Apple Calls Out EU for Contradictory App Store Rules Under DSA and DMA

[MacRumors]

Apple recently sent a letter to the European Commission (EC), criticizing recent inquiries into whether the App Store complies with the Digital Services Act (DSA) amid the separate Digital Markets Act requirements that Apple has been required to put in place.

The Commission asked Apple for information on how it locates fraudulent content, what it does to reduce the risk of financial scams in apps, and how it verifies the identity of businesses. It separately requested details on the policies Apple has in place to protect minors. Both requests were part of an inquiry into whether companies are complying with Digital Services Act requirements.

Apple's response, penned by Apple VP of Legal Kyle Andeer, answers all of the EC's questions and includes the relevant information to satisfy the request, but also points out the hypocrisy of questioning App Store consumer protections while requiring Apple to support sideloading functionality that isn't subject to those protections.

Andeer says that it is "difficult to square" the DSA investigations with the EC's "aggressive interpretation and application of the Digital Markets Act," and that the probe into Apple's App Store safeguards "defies all logic" in light of the DMA requirements. He also argues that the European Commission needs to enforce the DSA and DMA as a whole, rather than as separate policies.

It does not make sense for the Commission to press Apple to protect users, including minors, from fraud within the App Store while at the same time requiring Apple to create functionalities like link-outs and web views that increase the risk of fraud without necessary safeguards.

The Commission cannot both prohibit Apple from taking the steps it has found essential in mitigating the risk of scams and fraud on the App Store while simultaneously scrutinizing Apple for not providing even more measures to mitigate these risks on the App Store. It does not make sense for one EU law to encourage Apple to mitigate as much as possible the risk of exposing consumers to fraud or minors to potentially harmful apps through the App Store, only for another EU law to prevent Apple from using those same measures to mitigate the same type of risks just because they exist outside of the App Store. This paradoxical situation creates a regulatory structure that endorses leaving iOS and iPadOS users at risk if they choose not to use the App Store, when developers choose to use link-outs, or when users opt to use third-party products to interoperate with iOS or iPadOS. [...]

If the Commission does not consistently prioritise protecting consumers from online harms like fraud, or minors from online harms like pornography or other unsafe apps, in all enforcement contexts, including the DMA, nor use the tools it has at its disposal to resolve these fundamental frictions, the objectives of the DSA will be underachieved, no matter how sufficient Apple's measures are to comply with this specific regulation.

For context, the Digital Services Act requires very large online platforms like Apple to offer protection against disinformation or election manipulation, cyber violence against women, and harms to minors online. It also has provisions to counter fraud and mitigate dissemination of illegal content, among other requirements.

The separate Digital Markets Act requires Apple to support alternative app marketplaces and adhere to interoperability rules that Apple has continually argued weaken privacy and security. Andeer says that the Digital Markets Act "exposes users to fraud and scams" on third-party platforms, and the EC has been warned that the DMA enforcement is "reckless and even dangerous."

Apple's App Review team removed 37,000 apps for fraudulent activity in 2024, rejected 115,000 apps for unsafe experiences, and rejected 320,000 app submissions that copied other apps, were found to be spam, or misled users in some way. Further, 139,000 developer enrollments were rejected, and 146,000 developer accounts were terminated due to fraud concerns.

Article Link: Apple Calls Out EU for Contradictory App Store Rules Under DSA and DMA

 

[trusso]

“Contradictory”

Pot calling the kettle black, much?

 

[locovaca]

It’s not contradictory: monitor and enforce what is in your control, and you can’t maintain a dictatorship over what people can load on their hardware.

 

[I7guy]

Nice rebuttal Apple.

 

[RichTF]

Doesn’t seem contradictory — Big app store (i.e.: Apple’s) = Extra requirements to protect the masses of people that use it. Small app store (i.e.: Niche third-parties’) = Less legislation, because fewer people use it, and those that do will have made a more deliberate choice.

It will be interesting to see what would happen if a third-party app store did become as big as Apple’s. My guess is that it would also trigger the same sort of extra requirements, but we’ll probably never find out…

 

[Mrkevinfinnerty]

Making the rules up as they go along, bit like Apple's App review 🍿 👍

 

[Mac4Brains]

I just don't get why they don't allow a simple setup to run outside apps in emiluator form, so it does not directly interact with the OS. this way when an infection does happen, its limited to the partition attached to the emiluator. leaving the base device and OS, secure and functional.

 

[now i see it]

"Apple's App Review team removed 37,000 apps for fraudulent activity in 2024, rejected 115,000 apps for unsafe experiences, and rejected 320,000 app submissions that copied other apps, were found to be spam, or misled users in some way. Further, 139,000 developer enrollments were rejected, and 146,000 developer accounts were terminated due to fraud concerns."

Holy cow! That was only 2024
Avoid apps - is all I can recommend

 

[ProbablyDylan]

It says a lot when someone gets aggressively defensive when asked to prove they do the things they say they do.

 

[max2]

"Apple's App Review team removed 37,000 apps for fraudulent activity in 2024, rejected 115,000 apps for unsafe experiences, and rejected 320,000 app submissions that copied other apps, were found to be spam, or misled users in some way. Further, 139,000 developer enrollments were rejected, and 146,000 developer accounts were terminated due to fraud concerns."

Holy cow! That was only 2024
Avoid apps - is all I can recommend

Been like that for a long while. Close to a decade.

 

[Analog Kid]

Wow, it’s interesting to see Apple’s response here being questioned. Apple is getting right to the heart of what it means to tear down the walled garden. You can’t insist that everyone keep their back doors unlocked and then ask them to prove they’re protecting people from burglary.

And “Apple’s big and rich” isn’t a counter argument here. If the goal is a level playing field (DMA), different rules for big companies are inherently unlevel. If the goal was consumer protection (DSA) then making it easier for consumers to go to unregulated vendors is inherently less safe.

 

[Seoras]

It’s not contradictory: monitor and enforce what is in your control, and you can’t maintain a dictatorship over what people can load on their hardware.

I heard someone else trot out this line recently. "My hardware, I'll do with it what I want. No one tells me what I can/can't do".

If you own land can you just do as you like on it? Build some houses, sell them on? Or a factory? Campsite? Waste disposal?
It's your land.

We have rules in place to protect all of us whether you like it or not.
Side load away, if it makes you feel empowered what's the harm?
Well, bot nets for starters.
That's just one example of how we all need protected from what you decide to do on your "land".

If you want to side load go jail break your Android and do it.
Don't force those who appreciate the protection and privacy we pay apple for to give that up just to empower you!!!

 

[jjrtiger]

It says a lot when someone gets aggressively defensive when asked to prove they do the things they say they do.

What’s aggressive about pointing out hypocrisy?

 

[turbineseaplane]

It says a lot when someone gets aggressively defensive when asked to prove they do the things they say they do.

Yeah, it’s a bit like the person who pounds on the table in protest.

 

[Shirasaki]

I just don't get why they don't allow a simple setup to run outside apps in emiluator form, so it does not directly interact with the OS. this way when an infection does happen, its limited to the partition attached to the emiluator. leaving the base device and OS, secure and functional.

Probably because the entire iOS was loaded with tons of background processes and AI stuff that there’s no spare horsepower to run iOS emulator in the background. Also tons of engineering works for just one region (for now). It would be interesting to see if other markets follow suite and demand alternative app stores.

 

[Shirasaki]

And “Apple’s big and rich” isn’t a counter argument here. If the goal is a level playing field (DMA), different rules for big companies are inherently unlevel. If the goal was consumer protection (DSA) then making it easier for consumers to go to unregulated vendors is inherently less safe.

“Level playing field” because big players are way too powerful so they must be brought down to allow somewhat smaller players to have a fighting chance. For consumer protection because monopolistic behaviour harms consumer. Apple doesn’t need to be a monopoly to demonstrate monopolistic practices. As for the point of “unregulated vendors”, I am not sure. App Store may appear to be regulated but the track record isn’t great either.

 

[DaveTheRave]

Apple: quit your bitching and let consumers (the people that buy your expensive devices) load whatever we want on them, just like on a MacBook.

I have zero sympathy for Apple.

 

[turbineseaplane]

Apple: quit your bitching and let consumers (the people that buy your expensive devices) load whatever we want on them, just like on a MacBook.

I have zero sympathy for Apple.

Totally agree Dave.
I also appreciate your direct clarity on this. 😂 👍

 

[surferfb]

It says a lot when someone gets aggressively defensive when asked to prove they do the things they say they do.

It’s not an “aggressively defensive” letter and it’s perfectly reasonable to point out when someone is contradicting themselves, like “you’re telling us we’re not doing enough to prevent our users from being exposed to fraud here, but encouraging us to expose them to fraud over there.”

I’d argue that given their previous understanding of and answers to complex technical questions like “is MicroUSB a bad connector that shouldn’t be forced on everyone?”, “could making Microsoft give kernel access to third parties result in problems?”, and “if you force people to choose what browser they want to use, will it increase competition or is it only going to help the overwhelming dominant browser gain more market share?”, Apple might be doing the EU a favor by pointing the disconnect out - the regulators may not even understand that’s what they’re doing!

As I pointed out to you yesterday, the EU’s own cybersecurity agency says “only use the official App Store and don’t sideload apps” to stay safe online. Why is the EC forcing Apple to adopt practices that their own cybersecurity experts say make users less safe? And then they have the gall to insinuate Apple is the problem? I guess I missed when the EC regulated mirrors out of existence in the EU, but it’s clear they must have.

 

[jdawgnoonan]

Good luck dealing with political hacks who think that they understand technology. There is a reason that almost no computer based technology created in the EU succeeds globally as a rule. It really sucks because Europe is an awesome place with awesome people who just seem to love lots of messed up rules.

 

[Meatwad]

Apple: quit your bitching and let consumers (the people that buy your expensive devices) load whatever we want on them, just like on a MacBook.

I have zero sympathy for Apple.

Ok, sure. But Apple doesn’t have to protect your MacBook. So ditch the DSA.

Why is this difficult?

 

[Gummiwise]

When I’m on my MacBook Pro, I appreciate the balance between App Store products and well-vetted third-party apps downloaded directly from developers’ websites. I often prefer the non-sandboxed versions of macOS applications because they tend to offer more powerful options.

In hindsight, I’m not sure why I ever considered the iPhone and iPad approach acceptable. It is clearly not the same as macOS. I suppose I just grew used to it and stopped questioning it. But seeing how Europeans have reacted to Apple’s policies has given me food for thought.

Maybe it’s time for Apple to offer the same freedom of choice on iPad and iPhone that it does on the Mac. Those who prefer the walled-garden, sandboxed model could keep it, while those who want a more open experience could have that too.

I understand it might be a headache for Apple when a customer walks into a store with a phone compromised by something installed outside the App Store. But isn’t that already a risk with macOS when someone downloads sketchy software onto their laptop?

Ultimately, I believe in giving people the freedom to make responsible decisions for themselves. Let’s just hope they don’t end up with devices laden with spyware.

 

[germanbeer007]

you can’t maintain a dictatorship over what people can load on their hardware.

which is funny since that's exactly what EU is doing to Apple. the difference here is that Apple represents the customers more than EU representing their constituents.

 

[germanbeer007]

I just don't get why they don't allow a simple setup to run outside apps in emiluator form, so it does not directly interact with the OS. this way when an infection does happen, its limited to the partition attached to the emiluator. leaving the base device and OS, secure and functional.

that's basically safari.

 

[germanbeer007]

I do enjoy how EU completely ****ed themselves in the ass with their laws lmao.