Apple CEO Tim Cook on Tuesday criticized pending antitrust regulation in the U.S. and Europe, saying that some of the proposed policies would hurt iPhone user privacy and security.
Cook contended in a speech at the IAPP Global Privacy Summit in Washington, D.C., that regulator efforts to force Apple to allow iPhone users the option to install apps from the internet, called sideloading, could lead to a scenario where users can be tricked into installing malware and software that steals user data, citing reports of malicious apps on Android, on which sideloading is currently allowed.
Apple currently only allows users to install iPhone software from the company’s App Store, which vets every app and update.
“Here in Washington and elsewhere, policymakers are taking steps in the name of competition that would force Apple to let apps on the iPhone that circumvent the App Store through a process called sideloading,” Cook said. “That means data-hungry companies would be able to avoid our privacy rules, and once again track our users against their will.”
Cook’s remarks Tuesday highlight Apple’s strategy to soften the sideloading requirements in pending antitrust regulation by focusing on the risks it presents to users.
Sideloading “would also potentially give bad actors a way around the comprehensive security protections we put in place,” Cook said Tuesday.
In the U.S., the Open App Markets Act would require Apple to permit sideloading. It was approved by the Senate Judiciary Committee in February and is expected to be further debated in Congress this year.
In Europe, the EU recently agreed on the Digital Markets Act, a sweeping set of rules that target big tech companies. Early versions of the DMA included a sideloading requirement, but the legislation is not yet finalized.
Regulators target App Store fees
Regulators say forcing Apple to allow apps to be installed through the internet would drive competition and placate app developers who say that Apple’s 15% to 30% fees for App Store purchases are burdensome and excessive. If developers can distribute iPhone apps without Apple’s store, then they could bill their users directly and bypass Apple’s fees, some believe.
But Apple has contended that sideloading would reduce the value of the iPhone because it vets all iPhone apps in the App Store through a process called App Review that checks software for scams and malware. Sideloading, Apple argues, would open up users to hackers and scammers who would invest in attacks that pretend to be legitimate, functional apps.
Android phones allow sideloading, and Cook gave an example of Covid-19 tracing apps on Android which contained ransomware. Apple’s App Store rejected coronavirus-related apps without a trusted institutional backer as early as March 2020 in order to prevent a similar problem on the iPhone.
“Taking away a more secure option will leave users with less choice, not more,” Cook said. “And when companies decide to leave the App Store because they want to exploit user data, it could put significant pressure on people to engage with alternate app stores.”
Cook’s speech isn’t the first time that Apple has made a security-based argument against App Store regulation. In a letter to lawmakers sent earlier this year, an Apple official said sideloading could cause millions of Americans to suffer malware attacks on their phones.
Correction: The Open App Markets Act was approved by the Senate Judiciary Committee in February. An earlier version misstated the month.