On Wednesday, Craig Federighi, Apple's senior vice president of software engineering and probably its most recognizable spokesperson after Tim Cook, delivered a keynote at Web Summit in Lisbon, Portugal. Federighi's message was clear: Don't force us to add sideloading to the iPhone.
That message came in response to the Digital Markets Act (DMA) proposed last year in the European Union that would impose requirements on tech companies deemed to be "gatekeepers." That includes the iOS App Store.
Federighi made it clear that Apple strongly opposes the DMA, saying "it would require us to take a step backward in our privacy and security journey." He then went on to talk about the risk of requiring sideloading on iOS, painting a dire picture of the risk to ordinary users and their data. Federighi contrasted Apple's stance with that of Android, suggesting it is far less secure because it allows sideloading.
"One security firm found more than 5 million attacks per month on its clients using another mobile platform," Federighi said on stage. "But there's never been this kind of widespread consumer malware attack on iOS. Never ever. So what's the difference? Well, the single biggest reason is that other platforms allow sideloading."
Look, it's almost certainly true Android does have more malware, but it has little to do with sideloading. Despite the fact that Android allows sideloading, almost no one does. And Federighi knows that.
That's the key. Apple is suggesting that sideloading would open a torrent of threats to the iPhone, but there are far more people with Android devices in the world, and almost none of them install apps directly -- even though they could. Why would that be different on the iPhone?
The numbers around sideloading are fuzzy, but when Epic sued Apple last year over its control over the App Store, it flat out said that sideloading isn't an effective way to distribute apps because users simply won't jump through the hoops.
It's a terrible experience. It's too complicated, and Google requires you to click through a series of ominous warnings that would force most users to turn back. No one is accidentally sideloading apps.
The idea that people who are sophisticated and determined enough to bypass the warnings and hoops required to sideload an app are also going to be fooled into downloading a malware app doesn't pass the smell test. Again, Federighi knows that.
I reached out to Apple, but it declined to make Federighi available to answer questions.
Of course, proponents of sideloading push back, suggesting that no one would be forced to download apps that way. People who aren't comfortable downloading apps directly from the developer could simply continue to do so using the iOS App Store.
They point to the Mac, which has always allowed users to directly install apps. In fact, it wasn't until relatively recently that there was a Mac App Store at all.
The irony is that during his testimony during the Epic trial, Federighi suggested that the level of malware on the Mac is "unacceptable," and that is what Apple is trying to prevent by requiring developers to distribute their apps through the official App Store.
The thing is, Apple has perfectly valid reasons for not allowing sideloading, it just doesn't talk about them. For example, forcing developers to distribute apps through the iOS App Store means that those developers have to adhere to Apple's guidelines. It also means Apple is able to ensure that apps are using its payment system.
Those are business reasons, however, and Apple seems very uncomfortable talking about the fact that the control it exerts over the App Store is a strategic business decision -- and a profitable one at that. By the way, I don't think there's anything wrong with that, and the decisions Apple has made provide a superior experience for users in most cases.
Apple does pay more attention to building its products with privacy in mind. It goes to lengths others don't to ensure that you understand what is happening with your data, and requires apps to request permission before they're allowed to track you. The fact that it reviews every app before it goes into the App Store means that it is able to enforce those rules.
That's actually the more likely reason there is less malware on the iPhone -- and Federighi didn't say there was none, just far less. In addition to sideloading, Android allows alternative "official App Stores." On the whole, Apple seems to be better than Android app stores at app review. It's not perfect, but it's a lot better.
Apple has legitimate reasons for preventing sideloading and it should talk about them. It should be more transparent about it instead of always using "privacy and security" as a shield. Or just make the App Store experience better for users and developers.
This matters because it feels like Apple is trying to use the goodwill it has earned by making privacy one of its core values to persuade people to its cause. I'm not suggesting Apple shouldn't be fighting this fight, I just think the way it's doing it seems disingenuous.
That's the point, really. Every company should be honest with its customers and talk to them as though they are capable of understanding complex situations. Most of the people who buy iPhones are very happy with them and don't care about sideloading -- or even know what it is. And Apple knows that.