Sideloading into Apple’s walled garden no problem, says EU antitrust enforcer

apple sideloading Margrethe Vestager“I think customers will not give up neither security nor privacy if they use another app store or if they sideload.” — Margrethe Vestager

From EXCLUSIVE EU’s Vestager warns Apple against using privacy, security to limit competition,” which moved Friday over the Reuters newswire:

Europe’s tech chief Margrethe Vestager on Friday warned iPhone maker Apple against using privacy and security concerns to fend off competition on its App Store, reasons CEO Tim Cook gave for not allowing users to install software from outside the Store.

Vestager, who is also the European Commission’s executive vice president, last year proposed rules called the Digital Markets Act (DMA) that would force Apple to open up its lucrative App Store so that users can download apps from the internet or third-party app stores in a practice known as side-loading.

“I think privacy and security is of paramount importance to everyone,” Vestager told Reuters in an interview.

“The important thing here is, of course, that it’s not a shield against competition, because I think customers will not give up neither security nor privacy if they use another app store or if they sideload,” she said.

My take: She thinks. Has she seen the malware stats?

34 Comments

  1. David Emery said:
    When she can present credentials as a computer security expert, then I’ll listen. Otherwise, STFU.

    12
    July 2, 2021
  2. Gregg Thurman said:
    It’s better to be quiet and have people think you stupid, than it is to open your mouth and prove it.

    11
    July 2, 2021
  3. Fred Stein said:
    Irony alert:

    We have, with legal precedents back into the 19th century, the “Attractive Nuisance Doctrine” which states that landowners can be liable for accidents caused to children on their property.

    Here’s the irony: The firs US case was against a railroad. Railroads were also key players in the case for our current anti-trust laws.

    More seriously: Digital platforms, like railroads or land. You can transport or build on them. We do regulate transportation and land use. And we hold owners accountable for public safety.

    1
    July 2, 2021
  4. Darren Grayson said:
    Clear and present danger to the people of Europe.

    7
    July 2, 2021
  5. Michael Goldfeder said:
    It’s incredible that a person can be that dumb and still breathe.

    6
    July 2, 2021
  6. Fred Stein said:
    More on public safety:

    Over the years we have increased accountability and liability of business for public safety; And for good reasons.

    1) Products are increasingly complex as are the legal documents that we agree to every day. We can’t expect consumers to understand the risks.

    2) Because we can. For example, cars today have dozens of safety features such that deaths per billion vehicle mile has dropped from over 200 before 1920 to .02 today.

    Apple takes their responsibility to the customer seriously. Vestager does not understand nor does she care.

    6
    July 2, 2021
    • Gregg Thurman said:
      2) Because we can. For example, cars today have dozens of safety features such that deaths per billion vehicle mile has dropped from over 200 before 1920 to .02 today.

      Not to nit pick, but a great deal of that reduction is attributable to much better road design, including shoulders, rumble strips, lane markers, signage, unobstructed views, transition lanes, and vegetation, to mention a few of the more apparent improvements.

      1
      July 2, 2021
    • Fred, AI is already being used unscrupulously to break down security. Margrethe Vestager is not in a position to challenge the best minds at Apple HQ & worldwide offices. I’ve heard some of their top AI people are in Apple’s EU locations. She’ll get an education soon, but expect something to pass, possibly more responsibly-crafted than her current statements.

      1
      July 2, 2021
  7. Dan Scropos said:
    “I think customers will not give up neither security nor privacy if they use another app store or if they sideload.”

    I’m no grammar expert, but if I am reading that correctly, I tend to agree with her 100%. Her use of “not” negated her intended message. Ironic, if so.

    6
    July 2, 2021
  8. When I worked various state and federal training gigs I went through steps to load custom apps. They use certificates, VPNs & small app rollouts to get the apps onboard & working. Custom app dev gets so complex many counties & states just use Google apps & 3rd party solutions now. Developers relentlessly demand changes. It’s their raison d’être .
    Apple will give them a sandbox, in the corner of the walled garden, see how quickly that devolves to chaos, in theory.

    1
    July 2, 2021
  9. Mark Visnic said:
    My take: Keep talking Margrethe. You’re painting yourself right into a corner.

    7
    July 2, 2021
    • Fred Stein said:
      Agree Mark. Hopefully a good journalist will ask her if she knows the facts about malware, fraud, stalking, state-sponsored cyber attacks, etc. Fraud alone is $1T.

      Kara Swisher had a chance to call her on it, but alas Kara let it pass.

      4
      July 2, 2021
  10. John Butt said:
    I checked her CV in case she is an app specialist. She is! She has a Master of Economics and of course economists know everything!

    I have spent years battling with economists in our equivalent of the FCC in NZ who have serious attitudes towards their knowledge about technology.

    6
    July 2, 2021
    • John, Never attempt to teach an avowed expert anything, about any subject. It is akin to kicking a dead horse, expecting it to get up and whinny. Never happens.

      6
      July 2, 2021
  11. Jerry Doyle said:
    I ponder what Ms. Margrethe Vestager would say if the landlord of her gated residential building were to install side entrances circumventing the main security entrance used by tenants. Would the good woman feel as comfortable taking the elevator, walking the hallways and sleeping in her residence nightly? Something says to me that Ms. Vestager would prefer the single, exclusive gated entrance all tenants must use at the building’s security checkpoint upon entering.

    11
    July 2, 2021
    • Dan Scropos said:
      That’s a fantastic analogy, Jerry.

      4
      July 2, 2021
    • David Emery said:
      To add to that analogy, the occupants of the building pay the door guard to check credentials of anyone seeking entry.

      There’s no guarantee someone is checking credentials on that side door.

      2
      July 3, 2021
  12. Bart Yee said:
    Hello all, we are going to have another politician (Vestaget) spout misinformation, however well or misintended, regarding App Store security. Versus research and study on how well App Stores (and company principles and efforts) can maintain privacy and security. First few hits on a search for sources of malware on Android (where side loading can be done) said this:

    November 2020, PC Magazine

    https://www.pcmag.com/news/study-reveals-googles-play-store-is-main-distributor-of-malicious-apps

    “As ZDNet reports, a recent academic study carried out in collaboration with the NortonLifelock Research Group and IMDEA Software Institute, reveals that the official Play Store is a primary source of malicious and unwanted apps.

    The study found that 87 percent of all app installs emanated from the Play Store, but 67 percent of malicious app installs also originated from Google’s store. That isn’t to say the Play Store is lacking in security to stop malicious apps, but the sheer size and popularity of Google’s store means any that slip through the cracks are going to reach a very wide audience.“

    So with my rudimentary statistics expertise, what does the above mean?

    1. 87% of Android app installs come from the OFFICIAL Google Play App Store, Google being the now $1.7T company responsible for curation, security, vetting, and updating of Android Apps, open source Android itself, and any fixing security concerns that are found.

    2. Fully 67% or 2/3rds of all malicious Android App software comes from the OFFICIAL Play store, giving us an idea of the enormity and difficulty Google is having keeping malware out. Partly due to how big the install base is? Google hasn’t kept up, doesn’t have the resources? Or partly because of limited OS and security update support, fragmentation of OS versions, huge numbers of different platforms and carriers inserting their own bloatware and skins while slowing down their own software updating process?

    These were all fundamental business decisions putting customer support, IMO, behind hardware and device sales – that is, they ain’t very good software and after sales support folks – again a business model decision.
    /1

    2
    July 2, 2021
    • Bart Yee said:
      Now let’s look at the converse of the stats:

      3. This means 13% of App installs come from those third party sideloading app stores or other sources (websites, custom ROMs, jailbreaks, etc.). (IMO all to satisfy some small niche of Uber techie, mostly young male Android users who want “freedom” to take risks and twiddle-fiddle-tweak their devices.)

      4. 3. Also means that fully 33% or 1/3rd of the Android App malware emanates FROM THIRD PARTY APP STORES!!

      You know, those small to medium concerns with “huge corporate structures”, hundreds to thousands of software experts to review, vet, and constantly scan and clean all of their offerings, all for a little slice of sales, maybe? Or are they a couple of guys with a website, trusting whoever signs up with them to be good actors, and of course has a legal disclaimer / caveat that they have no responsibility for any malware because you, the Android user, take all the risk of losing info, getting hacked or bricked, etc. when you download from NON-OFFICIAL sources? And when found as a source, what do these sites do to correct the problem or be held accountable?

      Think about this (Vestager!!, if you can), third party App stores create 17% of Android App downloads but carry 33% of all Android Malware, potentially creating huge problems for the entire Android platform/networks, family and friends of infected users, and, like the pandemic, to spread among even official users as people share files, photos, emails, social media posts, etc. where malware can lurk, hide, phish, or otherwise Trojan Horse their way into other computer places.

      Not to mention getting into Corporate and governmental systems, banking, industrial, and commercial establishments.

      All in the name of making more money for a small number of developers, software advocates (who mostly are driven by, yeah, €€€€ / $$$$$ / ££££ ) and politicians, none of which have ANY part of the hardware platform responsibilities or in my opinion, care about or could even fix, the havoc and fallout of malware distributed – oh no, that still falls on the individual user who invariably will run to the hardware / OS makers / software distributors etc. for help. Help that takes time, need people resources (software troubleshooters), broad ability to put out security fixes, etc. none of which exist in 3rd party App stores IMO. /2

      1
      July 2, 2021
      • Bart Yee said:
        5. Chillingly, these comments:

        The study concludes, “We identify that between 10% and 24% of users devices encounter at least one unwanted app. We reveal that the Play market is indeed the main app distribution vector of both benign and unwanted apps, while, it has the best defenses against unwanted apps,” and that, “Surprisingly, unwanted apps may survive users’ phone replacement due to the usage of automated backup tools.”

        10-24% of ALL Android users encounter at least one malware app when they use Official (even with the “best” (for Android) defenses) or 3rd party App stores (which at best have questionable defense capability.

        And also the revelation that when you backed up your soon to be bricked phone, or get a new phone and restore, you’ve created your own little “infected App Store” by passing to yourself infected malware ridden Apps, out of the reach of App Store fixes or even discovery. Not only let the foxes into the hen house, you encouraged the foxes to set up shop and multiply.

        IMO, Vestager and those software lobbyists pushing these talking points behinds the scenes have absolutely no clue about privacy and malware, push off responsibility to the platform makers and individuals to fix any resulting problems, and IMO, will be the ones to lament the Pandora’s Box they open from these ill conceived policy consideration.

        We can already see in real time, real world, & real devices bad actors (even state run!!) constantly probing, attacking and infiltrating Apps and App stores to Lie, cheat, and steal data, information, passwords, money, etc. and to spread themselves, same in the PC / internet worlds.

        If the biggest mobile OS player, Android, can’t keep malware at bay, why is Vestager / EU trying to hamper Apple’s efforts at security and privacy for its users? And to have a business model where that expense is partly paid for by developers and users in exchange for managing all that is required to keep the App Store and entire Apple platform safe???? /3

        1
        July 2, 2021
  13. Ken Cheng said:
    ““I think”

    Well, there’s the problem. That’s not a legal rationale at all.

    3
    July 2, 2021
  14. Bart Yee said:
    And one last thing, this nugget of foresight for all you malware developers and distributors:

    https://www.pcmag.com/news/windows-11-will-run-sideloaded-android-apps

    “Windows 11 Will Run Sideloaded Android Apps”

    “A Microsoft employee says Windows 11 will allow users to sideload Android apps.”

    Oh joy, expanding the playing field for malware. Is this why Gates and Nadella seem to like Android?

    Will they never learn?

    3
    July 2, 2021
  15. Bart Yee said:
    From PED’s malware stats link, an Android Authority article:

    https://www.androidauthority.com/tim-cook-side-load-ios-apps-security-1235206/

    “Cook also claimed that Android has 47 times more malware than iOS. The Apple CEO didn’t cite a source for the claim, but a 2019 Nokia report found that Android was responsible for 47% of detected malware infections versus under 1% for iPhones. However, detected malware infections on Android fell to 26.6% according to the 2020 report, while iPhones rose to account for 1.7% of observed infections. So Cook’s quoted figure isn’t accurate if he indeed cited the old Nokia report. Nevertheless, what’s the reason for this apparent discrepancy?”

    So AA actually provided a source to back up Tim Cook’s claim (47% vs 15.5X more likelihood of malware than iOS). That isn’t a problem??? Then they showed Android dropped to 26.6% vs IOS rising to 1.7%, so Android is still 15.5x greater risk, isn’t that STILL a problem??

    The article’s ensuing comments, as I mentioned before, reflect a bunch of whiney entitled young techie males who feel so self confident about their abilities to detect, avoid, or otherwise elude or fix malware from Google Play or side loaded from 3rd party sources. One proclaims his absolute right to do as he pleases with HIS device. Fine, for you <0.0001% who are so tech oriented to follow Android websites and comment on them. But that’s not anywhere close to the rest of the 1.5B Android users out there exposed to malware mischief, and poorly protected at that, the rest of the users just are not that tech oriented (bought Android at price point or budget), and have little to no knowledge to defend themselves or avoid getting infected, precisely because they cannot discern when there is a threat.

    While I do think most Apple users are a cut above, they do for the most part lack the intimate tech knowledge to sort this stuff out as well, and rely / allow and choose to have Apple do it for them IN EXCHANGE for the up front costs, proven track record & history of low infection rate and curated / vetted apps with ongoing monitoring, and the avowed Apple focus on privacy and security.

    As said above, I trust Apple to fortify and provide security and privacy plus a secure perimeter so that I and millions of others don’t have to do that individually and even protect ourselves from the dumb things we may invariably do. It’s not in my or IOS’s best interest to start poking holes in the dam or bank vault so a few dolts can create a two-way tunnel through or under security.

    0
    July 2, 2021
  16. Apps can now sell cannabis in Apple’s Walled garden, with geofencing & age restrictions, somehow. If a particular state allows confusion. Inevitable, iOS is a garden. «  (NASDAQ:AAPL) updated its policies to allow pot-centric apps onto its store. Under its new policy, Apple created leeway that allows “licensed and otherwise legal cannabis dispensaries” from working with Apple. Companies must also be geofenced to qualify for store listing. » — As ferreted out of new Apple app policies by Weedweek, TechCrunch et. al.

    0
    July 3, 2021
  17. Kirk DeBernardi said:
    Dear Ms. Vestager —

    Too bad you didn’t tell Apple this earlier. You could had saved them billions.

    0
    July 4, 2021

Leave a Reply