Conflict between Apple and European regulators on sideloading

18.11.2021 Conflict between Apple and European regulators on sideloading

By partner Mindaugas Civilka

Although it is not clear when the fundamental EU digital market legislation—Digital Services Act and Digital Markets Act (DMA)—will enter into force (it is unlikely that this will happen before 2023), the mere publication of the drafts and the official European discourse are putting an increasing strain on the big players in digital services. The DMA establishes a long list of specific ex ante obligations for the so-called gatekeepers, i.e. providers of core platforms. These ex ante obligations are mainly aimed at protecting the business models of gatekeepers’ competitors (e.g. requiring business users to use any other core platform service to access core platform services is prohibited, etc.).

The proposed DMA provisions are interpreted as binding Apple to allow the so-called sideloading apps on an iPhone through circumvention of the official App Store platform.

Apple has historically ensured security for consumers and application developers by providing an official platform for application development and distribution. The company has developed a market-leading security standard and created the App Store as a trusted place for users to safely download strictly pre-tested third-party applications.

Thus, the DMA’s requirement to open up iOS for the apps downloaded not via AppStore may result in major challenges for the management of pre-installed apps on the App Store and iPhones, which would fundamentally affect Apple’s business model. In June of this year, Apple CEO Tim Cook publicly announced that such an obligation would harm the interests of consumers and substantially destroy the security of the iPhone.

Of course, types of sideloading vary, e.g. app downloading via specialised marketplaces enable the users to avoid many of the security risks in question.

And yet.

In mid-October, Apple declared its position identifying threats of sideloading (Building a Trusted Ecosystem for Millions of Apps: A threat analysis of sideloading). This is Apple’s response to the DMA and the increasing pressure from EU institutions on opening the AppStore platform for other market players.

Apple’s essential considerations:

  • On comparison, over the past years, the Android system which allows sideloading was found to have 15 to 47 times more malware infections than iPhone
  • If Apple were forced to support sideloading:
    • users would have more easy access to harmful apps which are cybercriminals’ best friend, even if sideloading were limited to third-party app stores only
    • users would have less information about apps up front, and less control over apps after they download them onto their devices
    • sideloading would mandate removing protections against third-party access to proprietary hardware elements and non-public iOS functions
    • cybercriminals may trick users into sideloading apps by mimicking the appearance of the App Store
    • developers would also be harmed by the proliferation of fake and copycat apps, as well as pirated apps
  • Malware adversely affects the mobile ecosystem
  • Malware designed to infect an individual’s mobile device can also affect corporate data and corporate networks

However, these arguments by Apple are yet incapable of convincing EU institutions. Margrethe Vestager, European Commission’s Executive Vice-President, has warned Apple against using privacy and security arguments to protect the App Store from competition.

Some voices argue that the juxtaposition of consumers’ security and privacy and the protection of competition (the classic contrast between the two values) is just a smoke screen intended to protect Apple’s revenue. Apple charges relatively high commissions (up to 30%) on sales in the App Store, so liberalising app loading will save developers money, which could lead to greater service availability and a more attractive price for the end user. This may adversely affect Apple’s revenue, but I have no doubt that other ways can be found to maintain iOS security and integrity even under sideloading conditions. In other words, opening iOS to alternative app platforms does not mean that Apple will lose economic and social incentives to continue investing in protecting the privacy and security of iOS and Apple users.

Apple does not seem to be going to step down easily and is preparing for another long positional warfare with European regulators.