Apple: a horde of lawyers. The FSFE: ONE lawyer. We still landed a knockout! Support us today to keep standing up to Apple and defending our user rights!

Donate Now

Avís: Aquesta pàgina encara no s'ha traduït. El que veieu és la versió original de la pàgina. Si us plau, feu servir aquesta pàgina per a veure com podeu ajudar traduint i d'altres maneres.

News

Legal Corner: Apple’s “notarisation” – blocking software freedom of developers and users!

on:

The EU’s Digital Markets Act is supposed to shake up the power of tech giants by giving developers and users more choice. Apple’s “notarisation” of mobile apps contradicts these objectives. A civil-society complaint against Apple’s monopolistic control over app distribution aims to change that.

Abstract image of an apple shape outlined by a jagged, snake-like red and black form on a gray background
CC-BY-SA 4.0. by Rahak for FSFE

The EU’s Digital Markets Act (DMA) aims for a structural reset of power in digital markets, a shift from corporate control toward device neutrality, where users decide what runs on their devices. For Free Software, this legislation can be a unique opportunity by finally opening closed ecosystems - like iOS - to Free Software alternatives. Apple has reacted aggressively against the DMA, litigating against regulators, and unfairly excluding Free Software from iOS and iPadOS by blocking the unfettered installation of software (sideloading), prohibiting alternative app stores, and hindering interoperability.

The FSFE has recently contributed to a complaint initiated by civil-society organisations targeting Apple’s non-compliance with the DMA, urging the European Commission to enforce the DMA’s rules related to interoperability and the app store, giving users and developers effective choice over which apps and app stores they want to use on their devices. This complaint is important for software freedom, contextualising the diverse approaches towards curation of software distribution.

The action taken: calling out the illegality of Apple’s “notarization” of mobile apps

Imagine that you are a Free Software developer willing to make your program available in the iPhone. You want to have your software curated in a non-profit Free Software-friendly app store (like F-Droid for Android). This is important for you because you prefer to not have Apple controlling what your software does and to whom it should be made available.

This all sounds good, until you realise that your plan is not possible in iOS. There is no non-profit Free Software app store available for iPhones and iPads. Apple blocks non-profit app stores with extremely high financial requirements and prohibits unfettered installation of software. Even for the Free Software commercial ones, such as the Alt Store, Apple still applies a complete review and control, through an encryption layer over distributed source code.

On October 22, ARTICLE 19 and Gesellschaft für Freiheitsrechte (GFF) filed a complaint against Apple for non-compliance with the DMA to tackle these issues. The complaint highlights the following conduct as illegal under the DMA:

The core of the complaint is twofold:

  1. Apple’s complete review of apps – known as “notarisation” process - a mandatory step for distributing any software on its platforms, represents the very gatekeeping behaviour the DMA was written to prevent.
    Notarisation forces all apps, even those distributed outside Apple’s App Store, to be submitted to Apple’s servers for scanning, approval, and cryptographic re-signing before installation. The result is that Apple retains full control over what software users can install and how developers can distribute it. This transforms Apple’s self-appointed “security review” into a choke-point of power, locking in developers and users into the company’s proprietary ecosystem.

  2. Apple’s requirements for third-party app stores.
    Apple has conditioned the provision of a third-party app store as a native app in its iOS and iPadOS on (1) providing a standby letter of credit in the amount of €1,000,000 from a financial institution that is at least A-rated; or (2) being a member of good standing in the Apple Developer Program for two continuous years or more and have an app that had more than 1,000,000 first annual installs on iOS and iPadOS in the EU in the prior calendar year.

Both requirements are extremely unfair and disproportionately affects non-profit Free Software projects, SMEs, startups, and individual developers. This discriminates by size and renders the market inaccessible to smaller new entrants.

The implications of Apple’s notarisation for software freedom

For Free Software developers, the implications are even more severe. Apple’s notarisation regime requires developers to hold a paid Apple Developer account, accept restrictive legal terms, and submit binaries to a closed, opaque process. Once approved, the binaries are re-signed by Apple and distributed under digital restriction management (DRM).

This breaks users’ rights when it comes to Free Software freedoms. Users can no longer verify that the source code they read corresponds to the binary they run, nor can they freely redistribute software that Apple refuses to notarise. What makes this process absurd is that Apple applies this notarisation process to all apps running on iOS, no matter which channel of distribution. This means that a developer of an alternative app store for iOS has actually no control over the apps they can distribute in their store, as Apple still holds gatekeeping power through notarisation.

Under the DMA, gatekeepers must enable the installation of third-party app stores and refrain from imposing unnecessary technical restrictions. Yet Apple’s notarisation enforces the very dependency the DMA prohibits: it reasserts Apple’s role as the mandatory intermediary for every app on its platforms. This undermines competition, discourages independent developers, and excludes non-commercial, community-run projects that cannot afford to submit to Apple’s terms or refuse to submit to them. Allowing this practice to persist would water down the DMA’s promise before it is even tested.

Blocking alternative app stores with extremely high requirements

Apple’s requirements for enabling third-party app stores are very hard to meet. They have effectively prevented non-profit Free Software app stores from working in iOS and iPadOS. The provision of a 1 million euro standby letter of credit or 1 million downloads within a year in the EU overburdens not only non-profits, but also individual developers, startups, and SMEs. When these conditions are put into context, such requirements do not reflect industry standards and expectations. They derive from Apple’s monopolistic behaviour with respect to mobile devices. Such impositions do not exist in Apple’s laptops and desktop computers, where unfettered installation (sideloading) is a reality. The complaint concludes that both requirements go beyond the limits of what is necessary under the DMA. Apple ignores less restrictive alternatives (e.g. insurance and escrow frameworks), and provides no justification for doing so.

The solution: decentralised software curation

The complaint surges the European Commission to impose fines and to find an alternative to Apple’s control over software distribution, including non-profit stakeholders in the process. The alternative to Apple’s notarisation already exists, and it works. Decentralised curation, as practised by repositories like F-Droid, shows that security and software freedom coexist inherently. Instead of concentrating trust in a single private authority, decentralised systems distribute it: through transparent verification pipelines, reproducible builds, and community audits. Users choose whom to trust, and curators are accountable to the public, not to corporate shareholders. This model embodies the DMA’s vision of interoperability and openness far better than Apple’s notarisation.

Such a model aligns with the DMA’s ambitions: interoperability, transparency, and user choice. Decentralised curation can support multiple overlapping trust networks, from individual developers to NGOs, universities, or public institutions, each maintaining their own repository policies. Instead of “millions of apps” buried in opaque ranking algorithms, users could benefit from clearly defined, community-led collections where the emphasis is on transparency, privacy, and respect for user rights. Security is achieved not through corporate secrecy but through diversity, peer review, and verifiable integrity.

What’s next?

If the DMA is to live up to its potential, regulators must treat Apple’s notarisation for what it is: a mechanism of control disguised as a security feature. This civil-society complaint demonstrates that Apple’s understanding of security undermines transparency, competition, and user autonomy - hampering software freedom for everyone. It is not genuine security, it is merely gatekeeping by another name. The European Commission must ensure that compliance with the DMA means genuine openness. The right to install, share, and verify software freely in any device is not merely a technical issue; it is a matter of freedom.