Nearly two weeks ago we discussed a bug on iOS Beta 17.4 breaking Web App installation in the EU. Yesterday we raised the alarm that this appeared to be not a bug but a deliberate choice on Apple’s part. Today Apple officially confirmed our suspicions in an update to their compliance proposal.
In a direct attack on the open web, its users, and its developers, they have decided to kill Web Apps (PWAs) in the EU:
And so, to comply with the DMA’s requirements, we had to remove the Home Screen web apps feature in the EU.
EU users will be able to continue accessing websites directly from their Home Screen through a bookmark with minimal impact to their functionality. We expect this change to affect a small number of users. Still, we regret any impact this change — that was made as part of the work to comply with the DMA — may have on developers of Home Screen web apps and our users.”
This is emphatically not required by the EU’s Digital Markets Act (DMA). It’s a circumvention of both the spirit and the letter of the Act, and if the EU allows it, then the DMA will have failed in its aim to allow fair and effective browser and web app competition.
It’s telling that this is the feature that Apple refused to share. And it makes sense: the idea that users could install safe and secure apps that Apple can’t tax, block or control is terrifying to them.
The legal obligation to allow third-party browsers onto iOS removes their ability to set a ceiling on web app functionality via their control of Safari and the WKWebView. Suddenly Web Apps would be a viable competitor. It is particularly galling for them to cite low adoption when they have had their thumb on the scale suppressing them for over a decade.
The DMA compels them to allow third party app stores, but Apple’s plan is to cripple them with their hardware and software API fee (Core Technology Fee) and their ludicrous “opt-in to your legal rights” at a different price alternative contract.
But web apps are much harder to stop. Even Apple admits WebKit’s sandbox is, to quote them ”orders of magnitude more stringent than the sandbox for native iOS apps”. They tried claiming to the UK regulator that Safari is more secure than other major browsers but decisively lost that argument.
So this is their new tactic: Kill off a competitor while saying the EU made them do it.
Apple has had 15 years to allow third party browsers the ability to compete in web app functionality and nearly 2 since they knew they would be legally compelled to do so.
Apple also makes tenuous, bordering on laughable, claims regarding web app security. In addition to unwarranted and unjustifiable attempts to project their own model onto competing browsers, Apple makes claims that ignore the history of web applications and browsers in providing strong privacy and security separation. Apple offers no evidence to back these assertions, and ignores the long track record of superior security of PWAs on other OSes.
Again and again, Apple has offered paper-thin fig-leaf arguments based on security to duck regulation, only to have these ploys rejected in nearly every jurisdiction where evidence is critically examined. This appears to be another instance of the same willfully misleading pattern. If security posturing is the backbone of Apple’s attempt to duck conformance with the DMA, the EU must reject the proposal and find Apple willfully non-compliant.
Apple also makes a self-fulfilling argument regarding the low use of iOS homescreen web apps. This is a situation of Apple’s own making and, indeed, a large part of why OWA has invested so much in reversing Apple’s history of self-preferencing towards native apps that Apple can tax through its App Store monopoly. Instead of offering equivalent affordances for websites looking to compete with App Store alternatives, Apple’s answer is to remove the capability, destroy critical features, and engender data loss for users and businesses that had invested in the web as a platform. Malicious destruction may be Apple’s attempt at an answer, but it is not a solution.
The next question is: Why all the secrecy? There was nothing in their compliance plan, Safari’s release notes or the beta’s release notes. Given that they are now stating they knew all along, it seems they wanted to see if they could sneak this past.
Clearly the backlash has caught them off guard and that’s why they had to rush out this panicked response, the only significant update they have made to their compliance proposal.
We always assumed that the commission would have to fine Apple billions to force them to allow the web to compete fairly and effectively with their App Store but it’s still incredibly disappointing to see Apple behave like this.
This is a message in a bottle to regulators world-wide: Apple will stop at nothing to protect its app distribution monopoly and the rent that comes with it, including removing critical features from its OSes without the slightest care for its users. It will not act in good faith, it must be forced.
We will continue to work with the EC to ensure that Web Apps can remain first-class citizens for iOS users, businesses, and competing browser vendors.