On Tuesday, Bloomberg reported that Apple is preparing to allow access to third-party app stores on all iPhone and iPad devices owned by EU users, in anticipation of a new EU competition law coming into force in mid-2024. If the reporting is correct, then in future users in the EU will no longer be confined to the "walled garden" of the App Store and will be free to download apps from stores owned by companies other than Apple. If it happens, the move will bring both increased freedom and increased security risks.
The Digital Markets Act
The Digital Markets Act (DMA), also referred to as Regulation (EU) 2022/1925, was introduced by the European Commission, the executive arm of the EU, in December 2020 and was recently signed into law, in September 2022. It aims to "ban certain practices used by large platforms acting as 'gatekeepers' and enable the Commission to carry out market investigations and sanction non-compliant behaviour".
It targets the most prominent "Big Tech" companies operating within the EU. The Commission has yet to provide a list of gatekeepers, but Apple is expected to be one of them.
A gatekeeper is defined by the DMA as a platform operating on one or more of the world's digital core services, which includes advertising, search, and social networking, in at least three EU countries and satisfies the following criteria:
- Has an annual turnover of 7.5B EUR ($8.2B) or a market capitalization of 75B EUR ($82B)
- Provides certain services, such as browsers, messengers, and social media, that have 45M EU users per month minimum and 10,000 annual business users
Non-compliant gatekeepers could be subjected to fines of at least 10 percent of their previous year's annual worldwide turnover (20 percent for repeat offenders). Systemic violations could lead to a ban on acquiring other companies for a particular time.
"The agreement ushers in a new era of tech regulation worldwide. The Digital Markets Act puts an end to the ever-increasing dominance of Big Tech companies," said Andreas Schwab, an Internal Market and Consumer Protection Committee of the Parliament rapporteur. "From now on, they must show that they also allow for fair competition on the internet. The new rules will help enforce that basic principle. Europe is thus ensuring more competition, more innovation and more choice for users."
"As the European Parliament, we have made sure that the DMA will deliver tangible results immediately: consumers will get the choice to use the core services of Big Tech companies such as browsers, search engines or messaging, and all that without losing control over their data."
New laws, new risks
Indeed, the DMA could usher in new business opportunities for small businesses and app developers, and give European users access to more apps and different pricing models. But with change comes challenges. Apple's move to open the platform for other app stores threatens its services business and could introduce security risks.
Apple told Reuters that "allowing sideloading, bypassing its App Store, exposes users to security and privacy dangers". On the other hand, some regulators and Apple critics say these are overblown.
Thomas Reed, Malwarebytes Director for Mac and Mobile, disagrees, and thinks Apple may take extra steps to beef up security around apps from third-party stores.
There's a lot of potential for this to undermine Apple's security, so I'd expect there to be a lot of effort put into securing it. It's possible third-party app stores, and apps downloaded from them, will have to run in some kind of sandbox that limits what they're able to do,”
Alternatively, says Reed, Apple might let users embrace a less secure environment.
It's also possible Apple will create a less-secure mode, somewhat like Android's developer mode, that users have to turn on explicitly. Although I don't think this is likely and seems more out-of-character for Apple, as it would open up the device to more abuse.
He sees problems with potentially unwanted programs (PUPs) either way though.
Regardless of how they do it, I expect to see a big problem with PUPs in those third-party stores. Apple already has a problem policing its store, and they have way more resources to throw at it than any third-party would. I also see the potential for bogus third-party stores, not just app scams.
We'll be entering a whole new world where users will be able to download from numerous untrustworthy sources. I predict security issues will abound as a result.
We don't just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.