Apple Slaps Warnings on Apps Using External Purchases in the EU [Updated]

[AppliedMicro]

Reported by two publications, and the EU didn’t deny it when asked by Politico (who said they “saw the correspondence”.

What type of correspondence?

Quite: “Apple executives contend that the firm made a series of proposals to Brussels over the course of 2024 but was met with silence as to whether those proposals would put them on the right side of the law”

So Apple’s executives - now known for “outright lying” even in a court of law - claimed it.

They publicly published the proposed change here

That is not a “proposal” - that is an announcement.

And yet, what they actually implemented is much “scarier”, much more anticompetitive than what they announced.

To quote the article: “The EC raised no objection to the new disclosure proposal, but insisted that Apple not implement the changes at the time.”

Even if they did, the question remains:

👉 Why did they not implement the announced neutral disclosure?

When and despite knowing that the law requires them to refrain from “mak(ing) the exercise of those rights or choices unduly difficult, including by offering choices to the end-user in a non-neutral manner”?

👉 Also, why didn’t they design a neutral label in the first place - when that’s required by law?

Apple are gaslighting you, Gruber and the public.

 

[germanbeer007]

If doing a payment outside of the app store, then apple doesn't need your credit card details.

Dead wrong. Actually, funnily enough, some EU countries have laws that require a valid payment method on file from Apple before buying free apps.

 

[germanbeer007]

No but it says the app doesn’t support the App Store’s “private and secure payment system” which leaves the impression that what the app does support might not be private and secure.

which is true
I can build an insecure and totally not private billing process for my app
I can also build a secure and totally private billing process for my app.

Since Apple does not review this process, they cannot guarantee whether or not it's secure. All they do know is that App Store is private and secure and this app doesn't use it.

 

[germanbeer007]

The problem is using scary language like “private” and “secure” which leaves the impression that the alternative payment option may not be private or secure.

Well it's literally true. External purchases may not be private or secure.
Since the beginning of the app store, all digital goods and services were bought using a private and secure method in the app. Suddenly this is no longer the case and customers need to be clearly aware of the dangers.

 

[ofarlig]

So if someone clicks the buy button in the Kindle app to buy an e-book should they get a scary warning message about privacy and security before it kicks them to Amazon’s website in the browser? I assume you would say no because Amazon is a well known, trusted brand. So then does Apple get to pick and choose when the scary warning message is displayed? And if so what are they basing it on? I would argue if Apple is so concerned that they need to put up a scary warning message then why is that app in the App Store in the first place?

Based on the information that came out in Judge Gonzalez’s ruling it seems like it was Tim Cook who wanted to the scarier language. We know why. Because it would make people less likely to choose that option. Everything Apple does here is about friction. Even now if you want to buy a physical book from Amazon you can do it directly without leaving the app but if you’re buying an e-book it kicks you to a browser. Why? Friction. So maybe you’ll get your books from iBooks instead because everything there happens in-app. For a company that purports to care so much about user experience that’s completely sidelined when it comes to the App Store.

First of all, the message isn’t scary at all it is completely factual. Apple being Apple I was expecting something actually twisted. They could even have said that external payments can be insecure and not private and it would still be factual, so they even held back.

Apple has no way of knowing if a smaller developer selling digital goods might use an insecure payment platform or not. They have been forced to allow apps using anything that the developer wants with no control or oversight. So keeping them off the store is impossible, for better or worse the consumer is now responsible for researching the payment platforms security for these apps.

Why Apple does something doesn’t change whether or not the result is good. Anyone who is pro consumers should want the consumer to be warned when they need to do their own vetting.

 

[AppliedMicro]

They were never denied making direct-to-consumer sales. They were denied using the App Store to inform said consumer about where they could buy it.

No - they were denied informing them in their own app (in their own service and product).
And also via other communication channels (such as email).

 

[canadianreader]

Amazing that some VP authorized this immature warning message.

 

[robvalentine]

which is true
I can build an insecure and totally not private billing process for my app
I can also build a secure and totally private billing process for my app.

Since Apple does not review this process, they cannot guarantee whether or not it's secure. All they do know is that App Store is private and secure and this app doesn't use it.

You know it's easy to circumvent the app store rules, and hide malware/different payment systems through flags right?

 

[robvalentine]

If my earnings were dependent on using someone else’s intellectual property and customer base I’m not sure I’d classify that as “nothing”

What a poor comparison.

 

[AppliedMicro]

Dead wrong.

When a transaction is done outside of Apple’s App Store - that is, when Apple does not process the transaction - Apple does not need credit card details. That’s a fact.

Actually, funnily enough, some EU countries have laws that require a valid payment method on file from Apple before buying free apps.

Nonsense. Countries and their laws do not require “valid payment methods” for the download of free apps.

You can offer free downloads from your website or app, I can do. No payment method required.
(That’s not to be confused with ensuring age-appropriate access to content)

 

[germanbeer007]

You know it's easy to circumvent the app store rules, and hide malware/different payment systems through flags right?

Sure, and? "support the App Store's private and secure payment system" still remains true. The App Store payment system can shutdown bad actors the moment Apple sniffs malicious behavior which still makes it secure.

External payments? We don't know. Could be. Could not be. What Apple described still remains true.

 

[AppliedMicro]

The App Store payment system can shutdown bad actors the moment Apple sniffs malicious behavior which still makes it secure.

So can any other payment system or payment processor.
Which makes them all (potentially) secure.

External payments? We don't know. Could be. Could not be.

Electronic payments - such as PayPal or card payments - generally require two-factor authentication.
We know that. It’s European law, in fact.

What Apple described still remains true.

Agree. It’s just not neutral in design and wording.

 

[germanbeer007]

When a transaction is done outside of Apple’s App Store - that is, when Apple does not process the transaction - Apple does not need credit card details. That’s a fact.

The part that is wrong is "then apple doesn't need your credit card details.". In order to acquire the app that brings you to a transaction being done outside the app store, EU countries require Apple to have valid billing info on hand EVEN if the app is free.

So you're wrong too.

Nonsense. Countries and their laws do not require “valid payment methods” for the download of free apps.

Literally true. EX: There are certain apps that are georestricted and Germany can hold Apple liable if they didn't provide sufficient measures to restrict access to only users who live in Germany such as the Glücksspielstaatsvertrag 2021 law. Gambling operators are ultimately held liable but Apple is a distributor of the app and they are expected to provide reasonable steps to prevent unlawful access. Apple requiring valid billing is their way of complying with the local law

 

[BigDO]

The App Store has only worked one way for 20 years, and customers are used to that. Customers lose a lot of features when apps don’t go through the App Store’s payment processing, and should be aware.

Consumers should absolutely be informed. Most consumers are not up to date on what’s going on like MacRumors readers. They think “it’s in the App Store so Apple has my back”.

Apple has in the past approved apps such as “I am rich” or similar and denied refunds. Not sure what “Apple has my back” means.

 

[AppliedMicro]

In order to acquire the app that brings you to a transaction being done outside the app store, EU countries require Apple to have valid billing info on hand EVEN if the app is free.

They do not.

Please point to a law (and its wording) that requires providers of free software application downloads to have billing info on file.

For a counter example, see here: https://www.heise.de/download/
They provide downloads of free apps.
Without requiring billing info.
Shareware and trial applications have been a thing for decades.

Literally true.

An obligation to ensure access to content - as required by law - is not a requirement to have info on file for free downloads.

 

[germanbeer007]

They do not.

They do. You're wrong.

You're ignoring the facts for some reason. Please read the second part of my post.

 

[germanbeer007]

So can any other payment system or payment processor.
Which makes them all (potentially) secure.

What? No. LOL. Who is going to shut down my website that takes credit card numbers and stores it in plain text in MySQL so I can sell it to hackers? Paypal can't. Stripe can't. They have no control over my website.

You're wrong.

 

[AppliedMicro]

They do. You're wrong.
You're ignoring the facts for some reason. Please read the second part of my post.

I have to show ID before acquiring movies that contain intense violence or sexual content.

That does not mean that each and every store or cinema have to have ID (or billing info) on file for me to sell, give away or show me a free video.

There are certain apps that are georestricted and Germany can hold Apple liable if they didn't provide sufficient measures to restrict access to only users who live in Germany such as the Glücksspielstaatsvertrag 2021 law.

You can create a, say, Luxembourgish or Maltese Apple Account and download free apps from Apple’s App Store - without providing payment information.

 

[vladi]

What? No. LOL. Who is going to shut down my website that takes credit card numbers and stores it in plain text in MySQL so I can sell it to hackers? Paypal can't. Stripe can't. They have no control over my website.

You're wrong.

Are you a merchant service provider?

 

[germanbeer007]

Are you a merchant service provider?

I'm an app developer that can create a great looking and believable "external payment processor"

 

[germanbeer007]

I have to show ID before acquiring movies that contain intense violence or sexual content.

That does not mean that each and every store or cinema have to have ID (or billing info) on file for me to sell, give away or show me a free video.

Completely irrelevant to the discussion on hand.

You can create a, say, Luxembourgish or Maltese Apple Account and download free apps from Apple’s App Store - without providing payment information.

I didn't say all countries require it.

 

[AppliedMicro]

What? No. LOL. Who is going to shut down my website that takes credit card numbers and stores it in plain text in MySQL so I can sell it to hackers? Paypal can't. Stripe can't. They have no control over my website.

You and your website is not a payment system.

And payment systems can shut down compromised payment card numbers. Mastercard or VISA just say “no”.

 

[AppliedMicro]

I didn't say all countries require it.

👉 Which country does, then?

 

[germanbeer007]

You and your website is not a payment system.

I can direct users to it to make it think it looks like it. That's the point of being a malicious actor. To fake it.

And payment systems can shut down compromised payment card numbers. Mastercard or VISA just say “no”.

They won't know until it's too late. Ex: grabbing debit cards and purchasing bitcoin with it.

 

[germanbeer007]

👉 Which country does, then?

I already mentioned one.