Several recent news items on Apple’s and the EU Digital Markets Act prompted me to update my thoughts on Apple’s struggles with the European Commission and with other software developers. For my previous update, with links to earlier texts, see DMA workshops and privacy. In the past week, Apple attacked Meta for making DMA interoperability requests, while the European Commission published draft rules on how they expect Apple comply with the DMA (here and here).

To some extent, Apple’s approach to protecting user data and user experience has been to make some functionalities only available to Apple.[1] Apple openly presents itself as a company that users can trust more than others. For many customers—myself included—this has been a significant reason for choosing Apple products. In other words, the choice of Apple’s “walled garden” has been a valuable choice that customers wanted. In a very meaningful sense, Apple offered a secure and bloat-free experience without a need for significant tinkering and expertise. I say that as someone also running the GrapheneOS flavor of Android and managing quite a few Linux machines (if you ask my wife, too many) for various personal uses.

Since the early days of what became the EU Digital Markets Act, I found it staggering how disdainful the EU policymakers have been towards the idea that the walled garden can be a valuable choice available to consumers.

Perhaps, this attitude partially comes from the lack of understanding of what happens when system interfaces are opened to third-party developers, even when users are enabled to switch this off. Let me illustrate this briefly.

There is a simple scheme I’ve been observing over and over again. App developers want to make their lives as easy as possible. They don’t want to deal with the pain of robust data minimization: they just want their apps to work and to develop them as quickly as possible. So, for example, if the operating system enables users to (1) share no contacts with an app, (2) select a few contacts to share or (3) share all contacts - why not code the app in such a way that it will only process a single contact if the user shares all the contacts? Same with permissions for photos, notifications, running the app in the background and so on.

You could say that users may want to discriminate against such app developers and choose apps that promise not to do that.

One problem with this counter is that it seems that Apple has been one of the few companies that managed to convince customers (especially consumers) that a more secure product is accordingly worth more. (Just because such products cost more to develop, there is no guarantee that there will be sufficient demand at a higher price). I’m guessing that privacy and security are such a relatively niche concern that consumers are not willing to reward for them more than a small number of brands that invest very heavily in promoting themselves as such and in retaining this position through significant development costs. (Also, in a way, I feel subsidized by those Apple customers who don’t care about the security aspects.)

The other serious problem is apps which for some reasons are “must haves,” e.g. those coming with physical devices like home appliances. Here the incentives are particularly tilted away from security and no regulatory hand-waving is likely to change that. (This, by the way, is one of the reasons why in the post-DMA world I find it necessary to run a separate GrapheneOS phone for especially untrusted apps—a group I expect to grow significantly with the growth of alternative, “low friction” app stores and side-loading on iOS).

Another possible counter is that Apple is allowed, under the DMA, to protect privacy and security. I have seen nothing that would make me think that the European Commission takes this part of the DMA seriously. I’m convinced that every such argument is met with the highest skepticism and perceived as gatekeepers looking for loopholes in their obligations. I’m also guessing that the Commission will gleefully respond to such arguments by saying that it’s not for the gatekeeper to police third-party compliance with, for example, data protection laws.

So I have little hope that we’ll see reasonable technical solutions like, for example, an option not only to set very granular, limited permissions to apps (for access to contacts, notifications, photos and so on), but also for apps to be unable to check what level of permissions they received (even to the extent of the system feeding fake data to an app, if a user wants that). Moreover, to keep the current expectation that users are protected by default, such “aggressive” limitations should be the default, easy to adjust, and accompanied with appropriate guidance (what some will surely call “scare screens”). From a user perspective, this could help to address the problem of apps asking for much greater access than really needed to deliver the functionality the user wants. But, for the European Commission, this will likely sound like Apple refusing to give third-party developers full access to the system.

Of course, to preserve the level playing field, the same granular options should be available for Apple apps. This is potentially a big change. In other words, Apple would need to extend the zero trust approach even to their own apps. For Apple, this may be a cultural clash, going against their mindset that users “can trust them.” Perhaps they would not be willing to do it.

This brings me to the question some analysts like Ben Thompson already started raising: at what point does it make more sense for Apple to leave the EU?

As I see it, Apple faces several choices—two that would involve radical transformation of who they are, and one to refuse doing it and leave the EU.

First, Apple could do what I just suggested—attempt to comply with the DMA by giving third-party developers the kind of access that the European Commission calls for, but with robust and effective safeguards controlled by users. This would be a transformation for Apple, because it would require treating its own apps as untrusted. However, I’m skeptical the Commission would allow this (which, of course, would show that the DMA enforcers don’t really care about EU customers, and are firmly committed to a Nirvana fallacy).

Even though this may be the best option possible it would still in important ways be worse than the pre-DMA status quo. One key reason for that is that it would place a much more significant burden on users to preserve their pre-DMA level of user experience, including privacy and security—requiring time and knowledge that it may be unreasonable to expect consumers to want to invest. Arguably, this additional burden would mean that even with the best efforts from Apple to move to a robust zero trust environment, the customers would still be worse off.

Second, Apple could transform itself and abandon the identity of being special even among Big Tech companies in how they approach user privacy and security. This might involve acceding to all the requirements from the European Commission without an attempt to introduce zero trust for all first- and third-party applications on iOS. It would, of course, be a loss for users, but probably what the Commission wants.

Finally, Apple could leave the EU market and abandon the “EU fork” of iOS. I’ll leave it to Apple analysts like John Gruber to speculate on how likely this is, but it does seem like it may be the only way for Apple to preserve their identity.

[1] In some contexts, Apple also implemented a more “zero trust” approach—where even Apple is not meant to have access to user data—with features like the Secure Enclave on their devices or Advanced Data Protection for iCloud.