Getty Images | norphoto
Apple is removing the ability to pin web apps to the home screen from iPhones and iPads in Europe when it releases iOS 17.4, saying it is too difficult to continue offering the feature under the European Union's new Digital Markets Act (DMA). Apple must comply with the law by March 6.
Apple said the change was necessary due to a requirement to allow developers “to use alternative browser engines — other than WebKit — for custom browser apps and apps that provide in-app browsing experiences in the EU.” Apple made its position clear in a Developer Q&A Under “Why can't users in the EU access web apps on the home screen?” She says:
Addressing the complex security and privacy concerns associated with web applications using alternative browser engines would require creating an entirely new integration architecture that does not currently exist in iOS and was not practical to implement given the other requirements of DMA and the extremely low user adoption of web applications on the home screen. Therefore, to comply with DMA requirements, we had to remove the EU Home Screen Web Apps feature.
Website bookmarks will still be able to be added to the home screens of iPhone and iPad, but these bookmarks will take the user to a web browser rather than a separate web app. It was a change Recently introduced To beta versions of iOS 17.4.
the Digital Markets Law Objectives “GatekeepersFor specific technologies such as operating systems, browsers, and search engines Requires Gatekeepers allow third parties to interact with private gatekeeper services, preventing them from favoring their services over competitors. like 9to5Mac Notesallowing web apps on the home screen with Safari but not third-party browser engines could cause Apple to violate the rules.
Apple warns of “malicious web applications”
As Apple explains, iOS has “traditionally provided support for Home Screen Web Apps by building directly on top of WebKit and its security architecture. This integration means that Home Screen Web Apps are managed to match the security and privacy model of native apps on iOS, including That isolation requires storage and enforcement system access to privacy-impacting capabilities on a per-site basis.”
Apple said it would not be able to guarantee this isolation once alternative browser engines are supported. “Without this kind of isolation and enforcement, malicious web applications can read data from other web applications and reclaim their permissions to access a user's camera, microphone, or location without the user's consent. Browsers can also install web applications on the system without requiring the user's “awareness and consent,” she said. Apple FAQ.
Despite the change, Apple said that “EU users will be able to continue accessing websites directly from their home screen through a bookmark with minimal impact on their functionality.”
Apple previously announced that its DMA compliance will bring sideloading to Europe, allowing developers to offer iOS apps from stores other than Apple's official App Store.
Browser selection and security requirements
One browser-related change will be immediately apparent to EU users once they install the new iOS version. “When users in the EU open Safari for the first time on iOS 17.4, they will be asked to choose their default browser and will be presented with a list of major web browsers available in the market to select as their default,” Apple's Developer FAQ said.
Apple said it had to carefully prepare for requirements to allow developers to use alternative browser engines because browser engines are “constantly exposed to untrusted and potentially malicious content and have visibility into sensitive user data,” making them “one of the most common attack vectors for malicious actors.” “
Apple said it requires developers using alternative browser engines to meet certain security standards:
To help keep users safe online, Apple will only allow developers to implement alternative browser engines after they meet specific criteria and adhere to a number of ongoing privacy and security requirements, including timely security updates to address emerging threats and vulnerabilities. Apple will provide certified developers of custom browser applications with access to security mitigations and capabilities to enable them to build secure browser engines, and access to features such as passkeys for secure user login, multi-process system capabilities to improve security and stability, and web content sandboxes that combat cutting-edge security. Threats, and more.
Overall, Apple said its DMA preparations involved “a tremendous amount of engineering work to add new functionality and capabilities for developers and users in the EU — including more than 600 new APIs and a wide range of developer tools.”
“Typical beer trailblazer. Hipster-friendly web buff. Certified alcohol fanatic. Internetaholic. Infuriatingly humble zombie lover.”