Executive Summary

• “Sideloading,” or the ability to download or install an app without going through an operating system’s app store, has come under increasing scrutiny particularly in regard to Apple’s decision to effectively prohibit the practice.
• Advocates for sideloading argue that it should be allowed to improve competition and choice for consumers, but the market for providing a computer program or app to consumers is already highly competitive with many options for both developers and consumers.
• Sideloading increases cybersecurity risks and disallowing the practice is one way an operating system can distinguish the security of its product, so as a result mandating sideloading can diminish competition over security.

 

The Challenge of Sideloading

Policymakers at both the federal and state level are scrutinizing Apple and Google for restrictions they have placed on the ability of users to access apps outside of app stores. On the mobile devices (such as phones and tablets) running these companies’ operating systems, users either cannot access apps outside of the app store or must jump through a number of hoops to install such apps on their devices. Policymakers are scrutinizing whether such restrictions on “sideloading”—the practice of installing an app not available in the app store—hurt competition.

While some have raised questions about sideloading’s competitive effects for years, the issue came to greater prominence last year when Epic Games sued Apple. Apple removed Epic Games’s popular game Fortnite, and Epic then sued, alleging that Apple currently holds monopoly power in the iOS app distribution market; the Apple App Store, as a “walled garden” of sorts, is “the sole means by which apps may be distributed to consumers in that market,” Epic Games argues in its complaint. Allowing the entrance of third-party app stores would provide consumers and developers “choice beyond Apple’s own App Store and inject…healthy competition into the market.” Policymakers have taken note of this argument and are examining whether app stores are hindering competition unlawfully. Democrats on the U.S. House of Representatives Judiciary Committee alleged in a report last year that Apple and Google currently face “no competitive constraints” on their app store, and legislatures in several states are considering bills that would force mobile operating systems (and possibly other platforms) to allow sideloading.

While it is true that preventing sideloading can eliminate certain competitors in narrow circumstances, any policy that would overrule internal decisions ignores both the broader competitive market and the reasons that companies might choose to disallow sideloading. Such an approach would not promote competition, as it too narrowly perceives the market in which these app stores operate and the options available to consumers, particularly around security.

Sideloading and the Marketplace for Apps

Some, including developers, have argued that allowing sideloading would solve the competitive problems around app stores. But this framing of a possible solution ignores the broad competition that already takes place across platforms. Simply put, it is incorrect to say that there is an app store “duopoly” that lacks competition.

While allowing sideloading may appear to provide a wider range of options in the market, the refusal to allow sideloading should not be presumed to generate a monopoly. In reaching consumers, developers have a range of options of what operating system on which to program and how to distribute their program. Some already may choose to only make their program available on one operating system to attract a particular audience or to take advantage of particular features, while others may prefer to make it available in multiple forms and potentially accessible to the greatest number of consumers. For example, in the growing gaming market, developers have a choice on which platform consumers can access their games. Fortnite, for example, is available not only as a mobile app, but also as a PC game and on various other consoles. Looking more broadly, consumers have a variety of options for accessing content, such as the PlayStation or Xbox stores for gaming or the Roku store for entertainment. As a result, even without sideloading the game onto their mobile device, consumers have multiple ways to connect with developers, and developers have multiple avenues outside of app stores for making their products available. The lack of sideloading is not preventing the developers from reaching consumers nor is it preventing consumers from accessing the products.

Sideloading and Cybersecurity

Whether to allow sideloading can be a way of distinguishing an operating system from competing systems. There are reasons not related to competition that an operating system may choose to disallow sideloading. Most prominently, while sideloading allows users to access apps not available in the operating system’s app store, it also increases the risk of exposure to fraud, malware, or security breaches.

As noted by a National Institute of Standards and Technology Lookout on mobile cybersecurity, sideloading is a way that an operating system or network can be compromised by hackers despite existing security protocols in many devices. Not only does sideloading increase the risk of a security breach for an individual user, but it can potentially increase risks to other devices connected through a network. As a result, sideloading can diminish the overall security level with which an operating system may seek to distinguish itself. To be sure, operating systems could take additional security measures to combat the risks that come from sideloading, but it is not obvious that a new system would provide the same level of security that the more stringent prohibitions create now.

Apple has marketed itself as a more privacy-sensitive and secure option compared to other mobile operating systems. Part of this distinction is related to its closed system, including disallowing sideloading. This design means that in its standard mode the system is likely to be seen as having greater security for the average user. Google’s Android system, in contrast, does allow sideloading, albeit only after the user acknowledges the risk through various steps.

Options not approved by the Apple App Store, however, could still be accessible via the web in some cases or by users “jailbreaking” their devices, i.e. removing existing software and/or its restrictions. As Lincoln Network’s Zach Graves writes, “In short, it’s not *that* hard to circumvent Apple’s restrictions on unauthorized apps if you really want to. Particularly if you’re doing something simple like trying to access an alternative to Twitter that isn’t in the App Store. But if you decide to go all the way and jailbreak your phone, you might be wise to use your banking app on a different device.” For users who find it too limiting to only access the approved apps and would rather accept the cybersecurity risks, Android provides an alternative operating system, or they may accept the risks associated with some ways of working around the existing restrictions.

The decision to disallow sideloading may be associated with a vision of offering an alternative and more secure operating system to users rather than to eliminate competition in the app market. Even if allowed on an operating system, if users choose to engage in sideloading, they should be aware of the risks it may pose in increasing their vulnerability to hacks or other attacks.

The different decisions by Apple and Google on whether to allow sideloading illustrate that the ability to sideload is itself a point of competition. Android makes it difficult, but not impossible, while Apple makes it close to impossible, and users with different desires or needs around security can choose based on this factor. Requiring sideloading by law would imply a one-size-fits-all approach that would reduce choice for consumers, forcing them into a risk level that they may not be comfortable with and preventing operating systems from distinguishing themselves in this way.

The Complexity of Competition

Some policymakers see sideloading as a way to break the perceived monopoly power of app stores, particularly those of Apple and Google. But the marketplace is far more complex, and a change to one element may have ripple effects on multiple markets in the digital ecosystem. App stores are a popular choice for how to access content, but they do not have a traditional monopoly on access to consumers. Instead, they provide yet another option for developers and consumers to connect. Developers have multiple avenues for distributing their work and consumers have a variety of choices for how to access content, even if some platforms choose to disallow sideloading. Decisions regarding sideloading are relevant beyond the app market, too. Operating systems themselves are competing for customers on metrics such as security and this competition may impact their decision whether to allow sideloading. Ironically, a policy that requires the ability to sideload could therefore also curtail competition. Like many issues regarding technology and antitrust, innovation yields new dimensions of competition. One-size-fits-all solutions can reduce competition and eliminate choice for consumers.