Analysis Apple, besieged by regulators and rivals challenging its exclusive control over its iOS App Store, has published a 31-page defense of its ostensibly benevolent monopoly that warns of disastrous consequences if Cupertino is forced to allow competition.
“[S]ome are demanding that Apple support the distribution of apps outside of the App Store, through direct downloads or third-party app stores, a process also referred to as ‘sideloading,'” Apple says in its treatise, “Building a Trusted Ecosystem for Millions of Apps, A threat analysis of sideloading.” [PDF]
“Supporting sideloading through direct downloads and third-party app stores would cripple the privacy and security protections that have made iPhone so secure, and expose users to serious security risks.”
This is the second time in the past few months that Apple has published a lengthy defense of its highly profitable business model [PDF]. In June, Apple CEO Tim Cook delivered a similar message remotely to the Viva Technology conference in Paris, France, out of concern that the EU’s proposed Digital Marketers Act would force Apple to support third-party app stores and user-directed app installation.
The following week, Timothy Powderly, Apple senior director of government affairs for the Americas, sent a letter to US lawmakers [PDF] raising similar concerns about legislation that would require app store competition and mandate support for sideloading.
An inconvenient truth
There’s a major problem with Apple’s argument, however: Apple uses the term “sideloading” to refer both to third-party app stores and to direct app installation, suggesting the equivalency of two scenarios that are not the same.
“Sideloading” is generally defined as apps installed by users on a device without the involvement of a trusted intermediary that performs some oversight function. As Microsoft puts it, “Sideloading apps is when you install apps that aren’t from an official source, such as the Microsoft store.”
So downloading an iOS app from someone’s website and installing it is not the same as downloading an iOS app from, say, an app store operated by Google, Epic Games, or Microsoft. By conflating the two scenarios, Apple implicitly denies the possibility that a third-party app store might offer better security and privacy than the App Store.
And that is a possibility, given that Apple only spends about 12 minutes on average reviewing each iOS app. Imagine, for example, a Mozilla-run iOS app store that conducted a more detailed app review, allowed for the possibility of a developer-paid security audit, and disallowed all third-party analytics and ad SDKs. Such apps might cost more. But if iOS users cared to pay for a stronger security process and some assurance their apps don’t include data-grabbing libraries from ad companies, they could.
Ignore for a moment the fact that macOS allows sideloading and that Apple software EVP Craig Federighi sacrificed the security reputation of macOS to defend Apple’s iOS walled garden against the recent legal attack from Epic Games. Consider instead sideloading on Android.
Apple suggests Android has poor security because it supports sideloading. “Over the past four years, Android devices were found to have 15 to 47 times more malware infections than iPhone,” Apple’s report says.
Yet Apple is known for not communicating openly about security and does not publish a Transparency Report as Google does for Android. It appears that Apple is cherry-picking third-party research from Nokia to support its claims without providing its own internal App Store data about the incidence of iOS malware. Security issues may be more visible on Android than iOS, but that should be expected when iOS is less accessible to researchers.
According to Google’s Transparency Report only about 0.075 per cent of current Android devices (Android 11) during the April-June quarter contained a Potentially Harmful Application (PHA), which includes devices that sideloaded apps.
Many of the security issues on Android are the result of Google’s inability to force operating system upgrades on devices sold by other vendors, so older Android versions with vulnerabilities remain in the market longer. That’s a consequence of Android’s multi-vendor ecosystem rather than the perils of sideloading.
The horror, the horror
Consider some of the dire consequences that Apple suggests would happen if it’s forced to allow sideloading:
- More harmful apps would reach users because it would be easier for cybercriminals to target them – even if sideloading were limited to third-party app stores only.
But if customers are happy with the App Store, they’d have no need to change their behavior and shop around. If they choose to look elsewhere for their iOS apps, they should have that freedom.
- Users would have less information about apps up front, and less control over apps after they download them onto their devices.
Not necessarily. There’s no reason a third-party app store couldn’t offer more information if it chose to do so. And users who choose to sideload iOS apps themselves have the opportunity to do as much research as they’d like and to make installation decisions based on their own risk tolerance.
- Some sideloading initiatives would also mandate removing protections against third-party access to proprietary hardware elements and non-public operating system functions.
Apple doesn’t say what these initiatives might be but there’s no reason any mandate to open the iOS ecosystem couldn’t balance legitimate security concerns with competitive concerns.
- Users could be forced to sideload an app they need for work or school.
Sort of the way Apple was forced to allow government-mandated apps in Russia? If users are being forced to install unwanted apps, the problem is not the operating system or distribution mechanism but the legal status or power dynamic of those being coerced.
When The Register asked security researcher Patrick Wardle, founder of free security project Objective See and director of research at security biz Synack about whether Apple’s sideloading concerns were valid earlier this year, he allowed that some of Apple’s concerns are legitimate while also being self-serving.
Sideloading, he said, does increase the attack surface in iOS to a debatable extent, even as he noted that the App Store still contains scammy and insecure apps. Ultimately, he argued that even if there’s some added risk, most people would prefer that Apple is not the final authority on what we can install on our devices.
Likewise, Feross Aboukhadijeh, an open-source developer who runs Socket, told The Register in June that the security afforded by iOS has little to do with Apple’s inconsistent App Store Review process. Rather, he said, iOS security is largely due to security features built into the operating system, like app sandboxing, memory safety, permission prompts, and the like.
Apple says, “Sideloading is not in the best interest of users.” That’s a convoluted way of saying you’re not responsible enough to decide what gets loaded onto your iPhone. But undoubtedly sideloading is not in the best interest of Apple. ®