The inability to install third-party applications is one of the fundamental characteristics on which Apple has always based the security and reliability of the iPhone and iPad operating systems. It is the concept of the walled garden, the walled garden that thanks to its digital fortifications (made of technical choices and strict regulations that app developers cannot escape) keeps malware and viruses away from the iOS ecosystem, limiting security risks and to user privacy. However, it is also a well-guarded enclosure over which Apple has total control and which the company can unilaterally decide on the selection rules at the entrance. While this position guarantees greater security of the platform compared to Android, on the other it raises complex questions on the ambivalent role of the company, which is the guardian of the platform where its applications compete with those of third-party developers.
Sideloading, disgrace of users
In the last two years, the criticisms of this model have materialized in various forms and on several fronts. The lawsuit against Epic is taking place in the United States. According to the gaming company, known above all for the Fortnite video game, Apple should allow developers to load applications on iPhone and iPad through alternative platforms to the App Store, as well as granting the possibility for developers to use alternative payment systems to the proprietary one. from Apple. The verdict is expected by the end of the summer.
In Europe, Apple’s hegemony over the ecosystem of apps is instead challenged by the Digital Market Act (DMA) and the Digital Services Act (DSA), the set of rules that the European Commission would like to introduce by 2022 to regulate technology giants such as Facebook, Google, Amazon and Apple. Some passages of the DMA, as they are written today, would end up in particular forcing Apple to enable sideloading, i.e. the ability for users to load third-party applications without going through the App Store, thus bypassing the review system of Apple. In other words, something very similar to what Epic is asking for.
In a recent virtual speech at the Viva Technology 2021 conference in Paris, Apple CEO Tim Cook commented on the regulation and touched on the topic of sideloading, explaining that “the language currently used by the DMA would force Apple to enable” this procedure on ‘ iPhone. A practice that according to Cook “would destroy the security of the iPhone”, frustrating in the process “the series of privacy initiatives implemented by Apple through the App Store”, such as the solutions against advertising tracking introduced by Apple with iOS 14.5 .
A document to learn more
Tim Cook’s participation in the French conference, as often happens in these cases, was the prelude to a broader communicative drive. In the wake of the CEO’s comments, Apple today published a long document, “Building a Trusted Ecosystem for Millions of Apps”, in which it tries to explain how the App Store system is fundamental to guarantee the security and reliability of iOS, as well as to enable the privacy protections that differentiate the iPhone from the platforms competitors.
In particular, they explain from Apple, enabling the sideloading of third-party apps on the iPhone would open the side to the uncontrolled spread of malware, ransomware and other forms of malicious software. Infections that, explain from Cupertino, are fifteen times more common on the Android system. And it’s not just about installing scam applications outside the Store, they say from Cupertino: sideloading would undermine the authority of the App Store as such. The potential for attack on two billion users who could suddenly install any app out of control, Apple says, would inevitably foster the development of a full-fledged iOS malware industry. At this point we can counteract in many ways, for example by rejecting on an ethical basis Apple’s aspiration to stand as a controller in place of the user. Nonetheless, it is undeniable that Cupertino’s motivations, in this specific case, are based on realistic considerations on cybersecurity.
Sideloading yes, but for a few?
So why not imagine a special mode for sideloading, hidden behind a series of options and confirmation pop-ups aimed at discouraging less experienced users? System security functions could also be imposed on apps loaded in this way (as Android does), while leaving users the ability to access all the software they want without limitations. After all, critics say, this is what can already be done on the Mac, a platform generally considered very secure.
Apple argues at this point in a pragmatic way: the Mac and the iPhone, they say, are systems of a completely different nature. Meanwhile, from a numerical point of view, because the iOS user base is at least an order of magnitude higher than macOS. And then from the point of view of the amount of data we entrust to the two devices. Unlike the Mac, we always carry the iPhone in our pocket with the GPS active, we use it to access a myriad of different networks, we entrust it with data on our health, our information for payments. It also has a microphone and a camera that could spy on us at any time, if an attacker were to take control through a malware. In other words, breaking the security of an iPhone can have far more dire consequences. Thus the calculated risk that can be applied to a Mac for Apple is not acceptable in the case of a smartphone.
Technique and policy
Then there is another fundamental aspect, they say from Cupertino, but more subtle. The iOS security systems are based on two levels: one of a purely technical nature (pop-ups to enable tracking or localization, the permissions system and so on); one that pertains to policy choices, which can only be verified through app review.
Thus an app loaded via sideloading cannot bypass the technical level of the system anyway (it cannot access the location without asking for permission, for example), but can take advantage of the policy level (in practice: the text of the popup that invites you to enable access to location data) to deceive the user and access otherwise protected personal information. This type of violation, according to Apple, can only be intercepted through the App Store review system. So an app like the one in our example that wanted to access the location, but lacked a function that justifies this need, would never pass the review phase prior to publication, but could easily deceive the user into uploading it independently thanks to sideloading.
Thesis, antithesis, synthesis
The arguments brought to the table by Apple are reasonable, often factual, largely shareable. Including the fundamental theme: if someone does not agree with the policies of the App Store and with the rules that govern the Walled Garden, wants a completely open device and does not consider the security systems imposed by Apple necessary, they can choose not to buy an iPhone. The alternative already exists, they say from Cupertino in no uncertain terms, and is called Android.
However, a fundamental issue arises here, of a different nature: most of the positions that Apple defends because they are functional to user safety often coincide with the company’s economic interests. In other words: it is true that the app approval system on the Store is safer than sideloading, but it is also true that this same system guarantees Apple (legitimate) commissions on the selling price of the apps.
On this point, Apple’s defense is weaker and merely reiterates that the company’s positions have nothing to do with the economic aspects of the App Store, and move solely from the desire to take sides with users. A motivation that Apple would like us to take for granted, unlike all the other more factual ones, but which would certainly have more strength if it were supported by a series of concessions and compromises, even of an economic nature.
Here we have been following Apple for a long time, and we can confirm that – as in many other cases – for Cupertino the question is purely of principle: if you can defend the safety and privacy of users and continue in this way to generate your own honest turnover, there is no reason to give up either. Here, however, the stakes are more complex and important, and perhaps for once Apple will have to concede some inevitable compromise on the principles of its business to save other principles, those relating to the safety of the user and the privacy of his data.
.