Should Apple open up its App Store before it is forced to do so by regulatory action and antitrust litigation? Allowing sideloaded apps onto the iOS platform is fraught with problems — but has some potential benefits too.
While the two mobile device platforms are often compared for their similarities, Google’s Android platform has historically differed from Apple’s iOS (and iPadOS) in at least one significant way: The Google Play Store has always permitted end users to sideload applications, which includes the use of alternative app stores such as Amazon’s. This alleviates concerns of app rejection and allows software developers to bypass the up to 30% fees collected from each transaction. As calls have been growing in Congress and in the European Union for Apple to allow third-party app stores for its iPhone and iPad, company executives such as CEO Tim Cook have been speaking out, arguing that such a change would „destroy the security“ of Apple’s products. In a report released on Wednesday, June 23, Apple argued that 3rd-party app sideloading would subject users of the company’s platforms to increased risks, create l app and OS instability — and potentially allow malware to install itself. Apple has allowed side-loading, but only for enterprises using the Developer Enterprise Program. This program enables companies to create and deploy custom applications on iOS, WatchOS, and TVOS devices and code-sign Mac apps, plug-ins, and installers with a Developer ID certificate for distribution to employee Mac computers. As with iOS, Mac also has an app store, but Apple does not require that Mac systems exclusively install applications from it. While iOS does not currently have this feature, current versions of MacOS use a subsystem called “ Gatekeeper,“ which is a security feature used to enforce code-signing using digital certificates. Gatekeeper verifies downloaded applications‘ signatures to ensure they are notarized before allowing them to execute, thus reducing the likelihood of inadvertently installing and running malware on the system. While the Developer Enterprise program has dramatically helped reduce malicious software installed on iOS systems, it is not infallible. For example, the „Exodus“ spyware, which managed to be installed directly from Google Play on Android devices, has been distributed using the Developer Enterprise toolsets on iOS devices. Changes needed to accommodate sideloading could require significant architectural alterations to iOS and iPadOS — but this is easier said than done. It is unknown just how modular Apple’s mobile operating systems are because, unlike Android, iOS and iPadOS are not open source. However, Google has managed to compartmentalize all of its proprietary functions into Google Mobile Services (GMS), including all the libraries and apps needed to provide its customer experience on Android. It has done this to separate the Android Open Source Project (AOSP) from commercially licensed versions of the mobile operating system. As a result, some Android device vendors, such as Huawei and Amazon, do not use Google Mobile Services at all and use AOSP as the basis of their products only. Part of any accommodation for third-party apps would almost certainly be to put Apple’s built-in apps on a level playing field in API usage. Apple likely has private, undocumented APIs that it uses for its purposes, wholly integrated into every aspect of the OS. Moreover, because iOS is a closed ecosystem entirely controlled by Apple, the company has never had to worry about comprehensively documenting everything. However, If it wished to reserve APIs for its use in the future, it would need to move those APIs into its libraries away from the common user space where all apps run, much like Google Mobile Services is built. But it’s also possible that any antitrust settlement may also require Apple to document all of their APIs so that there’s no „secret sauce“ in iOS that is kept away from third-party developers. For example, addressing undocumented APIs was central to settling Microsoft’s litigation with the US Government in the early and mid-2000s. There are other issues with the iOS security model that may need to be changed to accommodate third-party applications that are sideloaded or installed outside the App Store.
