App Store collapse? Sideloading spells the end of Apple’s walled garden

Although the two platforms are often compared due to their similarities, Google’s Android platform has historically been different from Apple’s iOS (and iPadOS). Android has always allowed end-users to sideload applications, which can include the use of other app stores such Amazon’s. This allows developers to avoid the up to 30% transaction fees and reduces the possibility of app rejection.

As Apple is being urged to allow third-party apps stores for its iPhones and iPads, both in Congress and in Europe, CEO Tim Cook has been vocal in his support of the idea. He argued that such a change would “destroy Apple’s security”. 

In a report released on Wednesday, June 23, Apple argued that 3rd-party app sideloading would subject users of the company’s platforms to increased risks, create l app and OS instability — and potentially allow malware to install itself.

A Gatekeeper for iPhone and iPad

Side-loading has been allowed by Apple, but only for Enterprises using the Developer Enterprise Program. This program allows companies to create and distribute custom apps on iOS, WatchOS and TVOS devices. It also codes-signs Mac apps, plugs-ins and installers with a Developer ID certificate that can be distributed to Mac computers at work. Apple also offers an app store for Mac, but it does not require that Macs only install apps from it.

The feature is not available in iOS, but MacOS current versions use “Gatekeeper”, a subsystem that allows code-signing to be enforced using digital certificates. Gatekeeper verifies downloaded application signatures to make sure they are notarized before they can be executed. This reduces the possibility of accidentally installing and running malware.

Although the Developer Enterprise program has helped significantly reduce the amount of malicious software installed on iOS devices, it is not perfect. The Developer Enterprise toolsets were used to distribute the Exodus malware, which was downloaded directly from Google Play on Android devices.

Potential for significant changes in iOS and iPadOS

Sideloading may require significant architectural changes to iOS and iPadOS. However, this is not an easy task.

It is unknown just how modular Apple’s mobile  operating systems are because, unlike Android, iOS and iPadOS  are not open source. Google has managed, however, to separate all of its proprietary functions within Google Mobile Services (GMS), which includes all the libraries and apps required to provide a great customer experience on Android.

This is done to separate the Android Open Source Project from commercially licensed versions. Some Android device manufacturers, such as Amazon and Huawei, do not use Google Mobile Services, but instead use AOSP for the basis of their products.

Apple’s own apps should be treated equally in API usage if third-party apps are to be accommodated. Apple probably has undocumented, private APIs that it uses to its advantage, which are fully integrated into every aspect the OS. Apple controls iOS, so it doesn’t have to worry about documentation.

If it wanted to reserve APIs, it would need move those APIs into its libraries. It would do this away from the common space where all apps run. Much like Google Mobile Services. It is possible that Apple may be required to document all APIs as part of any antitrust settlement. This will ensure that third-party developers don’t have access to “secret sauce” in iOS. For example, addressing undocumented APIs was central to settling Microsoft’s litigation with the US Government in the early and mid-2000s.

Other issues may arise with the iOS security model. These issues could be rectified to allow third-party apps to be sideloaded or installed outside of the App Store. 

Apple may also need to allow third-party payment systems in the App Store. 

Containers aren’t just for clouds

To firewall potentially misbehaving third-party apps, the company may need to add support for containerization, a form of virtualization technology.

Along with built-in support for virtual machines, containerization is a relatively new feature for Apple operating systems. It was introduced in 2020 with MacOS 11 Big Sur to support iPads and iOS applications on Apple Silicon. 

Containerization is used to run Rosetta x86 emulator, to isolate its processes and other apps. It also provides a runtime environment for unmodified iOS and iPadOS app, as well ported iPad “Catalyst”, app, to run safely and not interfere with Mac system processes. Each app receives its own container and the resources it requires to function.

iOS provides sandboxing for App Store distributed apps today. Apple would have to make major architectural changes if it had to accept software that has not passed its rigorous vetting or gating processes. This is especially important if Apple wants to keep its superior application security model.

Apple would almost certainly need a way to allow third-party apps and app store to run in an isolated fashion on iOS. The containerization technology that is built into MacOS would need to be ported to iOS along with any toolsets required to repackage apps to make them installable containers. 

We don’t know what MacOS containerization is. It’s been more than a year since its introduction and Apple has not provided any documentation. This is because much of the information is hidden from Mac software developers. This could be changed as a result any antitrust settlement.

Gatekeeper: Vaccine to combat the upcoming sideloading pandemic

Apple’s best strategy for the future is to port the Gatekeeper subsystem to iOS, WatchOS and TVOS and create an infrastructure for digital signing for third-party apps, including third party app stores and installable package packages.

I believe that consumers should have access to cloud-based package management systems for third-party applications, similar to what enterprises use to install third-party software. These packages can also be purchased as a value-added services. Apple should not be required to provide cloud-sync and data backup infrastructure for side-loaded apps.

Side-loaded apps can be installed on iOS to allow them the same privileges as native APIs. This is a problem because it opens up the possibility of significant platform abuse. 

The main benefit of iOS is its security and resistance to malware attacks. Unfortunately, however, some malicious app store apps have been found, notably ones that communicate with Command and Control (C2) infrastructure of threat actors.

Side-loading must be approved on iOS with a large warning and waiver to the end-user. This is the same as on Android. Perhaps even two levels of “Are You Sure?” with password/ID validation

Although side-loaded apps and app store can be problematic and add to the overall user experience, there are some potential benefits.

In terms of revenue from commercial software development, third-party app stores have not been a huge boon to Android. However, it has provided more options for end-users, particularly in terms of inappropriate content or things that Google deems to be against its self-interest.

Sideloading isn’t always bad

Side-loading iOS on iOS could benefit many different types of apps. One example is payment systems that could compete with Apple Pay, such Google Pay. However, Google Pay does not currently have NFC capabilities on iOS. This could be due to concerns about being delisted from the app store if this functionality were to be enabled.

Samsung decided not to launch its Samsung Pay app or service on iOS due to its difficulty being listed in the App Store. Side-loading would allow Samsung to launch its payment service on iOS. It could also create its own app store.

Cydia is another third-party app store that might be of interest to a wider audience. It is currently used by jailbroken iOS users. These are more like tweaks and hacks that can be used to extend iOS for those who wish to personalize their user experience. Third-party sideloading is not the same as jailbreaking, sometimes referred to by “rooting”, in which low-level OS settings and services can be modified that are not generally accessible to an end user.

The benefits of opening up iOS to third-party applications that wouldn’t otherwise be able to participate in the App Store are readily apparent. It would allow whole categories of apps that are only available via jailbreaking to run on iPhones or iPads. It would allow apps that are “objectionable,” like those with adult content, to be run on iPhone and iPad devices. 

It would also allow the installation of apps that are not in compliance with the enforcement needs of regional governments. For example, the apps side-loaded by Chinese nationals during large scale protests on Android, but which are banned on the App Store in China, would be allowed.

What about alternative browser engines to Safari like Chrome and Edge? Sideloading would also allow you to use them.

The EU is looming large

How quickly can sideloading be done in Apple’s mobile devices, however? Very quickly. The EU has frequently moved independently of the United States with its own antitrust proceedings When it believes the monopolistic practices by US technology companies are threatening its citizens, it has also imposed severe fines.

Case in point: In 2010,  the EU found that Microsoft had used its market dominance to pre-load its Internet Explorer browser on Windows. The EU also imposed heavy fines on Microsoft. 
EU demanded that Microsoft separate its Internet Explorer browser

 from the operating system and allowed the consumer to choose which web browser could be installed on the OS during the initial set-up process. This website,, was maintained by Microsoft until early 2015.

Another example: In July 2018, 
Google was hit with a $5 billion fine by the EU

 for anti-competitive behavior on its Android OS.  Google must stop forcing Chrome on Android OEMs and Google search on Android OSs. This is part of the EU ruling.

If you think that $5 billion in fines against Google is bad for default search engine choices then wait until you hear what it does to Apple for alleged Monopolistic practices with its App Store. It could face a penalty of 10 percent of its global revenues. This could amount to $30 billion.

Apple must be prepared for the fall of the wall

There are potential drawbacks to side-loading third-party apps on iOS. A large part of iOS’s value is the security and control it offers. This is especially true if you compare it with Android’s wild west. The rigorous vetting process for iOS apps ensures that the experience is high-quality and secure.

These are the areas that Apple will target if it is subject to antitrust investigations. The company may have to make significant changes to the way it operates its mobile operating systems to meet legal and government demands. Side-loading is now allowed. This opens up the possibility of many issues that could compromise user security or degrade the premium, highly curated Apple ecosystem that its customers already enjoy. 

I believe that the App Store walled Garden will be demolished. Apple should provide the tools and services necessary to reduce the potential carnage, however, if we’re going to smash down the castle walls with an antitrust dragon. It should be obvious that Apple will issue appropriate warnings to its end-users (which might mean that opening the application gates to most people is not a good idea).
Do you think Apple should be allowed to come out of its closed garden before being forced into it by antitrust litigation and regulatory actions? Talk back and let me know.  

    Leave a Reply