European regulators are about to make an important call that could reshape how two Apple services operate across the continent. Within the next few weeks, the European Union is expected to decide whether Apple Maps and Apple’s advertising business should face tougher obligations under the Digital Markets Act (DMA), the bloc’s sweeping rulebook designed to curb market dominance and keep digital competition fair.
At the same time, fresh concerns are emerging around the Apple Podcasts app after unusual behavior spotted by a journalist and echoed by a security researcher raised questions about whether the app could be leveraged as a pathway for malicious activity.
EU review: Apple Maps and Apple Ads may face stricter DMA oversight
Under the Digital Markets Act, certain large tech firms can be labeled “gatekeepers” if they meet specific thresholds and operate services that act as key gateways between businesses and consumers. That label is a big deal because it triggers extra requirements intended to prevent anti-competitive behavior and open markets to rivals.
The DMA’s gatekeeper criteria focus on both scale and reach. Among the key thresholds are:
A company valuation of at least 75 billion euros, or EU-based revenue of at least 7.5 billion euros in each of the last three financial years
At least 45 million monthly active end users in the EU and more than 10,000 yearly active business users in the most recent financial year
The company meeting the user thresholds in each of the last three financial years
Companies are also expected to notify the EU when their services meet the requirements that could trigger a gatekeeper assessment. Apple has now informed regulators that its Maps and Ads services have reached the relevant thresholds, meaning the EU will consider whether these services should be formally brought under stricter DMA obligations.
The timeline is tight. Regulators have 45 days to decide whether Apple Maps and Apple Ads should be designated under the DMA framework. If the EU moves forward with the designation, Apple would then have six months to comply with any mandated remedies and operational changes.
This wouldn’t be Apple’s first encounter with DMA scrutiny. The EU has already designated Apple’s App Store, iOS, and iPadOS under the gatekeeper framework, making Maps and Ads the latest services that could be pulled into the same regulatory orbit.
Apple, for its part, argues that Maps and Ads should not be classified as gatekeeper services, emphasizing that they don’t represent a dominant market share and face significant competition. The EU’s upcoming decision will determine whether that argument holds—or whether regulators believe the services play a large enough “gateway” role to warrant tougher oversight.
Apple Podcasts security concern: odd launches and suspicious podcast pages
In a separate development, an investigation has highlighted behavior in Apple’s Podcasts app that could potentially be useful to attackers under the right circumstances.
A journalist reported that over several months, the iOS and macOS versions of the Podcasts app appeared to open podcasts in categories such as religion, spirituality, and education seemingly at random. In at least one case, a podcast page inside the app reportedly contained a link leading to a potentially malicious website.
What made the discovery more concerning was the nature of some of the podcast listings involved. The titles reportedly included unusual strings such as snippets of code, URLs, and in some instances content resembling attempted cross-site scripting techniques—elements that are out of place in typical podcast metadata.
A security researcher was able to reproduce similar behavior, though through a web-based trigger: simply visiting a website could cause the Podcasts app to open and load a podcast selected by an attacker. Notably, the researcher observed that, unlike some other external app launches on macOS that require a user prompt or approval, this behavior occurred without an apparent confirmation step.
The reporting stresses that this doesn’t automatically amount to an active exploit. Instead, the concern is about the mechanism: if a separate vulnerability were to exist in the Podcasts app, the ability to trigger the app to open and load content without user approval could potentially become an effective delivery route.
Why these Apple developments matter
From a search and competition standpoint, the DMA decision could affect how Apple Maps and Apple Ads function in Europe, including how businesses access these platforms and what obligations Apple may face around fairness, interoperability, and competitive access.
From a safety standpoint, the Podcasts app behavior is a reminder that even mainstream, pre-installed apps can become part of a broader risk chain if unexpected launch behavior or content loading can be triggered externally—especially if combined with a yet-unknown vulnerability.
With the EU’s 45-day window now in motion and the Podcasts questions circulating among security-minded observers, Apple is facing pressure on two fronts: regulatory compliance in Europe and renewed scrutiny of how its apps handle potentially risky content and external triggers.
