Subscribe to the free Future newsletter
free future home
Who controls what you can do on your mobile phone? What happens when your device can only run what the government decides is OK? Due to a combination of government overreach and technological infrastructure choices, we are dangerously close to this kind of totalitarian control.
Most Americans own a smartphone, and the average American spends more than 5 hours per day on their phone. Although these devices are important to most people’s daily lives, what they can actually do depends on what apps are readily available. Very few US smartphone users use an iPhone, which means they can only install apps available from Apple’s AppStore. Nearly all American smartphone users use some version of Android, and by default they get their apps from Google’s Play Store.
Collectively, these two app stores shape the universe that is available to most people as they use the Internet and make their way through their daily lives. When those app stores block or limit apps based on government requests, they are dictating what people can do, say, communicate, and experience.
Recently, Apple removed an app called ICEBlock from the AppStore, making it unavailable in one fell swoop. The app was designed to let people anonymously report public sightings of ICE agents. People in the United States have a First Amendment right to inform others about what and where they have seen government officials do – including immigration agents whose tactics have been controversial and violent. Apple removed the ICEBlock app on the demand of the US Justice Department. The next day, Google removed a similar app called Red Dot from the Google Play Store.
The DOJ’s pressure on Apple is an unacceptable, censorious overreach. And Google’s subsequent removal of Red Dot seems like a disturbing premature dedication. Although some experts and activists have expressed concerns over ICEBlock’s design and development practices, these concerns are no reason for the government to interfere in software distribution. The administration’s ostensible free speech warriors are trying to shape how Americans can communicate with each other about matters of serious political concern.
infrastructure options
But the government’s exaggeration is not the whole story here. The current structure of the mobile phone ecosystem enables this type of abuse and control.
Apple’s iOS (the operating system for any iPhone) is designed to only be able to run apps from the AppStore. If Apple hasn’t signed it, the app won’t run. This centralized control is suitable for abuse:
- Apple has handed over control of what apps are available to iPhone users in China to the Chinese government, including banning gay dating apps.
- The corporation has used its authority over the AppStore to block a game that criticized its labor practices.
- Apple’s guidelines state that “‘enemies’ in the context of the game cannot target only a specific … government, corporation, or any other real entity.” This represents the potential for widespread censorship for anyone who wants to use the games’ art to criticize companies or otherwise push political messages.
- It banned the popular game Fortnite from the App Store as it was struggling to get huge sums of money from user transactions from the gamemaker.
- In 2012 Apple rejected an app that compiled reports of highly controversial foreign drone strikes by the US government during the “War on Terror”.
Unlike Apple, Google’s Android operating system has traditionally allowed relatively easy access to “sideloading”, meaning installing apps through means other than just Google’s Play Store. Although most installations get apps from the Play Store by default, the availability of sideloading means that even if Google censors apps in the Play Store, people can still install them. Even apps that criticize Google can make it onto Android devices. It’s also possible to run a variant of Android without the Play Store, such as GrapheneOS.
Unfortunately this is set to change recently with Google’s announcement that it will block apps from “certified Android” devices (which is almost all Android phones) unless they come from what Google calls a “verified developer”. This means that the average Android user trying to install an app must get Google’s blessing: Does the app come from someone that Google has “verified”? How Google will decide who is allowed to be verified and who is not is still unclear. Can a developer be “unverified”?
This upcoming change is designed by Google as a security measure, but simply knowing the identity of an app’s developer does not provide any security. So the only way the “Verified Developer” requirement provides protection is if Google withholds “Verified Developer” status from people it considers bad actors. But Google’s ability to prevent that situation can be abused in the same way that Apple’s AppStore lock-in is being abused. A government would simply make a demand: “Treat this developer as a bad actor” and effectively cut off any app targeting its developer.
When a lever of control is available, future sensors will attempt to use it. It has never been true that, for example, anyone who buys a Lenovo or Dell laptop has to tell Lenovo or Dell what programs they can and cannot install on their computer. Yet this will soon be the case with almost all cell phones in use in the United States.
Note that US iPhones are limited to only apps from the AppStore, but European Union (EU) iPhones do not have this restriction. Apple is required under the EU’s Digital Markets Act (DMA) to allow alternative app stores and sideloading (what Apple calls “web distribution”). As a result, marketplaces like AltStore have started becoming available – but Apple only lets EU customers use them. However, the European rule is not perfect; While sideloaded apps and alternative app stores are not subject to the constraints of the App Store, they are still obliged to comply with Apple’s “notarization” requirements, which require Apple to review all iOS apps – even those from these alternative sources – based on a number of vaguely worded rationales. For example, if the DoJ claims that ICEBlock “promoted physical harm” (even if it clearly does not), Apple could use this as an excuse to justify revoking the app’s notarization, which would prevent it from being installed even through these alternative channels.
App Store Security and Monitoring
Both Apple and Google claim that their app distribution mechanisms improve security for their users. And clearly, these tech giants use the control they have to block some offending apps.
But both of them also routinely allow apps that have common malicious patterns, including many apps built with surveillance tooling that sell their users’ data to data brokers. If the tech giants were serious about user safety, they could have banned these practices, but they didn’t. Google’s security claims are also weakened by the fact that cellphone hacking company Cellebrite tells law enforcement that Google’s Pixel phones can be hacked, while phones running GrapheneOS, made by a small non-profit organization, cannot. (A reporter asked why, and Google did not respond.)
To make matters worse, organizations like Google are vague about their policies, and some of their policy statements may put developers and users at risk. For example, in discussing blocking Red Dot, Google told 404Media that “Apps that contain user-generated content should also perform content moderation.” This implies that Google may be reluctant to distribute fully end-to-end encrypted apps like Signal Private Messenger or Delta Chat, because by design those app vendors are unable to review user-generated content. End-to-end encrypted apps are the gold standard for secure communications, and any app store that signals a desire to remove them can’t claim to put security first.
Furthermore, even if you’ve carefully curated the apps you install from these major app stores to avoid spyware and use highly secure apps, the stores themselves monitor the devices, what apps are installed on each device, and probably more. Being a user of these app stores means being under close, regular surveillance.
Other options exist
These centralized, surveilled, censorship-enabled app stores are not the only way to distribute software. Consider alternative app stores for Android, such as Accrecent, which prioritizes privacy and security requirements in its apps, and F-Droid, which enables the installation of free and open source apps. In addition to offering quality tools and auditing, F-Droid’s policies encourage apps distributed on the platform to eliminate the massive amounts of corporate spyware that infiltrate both Google and Apple’s app stores. Neither F-Droid nor Accrecent monitor their users at all.
F-Droid developers recently wrote about the impact Google’s upcoming developer registration requirements could have on the broader ecosystem of privacy-protecting Android apps. The result doesn’t look good: The ability to install free and open source software on an ordinary device may be gone. The few people who have given up on using unusual devices (“uncertified” Android deployments like GrapheneOS, or more obscure non-Android operating systems like Fosh) will still have the freedom to install the tools they want, but most people will be stuck with things that can quickly devolve into a government-controlled police in your pocket.
How can we push back
In an increasingly centralized world, it would take very little time for an abusive government to make an effective organizing tool disappear, block an app belonging to a critical dissenting media outlet, or force offensive malware into a software update used by everyone. We need a shared infrastructure that does not allow this type of centralized control. We can disrupt oligopolistic control over software through user choice (for example, prioritizing and installing free software), building good protocol frameworks (for example, demanding tools that use open standards for interoperability), and through regulatory intervention (for example, breaking up monopoly actors, or mandating that OSes must allow sideloading, as the EU did with DMA).
The devices you carry with you, that reveal so much about your life, should be under your control, not the control of an abusive government or the corporations that operate at its behest.