Apple is making big App Store changes in Europe over new rules. Could it mean more iPhone hacking?

Apple is opening small cracks in the iPhone’s digital fortress as part of a regulatory clampdown in Europe that is striving to give consumers more choices — at the risk of creating new avenues for hackers to steal personal and financial information stored on the devices.

The overhaul rolling out Thursday only in the European Union represents the biggest changes to the iPhone’s App Store since Apple introduced the concept in 2008. Among other things, people in Europe can download iPhone apps from stores that aren’t operated by Apple and are getting alternative ways to pay for in-app transactions.

European regulators are hoping the changes mandated by the Digital Markets Act, or DMA, will loosen the control that Big Tech’s “digital gatekeepers” have gained over the products and services that consumers and businesses use as they become more dominant forces in everyday life.

The measures are taking effect just days after EU regulators fined Apple nearly $2 billion (1.8 billion euros) for thwarting competition in the music streaming market.

Apple has lashed out at the new regulations for unnecessary security risks to iPhone users in Europe, exposing them to more scams and other malicious attacks launched from apps downloaded from outside its ecosystems and raising the specter of more unsavory services peddling pornography, illegal drugs and other content that the company has long prohibited in its App Store.

READ MORE Europe’s Digital Markets Act is forcing tech giants to make changes. Here’s what that will look like A woman wins $3.8 million verdict after SWAT team searches wrong home based on Find My iPhone app One Tech Tip: Change these settings on X to limit calls and hide your IP address

Despite trying to maintain security safeguards while also adhering to the new rules in the 27-nation bloc, Apple is warning that “the changes the DMA requires will inevitably cause a gap between the protections that Apple users outside of the EU can rely on and the protections available to users in the EU moving forward.”

But some smaller tech companies such as music streaming service Spotify and video game maker Epic Games are attacking the ways Apple is complying with the DMA as little more than a facade that’s making a “mockery” of the regulations’ intent.

“Rather than creating healthy competition and new choices, Apple’s new terms will erect new barriers and reinforce Apple’s stronghold over the iPhone ecosystem,” Spotify, Epic and more than two dozen other companies and alliances wrote in a March 1 letter to the European Commission, the EU’s executive arm overseeing the DMA.

Epic, which is behind the popular Fortnite game, also contends Apple is already brazenly violating the DMA by rejecting an alternative iPhone app store it planned to release in Sweden. Epic asserted Apple thwarted its attempt to compete as retaliation for scathing critiques posted by CEO Tim Sweeney, who spearheaded a mostly unsuccessful antitrust case against the iPhone App Store in the U.S.

Regulators so far haven’t objected to any of changes that Apple is making in an iPhone software update tailored to comply with the DMA.

Europe’s shifting digital landscape also is forcing changes at other technology powerhouses such as Google and Facebook, but the new regulations strike at the core of Apple’s philosophy of maintaining ironclad control over every aspect of its products.

This “walled garden” approach conceived by late co-founder Steve Jobs begins with the meticulous design of the hardware and then extends into all the software powering it devices, as well as overseeing the commerce occurring on them.

The approach built an empire with nearly $400 billion in annual revenue — a measure of success that Apple directly traces to the trust it has built through decades of vigilant management of the iPhone and other popular products such as the iPad, Mac and Apple Watch.

Even Epic’s Sweeney acknowledged that one of the reasons he uses an iPhone is because of the staunch security measures that Apple has deployed to thwart hackers and protect the privacy of its customers. That came during testimony in a May 2021 trial resulting in a U.S. judge ruling that the App Store isn’t a monopoly.

In that decision, the judge required Apple to begin allowing links to outside payment options inside iPhone apps in the U.S. It’s a requirement that the company began to allow earlier this year after the U.S. Supreme Court refused to hear an appeal on that issue.

Apple still doesn’t permit alternative iPhone app stores in the U.S. or more than 100 other countries outside the EU.

European regulators appear convinced that the benefits consumers stand to reap from more competition will outweigh the increased security risks.

One potential positive is lower prices for digital transactions within apps if competing stores charge lower commissions than the 15% to 30% fees Apple has been imposing for years.

But critics are raising doubts that will happen because Apple still plans to charge fees after app downloads reach relatively low thresholds and have set up other hurdles that will make it daunting for alternative options to make significant inroads in Europe.

For its part, Apple insists the security problems being hatched by the DMA are so worrisome that it has been hearing from government agencies — especially those involved in defense, banking and emergency services — wanting to ensure they will be able to block employees with iPhones from accessing apps distributed from outside Apple’s walled garden.

“These agencies have all recognized that sideloading — downloading apps from outside the App Store — could compromise security and put government data and devices at risk,” Apple said.