Apple warns of cybercrime risks if EU forces it to allow others’ software

By Foo Yun Chee

BRUSSELS (Reuters) -Apple Inc on Wednesday ramped up its criticism of EU draft rules that would force it to allow users to install software from outside its App Store, saying that would boost the risk of cybercriminals and malware.

But the Coalition for App Fairness, which includes Spotify, Match Group and Epic Games, dismissed Apple’s arguments, saying that built-in security measures such as encrypted data and antivirus programmes provide security to devices, not its App Store.

The group wants regulators to loosen Apple’s grip on its App Store so they can bypass it to reach Apple’s hundreds of millions of users and also to avoid paying commissions of up to 30% for purchases made in the Store.

The iPhone maker has been a fierce critic of EU antitrust chief Margrethe Vestager’s proposed rules, announced last year in a bid to rein in Apple, Amazon, Facebook and Alphabet unit Google.

Building on CEO Tim Cook’s comments in June about the risks to privacy and security of iPhones, Apple on Wednesday published an analysis on the threats of so-called side-loading.

“If Apple were forced to support sideloading, more harmful apps would reach users because it would be easier for cybercriminals to target them – even if sideloading were limited to third-party app stores only,” the report said.

It warned of malicious apps migrating to third-party stores and infecting consumer devices, while users would have less control over downloaded apps.

The study cited figures from cybersecurity services provider Kaspersky Lab which showed nearly six million attacks per month affected Android mobile devices.

A lawyer for the group, Damien Geradin, said side-loading was just a distraction.

“What matters to us is the obligation imposed on developers whose apps sell digital goods and services to use Apple In-App payment system,” he told Reuters.

“On that Apple’s security claims have no legs. Alternative payment solutions provided by Stripe, Adyen or Paypal are as safe as IAP,” he said.

The draft EU rules also target these practices.

Apple also took a swipe at digital advertisers with whom it is at loggerheads over its new privacy controls designed to limit them from tracking iPhone users.

“Large companies that rely on digital advertising allege that they have lost revenue due to these privacy features, and may therefore have an incentive to distribute their apps via sideloading specifically to bypass these protections,” the report said.

Vestager’s draft rules need the green light from EU lawmakers and EU countries before they can become law, likely to be in 2023.

(Reporting by Foo Yun Chee; Editing by Mark Potter and David Gregorio)