Millions of Android users now find themselves caught in the midst of an extraordinary argument between Google, regulators and app developers. Make no mistake, not only does this signal a huge change for Android from which there’s likely no turning back, but it also narrows the gap to iPhone in more ways than one.
We’re talking sideloading, the freedom to source and install apps from pretty much anywhere, in stark contrast to Apple’s walled garden App Store. Piece-by-piece, that freedom is being restricted, with users having to actively change settings or ignore warnings to take risks that used to be part and parcel of the Android experience.
Just last month, Google made its latest move to clamp down on sideloading, enabling app developers to force users to use Play Store instead of third-party stores or direct installs. And Samsung, Android’s leading OEM, has gone further still, shipping phones with maximum restrictions set, which disable sideloading by default.
It has been clear that Google is heading in this direction, but now we have been left in no doubt given public statements from one of Google’s engineering execs one the dangers in installs apps from outside official channels.
Many hardcore users are unhappy at this twist—Android was the anti-iPhone choice given sideloading, amongst other things. It’s in the DNA. But it also runs the risk of aggravating regulators, who are on a mission to introduce choice even if that choice comes with a raft of hidden threats that most users can’t defend against.
This debate has come to a new head this week, with Epic Games filing suit on Google and Samsung for auto-blocking sideloading within Samsung’s UI, which they contend has come about from collusion between Android and its leading OEM, describing it as a “coordinated effort to block competition in app distribution on Samsung devices.”
Google has hit back, with Engineering Security and Privacy VP Dave Kleidermacher slamming Epic’s suit as a “meritless and dangerous move,” and critically pointing out that “Google and the security community have warned users for years about the real risks associated with downloading apps directly from the web… To make this about access to a game is deliberately misleading; this is about user safety. And Epic’s lawsuit puts their corporate interests above user protections.”
Clearly, Google’s comments don’t appear to be aimed at Epic’s products specifically, but rather at the wider risks from unregulated app distribution.
In response, Epic’s Tim Sweeney posted that “the 21 steps required to install Epic Games Store on new Samsung Android devices are full of intentional dead ends and misleading scare screens characterizing Epic as an “unknown” source (y’all know us) and our software as dangerous (y’all know it’s not).”
Google says it had nothing to do with Samsung’s decision to autoblock sideloading, and in reality there’s absolute sense for the phone maker to do exactly that. Sideloaded apps run a far, far higher risk of malware than those that have been through the Play Store scrub, even though the latter are far from immune. And while Google’s Play Protect and new live threat detection will shore up defenses, for the everyday user, the risks from sideloading outweigh any benefits.
But Epic’s points get to the nub of the issue—there is no middle ground between Google’s (or Apple’s or Samsung’s) official stores, and the unregulated danger zone from unscrutinized apps, promoted by phishing and smishing attacks, carrying dangerous payloads. There needs to be something in between, and in providing such a compromise other issues such as high app store fees can be addressed.
Sweeney pointed out that “Windows and MacOS demonstrate multiple successful and proportionate approaches to blocking malware. None involve blocking safe software from reputable companies or portraying known software as unknown as Google and Samsung are doing,” describing “Google’s scheme [as] dishonest and misleading.”
A middle ground would be great, or at least some form of accreditation for app stores beyond the official ones. Most phones carry no anti-virus protection and are not designed for indiscriminate installs, and so the PC/Mac model won’t fly.
Apple is also facing regulatory pressure to tear down its own walled garden, which has included the semi-introduction of sideloading in Europe. But the iPhone maker has issued stark warnings to users and regulators that in doing so the threat to iPhones and their users massively increases.
Sideloading, it warns, opens “new avenues for malware, fraud and scams, illicit and harmful content, and other privacy and security threats,” and also “compromises Apple’s ability to detect, prevent, and take action against malicious apps on iOS and to support users impacted by issues with apps downloaded outside of the App Store.”
No easy answers here.