Apple recently sent a letter to the European Commission (EC), criticizing recent inquiries into whether the App Store complies with the Digital Services Act (DSA) amid the separate Digital Markets Act requirements that Apple has been required to put in place.
The Commission asked Apple for information on how it locates fraudulent content, what it does to reduce the risk of financial scams in apps, and how it verifies the identity of businesses. It separately requested details on the policies Apple has in place to protect minors. Both requests were part of an inquiry into whether companies are complying with Digital Services Act requirements.
Apple's response, penned by Apple VP of Legal Kyle Andeer, answers all of the EC's questions and includes the relevant information to satisfy the request, but also points out the hypocrisy of questioning App Store consumer protections while requiring Apple to support sideloading functionality that isn't subject to those protections.
Andeer says that it is "difficult to square" the DSA investigations with the EC's "aggressive interpretation and application of the Digital Markets Act," and that the probe into Apple's App Store safeguards "defies all logic" in light of the DMA requirements. He also argues that the European Commission needs to enforce the DSA and DMA as a whole, rather than as separate policies.
It does not make sense for the Commission to press Apple to protect users, including minors, from fraud within the App Store while at the same time requiring Apple to create functionalities like link-outs and web views that increase the risk of fraud without necessary safeguards.
The Commission cannot both prohibit Apple from taking the steps it has found essential in mitigating the risk of scams and fraud on the App Store while simultaneously scrutinizing Apple for not providing even more measures to mitigate these risks on the App Store. It does not make sense for one EU law to encourage Apple to mitigate as much as possible the risk of exposing consumers to fraud or minors to potentially harmful apps through the App Store, only for another EU law to prevent Apple from using those same measures to mitigate the same type of risks just because they exist outside of the App Store. This paradoxical situation creates a regulatory structure that endorses leaving iOS and iPadOS users at risk if they choose not to use the App Store, when developers choose to use link-outs, or when users opt to use third-party products to interoperate with iOS or iPadOS. [...]
If the Commission does not consistently prioritise protecting consumers from online harms like fraud, or minors from online harms like pornography or other unsafe apps, in all enforcement contexts, including the DMA, nor use the tools it has at its disposal to resolve these fundamental frictions, the objectives of the DSA will be underachieved, no matter how sufficient Apple's measures are to comply with this specific regulation.
For context, the Digital Services Act requires very large online platforms like Apple to offer protection against disinformation or election manipulation, cyber violence against women, and harms to minors online. It also has provisions to counter fraud and mitigate dissemination of illegal content, among other requirements.
The separate Digital Markets Act requires Apple to support alternative app marketplaces and adhere to interoperability rules that Apple has continually argued weaken privacy and security. Andeer says that the Digital Markets Act "exposes users to fraud and scams" on third-party platforms, and the EC has been warned that the DMA enforcement is "reckless and even dangerous."
Apple's App Review team removed 37,000 apps for fraudulent activity in 2024, rejected 115,000 apps for unsafe experiences, and rejected 320,000 app submissions that copied other apps, were found to be spam, or misled users in some way. Further, 139,000 developer enrollments were rejected, and 146,000 developer accounts were terminated due to fraud concerns.
