In my last post; Why I don’t think The Digital Markets Act will matter too much… for Apple. I talked about The Digital Markets Act and why I do not believe it will have an enormous effect on Apple overall. In that post, I mentioned the term sideloading [1,2], which is the main thing Apple seems to “fear” with the digital markets act. The reason Apple fears it (they claim) is the threat to the security and privacy of their customers. In particular, the latter is an area Apple has been championing for years to differentiate itself from Google and the likes. But is there any hold to these claims? Well, sort of yes, and in this blog post, I will outline what the threats (that I know of) are and why Apple is sort of right. Before we continue, I do like the intent of the digital markets act, and I do not like the monopoly Apple has on App distribution for iOS and iPadOS.

What is sideloading?

Sideloading is the approach of loading data (Apps, media, etc.) onto a device following none conventional ways or ways not approved by the device manufacturer. For iPhones and iPads, that could be installing an App without going through Apple’s App Store. Again for iPhones, an example of this is Cydia.

Sideloading on Android is quite common, and F-Droid has existed for a long time now, serving as an alternative to the Google Play store (or whatever Google/Alphabet calls it now). The scene is very different on iOS and iPadOS for the simple reason that it requires the user to jailbreak (see: Why I don’t think The Digital Markets Act will matter too much… for Apple which makes it significantly more challenging to sideload apps.

What is the problem with sideloading, and why Apple is sort of right?

Let us, for a second, imagine a world where iOS and iPadOS were more open and allowed for sideloading. What would be the issue with this? Well, nothing on the surface, really, not to the end-user, but Apple would lose money as they do earn a lot from the App Store. But below the surface, many problems can start to materialise, which can later be exposed to the end-user. What am I talking about?

Since day one of the App Store launch, Apple has run checks (in one form or the other) of the Application a developer submits to the store. These checks are performed even across versions. As a result, it is not uncommon to hear a developer complain that the newest version of the developer’s App is being rejected, even with “minor” changes. These checks include, but are not limited to:

  • UI checks
  • Uphold privacy rules
  • Resource usage
  • Malicousesness

The first check is meant to look at the Application and identify if it looks and behaves according to Apple’s design guidelines. Unfortunately, I know quite a few Apps that have failed this check in the past. This may seem like nitpicking from Apple, but the purpose is 100% valid; Provide our users with a similar user interface across all Apps, and they will feel more at home. With this check, Apple ensures that they can control this and provide (in some opinions) a better overall experience when using an iOS or iPadOS unit. Personal note: As someone who occasionally has to use Android, I wish this was a thing on Android.

The second is to ensure that a third party does not steal your data against your will. I do not think I need to go into details about why this is important. But this is also one of the reasons I do not really like Apps developed in Flutter and other alternatives, as they can trick this check.

Resource Usage, Apple have some standards for how an App should behave, and they have a test that evaluates the Apps behaviour over time and under different loads. This is meant to ensure that Apps behaviour nicely and (hopefully) do not drain your battery in no time (looking at you WhatsApp) or hug all your phone resources. These tests are less strict for a game as games require more resources.

Finally, maliciousness. Apple has never fully stated what this check includes, and I believe they never will. Additionally, I can only provide half a guess towards what the check may do and test, so I will not do that. But the purpose of the check is to avoid viruses, malware and so on being deployed on iOS and iPad devices, which is a good thing.

Clearly, these steps are all a good thing that Apple do. However, if you sideload an app, Apple has no way of performing this quality assurance, which is their most prominent argument against sideloading. The “problem” for people who want to open up the Apple ecosystem and allow for sideloading is that it is a damn valid point. There are fewer viruses and malware reported for iOS and iPadOS than on Android, and my guess is that is partly due to the App Store and how difficult it is to get a malicious app on the store and for people to download it. So even though I would like to see officially supported sideloading on iOS (I would not use it, though), I fully understand Apple, and they are sort of right.

./Lars