Big Tech and 'sideloading' debate; IT firms fear security, privacy breaches

He made a whistle-stop visit to India this week to meet senior government officials including Prime Minister Narendra Modi.

For Google Inc CEO Sundar Pichai, the visit was significant because it took place against the backdrop of his company facing one of its most serious challenges in the country. The Competition Commission of India (CCI) slapped a ~936.44-crore penalty on Google in October allegedly for abusing its dominant position with its Google Play Store policy. That came close on the heels of another fine of ~1,337.76 crore also on allegedly indulging in unfair trade practices. And on Thursday the Parliamentary Committee on Finance presented a set of recommendations to rein in Big Tech with a digital competition law.

Pichai did some plain-speaking. He has said that some part of the CCI ruling would be a setback for user privacy and security and he called out the government saying technology needs “responsible regulation”.

The crucial ruling goes beyond just penalising the company, which Google is expected to challenge in court anyway. CCI’s order to permit app developers to distribute their apps through what is known as sideloading has brought India to the forefront of the global debate in countries such as the US, Japan, Korea and in Europe on how to rein in the growing domination of Big Tech.

Sideloading is a way for app developers to load their applications without going through formal stores such as Google Play for Android phones or the Apple App Store for iPhones. Such a move would break the domination of the two big boys and spur competition in the app space. That apart, app stores charge a revenue share of around 30 per cent from developers and even impel them to use only their own billing system from which it also makes money. So the stores are a money-spinner, which is reflected in their growing share of service revenues for Apple or Google.

The CCI order has upped the ante in India by asking Google to permit sideloading of apps. But it is the only competition regulator to do so. European lawmakers have also agreed on the main points of the Digital Markets Act in March this year, which includes giving other software developers access to an Android phone or an iPhone outside their respective app stores.

According to The Wall Street Journal, Apple’s engineering group is already working on technical changes that will be required to give other app stores (such as Microsoft’s planned gaming store) and app developers access to phones. Discussions are ongoing between Big Tech companies and regulators on detailed interpretations of the law including scrutinising even the sideloaded apps for security and privacy of their customers. In the US, hectic lobbying by Big Tech has stalled a bipartisan legislative effort to push through the Open App Markets Act this month, even after it was passed by the Senate Judiciary Committee. Most experts say it will be cleared eventually, however.

The opposition from Big Tech globally and more so in India is focused on the issues of security and privacy, since they say they act as “gatekeepers” to ensure that apps through their stores are vetted before they are uploaded. “Sideloading has severe adverse consequences as it removes the secure architecture that is put in place by the app stores, akin to an intermediary that is liable for app security and integrity,” said a senior Big Tech company executive in India.

He also pointed out that studies across the world had shown that sideloading leads to increasing instances of data breaches and theft, malware, phishing and so on. It is tantamount, he said, to making the security of the country vulnerable by removing the “platform gatekeeper”.

A Big Tech company in India said the threat perception in the country was far higher than in Europe, the US or Japan, especially with the India-China border tensions and uncertainties in Pakistan. So India cannot follow the same rules as, say, Europe, it added. Certainly, app store companies have been getting continuous requests from government agencies to take down apps and monitor those that pose cyber threats.

For instance, in December, requests were made for blocking and proactively monitoring apps that were mimicking a G20 India application. In July this year, the government requested the blocking and removal of the IndyCall app because of its threat to national security. And the government recently ordered the removal in tranches of the ban of over 97 Chinese apps that included TikTok.

With sideloading, the app stores’ “gatekeeper” function would be compromised. The question is: Who will be responsible? “The checking of the authenticity and security risks of an app is a detailed process. It is not only an automated process; physical checks are made before they are uploaded. That is why so much time is taken,” a tech executive explained.

Big Tech players are also peeved at the apparent contradiction in CCI’s stance on sideloading itself. They point out that while sideloading has been permitted in one place, CCI acknowledges the downsides to justify its argument that Google’s app store will not face any constraint from the entry of new players.

It says, for instance, that “…the process of sideloading of alternative app store or apps, which involves risk of malware or harmful applications, acts as an entry barrier for competitors in the market for app stores for Android devices as users that do not have technical knowledge would not like to run a risk of sideloading….” It also argues that the other constraint in sideloading is that it does not allow automatic upgrades, another reason it would not impact Google’s app store market.

So is there a middle path? The government is studying the issue closely. Tech companies said sideloading was not only a competition issue but a serious security and privacy issue in which security agencies should be involved — and it should be based on legislation and not just a mere order from CCI.

“In other countries, the issue of app stores has been discussed between regulators and all the stakeholders,” a Big Tech executive said. “In India, there has been no debate and no chance to give our views to the government.”

Competition vs security & privacy

• The Competition Commission of India (CCI) order permitting sideloading will spur competition for Big Tech players like Google and Apple Inc that dominate the app store ecosystem
• Big Tech says it is not only a competition issue but also a security issue so all stakeholders should be consulted, including security agencies in India, before a call is taken
• The decision on sideloading has come through a CCI order without any discussion with all stakeholders or a legislative process like in other countries
• European lawmakers agreed in March on the Digital Markets Act which would permit sideloading. Detailed discussions are on
• A bipartisan Bill in US known as the Open App Markets Act, expected to come for clearance this month, has been postponed
• Big Tech firms say through the app stores they act as “gatekeepers” to ensure app security and integrity by scrutinising them
• Big Tech says it gets a continuous stream of requests from the govt to block, remove and monitor suspicious apps