Apple warns of cybercrime risks if EU forces it to allow use of someone else’s software

On Wednesday, Apple stepped up criticism of draft EU rules that would force it to allow users to install software outside of the App Store, saying it would increase the risk of cybercriminals and malware. But the App Fairness Coalition, which includes Spotify, Match Group and Epic Games, has rejected Apple’s arguments, saying built-in security measures like encrypted data and antivirus software keep devices safe, not their App Store.

The group wants regulators to loosen Apple’s grip on its App Store so they can bypass it to reach hundreds of millions of Apple users, as well as avoid paying commissions of up to 30 percent on in-store purchases.

The iPhone maker has fiercely criticized rules proposed by EU antitrust chief Margrethe Vestager, announced last year in an attempt to curb Apple, Amazon, Facebook and Google’s Alphabet division.

Based on comments from CEO Tim Cook in June about the privacy and security risks of iPhones, Apple on Wednesday published analysis about the threats of the so-called side loading.

“If Apple were forced to support downloads of unpublished apps, more malicious apps would reach users because it would be easier for cybercriminals to target them even if downloading of unpublished apps were restricted to third-party app stores only,” the report said.

He warned of the transfer of malicious apps to third-party stores and infecting consumer devices, while users would have less control over downloaded apps.

The study cites data provided by cybersecurity service provider Kaspersky Lab, which showed that about six million attacks per month affected Android mobile devices.

The group’s lawyer Damien Geradin said sideloading was just a distraction.

“What matters to us is that developers whose apps sell digital goods and services are required to use the Apple In-App payment system,” he told Reuters.

“In this regard, Apple’s security claims are groundless. The alternative payment solutions provided by Stripe, Adyen or Paypal are as secure as the IAP, ”he said.

The draft EU regulation also targets this practice.

Apple has also hit digital advertisers with whom it disagrees with its new privacy controls designed to restrict them from tracking iPhone users.

“Large companies that rely on digital advertising claim that they have lost revenue due to these privacy features and therefore may have an incentive to distribute their apps by downloading unpublished apps specifically to circumvent these protections,” the report said.

Vestager’s draft regulations need a green light from EU and EU legislators before they become law, likely in 2023.

© Thomson Reuters 2021