Tim Cook is right and wrong about sideloading

Android dudes
(Image credit: Jerry Hildenbrand / Android Central)

At the 2022 International Association of Privacy Professionals (IAPP) conference Tim Cook got a little passionate about what he calls the "data industrial complex" and one of the most essential battles we are fighting against right now. What he was really talking about was sideloading apps onto the phone you paid for.

This is not a thing for those of us with an Android phone, but for iOS, you have never been able to install apps that didn't come from Apple's official App Store unless you went through the hassle of jailbreaking your expensive phone or tablet. Apple has always hated the idea of sideloading and probably always will.

Sideloading is good for users even if big tech thinks otherwise. Just know the risks.

The reason he went on about all of this is that the legal landscape — especially in the E.U. — is changing in ways that might force things like interoperability of chargers, opening up long-closed Apple features like iMessage, and being able to install applications outside of the Apple-approved App Store marketplace. 

While lawmakers and marketing groups (as well as tech writers like myself) think these ideas are good for the consumer, Apple and Google aren't keen on being forced to change the old ways of doing business. Those old ways were pretty damn lucrative after all.

But buried in the talk about how sideloading is literally the devil and the data industrial complex wants to send our sons and daughters off to war, there is a sliver of truth where sideloading carries more risk than anyone wants to talk about.

Google protects Android users in more ways than Apple does

Google Play Protect

(Image credit: Android Central)

Yes, you read that correctly. When it comes to applications with bad intentions, Google does more than Apple to protect you. That's because Android was designed with the ability to sideload apps and iOS wasn't.

There is a great write-up about the hows and whys here, but in a nutshell, it comes down to Google Play Protect. Think of it like a virus scanner that runs every day and can kill off bad apps even if they weren't downloaded from the official Google Play Store. That means you can download and install an app from anywhere, and if it does malware "stuff" it gets found. The system isn't perfect, but it works really well.

Apple designed iOS to download and install apps from only one place: the App Store.

Apple has no such protections in place because iOS was designed to only download and install apps from the Apple App Store. 

I'm not trying to convince you that one is better than the other. I'm just saying that when it comes to actual malware and sideloading, Google has been prepared for a long time and Apple would have to build some sort of system from scratch to do the same.

The real issues comes from store policies

Fortnite

(Image credit: Android Central)

Android and iOS both use similar systems when it comes to the ways apps can operate within the system on your phone. There are user and group permissions, sandboxing, and APIs that make sure an app can't get any data from other apps unless you allow it. There are exploits that break these systems from time to time, but those are quickly patched. 

Sideloaded apps would still have to follow this set of restrictions to work on your phone. Unless you've rooted or jailbroken it, your phone's operating system knows how to keep apps in line and force them to behave. On Android phones apps that can't follow these rules get ferreted out by Play Protect, and whatever Apple would design to enforce these safeguards would do the same if sideloading was allowed on iOS.

What can't be enforced on an app you installed from a third party are app store rules and developer agreements that all apps in Google Play or the App Store have to follow. Those can be pretty important, too.

Google Play and App Store policies are there to protect us as well as make money for Apple and Google.

To publish an app to Google Play, a developer has to do things like provide you with a privacy policy and follow rules about what data is collected and how. Android itself can't enforce these rules as written, because apps need to collect data in different ways. To take things a step further, the company a developer uses to monetize their app through ads also has to play by the rules Google put in place or the app can be pulled out of the Play Store.

If an app isn't published in the Play Store, these rules don't have to be followed. That means a developer can, in theory, lie to you about the data being collected and how it is used or even collect unnecessary data about you. 

Another thing that helps protect users even though it may restrict choice and hurt developers is payment processing. There are very strict rules about how you can pay for apps or make in-app purchases that must be followed for an app to be published in Google's Play Store. There are plenty of other ways a developer can process payments, but if they want their app to stay in Google Play they can only use what Google allows. 

Who do you trust more with your bank card number: Google or Jerry's PayPal? If I work hard and develop an app worth paying for, I should be able to enter a contract with you and collect the payment without Google getting a portion of it that's too large. But to be 100% safe, you as the user can trust Google with your payment information more than you can trust me.

Data is valuable

Pixel 6 Pro Privacy Dashboard

(Image credit: Jerry Hildenbrand / Android Central)

To be clear, I don't think there are many developers out there that will skirt these rules and be all kinds of shady once they get you to sideload an app on any of the best Android phones. And there are third-party app stores that have rules developers must follow to protect our privacy. But it could happen. 

I also don't think this is why Tim Cook is so against sideloading on iOS or why Google reluctantly allows it. Money is what drives companies like Google and Apple and keeping everything inside the walls of their own ecosystem is better for the bottom line.

I do think it's important for all of us to think about what could happen whenever we make a decision that involves our personal data. Data Industrial Complex weaponization chaos conspiracy theories aside, data is very valuable and important. That's why companies like Apple and Google want to keep it to themselves.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Threads.

Read more
Demonstrating the many ways to download TikTok on an Android phone while an iPhone sits face down
TikTok is back, but Android users never missed out in the first place
Amazon Appstore
Amazon abandoning its Appstore only makes Google's lock stronger
Comparing the sizes and shapes of the displays on the Samsung Galaxy S25 Ultra, Samsung Galaxy S25 Plus, and Samsung Galaxy S25
Is the partnership between Samsung and Google ruining the Android ecosystem?
Obtainium website on the Odin 2 with the app on the S25 Ultra and Pocket DMG
The Play Store sucks, so here's what I use instead
Android figures
You shouldn't steal eBooks unless you have good lawyers
Android statues
Ask Jerry: What happens if Google ignores the EU's DMA rules?
Latest in Phones
Galaxy A36 5G lifestyle ad
The Galaxy A36 5G was just announced, but you can ALREADY score $150 off at Samsung — here's how
The Light Phone III in lifestyle photos.
The Light Phone 3 is here with miniature features, massive $799 price tag
The Galaxy S24 Plus in hand with a light behind it
Samsung's sixth One UI 7 beta for the Galaxy S24 rolls out as launch nears
POCO F7 Ultra back view on blue background with yellow colors next to it
POCO F7 Ultra review: The best bargain of 2025
The Samsung Galaxy S25 Edge on display
New leak shows off Samsung Galaxy S25 Edge in 'Titanium' variants
The back of the Obsidian Google Pixel 9 Pro
Some Pixel owners had a delayed start, thanks to alarm clock failures
Latest in Feature
A Qualcomm Snapdragon 8 Elite placard at a press event
Qualcomm's 'Elite' branding should stay exclusive to Oryon-based chips
Comparing the display size on the Samsung Galaxy S25 with the Samsung Galaxy S25 Plus
What you need to know about One UI 7: Software is hard
A Meta Quest 3 and Meta Quest 3S alongside a candle, can of paintbrushes, and five markers
At-home date nights are better in VR (no, seriously)
The Moto 360 smartwatch worn on a wrist, showing an analog watch face.
Wear OS is still missing a major player, and now's the perfect time for a comeback
AirPods Max (left) hanging from a park bench beside Beats Studio Pro (right).
USB-C AirPods Max are getting an upgrade Android headphones had all along
Android statues
Ask Jerry: What happens if Google ignores the EU's DMA rules?