Apple highlights App Store security as it faces legal action over locked ecosystem

Antitrust bills being debated in the US could force Apple to allow 'sideloading' of apps.
Antitrust bills could force the company to allow 'sideloading' of apps Photo credit: Getty Images

Apple has released a report defending its refusal to allow the loading of apps on its mobile devices from any source other than its App Store, a process known as 'sideloading'.

The 16-page document, which highlights how the company believes the closed ecosystem protects users, comes as it faces pressure around the world over its locked down store.

In the US, the House of Representatives is debating five antitrust bills looking to curb the power of Google, Apple, Facebook, Amazon and Microsoft, the five biggest technology companies in the country. 

Two of those bills - the American Innovation and Choice Online Act and the Ending Platform Monopolies Act - could force Apple to allow iPhone, iPad and Apple Watch users to download apps from alternative sources.

But that could lead to serious consequences for users, the company argues.

"Because of the large size of the iPhone user base and the sensitive data stored on their phones - photos, location data, health and financial information - allowing sideloading would spur a flood of new investment into attacks on the platform," Apple wrote in the report.

"Malicious actors would take advantage of the opportunity by devoting more resources to develop sophisticated attacks targeting iOS users, thereby expanding the set of weaponised exploits and attacks that all users need to be safeguarded against."

Google's Android, the main alternative phone operating system, does allow sideloading and this means it's much more likely to attract malware, Apple says, pointing to a 2020 Nokia threat intelligence study.

It stated that devices run on Android had 15 times more infections from malicious software than the iPhone, with a key reason being that Android apps "can be downloaded from just about anywhere".

That has meant fake versions of apps like Netflix and Candy Crush have been installed on phones while a fake COVID-19 tracing app was actually a ransomware scam, asking users for money to get their data back.

The report also highlights the benefits of the company's review process, which vets all apps before they are available to download, particularly when it comes to children.

"Android apps aimed at children were discovered to be engaging in data collection practices that violated kids' privacy," it said.

"These apps continue to thrive and target Android users on third-party app stores, even though they were removed from the Google Play Store."

And that has meant malicious app developers have placed inappropriate or obscene ads on apps targeted at children with sideloading allowing parental controls to be bypassed, it said.

As well as the US action, Apple is also facing a September court date in France, brought by the finance ministry over alleged abusive contractual terms imposed on those wanting to sell software on the App Store.

Currently developers are charged a flat commission of 15 percent on the first US$1 million of sales, with that rising to 30 percent for sales beyond that.

That commission, and the inability for apps to have in-app purchases using an alternative system to that offered by Apple, was one of the focuses of the lawsuit Epic Games, developer of popular online game Fortnite, brought against the company.

A decision has yet to be announced on that case.