Sideloading iPhone apps creates a security risk says Apple’s Tim Cook, so don’t force us to support it
Apple chief Tim Cook has hit out at proposed competition laws that would force it to allow apps to be downloaded from other app stores, something known as ‘sideloading’ which he warned could undermine security.
Cook on Tuesday used his speech at the International Association of Privacy Professionals (IAPP) summit to express Apple’s alarm about US and European proposals that could force it to let users sideload apps on the iPhone outside of the App Store.
Two competition proposals that do threaten Apple’s services-oriented business are the EU’s Digital Markets Act (DMA) and the America’s Open App Markets Act. Both target “gatekeepers” such as Apple and Google.
The US proposal, which as of February gained broad support from US lawmakers, aims to require sideloading of apps and remove the need for developers to use Apple’s and Google’s in-app payment systems. Meanwhile, members of the European Parliament agreed to support the DMA last month, which would require messaging platforms from Google, Apple, Meta and others work together, just like SMS works today.
Apple on multiple occasions has argued against sideloading because it’s a malware risk to iPhones and it isn’t fond of the DMA either for security reasons. Google is worried the DMA will “reduce innovation and the choice available to Europeans”.
Cook said Apple is concerned that these competition regulations put users’ privacy and security at risk.
Apple is committed to “protecting people from a data industrial complex built on a foundation of surveillance,” he said, echoing a phrase he used in 2018 when petitioning US federal lawmakers to create a federal privacy law that emulates Europe’s General Data Protection Regulation (GDPR).
“We have long been supporters of the GDPR … and we continue to call for a strong privacy law in the United States,” said Cook.
“We are deeply concerned by regulations that would undermine privacy and security in service of some other aim.”
“Here in the United States, policy makers are taking steps that would force Apple to let apps on the iPhone that would circumvent the App Store through a process call sideloading. That means data hungry companies would be able to avoid our privacy rules and once again track users against their will.”
“It would also potentially give bad actors a way around the comprehensive security protections we put in place, putting them in direct contact with our users. And we have already seen the vulnerability that that creates on other companies’ devices.”
He noted that during the early part of the pandemic, smartphone users were downloading legitimate COVID-19 tracing apps that turned out to be ransomware.
“But these victims weren’t iPhone users because the scheme directly targeted those that could install apps from websites that lacked the App Stores defenses. Proponents of these legislation argue that no harm would be done by simply giving users the choice. But taking away a more secure option will leave users with less choice,” said Cook.