Open App Markets Act – Does Competition Hurt Security? | Clark Hill PLC

Have you ever downloaded an app outside of the Apple app store? Probably not, because the current setup of app marketplaces like the Apple app store makes that very difficult. That is about to change. On Feb. 3, 2022, the Senate Judiciary Committee approved the Open App Markets Act with bipartisan support (20-2) to open up app marketsplaces – creating something called “sideloading,” installing apps on devices outside of approved app stores.

The Open App Markets Act is a pro-competition law that intends to give app developers the ability to reach consumers without having to go through app stores such as the Apple app store. Currently, app developers either cannot or are disadvantaged to publish their apps unless it is on an operating system’s official app store. To Apple, the control over apps on the Apple store provides better oversight to make sure they are legitimate, secure, and not harmful to consumers.

In theory, the new law would eliminate disadvantages currently faced by developers and spur the creation of new apps. Here are some highlights from the Act to consider:

  • The Act applies to any company that owns or controls an app store that has over 50,000,000 US users.
  • A covered entity cannot require developers to use an in-app payment system by the covered company as a condition of distributing an app on an app store.
  • A covered entity cannot require developers to use equal or more favorable pricing terms for distributing apps on its own app store.
  • A covered entity cannot penalize a developer for using or offering different pricing terms for using another in-app payment system or on another app store.
  • A covered company must allow and provide readily accessible means for users to choose third-party apps, install third-party apps, and hide or delete preinstalled apps by the covered company’s own app store.
  • A covered entity does not violate Section 3 for an action that is necessary to achieve user privacy, security, or digital safety.

Not surprisingly, owners of the app stores have concerns with sideloading. At the most recent IAPP Global Privacy Summit Conference, Apple CEO, Tim Cook warned that the Act would inevitably chip away at the current privacy and security protection that the Apple app store provides to its consumers. Statistics show that the Apple app store-approved and controlled apps had fewer malware infections and less infected devices than unregulated application stores. A Nokia 2020 report found that Android devices account for 26.65% of malware infections, compared to 1.72% for iPhones. Similarly, a 2021 Nokia report found that Android devices make up 50.31% of all infected devices.

Currently, Google already allows users to download apps for Android from sources other than its official Google Play. This concern is also not shared by Microsoft, which is adopting a principled approach to app store operation by announcing a new Open App Store ahead of the Act and allowing developers access to its platform as long as certain reasonable quality and safety standards are met. While the security over “sideloading” was shared by CISA and cybersecurity, it does not necessarily mean that alternate app stores cannot be safe if they are effectively moderated and users are used groups in their selection. For example, users can reduce the risk of harmful apps by limiting their download sources to official app stores, avoid downloading from unknown sources, reading reviews, and researching developers before downloading an app.

While such changes are sure to spur development, they may bring with them concerns about app security and privacy. Will these concerns outweigh the potential for new development? Will there be additional changes to address security? Only time will tell.

Leave a Comment