In the face of calls from regulators to open the gates to alternative app stores and sideloaded apps on the iPhone, Apple launched extensive publicity this week to argue that sideloading would harm the iOS ecosystem and its users.
The campaign builds on a recently quoted quote from an interview with Apple CEO Tim Cook in which he said that sideloading is “not in the best interests of the user”.
The cornerstone of Apple’s messaging is new White paper has published the company. The publication of the paper appears to be closely related to the debates of the Justice Committee of the US House of Representatives over potential antitrust laws in the technology area.
Before the main content of the whitepaper, Apple comes up with citations from government agencies on cybersecurity advising users not to sideload apps or use third-party app stores. From the European Union Agency for Cybersecurity in 2016:
Use only the official application marketplace. Users should … not [download applications] from third-party sources to minimize the risk of installing a malicious application. Users should not sideload applications unless they are from a legitimate and authentic source.
Another quote is from a 2017 report by the U.S. Department of Homeland Security:
The identified best practices for countering threats from vulnerable apps are relevant for malicious and invasive apps. Additionally, users should avoid sideloading apps and using unauthorized app stores (and businesses should prohibit them on their devices).
“Today our phones aren’t just phones; they store some of our most sensitive information about our personal and professional lives, ”the paper begins. It goes on to say that “we designed the iPhone with this in mind” and that “security researchers agree that the iPhone is the safest and most secure mobile device, allowing our users to trust their devices with their most sensitive information.”
The paper also states that Apple’s policies are rooted in the belief that privacy is “a fundamental human right”. Apple then specifically argues against demands made by regulators to require Apple to allow sideloading on the iPhone:
Allowing sideloading would compromise the security of the iOS platform and expose users to serious security risks not only in third-party app stores but also in the app store. Because of the size of the iPhone user base and the sensitive data stored on their phones – photos, location data, health and financial information – sideloading would trigger a spate of new investments in attacks on the platform. Malicious actors would take the opportunity by devoting more resources to developing sophisticated attacks against iOS users, expanding the range of armed exploits and attacks – often referred to as the “threat model” – from which all users must be protected. This increased risk of malware attacks puts all users at risk, including those who only download apps from the App Store. In addition, even users who only want to download apps from the App Store could be forced to download an app from a third party that they need for work or school if it is not available on the App Store. Or they could be tricked into downloading apps from third-party app stores that pretend to be an app store.
Much of the rest of the white paper is devoted to describing Apple’s app review process. There’s no new information, but Apple specifically says, “The goal of App Review is to make sure apps are trustworthy in the App Store.” (Some examples of Apple appearing to be using its verification process to make sure apps don’t undermine Apple’s business model have surfaced in recent years Epic games against Apple Attempt.)
The newspaper wasn’t the only part of Apple’s public relations effort this week. Apple’s head of data protection Erik Neuenschwander said in a Interview with Fast Company:
Sideloading actually eliminates the choice in this case. Today, users who want direct access to applications without any kind of verification have sideloaded on other platforms. The iOS platform is the one on which users understand that they cannot be fooled or tricked into a dark alley or back street where they will end up with a side-loaded app, even if they didn’t intend to.
While many privacy experts and security researchers support Apple’s position here, the company has other reasons to hold on to it. Apple’s soaring stock prices are due in part to a robust and growing service business, which includes Apple’s revenue from the App Store on iPhones. Should sideloading or alternative app stores be allowed, they would likely deduct some of that revenue from Apple.
Most of the investigations, lawsuits, and regulatory actions that could affect Apple’s status quo are still pending, but we are sure to see more of them in the months and years to come. In a way, Apple’s recent PR news on the subject represents the company’s opening arguments in a long battle to keep the way it does business.