European users of Apple devices will be able to download apps from third-party app stores and use contactless payment services other than Apple Pay, after the firm capitulated to European Union (EU) pressure amidst warnings of “strong action” from regulators.

The sweeping changes to Apple’s App Store – which hosts around 1.8 million apps and generated around $32 billion ($US21.2 billion) in revenues for the company during the third quarter of 2022 alone – will allow app developers to create alternative app marketplaces, sell and manage iOS apps through those marketplaces, and use engines other than iOS’s built-in Webkit to display content within their apps.

Apple will also open up access to the NFC chips built into its devices – which have been tightly controlled to date and have long supported only the company’s own Apple Pay payment service – so that users can choose a third-party app for contactless payments, such as Square or PayPal, as their default.

Made in response to strict requirements under the EU’s Digital Markets Act (DMA), the changes – which were detailed in a recent press release and will be implemented in the upcoming iOS v17.4 in March – will also see users given a new options screen when they first open Safari.

This allows people to choose an alternative default web browser but, Apple warned, will interrupt the user experience and “means that EU users will be confronted with a list of default browsers before they have the opportunity to understand the options available to them”.

The company has long argued that third-party app markets pose a security risk for its devices, which rely on a range of security protections to prevent iPhone users from being flooded with the kind of malware frequently found in rival Google’s Play Store – which, by one count, saw users download 600 million malicious apps last year alone.

Although its new changes will allow far more freedom for developers wanting to sell apps, subscriptions, in-app purchases and other content without paying Apple a 30 per cent commission, Apple warned that “the new options for processing payments and downloading apps on iOS open avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats.”

Indeed, despite announcing a massive technological overhaul that includes the addition of more than 600 new application programming interfaces (APIs) to help developers securely build and manage alternative app stores, the company made no effort to hide its disdain for the changes – with Apple fellow Phil Schiller warning of the “unavoidable increased privacy and security threats this regulation brings.”

“Our priority remains creating the best, most secure possible experience for users in the EU and around the world,” Schiller said, as the company warned that the changes would give iOS devices “a less intuitive user experience” and that users would need additional education to protect them from “new risks associated with downloading apps and processing payments outside of the App Store.”

Pro-competition or pro-chaos?

The changes mark a major, if not expected, step in the evolution of the App Store – which, along with iOS and Safari, was last year designated as a ‘core platform service’ under the DMA, which threatens massive fines on Apple and five other designated ‘gatekeeper’ digital giants if they fail to implement a range of putatively pro-competition changes.

The legislation has already pushed a range of changes on Apple by forcing it to change the design of its iPhone to include a USB-C port, implement self-repair programs allowing users to change their phones’ batteries, and add features that improve interoperability between its iMessage app and Android Messaging.

Those and other changes are part of an increasingly onerous regulatory environment, in which regulators in Australia and around the world are implementing stricter policies and levying significant fines as they work to rein in the unfettered power of Big Tech firms in areas such as Internet search – and threaten the breakup of Google amidst an ongoing high-profile antitrust trial.

With the DMA now forcing Apple to back away from its long-held App Store controls – which the company says are necessary to protect users from cyber criminals and scammers but regulators see as a form of monopoly behaviour – the company outlined a combination of controls that it hopes will preserve security “as much as possible… within the DMA’s constraints”.

A new Notarization feature, for example, will use uses automated and human checks to conduct a “baseline review” on all apps, regardless of their distribution channel; App installation sheets that give users a standardised description of their apps and functionality; malware checks and blocks for all apps; and authorisations for marketplace developers to ensure they “commit to ongoing requirements that help protect users and developers.”

Developers can opt to continue their current business terms or adopt the new ones – which include a $0.82 (€0.50) ‘core technology fee’ for each install of popular apps after the first 1 million per year – from March 7.

Whether or not the changes will satisfy cynical developers and regulators remains to be seen: longtime Apple critic Proton CEO Andy Yen warned that Apple’s new policies have “strings attached [and] in practice it will be impossible for developers to benefit from them”, while EU industry chief Thierry Breton told Reuters that “if the proposed solutions are not good enough, we will not hesitate to take strong action.”