Subscribe to the Free Future Newsletter
Who controls what you can do on your mobile phone? What happens when your device can only run what the government decides is OK? We are dangerously close to this kind of totalitarian control, thanks to a combination of government overreach and technocratic infrastructure choices.
Most Americans have a smartphone, and the average American spends over 5 hours a day on their phone. While these devices are critical to most people’s daily lives, what they can actually do is shaped by what apps are readily available. A slim majority of American smartphone users use an iPhone, which means they can only install apps available from Apple’s AppStore. Nearly all the rest of US smartphone users use some variant of Android, and by default they get their apps from Google’s Play Store.
Collectively, these two app stores shape the universe of what is available to most people as they use the Internet and make their way through their daily lives. When those app stores block or limit apps based on government requests, they are shaping what people can do, say, communicate, and experience.
Recently, Apple pulled an app called ICEBlock from the AppStore, making it unavailable in one fell swoop. This app was designed to let people anonymously report public sightings of ICE agents. In the United States people absolutely have a First Amendment right to inform others about what they have seen government officials doing and where — very much including immigration agents whose tactics have been controversial and violent. Apple pulled the ICEBlock app at the demand of the US Department of Justice. The following day, Google pulled a similar app called Red Dot from the Google Play Store.
The DOJ’s pressuring of Apple is an unacceptable, censorious overreach. And Google’s subsequent removal of Red Dot looks like troubling premature capitulation. While some experts and activists have expressed concerns over ICEBlock’s design and development practices, those concerns are no reason for the government to meddle in software distribution. The administration’s ostensible free speech warriors are trying to shape how Americans can communicate with each other about matters of pressing political concern.
Infrastructure choices
Apple’s iOS (the operating system for any iPhone) is designed to only be able to run apps from the AppStore. If Apple hasn’t signed off on it, the app won’t run. This centralized control is ripe for abuse:
Unlike Apple, Google’s Android operating system has traditionally allowed relatively easy access to “sideloading”, which just means installing apps through means other than Google’s Play Store. Although most installations default to getting apps from the Play Store, the availability of sideloading means that even if Google censors apps in the Play Store, people can still install them. Even apps critical of Google can make it onto an Android device. It’s also possible to run a variant of Android without the Play Store at all, such as GrapheneOS.
Unfortunately that is all set to change with a recent Google announcement that it will block apps from “certified Android” devices (which is nearly all Android phones) unless they come from what Google calls a “verified developer.” This means that the common Android user trying to install an app will have to get Google’s blessing: does this app come from someone that Google has “verified”? How Google will decide who is allowed to be verified and who is not is still unclear. Can a developer become “unverified”?
This upcoming change is framed by Google as a security measure, but merely knowing the identity of the developer of an app doesn’t provide any security. So the only way that the “verified developer” requirement can offer security is if Google withholds “verified developer” status from people it deems bad actors. But Google’s ability to withhold that status can be abused in the same way that Apple’s AppStore lock-in is being abused. A government will simply make a demand: “treat this developer as a bad actor” and effectively cut off any app by targeting its developer.
When a lever of control is available, the would-be censors will try to use it. It has never been true that someone who buys a Lenovo or Dell laptop, for example, has to let Lenovo or Dell tell them what programs they can and cannot install on their computer. Yet that will soon be the situation with regards to nearly all cell phones used in the United States.
Note that American iPhones are limited to only apps from the AppStore, but European Union (EU) iPhones don’t have that restriction. The EU’s Digital Markets Act (DMA) required Apple to permit alternate app stores and sideloading (which Apple calls “web distribution”). As a result, marketplaces like AltStore are starting to become available — but Apple only lets EU customers use them. The European regime is not perfect, however; while sideloaded apps and alternative app stores aren’t subject to the app store’s constraints, they are still obliged to follow Apple’s “Notarization” requirements, which requires Apple to review all iOS apps – even from these alternate sources – on the basis of several vaguely worded rationales. For example, if the DoJ were to claim that ICEBlock “promoted physical harm” (even though it clearly does not), Apple could use this as an excuse to justify revoking their notarization of the app, which would prevent it from being installed even from these alternate channels.
App store security and surveillance
But both of them also regularly allow apps that contain common malicious patterns, including many apps built with surveillance tooling that sell their users’ data to data brokers. If either tech giant were serious about user security, they could ban these practices, but they do not. Google’s security claims are also undermined by the fact that the cellphone hacking company Cellebrite tells law enforcement that Google’s Pixel phones can be hacked, while those running GrapheneOS, created by a small non-profit, cannot. (Asked by a reporter why that was so, Google did not respond.)
Making matters worse, organizations like Google are unclear about their policies, and some of their policy statements can put developers and users at risk. Discussing blocking Red Dot, for example, Google told 404Media that “apps that have user generated content must also conduct content moderation.” This implies that Google could become unwilling to distribute fully end-to-end encrypted apps, like Signal Private Messenger or Delta Chat, since those app vendors by design are incapable of reviewing user-generated content. End-to-end encrypted apps are the gold standard for secure communications, and no app store that signals a willingness to remove them can claim to put security first.
In addition, even if you’ve carefully curated the apps you have installed from these dominant app stores to avoid spyware and use strongly secure apps, the stores themselves monitor the devices, keeping dossiers of what apps are installed on each device, and maybe more. Being a user of these app stores means being under heavy, regular surveillance.
Other options exist
These centralized, surveilled, censorship-enabling app stores are not the only way to distribute software. Consider alternative app stores for Android, like Accrescent, which prioritizes privacy and security requirements in its apps, and F-Droid, which enables installation of free and open source apps. In addition to offering quality tools and auditing, F-Droid’s policies incentivize the apps distributed on the platform to trim out overwhelming amounts of corporate spyware that infest both Google and Apple’s app stores. Neither F-Droid nor Accrescent do any surveillance of their users at all.
The F-Droid developers recently wrote about the impact that Google’s upcoming developer registration requirements are likely to have on the broader ecosystem of privacy-preserving Android apps. The outcome doesn’t look good: the ability to install free and open source software on a common device might be going away. Those few people left using unusual devices (“uncertified” Android deployments like GrapheneOS, or even more obscure non-Android operating systems like phosh) will still have the freedom to install tools that they want, but the overwhelming majority of people will be stuck with what can quickly devolve into a government-controlled cop-in-your-pocket.
How we can push back
In an increasingly centralized world, it will take very little for an abusive government to cause an effective organizing tool to disappear, to block an app that belongs to a critical dissenting media outlet, or to force invasive malware into a software update used by everyone. We need a shared infrastructure that doesn’t permit this kind of centralized control. We can disrupt oligopolistic control over software through user choice (e.g., preferring and installing free software), building good protocol frameworks (e.g., demanding tools that use open standards for interoperability), and through regulatory intervention (e.g., breaking up monopolistic actors, or mandating that an OS must allow sideloading, as the EU did with the DMA).
The device you carry with you that is privy to much of your life should be under your control, not under the control of an abusive government or corporations that do its bidding.