Apple Device Management VMware Workspace ONE Workspace ONE Unified Endpoint Management

Apple iOS 17.4 introduces updates, including alternative app stores and payment methods

In 2022, European Union (EU) watchdogs, the European Commission (EC), launched an ambitious project aimed at “ensuring fair and open digital markets.” Essentially, the goal of the Digital Markets Act (DMA) is to limit the power of designated technology “gatekeepers” and ensure they behave “in a fair way online.” These are the six online platforms designated gatekeepers:

  • Alphabet
  • Amazon
  • Apple     
  • ByteDance
  • Meta
  • Microsoft

For these select few, the EC laid out a set of business practices they’d need to change over the coming years to comply with the DMA. In the case of Apple, the EC deemed that the App Store, Safari, and Apple Pay are considered “core platform services,” and that competing developers must be allowed to offer alternative solutions to iPhone and iPad customers. As a result, iOS 17.4 includes multiple changes that will greatly affect users in the EU over time.

Alternative contactless payment systems

Companies are now able to develop solutions that make use of Apple’s Near-Field Communication (NFC) technology in a seamless and convenient way to create alternative tap-and-go payment systems that compete directly with Apple Pay in the EU. A developer entitlement is required for companies that decide to take advantage of the opportunity to compete with Apple Pay. The entitlement process allows Apple to ensure that:

  1. Developers will incur fees to piggyback on the NFC tech that Apple spent valuable time and resources creating.
  2. Competitors must, of course, be licensed with the proper authorities to provide payment services in the European Economic Area (EEA) 
  3. Developers will comply with Apple’s minimal design guidelines. 

Options for Workspace ONE customers

If you are a Workspace ONE customer and have concerns about alternative payments systems running on corporate devices, you can simply block apps from being downloaded. With mobile device management (MDM), you can also use the Restrictions profile to remove the App Store. To hide individual apps and prevent these apps from running, you can use the “Hide App” functionality in the Restrictions profile. For more ways to block apps on corporate devices with Workspace ONE, review the tutorial on Tech Zone.

Alternative app marketplaces

Since the inception of the iPhone, millions of iOS customers have had one single place to download applications — the App Store. As such, it’s likely that the most impactful change in iOS 17.4 is the introduction of alternative app marketplaces that compete directly with the App Store in the EU. App developers may also use alternative (non-Apple) payment service providers (PSPs) to power in-app purchases or link users to out-of-app websites to conduct transactions. They can also, of course, use Apple’s own payment processing for a 3% fee (a typical cost for processing).

Apple has warned that any new marketplaces or alternative payment methods could introduce elements of risk in the form of privacy, security, and fraud threats, as Apple will have very little control over these entities. Constrained as they are by the DMA, Apple is taking what steps they can to mitigate these risks. 

Requirements for third-party marketplace developers

As mentioned, Apple now provides new APIs, allowing third-party developers to create and manage their own application distribution platforms (which will be available for download on their own organizations’ websites). Each aspiring marketplace developer is required to attain the proper developer authorization, through which Apple will ensure that they are adhering to certain requirements:

  • Labeling that lets users know the app they’re downloading uses non-Apple payment processing
  • In-app notifications telling users they’re about to transact using non-Apple payment processing
  • Expanded data portability for users allowing them to export data about their app usage

Requirements for app developers

In addition to these requirements for marketplace developers, Apple has also implemented a notarization process for the applications they’ll be distributing. (Note: Historically, apps distributed through the App Store have always undergone a level of scrutiny by Apple to ensure integrity.) Notarization involves a set of “automated checks and human review” designed as a minimum guard against security and fraud risk. Apple has also implemented new protections that prevent apps from opening if they contain malware. Still, for apps that use alternative payment processing, Apple warns that the company will be unable to issue refunds and will have limited customer support capability. 

The message about alternative app marketplaces and payment services is clear: Swim at your own risk, EU!

App developers now also incur fees from Apple, and additional controversy surrounds a new one called the Core Technology Fee (CTF). The CTF kicks in only after an app has been downloaded 1 million times — so for the vast majority of apps it will never come into play. But in rare types of situations, it could prove costly. Apple has provided a convenient fee calculator to help developers quickly understand the cost of their app on an alternative marketplace.

Options for Workspace ONE customers

If Workspace ONE customers have concerns about alternative app marketplaces running on corporate devices, Apple has introduced a new Restrictions key available to block these from running on supervised devices. This Restrictions key will be supported in our next Workspace ONE Unified Endpoint Management (UEM) console release. In the meantime, you can also easily deploy this Restriction as a Custom Settings profile using the below XML: 







        <string>Block Third-Party App Marketplaces</string>












For more information on how we implement new profile keys, please see our End-User Computing Blog post introducing the data-driven UI for iOS profiles

Likewise, the Restrictions profile can be used to remove any suspicious applications from supervised devices via the “Hide Apps” functionality. For more information on ways to block apps on corporate devices with Workspace ONE, review the tutorial on Tech Zone.

Browser apps and alternative web browser engines in the EU

iOS 17.4 introduces a new, user-friendly experience for selecting default browsers. Upon first launching Safari on an iOS 17.4 device, users will be prompted to select their default browser from a list of main browser applications available in their market. Apple is also allowing app developers to embed alternative browser engines in their applications, no longer requiring the use of WebKit. In order to leverage an alternative web browser engine, a special developer entitlement is required, along with adherence to extensive security requirements.

Default app controls and expanded interoperability

To complement these changes, Apple is allowing users to set default app marketplaces and default contactless payment apps. Additionally, Apple has also exposed more than 250,000 developer APIs to provide third-party applications access to core platform technologies, such as device Bluetooth radios, the camera, and the microphone. An interoperability request form must be completed and approved by Apple to access this large swath of APIs. 

More changes may be coming

As things currently stand, Apple has submitted these changes to the EC as their answer to the issues. The EC is assessing the proposals and eliciting feedback from stakeholders. The final solutions that are ultimately implemented could look different from what’s been reported here, and we will endeavor to update you when the final settlement has occurred.

iOS 17.4 is available now

This is just a short summary of all the new technologies and application capabilities available in iOS 17.4. For more in-depth information, please visit Apple’s developer support article, “Update on Apps Distributed in the European Union.

Additional resources  

Read more about these topics: