Is Mandated Sideloading The Answer To App Store Deplatforming?

from the breaking-the-walled-gardens dept

Smartphone app store policies have come into focus recently, following a series of recent conflicts between app makers and app store operators (principally Apple and Google). These include the removal of conservative-oriented social media platforms Parler and Gab, and the ensuing debate about balancing free speech and harmful content. There have also been numerous conflicts over monetization, including disputes over transaction fees for digital goods and services (e.g. <a href=”>Spotify and Epic Games), and privacy changes that affect third party advertisers (e.g. Facebook).

With scrutiny of the tech industry at an all time high, the otherwise niche issue of app store policies has become an increasingly salient part of the broader debate over digital market competition, raising the specter of new government regulation. But what is the optimal level of openness in a competitive app ecosystem, and how does public policy help achieve it? These are harder questions to answer than they seem—involving deep technical, economic, and legal issues.

A Tale of Two Smartphone Operating Systems

According to Statcounter, the global mobile operating system market is dominated by Google’s Android operating system (72% market share), followed by Apple’s iOS (27% market share). Despite having a substantially smaller user base, the Apple App Store earns substantially more direct revenue than the Google Play Store. But this is misleading at first glance.

First, there are important demographic differences. iPhone owners are more concentrated in developed nations, and even in those countries tend to be more affluent and spend more on apps. Their business models are also different. Unlike Apple, which has limited advertising offerings, Google earns substantial revenues through mobile advertising, and even pays Apple billions each year for the privilege to be its default search engine to expand the revenues it can capture. They are also designed in fundamentally different ways. Whereas iOS is a proprietary closed system, Android is (mostly) open source. Notably, there are versions of Android without Google Play or other Google services, particularly in mainland China where it doesn’t operate. Apple, on the other hand, operates the App Store on all iOS devices; and unlike Google, does business in the lucrative mainland China market.

As a result of these different architectures, a conspicuous difference between Android and iOS is that the former allows the installation of apps outside of its Play Store. This can be either through a pre-installed third party app store that ships with the device (e.g. Samsung’s Galaxy Store or the Amazon Appstore), or direct installation of apps or even other app stores, called “sideloading.” Circumventing the Play Store also means that developers can take payments without cutting Google in, typically 30%. Meanwhile, Apple requires users to go through its App Store to download apps, where it takes a similar cut.

Policymakers Respond

Grasping onto this difference, and facing pressure from lobbyists, policymakers in multiple states have proposed new legislation that would force Apple to redesign their operating system to allow circumventing both the App Store and In-App Purchase system (see similar bills in GA, ND, HI, AZ). Notably, a similar provision also exists in the European Commission’s proposed Digital Markets Act.

In theory, this sounds like a good idea. In the wake of recent controversies, many in Silicon Valley have been looking towards decentralization as the answer. Indeed, systems with more openness and interoperability tend to foster innovation and competition, and give users more freedom. The ability to install apps directly could also be an essential workaround when companies remove controversial apps, particularly where they are pressured to do so by activists or governments.

However, there are some good reasons to be wary of rushing to pass such a mandate, both as a substantial fix for digital market competition, and as a precedent for local governments dictating or overseeing software designs—something they’re not known to be particularly competent in.

Trade Offs of a Sideloading Mandate: Cybersecurity and Privacy

Suddenly forcing iOS to allow unvetted apps could introduce a flood of serious cybersecurity vulnerabilities, facilitating everything from spyware to ransomware to identify theft. Such an unanticipated requirement could pose a serious challenge to developers, potentially necessitating years of new work and investment.

A 2019 threat intelligence report from Nokia observed that Android devices were fifty times more likely to be infected than iOS, with the “vast majority” of malware distributed through trojanized sideloaded applications. Because of this risk, Android takes measures to discourage sideloading through user interface mechanisms. Google’s Advanced Protection Program also blocks sideloaded apps for this reason.

Because Android is a more open system than iOS, its privacy and security features are constructed differently. While both operating systems have some form of automated threat detection, app containerization, and other features to limit an app’s access to sensitive systems, these are architected based on different assumptions.

For Apple, a closed-system approach is at the heart of its strategy for iOS. If Apple engineers could no longer count on vetting during the app review process, they may be forced to build new redundancies from scratch, or even redesign major parts of the operating system. Because iOS isn’t open source like Android, it’s hard to tell how much of an architectural challenge this will be.

Apple’s preference for closed systems can be traced to Steve Jobs’ philosophy of end-to-end control of hardware and software, and lack of patience for consumer tinkering, going all the way back to the first Macintosh computer. In 2007, around the launch of the first iPhone, Steve Jobs described applying this thinking to iOS (then “iPhone OS”) in an interview with the New York Times:

You don’t want your phone to be like a PC. The last thing you want is to have loaded three apps on your phone and then you go to make a call and it doesn’t work anymore….These are devices that need to work, and you can’t do that if you load any software on them…That doesn’t mean there’s not going to be software to buy….but it means it has to be more of a controlled environment.

Apple may not give you every option you might want, but it may be a worthwhile tradeoff if your priority is security and privacy, or a seamlessly integrated ecosystem. In recent years Apple’s marketing department has leaned into this as a competitive advantage, and it’s what their customers have come to identify with its brand.

There are also ways out of Apple’s walled garden. The simplest workaround is to access applications directly from a mobile web browser. For instance, if you really want to use Gab, you can create a home screen icon from Safari and access it like an app. Similarly, you can make purchases there without Apple taking a cut. There are, of course, limitations to what you can do in a mobile browser (notably third party browsers are required to use Apple’s WebKit rendering engine and, as with other parts of iOS, Apple reserves some private API functions for itself).

In the US, determined users can legally jailbreak iOS devices to sideload apps without requiring too much technical skill (here’s a handy guide). This works on most Apple devices, after which users can install a range of unauthorized apps and even app stores. But caveat emptor. Unauthorized app stores don’t do much of anything to combat malware. There are other downsides of jailbreaking, including making it much harder to update software, having certain apps break, and potentially voiding your warranty. Notably, Apple has also argued for making jailbreaking illegal.

For those that don’t want to jailbreak their device, there’s also the option to sideload apps from your computer to iOS directly through a known exploit, or through developer environments like Xcode and Testflight. With this approach you can still access third party app stores, such as AltStore or AppValley, albeit with more limitations than jailbreaking. Importantly, installing unauthorized apps through these methods can still expose you to malware.

In short, it’s not that hard to circumvent Apple’s restrictions on unauthorized apps if you really want to. Particularly if you’re doing something simple like trying to access an alternative to Twitter that isn’t in the App Store. But if you decide to go all the way and jailbreak your phone, you might be wise to use your banking app on a different device.

Good Reasons to Limit Local Government Control of Digital Markets

There are good reasons to be wary of governments dictating and implementing software design requirements—particularly at the state and local level. As I’ve discussed at length elsewhere, both Congress and federal agencies face serious capacity gaps for in-house policy expertise—particularly for science and technology issues. Yet, relative to states, they have a wealth of competence.

According to the National Conference of State Legislatures, only 4-10 states have legislative bodies that can be considered full-time, well-paid, and sufficiently staffed. Many states have part-time legislatures where lawmakers work other jobs and are supported by a skeleton crew of staff. Whereas Congress is assisted by thousands of support staff at legislative agencies—including the Government Accountability, Congressional Research Service, and Congressional Budget Office—legislative support agencies in the states vary widely in staffing, resources, and services offered, and generally pale in comparison. For instance, while CRS has over 600 staff with expertise in different policy areas, Arizona’s service agency has only five staff, and is also in charge of fixing the computers. State regulatory agencies likewise vary in quality, staffing, and technical competence.

Given the cross-jurisdictional nature of digital commerce, it’s less than ideal to have a patchwork of state regulations, or to allow a single jurisdiction to dictate policies for everyone (as we’ve seen with California’s costly and error-filled privacy laws). As such, if we’re truly set on creating and implementing a mandate for app store interoperability, it would be best to leave this to Congress and federal regulators.


Questions of interoperability policy are tricky, involving a range of tradeoffs and technical challenges. As policymakers approach these issues, regulatory humility is warranted. While iOS is almost certainly below the optimal level of openness, it’s also worth remembering that Android phones are readily available and consumers are free to choose them.

Furthermore, it’s unclear that a sideloading mandate would dramatically change the competition landscape. Even on Android, few users in the US take advantage of sideloading. Nor has the availability of this option pushed down their ~30% Play Store transaction fees. Even in the market for PC software, where users can download anything from the Internet, popular stores like Steam and GoG still charge app developers around 30%. Although some are lower, like Epic Games (12%) and Microsoft (15%), large stores clearly add value (such as through vetting and aggregation) and are not just exploiting a captive market.

Enacting a sideloading mandate to allow Parler or Gab, as some Republican policymakers may want, also isn’t a compelling argument. These sites don’t require complex API access, and it’s easy enough to access them through a mobile browser. But that’s not to say the underlying concern about speech restrictions on closed platforms isn’t legitimate in some circumstances.

Our system of government’s respect for free speech and the rule of law makes it so US policymakers have a limited ability to coerce companies like Apple and Google to take down apps. But this isn’t true everywhere. And this debate isn’t just about US consumers. For instance, Google’s transparency report indicates they complied with removal requests in Russia and Thailand for apps engaged in “government criticism.” Similarly, Apple’s transparency report shows governments, including China, have pressured or required the company to remove numerous apps. And mobile browsers aren’t safe. In some parts of the world, product design choices have implications for human rights, and for helping empower people to resist oppressive governments. 

Going back to the US, it’s not clear the sideloading mandate some states have proposed makes sense, either in theory, or how it would likely turn out in practice. Dramatic interventions in the market—such as dictating and overseeing software designs—should meet a substantial burden of proof to demonstrate their necessity and consistency with American principles governance. It’s not clear that the proponents of these proposals have overcome this burden.

But there’s also a normative question: Should Apple voluntarily embrace interoperability for iOS and allow third party app stores, alternative payment systems, and sideloading?

First, we have to consider the potential downsides. They could lose out on revenue from big apps like Fornite that can leverage alternative distribution channels, they would likely have to invest in architectural changes to their operating system, and it could weaken their reputation for security and reliability (e.g. devices your grandparents can use without accidentally downloading a virus). 

But smartphones have made a lot of progress since Steve Jobs expressed concerns about reliability and user experience in making the first iPhone in 2007. While sideloading still poses serious security risks, Android has demonstrated that it can be implemented as an option for advanced users, without compromising reliability for everyone else. Despite Android being more open, the Play Store still brings in a lot of revenue for Google, even without factoring advertising. If Apple were to move iOS towards being more open, it could also have benefits for diffusing criticism of the company, particularly as it expands its business in China and other repressive countries.

Today our phones are handling increasingly sensitive information—including our banking, identification, and health records. This makes them a valuable target for bad actors, and so it’s easy to see why many people would choose security over openness. But this can be a false dichotomy. If products are built with the right assumptions, we can have a high degree of both. This doesn’t mean risks go away; merely that users are allowed to make an informed decision to cross the guard rails and take them on.

Those interested in constructive ways to support a more open app ecosystem should also look to Cory Doctorow’s writings on “adversarial interoperability” at the Electronic Frontier Foundation. This concept outlines a series of mechanisms that support permissionless competition through reforming overbearing laws like software patents, the Digital Millennium Copyright Act (which governs jailbreaking), and the Computer Fraud and Abuse Act. These changes have the advantage of improving the entire ecosystem, rather than targeting one company, deregulating protectionist policies. Steve Jobs, who first teamed up with Steve Wozniak in the 1970s to sell illegal phone phreaking gear, might even approve.

Filed Under: , , , , ,
Companies: apple, google

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Is Mandated Sideloading The Answer To App Store Deplatforming?”

Subscribe: RSS Leave a comment
crade (profile) says:

I think a sideloading mandate is a red herring, the issue as I see it isn’t with the software but with apple being allowed to lock the tying hardware and software together. It’s very similar to a right to repair issue in my mind.

The problem is that apple can abuse their position as a dominant hardware manufacturer to force their software on people and then use the position that they have forced software on people to push them into apple hardware and therefore also force software manufacturers to pay them for "access" to their hardware.

Normally, if you have a whole bunch of people with aging hardware someone could step in to make replacement parts (in this case, the part is the O.S)

Instead, you have a situation where apple can decide they need money, put some subtle performance and other problems (accidentally or otherwise) in their OS update, which they can force everyone to accept so the older phones stop working to varying degrees and "encourage" people to upgrade to new ones.

You have things where people have bought a bunch of third party software and apple can make sure that you can only continue to use it if you continue to buy iphones.

Google does have several separate revenue streams, but they don’t work together to remove and lock out competition from entering their shared ecosystem.

Samuel Abram (profile) says:

Re: the problem with separating the hardware and software

The problem of not being in control of both the software and hardware, however, is that with so much variation among manufacturers of hardware, they become a pain in the ass for developers to debug. With Apple, you only get apple devices. You know what you’re getting, so there would be far fewer bugs. Considering that Android devices use HTC, Samsung, Google, et al. hardware, it’s hard and unpredictable to know whether the problem is an Android problem or the problem with the smartphone itself.

This is why I switched from Android to iOS and never looked back: much lower chance of bugs (still buggy, but the odds are fewer).

ECA (profile) says:

Re: Re:

you really want to know?
IF’ apple gets its way. you cant get any part of it fixed, except threw apple.
The requirement to have iTunes should tell you allot.
Consider you have a TOS/Contract with the cell company, then 1 for itunes, then 1 for the device. And at any time if there is a Hickup. your phone is screwed.
And itunes isnt getting better. It is locked into so many Apple devices, that Even apple dont remember them all. They have dropped drivers, Ruined drivers, and NEVER fix those drivers. Without Much word.

Anonymous Coward says:

I think rather than focus on app stores, it would be saner to just acknowledge this is a battle for control over the device. IF legislation were to be proposed, sane legislation would be something like "mandating owners ability to load own software" (which extends beyond the scope of just side loading).

Of course that will probably never happen. But that doesn’t change the fact that it’d be the saner thing.

iSights (profile) says:

You mentioned security and privacy aspects… but what about the piracy aspects?

One reason not mentioned as to why Android developers get paid less than iOS developers lies in the fact that Android allows side loading… and too many people use it to avoid paying for applications. Instead the find a "store" that has ripped off versions of those apps and they download them and install them for free. Which is also where we get most of the aforementioned "malware-loaded" applications.

Side-loading is promoted as being "good" for developers who’d now have a "choice" in using different payment processors and fulfillment systems. But in reality I suspect that most would start losing money as customers too cheap to spend a buck for an app would begin mirroring the same exact behaviors we see on Android.

Anonymous Coward says:

Re: Re:

"One reason not mentioned as to why Android developers get paid less than iOS developers lies in the fact that Android allows side loading… and too many people use it to avoid paying for applications."

Am I to believe this is why they get paid less? I was unaware they were paid less but your implied claim is silly.

Samuel Abram (profile) says:

Re: Re: Re:

Also, sometimes the software is free (as in beer) but the source code is not available, and treads a legal gray area, such as an emulator of a past computer (like a retro gaming console such as the NES or the Sega Genesis/Mega Drive) or even a game engine (such as SCUMM for LucasArts Point-and-Click Graphic Adventure games).

Bob Wyman (profile) says:

App Stores should be regulated like the monopolie that they are.

App stores, as distributors, are natural monopolies, and are thus not subject to market pressure on either price or quality of service. As natural monopolies they should be regulated in the same way that we regulate distributors of electricity, gas, water, or telephone traffic.

Their revenues should be limited to the actual cost of service provided plus a reasonable return on investment. If they provide no service, as in the case of in-app purchases, they should collect no revenue.

As with telephone network providers, App store’s control over the content or function of applications should be limited to that which is necessary to maintain the integrity and function of devices (i.e. coding standards and protection against viruses or hacks.). Also, they should not be able to bar or disadvantage apps that "compete" with their own apps.

bob wyman

nasch (profile) says:

Re: App Stores should be regulated like the monopolie that they

App stores, as distributors, are natural monopolies

How is the Play Store a natural monopoly when I have two different app stores on my phone that I actually use, another that I could install if I felt like it, and probably a fourth one that Samsung stuck on there that I ignore? And that’s just the ones I know about off the top of my head.

iSights (profile) says:

Just for the record, I also take exception to the idea that Android is "mostly" open source.

Your link goes to the wrong page, but I suspect that you meant to go here.

This Ars article also mentions that Android is open—except for all the good parts. Almost all of the modern APIs and functionality are Play store based and tied to Googles closed-source applications like Photos, Maps, Calendar, Hangouts, and more.

Are concludes, "While Android is open, it’s more of a "look but don’t touch" kind of open. You’re allowed to contribute to Android and allowed to use it for little hobbies, but in nearly every area, the deck is stacked against anyone trying to use Android without Google’s blessing. The second you try to take Android and do something that Google doesn’t approve of, it will bring the world crashing down upon you"

Rekrul says:

What would the world be like today if all computer manufacturers had taken the same route of only allowing authorized, licensed code to run on their systems? Would emulators exist? BitTorrent probably wouldn’t. Napster certainly would never have been allowed.

How much of the software that we take for granted today would never even have existed if the authors needed permission to distribute it?

Anonymous Coward says:

If Apple engineers could no longer count on vetting during the app review process, they may be forced to build new redundancies from scratch, or even redesign major parts of the operating system.

This is the kind of nonsense that PR departments like to spew when they’re trying to influence politicians who don’t understand computers.

If Apple engineers are "counting on vetting", then they are negligent, incompetent, or more likely both. And not just a little bit negligent or incompetent; massively negligent and/or incompetent.

It is not possible, at the scale of the App Store, to reliably "vet" software for intentional malicious behaviors, or even for obvious boneheaded bugs. It may not be possible to "vet" any significant application; I refer you to Rice’s theorem. This is not obscure knowledge.

A phone OS that doesn’t isolate applications effectively is garbage, regardless of what "vetting" goes on. Unfortunately neither IOS nor Android is really very good.

In short, it’s not that hard to circumvent Apple’s restrictions on unauthorized apps if you really want to.

If you want to talk about security, then I’m afraid I’m going to have to point out that a lot of the available ways of circumventing those restrictions reduce security… in ways that an official sideloading system would not. In fact I think essentially all of them do.

… and, as you point out, it’s hard to take updates for a jailbroken phone. That in itself is an enormous security risk.

Anonymous Coward says:

Here’s another angle. App Store policies bar sexually explicit content. This means providers of such content have no way to offer native apps for such content (whether it be a site like XVideos or xHamster, a studio like Brazzers, a Netflix-like service for porn, or even porn games like the catalogue of stuff Nutaku has) on iOS.

Yes using a browser can be a workaround but, as pointed out before, there are limits to what can be done in a browser.

Google Play does have the same policies but at least there are options available – be it an adult content oriented app store or through direct distribution from their websites – to get native apps to Android users because of the ability to sideload apps.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...