Introducing the App Store Mini Apps Partner Program
<p>Today, we’re introducing the Mini Apps Partner Program, which expands on the App Store’s ongoing support for apps that offer mini apps. Mini apps are self-contained experiences that are built using web technologies like HTML5 and JavaScript. This program is designed to help developers who host mini apps grow their business and further the availability of mini apps on the App Store — all while providing a great customer experience.</p><p>Participating developers may benefit from a reduced commission rate of 15% on the sales of qualifying In-App Purchases. To be eligible for this reduced commission rate, participating apps must support certain App Store technologies, including the Declared Age Range API and the Advanced Commerce API in order to help provide a safe and seamless experience
November 13, 2025
Today, we’re introducing the Mini Apps Partner Program, which expands on the App Store’s ongoing support for apps that offer mini apps. Mini apps are self-contained experiences that are built using web technologies like HTML5 and JavaScript. This program is designed to help developers who host mini apps grow their business and further the availability of mini apps on the App Store — all while providing a great customer experience.
Participating developers may benefit from a reduced commission rate of 15% on the sales of qualifying In-App Purchases. To be eligible for this reduced commission rate, participating apps must support certain App Store technologies, including the Declared Age Range API and the Advanced Commerce API in order to help provide a safe and seamless experience for customers of all ages.
Learn more about the Mini Apps Partner Program and eligibility
Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Releases
Exclusive | OpenAI Scraps Sora Video Platform Months After Launch - WSJ
<a href="https://news.google.com/rss/articles/CBMilANBVV95cUxNU0pER2pDNmNkRWVNTnEtZ3pRNDIyWEhzbmFTWkVGaW95U2Y5eGFOZFVmQmUzU1VCTVk2MTNLZzJuRVk2QWRYOERpQUpYOWNxcjhFTFo2MzFIbk9qeGxhelREalNnRXp3UHlKcW8xUzBncUctMGxxRm52MU5pMGNqNFZhWFVEZUNXWkN5RFJ4bTVSY1lBaEY2SmFPcWtzZHYyMDU1ZWVtQ2gzZlhieTVmemFHWHEtaFRyTnk0ZklEc0lrYVlEaWVvMFVHOWNpSE5PdHRYcU1iaUg0N0w0YjZvNDlRa1VhZjJvbW5wRDdKVkFVNlZlbmVjU1hTdk9lc1c4NGRWczRrUFdnbURBN1IzX2FVY05VZ0JwSG9RR3JtZm9sN0pzQ0JpVHF2SDhWc3dzQm1fU1lPMWhEb0lEU3pmNEItbnQzZVd1LXNTNnY3d1BpLTMtRkR2Qll6SWhLbl9HTlZ2WDVkT2pRcjhoeGJCdEVOSDYtb0pVbXRDbkxTZG43Q0dRaThONXdXdnpmSEhkMkFpNg?oc=5" target="_blank">Exclusive | OpenAI Scraps Sora Video Platform Months After Launch</a> <font color="#6f6f6f">WSJ</font>
North Korean hackers implicated in major supply chain attack
<p>Suspected <a href="https://www.axios.com/world/north-korea" target="_blank">North Korean hackers</a> are believed to be behind an ongoing compromise of the widely used open-source package Axios, which is downloaded millions of times per week, researchers at Google said Tuesday.</p><p><strong>Why it matters:</strong> Hackers briefly turned a widely trusted developer tool into a vehicle for credential-stealing malware that could give attackers ongoing access to infected systems.</p><hr><ul><li>Axios, a widely used JavaScript library for making HTTP requests, is not affiliated with Axios Media.</li></ul><p><strong>Driving the news</strong>: Researchers at Google linked the activity to a North Korean group tracked as <a href="https://cloud.google.com/blog/topics/threat-intelligence/unc1069-
Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
<p>On March 31, 2026, two malicious versions of <a href="https://snyk.io/advisor/npm-package/axios" rel="noopener noreferrer">axios</a>, the enormously popular JavaScript HTTP client with over 100 million weekly downloads, were briefly published to npm via a compromised maintainer account. The packages contained a hidden dependency that deployed a cross-platform remote access trojan (RAT) to any machine that ran <code>npm install</code> (or equivalent in other package managers like Bun) during a two-hour window.</p> <p>The malicious versions (<code>1.14.1</code> and <code>0.30.4</code>) were removed from npm by 03:29 UTC. But in the window they were live, anyone whose CI/CD pipeline, developer environment, or build system pulled a fresh install could have been compromised without ever touc
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!