What Is the Digital Markets Act?

The Digital Markets Act (DMA) is a landmark piece of European Union legislation that came into full effect in 2024, targeting large technology "gatekeepers" — companies like Apple, Google, Meta, and Amazon that control major digital platforms. Its goal is to increase competition and give consumers more choice in digital markets.

For mobile users, the most significant change is this: the DMA requires Apple and Google to allow alternative app stores and sideloading on their platforms within the EU. This is a seismic shift, particularly for Apple, which had maintained a strictly closed ecosystem since the iPhone's launch.

What Has Changed in Practice?

As of 2025, the following changes are in effect for EU users:

  • iOS (Apple): Apple is required to allow third-party app marketplaces on iOS in the EU. Users can install apps from outside the App Store through authorized alternative marketplaces.
  • Android (Google): Google has adjusted its policies to allow rival app stores more easily and reduce requirements that previously disadvantaged competitors.
  • Interoperability requirements: Messaging platforms must open up to allow communication with users on other services — a major shift for platforms like WhatsApp and iMessage.

The Security Implications

While greater openness benefits competition and consumer choice, it introduces real security considerations that users need to understand.

Apple's Notarization System

Apple has responded to the DMA by introducing a notarization requirement for all apps distributed through alternative marketplaces in the EU. This means apps must still pass an automated and human review by Apple before they can be distributed — even outside the official App Store. It's a compromise between openness and security, but critics note that notarization is less thorough than the full App Store review process.

More Vectors for Malicious Apps

Security researchers have noted that the expansion of alternative distribution channels increases the attack surface. Users who download apps from lesser-known marketplaces face higher risks if those marketplaces don't apply rigorous vetting standards. Historically, the App Store's walled garden — while criticized for anti-competitive behavior — did provide meaningful malware protection.

Fragmented Update Pipelines

Apps distributed through multiple channels may not receive security updates simultaneously. An app purchased through an alternative marketplace might lag behind its App Store counterpart in patching critical vulnerabilities.

What Users Should Do

  1. Be selective about which alternative marketplaces you trust. Stick to well-known, reputable alternatives — not random storefronts.
  2. Keep your iOS or Android version updated. OS-level security patches protect you regardless of where apps come from.
  3. Check whether an alternative marketplace has its own review/vetting process before using it.
  4. Be extra vigilant about permissions when installing from non-default stores.

Looking Ahead

The DMA is still in its early stages of enforcement, and both Apple and Google are navigating ongoing regulatory scrutiny over their compliance. The balance between competition, consumer choice, and security will continue to evolve. What's clear is that in 2025, users in the EU have more choices than ever — and with more choices comes greater personal responsibility for digital security.

Staying informed about these changes is the first step to navigating them safely.