Main image of article China Gets App Store Oversight. Are We Next?
[caption id="attachment_138519" align="aligncenter" width="1360"] Mac App Store WWDC 2016 Mac App Store WWDC 2016[/caption] The Cyberspace Administration of China, which bills itself as the “office of the central leading group for cyberspace affairs,” is demanding that all app stores distributing apps in the country register with it. Its main concern is malware, which plagues us all but is certainly prevalent in China. And it has us wondering: should more governments have such oversight over apps within their borders? China’s reasoning for wanting app delivery companies to register is vague. It insists that no self-governance of disparate app stores exists, but offers no direct examples. In a Google-translated version of the Cyberspace Administration’s dictum, it says “some of the basic norms of the application store are not perfect,” and “basic management is not in place.” It cites app audits, the “dissemination of illegal information,” as well as “infringement of legitimate rights and interests” and “frequent” security risks as cause for concern. The “dissemination of illegal information” is particularly interesting. The Cyberspace Administration’s new rule comes after the New York Times app was removed from the App Store in China. Speaking to The Times, a spokesperson from Apple said the app violated “local regulations":
For some time now the New York Times app has not been permitted to display content to most users in China and we have been informed that the app is in violation of local regulations. As a result, the app must be taken down off the China App Store. When this situation changes, the App Store will once again offer the New York Times app for download in China.
The spokesperson was unable to identify which regulations the newspaper had supposedly violated: [caption id="attachment_139272" align="aligncenter" width="6000"] Android Tablets Android Tablets[/caption]

New Rules for the App Store

In theory, China’s newest rule would allow it complete insight into an app store. The distribution channel must register with the state, provide any and all records as demanded by the government, and allow China to audit at any time. Should it fail to comply, China can simply shut it down. Short of that, the government is reserving the right to put its thumb on an app store via increased scrutiny and inspections. This directly affects Apple, which controls the flow of apps to users via its App Store so stringently that it's being sued for monopolizing iOS. If you’re on iOS in China, there’s no direct way to get apps other than through Apple’s own portal. iOS developers are well aware of the safeguards Apple puts in place with regard to security and malware; disinformation is entirely different. No company operating an App Store can manage the content an app distributes if the information is dynamic, such as with a news app. Apple’s own rules mandate that apps disallow NSFW content by default, but you can sidestep that for services that have a web-based presence where you can manage settings, such as Reddit. But those rules prohibit the obvious players such as PornHub, which have no other reason to have an app other than to distribute porn. The New York Times simply drew the ire of China, so it was removed. It’s important to note Apple has made a dedicated effort to work with the Chinese government so it could break into the market there (read: Apple is playing nice with a communist regime in order to make money). Others will likely follow suit. Xiaomi, Huawei and other Chinese companies have their own app portals, mainly because Google chooses not to operate the Play Store in China. They also may have to end up registering or shut down. shutterstock_120227461_china_Stephen-Finn

The Government and Our Apps

China and the Unites States have little in common, politically. But government oversight of app stores in China does make us wonder if some oversight is coming on the domestic front. The problem is that ‘cybersecurity’ can be a hard target to hit (and the election hacking scandal probably shows we’re not uniformly great at securing email and databases), and the United States has free speech laws that make the “dissemination of illegal information” laughable as an argument for shutdown. But the government has a history and culture of watching its citizens in a clandestine fashion, as Edward Snowden’s revelations highlighted. In the case of the New York Times, the newspaper believes the request to remove its app from the App Store in China has to do with regulations released last year that state, in part, a company cannot “engage in activities prohibited by laws and regulations such as endangering national security, disrupting social order and violating the legitimate rights and interests of others.” The rules that apparently sidelined the New York Times in China are similar in some ways to The Patriot Act. For some very vague reasons, our government can ask a carrier or service provider to hand over information on citizens under title 2 of that legislation. Although companies such as Google regularly remind us of the hoops that the NSA or FBI have to jump through to get those records, they’re nonetheless available. [caption id="attachment_138182" align="aligncenter" width="650"] Image Credit: Commit Strip Image Credit: Commit Strip[/caption]

Risk Versus Reward

The Patriot Act is meant to provide our government a way to identify and stop terrorists; it was signed into law just days after the September 11 attacks. Still, many accuse the government of abusing it. Wisconsin Congressman Jim Sensenbrenner, who authored The Patriot Act, says that while the government has to report to a FISA court, it is often obeying the letter of the law, not the spirit:
The administration claims authority to sift through details of our private lives because the Patriot Act says that it can. I disagree. I authored the Patriot Act, and this is an abuse of that law.
It’s a curious time for United States politics. The incoming leadership is quite vague about what it plans to do in certain areas, cybersecurity included. Trump’s cybersecurity chief, Rudy Giuliani, can’t even protect his own website effectively (most alarming is how the SSL certificate is out of date, meaning it can be easily spoofed). Broader app store oversight by the United States government hopefully isn’t coming, but we should remain diligent to ensure it doesn’t. Cybersecurity and apps are a slippery slope, especially when you have the Patriot Act in the mix; if a calendar app was used to share a meeting where terrorist activity was happening, is it a tool of terrorism? The answer is: likely not. But the Inauguration at the end of this week adds a wrinkle to everything we think we know about our government, especially how it treats what it considers a threat.