Congress should not pass legislation targeting app stores

OPINION:

As Americans have become more dependent on apps and online services, they’re leaving a tremendous amount of sensitive data online, and a growing chorus of voices, including consumer advocates, members of Congress and tech industry experts, has begun to raise concerns.

In recent weeks, lawmakers have debated a range of bills designed to rein in how some of the country’s largest companies collect, use and store Americans’ data. But instead of safeguarding consumer data more effectively online, some members of Congress are considering legislation that would make Americans’ sensitive information less secure.

There already aren’t a lot of standards when it comes to the internet, but current laws and regulations have allowed producers of the apps we buy and install on our phones to coalesce around some standards that make the buying and downloading experience safer for all of us. Now some see those basic privacy policies as obstacles to greater profits and want to change the rules. And they’ve lined up some help on Capitol Hill.

According to recent reporting, some lawmakers in the House of Representatives are preparing to reintroduce the Open App Markets Act, which would force app stores to get rid of privacy and security features that consumers rely on to make sure they’re downloading safe and secure apps. The legislation would also empower companies to engage in questionable data collection practices designed to profit from consumers’ sensitive information.

This legislation would allow app sideloading, which would allow companies to sidestep having to host their apps on app stores with rigorous cybersecurity and data privacy standards in place. Instead, businesses could require consumers to download their apps from the internet, where they get to write their own rules about how they can use consumer data. Companies could go so far as to create their own app stores, exposing consumers to vulnerabilities and allowing businesses to engage in behavior that abuses consumer privacy.

Concerningly, companies that have a track record of questionable data privacy practices stand to gain the most from this legislation. Facebook, for example, would be one of the bill’s biggest beneficiaries, and Mark Zuckerberg, CEO of its parent company, Meta, has indicated his support for it.

It’s not hard to imagine why. Facebook has a long history of misusing Americans’ data for financial gain. It was found to have shared users’ private messages, contacts and posts with more than 150 third-party companies without their consent from 2010 to 2018. It was fined a record $5 billion by the Federal Trade Commission for misusing consumer data in 2019.

App store privacy guidelines have put a stop to some of Facebook’s unethical data collection practices. For example, Onavo, a VPN-like app acquired by Facebook, was kicked off app stores in 2019 after reports surfaced that it had violated app store privacy policies.

More recently, leaked documents revealed that Facebook had designed the app to intercept, decrypt and access messages sent by users on Snapchat to gain a competitive advantage on the social media startup. Without basic privacy standards set up by app stores, Facebook might have been able to use Onavo to continue to mine consumers’ data without their consent.

What’s worrisome is that Facebook and companies like it want Congress to pass this legislation so they don’t have to worry about app store privacy standards. Instead, they want to force consumers to download their apps through the internet or on their own app stores so they can continue to engage in questionable data privacy practices that make them money but expose consumers to fraud and theft.

Without app stores to keep these companies in check, their apps would become even riskier than they already are. Congress should not give companies that have demonstrated time and again that they cannot be trusted with consumer data a pass to continue engaging in unethical data collection practices.

Instead of rolling back essential privacy protections, lawmakers should get serious about safeguarding Americans’ data.

• Brian McNicoll is a freelance writer based in Alexandria, Virginia, a former senior writer for The Heritage Foundation and a former director of communications for the House Oversight Committee.