Critical Warning for External Purchases in App Store
first time seeing this. Apple will punish the apps with external payment system
Yup it’s real, you see this warning if the app doesn’t use IAP.
Also it says external purchases next to the “get” button
It’s confusing to follow all the changes, but apparently—unlike in the US—external purchases in the EU don’t need to have corresponding IAP versions.
The warning adds five lines of text at the top of the App Store screen, above even the app’s name and icon.
On macOS, Apple declares three levels of alerts:
Informational (app icon): “to be used to inform the user about a current or impending event”
Warning (app icon): “to be used to warn the user about a current or impending event[…] when the alert’s content is more severe than [informational]”
Critical (orange ! triangle icon): “Use a caution symbol sparingly. Using a caution symbol like
exclamationmark.triangletoo frequently in your alerts diminishes its significance. Use the symbol only when extra attention is really needed, as when confirming an action that might result in unexpected loss of data.”
Guess which icon the App Store uses for external payments.
But I wonder how many users will see the warnings. If you’ve already purchased an app, it can auto-update to add external payments without your having to go back to the store. And I think the DMA mandated that there can’t be scare screens at the time of purchase.
Previously:
- Apple Appeals Epic Anti-Steering Injunction
- App Review Guidelines Updated for Epic Anti-Steering
- Court Orders Apple to Comply With Anti-Steering Injunction
- Testimony on External Purchase Fee and Scare Screens
- DMA Compliance: Custom External Link Designs
- EU Fines Apple $2 Billion Over Anti-Steering Rules
- Microsoft Directing Users Away From Chrome
- Apple Attacks Sideloading
- Annoying Catalina Security Features
Update (2025-05-15): John Gruber:
It’s like when they still blather on about software being sold on discs inside boxes in physical retail stores. That was true. It was once relevant. It no longer is and hasn’t been for over a decade. […] I’m sure there remain sketchy corners of the Internet, but for the most part, all mainstream online payments today are private and secure. Apple’s IAP system has numerous advantages and user-centric features. (If Apple were actively competing, it would have many more.) But the fact that it’s “private and secure” is no longer distinguishing at all.
Apple has never spread FUD about buying physical goods, e.g. within the Amazon app or Safari. The payment systems are the same. But somehow they become dangerous, akin to data loss, if you use them to purchase digital content. I think external purchases are actually safer because you can get a refund, if necessary, through your credit card company. Apple is terrible about offering refunds, even when a product doesn’t work and the developer wants to refund the purchase, and you can’t go to your credit card company because then Apple will kill your whole account.
See also: Hacker News, Reddit, The Verge, MacRumors, 9to5Mac, The Mac Observer.
Developers, me included, started selling software on the internet in the mid ’90s. The App Store didn’t save us from that.
Many developers, large and small, had been selling on the web for more than 10 years by the time the App Store appeared.
Can I also say that those of us who were doing it back then resented being intermediated back to a “retail model” didn’t end up doing any software for iOS because of stuff like this.
Not only having to pay for the privilege of improving the platform, but the arbitrary rule changes that could rip a market out from under you at any time.
Doing good work is hard enough without that BS.
Lol this is [passive]-aggressive as fuck 🫠 smh Apple
LOOOOOOLLLLLLLLL
Apple’s leaders have truly lost it.
The way Tim is fighting this so hard with malicious compliance, I wish he would put this same energy into fixing all the buggy stuff shipping out of Cupertino these days...
If anything, the last few years have taught us so much about Apple and the people who lead it. The company cannot be trusted.
They’ve lied, they’ve cheated, they’ve bullied, strongarmed, and mislead, they’ve lobbied and bribed authoritarian leaders for support, they’ve faked ‘independent reviews’, they’ve intentionally degraded their products and their product user experience, they’ve broken laws and spurned lawmakers, shook down developers, and they will continue to do all of these things.
Previously:
Update (2025-05-16): John Gruber (Mastodon):
Apple told me that exact same warning has been in place since the very beginning of their DMA compliance, in March 2024.
[…]
Eiting includes a link to Apple’s own developer documentation for its DMA compliance features, which makes this clear[…]
[…]
I actually think that’s very useful information that should be on an app’s App Store listing. Users should know what to expect, and iPhone users’ expectations are that digital goods transactions go through Apple’s IAP. The problem with this disclosure, as it stands, is the way it looks: like a big scary warning. It should be something more akin to the privacy “nutrition label” information.
Apple’s documentation includes a screenshot with an icon and text that are much less scary than what’s actually shipping in iOS:
On the left is what Apple tells developers their apps are going to look like if they add support for alternative payment systems.
On the right is what Apple actually shows.
Would love to see all the “make it more scary” internal communications that led to this.
Back to Gruber:
According what I’ve been told by Apple, they were (and still are) prepared to implement these changes, including the new disclosure screen. The EC raised no objection to the new disclosure proposal, but insisted that Apple not implement the changes at the time. Then, according to Apple, the EC never provided further guidance, until last month when they fined Apple €500M for noncompliance.
Somehow I don’t think Apple is telling the full truth there, but regardless, why blame the EC for this? Wasn’t it Apple who came up with the scary design in the first place?
Update (2025-05-19): See also: Accidental Tech Podcast.
In any case, does this message show on listings for any applications accepting payments through means other than In-App Purchases? I assume Apple is not warning users about the dangers of paying for a ride through Uber or a hotel room through Kayak. But subscribing to something without using Apple’s own payment mechanism? May as well shout your credit card number in a crowded room.
It is not like Apple is taking an elevated level of responsibility for payments made through In-App Purchases, either. This warning tone carried through in documentation may not be lying to users, but it is bullshitting them and that, in most places, is not a sign of trust or respect
Update (2025-05-27): Jeff Johnson:
From crApp Store defenders I frequently hear how easy it is to cancel subscriptions.
From crApp Store users I frequently hear how hard it is to cancel subscriptions.
Update (2025-06-24): IanBlackburn65:
I got denied a refund on an app (storm boy by blowfish) that didn’t work, and the developers say won’t work on Apple silicon and the listings needs updating (because the listing explicitly says it will work). I appealed and was still denied. I bought a game that is faulty and falsely advertised and Apple refuse to refund. This is nothing short of outrageous.
As others have noted Apple appears to have changed their policies to deny much more readily than before. But denying a refund in this case is not acceptable and I appear to have no redress without significant effort of trying to speak to someone at Apple, or taking legal action, which is not worth the effort for a £5 game.
[…]
I eventually got through to speak to someone by using support chat (had to say it was for something else initially!) and then got a call from Apple directly. They refunded without question saying it was clearly consumer law, which is great, but it should never be this hard to claim the money back for this. Apple’s processes are hostile once you have had a refund request appeal denied - they state “Final decision” and I suspect many would not put the effort I have into getting my fiver back.
12 Comments RSS · Twitter · Mastodon
The problem is not really the icon. The problem is the text that strongly implies that other payment solutions are not secure (or as private as Apple's solution).
This is quite lamentapple.
Pretty much in line with them strongly implying that anything not notarized by Apple is malware that will definitely hurt your computer. Or that an app not signed is garbage to be thrown right in the trash.
They're so awful. I think at this point it's safe to say they're the new Microsoft. And at least Microsoft, however ham-fistedly and in a sweaty cocaine fueled stupor, actually tried to care about developers.
> It’s confusing to follow all the changes, but apparently—unlike in the US—external purchases in the EU don’t need to have corresponding IAP versions.
Is it required in the US? I believe the Kindle app was (quite swiftly) updated to let you search for books to buy and take you to Amazon's website to make the purchase, but there's still no IAP option for buying books.
Seems reasonable to me. Not that all external payment systems are insecure but that cancelling a subscription will almost certainly be more convoluted than through Apple's payment system.
This will end like the "Parental Advisory" stickers on CDs, right? It's intended to scare people, but many users will see it as a seal of quality.
@anon I think in the US the rules may be looser for content like books, but it’s not very clear.
@Niall Cancelling subscriptions may be easier with IAP, but refunds are worse.
Lets be very clear. Apple not only permits but wants and benefits greatly from the presence on iOS of all the many apps that sell non-digital goods via their own payment gateways. And hence does NOT apply scare screens to such apps. The only reason Apple applies this scare tactic on this tiny category of EU IAP opt-out apps is to preserve their hold over tax on sale of *digital* goods ie. their carve-out. Anyone arguing that Apple has some kind of moral imperative to warn or even more mildly just notify users about external payment system used by an app is ignoring this blatant revealing fact.
Apple’s IAP is absolutely more private — so private that devs can’t tell who bought their software (as a consumer, I m happy with that. All I’d want a dev to know is a hashed customer ID number, ideally different for each app).
Very much not the case for external purchases and unique links from within an app to an external payment system - credit card companies are happy to sell your info to the developer… and to marketers are part of your profile.
> Apple’s IAP is absolutely more private
Even if I agreed with you about this, which I don’t particularly, it really is too bad Apple decided to FAFO and got their ability to force IAP through their system taken away from them.
Apple right now is acting like a petulant child who has had their toy taken away.
@ Gildarts
Apple builds toys and rents them out, so… maybe they’re a petulant child whose toys are being given, gratis, to other children?
(I don’t think we’re actually at that point yet, though for the moment it seems that way… courts still need to rule definitively)
@Someone else
Apple runs an ad network, they don't want to share that data because they can and do use much of the data their users send them for their own marketing and ad efforts, right?
