Federal Cybersecurity Agency Contradicts Antitrust Push￼
By Patrick Hedger
A common, key component of antitrust proposals targeting the tech sector at both the federal and state level is mandated “sideloading.” Sideloading in this context refers to the ability to access a device, such as a smartphone, and load software onto the device without going through the channels established by the provider of the device, such as the Apple App Store or Google Play store for iPhones and Androids, respectively.
In short, mandated sideloading would allow greater third-party access to Americans’ personal devices. The problem is those third parties are not always the good guys. Yet the pathways provided by mandated sideloading don’t discriminate between good actors and bad ones. Once a backdoor is built and unlocked, it is just as easily accessed by malware.
The risks inherent to sideloading are why the United States Computer Emergency Readiness Team (CERT), itself a part of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), recently reminded Americans with the following tweet to avoid sideloading:
CERT goes on to link to CISA’s website, to a section on “Privacy and Mobile Device Apps” that explains the threats posed by malicious apps in greater detail and how to avoid them. Again, CISA explains that Americans’ should generally avoid “unknown sources” for apps outside of places such as the Apple App Store and Google Play store.
The warnings could not be more explicit from the experts in the federal government charged with ensuring America’s cybersecurity. Yet these warnings continue to be disregarded by those seeking to mandate sideloading through antitrust legislation.
Should such sideloading mandates become law, it is painfully clear that Americans’ personal devices will become significantly more vulnerable to cybercriminals and hostile nationstate actors by default.
To learn more about the dangers of sideloading and the risks posed to cybersecurity by various tech policy proposals, continue to explore the website of the App Security Project.
Published on July 6, 2022Original Publication