Apple’s Thoughts on the DMA

Apple speaks about experience being worse for users, but it is Apple themselves choosing to make it worse so they don’t budge a centimeter. Every time it’s the same tired and hollow excuses of privacy and security, which nobody replay buys anymore, but zero mention of user agency. If a user shall choose to share any data they want, it should be their prerogative; Apple can market their own products as more “secure” and “private” and let the market (read: the users) decide which is better for them. Michael, you give them too much credit for believing there could be an alternative explanation that got lost in translation. They’ve been using the same excuses for years now.

Apple's entire statement being a "bad faith smokescreen" is right on the money. Being the largest corporation in the world, I don't think Apple deserves any leeway on this whatsoever. It's pretty clear Apple is operating in bad faith, and it's just whining that there is actually a government that is willing to actually regulate part of its operations and put some teeth behind that regulation.

I think this is a prime example of why government regulation is necessary and good. There really isn't any other person or entity willing or capable of holding large corporations like Apple to account.

It's actually quite wild how Apple "complies" with the DMA. I'm a European citizen and I was in Europe a month ago. I downloaded a couple alternative app stores to my device. Now that I'm back in the United States, Apple *COMPLETELY BARS ME* from downloading any new apps from the alternative app stores, *and* bars me from any *updates* to existing apps I've downloaded after 30 days. That is beyond ridiculous, and illustrates exactly why Europe is holding Apple to account: Apple fights tooth and nail to make the experience as ridiculous as possible for users who want to use Apple devices outside of the way Apple wants them to.

There's a solution to all of this, just ask the user what is ok share. To be fair, I also think you're spinning their communication, mostly to the negative.

Bad faith smokescreen is indeed a good phrase. This is why it's hard to believe Apple. They've pushed their whole secrecy and reality distortion field thing too far.

They're getting a reputation as essentially liars. They clearly act one way and then say the opposite, complete with passive aggressive phrasing and weasel words.

So how are we supposed to take them at their word when we have to. When they say things like for example "we are the only ones that can be trusted to distribute software on iOS, but iOS apps is not a category for monopoly." or "We actually have a real useful LLM working that can make SIri good, but we just can't show it to anyone now or for the foreseeable future."

They’re concerned about “The full history of Wi-Fi networks a user has joined: Wi-Fi history can reveal sensitive information about a user’s location and activities. For instance, companies can use it to track whether you’ve visited a certain hospital, hotel, fertility clinic, or courthouse.”

But meanwhile the App Store is full of apps used by millions of people sending actual location data (not just WiFi history) to data brokers, as described on e.g. https://netzpolitik.org/2025/databroker-files-new-data-set-reveals-40000-apps-behind-location-tracking/

Interesting comments...

@Leo... nailed it with a user has the right to decide (however naive that may be) how their data is used.

@Simone... totally disagree about government intervention. While I'm happy to hear you are a European citizen, without getting political, I'd be curious how you feel/felt about the US government having control under Biden/Trump.

@Jon... nailed it. And using less words than any other comment, including mine.

@bart... not sure how much I agree with you. But please explain why you chose to talk about Apple's secrecy and reality disruption field? I don't compete. It's privacy, and PR. Nothing more, nothing else. Unless you want to talk politics and government intervention....

@Mark... also not sure how much I agree or disagree... if you look at @Leo's comment, isn't it about user choice? Are you saying Apple's App Store doesn't show what these 40,000 apps track?

But did the request come with a lump of gold?

That's sounds ridiculous right? No one is expecting Apple to have it gold to top EU people.

That shit only happens in autocracies.

Apple is obviously right that DMA compliance requires additional work on their side, but the way they present this here doesn't make sense to me. None of the things they describe is impossible or difficult.

"store location data on device so it’s only accessible to the user"

No, they are also accessible to Apple. What's needed is for third-party apps to request access and for users to either grant or deny that access. Is that additional work for Apple? Yes. Is it some kind of impossible conundrum that their engineers haven't devised a solution for yet? No!

> "store location data on device so it’s only accessible to the user"
>
> No, they are also accessible to Apple.

Wrong again, it is really accessible only to Apple. Users have very limited access to their own data on Apple devices except for the Mac. I wish Apple would compete with quality instead of doing hostile takeover of user data.

@Piotr Yes, I would like to be able to back up and search my own iMessages, for example.

Sometimes its like the would is overrun by the tin hat brigade.

I recall when the FT had an app or were in Apple News and they tried to pressure Apple into giving them the contact details of those who signed up for a subscription via apple - but Apple refused and the FT stepped back from the Apple deal and you had to to subscribe via their own website.

People said it was apple being belligerent or wanting all the data for themselves but I recalled when first signing up with an Apple Account / ID that they explicitly stated that they would never share my details with a third party and I appreciated them sticking to their promise.

Also the EU is far from democratic, making many decisions behind closed doirs as many European citizens like myself would be all too aware.

Re gold bars / trophies - yeah the gift for Trump from Cook was indeed embarrassing but the arbitrary fine that will, no doubt, be imposed by the EU amounts to something similar in my book.

I’m pro EU generally but I really don’t like that bureaucrats are deciding what technologies I can have access to.

Apple does not have a monopoly. Anyone is free to buy a phone from Google, Samsung, etc. Just as McDonald's doesn't have a monopoly on fast food, or even hamburgers, just because you can only buy Big Macs from them.

Keeping with the restaurant theme, you also can't expect McDonald's to be forced to sell Whoppers, or that they be forced to allow Joe the startup fry cook to come in and cook up his own recipe for a Big Mac alternative. They also can't be forced to put up "Eat at Joe's" fliers on their property.

I agree with DJ’s analogy. We have two clear options right now when it comes to smartphones. Those who want to live in a walled garden can choose Apple and those who don’t want that can choose between a large number of flavours of Android.

The problem that EU needs to solve is how to make the market for apps better for developers and consumers while eliminating scam apps as that is a task in which both Apple and Google have failed miserably. Why would Apple/Google fix that problem when they are both earning billions in commissions from the broken App Store? The EU could easily mandate that every app needs to have a web based portal that works at a somewhat similar parity to the app and solve the problem in one stroke,

Instead they created the DMA that intrudes significantly into what features a company can offer its users by mandating that if company A creates some feature for its users, it also has to create that feature for users of company B. How does that promote competition? Why would company B spend time, effort and money develop featured for its users if it knows it is going to get them fore free for its users for comapny A?

> I recalled when first signing up with an Apple Account / ID that they explicitly stated that they would never share my details with a third party and I appreciated them sticking to their promise.

I agree and I'm fine with not getting any of the customer info for my app purchases in the App Store but when combined with all the other App Store rules this system can be very punishing for developers. It's hard to build momentum on your previous work because you can't offer paid upgrades in the App Store. The best you can do is update the old app and throw a splash page in the update with a link telling the user to buy the new version of the app. Or put new features behind in app purchases. And you lose all your customer reviews, search rank, and you have to give the new version of the app a slightly different app name MyAppName -> MyAppName!
Or hacks like "upgrade bundles"

Anyone else ever get a 1 star review for offering a "free trial" by making the app free for a limited time with an in app purchase ("HEY THIS APP ISN'T FREE").. well I told you that in the app description but the App Store groups free+iAP in the "Free" list in the App Store. It's a mess.

It's a nasty user experience with lots of friction and it causes lots of apps to end up getting abandoned. So the pressure on Apple is to be expected. They could've prevented all of this if they weren't so damn stubborn.

@DJ I just don’t think a store or a restaurant is a good analogy for a platform. Neither captures the ecosystem or lock-in effects. Or the duopoly.

@Hardik if company A creates some feature for its users, it also has to create that feature for users of company B

I think this was another misleading part of Apple’s framing. Companies aren’t asking for features to be created for them. They’re asking for the removal of artificial barriers and the opening up of private API. Sure, private API makes sense in early on, but we’re at iPhone 17 now. There’s still no way to even make an e-mail client on par with Mail.

Why would company B spend time, effort and money develop featured for its users…

Maybe Apple should just drop Bluetooth support entirely and only support AirPods? I’m sure that would simplify OS development, and unhappy users could just switch to Android.

@Michael I think this was another misleading part of Apple’s framing. Companies aren’t asking for features to be created for them. They’re asking for the removal of artificial barriers and the opening up of private API. Sure, private API makes sense in early on, but we’re at iPhone 17 now.

Ah. Sneaky Apple eh? That’s a perfectly valid demand from developers.

I think iOS would benefit from a no new feature OS update year and a whole lot of fixing things that have fallen to the wayside along almost 2 decades of break neck OS releases.

PS: So what do you think of my idea that all apps should have a corresponding website?

@Hardik I don’t really understand your idea. The way I’m parsing it, it wouldn’t be possible and wouldn’t help even if it were.

I agree with Apple that the DMA is a poor solution. The actual solution is for Apple to do it the right way and stop being customer and developer unfriendly. They easily could do this their way in a good way and it would be great for everyone. But instead, they care about their dollars and control more than their customers and developers.

I don’t care what Apple thinks about the DMA. The DMA doesn’t exist to make them happy, it exists to make user’s lives better

If Apple made features DMA complaint from the start for all users everywhere, there would be no delay. It’s their *choice* to not do it that way and they should get the heat for that from customers, not the EU

Living in the EU and FWLIW if I have to choose between *any* company protecting my privacy and government regulation I’ll go with the government. Also, Apple can continue to worsen the experience for EU users, which ultimately will hurt Apple. I haven’t bought an iPhone since the 14 series and have no intention to do so. When this one dies I’ll go with something else that will likely cost a lot less. Will my experience be worse? Compared to Liquid (Gl)ass and a bug addled OS? I’ll take that bet.

As for Gruber’s comment, I expect no less from him. Of course Apple is right in his eyes, they are almost always right to him. It’s why I stopped reading him years ago.

Apple stopped competing on features years ago. All they want now is a huge moat around their cash cow so they can continue to increase prices and milk their users. This is what happens when you put a logistics and finance guy in charge of a tech company.

@Michael
>>@DJ I just don’t think a store or a restaurant is a good analogy for a platform. Neither captures the ecosystem or lock-in effects. Or the duopoly.<<

McDonalds / Burger King seems like a duopoly to me! OK there's KFC but they don't do beef.

It's a beef duopoly! (Never thought I'd write that phrase;)

@Niall I still think the restaurant analogy doesn’t fit, also because there are so many alternatives, but I was inspired to see if there was an aspect of it that could be applied. :-)

The DMA is a great set of laws to combat monopolies.

Apple is a greedy company that stops at nothing to make money.

They don't give two shits about their customers and would love to kill all competition.

I think there is some truth to Apple's otherwise willful contempt of laws.

> They seem to be saying that it’s not acceptable for a third-party app to have access to the same audio that Apple does, even if it’s kept on-device.

> If your starting assumption is that it’s OK for Apple’s code to access the data, but not OK for anyone else’s to, obviously there’s never going to be a way for this to work. But I don’t think that’s what people are actually asking for. They know that, if they had iPhone Mirroring on Windows, the pixels from the iPhone screen would appear on non-Apple hardware.

This is the part that I think is up for debate. Users don't really understand that the same tools that would allow an Android Watch to display all your notifications and respond are the same tool that would allow Meta Ray-Band glasses to suck all of your iMessage communications into their data clouds and target ads and other algorithms against it.

This is true of phone call audio, direct access to the pixel screens, wifi credentials, etc. Trying to do this safely is the same as trying to create a “secure golden key”. Best Apple could offer for these things is some kind of security entitlement they only grant to some players, but even then, there is no way to ensure its security once it leaves Apple's hardware and cloud (and they would be criticized for whom they grant access and whether they charge).

From our perspective, it is all the same. We implicitly trust our data with whomever we buy and use devices from, be it Apple, Meta, or a pair random headphones from AliExpress. But from Apple's perspective, they are introducing a weak point in an otherwise secure system by making a wholly first-party system include third-parties. And when one of those parties abuses the system, Apple takes at least partial blame for the downsides.

@Julian These have already escaped the first-party system. They have third-party phone calls. They have a way to display notifications on a Fitbit. The notifications and mirroring data are available to Mac apps that prompt for access. If users understand granting camera or location access to an app, I don’t see how other types of access are really any different.

I think that's fair. Would Apple have allowed bluetooth calls had they not arrived in the ecosystem late?

Are there significant bad actors that have use bluetooth to scoop information? Probably

On a personal level, I wish I could run an execute any piece of software I want on my iPhone/iPad. As member of the overall ecosystem, I am happy my parents cannot type in their passcode and scroll past 7 warning screens to install whatever they want.

Apple is unfortunatley sometimes saving us from ourselves

@Julian It’s also a mistake to assume that the first-party system is safe and secure. There have been privacy bugs and sketchy behaviors in Apple’s own code that we only know about because jailbreaking allowed people to install the tools necessary to observe them.

Regarding Apple's monopoly, in case some of the commenters think that this concept is merely a EU fixation, I'll remind them that, for example, last year the US Department of Justice claimed that Apple has a monopoly in its primary market, and claimed that in a lawsuit filed in conjunction with several US states.

I'll quote from an article in the NY Magazine by John Herrman:

-- begin quote --

While the iPhone accounts for 65 percent of new smartphone sales in the United States, its “market share by revenue is over 70 percent in the performance smartphone market,” the lucrative, trend-setting tier of smartphones in which, the government claims, “Apple’s own executives recognize the company competes.” While these numbers have been “durable,” they could also increase soon: […]

A theoretical future market share of 88 percent does sound a bit more like a classic monopoly, but the reality now is that lots of other smartphones exist, many with comparable functionality and pricing, and they sell well.

The lawsuit acknowledges this but argues that Apple is perfectly capable of stifling innovation and driving up prices anyway by making it harder to switch phones, limiting access to its platform for companies that might make competing software, and making it difficult for companies that make hardware accessories, including smartwatches and earbuds, to connect with iPhones as smoothly or extensively as Apple’s own versions. Combined with the App Store’s status as the largest and most lucrative market for mobile software developers, cross-platform or not, Apple has, the government says, real monopoly power.

-- end quote --

The real competition happens when everyone has access to the same technologies and fights to create and present a superior product. Think household appliances. Think cars. Think watches. Think clothing. And so forth. In software, think games: every developer, small and big, has access to e.g. Unreal Engine. But there are very crappy Unreal Engine-based games, and very successful ones.

In the Mastodon thread that started with the part that Michael quoted, I also said that "These companies (Apple, but also Google) are terrified of having to let go of proprietary solutions and ecosystem lock-in. They keep banging the drum that innovation is inextricably tied to these two elements, which is demonstrably false.

They just want to grow, grow, grow indefinitely. They don’t give a shit about innovation or their customers, who are just fodder for their growth."

Legislation is not perfect. But I vastly prefer a legislated tech landscape than a Wild West where Big Tech companies can decide whatever the hell they want and dictate the terms of the game for the markets, the developers, the end users, and just disregard the laws because they feel special and innovative.

I am writing this as a European and an EU citizen.
The EU's Digital Markets Act (DMA) doesn't strengthen user privacy or security; it weakens them. Apple is the only major tech company that has built its entire model on on-device data processing within its ecosystem and strict data protection. Forcing sideloading and "interoperability" destroys that model and gives an advantage to companies whose business is based on collecting user data.

This isn't about "user choice." Once you open the door to exploitation, the risks affect everyone. Users cannot realistically vet every app or integration for hidden threats, which is why the system architecture must prevent these risks by design. Apple's closed ecosystem does just that. The claim that Apple is hiding behind excuses is naive. You cannot simultaneously keep data private on a device and freely share it with third parties without destroying the very privacy you promise. The EU is demanding the impossible: openness without vulnerability.

Bad laws don't become good just because they are laws. The DMA is less about user freedom and more about political maneuvering aimed at weakening Apple and giving opportunities to data-driven competitors. In practice, this means less privacy, less security, and a worse user experience. Apple's model isn't perfect, but it's the only real barrier to the mass exploitation of user data, and that's precisely what the DMA puts at risk.

Chat Control 2.0, one of many attempts to break and ban encryption and the desire to monitor all communication on a user's device in the EU, best shows the true intentions of the EU's political elites.
It's better if I don't even start writing about app piracy, but when I see how many developers advocate for a model that will destroy their business, I'm almost looking forward to it all.

@Andy I’d like to see some specifics. Sideloaded apps would still be sandboxed, so are you hanging your “strict data protection” claim on App Review? What user data could be collected via opening up Live Translation that is not already accessible via current support for third-party audio hardware and apps?

I think the door is pretty much already open. There is no way to vet what apps are doing with your data. Apple doesn’t provide a way for users to see when apps are accessing what. Privacy nutritional labels offer the illusion of disclosure, but there’s little reason to believe that they have any basis in reality.

@Michael iOS security isn't just about the sandbox, it's a combination of sandboxing, code signing, entitlements and a centralized App Review process that restricts malicious apps. It's not perfect, but it's certainly better than what the EU is pushing for. If you remove control over distribution, you keep the sandbox, but you lose the systemic review that prevents large scale abuse.
With Live Translation, yes, third party apps can access the microphone, but only through strict APIs, time limits and visible indicators. Apple's version processes audio entirely on device. Forcing an interoperability API would mean exposing a continuous audio stream to any third party, which is not the same as a user choosing a single app. Plus, forcing a company to work for its competitor's profit seems insane to me.

And something beyond just the technology. I don't trust EU institutions when it comes to privacy. They're pushing laws like Chat Control that would weaken encryption, while the UK is now ordering Apple to build a backdoor for iCloud for all users in the UK (news from October 1, 2025). When regulators demand both "openness" and surveillance, it's clear that protecting users isn't their priority.

@Andy The rest of those would also apply to sideloaded apps, so it seems like you’re pinning your hopes on App Review, which is not equipped to detect most of the potential issues, anyway. And there’s no reason they couldn’t still do systematic review—they get all the builds plus control over distribution via notarization and code signing. They can revoke a misbehaving app after the fact, which is often what happens with App Review, anyway.

I still find your Live Translation position murky. What’s the danger in using it with a third-party microphone (no software installed on device)? And from the third-party software side, I don’t understand why you’re saying that the user would not be granting access to the individual app.

The “on device” stuff is a smokescreen. A third-party app could do that, too, and users can’t really tell that Apple is actually doing that. Furthermore, many users would probably be happy to use an online service—they already do with the various voice assistants.

I don’t know how interoperability became working for competitor’s profit, but I think it’s revealing that that’s how Apple sees this. A developer selling a translation app and paying part of the proceeds to Apple through the App Store is an Apple competitor? So is a company making standard Bluetooth headphones? And what happened to the customer’s interest in choosing how they use the device that they purchased? Was mandating USB-C support also forcing Apple to work for its competitors?

I don’t trust the EU institutions, either, but that has nothing to do with Apple’s claims about the DMA.

It's also good to note that while Apple talks about all kinds of privacy concerns with the DMA, they still don't seem to care about the blatant privacy violations allowed by their own in-app browser API (WKWebView).

This API allows apps to track which web pages are visited, as well as allowing JavaScript code injection into those websites for further tracking. This is why Facebook, Instagram, Messenger, Threads, TikTok, Pinterest, etc. all force users to use this tracking-enabled in-app browser by default.

More information:
- https://open-web-advocacy.org/blog/in-app-browsers-the-worst-erosion-of-user-choice-you-havent-heard-of/
- https://infrequently.org/2025/08/apple-vs-fb-kayfabe/
- https://mjtsai.com/blog/2022/08/12/meta-apps-inject-tracking-code/

@Mark Also: https://mjtsai.com/blog/2022/02/12/the-time-to-fix-web-security-bugs/

@Michael App review is not intended to catch everything, but rather to stop malicious applications before they reach users. Notarization and revocation can only take effect after users have already been exposed. With alternative stores, Apple loses this sole ex-ante barrier and every malicious version becomes a live test on actual devices. Security through cleanup is not the same as security through prevention. The fact that app review sometimes misses things is an anomaly, not the rule, and now even that vector of protection would be lost. The vast majority of iOS users are not engineers or developers, they do not analyze sandboxing models or permission systems. What they know is that their iPhone "just works" without them having to worry about malware. This trust exists because of Apple's current model and dismantling it would undermine the very thing these users value most.

Live translation is about constant, privileged access to audio streams. Apple's model keeps live translation entirely on-device, with the authority and hardware/software integration to ensure only the operating system can access the continuous audio stream. If interoperability were forced, that same raw stream would have to be opened up to third party apps from alternative stores. The moment multiple external apps have constant, privileged access to live audio, the attack surface expands. More code paths, more vendors, more opportunities for weak security practices or malicious use. In security, every additional privileged endpoint is a new potential breach.

The claim that "on-device processing is just a smokescreen" misses the point, because Apple designs the SoC and OS to enforce it. A random third party making the same claim has no means of verification and no integrated trust layer. It's a difference in model.

Whereas USB-C involved hardware standardization, the DMA operates on a completely different principle, mandating that Apple surrender its unique, differentiated software offering to competitors. This is not just interoperability, it is state-sanctioned expropriation of a market advantage.

Users can't/wan't audit apps, the only realistic protection is systemic design. The DMA removes that, which means more choice and more vulnerability.

@Mark Delays in applying WebKit patches (@Michael) highlight an enforcement problem, not a flaw in the closed model itself. The abuse of WKWebView occurs because third parties are given a channel to inject code and track users. Forcing DMA style interoperability would not solve the slow application of patches, rather it would multiply the channels, expand the attack surface and make enforcement more difficult.
And this actually proves a broader point. When third parties control the channel, users get tracked and the DMA would make this the rule not the exception.

@Andy I think you greatly overestimate what it’s practical (or even possible) for App Review to catch. It’s not an anomaly when they miss something; the entire model is fatally flawed. I think the existing trust is misplaced and mostly due to marketing and cleanup, not actual prevention and safety. The users value what they think they have, what they’ve been told they have, not what they actually have.

Isn’t constant audio access already possible in other contexts (like VOIP)? Why aren’t you worried about that? I’m not sure what you mean by privileged or what’s so special about the raw stream. There are already tons of apps that can record audio (and video!), and nobody can ensure they don’t do bad stuff, yet life goes on. People who want to stick to the system apps can certainly do so. I’ll ask again: what’s the danger in using Live Translation with a third-party microphone vs. all the other cases where that’s already allowed?

Well, part of the problem is that Apple doesn’t allow third-party apps to have subprocesses with limited privileges. So, yes, an app can’t make the on-device claim unless it doesn’t need the network entitlement for anything at all. But this doesn’t mean that Apple’s claim is true for Live Translation. Remember all the talk about how Blastdoor was going to make iMessage secure, and yet there’s one vulnerability after another breaking out of its sandbox?

What’s the distinction between hardware and software standardization? Apple saw Lightning as a differentiated market advantage.

Apple’s claim was that third parties couldn’t be trusted to make safe browser engines, so all iOS apps would have to use WebKit. Yet the reality is that iOS users were exposed to vulnerabilities for longer. They didn’t have the choice of an alternative that might be more secure, and there was no pressure for Apple to do better because it had eliminated the possibility of competition. The flaw in the closed model is that the feedback/incentive mechanism is broken. More browsers would mean a larger attack surface, but on the other hand a Safari monoculture is an extra juicy target.

I don’t think the DMA would affect injecting JavaScript into WKWebView.

@Michael Tsai

Its not that first party are inherently safe and secure. Surely they can be bugs or flaws

But from apples perspective, they cannot promise or ensure what happens to a users data once it leaves their systems.

@Julian Such is already the case with all the other ways to input or record data since the beginning of iOS. Why is this different?

Frankly if the Neon fiasco hasn't made it clear that Apple's "privacy" line is so much self-serving bollocks, nothing will. I hate the idea of deliberate transactional inefficiency, but perhaps breaking Apple up so that it has to work within the confines of its competitors might teach it the value of interoperability more persuasively than any direct attempt to regulate its behaviour, because it's clear that the battles it's most willing to fight have less to do with ethics or concern for users and more to do with its bottom line. It was ever thus and while I accept that in principle any corporation can have ethical leadership, mere hope is a poor substitute for regulation and the steady move away from the profit incentive.