Reading the fine print of Apple’s DMA rules: 25 things app developers need to know

Apple last week announced new rules for EU app developers to comply with the Digital Markets Act (DMA). After being designated as a “gatekeeper,” the EU required Apple to make changes to increase competition in the app industry, including by offering new ways to download apps from outside the App Store, new frameworks and API, a revised commission and fee structure, and more. Developer responses to the changes have been mixed, as several larger companies, including Epic Games, Spotify and more recently Microsoft, have come out against Apple’s changes, which seemed designed to ensure that Apple’s ability to profit from iPhone apps continues, regardless of how they’re discovered and installed.

While developers are being presented with a reduced commission in the EU — either 17% for digital transactions and services or 10% for those who qualify for a small business discount (or subscriptions in year two), the company will continue to charge an additional 3% if the company uses Apple’s payment processing service.

In addition, under the new terms, the company is implementing a Core Technology Fee that Apple says pays for their access to Apple’s proprietary technologies and tools, developer services and support, and platform integrity. This fee applies to apps both distributed on the App Store and through alternative marketplaces and is €0.50 for each first annual install per year over a 1 million threshold.

Apple is also introducing more options, like the ability to choose your default web browser and, for developers, the ability to tap into NFC payment technology (which powers Apple Pay) for their own apps.

After digging through the documents Apple provided and speaking to the company, there are a few caveats and details to these rules that developers should know. We’re compiling them below as a starting point and will add to this list over time as we learn more.

1. Apple will permit alternative app marketplaces that compete with its own App Store, but Apple is still controlling which companies will be allowed to build such apps. Apple says that marketplace app developers will need a €1,000,000 letter of credit from an A-rated financial institution to receive the entitlement. The company says only developers who commit to protecting users will gain access to its new APIs needed to build their marketplace apps, and this is one way Apple is vetting them. It believes this limitation will ensure that malicious actors don’t open marketplaces that harm iPhone users, where they engage in scams.
2. App marketplace apps can only be distributed from developer websites, not the App Store.
3. Individual apps (non-marketplace apps) cannot be distributed from a website. They have to choose either App Store distribution or alternative distribution through a third-party marketplace.
4. Marketplace apps have to pay the Core Technology Fee for each install, while apps distributed through alternative marketplaces or the App Store get their first million installs for free per calendar year. This encourages individual developers to update their apps and release security fixes, even if they’re not distributed through the App Store, but applies an upfront cost to developers running an App Store rival. Apple points out that it’s developed more than 600 new APIs as part of its effort to enable marketplaces.
5. The Core Technology fee is waived for nonprofits, government agencies and educational institutions.
6. The Core Technology fee is not waived for free apps, open source apps or freemium apps, which means it would not make sense for a free app developer to even distribute under the EU’s new terms because if their app goes over a million installs per year, they’d have to pay Apple anyway. Apple thinks that these apps will still be able to pay the Core Technology Fee because they likely monetize in another way, like via advertising or physical goods. (In other words, Apple found a way to tap into revenues apps make outside of in-app purchases and paid downloads!) Apple estimates the Core Technology Fee will only be paid by less than 1% of developers in the EU. However, developers don’t have to adopt it — it only applies to those who adopt the new terms for alternative distribution and payment processing. 
7. Apple will protect against “install bombing” — that is, a bad actor increasing the app install numbers of a competitor, for instance by downloading their app on multiple devices. Apple says it will offer an install verification mechanism to ensure all installs are from real Apple devices and will limit the number of first annual installs that can come from a single device. It may also terminate developer accounts that engage in suspicious behavior if warranted. 
8. A user can install multiple third-party app marketplaces on their device, but the marketplace will need to request permission from the user before they can start installing apps from those rival app stores.
9. Users will gain new settings and controls to manage the new ways apps are installed. This includes being able to see the source of where an app was installed (e.g. which third-party app store). A permission in Settings dubbed “Allow Marketplace from Developer” will let users pick those alternative app stores they want to permit. Users can also revoke a developer’s permissions if need be, and manage their default app marketplace in the settings.
10.  Regardless of how an app is distributed, apps will be “notarized.” This process means the app gets an installation key which is used to install the app on the user’s device. Apple will also scan apps for viruses, malware and other security threats as part of this process. It will additionally ensure that certain things about the app are true, using human review — for instance, that it does what it claims to do.
11.  Notarization does not include the quality standards for app store review or allow Apple to reject apps based on their content. That means illicit content and pornography, then, could be permitted.
12.  If Apple detects an app from a third-party app store contains malware after it’s installed, it will prevent it from launching. Whether Apple will be able to reliably detect malware when an app is installed outside the App Store remains to be seen. Apple won’t be responsible for things like refunds or the risk of fraud and abuse that could occur outside its App Store through third-party app marketplaces, however.
13.  Notarization will allow Apple to show users more details about an app before they install it, including the name, developer’s description with screenshots and age rating. 
14.  Apple is heading off attempts by developers to create alternative game stores by offering the new ability for game stores that stream titles to exist on its App Store. Before, each game had to be a separate app.
15.  Developers have to submit a single binary for their app, regardless of whether it’s distributed across the App Store or an alternative app marketplace. This means apps can only be installed from one app store at a time, so if users had downloaded the App Store version, they’d have to delete it to download a new non-App Store version.
16.  While developers can choose to offer alternative payment processors in their App Store apps, they can’t offer that alongside Apple’s own in-app payments (IAP). But they can switch back to IAP at any time.
17.  Users will be prompted to choose a default browser app when they open Safari for the first time on their device after updating to iOS 17.4 and they’ll be able to manage their default app browser in iOS settings.
18.  Browser app developers will be able to choose alternative engines other than Safari’s WebKit in the EU. Apple says it’s bringing technologies from WebKit to iOS to enable “high-performance” alternative browsers. This includes just in time compilation, multi-process support, a custom web sandbox and Passkeys.
19.  Browser app developers will be required to adhere to industry standard privacy and security practices, like addressing security vulnerabilities in a timely manner.
20.  Developers will be able to offer NFC payments within their apps without using Apple Pay or Apple’s Wallet app. This software solution is similar to how Android today supports NFC payments for alternative wallets and enables apps to access “field detect,” which invokes the user’s default NFC app when an iPhone is placed near an NFC terminal.
21.  Developers will be able to integrate third-party payments either directly in their app or inform developers of the offers and promotions available when purchasing on their website.
22.  While developers could get started with the beta release of Xcode 15.3 and iOS 17.4 last week, the changes won’t become available to Apple users in the EU until March. 
23.  50 new reports in App Store Connect will include metrics around engagement (like number of users interacting with an app on the App Store or sharing it with others); commerce (downloads, sales, proceeds, preorders, transactions made with Apple’s in-app purchase system; app usage (crashes, active devices, installs, app deletions, etc.); and frameworks usage (the app’s interaction with OS process, like PhotoPicker, Widgets and CarPlay).
24.  Developers will be allowed to share their app store with alternative app marketplace developers and third parties, including by exporting the full history of their app’s engagement, commerce and usage. More details about this will come in March.
25.  Developers can choose between the existing terms available today (e.g. commission structure) or the new terms. However, those who adopt Apple’s new EU business terms at any time will never be able to switch back to Apple’s existing business terms for their EU apps.

Apple’s answer to EU’s gatekeeper rules is new ‘core tech’ fee for apps