Apple's Craig Federighi defends App Store in face of looming regulation

To hear Craig Federighi tell it, it's not about the money.

Apple's senior vice president of software gave an impassioned defense of the App Store at Wednesday's Web Summit conference in Lisbon, Portugal. In the face of looming European Union legislation that would require Apple to permit users to install apps from outside the App Store, Federighi likened the App Store to a good home security system, and suggested to the crowd of developers and journalists that the App Store is practically all that stands between them and a wild horde of hackers and malware developers banging at their gates.

"Sideloading undermines security and puts people's data at risk," he told the audience. "Even if you never sideload, your iPhone and data are less safe in a world where Apple is forced to allow it."

Sideloading, in this context, refers to the ability of device owners to install whatever software they want on their gadgets. While the App Store may give iPhone owners the impression of that freedom, in fact they are only able to download apps approved by Apple to be in the App Store.

The European Union is considering legislation, the Digital Markets Act (DMA), directly aimed at anti-competitive behavior by tech giants. It was first proposed in late 2020.

"Some large online platforms act as 'gatekeepers' in digital markets," explains the EU. "The Digital Markets Act aims to ensure that these platforms behave in a fair way online."

Notably, Federighi did not appear to address a different possible motivation for his company's opposition to the DMA: the typical 30 percent cut Apple takes from App Store transactions. (We say appear, because the web stream of the event cut out for approximately 10 minutes at the top of Federighi's presentation — to the bemusement and frustration of many watching. As of the time of this writing, the stream is still missing the first chunk of Federighi's talk.)

Instead, he reiterated the perceived security risks of platforms that allow their users the ability to install and run whatever software they want.

"One security firm found more than 5 million attacks per month on its clients using another mobile platform," he said. "But there's never been this kind of widespread consumer malware attack on iOS. Never. So what's the difference? Well the single biggest reason is that other platforms allow sideloading."

However, it's not like iOS devices are invulnerable to malware attacks. Norton, an online security company, made that clear with a blog post detailing one particularly nasty attack that reportedly affected millions of Chinese iOS users.

"The malware, called XcodeGhost, was discovered by Chinese iOS developers, after it was able to find its way into legitimate Apple Store apps, including WeChat, a popular IM application," explained the post.

Apple loves to remind us that hackers and malware developers use sideloaded apps as a means to attack people's phones — a point Federighi made Wednesday with a real example of ransomware disguised as a COVID-19 contact-tracing app — but Federighi's presentation stunk of paternalism. Specifically, it was reminiscent of Apple's stance on right-to-repair legislation.

Trust us, the argument goes, because you'll just screw things up if left to your own devices.

SEE ALSO: Student using iOS 15's Live Text to steal class notes gets an A+ at life

"Sideloading is a cybercriminal's best friend, and requiring it on iPhone would be a gold rush for the malware industry," he concluded.

Of course, if the DMA doesn't end up forcing Apple to allow sideloading, that would allow for a continued gold rush of a different sort.