One of the basic rules of childhood is you do not accept candy from strangers. Yet, every year this rule is effectively ignored on Halloween. While the risks are never zero, children go door to door to ask for candy because of some commonplace safeguards. Parents usually accompany small children, set rules for how long their older kids can be out and how far they can go, and most parents will look through the haul at the end of the night for anything suspicious. There’s also the fact that a lot of trick or treating doesn’t occur amongst strangers, but rather amongst neighbors. Even if kids don’t know who they are accepting candy from, parents usually have a good sense of who is around.
Now ask yourself, do you know anything about the company you downloaded that candy puzzle app from?
Of course not. That’s because major smart-device manufacturers and operating system developers, such as Apple, Google, Microsoft, and even Amazon and Facebook on certain devices, exert extraordinary effort and resources to police their app stores and software ecosystems. Yet, bipartisan legislation introduced in both chambers of Congress now threatens to kneecap the ability of these companies to protect their customers.
The facts are that almost everyone with a smartphone has downloaded a third-party application without looking at, let alone researching the developer. People routinely breeze past the terms of service and put the app on the same device that now contains the most sensitive information about them. With the ability to securely store and act as credit cards, identification cards, house keys, and car keys (to name a few apps), smartphones have become the only thing you need when you leave the house. Thanks to the policies put in place by the major device providers, it is very rare that this dynamic cause problems for the average consumer.
Unfortunately, the dubiously named American Innovation and Choice Online Act would upend the ability of Apple, Google, and others from offering the same security expectations they do now. The legislation would force the manufacturers and developers of smart devices to allow third parties sweeping access to Americans' phones, tablets, and personal computers, tear down existing safeguards in their current app stores, and force them to host third-party app stores.
The proponents of this kind of legislation claim it will be a boon for competition in the app developer space. The opposite is true for a simple reason. Existing app store policies, though varied, allow for the trust consumers put in very large, very public brands like Apple and Google to extend down to smaller developers offering various apps that do countless things, all without interfering with or harming the core functions of the device. This is extraordinary progress. For those of us that remember the days of LimeWire and other peer-to-peer file sharing services, our blasé use of third-party apps today sounds downright insane when you really think about it. Within the lifetime of a millennial American, downloading anything from an unvetted source was like playing Russian Roulette with your computer.
In effect, the brand power of major companies is being lent to small developers who have useful products, but not a big enough brand name. Developers that follow some basic rules of the road can focus on competing on the functionality of their apps, without worrying about proving their trustworthiness. In turn, this all-but eliminates security-related frictions Americans have in selecting an app that looks good from a company they otherwise know nothing else about.
Now imagine Americans’ current app security expectations evaporating overnight. From ransomware to identity theft there would be a surge in cyber attacks brought about by a false sense of security before Americans could adjust their risk radars. Consumers have already experienced the damage these attacks can do on a widespread basis with existing safeguards. Let’s not forget the Colonial Pipeline incident, or the attack that took down Sinclair Broadcasting in just the past few days.
Over the long term, Americans would certainly adjust and become more cautious, but third-party application markets would suffer. Instead of enhancing competition for small developers, Americans would undoubtedly retreat to the software provided by brands they already know and trust, like Apple and Google. In short, online security would be forever damaged and competition would be worse-off for those this legislation purports to help.
This Halloween, Americans should take a careful look at what’s really in the supposed treats Congress is pushing when it comes to smart devices and apps, or else they’re bound to find themselves the victims of the devastating tricks of bad actors online.