Apple Won’t Play Nanny in Third-Party App Marketplaces

two people silhoutted in front of large Apple logo Credit: Zhiyue / Unsplash
Text Size
- +

Toggle Dark Mode

Apple is set to make some big changes in the way iPhone apps are distributed in the European Union, and while these may not be everything the App Store’s critics have been hoping for, it’s a small step in the right direction overall — and potentially a very big one for those who have been frustrated by Apple’s sense of App Store etiquette.

Thanks to its hand being forced by the EU’s Digital Markets Act (DMA), Apple has begun the process of allowing iPhone apps to be distributed through third-party app marketplaces rather than just its own App Store.

This means that iPhone users in 27 countries will soon have other sources from which to download apps. These could arrive as soon as March when the DMA goes into effect; the changes needed to make this work will be included in iOS 17.4 when it’s released next month, although it’s unclear when the new app marketplaces will be ready to launch.

To be clear, this isn’t the true sideloading that many had hoped for. You won’t be able to download an app from any website and install it on your iPhone the way you can on a Mac or PC. All iPhone apps will have to come through app marketplaces approved by Apple — and they’ll also have to be reviewed and “notarized” by Apple before they can be installed on an iPhone.

This means Apple will still have some control over the process. The company claims this is necessary to ensure the safety of its users, and, to be fair, it’s probably right.

After all, considering how many malicious websites are already trying to attack iPhones with malware, it’s not hard to imagine the chaos that would ensue if full apps could be installed on your iPhone from random links and emails. That’s a Pandora’s box that Apple has no intention of opening.

Apple could theoretically make sideloading an opt-in feature by burying a switch somewhere in the settings — that’s what many folks thought would happen — but it seems the company would rather avoid the risk altogether. Hackers could still find a way to manipulate that switch through exploits or simple social engineering tactics — convincing unsuspecting users that they need to turn it on for some reason.

Instead, Apple is making sure there’s no possibility for an app to find its way onto an iPhone unless Apple has determined it’s safe. It will do this by “notarizing” or “signing” any apps distributed on third-party app marketplaces, just as it already does for the App Store.

Even those apps created for internal company use and distributed through its Enterprise Developer Program need to be signed; however, Apple delegates that signing authority to members of the program through a master signature — a signature that can still be revoked if a company abuses the privilege. That’s happened on several occasions, from a shady Facebook “Research” app to a huge underground marketplace of hardcore pornography apps and real-money gambling apps.

Relaxing App Censorship

Perhaps ironically, Apple’s new app distribution rules may remove the need for that second scenario — at least in Europe.

While Apple still plans to review every app that lands on your iPhone, those destined for third-party app marketplaces will only get a “basic” review process. This review will cover safety and security but won’t make any judgment calls on the type of content the app contains — as long as it’s legal, of course.

This was already strongly implied when Apple first announced these changes, but now App Store Boss and Apple Fellow Phil Schiller has made it clear that the company will take a mostly hands-off approach in moderating third-party app marketplaces.

In an interview with Fast Company, Schiller said that Apple is only concerned about the image of its own App Store and doesn’t particularly care what rules other app marketplaces set for the kinds of apps they want to host and distribute. As long as they don’t break your iPhone, violate any laws, or try to scam you outright, Apple won’t do anything to prevent them from being published.

Ultimately, there are things that we have not allowed on our App Store — things that we didn’t think would be safe or appropriate. It will not be our decision whether those other marketplaces have the same terms and limitations.Phil Schiller

Schiller is spinning this as something less than ideal, and he’s partially correct. The App Store has generally been a trusted place to download apps, with the knowledge that most of the things you’ll find there are mostly “PG-13” in tone. Apple does have a “17+” rating for apps that contain simulated gambling, sexual content, nudity, or depict alcohol/tobacco/drug use or realistic violence. Nevertheless, even those tend to be extremely tame compared to what you’ll find on the internet at large.

For example, when it comes to the App Store, Apple doesn’t allow “overtly sexual or pornographic material,” or “hookup” apps, or apps that contain “inflammatory religious commentary or inaccurate or misleading quotations of religious texts or those that “depict or encourage illegal or reckless use of weapons and dangerous objects, or facilitate the purchase of firearms or ammunition.” The same goes for extremely violent apps that feature “realistic portrayals of people or animals being killed, maimed, tortured, or abused, or content that encourages violence.” Games cannot feature “enemies” that represent a specific race or culture, or any other real entity such a government or corporation.

However, none of those restrictions will be in force for third-party app marketplaces — at least not on Apple’s part. If a company wants to run an entire app marketplace dedicated to porn apps, Apple won’t stop it — nor can it, as the DMA prohibits Apple from interfering in the new free market for apps.

Apple also has no control now over apps that contain other harmful content that can run on its iPhones. This means it’s entirely possible that apps with neo-Nazi content, for example, could soon be available through various alternative app stores, provided that they don’t break local laws. The same goes for apps that allow for the creation of deepfakes or that are designed to spread misinformation. Also, if an app from one of these marketplaces infringes on the intellectual property of another company—say, one that lets users stream pirated Netflix shows—copyright holders would need to work with the alternative app marketplace, not Apple, to rectify the situation.Michael Grothaus, Fast Company

The cautionary tale is that Apple won’t enforce parental controls, either. That’s up to the third-party app markets. Still, the good news for parents is that they should have some control over whether their kids can install and access these third-party app marketplaces — Apple says that “features like Screen Time, parental controls, and Spotlight will continue to function and maintain Apple’s security, privacy, and safety standards.”

App Store Awards

Nevertheless, it seems that Apple will still be enforcing a few content restrictions on those apps it notarizes for third-party marketplaces. In addition to preventing scammy apps, it will refuse to notarize apps that could cause physical harm. It’s updated its App Store Review Guidelines to mark those categories with a key icon, and they include:

  1. Apps that contain false information and features, including inaccurate device data or trick/joke functionality, such as fake location trackers and apps that enable anonymous or prank phone calls or SMS/MMS messaging
  2. Medical apps that could provide inaccurate data or information or be used for diagnosing or treating patients will be rejected if they’re not legitimate. Apple will still block “apps that claim to take x-rays, measure blood pressure, body temperature, blood glucose levels, or blood oxygen levels using only the sensors on the device.” Since that’s not possible, these would come under “scams.”
  3. Drug dosage calculators will only be approved if they come from an authoritative source, such as a drug manufacturer, a hospital, a university, a health insurance company, or a pharmacy.
  4. Apps that encourage the consumption of tobacco and vape products, illegal drugs, or excessive amounts of alcohol.
  5. Apps that display DUI checkpoints that are not published by law enforcement agencies,
  6. Apps that encourage drunk driving or other reckless behavior like excessive speed.
  7. Apps that urge customers to participate in activities or use their devices in a way that risks physical harm to themselves or others.

Considering the legal quagmire of the above categories, it’s understandable that Apple won’t want to “notarize” any such apps. Even if they’re not all entirely illegal, many would certainly be tiptoeing around that line.

Beyond that, Apple will check apps to make sure that they have accurate metadata, don’t include any viruses, malware, or hidden or misleading features, and don’t egregiously abuse the iPhone hardware or user experience, such as requiring a reboot after installation or asking users to adjust unnecessary settings.

Sadly, there’s one other piece of bad news for those hoping that app marketplaces might open the door to “emulators” — apps that can run other apps inside of them. Notwithstanding Apple’s new attitude toward game streaming services, the rule against apps that “download, install, or execute code which introduces or changes features or functionality of the app” still stands, both on the App Store and for third-party app marketplaces. However, since games and mini-apps are now an exception to this rule, it will be interesting to see where the lines are drawn.

Social Sharing