Since legislators have pushed to allow sideloading on Apple’s and Google’s mobile ecosystems, the Cupertino tech giant has taken a stronger stance against it than Google.
In a new letter sent to the U.S. Senate Judiciary Committee, the tech giant has countered an expert’s opinion which called Apple’s concerns over sideloading “unfounded” and emphasized that the App Store’s review process “creates a high barrier against the most common scams used to distribute malware.”
Sideloading is a term used to define the existence of alternative payment and distribution methods on an operating system outside their app stores. While Google allows users to download apps outside Play Store on Android, Apple does not.
The Cupertino tech giant argues that an iPhone is a very personal device with users’ private and confidential information, therefore, all apps must go through App Store’s review process to prevent malware or malicious apps from reaching consumers. But computer security expert Bruce Schneier does not agree with Apple.
Apple targets Android again stating that more than 50% of devices are infected with malware
In February this year, the U.S. Senate Judiciary Committee approved the bipartisan Open App Markets Act and made it eligible for voting in Senate. If made law, it will allow sideloading on iOS and Android to “to promote competition and reduce gatekeeper power in the app economy, increase choice, improve quality, and reduce costs for consumers.”
Expressing his support for the legislation in favor of sideloading, Schneier wrote to the Senate Judiciary Committee stating that Apple’s argument against sideloading was “disingenuous” and motivated by “self-interest”.
I would like to address some of the unfounded security concerns raised about these bills. It’s simply not true that this legislation puts user privacy and security at risk. In fact, it’s fairer to say that this legislation puts those companies’ extractive business-models at risk. Their claims about risks to privacy and security are both false and disingenuous, and motivated by their own self- interest and not the public interest.
Reuters reports that Apple has sent a new letter to key members of the Senate Judiciary Committee chair Dick Durbin, the top Republican, Chuck Grassley, Amy Klobuchar, chair of the antitrust subcommittee, and top Republican, Mike Lee to counter Schneier’s criticism.
Given our general regard for Mr. Schneier, these accusations are particularly disappointing. In our experience, the work of providing leading security and privacy to a modern computing platform at billion-device scale is among the most enormously complex and challenging engineering and technical policy endeavors, and much about this work remains easy to misunderstand. Mr. Schneier’s letter underscores that even talented technical practitioners, if they have not worked on key problems in this space, can confound the issues.
Although the tech company agreed with Schneier’s point that state-sponsored attackers could get through smartphones’ security controls, it maintained that those attacks are “rear threats” and App Store review is an effective process to detect malware because most malicious apps do not use trickery to gain control of victims’ devices.
Apple went on to argue that most malware does not rely on technical tricks to gain access to devices but instead tricks the human user to download it. It argued that Apple’s review of apps that are put into the App Store “creates a high barrier against the most common scams used to distribute malware.
The tech company further substantiated its argument by giving examples of malware on Android. Apple wrote that Android has 50 times more malware than iOS and in 2021, Nokia’s threat intelligence report revealed that more than 50% of Android devices are infected with malware.
In Nokia’s 2021 threat intelligence report, Android devices made up 50.31% of all infected devices, followed by Windows devices at 23.1%, and macOS devices at 9.2%. iOS devices made up a percentage so small as to not even be singled out, being instead bucketed into “other”. We consider this a triumph in protecting our users, and it could never have been done without the industry-leading last line of defense of our device security controls, working in tandem with the front-line security and privacy protections we provide our users through the App Store and App Review.
The tech giant does make a solid argument against sideloading but the existence of scam apps on the App Store drastically weakens it. Several scam apps have been found on the App Store which has robbed millions of dollars from consumers. And the company has yet to crack down on them.
Recently, U.S Senator Sherrod Brown sent a list of questions to Apple and Google to explain their measure against crypto scam apps on their app store. The Senator based his questions on a report by the FBI which revealed that scam crypto apps stole $42.7 million from 244 investors in just a year’s time.
