Apple ‘breaking’ iPhone web apps in EU to comply with DMA rules

16 Feb 2024

Image: © OceanProd/Stock.adobe.com

Open Web Advocacy, which has opposed Apple’s decision, said that the company is ‘demoting web apps from first-class citizens in the OS to mere shortcuts’.

Apple has revealed that EU users no longer have access to web apps on their home screen because of complications arising out the requirements of the Digital Markets Act (DMA).

Web apps on the iPhone, also known as progressive web apps or PWAs, allow web apps to look and feel like more like native iOS apps. Earlier this month, some users noticed that Apple had “broken” its support for PWAs in the EU for the iOS 17.4 beta.

Initially thought to be a bug by developers, the move was soon called out as suspicious by activist groups such as Open Web Advocacy, which said it “demotes web apps from first-class citizens in the OS to mere shortcuts”.

“This is almost certainly a bug, but it gives rise to suspicion among the developer community thanks to Apple’s long history of neglect and denial of features for iOS Safari,” the group wrote at the time.

“The choice to underinvest might only be problematic, save for Apple’s effective ban of third-party browsers. Because third-party browsers cannot provide their own Web App features, if it doesn’t work in iOS Safari, it doesn’t work on iOS.”

Why did Apple do this?

Now, Apple has confirmed in an update this week that it had to remove the home screen web apps feature in the EU market to comply with DMA requirements.

“The iOS system has traditionally provided support for home screen web apps by building directly on WebKit and its security architecture. That integration means home screen web apps are managed to align with the security and privacy model for native apps on iOS, including isolation of storage and enforcement of system prompts to access privacy impacting capabilities on a per-site basis,” the company explained.

Apple said that without this type of “isolation and enforcement”, malicious web apps could read data from other web apps and recapture their permissions to gain access to a user’s camera, microphone or location without a user’s consent.

Moreover, the company claimed, browsers also could install web apps on the system without a user’s awareness and consent.

“Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration architecture that does not currently exist in iOS and was not practical to undertake given the other demands of the DMA and the very low user adoption of home screen web apps.”

Apple clarified EU users will still be able to access websites directly from their home screen through a bookmark with “minimal impact” to their functionality.

“We expect this change to affect a small number of users. Still, we regret any impact this change – that was made as part of the work to comply with the DMA – may have on developers of home screen web apps and our users.”

Response

The Open Web Advocacy group released a statement yesterday condemning Apple’s action.

“The inability of third-party browsers to compete in the provision of web app functionality was discussed in no less than four regulator’s investigations. Potential competition from web apps was directly stated in the DMA as the motivation to prohibit banning competing browser engines,” the group wrote.

“It seems highly unlikely that the policy team working for Apple were unaware that they were required to allow third-party browsers to install and power web apps using their own browser engines.

“Yet when Apple announced their compliance proposal for the DMA, web apps were noticeable by their absence. This is the same Apple that again and again claims that web apps are the alternative distribution method for apps in their mobile ecosystem.”

Last month, Apple confirmed it will allow EU users to download apps from competing app stores on iOS, giving users and developers in the bloc unprecedented choice in order for the company to comply with the DMA.

“Inevitably, the new options for developers’ EU apps create new risks to Apple users and their devices. Apple can’t eliminate those risks, but within the DMA’s constraints, the company will take steps to reduce them,” the company wrote at the time.

“Across every change, Apple is introducing new safeguards that reduce – but don’t eliminate – new risks the DMA poses to EU users.”

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com