Archive for January 26, 2024

Friday, January 26, 2024

Sign in With Apple No Longer Required


In line with Apple’s mission to protect user privacy, Apple is updating its App Store Review Guideline for using Sign in with Apple. Sign in with Apple makes it easy for users to sign in to apps and websites using their Apple ID and was built from the ground up with privacy and security in mind. Starting today, developers that offer third-party or social login services within their app will have the option to offer Sign in with Apple, or they will now be able to offer an equivalent privacy-focused login service instead.

Previously, if an app supported any third-party sign-in service it was required to also support Sign in With Apple. As with the rule changes for streaming gaming, Apple is not saying this change is due to the DMA, but it was announced at the same time as the DMA changes.


Streaming Games in a Single App


Available for developers’ apps around the world, Apple also announced new options for streaming games[…]

Apple (MacRumors):

Apple is introducing new options for how apps globally can deliver in-app experiences to users, including streaming games and mini-programs. Developers can now submit a single app with the capability to stream all of the games offered in their catalog.

Apps will also be able to provide enhanced discovery opportunities for streaming games, mini-apps, mini-games, chatbots, and plug-ins that are found within their apps.


The changes Apple is announcing reflect feedback from Apple’s developer community[…]

They are implying that this is not due to the DMA.

Benjamin Mayo:

Previously, Apple required developers submit a separate app for each game individually, a laborious and untenable affair.

Unlike most of the other changes introduced today which apply only in the European Union, the game streaming policy update applies globally.


Update (2024-02-20): Juli Clover:

Microsoft does not plan to bring an Xbox Cloud Gaming app to iOS at this time because there’s no opportunity for monetization, Microsoft Gaming CEO Phil Spencer said in an interview with The Verge. When asked whether Apple’s recent app ecosystem changes in the European Union make “room” for Xbox Cloud Gaming on iOS, Spencer said that monetization was an issue, and that the Digital Markets Act forcing Apple’s updates does not “go far enough to open up competition.”


Update (2024-04-24): Khaos Tian:

What’s wrong with Apple and cloud gaming services 🙃

DMA Compliance: Default App Controls and NFC


Apple will introduce new default controls for users in Settings for:

  • App marketplace apps — Users will be able to manage their preferred default app marketplace through a new default setting for app marketplace apps. Platform features for finding and using apps like Spotlight are integrated with a user’s default app marketplace.
  • Contactless payment apps — Users will be able to manage their preferred default contactless payments app through a new default setting, and select any eligible app adopting the HCE Payments Entitlement as the default.


Apple is also introducing a new choice screen that will surface when users first open Safari in iOS 17.4 or later. That screen will prompt EU users to choose a default browser from a list of options.

This change is a result of the DMA’s requirements, and means that EU users will be confronted with a list of default browsers before they have the opportunity to understand the options available to them. The screen also interrupts EU users’ experience the first time they open Safari intending to navigate to a webpage.

Emphasis added. Apple is not happy about this.


Update (2024-01-26): Joe Rossignol:

Apple said iPhone users in the EU will be presented with a list of the 12 most popular web browsers from their country's local App Store at the time, and noted that the options will be shown in random order for every user.

Apple shared an alphabetical list of the browsers that will currently be shown in every EU country.

See also: John Voorhees (Hacker News).

Juli Clover:

Going forward, NFC payments will be available directly in apps without the need for Apple Pay or the Wallet app, paving the way for third-party payment services and banks to offer their own tap-to-pay solutions on Apple devices.


This access to NFC technology is limited to banking and wallet apps that are in the European Economic Area, which includes the 27 European Union countries plus Iceland, Liechtenstein, and Norway.

Update (2024-03-06): Marcin Krzyzanowski:

Setting a default browser on iOS works like this. Option to change is always available for on-apple browsers. Option is hidden in Safari when Safari is default.

Update (2024-03-07): Thomas Ricker:

Here’s the new iOS default browser nag for iPhone users in Europe.


This screen includes a small explainer that lets you know about your ability to choose a different default browser at any time. After you tap “Continue,” you will be presented with a list of alternate browsers. If you tap a browser in the list, you will be presented with its App Store listing, and will be able to install it with a single tap. If you tap “Not Now” at the bottom of the screen, on the other hand, you will keep using Safari as your default web browser. While it is impossible to re-invoke this screen after you dismiss it, you can still choose a different default browser in Settings at any later time, as usual.

John Gruber:

This screen is ridiculous. […] If this is a good idea for web browsers, why stop there? Why not mandate the same sort of choice screen for every app? Mail, Calendar, Notes, Weather, Camera — why not require all of them to show a choice screen for picking a “default”?

Jeff Johnson:

Gruber is speaking sarcastically, but this would be legitimately good for third parties competing with Apple apps, and as a result, I think it would be good for Apple users too, who would benefit from greater competition and more choices.

Update (2024-03-14): Thom Holwerda:

So I went through the process of setting up a new iPhone. These are all the screens and choices you have to make and go through.


Now tell me again, @gruber, why is adding one more screen to this godawful mess of a setup process to pick a default browser so offensive?

John Gruber:

Because almost no one knows what any of these apps are? Because iOS is designed, from a consumer perspective, as a tightly integrated experience?

Steve Troughton-Smith:

This is/was a complete non-issue. It was less disruptive than the average iOS update. In fact, Apple has had launch interstitials on most of its apps for years that reset every update to show 'What's New’. Adding one to Safari just makes it more like the rest of iOS 😝)

Update (2024-03-20): gumbario:

I have Vivaldi as my default browser and when I open Safari I have to choose a default browser and none of the options is Vivaldi. So if I would want to use Safari only once, I guess I have to set a different browser than Vivaldi as default and then switch back to Vivaldi. Unless I don’t do that I can’t use Safari? To me it looks like Apple made it this bad on purpose.


Apple is indeed only displaying the 12 most popular web browsers in each EU member state. But I don’t think that’s a DMA requirement. I think Apple is allowed to list more web browsers if they want.

Google also had to implement a browser choice screen in Android to comply with the DMA. Their version allows for any browser maker with more than 5000 installs to apply to be listed on the screen.

Ezekiel Elin:

simple solution is to make sure all installed browsers appear on the list.

DMA Compliance: Alternative Browser Engines


The coming changes to iOS in the EU include:


New frameworks and APIs for alternative browser engines — enabling developers to use browser engines, other than WebKit, for browser apps and apps with in-app browsing experiences.


To use an alternative browser engine in your app, you’ll need to request the Web Browser Engine Entitlement (for browser apps that want to use alternative browser engines) or the Embedded Browser Engine Entitlement (for apps that provide in-app browsing experiences that want to use alternative browser engines).

Apple will provide authorized developers access to technologies within the system that enable critical functionality and help developers offer high-performance modern browser engines. These technologies include just-in-time compilation, multiprocess support, and more.


To help keep users safe online, Apple will only authorize developers to implement alternative browser engines after meeting specific criteria and who commit to a number of ongoing privacy and security requirements, including timely security updates to address emerging threats and vulnerabilities.

It sounds like this only applies to iPhone apps, they have to be EU-only, and they’re not allowed to be set as the default browser.

David Pierce (MacRumors):

Since the beginning of the App Store, Apple has allowed lots of browsers but only one browser engine: WebKit. WebKit is the technology that underpins Safari, but it’s far from the only engine on the market. Google’s Chrome is based on an engine called Blink, which is also part of the overall Chromium project that is used by most other browsers on the market. Edge, Brave, Arc, Opera, and many others all use Chromium and Blink. Mozilla’s Firefox runs on its own engine, called Gecko.

On iOS, though, all those browsers have been forced to run on WebKit instead, which means many features and extensions simply don’t work anymore.


Update (2024-01-26): BrowserEngineKit:

Create a browser that renders content using an alternative browser engine.


If you use an alternative browser engine in your app, you must design your secure browser infrastructure to separate different components into extensions that your browser manages. Design a limited inter-process communication (IPC) protocol that coordinates work across the extensions. Separating your alternative browser engine into distinct extensions limits the impact of security vulnerabilities in any one process.

Via Steve Troughton-Smith:

Holy moly that’s a lot of APIs and granular architecture specifics. If you dig into the setup instructions, it has everything from splitting tasks across multiple XPC processes to mandating arm64e to a whole collection of new entitlements. You don’t just ‘build a web browser’. This almost feels like an AppleInternal Safari spec with a ‘your implementation goes here’. I love it

Update (2024-01-30): Juli Clover (Hacker News):

While support for alternative browser engines sounds like a win for browser companies, Mozilla spokesperson Damiano DeMonte told The Verge that Firefox is "extremely disappointed" with the way Apple is implementing the feature because it does not extend to the iPad.

Firefox uses the Gecko engine and could swap to that on the iPhone, but it would need to continue using WebKit on the iPad.

And outside the EU.

James Moore (via Hacker News):

This news is tempered by the fact that Apple’s proposed solution to comply with the DMA rules to allow browser competition has not been well received.

Others in the industry we have spoken to described Apple’s compliance plan as it relates to browsers as “unworkable”, “a massive problem for us” and “doing everything they can to make the DMA fail”.


Apple claims repeatedly, if you don’t like their app store, don’t use it. You can use the web and web apps to reach your customers.

They say this, while at the same time preventing this from happening by not providing the tools needed in their own browser and blocking other browsers from providing them.


Update (2024-02-14): See also: Hacker News.


Update (2024-05-17): Thomas Claburn (MacRumors):

The Register has learned from those involved in the browser trade that Apple has limited the development and testing of third-party browser engines to devices physically located in the EU. That requirement adds an additional barrier to anyone planning to develop and support a browser with an alternative engine in the EU.

It effectively geofences the development team. Browser-makers whose dev teams are located in the US will only be able to work on simulators. While some testing can be done in a simulator, there’s no substitute for testing on device – which means developers will have to work within Apple’s prescribed geographical boundary.


“The contract terms are bonkers and almost no vendor I’m aware of will agree to them,” lamented one industry veteran familiar with the making of browsers in response to an inquiry from The Register.

“Even folks that may have signed something to be able to prototype can’t ship under the constraints Apple’s trying to impose. They’re so broad and sweeping as to try to duck most of the DMA by contract … which is certainly bold.”

Update (2024-05-20): See also: Hacker News.

Update (2024-06-19): John Gruber:

Now that over four months have passed since Apple announced its initial DMA compliance plans, have any browser developer announced plans to bring their own rendering engines to iOS in the EU? As far as I know the answer is no. It’s entirely possible Apple went to all the trouble of creating BrowserEngineKit for compliance with the DMA, but no one is actually going to use it because no browser developer deems the EU market worth forking their browser for, solely for distribution outside the App Store.

DMA Compliance: Interoperability Requests


Today, developers can ask questions or share feedback or suggestions to Apple in a variety of ways — such as developer support, the Apple Developer Forums, and Feedback Assistant. To reflect the DMA’s changes, Apple has created an additional dedicated process for developers to request additional interoperability with iOS and iPhone features.

Apple will introduce a new request form for developers to request additional interoperability with hardware and software features built into iPhone and iOS. Apple will evaluate requests on a case-by-case basis and design a solution if one can be supported, and let the developer know if one cannot.

I don’t have much hope for this given the brokenness of the current processes for bug reporting, security bounties, entitlement requests, and guidelines challenges. And it only applies to the EU. They do promise to provide updates every 90 days.

Apple (MacRumors):

Get started with requesting effective interoperability with iOS by submitting the request form.


Based on Apple’s initial assessment of the appropriateness of your request and whether it falls within Article 6(7) of the DMA, Apple will start working on designing a solution for effective interoperability with the requested feature. Apple considers multiple factors when designing effective interoperability solutions. The integrity of iOS will always be among the important considerations for Apple.

What happens if there’s disagreement about whether a request would affect the integrity of iOS?


DMA Compliance: App Analytics and User Data Portability


Apple will expand the analytics available for developers’ apps both in the EU and around the world to help developers get even more insight into their businesses and their apps’ performance. Over 50 new reports will be available through the App Store Connect API to help developers analyze their app performance and find opportunities for improvement with more metrics[…]


Apple’s Data & Privacy site will be enhanced to provide users with additional App Store data categories and provide users the ability to consent to exporting this data to authorized alternative app marketplace developers. To help ensure that the intended uses of this sensitive user data meet user expectations, marketplace developers are responsible for meeting minimum eligibility requirements before they may access the Account Data Transfer API for requesting this data within their interfaces.


DMA Compliance: Alternative Payments


  • Payment Service Providers (PSPs) — where developers use an alternative payment processor that lets users complete transactions within their app.

  • Linking out to purchase — where developers direct users to complete a transaction for digital goods and services on their external webpage. The presentation of the link out to purchase may communicate information for EU users about promotions, discounts, and other deals.

To use these new payment options in an app, developers will need to use the StoreKit External Purchase Entitlement, the StoreKit External Purchase Link Entitlement, or both. Developers are not required to submit a separate binary to use alternative payment processing.

Due to the App Store’s tight integration with In-App Purchase, and to reduce confusion for users, developers may not offer both In-App Purchase and alternative PSPs and/or link out to purchase to users in their App Store app on the same storefront.

Unlike app marketplaces, this applies to all of Apple’s platforms (but only in the EU).


When using an alternative payment processor within your app, it will display a system disclosure sheet to customers explaining that purchases are made through a source other than Apple.


When linking out to your webpage from within your app, Apple will display a system disclosure sheet to customers that explains to the user each time that they’ll be leaving the app and going to an external webpage through a source other than Apple.


If you support either alternative payment processing or link out to your webpage, you’re responsible for paying a commission to Apple on the sale of digital goods and services in the EU. iOS apps on the App Store will pay a reduced commission of either 10% (for developers participating in the App Store Small Business Program and for subscriptions after their first year) or 17% on transactions for digital goods and services, regardless of payment processing system selected; while for iPadOS, macOS, tvOS, and watchOS you’ll get a 3% discount on the commission you owe to Apple.


Please note that Apple has audit rights pursuant to the Alternative Terms Addendum for Apps in the EU.

See also: Benjamin Mayo.


Update (2024-01-26): Kosta Eleftheriou:

Why doesn’t Apple show this warning for apps like Amazon, Uber, or AirBnB?