Apple App Store: Difference between revisions

Line 1:

[[File:App Store (iOS).svg|thumb|150px]]

Apple uses several technical measures to protect their App Store ecosystem and prevent consumer choice. They are good at obscuring their intentions with technical roadblocks, while typically citing security reasons for them - assuming the public even recognizes what is going on. This actively hurts the ability for lawmakers to have an accurate understanding, so they can consider applying legislative pressure.

A never-ending demand for a cut of every sale of a digital product, ranging from game currency, to supporting content creators,<ref> https://www.theverge.com/2024/8/12/24218629/patreon-membership-ios-30-percent-apple-tax</ref> to booking a Zoom call with a local business<ref> https://www.~~theverge~~.com/~~2020~~/~~8/14/21369169~~/facebook-~~paid~~-~~live~~-~~events~~-~~ios~~-~~android~~-~~apple~~-app-store-fees-~~fortnite-epic~~</ref>, hurts the ability for app developers to innovate. These developers, working hard and pulling countless hours to build a quality app, always need to take Apple's (and [[Google]]'s) demands into account - specifically, between 15% and 30% of their revenue. This is revenue that can be reinvested into the app, but instead must be earmarked for the platform they are '''required''' to use to reach their customers.

A never-ending demand for a cut of every sale of a digital product, ranging from game currency, to supporting content creators,<ref name="patreon">https://www.theverge.com/2024/8/12/24218629/patreon-membership-ios-30-percent-apple-tax</ref> to booking a Zoom call with a local business,<ref name="facebook">https://www.reuters.com/article/us-facebook-apple-exclusive/exclusive-facebook-says-apple-rejected-its-attempt-to-tell-users-about-app-store-fees-idUSKBN25O042/</ref></ref>, hurts the ability for app developers to innovate. These developers, working hard and pulling countless hours to build a quality app, always need to take Apple's (and [[Google]]'s) demands into account - specifically, between 15% and 30% of their revenue. This is revenue that can be reinvested into the app, but instead must be earmarked for the platform they are '''required''' to use to reach their customers.

Because this is a clear problem, several ~~countries~~, including South Korea, Japan, the European Union, the United Kingdom, Australia, as well as a handful of US states, have considered or ~~have~~ already passed legislation to force "gatekeeper platforms" such as Apple to be more reasonable with third-party developers.

Because this is a clear problem, several governments, including South Korea,<ref>https://www.reuters.com/technology/skorea-approves-rules-app-store-law-targeting-apple-google-2022-03-08/</ref> Japan,<ref>https://www.theregister.com/2024/06/13/japan_smartphone_software_law/</ref> the European Union,<ref>[[wikipedia:Digital Markets Act|Digital Markets Act]]</ref> the United Kingdom,<ref>https://www.gov.uk/cma-cases/investigation-into-apple-appstore</ref> Australia,<ref>https://www.accc.gov.au/media-release/dominance-of-apple-and-googles-app-stores-impacting-competition-and-consumers</ref> as well as the US and a handful of states,<ref>[[wikipedia:Open App Markets Act|Open App Markets Act]]</ref><ref>https://www.congress.gov/bill/118th-congress/senate-bill/5364/text/is</ref><ref name="doj">https://apnews.com/article/apple-antitrust-monopoly-app-store-justice-department-822d7e8f5cf53a2636795fcc33ee1fc3</ref><ref>https://azcapitoltimes.com/news/2021/02/19/its-time-to-free-ourselves-from-big-tech-monopoly/</ref> have opened investigations into anti-competitive practices, or considered or already passed legislation to force "gatekeeper platforms" such as Apple to be more reasonable with third-party developers.

This being a major threat to Apple's revenue stream (interestingly, one they claim to be unsure is profitable<ref>https://9to5mac.com/2024/04/17/app-store-is-profitable-apple-notes/</ref><ref>https://9to5mac.com/2025/01/17/apple-denies-app-store-profit-margin-is-75-claims-to-have-no-clue/</ref>), they have responded with practices such as geoblocking certain operating system functionality based on physical location,<ref>https://theapplewiki.com/wiki/Eligibility</ref> misrepresenting/overstating risks, and using existing, trusted terms to describe unreasonably difficult to use systems.

Line 10:

Line 12:

Important terms you'll run into in this article:

* [[wikipedia:Sandbox (computer security)|Sandbox]]: Reduces exposure of the user's device/data to security risks, by reducing what an app is allowed to do.

* '''[[wikipedia:Sandbox (computer security)|Sandbox]]''': Reduces exposure of the user's device/data to security risks, by reducing what an app is allowed to do.

* [https://theapplewiki.com/wiki/Entitlements Entitlements]: Apple's method of "poking holes" in the sandbox, to give the app more permissions. Some are available to developers, while many are only available to Apple.

* '''[https://theapplewiki.com/wiki/Entitlements Entitlements]''': Apple's method of "poking holes" in the sandbox, to give the app more permissions. Some are available to developers, while many are only available to Apple.

* [[wikipedia:Digital Markets Act|Digital Markets Act]]: The European Union's fairly sweeping recent regulations against forcing companies they classify as "gatekeepers" to play nice, giving smaller businesses access to software/hardware features they've historically reserved for their own use.

* '''[[wikipedia:Digital Markets Act|Digital Markets Act]]''': The European Union's fairly sweeping recent regulations against forcing companies they classify as "gatekeepers" to play nice, giving smaller businesses access to software/hardware features they've historically reserved for their own use.

== In-app purchases ==

Apple has been collecting users' credit card numbers since opening the iTunes Store in 2004. The opening of the App Store in 2008, followed by the introduction of in-app purchases (IAPs) in 2009, gave iPhone app developers the opportunity to sell app features to users. The IAP system is provided as a developer framework named [https://developer.apple.com/storekit/ StoreKit]. Apps and their in-app purchases are managed through a dashboard named [https://developer.apple.com/app-store-connect/ App Store Connect]. App sales have eclipsed iTunes Store sales, and are now a primary focus of Apple's Media Services division.

Apple requires every purchase of a digital good or service in an app to use their in-app purchase system. This may seem reasonable, because the customer may inevitably call Apple support, demanding a refund for an app they have issues with. Apple would rather give that refund and leave the customer with a positive support experience, than to provide a messy process involving contacting a third-party, whose customer service is likely nowhere near the same experience.

App Store purchase fees are between 15% and 30%. In September 2016, Apple expanded subscriptions to be available to any type of app, also introducing a 15% discount incentive when the user has already subscribed for a year.<ref>https://www.theverge.com/2016/9/2/12774758/apple-developers-app-store-new-subscription-rules</ref> In November 2020, Apple introduced a reduced 15% fee for app developers with revenue below $1 million per year, with exceptions such as for games.<ref>https://tidbits.com/2020/11/18/apple-drops-app-store-commission-to-15-for-small-developers/</ref> Otherwise, the fee is 30%. In the 2008 announcement of the App Store, Apple considered this a reasonable, industry-standard fee. However, the way we use apps has significantly evolved since 2009 - the world has shifted to heavily rely on mobile apps, which have also evolved into more complex and sustainable business models than a simple one-time purchase.

[[wikipedia:Stripe, Inc.|Stripe]], a very popular platform used for payments on the web, uses a base fee of 2.9% plus a fixed $0.30 in the United States.<ref>https://stripe.com/pricing</ref> With add-on services, before considering volume discounts, a Stripe transaction may rather have a cost of 6.4% + $1.10.<ref>Calculated from base fee (2.9% + $0.30) + international card (1.5%) + adaptive pricing (2%) + international payment methods ($0.80), as of January 2025</ref> Competing payments services have fees close or identical to this. '''The in-app purchase system does not provide sufficient value to justify considerably higher fees than alternative payment platforms.'''

The App Store system poorly handles secondary marketplaces of digital services that exist within the primary App Store marketplace, such as Patreon. Apple, however, still requires companies in the business of selling digital services to use this inadequate system. This requires the app to account for Apple's fee, which is significant enough to often warrant increasing prices, and to follow rules even if they do not make sense for the nature of service they are providing. Apple has frequently been found in disputes with such apps. This injects extra complication at no benefit to the marketplace, the creator, or the customer - only to Apple, who has little to no involvement after delivering the initial app download to the user's phone. The significant fee also often drives app developers to consider building their app around an advertising model instead, creating privacy concerns.

Additionally, the 15% small businesses fee discount is judged based on the app's overall turnover, and is not based on individual creators in the app's marketplace. An app that turns over $1 million per year by providing services to creators that individually make less than $1 million per year does not have the opportunity to use the discount.

Apple, often together with Google, use lobbying efforts in the United States and other countries in an attempt to minimize the issues. "ACT | The App Association", pitched as an association of independent small business app developers, is at least 50% funded by Apple, and does not list its claimed 2,000 members.<ref>http://www.fosspatents.com/2021/10/not-class-act-so-called-app-association.html</ref><ref>http://www.fosspatents.com/2022/09/vast-majority-of-act-app-associations.html</ref> In March 2024, the United States Department of Justice along with 16 state attorneys-general filed a lawsuit against Apple, including an accusation that the company "extracts more money from consumers, developers, content creators, artists, publishers, small businesses, and merchants, among others".<ref name="doj"/> The future of this lawsuit is unclear as of January 2025.

Given Apple's strong incentives, and a ticking clock as legal pressure builds, it is not hard to find stories from app developers regarding poor experiences with Apple's app review process.

:''This list is extremely incomplete. Please add examples if you know of any.''

=== Facebook Online Events ===

In August 2020, in response to the COVID-19 pandemic, Facebook introduced the ability for small businesses to accept an entrance fee for events. Previously, Facebook would only act as a way to RSVP for the event - the organizer must use a third-party event ticketing system to collect fees. The company pledged to not collect any fee on event sales "until 2023".<ref>https://about.fb.com/news/2020/08/paid-online-events/</ref>

Apple disagreed, requiring the feature to use the in-app purchases system. This introduced Apple's 30% fee. As this increases the price the user pays, with no benefit to the small business the user intended to support, the fee was displayed as a line item in checkout. Apple did not accept this disclosure of the fee, referring to it as "irrelevant".<ref name="facebook"/> Facebook was allowed to compromise on displaying the fee, but ''without'' indicating that it is specifically an App Store fee.

=== HEY ===

HEY.com is a paid webmail provider launched in June 2020 by long-time software company [[wikipedia:37signals|37signals]], specializing in providing tools that help organize the inbox.

After successfully launching the initial version of their app on the App Store, the company announced that an update was rejected. The app did not intend to support in-app purchases. Instead, the user is expected to already have an account with the service. Apple did not like this arrangement, and demanded the company build an in-app subscription option. The company argued that they are being held to a different set of rules than apps such as [[Netflix]], whose app does not provide any way to purchase.<ref>https://www.theverge.com/2020/6/16/21293419/hey-apple-rejection-ios-app-store-dhh-gangsters-antitrust</ref> After a suggestion from Apple executive Phil Schiller in the media, HEY introduced a 14 day free trial mode, which was approved.<ref>https://www.hey.com/apple/path/</ref><ref>https://techcrunch.com/2020/06/18/interview-apples-schiller-says-position-on-hey-app-is-unchanged-and-no-rules-changes-are-imminent/</ref>

=== Patreon ===

In August 2024, [[Patreon]] announced a change in arrangement with Apple for its App Store app. From November 2024, subscriptions started from the iOS app would be required to use the in-app purchase system, bypassing Patreon's own long-standing payments practices.<ref>https://news.patreon.com/articles/understanding-apple-requirements-for-patreon</ref><ref name="patreon" /> This change does not affect the Android app.

By forcing Patreon out of the payments pipeline, certain payment models are no longer available to users of Patreon's iOS app. Creators who rely on the "per-creation" payment model, as opposed to the standard "per-month", can no longer be subscribed to from the app. The app is also not able to support the "first-of-the-month" model, where payments from all subscribers are collected on the first day of the month, rather than every 30 days since each member's day of subscription. The price must also be rounded to a price tier supported by Apple.

Patreon provides creators with the choice to increase their prices by 30% in the iOS app, or to keep the same prices but forfeit 30% to Apple. Creators frequently remind potential supporters to not use the Patreon iOS app, adding extra inconvenience to those wanting to support the work of small creators.

File:Patreon iOS app pricing options - fee on top.png|"Maintain earnings and cover Apple's fee by increasing prices in iOS app" (Recommended)

File:Patreon iOS app pricing options - absorb fee.png|"Keep prices in the iOS app the same and cover Apple's fee yourself"

</gallery>

A similar case occurred with the app Fanhouse in 2021.<ref>https://twitter.com/jasminericegirl/status/1402691047940100100</ref>

=== Twitter ===

In August 2021, [[Twitter]] introduced a feature named Super Follows (now Subscriptions), in which a user can pay a subscription fee to access more of a creator's content. For each user who enables Subscriptions, Twitter must submit a new in-app purchase SKU to the App Store, which will become available with the next update to the app.<ref>https://twitter.com/wongmjane/status/1433372120080261120</ref> This, of course, is subject to the 30% fee. At the time of writing in January 2025, viewing the App Store listing reveals Elon Musk's $4.00 subscription as the fourth most popular IAP item.

== Notarization ==

Line 33:

Line 81:

Apple is retaining complete control over what's allowed to run on iOS. On macOS, you can choose to run apps that have not been notarized (even though the process to bypass the warning is intentionally difficult). On iOS, you never get even that option. What Apple created is the App Store but with more steps. It still goes on the App Store, just hidden so it can only be installed by the third-party store it's tied to.

* ~~[https://twitter.com/mysk_co/status/1806638308455256242~~ Mysk: iOS should enable alternative marketplaces to add their own links when users share their apps. Links still point to the App Store and if the app is not available there, this happens.]

* Mysk: "iOS should enable alternative marketplaces to add their own links when users share their apps. Links still point to the App Store and if the app is not available there, this happens."<ref>https://twitter.com/mysk_co/status/1806638308455256242</ref>

== JIT ==

Line 51:

Line 99:

It can go further than this. As we established in previous sections, an app can be given more access to features of the system using entitlements. These come in a few flavors:

* Completely safe: Entitlements any developer can opt into, with little to no risk.

* '''Completely safe''': Entitlements any developer can opt into, with little to no risk.

* Approval required: Entitlements that might be more of a security risk to allow, e.g. giving considerably wider access to the system, or that Apple simply doesn't want to hand out to just ''anyone'' for competitive reasons. The developer must submit a request to Apple with evidence of why they need the entitlement.

* '''Approval required''': Entitlements that might be more of a security risk to allow, e.g. giving considerably wider access to the system, or that Apple simply doesn't want to hand out to just ''anyone'' for competitive reasons. The developer must submit a request to Apple with evidence of why they need the entitlement.

* Private: Entitlements that are never allowed for any app developer to use. Many of these are reasonably fenced off because they handle user data that is very risky, or bypasses permission prompts, etc, but can just as well also be guarding features Apple wants to keep to itself.

* '''Private''': Entitlements that are never allowed for any app developer to use. Many of these are reasonably fenced off because they handle user data that is very risky, or bypasses permission prompts, etc, but can just as well also be guarding features Apple wants to keep to itself.

There have been [https://gizmodo.com/researchers-uber-s-ios-app-had-secret-permissions-that-1819177235 exceptions] where Apple quietly gave a company access to private entitlements anyway, raising eyebrows.

Line 59:

Line 107:

On iOS, you also can't be ''more'' secure than the default sandbox. That might seem crazy if you're not a developer, but it's pretty important for security in a variety of situations. On macOS, there are several entitlements you must declare to decide whether you're allowed to access certain types of user data at all. Android used this design from the very start - you can't even do fundamental things like access the internet without declaring it in your manifest. It makes it very explicit what the app's intentions are.

iOS has one sandbox used by all App Store apps. System apps, and App Store apps developed by Apple, are allowed to expand or reduce their sandbox permissions as needed. Third-party apps do not get the right to expand or reduce their sandbox permissions at all. This is clearly less secure. To take the example of Playgrounds again, while it's allowed to run your code from a separate process executing in an ultra locked down sandbox with very few permissions, competing apps such as Pythonista must run your code in the same sandbox and address space as the main app process. The Python interpreter crashing would therefore crash the entire app, possibly losing work. In the worst case, a vulnerability in third-party code could give access to all data stored by/accessible to the app. If that third-party code could run in its own limited sandbox, the risk is significantly reduced.

iOS has one sandbox used by all App Store apps. System apps, and App Store apps developed by Apple, are allowed to expand or reduce their sandbox permissions as needed. Third-party apps do not get the right to expand or reduce their sandbox permissions at all. This is clearly less secure. To take the example of Playgrounds again, while it's allowed to run your code from a separate process executing in an ultra locked down sandbox with very few permissions, competing apps such as Pythonista must run your code in the same sandbox and address space as the main app process. The Python interpreter crashing would therefore crash the entire app, possibly losing work. In the worst case, a vulnerability in third-party code could give access to all data stored by/accessible to the app. For example, it would be a nightmare if you can tap the wrong link in Safari and have a hacker easily steal your cookies from other websites. If that third-party code could run in its own limited sandbox, the risk is significantly reduced.

The only known workaround is to execute the code via JavaScript, as Apple's JavaScriptCore engine runs in a heavily sandboxed process. This requires you to port the code to JS, which may be a lot of work, or just not viable. You wouldn't want to run the Python interpreter inside JavaScript - the performance would be terrible!

@@ Line 1: / Line 1: @@
+[[File:App Store (iOS).svg|thumb|150px]]
 Apple uses several technical measures to protect their App Store ecosystem and prevent consumer choice. They are good at obscuring their intentions with technical roadblocks, while typically citing security reasons for them - assuming the public even recognizes what is going on. This actively hurts the ability for lawmakers to have an accurate understanding, so they can consider applying legislative pressure.
-A never-ending demand for a cut of every sale of a digital product, ranging from game currency, to supporting content creators,<ref> https://www.theverge.com/2024/8/12/24218629/patreon-membership-ios-30-percent-apple-tax</ref> to booking a Zoom call with a local business<ref> https://www.theverge.com/2020/8/14/21369169/facebook-paid-live-events-ios-android-apple-app-store-fees-fortnite-epic</ref>, hurts the ability for app developers to innovate. These developers, working hard and pulling countless hours to build a quality app, always need to take Apple's (and [[Google]]'s) demands into account - specifically, between 15% and 30% of their revenue. This is revenue that can be reinvested into the app, but instead must be earmarked for the platform they are '''required''' to use to reach their customers.
+A never-ending demand for a cut of every sale of a digital product, ranging from game currency, to supporting content creators,<ref name="patreon">https://www.theverge.com/2024/8/12/24218629/patreon-membership-ios-30-percent-apple-tax</ref> to booking a Zoom call with a local business,<ref name="facebook">https://www.reuters.com/article/us-facebook-apple-exclusive/exclusive-facebook-says-apple-rejected-its-attempt-to-tell-users-about-app-store-fees-idUSKBN25O042/</ref></ref>, hurts the ability for app developers to innovate. These developers, working hard and pulling countless hours to build a quality app, always need to take Apple's (and [[Google]]'s) demands into account - specifically, between 15% and 30% of their revenue. This is revenue that can be reinvested into the app, but instead must be earmarked for the platform they are '''required''' to use to reach their customers.
-Because this is a clear problem, several countries, including South Korea, Japan, the European Union, the United Kingdom, Australia, as well as a handful of US states,<!-- TODO: Receipts for each country + states --> have considered or have already passed legislation to force "gatekeeper platforms" such as Apple to be more reasonable with third-party developers.
+Because this is a clear problem, several governments, including South Korea,<ref>https://www.reuters.com/technology/skorea-approves-rules-app-store-law-targeting-apple-google-2022-03-08/</ref> Japan,<ref>https://www.theregister.com/2024/06/13/japan_smartphone_software_law/</ref> the European Union,<ref>[[wikipedia:Digital Markets Act|Digital Markets Act]]</ref> the United Kingdom,<ref>https://www.gov.uk/cma-cases/investigation-into-apple-appstore</ref> Australia,<ref>https://www.accc.gov.au/media-release/dominance-of-apple-and-googles-app-stores-impacting-competition-and-consumers</ref> as well as the US and a handful of states,<ref>[[wikipedia:Open App Markets Act|Open App Markets Act]]</ref><ref>https://www.congress.gov/bill/118th-congress/senate-bill/5364/text/is</ref><ref name="doj">https://apnews.com/article/apple-antitrust-monopoly-app-store-justice-department-822d7e8f5cf53a2636795fcc33ee1fc3</ref><ref>https://azcapitoltimes.com/news/2021/02/19/its-time-to-free-ourselves-from-big-tech-monopoly/</ref> have opened investigations into anti-competitive practices, or considered or already passed legislation to force "gatekeeper platforms" such as Apple to be more reasonable with third-party developers.
 This being a major threat to Apple's revenue stream (interestingly, one they claim to be unsure is profitable<ref>https://9to5mac.com/2024/04/17/app-store-is-profitable-apple-notes/</ref><ref>https://9to5mac.com/2025/01/17/apple-denies-app-store-profit-margin-is-75-claims-to-have-no-clue/</ref>), they have responded with practices such as geoblocking certain operating system functionality based on physical location,<ref>https://theapplewiki.com/wiki/Eligibility</ref> misrepresenting/overstating risks, and using existing, trusted terms to describe unreasonably difficult to use systems.
@@ Line 10: / Line 12: @@
 Important terms you'll run into in this article:
-* [[wikipedia:Sandbox (computer security)|Sandbox]]: Reduces exposure of the user's device/data to security risks, by reducing what an app is allowed to do.
+* '''[[wikipedia:Sandbox (computer security)|Sandbox]]''': Reduces exposure of the user's device/data to security risks, by reducing what an app is allowed to do.
-* [https://theapplewiki.com/wiki/Entitlements Entitlements]: Apple's method of "poking holes" in the sandbox, to give the app more permissions. Some are available to developers, while many are only available to Apple.
+* '''[https://theapplewiki.com/wiki/Entitlements Entitlements]''': Apple's method of "poking holes" in the sandbox, to give the app more permissions. Some are available to developers, while many are only available to Apple.
-* [[wikipedia:Digital Markets Act|Digital Markets Act]]: The European Union's fairly sweeping recent regulations against forcing companies they classify as "gatekeepers" to play nice, giving smaller businesses access to software/hardware features they've historically reserved for their own use.
+* '''[[wikipedia:Digital Markets Act|Digital Markets Act]]''': The European Union's fairly sweeping recent regulations against forcing companies they classify as "gatekeepers" to play nice, giving smaller businesses access to software/hardware features they've historically reserved for their own use.
+== In-app purchases ==
+Apple has been collecting users' credit card numbers since opening the iTunes Store in 2004. The opening of the App Store in 2008, followed by the introduction of in-app purchases (IAPs) in 2009, gave iPhone app developers the opportunity to sell app features to users. The IAP system is provided as a developer framework named [https://developer.apple.com/storekit/ StoreKit]. Apps and their in-app purchases are managed through a dashboard named [https://developer.apple.com/app-store-connect/ App Store Connect]. App sales have eclipsed iTunes Store sales, and are now a primary focus of Apple's Media Services division.
+Apple requires every purchase of a digital good or service in an app to use their in-app purchase system. This may seem reasonable, because the customer may inevitably call Apple support, demanding a refund for an app they have issues with. Apple would rather give that refund and leave the customer with a positive support experience, than to provide a messy process involving contacting a third-party, whose customer service is likely nowhere near the same experience.
+App Store purchase fees are between 15% and 30%. In September 2016, Apple expanded subscriptions to be available to any type of app, also introducing a 15% discount incentive when the user has already subscribed for a year.<ref>https://www.theverge.com/2016/9/2/12774758/apple-developers-app-store-new-subscription-rules</ref> In November 2020, Apple introduced a reduced 15% fee for app developers with revenue below $1 million per year, with exceptions such as for games.<ref>https://tidbits.com/2020/11/18/apple-drops-app-store-commission-to-15-for-small-developers/</ref> Otherwise, the fee is 30%. In the 2008 announcement of the App Store, Apple considered this a reasonable, industry-standard fee. However, the way we use apps has significantly evolved since 2009 - the world has shifted to heavily rely on mobile apps, which have also evolved into more complex and sustainable business models than a simple one-time purchase.
+[[wikipedia:Stripe, Inc.|Stripe]], a very popular platform used for payments on the web, uses a base fee of 2.9% plus a fixed $0.30 in the United States.<ref>https://stripe.com/pricing</ref> With add-on services, before considering volume discounts, a Stripe transaction may rather have a cost of 6.4% + $1.10.<ref>Calculated from base fee (2.9% + $0.30) + international card (1.5%) + adaptive pricing (2%) + international payment methods ($0.80), as of January 2025</ref> Competing payments services have fees close or identical to this. '''The in-app purchase system does not provide sufficient value to justify considerably higher fees than alternative payment platforms.'''
+The App Store system poorly handles secondary marketplaces of digital services that exist within the primary App Store marketplace, such as Patreon. Apple, however, still requires companies in the business of selling digital services to use this inadequate system. This requires the app to account for Apple's fee, which is significant enough to often warrant increasing prices, and to follow rules even if they do not make sense for the nature of service they are providing. Apple has frequently been found in disputes with such apps. This injects extra complication at no benefit to the marketplace, the creator, or the customer - only to Apple, who has little to no involvement after delivering the initial app download to the user's phone. The significant fee also often drives app developers to consider building their app around an advertising model instead, creating privacy concerns.
+Additionally, the 15% small businesses fee discount is judged based on the app's overall turnover, and is not based on individual creators in the app's marketplace. An app that turns over $1 million per year by providing services to creators that individually make less than $1 million per year does not have the opportunity to use the discount.
+Apple, often together with Google, use lobbying efforts in the United States and other countries in an attempt to minimize the issues. "ACT | The App Association", pitched as an association of independent small business app developers, is at least 50% funded by Apple, and does not list its claimed 2,000 members.<ref>http://www.fosspatents.com/2021/10/not-class-act-so-called-app-association.html</ref><ref>http://www.fosspatents.com/2022/09/vast-majority-of-act-app-associations.html</ref> In March 2024, the United States Department of Justice along with 16 state attorneys-general filed a lawsuit against Apple, including an accusation that the company "extracts more money from consumers, developers, content creators, artists, publishers, small businesses, and merchants, among others".<ref name="doj"/> The future of this lawsuit is unclear as of January 2025.
+Given Apple's strong incentives, and a ticking clock as legal pressure builds, it is not hard to find stories from app developers regarding poor experiences with Apple's app review process.
+:''This list is extremely incomplete. Please add examples if you know of any.''
+=== Facebook Online Events ===
+In August 2020, in response to the COVID-19 pandemic, Facebook introduced the ability for small businesses to accept an entrance fee for events. Previously, Facebook would only act as a way to RSVP for the event - the organizer must use a third-party event ticketing system to collect fees. The company pledged to not collect any fee on event sales "until 2023".<ref>https://about.fb.com/news/2020/08/paid-online-events/</ref>
+Apple disagreed, requiring the feature to use the in-app purchases system. This introduced Apple's 30% fee. As this increases the price the user pays, with no benefit to the small business the user intended to support, the fee was displayed as a line item in checkout. Apple did not accept this disclosure of the fee, referring to it as "irrelevant".<ref name="facebook"/> Facebook was allowed to compromise on displaying the fee, but ''without'' indicating that it is specifically an App Store fee.
+=== HEY ===
+HEY.com is a paid webmail provider launched in June 2020 by long-time software company [[wikipedia:37signals|37signals]], specializing in providing tools that help organize the inbox.
+After successfully launching the initial version of their app on the App Store, the company announced that an update was rejected. The app did not intend to support in-app purchases. Instead, the user is expected to already have an account with the service. Apple did not like this arrangement, and demanded the company build an in-app subscription option. The company argued that they are being held to a different set of rules than apps such as [[Netflix]], whose app does not provide any way to purchase.<ref>https://www.theverge.com/2020/6/16/21293419/hey-apple-rejection-ios-app-store-dhh-gangsters-antitrust</ref> After a suggestion from Apple executive Phil Schiller in the media, HEY introduced a 14 day free trial mode, which was approved.<ref>https://www.hey.com/apple/path/</ref><ref>https://techcrunch.com/2020/06/18/interview-apples-schiller-says-position-on-hey-app-is-unchanged-and-no-rules-changes-are-imminent/</ref>
+=== Patreon ===
+In August 2024, [[Patreon]] announced a change in arrangement with Apple for its App Store app. From November 2024, subscriptions started from the iOS app would be required to use the in-app purchase system, bypassing Patreon's own long-standing payments practices.<ref>https://news.patreon.com/articles/understanding-apple-requirements-for-patreon</ref><ref name="patreon" /> This change does not affect the Android app.
+By forcing Patreon out of the payments pipeline, certain payment models are no longer available to users of Patreon's iOS app. Creators who rely on the "per-creation" payment model, as opposed to the standard "per-month", can no longer be subscribed to from the app. The app is also not able to support the "first-of-the-month" model, where payments from all subscribers are collected on the first day of the month, rather than every 30 days since each member's day of subscription. The price must also be rounded to a price tier supported by Apple.
+Patreon provides creators with the choice to increase their prices by 30% in the iOS app, or to keep the same prices but forfeit 30% to Apple. Creators frequently remind potential supporters to not use the Patreon iOS app, adding extra inconvenience to those wanting to support the work of small creators.
+<gallery mode="packed" heights="500px">
+File:Patreon iOS app pricing options - fee on top.png|"Maintain earnings and cover Apple's fee by increasing prices in iOS app" (Recommended)
+File:Patreon iOS app pricing options - absorb fee.png|"Keep prices in the iOS app the same and cover Apple's fee yourself"
+</gallery>
+A similar case occurred with the app Fanhouse in 2021.<ref>https://twitter.com/jasminericegirl/status/1402691047940100100</ref>
+=== Twitter ===
+In August 2021, [[Twitter]] introduced a feature named Super Follows (now Subscriptions), in which a user can pay a subscription fee to access more of a creator's content. For each user who enables Subscriptions, Twitter must submit a new in-app purchase SKU to the App Store, which will become available with the next update to the app.<ref>https://twitter.com/wongmjane/status/1433372120080261120</ref> This, of course, is subject to the 30% fee. At the time of writing in January 2025, viewing the App Store listing reveals Elon Musk's $4.00 subscription as the fourth most popular IAP item.
 == Notarization ==
@@ Line 33: / Line 81: @@
 Apple is retaining complete control over what's allowed to run on iOS. On macOS, you can choose to run apps that have not been notarized (even though the process to bypass the warning is intentionally difficult). On iOS, you never get even that option. What Apple created is the App Store but with more steps. It still goes on the App Store, just hidden so it can only be installed by the third-party store it's tied to.
-* [https://twitter.com/mysk_co/status/1806638308455256242 Mysk: iOS should enable alternative marketplaces to add their own links when users share their apps. Links still point to the App Store and if the app is not available there, this happens.]
+* Mysk: "iOS should enable alternative marketplaces to add their own links when users share their apps. Links still point to the App Store and if the app is not available there, this happens."<ref>https://twitter.com/mysk_co/status/1806638308455256242</ref>
 == JIT ==
@@ Line 51: / Line 99: @@
 It can go further than this. As we established in previous sections, an app can be given more access to features of the system using entitlements. These come in a few flavors:
-* Completely safe: Entitlements any developer can opt into, with little to no risk.
+* '''Completely safe''': Entitlements any developer can opt into, with little to no risk.
-* Approval required: Entitlements that might be more of a security risk to allow, e.g. giving considerably wider access to the system, or that Apple simply doesn't want to hand out to just ''anyone'' for competitive reasons. The developer must submit a request to Apple with evidence of why they need the entitlement.
+* '''Approval required''': Entitlements that might be more of a security risk to allow, e.g. giving considerably wider access to the system, or that Apple simply doesn't want to hand out to just ''anyone'' for competitive reasons. The developer must submit a request to Apple with evidence of why they need the entitlement.
-* Private: Entitlements that are never allowed for any app developer to use. Many of these are reasonably fenced off because they handle user data that is very risky, or bypasses permission prompts, etc, but can just as well also be guarding features Apple wants to keep to itself.
+* '''Private''': Entitlements that are never allowed for any app developer to use. Many of these are reasonably fenced off because they handle user data that is very risky, or bypasses permission prompts, etc, but can just as well also be guarding features Apple wants to keep to itself.
 There have been [https://gizmodo.com/researchers-uber-s-ios-app-had-secret-permissions-that-1819177235 exceptions] where Apple quietly gave a company access to private entitlements anyway, raising eyebrows.
@@ Line 59: / Line 107: @@
 On iOS, you also can't be ''more'' secure than the default sandbox. That might seem crazy if you're not a developer, but it's pretty important for security in a variety of situations. On macOS, there are several entitlements you must declare to decide whether you're allowed to access certain types of user data at all. Android used this design from the very start - you can't even do fundamental things like access the internet without declaring it in your manifest. It makes it very explicit what the app's intentions are.
-iOS has one sandbox used by all App Store apps. System apps, and App Store apps developed by Apple, are allowed to expand or reduce their sandbox permissions as needed. Third-party apps do not get the right to expand or reduce their sandbox permissions at all. This is clearly less secure. To take the example of Playgrounds again, while it's allowed to run your code from a separate process executing in an ultra locked down sandbox with very few permissions, competing apps such as Pythonista must run your code in the same sandbox and address space as the main app process. The Python interpreter crashing would therefore crash the entire app, possibly losing work. In the worst case, a vulnerability in third-party code could give access to all data stored by/accessible to the app. If that third-party code could run in its own limited sandbox, the risk is significantly reduced.
+iOS has one sandbox used by all App Store apps. System apps, and App Store apps developed by Apple, are allowed to expand or reduce their sandbox permissions as needed. Third-party apps do not get the right to expand or reduce their sandbox permissions at all. This is clearly less secure. To take the example of Playgrounds again, while it's allowed to run your code from a separate process executing in an ultra locked down sandbox with very few permissions, competing apps such as Pythonista must run your code in the same sandbox and address space as the main app process. The Python interpreter crashing would therefore crash the entire app, possibly losing work. In the worst case, a vulnerability in third-party code could give access to all data stored by/accessible to the app. For example, it would be a nightmare if you can tap the wrong link in Safari and have a hacker easily steal your cookies from other websites. If that third-party code could run in its own limited sandbox, the risk is significantly reduced.
 The only known workaround is to execute the code via JavaScript, as Apple's JavaScriptCore engine runs in a heavily sandboxed process. This requires you to port the code to JS, which may be a lot of work, or just not viable. You wouldn't want to run the Python interpreter inside JavaScript - the performance would be terrible!