Following Tim Cook’s speech at the IAPP conference, team building has become a hot topic in the Apple community. Cook filed the lawsuit against the group at a conference in Washington, DC on April 12, citing potential privacy and security risks. That begs the question, what exactly is team building? Sideloading is the process of installing an app in IPA format onto an Apple device in iOS context. This is in contrast to the process of downloading and installing applications from the Apple App Store. This is most common on Android devices, especially for users in countries where censorship laws prevent certain applications from being downloaded from the Google Play Store. Users can also choose to import applications for a wide variety, because some of the applications that developers do not have in their respective application stores.
In his remarks, Cook argues that team loading can circumvent the security of the App Store. This will be the case if the materials do not receive a review process before it is available for approval. Cook’s case is related to an ongoing lawsuit in which Apple sued Epic Games for allowing users to make purchases in their game, Fortnite, outside of Apple in-app purchases. This allows Epic Games to avoid the 30% hack Apple normally accepts for in-app purchases. This lawsuit sparked a debate about whether the Apple App Store is a monopoly and whether developers should allow apps to be distributed and traded on iOS devices outside of the App Store.
In response to the concern of this monopolization, the EU reached an agreement on the law on March 25th, set to allow users to install applications from third-party platforms. The so-called Digital Products Act has important implications for the way companies such as Apple and Google manage their app stores and user data. In August 2021, the Open Products Act was introduced in the US Senate. This bill will allow advertisers to distribute their applications and handle in-app purchases outside of the company’s control platforms and protect them from punitive action if they decide to do so.
In response to this suggestion, Apple said in a letter to lawmakers, “Teamwork will allow malicious users to circumvent Apple privacy and security protections by sharing applications without special privacy and security checks.” Apple has been vocal about these concerns, as evidenced by its introduction in 2021 of the Tracking App feature in iOS 14.5, along with other protections. But Cook’s comments at the IAPP are also a response to the real threat these policies, and the ongoing litigation with Epic Games, stand for their business model. MSPs should keep this story as long as the law affects the iOS security landscape in the future. Author Nathan Pabon is an application security engineer at Addigy. Read more Addigy hosting blogs here. Regularly hosted guest blogs are part of ChannelE2E’s sponsorship program.