In a new 16-page report, Apple has laid out its arguments against allowing sideloading iPhone apps, claiming the practice would make its phones less secure and trustworthy for users. The report, which is titled “Building a Trusted Ecosystem for Millions of Apps,” outlines Apple’s existing security processes and how it believes these could change if it were forced by regulators to allow sideloading.
The report is part of Apple’s pushback against lawmakers and other critics, who have argued that it should be forced to allow apps to be sideloaded onto its iPhones, bypassing its centralized App Store. In the US, the House Judiciary Committee is expected today to debate a series of bills aimed at addressing tech monopolies, including Apple’s App Store policies. One such bill sponsored by Rep. David Cicilline (D-RI), chairman of the antitrust subcommittee, could force Apple to allow third-party app stores on its platform, Bloomberg notes.
“Allowing sideloading would degrade the security of the iOS platform”
Elsewhere, the EU’s proposed Digital Markets Act (DMA) could compel Apple to allow sideloading of apps. “The current DMA language that is being discussed, would force sideloading on the iPhone,” Apple’s CEO Tim Cook previously said, according to CNBC. This “alternate way of getting apps onto the iPhone” would “destroy” its security, the CEO argued. Epic also argued for Apple to allow sideloading in its recent high-profile trial with the company.
Apple already allows sideloading on its Mac computers, but it argues that this model doesn’t work for iPhones because they carry more sensitive and personal information. Apple’s senior vice president of software engineering Craig Federighi recently argued during the company’s trial with Epic Games that the Mac’s model means that it has a level of malware that “we don’t find acceptable and is much worse than iOS.”
“Allowing sideloading would degrade the security of the iOS platform and expose users to serious security risks not only on third-party app stores, but also on the App Store,” Apple’s new report says. Apps that don’t go through its App Store review process could contain malware that Apple’s reviewers would otherwise catch, the company argues, citing research that suggests third-party app stores on Android (which does allow sideloading) are more likely to contain malicious code. Non-App Store apps may also not use Apple’s security and privacy features.
However, critics have pushed back against Apple’s claims about the security of apps on its store. Despite Apple’s assurances that it has a 500-plus strong team reviewing around 100,000 new apps and updates every week, there have been numerous examples of scam apps slipping through its checks, including some that hide casinos in kids apps or others that charge extortionately high subscription fees. And forcing developers to use the App Store to distribute apps means many have to pay Apple a 30 percent commission on app sales and in-app purchases for digital goods, a commission that Cicilline has previously called “highway robbery.”
Some experts have also argued that the iPhone’s security has more to do with the security features of iOS, including the way apps run in a so-called “sandbox,” rather than the App Store’s review process. But Apple’s report claims that “the best defense relies on a combination of all layers,” combining App Store review with built-in platform protections.