Privacy Checkup: descubra cómo está protegida su privacidad en Internet

Más información

Stop the App Store Monopoly

· Deutsche Version
Stop the App Store Monopoly

Despite new regulations, Apple is trying to maintain its monopoly on the distribution of iOS apps, claiming it is necessary for security. The real reasons, however, are of economic nature. Not only does Apple’s restrictive model have drawbacks in terms of security, it is inherently hostile to privacy.

With the Digital Markets Act (DMA), the European Union aims to promote competition in the EU’s online market. The new law is designed to ensure that smaller companies can enter the market and to prevent single corporations from controlling entire market segments on their own. One of the DMA’s key measures is therefore to break up monopolies regarding the distribution of apps.

On September 6, 2023, the EU Commission designated Apple and five other companies – Alphabet, Amazon, ByteDance (TikTok), Meta, and Microsoft – as “gatekeepers,” giving them six months time to implement the DMA’s requirements. This means that starting today, March 7, 2024, said companies have to comply with Art. 5–7 of the DMA.

As a result, Apple has to allow third parties to offer iOS apps for download and can – at least within the EU – no longer insist on the App Store being the only source of iOS apps. However, contrary to the eager expectation of many iOS users, the US tech company still prevents apps from being obtained right at the source (i.e., from the developers) – something that’s possible on comparable platforms.

Instead, Apple has introduced a bizarre model for “alternative app marketplaces,” which contains new fees that were pulled out of thin air and is deliberately designed to be as unattractive as possible for app developers, iOS users, and potential providers of alternative marketplaces alike. But the most dubious aspect of this whole scheme is that Apple is trying to use security as a pretext for not opening up its monopoly.

A Monopoly in and of Itself Does Not Guarantee Security

However, it is obvious that economic interests are the real reason for offering an alternative solution that has considerable drawbacks for all potential parties. This way, the App Store will de facto maintain its monopoly position, and Apple can continue to collect billions by charging enormous fees as middleman when selling third-party apps.

We’re the last ones to argue against security, but achieving security through prohibition is no solution. That’s throwing the baby out with the bathwater. Apple is a tech company, and as such, it should provide security by technological means, not through radical restriction.

Apart from that, a monopoly on the distribution of apps cannot guarantee security in and of itself anyway. The one has nothing to do with the other, as Apple itself demonstrates: if this kind of monopoly were actually necessary for the security of the overall system, the same would apply to macOS.

However, it has been possible for decades to download apps directly from developers on Apple’s desktop OS. This means that either macOS is not secure because there is no monopoly on the app distribution, or a monopoly is, in fact, not necessary for the security of iOS.

To ensure security when directly downloading apps from developers, macOS employs a notarization system. This system guarantees that any app users directly download from a developer has passed a malware test conducted by Apple and has not been altered by a third party. Should an app turn out to be malicious after the fact, Apple can revoke the corresponding developer certificate, subsequently making it impossible to open or install the app.

The same way this system ensures security on macOS when downloading apps directly from developers, it would be possible on iOS. A monopoly on the distribution of iOS apps is clearly not necessary.

What’s Wrong with the App Store

Not only can Apple’s monopoly not be justified on the grounds of security, it’s actually detrimental to security in some respects. On top of that, it is inherently hostile to privacy, and a system with fewer participants is generally preferable to one with more participants.

Security

When users download Threema for Android from the Threema Shop, they only have to place a certain level of trust in us, the service provider, not in any third party. The app they download is signed by us, which allows them to verify beyond a doubt that it hasn’t been tampered with by anyone and that it behaves as intended.

When iOS users download an app from the App Store, on the other hand, they receive a file that’s signed by Apple. iOS developers can’t sign their own apps. As a result, it cannot be ruled out that Apple alters an app after its developer submitted it. For example, Apple might make specific modifications to certain apps in some countries at the request of the respective government.

In a similar fashion, Apple’s restrictions regarding push notifications lead to potential security and privacy drawbacks, as we have outlined in an earlier blog post.

Privacy Protection

Developing and maintaining an app requires a lot of time and resources. The development costs can be covered either directly, by selling the app, or indirectly, by collecting and monetizing user data. For privacy reasons, we are only willing to pursue the first option.

When users purchase the Threema app for Android in our shop, they pay us the purchase price. This creates a direct relationship between the users and the service provider and allows us to offer payment methods that protect our users’ privacy. For example, they have the option to buy Threema with cash, which prevents transaction data from being collected by financial institutions and makes it impossible for us to track who’s buying how many licenses.

On the App Store, however, it’s a different story. When users buy Threema for iOS, they pay Apple the purchase price, not us. We receive 70% of this price, while Apple pockets the remaining 30%. And since there are no privacy-friendly payment methods available, not only does Apple know who buys which app when, but also the involved financial institutions gain insights into iOS users’ purchase behavior.

Apple’s restrictions also make it impossible for Threema users to switch to a different OS (i.e., from Android to iOS or vice versa) without having to pay for the app again. However, if the iOS app could be downloaded from our shop, users would be able to purchase an app license once and use it on any OS.

However, the problem is not simply that Apple collects 30% of every sale of a third-party app, thereby profiting off the backs of others while developers have no other choice but to distribute their app on the App Store.

The deeper problem is that Apple has created a framework that encourages surveillance capitalism. Developers who finance their apps by monetizing user data do not have to pay any fees or commissions whatsoever. Meta, for example, can distribute WhatsApp through the App Store without paying a single cent, while apps with a privacy-friendly business model are forced to pay up.

Paid apps are by no means more lucrative than free ones. Quite the opposite, in fact: as the example of tech giants goes to show, the exploitation of user data allows companies to make money on a scale that is practically impossible to achieve in any other way.

In light of this, the fact that Apple, in keeping with the spirit of the times, is posing as a privacy advocate not just seems disingenuous but downright cynical.

Apple Has Become the Company It Once Set Out to Defeat

40 years ago, Apple aired its iconic “1984” commercial. Inspired by George Orwell’s novel of the same name, the clip shows how a brave heroine is liberating society from technological totalitarianism. Today, Apple is no longer the brave heroine it once was. The company has turned into the iron-handed tech dictator, and rather than standing up for freedom and openness, it is now insisting on restriction and total control, all while invoking the abstract concept of security – just like the regime in “1984.”

It’s time for Apple to return to its original ideals, to stop patronizing its users, and to finally allow developers to distribute their own apps as they see fit.