CybserSecurity News

Tag: App Store

  • The Double-Consent Trap: Italy Slaps Apple with $116M Fine Over Privacy Monopoly

    Italy’s antitrust authority has imposed a substantial fine on Apple, ordering the company to pay €98.6 million—approximately $115 million. The penalty stems from violations linked to the operation of the App Store and Apple’s alleged abuse of its dominant position in the mobile applications market.

    According to the Italian regulator, Apple unlawfully restricted third-party app developers, in breach of European competition rules. The case centers on Apple’s App Tracking Transparency (ATT) framework introduced in 2021, which requires developers to obtain explicit user consent before collecting data or using it for advertising. Crucially, the consent prompt is not designed or controlled by developers themselves, but is generated by Apple according to a company-mandated format.

    The authority concluded that this approach creates unequal competitive conditions and fails to meet the principle of proportionality. It argued that Apple unilaterally imposes its data-collection policy, interferes with the legitimate business operations of its partners, and does not align with established standards for personal data protection.

    Particular emphasis was placed on the fact that third-party developers were forced to duplicate consent requests, effectively compelling users to navigate the same authorization process multiple times. In the regulator’s view, this introduced unnecessary friction and placed companies reliant on the App Store at a competitive disadvantage.

    The investigation was launched in the spring of 2023. Italian officials noted that it was conducted in close coordination with the European Commission and antitrust authorities in other countries. Apple has not yet issued an official response to the ruling.

  • Apple Tightens AI Privacy: Apps Must Get Consent to Share Data with External LLMs

    Apple has updated its App Store moderation rules, tightening oversight of how developers handle user data when working with third-party algorithms. The company has introduced a new requirement for apps that transmit information to external AI platforms: such integrations are now permitted only after users are directly notified and explicit permission is obtained.

    The changes come amid preparations for a major Siri update planned for 2026, which, according to Western media, will rely on Google’s Gemini model to perform actions across various apps. As Apple embeds AI more deeply into its own ecosystem, it is simultaneously imposing stricter controls on third-party software, aiming to preserve its long-standing emphasis on privacy.

    The revised version of clause 5.1.2(i) mentions external AI services for the first time. Previously, the rule required developers to explain what data was being sent to third parties and to request the user’s consent for such sharing. It now specifies that developers must clearly inform users if personal information will be transferred to an external AI platform and must obtain explicit approval for that transfer. This signals that Apple views AI providers as belonging to a high-risk category, on par with organizations handling sensitive data.

    The new requirement applies to apps that transmit user information to external AI systems for analysis or personalization, including services powered by large language models and cloud-based algorithms. Yet questions remain about how the rule will be applied in practice: Apple does not clarify which technologies fall under this definition. The term “AI” may encompass everything from sophisticated cloud platforms to relatively simple on-device mechanisms. How strictly Apple interprets the new clause will determine the extent of developer oversight.

    Failure to comply will result in the app’s removal from the store, and the policy aligns Apple with international standards such as the GDPR in Europe and the CCPA in the United States. The update package also includes revisions related to the launch of the Mini Apps program, clarified requirements for services dealing with loans and creator-generated content, and the formal inclusion of cryptocurrency exchanges among strictly regulated categories of applications.

  • The End of Sideloading? Google’s New Policy Puts F-Droid and Other App Stores at Risk

    F-Droid has warned that Google’s new policy could threaten not only the very existence of its project but also that of other independent app stores. For 15 years, the initiative has offered Android users a trusted catalog of free and open-source software, standing apart from Google Play by its absence of advertisements, trackers, and hidden functionality.

    Unlike commercial platforms—where malicious software has repeatedly been uncovered, ranging from spyware that circulated for years to mass campaigns involving hundreds of apps later purged from the Play Store—F-Droid has built its reputation on transparency. Its source code is publicly available for audit, builds and logs are open, and reproducible builds guarantee that distributed packages faithfully match their source.

    The situation shifted after Google announced a new requirement: all developers must undergo centralized registration, upload personal identification documents, pay a fee, and assign unique identifiers to their applications. These steps are outlined in detail within Google’s identity verification guidelines and app registration instructions.

    According to F-Droid, this effectively blocks the distribution of open-source software without Google’s approval. The project cannot demand registration from developers, nor can it “claim” app identifiers—doing so would place them under monopolistic control.

    If the rules take effect, F-Droid users risk losing access to thousands of applications, including updates for software already installed. The exact size of its user base is unknown, since by design the project does not track its audience—a principle articulated in its note, No user accounts, by design.”

    Google frames the new requirements as a matter of security. Yet F-Droid counters that Play Protect—preinstalled on certified Android devices—already has the capability to detect and block malicious software, regardless of its source.

    Independent app stores argue that it is precisely the openness of code and transparency of process that provide stronger guarantees of security than closed corporate mechanisms. Mandatory registration, they contend, centralizes power and undermines ecosystem diversity.

    F-Droid characterizes Google’s initiative as a direct assault on users’ right to run any software on their devices. The comparison is striking: imposing mandatory registration for developers, they argue, is akin to requiring writers and artists to obtain accreditation before publishing their work.

    Linking app identifiers to developers’ personal documents, the project warns, creates a dangerous “bottleneck” that restricts competition and freedom of choice. Such measures may even conflict with the principles of free expression and democratic values.

    F-Droid is calling on antitrust and regulatory authorities to closely scrutinize Google’s policy and to prevent the misuse of security as a pretext for monopolistic control. It urges users and developers alike to support independent platforms—by writing to U.S. lawmakers, contacting members of the European Parliament and the DMA taskforce, and signing petitions in defense of sideloading.

    The central aim of this campaign is clear: to preserve the right to open software distribution and to prevent Android from becoming a fully closed ecosystem.

  • The App That Pays You to Talk: Neon Mobile’s Meteoric Rise and the Disturbing New Era of Privacy for Profit

    In the second spot of the U.S. App Store’s social networking chart appeared an unexpected contender—Neon Mobile, an application that promises users the ability to earn money by recording their phone calls and selling the data to companies working with artificial intelligence. The app advertises potential earnings of hundreds or even thousands of dollars annually, paying 30 cents per minute for conversations with other Neon users and up to $30 per day for calls made to non-users. Additional referral bonuses are also offered.

    Its rise in popularity has been meteoric: on September 18, Neon ranked 476th in its category, yet within a week it had entered the top 10, and by the morning of September 24 it had climbed to seventh place among all apps and games, reaching the second position among free social networking services later that same evening.

    According to its terms of use, the application can capture both incoming and outgoing calls, though it claims that technically only the user’s side of the conversation is recorded if the other party does not use Neon. However, legal experts caution that such phrasing could mean the entire call is indeed recorded, with the second party’s audio merely discarded afterward. This approach effectively skirts U.S. wiretapping laws, which in several states require the consent of both participants.

    Neon asserts that it removes names, phone numbers, and email addresses before sharing recordings with AI firms. Yet the terms grant the company an extraordinarily broad and irrevocable license to exploit user data: the exclusive, perpetual, and transferable right to sell, store, reproduce, publicly display, modify, and create derivative works from recordings. In essence, the company can do virtually anything with a user’s voice, including reselling it downstream.

    Experts warn that such access to both a voice sample and a phone number enables malicious actors to generate fraudulent calls or synthesize voices for scams. Neon does not disclose which companies purchase the recordings or how they are ultimately used. Even if Neon itself operates in good faith, users remain vulnerable to leaks or misuse by partners. Troublingly, the app displays no indicators of recording during a call and does not notify the other party. Technically, it behaves like a standard VoIP application with spoofed Caller ID.

    Neon’s founder is identified as Alex Kiam, reportedly operating from an apartment in New York. In a LinkedIn post, he referenced investment from Upfront Ventures, though the investor has issued no public statement.

    The emergence of such a service—and its rapid success—signals a profound shift in attitudes toward privacy in the age of AI. In 2019, Facebook faced a wave of backlash for installing surveillance apps on teenagers’ devices; today, similar practices spark less outrage, especially when users willingly sell their own privacy for pennies.

    Legal experts emphasize that the danger extends beyond individual users: anyone who communicates with them may have their conversations recorded in the background without consent. This is particularly alarming in an era when AI is already embedded in video calls, transcribes meetings, and analyzes voice data. The trend suggests a new norm: if surveillance is inevitable, why not profit from it? The answer, attorneys caution, may ultimately cost far more than those thirty cents per minute.

  • Apple Urges EU to Repeal Digital Markets Act, Citing Delayed Features and Security Threats

    Apple has appealed to the European Commission with a call to reconsider and repeal the Digital Markets Act (DMA), a law introduced to curb the influence of the largest technology corporations. The company argues that the legislation has resulted in delays in delivering new features to users in the European Union, while simultaneously increasing risks to privacy and security.

    The law, which came into force in 2024, obliges major players—designated as “Gatekeepers”—to open their platforms to third-party developers and competitors. Brussels emphasizes that for Apple and others, this is not a matter of choice but a binding legal obligation.

    According to Apple, several services had to be postponed in Europe, including iPhone-to-Mac screen mirroring, real-time translation via AirPods, and location-based features in Maps. The company claims these delays stem from the need to adapt them for compatibility with third-party products and applications. Furthermore, Apple contends that the protective mechanisms it proposed to safeguard user privacy were rejected by the European Commission, leaving no viable compromise.

    Apple warns that the new rules have led to a less seamless and more hazardous user experience. The ability to install applications from external sources and access alternative app stores, the company argues, has opened the door to fraudulent services, malicious software, and content that was previously filtered out by the App Store.

    In June, Apple had already modified its policies and pricing in the European App Store to comply with EU antitrust requirements. Now, however, the corporation asserts that the DMA is not fostering market growth but instead complicating business operations in the region.

    The European Commission is currently conducting an initial review of the law’s effectiveness, collecting feedback from across the industry, including Apple. Officials maintain that the DMA’s primary purpose is to ensure competition and interoperability of services, with user interests remaining paramount. Criticism of the law has also emerged beyond Europe: the Trump administration in the United States has consistently opposed the DMA. Nevertheless, the European Commission insists that the regulations will be enforced in full, regardless of external pressure.

  • Proton Sues Apple Over “Illegal Monopoly”: App Store Antitrust Battle Escalates in US Court

    Proton has officially joined the legal battle against Apple, accusing the tech giant of violating antitrust laws and undermining the interests of developers, users, and data privacy.

    In its complaint filed with the U.S. District Court for the Northern District of California, Proton alleges that Apple is abusing its dominant position by exerting oppressive control over the iOS ecosystem and the App Store, thereby stifling competition. The company is urging the court to compel Apple to permit alternative app stores and grant developers the ability to fully disable Apple’s built-in payment system, as well as to provide unrestricted access to iOS system interfaces.

    The legal struggle with Apple on these grounds has persisted for years. The most prominent case remains that of Epic Games, which filed suit in 2020 seeking the right to distribute apps and process payments outside of the App Store framework. Although the court largely sided with Apple, it ordered the company to allow developers to inform users of alternative payment methods. However, Apple’s compliance with this directive remains in question, as a recent judicial review cast doubt on its good faith and even hinted at potential noncompliance.

    In Europe, the regulatory landscape has shifted more aggressively. Authorities have already mandated that Apple enable app distribution through third-party marketplaces, opening new avenues for developer-user engagement. Proton now seeks to achieve similar reforms in the United States, arguing that American users and businesses should not be placed at a disadvantage relative to their European counterparts.

    By aligning itself with a coalition of South Korean developers who filed a parallel suit in May 2025, Proton contends that Apple’s conduct contravenes U.S. antitrust laws. The company warns that failure by American regulators to intervene would entrench Apple’s monopoly, resulting in higher prices, reduced consumer choice, and a stagnation of digital innovation.

    Proton also underscored that Apple’s monetization model disproportionately penalizes companies that refuse to traffic in user data. While many free apps offset costs by monetizing personal information, privacy-focused services like Proton rely on subscription-based models. Apple, however, imposes commission fees even on these subscriptions, further complicating operations for companies that prioritize user confidentiality.

    Proton recalled its 2020 dispute with Apple, when the latter initially refused to publish an update to the Proton VPN app, citing concerns that it might “bypass censorship filters.” Apple eventually relented, but Proton maintains that the episode revealed the company’s tendency to prioritize profit over the public interest.

    The company further noted Apple’s routine removal of VPN and privacy-enhancing tools from its app stores, particularly in restrictive markets like China and Russia. In 2024, for instance, sixty VPN applications were purged from the Russian App Store, with the total number of banned services nearing one hundred.

    As of the time of publication, Apple had not issued a public response to Proton’s allegations.

  • Germany Demands DeepSeek Chatbot Ban: Accuses Chinese AI App of Illegally Transferring User Data to China

    The Berlin Commissioner for Data Protection has formally called upon Google and Apple to remove the DeepSeek AI service from their app stores, citing serious violations of the General Data Protection Regulation (GDPR). Meike Kamp, head of the authority, stated that the Chinese company Hangzhou DeepSeek Artificial Intelligence, headquartered in Beijing, has been unlawfully collecting data from German users and transferring it for processing on servers located in China.

    Under the provisions of the GDPR—specifically Article 46(1)—personal data collected from residents of the European Union must be safeguarded in accordance with the stringent legal standards of EU law. However, China is widely recognized for its lax data protection norms and frequent cases of excessive state interference in the operations of private enterprises. Given this context, it is highly doubtful that DeepSeek can ensure an adequate level of data security for European users.

    As Kamp explained, DeepSeek lacks an official presence within EU member states. Nevertheless, its application remains freely available for download in Germany through both the Google Play and App Store platforms. The service is presented in the German language and functions in it as well, which automatically subjects the company to the jurisdiction and obligations of the European regulation.

    DeepSeek is a Chinese artificial intelligence platform that surged in popularity in January 2025 following the release of its third-generation chatbot, featuring enhanced capabilities. Despite its meteoric rise, the company soon faced allegations of unsafe data handling practices, drawing sharp criticism. Yet these controversies did little to hinder DeepSeek’s continued prominence within the global AI community.

    According to app store data, DeepSeek AI has been downloaded over 50 million times on Google Play alone, while amassing thousands of user ratings on the App Store.

    Back in May 2025, Berlin authorities offered the company the opportunity to voluntarily withdraw the app from German digital storefronts. DeepSeek, however, declined to comply. Now, regulators are invoking powers granted under Article 16 of the Digital Services Act (DSA), which allows public authorities to formally notify platform operators—in this case, Apple and Google—about the presence of unlawful content. Both companies are now required to review the submitted report and determine the fate of DeepSeek AI in their respective ecosystems.

    Though the request originated from a regional body, it is backed by regulators from Baden-Württemberg, Rhineland-Palatinate, and Bremen, as well as the Federal Network Agency (Bundesnetzagentur), underscoring the gravity of the situation. Google, Apple, and DeepSeek have all received inquiries for comment, yet none have issued official statements as of this writing.

  • Germany Demands DeepSeek Chatbot Ban: Accuses Chinese AI App of Illegally Transferring User Data to China

    The chatbot developed by the Chinese company DeepSeek has once again found itself in the European spotlight. Earlier this year, the product garnered attention when its creators claimed they had successfully developed and maintained their own artificial intelligence at a fraction of the cost compared to their American counterparts. Now, the service faces potential removal from app stores in Germany.

    The Berlin Data Protection Authority has requested that Apple and Google restrict access to the DeepSeek app for users in Germany. The demand stems from alleged violations of European privacy regulations. According to the agency’s head, Meike Kamp, the company transmits personal data beyond the borders of the European Union—an action deemed unlawful in this context.

    While cross-border data transfers are not outright banned, they are permissible only if the company can guarantee the same level of protection for individuals as required by EU standards. German regulators assert that DeepSeek has failed to provide sufficient evidence of compliance with these obligations. Particularly concerning is the possibility that Chinese commercial entities may gain access to user information.

    A ban on distributing an app through the Google Play Store and Apple App Store is a relatively rare move. The General Data Protection Regulation (GDPR) stipulates severe penalties for violations—fines may reach up to four percent of a company’s global revenue. It also allows for restrictions or outright bans on specific business practices.

    To enforce the ban on mobile applications, Berlin authorities are also invoking the Digital Services Act (DSA). Although the Federal Network Agency is formally responsible for its implementation in Germany, the capital’s data protection office has independently initiated proceedings, citing provisions of the GDPR.

    It is important to note that the restrictions will apply only to the mobile version of DeepSeek available via official app stores. The web-based version of the service, accessible through browsers, will remain operational.

    This is not the first instance of such regulatory action. In 2023, similar measures were temporarily enacted in Italy against ChatGPT, citing insufficient safeguards for minors and a lack of transparency in data processing.

    The situation surrounding DeepSeek is further complicated by the absence of an official company representative within the EU. Under European law, this enables any national authority within the bloc to initiate investigations and take enforcement actions independently, even if the organization is based outside the EU.

    Berlin officials have exercised precisely this right. It remains to be seen how Apple and Google will respond—and whether they will comply with the request.

  • OpenAI plans to roll out a marketplace akin to Apple’s App Store

    Reports from The Information suggest that OpenAI plans to roll out a marketplace akin to Apple’s App Store, enabling developers to offer artificial intelligence applications based on OpenAI’s technology. This strategy could potentially boost OpenAI’s profitability.

    These plans were revealed by OpenAI’s CEO, Sam Altman, during a recent discussion with developers in London. Several enterprises, including Aquant and Khan Academy, have expressed interest in providing ChatGPT-based chatbot services through this platform, hoping to attract a wider user demographic.

    ChatGPT Plus
    Image credit: Future

    The establishment of an App Store-like marketplace will undoubtedly facilitate users and businesses in easily finding appropriate AI applications. Instead of navigating through a labyrinth of links, installations, and operating procedures, a well-organized, systematic listing will make it easier for users to download and utilize such AI-integrated services.

    Not long ago, OpenAI announced the addition of plug-in functionality to ChatGPT, enhancing the user experience. If OpenAI proceeds with launching an App Store-like software marketplace, it could attract a larger user base. At the same time, OpenAI might increase its revenue by charging developers listing fees or sharing profits.

  • Netflix officially launches game service via App Store

    Netflix’s game subscription service has been officially launched on the Android platform. As for the implementation on the iOS platform, different from the previously mentioned game subscription service provided by its own video streaming application, Netflix will provide game services through the App Store.
    Netflix officially launched its game subscription service a few days ago. Users who are Netflix members can already play these games on the Android platform. It may take several months for users on the iOS platform to use this service, and unlike the Android platform that downloads games from the Netflix app, iOS users may need to download the game separately from the App Store.

    Netflix acquired Night School Studio
    And now there is news that Netflix will release its games through the App Store. Although like the Android platform, users can launch games from within the Netflix app, the app itself does not provide game downloads.

    The App Store currently has very strict regulations on downloading applications. Any application or game can only be downloaded from the App Store, and any application that provides application download services cannot be listed on the App Store, therefore, if Netflix can only put the games on the App Store one by one for users to download.
    Bloomberg’s analysis pointed out Although Netflix can use this method to promote game services on the iOS platform, this is not the best choice for their game business, because most users will want to have an All in One application, which is the Netflix app can download and start the game at the same time. But if you want to do this, then Netflix can only hope that Apple can make an exception (very unlikely), or provide the game to users in the cloud.