Allocents

How to Sell Outside the App Store Without Violating Apple's Rules

How to Sell Outside the App Store Without Violating Apple's Rules

Summary

  • Recent legal rulings in the U.S. and EU now allow developers to bypass Apple's 30% commission by directing users to external websites or alternative payment systems.
  • The rules are highly fragmented by region; showing a U.S. user an external payment link is now legal, but doing so for a user in Japan could risk your developer account.
  • The biggest risks are not just legal compliance but also a poor user experience that can tank conversion rates, making a seamless checkout flow and gradual rollout essential.
  • A jurisdiction-aware SDK like Allocents automates this regional compliance, allowing you to route users to the correct billing flow without building the complex logic in-house.

You've done the math. Apple's 30% cut is quietly eating a third of your subscription revenue — revenue you've earned through months of product work, marketing spend, and user acquisition. You've heard about the Epic v. Apple ruling, you've seen the headlines, and you're tempted to finally add that external payment link. But then the anxiety kicks in: What if my app gets rejected? What if Apple terminates my developer account?

You're not alone. This "compliance anxiety" is the most common reason developers leave money on the table. And honestly, the confusion is understandable — as one developer put it in a recent Reddit thread, the reaction to the ruling from many peers was simply: "What do you mean? Eli5 please."

The good news: the legal landscape has shifted dramatically in your favor. The bad news: the rules vary significantly depending on where your users are. This guide will walk you through the three key legal frameworks that now allow you to sell outside the App Store, explain precisely what you can and cannot do under each, and show you how smart infrastructure can automate the compliance work so you can focus on building.

Framework 1: The U.S. After Epic v. Apple

The Epic v. Apple case started in 2020 when Epic Games challenged Apple's anti-steering policies and its mandatory 30% commission on in-app purchases. In April 2025, a U.S. federal court issued a landmark ruling that permanently barred Apple from forcing developers to use its In-App Purchase (IAP) system in the United States.

Apple subsequently updated its App Review Guidelines and, by May 2025, apps on the U.S. App Store were permitted to include links and buttons that redirect users to a website to complete a purchase for digital goods or subscriptions — without penalty. Apple was also forced to eliminate the "scare screens" that previously warned users away from making purchases outside the App Store ecosystem.

✅ What you CAN do (U.S.)

  • Include a clearly labeled link or button in your app that takes U.S. users to your website to subscribe or purchase digital goods.
  • Offer lower prices on your website than through IAP — and let users know they exist.
  • Use Apple Pay and other payment methods on your web checkout.
  • Remove the friction Apple previously mandated around external payment flows.

⚠️ What to be careful about (U.S.)

  • The old anti-steering rules prohibited "enticing language" designed to steer users away from IAP. While those rules have been struck down, using measured, clear language is still the lowest-risk approach. Something like "Subscribe on our website" is safer than "Save 30% — Don't Pay Apple's Fee!" — especially while Apple's appeal proceedings continue.
  • This ruling applies only to the U.S. App Store. You cannot legally apply these same flows to users in Japan, Canada, or other regions outside the EU. Doing so risks your developer account.

Still Paying Apple 30%?

Framework 2: The EU's Digital Markets Act (DMA)

The EU's Digital Markets Act goes significantly further than the U.S. ruling. It classifies Apple as a "gatekeeper" platform and mandates structural changes to how iOS apps can be distributed and monetized across the European Economic Area.

✅ What you CAN do (EU)

  • Distribute your iOS app through alternative app marketplaces — not just the App Store.
  • Use third-party payment processors directly within your app for digital goods and services.
  • Link out to your website for purchases, and freely communicate and promote offers available at alternative destinations.
  • Offer your own native checkout experience inside the app without routing through StoreKit.

⚠️ The catch: Apple's new EU business terms

To unlock these capabilities, you must opt into Apple's Alternative Terms Addendum for Apps in the EU. This comes with a restructured fee model:

  • Reduced commission: App Store commission drops to 10% (for most developers) or 17% for digital goods.
  • Payment processing fee: A 3% fee still applies if you use Apple's IAP.
  • Core Technology Commission (CTC): The most complex new element. For apps exceeding one million first annual installs in the EU, Apple charges €0.50 per first annual install per year — regardless of whether that user ever pays you. This transitions to a unified CTC model by January 1, 2026.

The DMA provides enormous flexibility, but the CTC in particular requires careful financial modeling before you opt in. A free app with millions of EU installs could face a significant fee bill even with zero revenue from those users.

Framework 3: Android & Sideloading — The Open Alternative

Android has never had a walled garden problem. Sideloading — installing apps from outside an official app store — has always been permissible on Android, and developers have always been free to use any payment processor they choose within their apps. This is why major apps like Spotify and Netflix have long offered "subscribe on our website" flows on Android with no restrictions.

The Android ecosystem serves as a proof of concept: developers can run direct billing without the sky falling. Users adapt when the UX is good. And the margin improvement — going from a 30% cut to a few percentage points in payment processing fees — is transformative for a subscription business.

The Epic ruling and the DMA are slowly bringing the iOS ecosystem closer to Android's long-standing flexibility. But unlike Android, iOS now comes with a patchwork of jurisdiction-specific rules that require careful implementation.

Ship Direct Billing Today

The Infrastructure Problem Nobody Talks About

Here's the scenario every globally distributed app now faces:

  • A user in California → Show an external payment link (U.S. Epic ruling applies).
  • A user in Germany → You can use an in-app alternative payment SDK or web link (DMA applies, CTC may apply).
  • A user in Japan → IAP only. No external links permitted.
  • A user in Canada → The old rules still apply. No steering.

Building and maintaining this jurisdiction-detection logic in-house is a real engineering burden — and getting it wrong means your app is out of compliance in one region or another, potentially at any time Apple updates its policies.

This is exactly the problem Allocents was built to solve. Allocents provides a single SDK with jurisdiction-aware routing that automatically applies the correct, compliant billing flow based on where the user is located.

For a U.S. user, Allocents surfaces a direct billing option. For a user in a region where IAP is still required, it falls back to StoreKit seamlessly. You don't write the conditional logic. You don't track Apple's policy updates across six regions. Allocents' infrastructure layer handles it.

The SDK integrates in about 15 minutes (Swift/SwiftUI, Kotlin, Flutter, React Native) and includes:

  • Sign Up & Save paywalls — users choose between App Store billing or direct billing at the point of subscription.
  • Switch & Save campaigns — migrate your existing StoreKit subscribers to direct billing with targeted offers.
  • Native web checkout — with Apple Pay and Google Pay support, so the experience feels native, not like one of those "shitty websites that purposely hide the unsubscribe button."
  • Gradual rollout controls — start exposing direct billing to 10% of your users, monitor, then scale up with instant rollback if needed.
  • A/B testing — test discount amounts, copy, and timing to maximize migration rates.

Allocents offers two billing models depending on your team's capabilities:

  1. Allocents Billing (Merchant of Record) — At 5% + 50¢ per transaction, Allocents acts as the full Merchant of Record: handling payments, tax remittance across 190+ countries, chargebacks, fraud protection, and customer support. You get Apple-level billing infrastructure without Apple's fee.
  2. Bring Your Own Stripe (BYOS) — If you already have Stripe infrastructure and in-house support, connect your own account and pay just 0.5% of the revenue Allocents' flows successfully migrate. You keep full control over your payment stack.

Pre-Launch Checklist: Before You Go Live with Direct Billing

Before you flip the switch on an external payment flow, run through this checklist:

  • [ ] Map your user geography. Identify what proportion of your active users are in the U.S., EU, and other regions. This determines which frameworks apply and where the revenue opportunity actually lives.

  • [ ] Decide on infrastructure. Will you build jurisdiction-detection and billing logic in-house, or use a managed solution like Allocents to handle compliance automatically? Factor in ongoing maintenance as Apple's policies continue to evolve.

  • [ ] Request the right entitlements. For EU apps using alternative payments, you'll need entitlements like the StoreKit External Purchase Link Entitlement. For U.S. apps, review Apple's updated App Review Guidelines to confirm your implementation is compliant.

  • [ ] Design a frictionless checkout experience. The biggest risk to direct billing isn't compliance — it's a poor user experience that tanks conversion. Your external checkout must be simple, fast, and transparent. Users should be able to manage, pause, or cancel their subscription easily. A native-feeling flow with familiar payment options (Apple Pay, Google Pay) is essential.

  • [ ] Use a gradual rollout. Don't expose 100% of your user base to a new billing flow on day one. Start with 10% of users, monitor churn, support ticket volume, and payment success rates, then scale up. Allocents' dashboard gives you this control out of the box.

  • [ ] Update your Privacy Policy and Terms of Service. If you're acting as Merchant of Record for direct transactions, users need to know how their payment data is handled. Update your legal docs before launch.

  • [ ] Model the EU economics carefully. If you're opting into Apple's Alternative EU Terms, run the numbers on the Core Technology Commission against your projected install volume. The 10% commission reduction may not net positive for every app, particularly ones with high free-user install counts.

  • [ ] Monitor the policy landscape. The rules are still evolving. Apple has appealed aspects of the U.S. ruling, and the EU's enforcement posture on the DMA is active and ongoing. Subscribe to the Apple Developer News blog and monitor announcements from the EU Commission to stay ahead of changes.

The Future is Direct

The era of Apple's unchallenged control over iOS monetization is over. The Epic v. Apple ruling, the EU's Digital Markets Act, and Android's long-standing openness have together created a world where developers can finally build direct billing relationships with their customers — and recapture a meaningful portion of revenue that was previously non-negotiable.

The rules are fragmented, and the compliance overhead is real. But the path forward is clear: understand which framework governs each of your user segments, build or integrate infrastructure that handles the regional logic correctly, and deliver a checkout experience your users actually trust.

Developers who act now — while the majority are still waiting to see how things shake out — will have a compounding advantage. Every subscriber migrated to direct billing is revenue that compounding monthly at your margins, not Apple's.

The power is shifting back to the developer. It's time to sell outside the App Store — the right way.

Frequently Asked Questions

What is the main difference between the new payment rules in the U.S. and the EU?

In the U.S., you can add links that send users to your website to pay. In the EU, you can do that plus use alternative payment systems directly within your app, but you must opt into new business terms that may include a Core Technology Commission (CTC). The U.S. rules stem from the Epic v. Apple court ruling which primarily dismantled Apple's "anti-steering" policies. The EU's Digital Markets Act (DMA) is a broader regulation that forces "gatekeeper" platforms like Apple to open up their ecosystems, allowing for third-party app marketplaces and alternative in-app payment processors.

Can I offer lower prices on my website than in my app?

Yes, in both the U.S. and the EU, you are now allowed to offer lower prices on your website and communicate these savings to your users. This was previously forbidden under Apple's "anti-steering" rules, which have been struck down or superseded by new regulations. However, it's still wise to use clear and straightforward language, as Apple's policies can still be subject to interpretation and legal challenges are ongoing.

What is the Core Technology Commission (CTC) and should I be worried about it?

The Core Technology Commission (CTC) is a fee Apple charges in the EU for apps that opt into the new Digital Markets Act business terms and exceed one million "first annual installs." The fee is €0.50 per install per year over that threshold, and it applies even if the user never pays you anything. You should be concerned about the CTC if your app has a very large user base of free or low-revenue users in the EU, as the fee could potentially exceed the revenue you gain from lower commissions. Careful financial modeling is essential before opting into the new EU terms.

Do these new rules apply to Android apps on the Google Play Store?

No, these specific rulings and regulations apply to Apple's iOS App Store. The Android ecosystem has always been more open, generally permitting developers to use third-party payment processors within their apps and direct users to web checkouts for subscriptions. Android's long-standing flexibility is often cited as a model for how a more open app ecosystem can function.

How can I show different payment options to users in different countries?

To show different payment options based on a user's country, you need to implement jurisdiction-detection logic in your app. This involves identifying the user's region (e.g., via their IP address or account settings) and then programmatically displaying the compliant payment flow—whether it's an external link (U.S.), an alternative in-app payment (EU), or only Apple's IAP (rest of world). This can be a complex engineering task to build and maintain, which is why automated solutions and SDKs exist to handle this routing for you.

What are the biggest risks of implementing external payments?

The two biggest risks are non-compliance and poor user experience. Incorrectly implementing the rules for a specific region could lead to your app being rejected or your developer account being suspended. At the same time, a clunky, slow, or untrustworthy external checkout flow can destroy user trust and significantly lower your conversion rates compared to the seamless experience of Apple's IAP. A gradual rollout and rigorous A/B testing are crucial to mitigate this business risk.

Is it worth it to move away from Apple's In-App Purchase system?

For most subscription-based apps, yes. Moving eligible users away from Apple's In-App Purchase (IAP) can significantly increase your net revenue by reducing commission from a steep 15-30% down to standard payment processing fees, which are typically closer to 3-5%. While it requires careful implementation to manage compliance and user experience, the reclaimed revenue can be a game-changer for your business's profitability and growth.

SHARE THIS ARTICLE
Tags:
Published on April 11, 2026