Think EU App Stores Break Apple’s Control? Think Again
kovop58 / Shutterstock
Toggle Dark Mode
In January 2024, Apple announced significant App Store changes in Europe, leading many to believe that the App Store’s garden walls might finally be starting to crack and that the days of Apple controlling what users could install on their iPhones might soon come to an end.
Sadly, while Apple’s European changes technically opened the door to sideloading — letting you install iPhone apps from sources beyond Apple’s App Store — it came with so many provisos and hidden catches that it was a confusing mess to untangle.
That’s probably because Apple’s decision to open up app distribution in the European Union wasn’t something it did out of the goodness of its heart. Its hand was forced by the European Commission’s Digital Markets Act (DMA). As a result, it did everything necessary to comply with the letter of the law, while also doing everything it could to fight its spirit. Apple took a similar approach in the US in response to a 2021 injunction that ordered it to allow third-party payment methods — a series of moves that earned it one of the most scathing rulings we’ve ever read from a US Judge — but that’s another story.
Apple’s new policies in the European Union initially only opened the door to sideloading through “ alternative app marketplaces,” and those made things a bit weird. Users had to install a third-party app marketplace as an alternative to the App Store, and then purchase or download apps through that other online store. Apple also set a pretty high bar for who could run an app marketplace, and made it clear that it wasn’t going to let companies create one simply to distribute their own apps.
Apple didn’t provide a way for users to download apps from websites until the EU forced its hand further, and those still prohibited open web-based marketplaces. That move was simply a concession to allow developers to distribute their own apps directly to users, and — unsurprisingly — it also came with a number of additional rules and restrictions.
As if the marketplace requirements weren’t enough, Apple also introduced a fee structure for developers that was so complicated you almost needed a team of chartered professional accountants (CPAs) to figure it out. Developers who chose to remain solely on the App Store stayed under the straightforward 15/30 percent commission structure. At the same time, those who decided to venture out onto third-party marketplaces were required to deal with tiered fees for payment processing, a Core Technology Fee for every installation, and more.
Needless to say, many developers were less than impressed, and Apple’s most vocal opponents were even more irate. Epic Games CEO Tim Sweeney called it a “devious new instance of malicious compliance” and accused Apple of forcing developers to enter into complicated “junk fee” structures.
However, what was even more controversial was Apple’s decision that no app could be distributed through any method without its explicit blessing on that app. Even developers who wished to let users download their own apps from their own website had to submit those apps for review and approval by Apple before they could be installed on users’ iPhones.
Apple called this “notarization,” and claimed that it was solely to protect users from malicious apps containing malware, obvious scams, or anything that might cause security problems for iPhone users. This included apps that contained false information or misrepresented their features, as well as potentially “unsafe” apps that claimed to provide medical information but did not originate from an authoritative source, such as a drug manufacturer, hospital, or pharmacy.
For the most part, Apple claimed it wouldn’t play nanny on third-party app marketplaces like it does on the App Store. Apple Fellow Phil Schiller, who still effectively oversees the App Store, said the company would take a mostly hands-off approach to moderating the content within apps. For example, while Apple doesn’t allow “overtly sexual or pornographic material,” or “hookup” apps on the App Store, it won’t police those things on apps distributed outside the App Store. If a company wants to run an entire app marketplace dedicated to porn apps, Apple won’t stop it, as long as the apps aren’t misrepresenting themselves, trying to scam or harm users, or compromising the security of their iPhones.
Ultimately, there are things that we have not allowed on our App Store — things that we didn’t think would be safe or appropriate. It will not be our decision whether those other marketplaces have the same terms and limitations.
Phil Schiller
Although some members of the European Commission vocally objected to this approach, stating that it’s the government’s job to protect users from malware, not that of a privacy company, it appears that, despite a round of other changes, the Commission as a whole hasn’t yet made any rulings that would force Apple to alter its notarization process. However, now we’re seeing what could become a test case for just how heavy-handed Apple may be permitted to be.
The Mysterious Case of iTorrent
Yesterday, TorrentFreak reported (via 9to5Mac) that Apple has apparently revoked the notarization for iTorrent, a popular app that’s used to download and manage torrent files on the iPhone and iPad.
iTorrent was being distributed through AltStore PAL, one of the first alternative app marketplaces to open in the EU in early 2024. AltStore PAL was the brainchild of developer Riley Testut, best known for his Delta NES Emulator that finally came to the official App Store last year.
Testut had spun up a grassroots unauthorized AltStore in 2019 that required users to jump through quite a few hoops. AltStore PAL was the official EU version, distributed with Apple’s blessing to create a haven for all the apps that never met with Apple’s approval — including Delta and several PC game emulators, until Apple finally relaxed its rules on those.
Naturally, iTorrent quickly found a home on AltStore PAL. While Apple must have initially approved the app for it to land there in the first place, it appears that it has now reversed that decision, revoking the signature that’s necessary to let it be installed on Apple devices.
This appears to have started in July, as TorrentFreak reports that several users found themselves unable to download iTorrent at that time. However, nobody was quite sure what was going on until the developer revealed that Apple had revoked its “alternative distribution” right.
Apple has long prohibited file-sharing apps in its App Review Guidelines, preventing them from being distributed on the App Store. However, that rule, which appears in section 5.2.3, isn’t one of the ones marked as applying to “Notarization Review Guidelines.”
5.2.3 Audio/Video Downloading: Apps should not facilitate illegal file sharing or include the ability to save, convert, or download media from third-party sources (e.g. Apple Music, YouTube, SoundCloud, Vimeo, etc.) without explicit authorization from those sources. Streaming of audio/video content may also violate Terms of Use, so be sure to check before your app accesses those services. Authorization must be provided upon request.
Apple’s App Review Guidelines
This clause almost certainly blocks iTorrent from the App Store, as it has for years. However, it only applies to Apple’s App Store. There are almost no guidelines that apply to notarization that pertain to downloading or sharing files, except for an entirely reasonable restriction in Section 4.5.2 on Apple Music, which prohibits apps from sharing files from that specific service.
On paper, nothing in Apple’s notarization guidelines should have disqualified iTorrent — which makes its sudden removal even harder to justify.
While it’s plausible that Apple is trying to steer clear of the legal headaches that inevitably come with file-sharing apps and the pressure such tools draw from powerful rights holders, nothing in its own published guidelines suggests that’s a legitimate reason for revocation. Plus, pulling the plug now, after approving iTorrent over a year ago, feels less like a calculated policy move and more like an arbitrary reversal.
So, unless Apple is breaking its own rules (which wouldn’t be a first when it comes to App Store review policies), it seems there must be another reason why iTorrent has suddenly found itself cut off from all means of app distribution. Unfortunately, Apple’s App Store Review team is apparently being its typically uncommunicative self in this situation.
When TorrentFreak spoke with iTorrent’s developer, Daniil Vinogradov, he said that the revocation of his alternative EU distribution rights came as a surprise. Apple didn’t reach out to him at all; instead, he had to send a support request to Apple to attempt to find out what was going on.
Soon after the issues appeared, Vinogradov sent a support request to Apple seeking clarification, but that wasn’t helpful either. Instead, Apple responded with a generic message related to App Store issues.
After another follow-up last week, Apple informed the developer that their escalation team is looking into it, but nothing further. “I still have no idea if it was my fault or Apple’s, and their responses make no sense,” Vinogradov says.Ernesto Van der Sar, TorrentFreak
The folks behind AltStore PAL also got involved, with co-founder Shane Gill reaching out to Apple, but receiving no response other than a statement that “they’re looking into it.” When TorrentFreak reached out, Apple asked them to call, but the call went unanswered, as did several follow-up emails.
It’s entirely plausible that Apple discovered a security issue in iTorrent that led to the revocation of the app’s notarization. That would be well within the guidelines the company has established for alternative app marketplaces. Reasonable minds may disagree on whether those rules are appropriate, but at least they’re transparently published.
However, Apple’s response to this situation has been anything but transparent. Had it been a security issue or even a contractual one, you’d think Apple would have reached out to the developer to try to resolve the situation, even if it had to revoke iTorrent’s distribution authorization in the meantime. However, doing so without even informing the developer and then stonewalling them with boilerplate responses leaves everyone quite validly wondering exactly what’s going on here, and it’s a particularly bad look for Apple, which is still under close scrutiny by the European Commission on how it’s been complying with the DMA thus far.
Whether iTorrent’s fate is the result of a genuine security flaw or a quiet expansion of Apple’s control, the lack of transparency risks undermining Apple’s entire compliance story — and could hand the EU Commission exactly the ammunition it needs.
