Apple App Store: Difference between revisions

Apple uses several technical measures to protect their App Store ecosystem and prevent consumer choice. They are good at obscuring their intentions with technical roadblocks, while typically citing security reasons for them - assuming the public even recognizes what is going on. This actively hurts the ability for lawmakers to have an accurate understanding, so they can consider applying legislative pressure.

A never-ending demand for a cut of every sale of a digital product, ranging from game currency, to supporting content creators,^[1] to booking a Zoom call with a local business,^[2] hurts the ability for app developers to innovate. These developers, working hard and pulling countless hours to build a quality app, always need to take Apple's (and Google's) demands into account - specifically, between 15% and 30% of their revenue. This is revenue that can be reinvested into the app, but instead must be earmarked for the platform they are required to use to reach their customers.

Because this is a clear problem, several governments, including South Korea,^[3] Japan,^[4] the European Union,^[5] the United Kingdom,^[6] Australia,^[7] as well as the US and a handful of states,^{[8][9][10][11]} have opened investigations into anti-competitive practices, or considered or already passed legislation to force "gatekeeper platforms" such as Apple to be more reasonable with third-party developers.

This being a major threat to Apple's revenue stream (interestingly, one they claim to be unsure is profitable^[12][13]), they have responded with practices such as geoblocking certain operating system functionality based on physical location,^[14] misrepresenting/overstating risks, and using existing, trusted terms to describe unreasonably difficult to use systems.

Background info

Important terms you'll run into in this article:

• Sandbox: Reduces exposure of the user's device/data to security risks, by reducing what an app is allowed to do.
• Entitlements: Apple's method of "poking holes" in the sandbox, to give the app more permissions. Some are available to developers, while many are only available to Apple.
• Digital Markets Act: The European Union's fairly sweeping recent regulations against forcing companies they classify as "gatekeepers" to play nice, giving smaller businesses access to software/hardware features they've historically reserved for their own use.

In-app purchases

Apple has been collecting users' credit card numbers since opening the iTunes Store in 2004. The opening of the App Store in 2008, followed by the introduction of in-app purchases (IAPs) in 2009, gave iPhone app developers the opportunity to sell app features to users. The IAP system is provided as a developer framework named StoreKit. Apps and their in-app purchases are managed through a dashboard named App Store Connect. App sales have eclipsed iTunes Store sales, and are now a primary focus of Apple's Media Services division.

Apple requires every purchase of a digital good or service in an app to use their in-app purchase system. This may seem reasonable, because the customer may inevitably call Apple support, demanding a refund for an app they have issues with. Apple would rather give that refund and leave the customer with a positive support experience, than to provide a messy process involving contacting a third-party, whose customer service is likely nowhere near the same experience.

App Store purchase fees are between 15% and 30%. In September 2016, Apple expanded subscriptions to be available to any type of app, also introducing a 15% discount incentive when the user has already subscribed for a year.^[15] In November 2020, Apple introduced a reduced 15% fee for app developers with revenue below $1 million per year, with exceptions such as for games.^[16] Otherwise, the fee is 30%. In the 2008 announcement of the App Store, Apple considered this a reasonable, industry-standard fee. However, the way we use apps has significantly evolved since 2009 - the world has shifted to heavily rely on mobile apps, which have also evolved into more complex and sustainable business models than a simple one-time purchase.

Stripe, a very popular platform used for payments on the web, uses a base fee of 2.9% plus a fixed $0.30 in the United States.^[17] With add-on services, before considering volume discounts, a Stripe transaction may rather have a cost of 6.4% + $1.10.^[18] Competing payments services have fees close or identical to this. The in-app purchase system does not provide sufficient value to justify considerably higher fees than alternative payment platforms.

The App Store system poorly handles secondary marketplaces of digital services that exist within the primary App Store marketplace, such as Patreon. Apple, however, still requires companies in the business of selling digital services to use this inadequate system. This requires the app to account for Apple's fee, which is significant enough to often warrant increasing prices, and to follow rules even if they do not make sense for the nature of service they are providing. Apple has frequently been found in disputes with such apps. This injects extra complication at no benefit to the marketplace, the creator, or the customer - only to Apple, who has little to no involvement after delivering the initial app download to the user's phone. The significant fee also often drives app developers to consider building their app around an advertising model instead, creating privacy concerns.

Additionally, the 15% small businesses fee discount is judged based on the app's overall turnover, and is not based on individual creators in the app's marketplace. An app that turns over $1 million per year by providing services to creators that individually make less than $1 million per year does not have the opportunity to use the discount.

Apple, often together with Google, use lobbying efforts in the United States and other countries in an attempt to minimize the issues. "ACT | The App Association", pitched as an association of independent small business app developers, is at least 50% funded by Apple, and does not list its claimed 2,000 members.^[19][20] In March 2024, the United States Department of Justice along with 16 state attorneys-general filed a lawsuit against Apple, including an accusation that the company "extracts more money from consumers, developers, content creators, artists, publishers, small businesses, and merchants, among others".^[10] The future of this lawsuit is unclear as of January 2025.

Given Apple's strong incentives, and a ticking clock as legal pressure builds, it is not hard to find stories from app developers regarding poor experiences with Apple's app review process.

This list is extremely incomplete. Please add examples if you know of any.

Facebook Online Events

In August 2020, in response to the COVID-19 pandemic, Facebook introduced the ability for small businesses to accept an entrance fee for events. Previously, Facebook would only act as a way to RSVP for the event - the organizer must use a third-party event ticketing system to collect fees. The company pledged to not collect any fee on event sales "until 2023".^[21]

Apple disagreed, requiring the feature to use the in-app purchases system. This introduced Apple's 30% fee. As this increases the price the user pays, with no benefit to the small business the user intended to support, the fee was displayed as a line item in checkout. Apple did not accept this disclosure of the fee, referring to it as "irrelevant".^[2] Facebook was allowed to compromise on displaying the fee, but without indicating that it is specifically an App Store fee.

HEY

HEY.com is a paid webmail provider launched in June 2020 by long-time software company 37signals, specializing in providing tools that help organize the inbox.

After successfully launching the initial version of their app on the App Store, the company announced that an update was rejected. The app did not intend to support in-app purchases. Instead, the user is expected to already have an account with the service. Apple did not like this arrangement, and demanded the company build an in-app subscription option. The company argued that they are being held to a different set of rules than apps such as Netflix, whose app does not provide any way to purchase.^[22] After a suggestion from Apple executive Phil Schiller in the media, HEY introduced a 14 day free trial mode, which was approved.^[23][24]

Patreon

In August 2024, Patreon announced a change in arrangement with Apple for its App Store app. From November 2024, subscriptions started from the iOS app would be required to use the in-app purchase system, bypassing Patreon's own long-standing payments practices.^[25][1] This change does not affect the Android app.

By forcing Patreon out of the payments pipeline, certain payment models are no longer available to users of Patreon's iOS app. Creators who rely on the "per-creation" payment model, as opposed to the standard "per-month", can no longer be subscribed to from the app. The app is also not able to support the "first-of-the-month" model, where payments from all subscribers are collected on the first day of the month, rather than every 30 days since each member's day of subscription. The price must also be rounded to a price tier supported by Apple.

Patreon provides creators with the choice to increase their prices by 30% in the iOS app, or to keep the same prices but forfeit 30% to Apple. Creators frequently remind potential supporters to not use the Patreon iOS app, adding extra inconvenience to those wanting to support the work of small creators.

• 
  "Maintain earnings and cover Apple's fee by increasing prices in iOS app" (Recommended)
• 
  "Keep prices in the iOS app the same and cover Apple's fee yourself"

A similar case occurred with the app Fanhouse in 2021.^[26]

Twitter

In August 2021, Twitter introduced a feature named Super Follows (now Subscriptions), in which a user can pay a subscription fee to access more of a creator's content. For each user who enables Subscriptions, Twitter must submit a new in-app purchase SKU to the App Store, which will become available with the next update to the app.^[27] This, of course, is subject to the 30% fee. At the time of writing in January 2025, viewing the App Store listing reveals Elon Musk's $4.00 subscription as the fourth most popular IAP item.

Notarization

Since 2015, Apple expects all Mac apps to be "notarized". This is a preliminary, automated malware check, which upon passing, provides a notary certificate that gets "stapled" to the app. Apple's explanation:

Notarization of macOS software is not App Review. The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly. If there are no issues, the notary service generates a ticket for you to staple to your software; the notary service also publishes that ticket online where Gatekeeper can find it.^[28]

Whether this is actually a better approach than used by Windows antivirus, where they find out about new malware samples only when they end up on a user's computer, is a separate topic.

To comply with the DMA's regulations on app marketplaces, Apple created a new channel of releasing apps outside of the iOS App Store. Apps go through a notarization process. But the process is definitely not notarization. The name is intentionally being abused, by contrast to notarization on macOS, to make you believe it is something other than the existing App Review system. Despite the pain some developers and users have with it, notarization on macOS has always been considered a net positive. It made sense to take advantage of its reputation for the entirely different "notarization" on iOS.

See for yourself - view the App Review Guidelines and tick "Show Notarization Review Guidelines Only". While most rules are knocked out by this, a good number of them are still in place. These apps are still reviewed and tested by the App Review team, must have a full product listing in App Store Connect, and can be outright rejected - all in the same way as an App Store app.

By contrast, all that is required for notarization on macOS is for your app to not be malware. You submit it to an automated system that approves it within minutes. You don't need to convince Apple your app is worthy of existing on their platform.

The point of macOS notarization is that Apple has a record of all binaries that are intended for wide distribution on macOS, and can review them both in advance and on a regular basis for known malware/common malware patterns. Say a malware app manages to initially get through, when Apple finds out, they can go back in the notary records and find every sample of that malware to analyze and block. This is purely a technical process, managed by skilled security researchers, while iOS app review and "notarization" is a business process, managed by workers who have been given a checklist of violations to look for.

Apple is retaining complete control over what's allowed to run on iOS. On macOS, you can choose to run apps that have not been notarized (even though the process to bypass the warning is intentionally difficult). On iOS, you never get even that option. What Apple created is the App Store but with more steps. It still goes on the App Store, just hidden so it can only be installed by the third-party store it's tied to.

• Mysk: "iOS should enable alternative marketplaces to add their own links when users share their apps. Links still point to the App Store and if the app is not available there, this happens."^[29]

JIT

Safari is allowed to just-in-time compile code worldwide. The super short version of what that means: it can run JavaScript code really fast. All browsers, and other runtimes like Microsoft .NET, Java, Lua use this. Ok, fine, it's the system web browser, it's very carefully written to be secure, and it's important to the platform to be doing well in performance benchmarks and all that.

Apple's Playgrounds app on iPad is also allowed to JIT. It bundles Apple's Swift compiler, and shares backend code with the version of Playgrounds found in Xcode.

Competing apps like Pythonista (a Python IDE), emulators like Delta and UTM, and terminal environments like iSH, are not allowed to JIT. As such, they need to rely on inferior performance, potentially from an entirely separate implementation of their compiler/interpreter that may be less proven, because the JIT-less implementation doesn't need to exist on any other platform.

Likely the most clear example is UTM SE. UTM is a port of the QEMU emulator to iOS, allowing you to run desktop OSes (Linux, Windows 98, XP, classic Mac OS, etc). iPhone hardware is very capable these days and it runs impressively well, if you use a hack to enable JIT (which Apple has now patched). "SE" stands for "slow edition" - yes, really. If you compare the true version of UTM to the App Store UTM SE app, you will feel the loss in performance. It's impressive UTM even got to be on the App Store at all, and the DMA is to thank for it. But Apple is still holding the line on allowing JIT to apps that require that performance.

While UTM SE releasing at all might seem like a pathway to getting Firefox and Chrome "slow editions" on the App Store, browser engines other than the built-in Apple WebKit/JavaScriptCore are still outlawed. In the EU, Apple has blessed web browser JavaScript engines with the option to use JIT. The app must be approved for an entitlement, and then must work within APIs provided by Apple for it. As of January 2025, no browsers have been released using this. We were all anticipating proper competition around web browsers on iOS, but almost a year later, we have nothing. Mozilla has discussed why.

Sandbox

You might not like app sandboxing, but it's a powerful security feature used on all modern platforms. The reality is very few apps need more than a few basic permissions. Flatpak on Linux also sandboxes apps, and it seems to work great! Still, it's completely fair that there should be processes for doing things beyond what the sandbox allows. You see some of this with permission prompts - does a flashlight app really need access to your contacts? (Apple has been burned by apps abusing user data before the current permission system was built out.)

It can go further than this. As we established in previous sections, an app can be given more access to features of the system using entitlements. These come in a few flavors:

• Completely safe: Entitlements any developer can opt into, with little to no risk.
• Approval required: Entitlements that might be more of a security risk to allow, e.g. giving considerably wider access to the system, or that Apple simply doesn't want to hand out to just anyone for competitive reasons. The developer must submit a request to Apple with evidence of why they need the entitlement.
• Private: Entitlements that are never allowed for any app developer to use. Many of these are reasonably fenced off because they handle user data that is very risky, or bypasses permission prompts, etc, but can just as well also be guarding features Apple wants to keep to itself.

There have been exceptions where Apple quietly gave a company access to private entitlements anyway, raising eyebrows.

On iOS, you also can't be more secure than the default sandbox. That might seem crazy if you're not a developer, but it's pretty important for security in a variety of situations. On macOS, there are several entitlements you must declare to decide whether you're allowed to access certain types of user data at all. Android used this design from the very start - you can't even do fundamental things like access the internet without declaring it in your manifest. It makes it very explicit what the app's intentions are.

iOS has one sandbox used by all App Store apps. System apps, and App Store apps developed by Apple, are allowed to expand or reduce their sandbox permissions as needed. Third-party apps do not get the right to expand or reduce their sandbox permissions at all. This is clearly less secure. To take the example of Playgrounds again, while it's allowed to run your code from a separate process executing in an ultra locked down sandbox with very few permissions, competing apps such as Pythonista must run your code in the same sandbox and address space as the main app process. The Python interpreter crashing would therefore crash the entire app, possibly losing work. In the worst case, a vulnerability in third-party code could give access to all data stored by/accessible to the app. For example, it would be a nightmare if you can tap the wrong link in Safari and have a hacker easily steal your cookies from other websites. If that third-party code could run in its own limited sandbox, the risk is significantly reduced.

The only known workaround is to execute the code via JavaScript, as Apple's JavaScriptCore engine runs in a heavily sandboxed process. This requires you to port the code to JS, which may be a lot of work, or just not viable. You wouldn't want to run the Python interpreter inside JavaScript - the performance would be terrible!

In-app browsers

Safari's in-app browser, that is the minimal version you get when tapping a link from social media, uses an entirely separate data store for each app. The in-app browser isn't aware of cookies in the "full" Safari app, or any other app, and doesn't support Safari extensions. Any websites you're logged into. Apple claimed this was to protect malicious apps from stealing or setting cookies in Safari without your knowledge, which is a fair argument, but it's hard to not notice that it makes web browsing inconvenient, encouraging users to install native apps, where they can make transactions through Apple.

This also means your browsing in the in-app browser is just forgotten - there's no history menu, and it doesn't get logged to the history in the full Safari app either. Good luck recalling that article you read a few weeks ago.

See also

• Eligibility
• The iOS 17.4 app marketplace flow is a disaster
• Features controlled by iOS 17.4’s eligibility system

References