Kindle and Apps Capitalize on iOS App Store Changes

Background: Epic Games Litigation and the Federal Injunction

In September 2021, Epic Games filed an antitrust lawsuit against Apple challenging its 30 percent commission on all in-app purchases and the company’s prohibition on steering users to external payment methods. On April 24, 2025, U.S. District Judge Yvonne Gonzalez Rogers found Apple “in willful violation” of a prior injunction that barred anticompetitive conduct in the tightly controlled iOS App Store ecosystem. Key language in that injunction prohibited Apple from:

• “Denying developers the ability to communicate with, and direct purchasers to, other purchasing mechanisms.”
• Restricting external links, buttons, or calls to action in apps on the U.S. storefront.

Though Apple immediately announced its intention to appeal, the company promptly updated its App Review Guidelines to comply with the ruling—at least temporarily.

What Changed: Updates to App Review Guidelines 3.1.x

On April 25, 2025, Apple released guideline changes for U.S. apps in the App Store. Key modifications include:

• 3.1.1 & 3.1.1(a): Apps on the U.S. storefront may include buttons, external links, or other calls to action for browsing and purchasing non-consumable digital assets (e.g., NFT marketplaces) without requiring Apple entitlements.
• 3.1.3 & 3.1.3(a): The prohibition against directing users to purchase outside of in-app purchase (IAP) no longer applies in the U.S. Apps no longer need the “External Link Account” entitlement to add redirects.

These updates pave the way for any developer—ranging from media-streaming services to digital-bookstores—to offer a more seamless checkout experience by directing users to external payment pages hosted on a developer’s website.

Case Study: Kindle’s New “Get Book” Redirect Button

Amazon’s Kindle app, since its iOS debut in 2009, has forced users to buy books via a web browser, then sync titles into the app. With the latest update (version 8.36.1), Kindle now embeds an in-app search bar that surfaces Amazon.com listings and displays a Get Book button. Tapping it automatically launches Safari (or the user’s default browser) with the product page and pre-populates the cart.

Technical details:

• Uses Apple’s SKStoreProductViewController alternative to launch external URLs, preserving browser cookie sessions and authentication tokens.
• Implements deep-linking via Universal Links (HTTP apple-app-site-association files) to minimize context-switching delays.
• Maintains AES-256 encrypted credentials in the App Sandbox, so user Amazon log-ins remain secure while shipping to Safari.

Technical Implications for Developers

With the new guidelines, developers must update their build configurations and Info.plist entries to allow arbitrary-web-content loading via WKWebView or external link handlers. Key steps include:

• Adding NSAllowsArbitraryLoads exceptions scoped to approved domains.
• Including new entitlement flags (com.apple.developer.external-links) in provisioning profiles.
• Updating user flow diagrams and privacy disclosures to reflect external redirection and data handling.

Development teams should also plan for expanded QA test cases covering user-agent preservation, session continuity, and edge cases where a user’s browser is set to private or blocked.

Industry Response and Future Outlook

Early adopters like Amazon and smaller ebook retailers immediately rolled out app updates. Spotify, Netflix, and other streaming giants are reportedly exploring similar implementations to avoid Apple’s 15–30 percent cut on subscriptions. In addition, Unity Technologies announced plans to leverage the ruling for its Asset Store in Unity Editor builds on iOS.

Cloud-based gaming platforms such as Nvidia’s GeForce Now and Microsoft’s Xbox Cloud Gaming are also evaluating external purchase flows for DLC and subscription add-ons. These moves indicate a broader shift toward hybrid payment models spanning in-app purchase and secure web checkout.

Expert Opinions and Potential Workarounds

“Technically, Apple’s new concessions are minimal but game-changing,” says Dr. Laura Chen, a mobile-security researcher at the University of California, Berkeley. “Developers must still invest in robust OAuth2 implementations to maintain session security when jumping between app and browser contexts.”

Security consultancy Bishop Fox warns that unless browsers on iOS support Service Workers uniformly, some redirects could break offline-first or PWA-style experiences. Potential workarounds include:

• Implementing an embedded WKWebView fallback with custom URL schemes.
• Leveraging ASWebAuthenticationSession for OAuth2 flows to preserve privacy and avoid user-agent sniffing.

Anticipating Apple’s Appeal and Loss Aversion Dynamics

Apple’s appeal to the Ninth Circuit is expected to be heard later this year. If Apple prevails, the company may revert to its prior policies, effectively removing redirect capabilities. According to behavioral economist Dr. Martin Feldman, “Loss aversion suggests that users and developers who grow accustomed to external-link convenience will perceive the rollback as a net loss, amplifying backlash.”

In that scenario, Apple will have to weigh the additional revenue from restoring in-app purchase mandates against the reputational and regulatory costs of being seen as reversing consumer-friendly changes.

Conclusion

While the long-term outcome remains uncertain, this temporary window is already reshaping developers’ strategies for handling digital-goods commerce on iOS. As Amazon’s Kindle app demonstrates, even a simple “Get Book” button can significantly enhance user satisfaction and streamline revenue flows—without forking over a hefty commission to Apple.