Facing calls from regulators to open the gates to alternative app stores and sideloaded apps on the iPhone, Apple has launched a substantial public-relations push this week to make the case that sideloading would do harm to the iOS ecosystem and its users.
The campaign builds on a recent quote from an interview with Apple CEO Tim Cook, in which he said that sideloading is “not in the best interests of the user.”
The cornerstone of Apple’s messaging is a new white paper the company has published. The paper’s release appears closely timed with the US House Judiciary Committee’s debates about potential tech antitrust legislation.
Preceding the white paper’s main body of content, Apple surfaces quotes from authorities on cybersecurity advising users not to sideload apps or use third-party app stores. From the European Union Agency for Cybersecurity in 2016:
Use the official application marketplace only. Users should… not [download applications] from third-party sources, to minimise the risk of installing a malicious application. Users should not sideload applications if they do not originate from a legitimate and authentic source.
Another quote comes from a US Department of Homeland Security Report from 2017:
The best practices identified for mitigating threats from vulnerable apps are relevant to malicious and privacy-invasive apps. Additionally, users should avoid (and enterprises should prohibit on their devices) sideloading of apps and the use of unauthorized app stores.
“Today, our phones are not just phones; they store some of our most sensitive information about our personal and professional lives,” the paper begins. It goes on to say that “we designed iPhone with this in mind” and that “security researchers agree that iPhone is the safest, most secure mobile device, which allows our users to trust their devices with their most sensitive data.”
The paper also states that Apple’s policies are rooted in a belief that privacy “is a fundamental human right.” Apple then makes its explicit case against calls for regulators to require Apple to allow sideloading on the iPhone:
Allowing sideloading would degrade the security of the iOS platform and expose users to serious security risks not only on third-party app stores, but also on the App Store. Because of the large size of the iPhone user base and the sensitive data stored on their phones—photos, location data, health and financial information—allowing sideloading would spur a flood of new investment into attacks on the platform. Malicious actors would take advantage of the opportunity by devoting more resources to develop sophisticated attacks targeting iOS users, thereby expanding the set of weaponized exploits and attacks—often referred to as a “threat model”—that all users need to be safeguarded against. This increased risk of malware attacks puts all users at greater risk, even those who only download apps from the App Store. Additionally, even users who prefer to only download apps from the App Store could be forced to download an app they need for work or for school from third-party stores if it is not made available on the App Store. Or they could be tricked into downloading apps from third-party app stores masquerading as the App Store.
Much of the rest of the white paper is dedicated to outlining Apple’s app review process. There’s not any new information, but Apple explicitly says, “The goal of App Review is to ensure that apps on the App Store are trustworthy.” (Some examples of Apple appearing to use its review process to ensure that apps did not undermine Apple’s business model surfaced during the recent Epic Games v. Apple trial.)
The paper wasn’t the only part of Apple’s PR efforts this week. Apple’s head of user privacy Erik Neuenschwander said in an interview with Fast Company:
Sideloading in this case is actually eliminating choice. Users who want that direct access to applications without any kind of review have sideloading today on other platforms. The iOS platform is the one where users understand that they can’t be tricked or duped into some dark alley or side road where they’re going to end up with a sideloaded app, even if they didn’t intend to.
While many privacy hawks and security researchers support Apple’s position here, the company has other reasons to hold it. Apple’s rising stock prices can partly be attributed to a robust and growing services business, which includes Apple’s revenues from the App Store on iPhones. Should sideloading or alternative app stores be allowed, they would likely pull some of that revenue away from Apple.
Most of the investigations, lawsuits, and regulatory actions that might affect Apple’s status quo are still nascent, but we’re sure to see more from them in the coming months and years. In a way, Apple’s recent PR messaging on this topic constitutes the company’s opening arguments in a long struggle to preserve the way it does business.