While the two mobile device platforms are often compared for their similarities, Google’s Android platform has historically differed from Apple’s iOS (and iPadOS) in at least one significant way: Android has always permitted end users to sideload applications, which includes the use of alternative app stores such as Amazon’s. This alleviates concerns of app rejection and allows software developers to bypass the up to 30% fees collected from each transaction.
As calls have been growing in Congress and in the European Union for Apple to allow third-party app stores for its iPhone and iPad, company executives such as CEO Tim Cook have been speaking out, arguing that such a change would “destroy the security” of Apple’s products.
In a report released on Wednesday, June 23, Apple argued that 3rd-party app sideloading would subject users of the company’s platforms to increased risks, create l app and OS instability — and potentially allow malware to install itself.
A Gatekeeper for iPhone and iPad?
Apple has allowed side-loading, but only for enterprises using the Developer Enterprise Program. This program enables companies to create and deploy custom applications on iOS, WatchOS, and TVOS devices and code-sign Mac apps, plug-ins, and installers with a Developer ID certificate for distribution to employee Mac computers. As with iOS, Mac also has an app store, but Apple does not require that Mac systems exclusively install applications from it.
While iOS does not currently have this feature, current versions of MacOS use a subsystem called “Gatekeeper,” which is a security feature used to enforce code-signing using digital certificates. Gatekeeper verifies downloaded applications’ signatures to ensure they are notarized before allowing them to execute, thus reducing the likelihood of inadvertently installing and running malware on the system.
While the Developer Enterprise program has dramatically helped reduce malicious software installed on iOS systems, it is not infallible. For example, the “Exodus” spyware, which managed to be installed directly from Google Play on Android devices, has been distributed using the Developer Enterprise toolsets on iOS devices.
Potential for significant changes to iOS and iPadOS
Changes needed to accommodate sideloading could require significant architectural alterations to iOS and iPadOS — but this is easier said than done.
It is unknown just how modular Apple’s mobile operating systems are because, unlike Android, iOS and iPadOS are not open source. However, Google has managed to compartmentalize all of its proprietary functions into Google Mobile Services (GMS), including all the libraries and apps needed to provide its customer experience on Android.
It has done this to separate the Android Open Source Project (AOSP) from commercially licensed versions of the mobile operating system. As a result, some Android device vendors, such as Huawei and Amazon, do not use Google Mobile Services at all and use AOSP as the basis of their products only.
Part of any accommodation for third-party apps would almost certainly be to put Apple’s built-in apps on a level playing field in API usage. Apple likely has private, undocumented APIs that it uses for its purposes, wholly integrated into every aspect of the OS. Moreover, because iOS is a closed ecosystem entirely controlled by Apple, the company has never had to worry about comprehensively documenting everything.
However, If it wished to reserve APIs for its use in the future, it would need to move those APIs into its libraries away from the common user space where all apps run, much like Google Mobile Services is built. But it’s also possible that any antitrust settlement may also require Apple to document all of their APIs so that there’s no “secret sauce” in iOS that is kept away from third-party developers. For example, addressing undocumented APIs was central to settling Microsoft’s litigation with the US Government in the early and mid-2000s.
There are other issues with the iOS security model that may need to be changed to accommodate third-party applications that are sideloaded or installed outside the App Store.
For example, in addition to allowing for third-party payment systems within the App Store itself, Apple may need to create a pluggable architecture within the operating system framework to allow alternative payment systems.
Containers are not just for clouds
To firewall potentially misbehaving third-party apps, the company may need to add support for containerization, a form of virtualization technology.
Along with built-in support for virtual machines, containerization is a relatively new feature for Apple operating systems. It was introduced in 2020 for MacOS 11 Big Sur to support iPad and iOS applications on Apple Silicon.
In addition to being used to run the Rosetta x86 emulator to isolate its processes from the rest of the operating system and other apps, containerization is used to provide a runtime environment so that unmodified iOS and iPadOS apps, as well as ported iPad “Catalyst” apps, can run safely without interfering with Mac system processes. Each app gets its container and only the resources that it needs to function.
iOS provides sandboxing for App Store distributed apps today. However, if Apple were forced to accommodate software that had not been through its rigorous vetting and gating processes, major architectural changes would be required, especially if it wants to maintain the superior application security model that its closed system currently enjoys.
Apple would almost certainly need to provide a way for third-party applications and app stores to run in a completely isolated manner on iOS, assuming they aren’t using an open source technology like Docker. Additionally, the containerization technology built into MacOS would have to be ported to iOS, along with whatever toolsets are needed to repackage apps as installable containers.
We don’t even know how MacOS containerization works. It’s been over a year after its initial introduction, and Apple still hasn’t provided any documentation for it — much of this is completely abstracted from Mac software developers. This may very well need to change as a result of any antitrust settlement.
Gatekeeper: Vaccine for the upcoming sideloading pandemic
I believe that Apple’s best strategy in the future is to port the Gatekeeper process/subsystem to iOS, WatchOS, and TVOS and create a digital signing infrastructure for third-party applications, including third-party app stores and installable application packages.
I also think some cloud-based application package management systems — similar to what enterprises use for their developer accounts to install third-party apps — should be made available to consumers that can be purchased as a value-added service. Additionally, Apple should not be obligated to provide cloud-sync or data backup infrastructure to side-loaded apps or app stores.
Allowing side-loaded apps onto iOS will also enable these apps to have the same privileged status to access native APIs and other services on the OS. That is troubling because it opens up the potential for significant platform abuse.
A lot of the value proposition of iOS is that it is a relatively safe platform and has been mostly resistant to malware attacks. Unfortunately, however, some malicious app store apps have been found, notably ones that communicate with Command and Control (C2) infrastructure of threat actors.
Any approval of side-loading on the iOS platform must come with a big warning and waiver of responsibility to the end-user, just as it is issued on Android. Maybe even two levels of “Are you sure?” with password/ID verification.
While allowing side-loaded apps and app stores onto the iOS platform could be fraught with problems and introduce many undesirable variables into the overall user experience, it has some potential benefits.
Third-party app stores have not been an enormous boon for Android regarding revenue generated in commercial software development. Still, it has allowed for increased choice for the end-user, particularly related to adult content and other things that Google itself deems inappropriate or that go against the company’s self-interest.
Sideloading is not all bad
There are many kinds of applications that could benefit from side-loading on iOS. One such example could be payment systems that might compete with Apple Pay, such as Google Pay, which exists on the iOS platform but doesn’t currently have NFC capabilities, likely due to concerns of being delisted in the app store if that functionality was to be enabled.
Samsung chose not to launch its Samsung Pay app and service on iOS, likely due to its difficulty being listed on the App Store. However, if side-loading were permitted, not only could Samsung launch its payment service on iOS, but potentially its own app store as well.
Another third-party app store that may be of interest to broader use is Cydia, currently used by users of “jailbroken” iOS systems. But these are more along the lines of tweaks and hacks to extend iOS, for those who want to customize their user experience. Third-party side-loading would not be akin to jailbreaking (sometimes referred to as “rooting”), in which low-level OS services and settings could be changed that are generally not accessible to an end-user.
The benefits of opening up iOS to third-party applications that wouldn’t otherwise be able to participate in the App Store are readily apparent. It would allow for entire categories of apps — currently only available via jailbreaking — to run on iPhone and iPad devices. But it would also allow for apps that the company deems “objectionable,” such as those with adult content.
It also would permit the installation of apps that conflict with the enforcement desires of regional governments, such as those used and side-loaded on Android by Chinese nationals during large-scale protests, but which are prohibited on the App Store in China.
And what about real alternative browser engines to Safari, like Chrome and Edge? Sideloading would allow the use of those, as well.
EU looms large
But how quickly could sideloading be required in Apple’s mobile devices? Very quickly. The EU has often moved with its own antitrust proceedings independent of the United States and has also levied severe fines and penalties when it believes monopolistic practices of US technology companies threaten its own citizens and corporations.
Case in point: In 2010, the EU found that Microsoft had used its market dominance to pre-load its Internet Explorer browser on Windows. In addition to hefty fines, the
EU required Microsoft to separate its Internet Explorer browser
from the operating system and allowed the consumer to choose which web browser could be installed on the OS during the initial set-up process. Microsoft maintained a website called BrowserChoice.eu for this purpose, which was hosted until early 2015.
Another example: In July 2018, the
EU levied a $5 billion fine against Google
for anti-competitive behavior on its Android OS. As part of the EU ruling, Google must stop forcing Chrome and Google search on Android OEMs and prevent any efforts to block forked Android versions.
If you think $5 billion of fines against Google sounds bad for default search engine choices, wait until you see what it decides to do to Apple for alleged monopolistic practices with its app store. Potentially, it faces a fine of 10 percent of all of its global revenues – that could be as much as $30 billion.
When the wall comes down, Apple must be ready
Enabling third-party apps to be side-loaded on iOS does come with potential downsides. Much of the value of being an iOS user is the walled garden itself — it’s a safe, well-controlled environment, particularly if you compare it to the wild west that is Android. Apps on iOS go through a sophisticated vetting process, keeping the experience high-quality and secure overall.
Any antitrust activity against Apple is going to target many of these areas. Accommodating the potential demands of governments and legal settlements may require the company to make substantive changes to the way its mobile operating system works. Once side-loading is allowed, it opens up the potential for many issues that can potentially compromise user security and degrade the overall premium, highly curated experience of the Apple ecosystem that its customers currently enjoy.
I believe it is inevitable that the App Store walled garden will be demolished. However, if we are going to bust open the castle walls with the proverbial antitrust dragon, Apple should provide the needed tools and services to reduce any possible carnage. And it should go without saying, it will need to issue appropriate advisories to its end-user population (that perhaps opening those application gates for most people might not be such a great idea).
Does Apple need to open up its walled garden before it is forced into it by regulatory action and antitrust litigation? Talk Back and Let Me Know.