> If your second sentence was accurate, Apple wouldn’t be leading the industry on app security as they have been.

If Apple was actually leading the industry on App Security then they wouldn't be using the App Store as a security defense. They know that people are afraid of Pegasus-style malware and they want people to think it comes only from third-parties. In reality, Apple devices are already attacked from a variety of endpoints, many of which are first-party. Some of them are zero-click. Blaming malware and scamming on sideloading is an obvious stretch; both of those things exist on iPhone even without the DMA.

> The mistake is seeing these as incompatible rather than complementary goals

I do see them as complimentary; that's why I'm outraged that only one half of the goal is considered. Apple actively neglects security on their device to reinforce the validity of a centralized App Store. That is an objectively deteriorated experience for users, and when stuff like the Digital Market Act comes around it's a blatant ploy to buy Apple time.

I'm not denying the merits of your discussion, I'm proving that other platforms (including Apple-made ones) already get this right, so regulators have no reason to go let Apple off easy here. The status-quo can be better, and I guarantee you that this policy will be revised within the year. There is simply no excuse.

There's no way to fix the problem natively, either. Apple's "solution" to this issue is checking every app personally, which is a fallible and expensive approach. Apple will pretend they're taking the high road, but it doesn't take a genius to surmise they only care about that process because it's expensive.

No matter how you slice it, this is already a problem and literally no one blames Apple for it. It's not Apple's job to blacklist phone numbers that contain scam callers, it's not Apple's job to protect Safari users from content that harms them. The EU is very unlikely to approve any scheme where Apple is still a gatekeeping party.