×

We've got news for you.

Register on BusinessLIVE at no cost to receive newsletters, read exclusive articles & more.
Register now
Picture:: BLOOMBERG/KRISZTIAN BOCSI
Picture:: BLOOMBERG/KRISZTIAN BOCSI

Apple says an antitrust bill aimed at cracking open the app-store market will make iPhones less secure — even though Congress and some large firms already have Apple-approved tools that let them bypass the App Store. 

Although Apple says it’s the only company that can offer a secure App Store, the iPhone maker has long allowed members of Congress and large firms to bypass its strict controls and use alternatives to install third-party apps. The practice isn’t widely known, and is at odds with Apple’s opposition to the bill designed to break its mobile app-store duopoly with Alphabet’s Google.

Apple’s acceptance of some instances of side-loading looms large as Congress nears a July vote on the antitrust measures. While Apple maintains that outside apps would leave iPhone users vulnerable to malware and scams, antitrust advocates and cybersecurity specialists say the company’s protests appear to be more about defending its business model.

“Security is a giant red herring,” said Bruce Schneier, a fellow at the Berkman Klein Center for Internet & Society at Harvard University. “It will scare a lot of people. The goal is to protect the monopoly.”

Apple tightly controls the iPhone, requiring all mobile app downloads take place within its App Store, where it takes up to a 30% cut on digital sales. To get into the App Store, developers must submit apps for review by Apple’s team, which scrutinises them to ensure compliance with the company’s rules on privacy and security. The company forbids developers from offering certain things like sexually explicit content, all-in-one cloud gaming services and cryptocurrency mining.

A 2020 House investigation found Apple has “monopoly power over software distribution on iOS devices”, allowing it “supranormal profits”.

“Developers have no other option than to play by Apple’s rules to reach customers who own iOS devices,” the report found, just as iPhone owners “have no alternative means to install apps on their phones”.

In the wake of the House investigation, a bipartisan group of lawmakers introduced legislation aimed at opening up mobile app stores. The Open App Markets Act would require Apple and Google — whose Google Play is the most popular app store on Android mobile phones — to make it easier for users to download other app stores and switch the apps set as the defaults on phones.

“We remain concerned that this legislation threatens to break this model and undermine the privacy and security protections our users depend on,” said Fred Sainz, an Apple spokesperson. “The legislation, as originally drafted, created unintended privacy and security vulnerabilities for users. We believe the proposed remedies fall far short of the protections consumers need.”

Computers, including Apple’s Mac, have always allowed direct downloads of software. Google’s Android also lets users install apps without going through its built-in app store. Only Apple requires iPhone users to use its App Store for all mobile app downloads, said John Bergmayer, legal director for advocacy non-profit group Public Knowledge.

“Proponents of these regulations argue that no harm would be done by simply giving people a choice,” Apple’s CEO Tim Cook said at a privacy conference in April. “But taking away a more secure option will leave users with less choice, not more.”

But Apple sometimes makes exceptions to allow side-loading and apps that haven’t gone through its review process.

Legislators and staff go to a special, secured online portal to install apps, said Dan Weiser, who works for the House’s chief administrative officer. That secured portal helps ensure members use licensed apps and have the most up-to-date versions, he said.

The House and Senate app catalogues, created using VMWare’s cloud-based software, include popular apps like Webex and Zoom customised so members can securely participate remotely in hearings.

The catalogue also contains custom apps specially designed for members of Congress, said Weiser. Those include apps to access the secured internal network for the House or Senate, email, live floor updates and calendars.

The House and Senate app catalogues were created as part of an effort to modernise the technology Congress uses, centralise its purchasing and ensure it’s secure from potential cyberattacks.

Apple acknowledged during a federal antitrust trial last year that it has long allowed some companies to bypass the App Store. Craig Federighi, a top Apple executive and engineer, testified that large organisations can get permission to distribute apps directly to their employees in lieu of going through Apple’s App Store and review process. This allows them to create apps specific to the company, he said, citing a 3D-modeling app that animation studio Pixar created for its designers as an example.

“These aren’t apps they want to sell to the general public,” Federighi said. “They want to provide it just to their employees. The Enterprise program is meant to give them the ability to do that.”

Those custom apps aren’t reviewed by Apple, he said. The arrangement, called the Apple Enterprise Program, has been around since 2008. 

The onus is on the company to make sure the apps are safe and secure enough to be downloaded and used by employees, he said. Apple trusts that companies wouldn’t want to harm their own employees by installing malware or other malicious apps onto corporate-owned devices, Federighi said.

Apple declined to respond to questions about how many companies in the US use the program today, but said that “most” corporate clients now use Apple Business Manager — a more tightly controlled program introduced in 2019 where custom apps go through a limited review by Apple.

Bloomberg. More stories like this are available on bloomberg.com

subscribe

Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.

Speech Bubbles

Please read our Comment Policy before commenting.