Who would've thought? This isn’t going to fly with the EU.
Article 5.3 of the Digital Markets Act (DMA): "The gatekeeper shall not prevent business users from offering the same products or services to end users through third-party online intermediation services or through their own direct online sales channel at prices or conditions that are different from those offered through the online intermediation services of the gatekeeper."
Friendly reminder that you can sideload apps without jailbreaking or paying for a dev account using TrollStore, which utilises core trust bugs to bypass/spoof some app validation keys, on a iPhone XR or newer on iOS 14.0 up to 16.6.1. (ANY version for iPhone X and older)
Install guide: Trollstore
I’m not sure how this would work in practice. Developers distributing apps independently to be sideloaded wouldn’t be submitting them to Apple to review, and sideloaded code may not even have an identifiable developer to charge.
I suppose Apple could implement some sort of rigid signing system, but I think the EU would see that as just another abuse of power.
As far as I know iPhones have never allowed unsigned code to run.
Yeah, the first operation of every jailbreak was to disable this protection.
Well they would have to allow unsigned code to run under the DMA, wouldn't they?
I don't know the details of the DMA, it's definitely possible to provide code-signing to developers that does not go through the app store.
An example of this in practice is Firefox addons. You need to get your extension signed for people to install it, but you can distribute it however. Mozilla of course doesn't charge for signing though. It's just to give them the ability to ban an extension found to be malicious.
No, macOS allows sideloading apps that are still signed by Apple.
You can run unsigned code on macOS. Apple makes it seem scary and dangerous, but it is possible.
Yes, but that's separate from what I'm talking about.
This is most likely how they’re planning on allowing it. Gatekeeper is the macOS tech they use to keep unsigned code from running yet can be from anywhere on the web.