Alternative browsers can pin web apps, but they only run inside Apple’s WebKit.
Apple has changed its stance on allowing web apps on iPhones and iPads in Europe and will continue to let users put them on their home screens after iOS 17.4 arrives. They will, however, have to be “built directly on WebKit and its security architecture,” rather than running in alternative browsers, which is how it had worked up until new legislation forced the issue.
After the European Union’s Digital Markets Act (DMA) demanded Apple open up its mobile devices to alternative browser engines, the company said it would remove the ability to install home screen web apps entirely. In a developer Q&A section, under the heading “Why don’t users in the EU have access to Home Screen web apps?”, Apple said that “the complex security and privacy concerns” of non-native web apps and what addressing them would require “given the other demands of the DMA and the very low user adoption of Home Screen web apps,” made it so that the company “had to remove the Home Screen web apps feature in the EU.” Any web app installed on a user’s home screen would have simply led them back to their preferred web browser.
Apple further warned against “malicious web apps,” which, without the isolation built into its WebKit system, could read data, steal permissions from other web apps, and install further web apps without permission, among other concerns.
That response prompted an inquiry by the European Commission officials, who asked Apple and app developers about the impact of a potential removal of home screen web apps. It also prompted a survey conducted by the Open Web Advocacy group. Apple has until March 6 to comply with the DMA. Apple’s move to block web apps entirely suggested that allowing web apps powered by Safari, but not other browser engines, might violate the DMA’s rules. Now, some aspect of that cautious approach has changed.
Under an updated version of that section heading, Apple reiterates its security and privacy concerns and the need to “build new integration architecture that does not currently exist in iOS.” But because of requests to continue web app offerings, “we will continue to offer the existing Home Screen capability in the EU,” Apple writes.Advertisement
The long, weird road to where web apps are now
Apple has long offered web apps (or Progressive Web Apps) that opened as a separate application rather than in a browser tab. Web apps installed this way offer greater persistence and access to device features, like notifications, cameras, or file storage. Web apps were initially touted by Apple co-founder and then-CEO Steve Jobs as “everything you need” to write “amazing apps” rather than dedicated apps with their own SDK. Four months later, an iPhone SDK was announced, and Apple declared its enthusiastic desire for “native third-party applications on the iPhone.”
While Apple does not break out App Store revenues in its earning statements, its Services division recorded an all-time high of $22.3 billion in the company’s fourth quarter of 2023, including “all time revenue records” across the App Store and other offerings.
As part of its DMA compliance as a “gatekeeper” of certain systems, Apple must also allow for sideloading for EU customers, or allowing the installation of iOS apps from stores other than its own official App Store. This week, more than two dozen companies signed a letter to the Commission lamenting Apple’s implementation of App Store rules. Developers seeking to utilize alternative app stores will have to agree to terms that include a “Core Technology Fee,” demanding a 0.50 euro fee for each app, each year, after 1 million downloads. “Few app developers will agree to these unjust terms,” the letter claims, and will thereby further “Apple’s exploitation of its dominance over app developers.”
In a statement provided to Ars, Apple said that its “approach to the Digital Markets Act was guided by two simple goals: complying with the law and reducing the inevitable, increased risks the DMA creates for our EU users.” It noted that Apple employees “spent months in conversation with the European Commission,” and had “in little more than a year, created more than 600 new APIs and a wide range of developer tools.” Still, Apple said, the changes and safeguards it put in place can’t entirely “eliminate new threats the DMA creates,” and the changes “will result in a less secure system.”
That is why, Apple said, it is limiting third-party browser engines, app stores, and other DMA changes to the European Union. “[W]e’re concerned about their impacts on the privacy and security of our users’ experience—which remains our North Star.”