In general, mobile device users in the United States download their apps through app stores that come preinstalled on their devices’ operating systems. For most Americans, that means they are shopping on the Apple App Store on iOS, or the Google Play store on Android. Operating systems and app stores come bundled together so that the operating system that runs the device can enforce the app store’s terms of service and prevent unapproved apps from accessing device controls and consumer information. We usually refer to the operating system and app store combination as a software platform.
Unfortunately, a few of the largest companies in the app economy began a campaign to recruit state legislatures, the courts, and Congress to prohibit software platforms from managing the ability for consumers to download apps from outside the main app store. In other words, they want the government to require software platforms to allow sideloading, and in the case of some proposals, prohibit the platform from even warning a consumer of the potential harms of sideloading apps.
The two major software platforms take robust measures to prevent sideloading of unvetted software that could harm consumers. Because iOS prohibits sideloading (downloading software onto a smart device from outside the main app store), and the Apple App Store’s terms of service bar copyright theft, sideloaded apps that steal content are difficult to install on an iOS device. But even Android presents problems for copyright thieves— the Google Play store also generally declines these apps, and by default, the current (and recent) versions of Android disallow sideloading. However, by going into the settings, users can allow sideloading from “unknown sources,” one at a time. For example, users can enable software to be downloaded from the device’s web browser.
Software platform features that discourage sideloading protect consumers from malicious actors using malware installed on sideloaded apps to access personal information and commit criminal acts. Moreover, copyright owners, from the individual to major entertainment companies, use tools available under current law to remove counterfeit apps and apps that stream movies, music, and television illegally. Still, sideloaded apps appeal to consumers primarily because they are often free and offer access to streamed content without paying, including the most popular streaming and TV shows. Statutory or court-ordered mandates on software platforms to allow unvetted software onto these platforms will come at a cost to copyright owners and their customers.
Proposed legislation such as the Open App Markets Act (OAMA), recently introduced in both the House and Senate, will harm copyright owners by removing important barriers for bad actors and consumers to engage in content piracy. As described above, software platforms perform important gatekeeper functions that limit counterfeit apps and free access to movies, music, and television shows. The OAMA would require platforms to allow sideloading through mandating that platforms “provide the readily accessible means” for users to choose third-party app stores as defaults and install third-party apps or app stores. That said, a provision in the OAMA appears to preserve the role of the platform to decide if an app store or an app is bad for consumers. In theory, this could look something like Android’s option for users to sideload from trusted sources the user selects.
Unfortunately, the requirement still creates a presumption that a platform’s decision not to allow a third-party app or an app store is illegal and violates the requirement to make downloading a third-party app store “readily accessible.” OAMA goes further and would require platforms to give “access to operating system interfaces, development information, and hardware and software features” on “terms that are equivalent or functionally-equivalent to the terms for access by similar apps or functions provided by the” platform. Requiring equal access to hardware and software features appears to exclude removing a target app, unless one of the narrow exemptions apply.
The OAMA requirement on platforms to provide a choice along with equal access to device and software features to third-party apps and app stores also presents a risk of significant increases in content piracy for all copyright owners. Just as apps themselves have become the conduit through which all other content is pirated, the OAMA opens up another front on which all copyright holders must battle to protect against unauthorized uses and loss of revenue. The reality is that apps providing access to pirated movies, music, and television are available on all platforms, although less so on mobile platforms thanks in large part to app store prohibitions on content piracy and measures to prevent sideloading. A recent report by the Digital Citizens Alliance on ad-supported piracy highlighted several examples of apps being used to provide free access to content. Apps like MyMuzik and YTSMovies are just two of hundreds of results from a simple search for “free streaming apps.” Piracy already costs content owners billions each year. The OAMA would, in effect, clear a path for more piracy, increasing enforcement costs and reduce revenue for creators. As things are, allowing platforms to use a screening and approval process for apps makes it more difficult for illegitimate apps to get into the store for consumer download.
The OAMA will weaken the effectiveness of the notice-and-takedown procedure in Section 512 of the Digital Millennium Copyright Act (DMCA) to get software platforms to remove illegal apps. Section 512 established a system for copyright owners and online entities to address digital piracy. It offered limited liability for online service providers that implement certain measures to prevent piracy, including quickly responding to requests from copyright owners to takedown infringing material. Since becoming law in 1998, copyright owners have grown increasingly dissatisfied with the effectiveness of the provision to fight infringement. In the Section 512 Report issued by the Copyright Office in 2020, copyright owners argued that “…the volume of notices demonstrates that the notice-and-takedown system does not effectively remove infringing content from the internet; it is, at best, a game of whack-a-mole.”
Now, how ineffective would the takedown notice be if a software platform must allow any app or app store on mobile devices? For example, if a fraudster specializing in stolen video content, posing as a fake Disney+, sought to have consumers sideload their video apps in order to upload malware onto as many personal devices as possible, the OAMA would bar Apple from removing that app and from blocking its access to device features or personal information because it nominally competes with Apple TV+. The presumption of illegality applies even if Disney filed a takedown notice under Section 512. The OAMA provision allowing an exemption is only available to Apple if it can show that removal of the pirate app “applied in a demonstrably consistent basis to Apps of the Covered Company… not used as a pretext to exclude, or impose unnecessary or discriminatory terms on, third parts apps… and narrowly tailored and could not be achieved through a less discriminatory and technically possible means.” Apple would have to make this showing by clear and convincing evidence, or else be liable for violating OAMA and be subject to civil penalties. This situation would tie Apple’s hands and they could face liability for compliance with a takedown notice. If copyright owners thought it was a game of whack-a-mole before, imagine if the app stores can no longer serve as a gatekeeper to content piracy.
Statutory mandates for app stores to allow unvetted third-party apps onto smart devices will increase consumer exposure to risk of malware giving hackers access to users’ personal information. For most consumers who want to sideload third-party apps, they have to either “jailbreak” their device or use device settings to allow trusted apps to be downloaded. This layer of restrictions provides simple but effective barriers to malicious actors having access to unwitting consumers. Counterfeit software apps can and do lead to consumer data loss, interruption of service, malfunctioning devices, loss of access to content, voiding device warranties, identity theft, fraud, and even civil and criminal prosecution for copyright infringement.
Clearly, the cost to consumers is great, but so too is the harm to a business’s reputation and revenue. Businesses providing content and services have a strong interest in protecting their customers. Piracy and counterfeit software apps threaten end-user confidence and can lead to reputational damage. These costs may be difficult to quantify, but they are nonetheless quite real. The OAMA will put counterfeit apps on equal footing with legitimate apps in the mobile ecosystem, leaving consumers exposed should they download the wrong one. Software platforms perform a necessary and important role in providing a safe online market that benefits both content providers and their customers. Having a lot of options and flexibility to manage smart devices is also good. But letting cyber criminals set up shop inside the app marketplace will result in more piracy, lost revenue, and customer dissatisfaction. For these and the above reasons, we strongly caution policymakers against pursuing legislation that prevents software platforms from removing counterfeit apps and other stolen content.