Get your hands off our App Store

LISBON – Apple’s pro-privacy stance has often made it applauded privacy in the EU, but the company sent a top executive to the Web Summit conference here with another message to EU politicians: Do not change our App Store.

Craig Federighi, Apple’s senior vice president of software development, spoke Wednesday night about rejecting a provision in the Digital Markets Act that would require “gatekeeper” platforms to let people install apps of their choice, not just those in an official app store.

An English-language draft of the DMA states that such restrictions “should be prohibited as unfair and could weaken the competitiveness of core platform services.” Federighi told the participants in the summit that this mandate would dismantle all Apple measures to protect iPhone and iPad users.

“With side loading, these layered protections are undone,” he said. “Page loading undermines security and endangers people’s data.”

Craig Federighi on stage at the Web Summit

Federighi offered his audience the analogy of buying a house and choosing one with the best security and locks. Imagine, he said, that your municipality is now voting to require “an always unlocked side door” to optimize parcel delivery.

“Side loading is the unlocked side door,” he said. “And claiming it on the iPhone would give cybercriminals easy access to your device.” However, the DMA text notes that platform developers “may implement proportionate technical or contractual measures” to screen or restrict page-loaded apps.

Federighi also attacked the idea of ​​making page loading only an option, as it is in Google’s Android. “History shows us that it does not work as we hope,” he said, citing a scam Android ransomware app that mimicked an official Canadian COVID tracking app. “Even if you do not intend to sideload, people are routinely forced or tricked into doing so.”

He further suggested that “some social networking apps” would opt for sideload-only distribution to circumvent Apple’s privacy protections, warning “you would be stuck with the risk of losing touch with your friends online.”

(An app developer can also choose side-loading distribution to avoid Apple’s 15-30% consumption of App Store sales and subscriptions.)

Finally, Federighi noted that even if you resolutely avoid page loading, a family member who does can still put you in danger: “Even if you never page load, your iPhone and data are less secure in a world where Apple is forced to allow that.”

He did not address the risk factor at Apple’s macOS, where page loading – simply called “downloading” – has always been allowed next to Apple’s Mac App Store.

He also did not notice how totalitarian governments have exploited Apple’s control over mass market distribution of mobile apps to require them to remove certain apps. For example, in 2017, Apple removed a batch of VPN apps from its app store in the Chinese market; two years later, it launched HKMap Live, an app used by protesters in Hong Kong to coordinate their campaigns.

A company that is happy to say that “privacy is a fundamental human right” should at some point recognize that its app-store gatekeeping itself may leave a dent in other human rights.

DisclosureDisclosure: I moderate four panels at the Web Summit, in return the organizers cover my accommodation and my plane ticket.


Leave a Comment