Sideloading: Why is Congress Risking Consumer Security?

Every day, millions of American consumers will download mobile applications from either Apple’s App Store or the Google Play store. These applications, or apps for short, allow consumers to do everything from play games to purchase stocks. Despite the immense benefits these stores provide consumers, lawmakers in Washington D.C. and in statehouses across the country are seeking to crack down on these app stores in a way that could endanger privacy and gift cybercriminals access to consumers’ sensitive financial information.

Much of the amenity toward app stores is based on the opinion that they are anti-competitive and overcharging developers for access to the millions of consumers who own a smartphone. Senator Richard Blumenthal (D-CT), the sponsor of the federal Open App Market App that, if enacted, would allow sideloading, argued the behavior of these stores amounts to “coercive anticompetitive walls” that have “quashed competitors and kept consumers in the dark—pocketing hefty windfalls.”

While Congress debates allowing sideloading, four states, Minnesota, Rhode Island, Illinois, and Arizona, have considered their own laws. While most of these bills have failed to gain enough traction to pass, the movement at the state level shows that state legislators are as much of a threat to consumer safety as Congress.

Sideloading occurs when consumers transfer “a file between two local devices without the internet,” usually via Bluetooth or by connecting each device to a cable. Under current legislative proposals, consumers would be free to transfer apps between devices without downloading them directly from an app store, avoiding download fees.

Unfortunately, sideloading presents a considerable risk that unvetted apps could “make a mobile device extremely vulnerable to attack,” as mischievous apps containing malware or ransomware can be transferred between consumers. This risk is possible because consumers could inadvertently share apps that have “not been approved by the developer of the device’s operating system.” Once a phone has been infected by ransomware or malware, their sensitive information then becomes vulnerable to cybercriminals.

Apple has routinely sought to make consumers and lawmakers aware of the risks that sideloading presents to consumers. While Apple does not allow consumers to sideload apps onto its devices, it is possible on android devices, resulting in these devices experiencing “between 15 and 47 times more infections from malicious software than iPhone.” The company also noted that “98 percent of mobile malware targets Android devices” because they are significantly more vulnerable than Apple products.

The evidence is clear; allowing sideloading dramatically increases the risk to consumers that their devices will be compromised.

As the Federal Trade Commission notes, infected by Malware, it becomes possible for cybercriminals to record consumers’ keystrokes or monitor internet browsing. This malicious software becomes particularly dangerous when consumers attempt to purchase goods via their infected phones, as cybercriminals will be able to access credit card information, names, addresses, and even social security numbers.

For consumers, identity theft can cause severe emotional and financial damage. It’s been estimated that while most victims of identity theft will lose “less than $500,” one-fifth of victims have “reported losing more than $20,000.”

The Georgia Division of Consumer Protection has also outlined the emotional effects of identity theft, showing victims experience “the psychological pain of loss, helplessness, anger, isolation, betrayal, rage, and even embarrassment” with longer-term effects such as “fears regarding financial security, the safety of family members, and the ability to trust again. With such significant financial and emotional effects, Congress and state legislators should not be making it easier for cybercriminals to get hold of sensitive consumer information simply because it’s politically expedient to propose measures that target big tech.

In the fight against big tech, its consumers will ultimately lose out. Lawmakers at every level must recognize this.

FacebooktwitterredditlinkedinFacebooktwitterredditlinkedin