Apple store showing antitrust lawsuit and privacy and security

Apple Facing Justice Department Antitrust Lawsuit, Consumers Shortchanged on Privacy and Security

One of the major selling points for paying the premium price for Apple hardware has always been its “walled garden” approach to handling apps, promising end users better privacy and security as the company takes a more active role in monitoring and filtering available software. That practice has now become a point of contention in a Department of Justice (DOJ) antitrust lawsuit, which (among other things) alleges that Apple’s stifling of third-party app availability actually led to worse privacy and security outcomes for its customers.

Apple’s approach to privacy and security under new regulatory scrutiny

The DOJ has filed a civil antitrust lawsuit against Apple, joined by 16 other state and district attorneys general. The suit alleges that Apple has attempted to monopolize the smartphone market in violation of Section 2 of the Sherman Act.

The central focus of this antitrust lawsuit is the collection of restrictive policies that Apple uses to control what products and features app developers can offer. The DOJ sees this as a monopoly due to an alleged pattern of using these policies to prevent developers from offering interoperability with other platforms, undermine products that might come into conflict with Apple’s own services, and extract an excessive amount of money in fees.

The DOJ also argues that consumers are being shortchanged on privacy and security as a result of the situation, even though these are two of Apple’s primary marketing points. One specific criticism included in the antitrust lawsuit is that the company has intentionally stifled cross-platform messaging functionality to keep consumers from considering alternatives to an iPhone. Another is that Apple restricts developers from offering tap-to-pay functionality in a bid to force user transactions into Apple Wallet, reducing security options when they seek to pay with other services.

The antitrust lawsuit goes all the way back to the reign of Steve Jobs in making its case, noting that in 2010 the former CEO exchanged emails with executives making clear that the company would force developers into using its payment system so that eventual customers could not easily move between Apple and Android devices. The suit notes that over the ensuing decade-and-a-half, Apple has consistently responded to innovative challengers by attempting to smother them rather than lowering their own prices or improving terms for developers to compete.

The DOJ also notes that Apple is gradually moving into other sectors, and it can be expected to bring its current business practices (and privacy and security issues) to them if it becomes a dominant player. This includes financial services (the Apple Card), a spectrum of TV and movie services, and even the recently-canceled Apple Car project.

Antitrust lawsuit attacks dual standards governing app store installation, Mac sideloading

The DOJ complaint further describes Apple’s privacy and security practices as an “elastic shield” that is intentionally stretched to suit business interests. One example given in the court filings is that governments and enterprise customers are given a special exception to install their own secure app stores on devices. Another is that sideloading is very simple and essentially permitted on the company’s Mac computers, only restricted on the devices that Apple holds a dominant market share of and is in competition with Android.

iMessage is also a growing privacy and security concern. Apple blocks other messaging apps on the platform from exchanging SMS with Android devices, essentially forcing its users into iMessage for at least some of their communications; these are not encrypted as they normally are when exchanging with another Apple device. Users do have the option of disabling iMessage but almost never will because of these limitations, and it has become the primary target for “zero day” attacks that in some cases have completely compromised devices without an incoming message being opened by the user.

Apple has also sat on independent developers attempting to add missing functionality, often invoking privacy and security as the reason for running them out of business. The prime example of this is startup Beeper, which emerged in 2023 with an app that allowed Android users to exchange end-to-end encrypted messages with iMessage users. The app was legally beyond Apple’s reach, but Cupertino engineers simply tweaked iMessage to prevent Beeper from connecting to it and the startup called it quits at the end of the year. Apple’s justification for this was that it cannot allow iMessage clients on other platforms since they would be beyond its ability to ensure they are secure.

Similar privacy and security concerns raised in the antitrust lawsuit extend to how Apple handles user personal data, and makes exclusive deals with other tech giants. One example of this is Apple agreeing to make Google the default search engine in the Safari browser, which pays Apple 36% of the revenue generated by those searches; this in spite of Apple centering its marketing on it being the secure alternative to Google’s products that respects user data privacy. And if Apple customers want to pay for services that are potentially sensitive via their phone, such as bank transactions or health care, they are pushed to do it via Apple Wallet.

The App Store is not at the center of the antitrust lawsuit, however, because a prior court decision has essentially cleared it to limit developers and charge fees as it sees fit. While Apple did not win on every point in the suit brought against it by Epic Games, the core business model that was challenged there was essentially validated and the Supreme Court has declined to hear an appeal of the decision.