at a high cost to developers. The goal of the internet was to be a place of freedom, but corporate greed has nearly strangled that spirit.

We are only as private as those we are communicating with

These policies introduced by Apple in response to the DMA don't only impact the developers looking to land their apps on iOS devices, but also the end users. If the price of apps increases for those who have purchased Apple devices, it is likely that they will find themselves stuck in even more of a walled garden than before. If developers flee the platform by making their apps incompatible with iOS, then customers who have purchased these devices are at an initial loss by a decreasing software library. This is made worse by the fact that many secure messaging apps are offered for free, like Signal. The Signal Foundation offers the app for free and it is one of the most popular instant messaging apps in the world, but this popularity would bring about a painful amount of commission fees should they wish to offer it for download through an alternative app store.

The interconnected nature of the internet means that someone else's weak security can have a negative impact on your own security. You can keep your number private, never sharing it with companies or websites, but if your friend has your number and willingly allows every app access to their contacts, then your information is exposed as well. For privacy and security to increase, it needs to be available for everyone regardless of platform. When others are more secure, we are more secure.

By implementing these measures which spit upon the rules and obligations set in place by the Digital Markets Act, Apple is acting like they are the true owners of your device. If they don't want you to use the hardware you paid for the way that you wish, they simply make it nearly impossible for anyone to make that offer available to you. They present themselves as owners of all their users devices whereas they sold them to their users. It should be up to the users if they accept direct payment or if they want to install apps from other sources. This has worked for decades on all other platforms like Windows, Linux, MacOS and Android. No one needs Tim Cook as their legal guardian.

Not what the EU DMA had in mind

We pretend that there are many options when it comes to smartphones, but let's be honest there are two choices: Apple or Android. This is a running theme in America, Coke or Pepsi, Republican or Democrat, and it looks like Big Tech followed the trend. The goal of the EU Digital Markets Act was to try and limit the gatekeeping power that big tech companies are wielding over the global user population. These companies, with all respect, played a central role in building the internet which has become an inseparable part of our lives, but they built it around themselves, making their products and services nearly a requirement for the average non-technically minded person. (Yes, I know your favorite Linux distro is easy-to-use, but that is another argument.)

Yes, Apple is currently allowing what is required of them by the DMA, but the question is whether or not it benefits anyone other than Apple. Supporters of Apple's approach might argue that deploying your apps and software on Apple devices isn't necessary, but is a voluntary choice. This is also technically correct, but who in the right mind would willingly ignore nearly one-third of possible global customers? This would be akin to a private company building a brand new road. You would like to open a gas station and seeing as most people are paying to use that new road, you would like to set up shop. However, upon setting up your store, Tim Cook shows up with a metaphorical baseball bat pushing you to pay additional operating fees. If you don't want to pay the fees, you will need to setup shop somewhere else. Tough cookies if there aren't enough customers. Either pay or go away.

Apple's alternatives are unusable

For all the reasons outlined above, we at Tuta Mail will not be able to offer our app on alternative platforms (like we do on Android via F-Droid) or via direct download from our website for iOS (which we also offer to Android users since almost one decade already).

Apple's new rules are so bad, we can not offer our app under these conditions because:

  1. Once on the new policy, you can never go back.
  2. Threat of 0,50 euros Core Technology Fee for every install - even if you offer a free app.
  3. Scare screen when using alternative payment options will kill revenue.

The last point is maybe the worst of them all: We do a lot of testing to make upgrading easiest for our users. From our tests we can estimate that adding a scare screen as proposed by Apple would stop 40-50% of our users to complete the upgrade.

Thus, there's no other way: we must stick with Apple's original policy. The new suggestions by Apple are unfair and will not break Apple's monopolistic power.

Rotten to the Core

Anyone with eyes can see that Apple is only taking the legally required steps in opening their platform. These actions are not creating an open honest marketplace allowing for fair competition. The current offering for allowing expensive sideloading, limited use of alternative payment methods, and deceitful scare tactics show Apple's true self: nothing more than a monopolistic bully. The EU Commission will be reviewing these new policies in March of 2024 and we are keeping our fingers crossed, along with other software developers who simply want fair treatment, that they come down hard against this disrespectful act of compliance made by Apple.

SIGN UP
Author
Black and white picture of Matthias thinking and looking to the right side.
Matthias is co-founder and developer of Tuta, focusing on backend development, architecture and email processing. He writes code and political comments to fight for our human right to privacy. He wants to create an encrypted cloud collaboration platform which is so easy to use and so secure that it locks out all the spies. We all deserve a better internet - one where privacy is the default.
Top posts
Threat Modeling In 2024: Your Guide For Better Security
10 Best Private Email Services in 2024
Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US
Why Use A Password Manager - And Our Top 3!
Anonymous email: Create an email address without a phone number.
The Illusion Of "Swiss Privacy" Being The Best
10 best free email accounts in 2024
Latest posts
Increase your privacy with these Android security settings.
The American Privacy Rights Act stands to be America's GDPR
Google Search Is A Problem: How Google Is Crushing Tuta.
The XZ Backdoor on Linux and the importance of Open Source Software
Terminate subscription
Company
Community
Team
Jobs
Terms
Privacy
Legal notice
Development
Changelog
Roadmap
Security
Encryption
Open Source
GitHub
Features
Secure Email
Encrypted Calendar
Business
Support
Forum
Press
Support
Language
English
Translate