Amid repeated hints that lawmakers would require Apple and other platforms to allow third-party app stores and sideloading of applications, Apple released a white paper defending the current App Store model as a necessity for security.
This is the second time Apple has released a report as an appeal to legislators' cybersecurity sensibilities. In June, Apple released a colorful, consumer-oriented guide to understanding the risks of sideloading, featuring illustrated characters navigating life in a post-walled garden world. The new report is more academic and less of a storybook.
Lawmakers and consumer advocates have argued that Apple controlling the only means to get apps onto an iPhone creates a monopolistic system unfair to developers forced to pay a percentage of app earnings. Apple and many (but not all) security experts frequently worry that sideloading removes Apple's ability to pre-scan apps for malware and remove it from circulation.
The Apple white paper poses the argument that Android, which does not restrict users to the Google Play store, has a larger problem with malware. Nokia Threat Intelligence reports, cited by Apple, clock 15 to 47 times more malware infections in an average Android phone than in an iOS one.
That number combines Android malware downloaded directly from the Google Play store and sideloaded from other stores. A representative from Apple told reporters that sideloading increases the likelihood of malware even when the malware is not sideloaded — malware makers enjoy the flexibility of distributing malware on the Play Store until they are caught, then moving malware to third-party hosting for a second life. With iOS, once the malware is off the store, it is gone.
Apple's report notes that the average cost to an organization of a single employee's phone being infected with malware is around $10,000. The report also notes that federal agencies offering guidance on best practices for phone safety, including CISA and NIST, recommend always using the official store.
Epic Games recently lost nine of 10 claims in a lawsuit against Apple to allow it to distribute Fortnite outside the App Store, though a judge ruled Apple could no longer ban developers from directing users to external payment systems outside its own platform. Apple this week appealed that ruling.
In its report, Apple argued that third-party stores, with less stringent protections against copyright infringement and hacked apps, can damage developers' brands.
Talking to reporters, Apple said that a debate over sideloading is more focused on developers' interests than those of users — that people who own phones might prefer security to a wider choice of marketplaces. It hoped that this report would help defend that vision of users.