At the 2022 International Association of Privacy Professionals (IAPP) conference, Tim Cook became a little passionate about what he calls the “data industry complex” and one of the most essential battles we are fighting right now. What he was really talking about was sideloading apps on the phone you paid for.
This is not something for those of us with an Android phone, but for iOS you have never been able to install apps that did not do comes from Apple’s official App Store unless you’ve been through the hassle of jailbreaking your expensive phone or tablet. Apple has always hated the idea of ​​sideloading and will probably always do so.
Page loading is good for users, though big tech thinks otherwise. Just know the risks.
The reason he continued with all this is that the legal landscape – especially in the EU – is changing in ways that can force things like interoperability of chargers, open up to long-closed Apple features like iMessage and be able to install applications outside of the Apple-approved App Store Marketplace.
While lawmakers and marketing groups (as well as technology writers like myself) believe these ideas are good for the consumer, Apple and Google are not keen on being forced to change the old ways of doing business. The old ways were, after all, quite lucrative.
But buried in the talk of how sideloading is literally the devil, and the industrial data complex wants to send our sons and daughters into war, there is a flimsy truth where sideloading involves greater risk than anyone would talk about.
Google protects Android users in more ways than Apple does
Yes, you read that right. When it comes to bad intentions, Google does more than Apple to protect you. This is because Android is designed with the ability to sideload apps, and iOS was not.
There is a good writing on how and why here, but in a nutshell it comes down to Google Play Protect. Think of it as a virus scanner that runs every day and can kill bad apps even if they were not downloaded from the official Google Play Store. This means that you can download and install an app anywhere, and if it does malware “stuff”, it will be found. The system is not perfect, but it works really well.
Apple designed iOS to download and install apps from just one place: the App Store.
Apple has no such protections in place because iOS is designed to only download and install apps from the Apple App Store.
I’m not trying to convince you that one is better than the other. I’m just saying that when it comes to actual malware and page loading, Google has been prepared for a long time and Apple would have to build some sort of system from scratch to do the same.
The real problems come from store policies
Android and iOS both use similar systems when it comes to how apps can work in the system on your phone. There are user and group permissions, sandboxing, and APIs that ensure that an app cannot retrieve data from other apps unless you allow it. There are exploits that break these systems from time to time, but they get fixed quickly.
Page-loaded apps must still follow this set of restrictions in order to work on your phone. Unless you have rooted or jailbroken it, your phone’s operating system knows how to keep apps in line and force them to behave. On Android phones, apps that do not follow these rules will be banned by Play Protect, and whatever Apple would design to enforce these security measures would do the same if page loading was allowed on iOS.
What is not enforceable on an app you have installed from a third party are app store rules and developer agreements that all apps in Google Play or the App Store must follow. They can also be quite important.
Policies for Google Play and the App Store are there to protect us and make money for Apple and Google.
To release an app for Google Play, a developer must do things like give you a privacy policy and follow rules about what data is collected and how. Android itself cannot enforce these rules as written because apps have to collect data in different ways. To take things a step further, the company a developer uses to monetize their app through ads must also play by the rules Google has introduced, or the app can be pulled out of the Play Store.
If an app is it not published in the Play Store, these rules must not be followed. This means that a developer in theory can lie to you about the data collected and how it is used or even collect unnecessary data about you.
Another thing that helps protect users, even though it may limit choices and harm developers, is payment processing. There are very strict rules about how you can pay for apps or make in-app purchases, which must be followed in order for an app to be released in the Google Play Store. There are plenty of other ways a developer can process payments, but if they want their app to stay in Google Play, they can only use what Google allows.
Who do you trust the most with your bank card number: Google or Jerry’s PayPal? If I work hard and develop an app that is worth paying for, I should be able to enter into a contract with you and charge the payment without Google getting a portion of it that is too large. But to be 100% sure, you as a user can trust Google with your payment information more than you can trust me.
Data is valuable
To be clear, I do not think there are many developers out there who will bypass these rules and be all sorts of shady when they get you to sideload an app on any of the best Android phones. And there are third-party app stores that have rules that developers must follow to protect our privacy. But it could Spoon.
I also do not think that’s why Tim Cook is so against page loading on iOS, or why Google reluctantly allows it. Money is what drives companies like Google and Apple, and keeping everything within the walls of their own ecosystem is better for the bottom line.
I think it’s important for all of us to think about what might happen when we make a decision that involves our personal data. Data Industrial Complex weapon creation chaos conspiracy theories aside, data is very valuable and important. That’s why companies like Apple and Google want to keep it to themselves.