Tim Cook uses privacy keynote to attack sideloading – TechCrunch

Apple CEO Tim Cook used a speech at the IAPP conference in Washington, DC today to frame impending competition reforms that could force the iPhone maker to allow sideloading of apps as a threat to privacy and security.

His remarks avoided mentioning specific pieces of legislation, but there are moves on both sides of the Atlantic that could force Apple to loosen controls on the iOS user experience by requiring it to allow sideloading — like the Open App Markets Act, introduced in the United States. senate last summer, or the European Union’s Digital Markets Act, which won political agreement last month and will likely come into force later this year.

In this morning’s keynote, Cook repeated a long-held assertion that Apple believes privacy is “a fundamental human right” – once again striking at “a data industry complex built on a foundation of surveillance,” he said, is working overtime to undermine the web’s user privacy for its own commercial gain.

That’s why, Cook said, Apple has developed a series of features in recent years to help users counter commercial surveillance — and “have more control over their private information” — like the App Tracking Transparency feature it added last year that requires apps to ask users for permission to track them, or an email address protection feature launched by Apple that makes it harder for third parties to link users’ web activity through different services.

But Apple’s CEO quickly sought to intertwine threats to user privacy – which he had suggested thwarting by giving users more controls to make it harder to track them – with the larger issue of security threats. , as posed by malware like ransomware – moving to argue that security as a primary underpinning of privacy is not helped by giving users more control over which third-party software they can download.

On the contrary, argued Cook, giving users the choice to step out of “stringent security protections,” he suggested that Apple integrated the App Store (via the App Review process) – allowing users to ‘iOS to download apps or even choose to use a non-Apple App Store entirely – would ultimately reduce their control by removing a ‘safer choice’.

“I fear that we will soon lose the ability to provide some of these protections,” he suggested, calling impending competition-focused regulations a risk to “our privacy and our security.”

And while Cook said some of these regulatory reforms might be well-intentioned, he sketched out a hugely negative outcome for users – if “data-hungry companies could circumvent our privacy rules and re-track our users against their will.” as a result of laws requiring Apple to open iPhones to apps that circumvent App Store review via sideloading.

Apple is “deeply concerned about regulations that would compromise privacy and security in service of another purpose,” he said – also suggesting that sideloading “would potentially allow bad actors to circumvent comprehensive security protections that we have put in place, putting them in direct contact with our users.

Here, he pointed to the example of fake COVID-tracing apps that infected some smartphone (non-iPhone) users’ devices with ransomware early in the pandemic by targeting people who “could install apps from websites lacking App Store defenses,” as he framed. this.

“Proponents of these regulations argue that no harm would be done by simply giving people a choice. But removing a more secure option will leave users with less choice, not more,” he warned. “And when companies decide to leave the App Store because they want to mine user data, that could put significant pressure on people to engage with other app stores. applications where their privacy and security may not be protected.

“We have long said that security is the foundation of privacy, because there is no privacy in a world where your private data can be stolen with impunity. Never before has this threat been more profound, nor its consequences more visible,” Cook also argued.

He then pressed the point even more forcefully later in the speech – warning that forcing Apple to leave unverified apps on iPhones “will” have “profound” unintended consequences.

“And when we see that, we feel compelled to speak up – and ask decision makers to work with us to advance the goals that I truly believe we share, without infringing on privacy in the process,” a- he added, saying that Apple will continue to push. on this issue and urging the privacy community attending the conference to join in and “ensure that regulations are developed, interpreted and implemented in a way that protects the fundamental rights of individuals” .

Cook ended his speech by calling the regulatory changes in competition policy a “pivotal moment in the battle for privacy.”

“Those of us who create technology and set the rules that govern it have a deep responsibility to the people we serve,” he added. “Let us assume this responsibility. Let’s protect our data and secure our digital world.

The argument is not new to Apple; the company has repeatedly sought to counter political measures aimed at reducing its ability to control iOS by portraying these proposals as a security risk and, more broadly, as a degradation of a premium user experience.

However, Apple’s app review process is not perfect and does not ensure that iOS users are always protected from scams and fraud or even malware in the app store. Likewise, Apple’s heavily marketed privacy features do not provide users with perfect tracking protection. The truth, as always, is rather grayer.

So it doesn’t seem like a big deal to think that the laws giving iOS users a option to sideload apps – if they choose to accept that risk – won’t mark the end of privacy and security on iOS either.

Lance B. Holton