Open App Markets Act – Does Competition Hurt Security?
Have you ever downloaded an app outside of the Apple app store? Probably not, because the current setup of app marketplaces like the Apple app store makes that very difficult. That is about to change. On Feb. 3, 2022, the Senate Judiciary Committee approved the Open App Markets Act with bipartisan support (20-2) to open up app marketplaces – creating something called “sideloading,” installing apps on devices outside of approved app stores.
The Open App Markets Act is a pro-competition law that intends to give app developers the ability to reach consumers without having to go through app stores such as the Apple app store. Currently, app developers either cannot or are disadvantaged to publish their apps unless it is on an operating system’s official app store. To Apple, the control over apps on the Apple store provides better oversight to make sure they are legitimate, secure, and not harmful to consumers.
In theory, the new law would eliminate disadvantages currently faced by developers and spur the creation of new apps. Here are some highlights from the Act to consider:
- The Act applies to any company that owns or controls an app store that has over 50,000,000 U.S. users.
- A covered entity cannot require developers to use an in-app payment system by the covered company as a condition of distributing an app on an app store.
- A covered entity cannot require developers to use equal or more favorable pricing terms for distributing apps on its own app store.
- A covered entity cannot penalize a developer for using or offering different pricing terms for using another in-app payment system or on another app store.
- A covered company must allow and provide readily accessible means for users to choose third-party apps, install third-party apps, and hide or delete apps preinstalled by the covered company’s own app store.
- A covered entity does not violate Section 3 for an action that is necessary to achieve user privacy, security, or digital safety.
Not surprisingly, owners of the app stores have concerns with sideloading. At the most recent IAPP Global Privacy Summit Conference, Apple CEO, Tim Cook warned that the Act would inevitably chip away at the current privacy and security protection that the Apple app store provides to its consumers. Statistics show that the Apple app store-approved and controlled apps had fewer malware infections and less infected devices than unregulated application stores. A Nokia 2020 report found that Android devices account for 26.65% of malware infections, compared to 1.72% for iPhones. Similarly, a 2021 Nokia report found that Android devices make up 50.31% of all infected devices.
Currently, Google already allows users to download apps for Android from sources other than its official Google Play. This concern is also not shared by Microsoft, which is adopting a principled approach to app store operation by announcing a new Open App Store ahead of the Act and allowing developers access to its platform as long as certain reasonable quality and safety standards are met. While the security concern over “sideloading” was shared by CISA and cybersecurity groups, it does not necessarily mean that alternate app stores cannot be safe if they are effectively moderated and users are cautious in their selection. For example, users can reduce the risk of harmful apps by limiting their download sources to official app stores, avoiding downloading from unknown sources, reading reviews, and researching developers before downloading an app.
While such changes are sure to spur development, they may bring with them concerns about app security and privacy. Will these concerns outweigh the potential for new development? Will there be additional changes to address security? Only time will tell.
WEBINAR: The Race to 2024: Politics and Social Media in the Workplace and Employer Rights.
Over the last several years, employers have seen and continue to see increased political activities from their employees at work and on social media platforms, including on business-related social media platforms, like LinkedIn. Managing employee expression causes unique challenges for employers and HR professionals, and in a General Election year, these challenges are likely to increase as the Presidential race, and other races, heat up.
Webinar: A Cookieless Future and Promise of PETs: A Primer on Privacy Enhancing Technologies
This webinar will explore PETs – we will define what they are, what problems PETs exist to address, and emerging PET standards including the National Institute of Standards and Technology (NIST) draft guidance on how to evaluate PET effectiveness. We will provide specific PET use cases and discuss how PETs may be utilized to address the phase out of third party cookies by certain browsers for purposes of targeted advertising.
WEBINAR: Cybersecurity Resilience in Law Firms
This webinar focuses on law firms seeking useful information about robust cybersecurity strategies to protect their clients, maintain ethical and legal compliance, and fortify their digital infrastructure.