Apple has been in the news due to the lawsuit by the US Department of Justice alleging monopolistic practices in its smartphone business, and the surrounding ecosystem of App Store and others. Apple has rebutted saying its walled garden is loved by its users for its ease of use and it ensures the security of the users. Much has been written about this and much much more will be written as this case drags out over years, as such cases are wont to. I want to give a researcher, non-lawyerly perspective on this fracas. Like all big legal and policy issues in tech, this one has nuances that are not well served by 30-second news bytes. I want to reflect on what good outcomes means, from the perspective of researchers and technologists like me, and by extension, what good that can do to the wide public.
Analogy between MacOS and iOS
When you walk around the halls of academia (or ivory towers, if you wish to be snooty), you will see most of us using Macintosh laptops. These run MacOS and have largely been more immune to malwares of various kinds, compared to Windows laptops. MacOS allows one to download and install applications of all sources from all kinds of developers, without the gatekeeper of an App Store. And that has not opened a floodgate of security attacks. So I do not buy the argument that iOS users need to be protected through the watchful eyes of Apple in its App Store. Also, what do those watchful eyes exactly do, technically speaking, is not known as Apple keeps all that opaque. We in the security research community believe that generally more eyeballs that inspect your software for security vulnerabilities (and then someone fixes those), the more secure your software is. Apple has largely not embraced this best practice.
How Much to Pay the Piper?
We know that chestnut of a fairy tale of Pied Piper of Hamlin. He plays the magical tune to get rid of all the mice of an accursed town. And when the penny-pinching town officials refuse to pay up, he plays that same magical tune to lure away the children of the town. Who knew children and mice have similar tastes in music … but I digress. That old fairy tale gets its analog in Apple charging all app developers for its App Store a whopping 30% of the revenue. Now, whether it is whopping or justified for all the pains Apple takes to keep your phones safe, is of course a subjective call. The judge in the Epic Games vs. Apple lawsuit also thought the 30% was exorbitant.
The upshot of the Epic Games vs. Apple lawsuit was that Apple gets to keep its cut for App Store transactions. But the small, but meaningful, change is that the apps can point the users to payment options outside of Apple’s walled garden. Thus, if I came up with an addictive (and inane) game like Candy Crush and hooked you into spending hours with it and I make the game free, I would of course want to monetize this. The way to do this is to have in-app purchases (for gimmicky and useless stuff associated with the game). Apple now cannot force me to use its own payment system for that. I think that is as it should be. It incentivizes app developers around the globe to come up with imaginative, and maybe even useful, apps.
Apple Pay and iPhones
It turns out that if you have an iPhone, which comes with a technology called NFC (Near Field Communication), you can use Apple Pay with it but not other digital wallets. In the US that is — in the EU, the regulators came down hard on Apple and when faced with the menace of large fines, Apple quietly complied to open up that part of its walled garden. Now Apple makes an argument that this walled garden keeps its users secure from fraudulent financial transactions. I think that its track record in that respect is good. But, I would like to see the API (Application Programming Interface) opened up so that other software developers of digital wallets can also make use of the iPhone hardware. Then, Apple can take the argument about security to its users, when they have choice. And if it is a winning argument, then they will gravitate toward Apple Pay. So as in much of such discussion, choice is the key word, for the consumers. Also, in the EU, there has not been any marked rise in fraudulent financial transactions due to the opening up, though this is early days still.
Do we have a Choice?
There is not a monopoly in the mobile phone market … thank the heavens above because this is such a globally widespread and crucial technology. But there is a duopoly and that makes me uncomfortable. My belief is that if the iron grip of Apple in particular, but Google also to a lesser extent, can be loosened, that will lead to more flowering of mobile OS platforms. And that will be a good thing.
Seamless Apple Experience
There are diehard Apple acolytes who swear by how “smooth” (read “frictionless”, “appealing”, “seamless”) their experience is with Apple products. I too have sipped that Kool-Aid a little. After fiddling with a Dell tablet frustratingly for weeks in the early days of the pandemic, I had heaved a sigh of satisfaction when I got productive with my Apple iPad in the matter of an hour. But I think that smooth experience argument should be used after opening up the walled garden. If indeed users are willing to pay a premium for the supposedly smooth experience, and that experience is so much better than what third-party software can achieve, then users will choose the homogeneity of only Apple products. But they will have choice, again that all-important word.
To Sum
In my work I believe in open source software, for the selfish reason that it allows our research community to do more impactful research, but also because I believe that is in general better for the security of our software ecosystem. More moderated than open source is the approach of opening up an API so that others can develop software for your Operating System (OS). This is valuable for unlocking the creativity and talent of people to develop useful software. If this lawsuit results in nudging Apple toward either of these for its mobile OS, the iOS, then this will squarely be on the winning side of the ledger.
Distant Whispers from an Academic Engineer's World 