FW: Epic v Apple Day 14 Pool Report


Leah Nylen
 

Hello friends, it’s Liz from The Verge again. Questions/concerns: 510-612-2139 / liz@... / @mslopatto (my DMs are open).
Judge Yvonne Gonzalez Rogers (YGR) entered the courtroom with no mask. Later, she put on a gray mask.
For Epic:Katherine ForrestTim SweeneyLauren MoskowitzColleen KozikowskiBrent ByarsJin Niu
Apple:Richard DorenHeather GrenierKaren DunnPhil SchillerLauren DanseyVeronica Smith Moyé 

Witnesses today:Dominique Hanssens, distinguished research professor of marketing at the UCLA Anderson Graduate School of ManagementJames Malackowski, CEO of Ocean TomoAviel Rubin, technical director at the Johns Hopkins University Information Security Institute.
We begin by discussing potential rebuttal witnesses. Epic may call them; Apple feels the deadline has passed for this and there should not be any surprise witnesses. “There should not be any surprise rebuttal witnesses” at this point, Doren says. Forrest says that there was a finding of fact that wasn’t previously in the documents — ”it is an unanticipated event, it would be 10-15 minutes.” 
YGR: “There is nothing for me to rule on right this second.”
Dominique Hanssens, distinguished research professor of marketing at the UCLA Anderson Graduate School of Management, takes the stand at 8:10AM PT. He’s an expert in marketing and surveys, Veronica Smith Moyé establishes.
Hanssens was asked to design and conduct surveys of iOS device users age 13+ . He was also asked to evaluate Epic’s expert Peter Rossi’s survey and the validity of his results. Hanssen conducted two surveys: one of people who’d visited the App Store and downloaded apps in the last 12 months, and one of people who’d played Fortnite on their iOS devices in the last 12 months.
The main goal of the iOS survey was to determine how much they used other electronic devices (ie, non-iOS devices) and whether they used them on a regular basis. The other goal was to find out about electronic devices they could have used and didn’t. The language was chosen deliberately because a certain device might be used by someone on a daily basis and someone else might use it on a weekly or monthly basis. So the focus is not on the frequency, Hanssens says. The 12 month thing is significant — Hanssens says this corrects for seasonal variation. (You may recall that Apple previously argued that Epic’s antitrust analysis, which relied on a month-long study right after the holidays, was skewed by the survey period.)
So 92 percent of people in the iOS App Survey used other electronic devices in that 12 months, and 99 percent regularly had other devices available for use. For the Fortnite group, 97 percent regularly used other devices, and 99 percent had other devices available. The Fortnite survey also found that 94 percent of people played on other devices.
For robustness checks, to make sure the results hold for reasonable subsamples, Hanssens compared results by iOS device (iPhone v iPad or both) and found there was no material change in the two surveys. In another check, Hanssens’ group also excluded those who answered too quickly or two slowly. Still no change. They also excluded respondents who regularly used (or could have used) a Microsoft Windows OS smartphone (a “surprising” finding, Hanssens says, with no change. 
Now looking at Rossi’s results. They are similar but not quite the same. “There were several areas of concern to me,” particularly because Rossi is establishing a hypothetical. “The overall conclusion is that like me, he did a pretest on the first draft,” Hanssens says. But he made fairly substantial changes, and as a result had a different V1 and subsequently V2 and V3 — so three rounds of changes, none of which were pre-tested, Hanssens says. He did what Hanssens calls a “pilot test” instead of “pre-test.”  Rossi’s final pilot was 1/19/21 and then the real thing started 1/20/21. V3 is the same as the final survey. Hanssens says the failure to pretest V3 may have had an effect on how reliable the results are.
A specific question we are now looking at was modified between V2 and V3. It’s a forward looking question, asking if you’d make fewer purchases in response to a 5 percent increase. The no answer is “No, the price increase would not cause me to make fewer purchases.” The final survey question was “Thinking about the same 30-day period, would you have made the same purchases of IAP/subscriptions with higher prices?” so it’s a backward looking question. (Would you have made the same purchases at higher prices, in other words.) The no answer is now “No, I would have changed my purchases and spent less than $4.24.” The backward-looking scenario creates concerns, Hanssens says. “When a consumer decides to react to a price change and still go with the purchase, they take the risk, because it’s a price increase, of not being satisfied and paying more for it. If you move the clock back 30 days, then you already know what your experience has been, because you’ve actually purchased that subscription or app.” That conflates the price reaction and satisfaction with the existing product. “That conflation causes me some concern.”
We are now looking at two assessments. V1 and V2 with “don’t know” on the hypothetical vs. V3 “not sure.” On the forward-looking hypothetical, we get 4 percent of people as “don’t know” — “backward looking,” the number rises to 10 percent. “That causes me some concern,” Hanssens says.
Hanssens also thinks the no-to-yes change on the survey questions matter. On V1 and V2, we see “no” as 51 percent, that is, 51 percent would not make fewer purchases. On V3, we see 73 percent have said “yes, I would have made the same purchases.” Does the change from a no answer to a yes answer matter in the outcome? Yes, Hanssens says, it’s an example of “acquiescence bias,” or going along with the question. If the number of people he determined were “stickers” had actually been inflated, that means by definition you now have a smaller elasticity in absolute value than otherwise, Hanssens says.
Rossi’s 81 percent (from prior testimony)  is among the deciders; Hanssens is just among all those who answered the question. Setting aside sample differences and so on, Hanssens just asked about actual usage. Rossi was asking about a hypothetical. That’s the major difference.
Hanssens pre-tested his survey he says.
Now we have Lauren Moskowitz for Epic doing cross. Hanssens is not an expert in general survey design, he says. He doesn’t recall having done surveys on smartphones before, either.
He doesn’t know how his surveys were used by Apple’s other experts in this case. He’s heard of a SSNP test now — but hadn’t before his deposition. He did not conduct a SSNIP test here. We are now looking at Lafontaine’s market definition exercise. “Market definition is fundamentally about demand substitution” the snippet begins. Hanssens had an availability survey but not a substitutability survey, Hannsen agrees. 
An individual can’t substitute something if it’s not currently available, Moskowitz points out. “Willing” is also a key phrase in Lafontante’s definition. “Willingness” was not part of Hanssens’s survey. Hanssens’s survey gave examples for “availability” such as household devices or work devices, or a friend’s device. The friend is one of the people he asked people to think about, Moskowitz says. He asked in the Fortnite survey if he used other devices for game-playing, but didn’t ask the specific uses for which a device could be available. (So for instance, you might have a work computer that you answer emails on but wouldn’t play games on.) 
“You just didn’t care what respondents were using their devices for,” says Moskowitz, just whether the devices were “available.” He was hired to do availability, he says.
We now refer to Hanssens’ written direct, para 16 and 17. 81 percent of iOS users and 94 percent of iOS Fortnite users had regularly used  a non-Apple device. Lafontane had characterized Hanssens’ survey differently, implying current rather than past use.
Now looking at Apple’s opening statement slide: “95 percent regularly used or could have regularly used devices other than their iOS device.” It does not include the last 12 months, and does not speak to individuals who do not currently use other devices. 
Some of his figures include devices that are still manufactured by Apple, Hanssens says. So looking at his Fortnite results, when he gave this survey, he didn’t ask whether they actually used those devices to play games. He just assumed that those who used a console used that device to play games, Moskowitz says. “You don’t know one way or the other if they just used it to watch Netflix,” Moskowitz says. Hanssens agrees. 
H: I did not test it because these consoles are designed specifically for game-playing
M: You assumed it.
H: Yes.
“Let’s talk about ‘regularly.’” This is an imprecise word — and if a term is vague or ambiguous, it can create confusion, Moskowitz says. That means there might be clarity problems, she says. Hanssens agrees. Vague wording can introduce error, Moskowtiz says. Hanssens agrees. One pretest respondent thought ‘regular use’ was vague, and Hanssens didn’t probe into the interpretation of that word among those in the pre-tests, Moskowitz says. 
iOS App Survey Pretest: We are now seeing responses to “regularly” from the pretest — and they vary from once an hour, once a week, all the time, a couple times a week. We are getting some tetchy back and forth between Hanssens and Moskowitz about what “regular use” means. YGR instructs Hanssens to answer Moskowitz’s questions.
In the pretest, Hanssens did not ask whether the term “available to regularly use” was clear, specifically. He also did not ask if he thought the example provided for “available to regularly use” was clear. And in response to the general question, one respondent did say they thought “available to regularly use” was vague. Included in this group are also devices the respondents didn’t use. 
Hanssens did not revise his survey at all in response to his pretest questions.
He did not use focus groups. Rossi did. Hanssens skipped the step because he thought people understood the difference between a phone and laptop. But his Microsoft Surface — is that a tablet or a laptop? He says both.
Now looking at Microsoft Windows smartphone results. 13 percent of respondents for the app survey (and 19 percent of the iOS Fortnite survey) said they had these phones, which are no longer being sold or serviced. As of 2015, market share for those phones was less than 1 percent. Hanssens didn’t acknowledge this was surprising in his original report, Moskowitz says. Nor did he look at Apple’s data to see if the results had a basis in reality.
In his robustness check, he eliminated 30 percent of respondents (“was available” App survey) and 43 percent (“was available,” Fortnite survey) to control for the Windows phone responses. You can’t rule out that some or all of these remaining respondents were confused or unsure in response to the survey questions, can you? Moskowitz wants to know. Hanssens is confused by this question. 
We are moving to Rossi, and the hypotheticals. They’re appropriate when they’re an inherent part of the survey, Hanssens indicates. Rossi’s questions — Rossi collected his data in screener data, not using “regular” or “last 12 months.” Rossi didn’t report point estimates on this. 
Now redirect. Veronica Smith Moyé is back. 
Hypothetical questions — Hanssens feels that Rossi did not take the appropriate approach to hypotheticals. Hanssens says it’s important to do pre-tests; Rossi, for his backward-looking hypothetical survey question, did not do that, Hanssens says.
Now we discuss Microsoft. Did Hanssens do an assessment about the possibility of confusion about the Microsoft WIndows phone affected his results? He did. He took out those respondents for an assessment. 
We are now discussing AMBIGUITY.  “Regularly used” is not ambiguous in the context of his survey, Hanssens says. It’s a common English-language term, and he precisely wanted people to use interpreting for what’s relevant to them, and that is why he did not define it clearly. “I did not want to impose a certain frequency cycle on them,” Hanssens says. After all, he drinks coffee every day and goes to the dentists four times a year (seems like a lot, but ok) — and would say he both does regularly.
Once the Microsoft phone respondents were removed, the sample size was still good enough to draw conclusions, Hanssens says.
Onto consoles — Hanssens didn’t ask if people played games on consoles because that’s what they’re designed for. He didn’t want to ask something obvious. He also says he didn’t listen to LaFontaine’s testimony (or read it) so he can’t determine how she used his data. 
Substitutability analysis — are his results relevant to his question? Yes, Hanssens says. His survey determined that consumers had other devices they regularly used. Moyé is trying to get him to say that regular use of other devices speaks to substitutability but Epic’s Moskowitz successfully objects, cutting off the line of questioning.
RECROSS 
Hanssens doesn’t use “substitute” in the survey or the written direct. Hanssens says he doesn’t need to understand how his survey may be used to conduct one successfully. The only assessment he did re Microsoft confusion was to remove those respondents. He didn’t assess the understanding of the remaining respondents.
Hanssens is excused at 9:41AM.
James Malackowski, CEO of Ocean Tomo, takes the stand at 9:45AM. Richard Doren is handling his direct examination.
He’s a patent/intellectual property expert — Ocean Tomo is an IP-focused valuation, strategy and investment banking firm. He’s an accountant (CPA) and a certified licensing processional (CLP). He’s previously testified as an expert witness in district court, state court, bankruptcy court, etc more than 50 times. He’s appeared before YGR previously as well, in Netlist v Diablo. “I remember the case, I do not remember you,” YGR says. “That was a pretty memorable case.”
IP is a tool for economic development, Malackowski says. Business planning and investment decisions require predicting IP rights.  There’s an interplay between IP and antitrust. As an expert, he’s testified on matters related to that intersection (patent misuse, brand compliance for license agreements etc). Exclusivity is what gives the incentive to invest in innovation, Malackowski says.
“Free riding is when the relationship between the inventor and user breaks down. There’s no longer an agreed-upon contract or set of terms,” Malackowski says. He’s taken FTC guidelines on IP into account in this case. He “searched high and low” through Epic’s case documents, and found nothing about IP concern. So his assignment was to assess the “innovation footprint” for the iOS ecosystem: the R&D investment, the IP that resulted, and the use of that IP by Apple or others by license, including specifically Epic Games.
Overview of opinions: 1. Apple’s substantial and sustained investment in R&D results in valuable IP 2. App developers and consumers benefit from Apple’s innovation 3. Epic made substantial use of APple’s IP 4. Epic’s requested remedies would result in a compulsory license without compensation to Apple for its existing IP and ongoing innovation
A chart showing that Apple spent more than $101 billion from 2005 to 2020. The trend has been significant and upward, with more money spent on R&D every year. R&D is the raw material for creating IP, Malackowski says. That’s why it matters.
So we see 23,012 utility patents, 2,979 design patents, and 3,907 utility patent applications — looking at what exists and what is in process. In some companies, R&D grows significantly but patent application falls off, suggesting R&D has changed or become less efficient. Knowing how the input and output relate is important, he says. Apple’s data suggests it has a significant and sustained commitment to innovation, Malackowski says. Ocean Tomo manually reviewed 3,500-4,000 of Apple's patents to make sure they were relevant. They wanted to make sure Apple wasn’t just collecting patents.
Apple’s IP was relevant to the iOS ecosystem, Malackowski says. We now look at a slide of his findings. iOS: 1,227 patents, with 559 applications; App Store: 165 patents, 91 applications; 2,515 dev tool patents, 696 dev tool patent applications.


James Malackowski, CEO of Ocean Tomo, takes the stand at 9:45AM. Richard Doren is handling his direct examination.
He’s a patent/intellectual property expert — Ocean Tomo is an IP-focused valuation, strategy and investment banking firm. He’s an accountant (CPA) and a certified licensing processional (CLP). He’s previously testified as an expert witness in district court, state court, bankruptcy court, etc more than 50 times. He’s appeared before YGR previously as well, in Netlist v Diablo. “I remember the case, I do not remember you,” YGR says. “That was a pretty memorable case.”
IP is a tool for economic development, Malackowski says. Business planning and investment decisions require predicting IP rights.  There’s an interplay between IP and antitrust. As an expert, he’s testified on matters related to that intersection (patent misuse, brand compliance for license agreements etc). Exclusivity is what gives the incentive to invest in innovation, Malackowski says.
“Free riding is when the relationship between the inventor and user breaks down. There’s no longer an agreed-upon contract or set of terms,” Malackowski says. He’s taken FTC guidelines on IP into account in this case. He “searched high and low” through Epic’s case documents, and found nothing about IP concern. So his assignment was to assess the “innovation footprint” for the iOS ecosystem: the R&D investment, the IP that resulted, and the use of that IP by Apple or others by license, including specifically Epic Games.
Overview of opinions: 1. Apple’s substantial and sustained investment in R&D results in valuable IP 2. App developers and consumers benefit from Apple’s innovation 3. Epic made substantial use of APple’s IP 4. Epic’s requested remedies would result in a compulsory license without compensation to Apple for its existing IP and ongoing innovation
A chart showing that Apple spent more than $101 billion from 2005 to 2020. The trend has been significant and upward, with more money spent on R&D every year. R&D is the raw material for creating IP, Malackowski says. That’s why it matters.
So we see 23,012 utility patents, 2,979 design patents, and 3,907 utility patent applications — looking at what exists and what is in process. In some companies, R&D grows significantly but patent application falls off, suggesting R&D has changed or become less efficient. Knowing how the input and output relate is important, he says. Apple’s data suggests it has a significant and sustained commitment to innovation, Malackowski says. Ocean Tomo manually reviewed 3,500-4,000 of Apple's patents to make sure they were relevant. They wanted to make sure Apple wasn’t just collecting patents.
Apple’s IP was relevant to the iOS ecosystem, Malackowski says. We now look at a slide of his findings. iOS: 1,227 patents, with 559 applications; App Store: 165 patents, 91 applications; 2,515 dev tool patents, 696 dev tool patent applications.Some dispute about evidence occurs at 10:15AM. We now break. 
We return at 10:35. The evidence issue is apparently about CVs. They are in evidence now.
DX 3134: a patent, #10,726,604 B2 — it’s a patent relating to the Metal graphics API. You may remember Metal from earlier this week, when we were played a 20-second clip of Tim Sweeney enthusing about it at WWDC.
DX3052: a patent, #8,620,272 B2 — a patent relating to the UI Kit and Audio Toolbox. It is for mobile devices, and existed during the relevant time period (filed in 2020). We have heard testimony in this trial: the UI kit was used by Epic Games, we heard in other testimony.
Patents, copyrights, and trademarks are all part of the asset plan and portfolio. They may work distinctly or they may interact, all working together on a specific innovation. In some innovations, such as Metal, a mix will come into play.
We are now looking at Metal. It has 11 patents, and 4 applications. This is a good example because it does make clear that metal, like on the back of the smartphone, was excluded. This is just API, SKD, etc, Malackowski says.
We now discuss Malackowski’s second opinion, that app developers and consumers benefit from Apple’s innovation. We are looking at slide 10, a hilarious graph with lots of app graphics under the line. There were 500 apps in 2008; there are now 1.8 million, an increase of 500 percent. Malackowski says that Apple made it easier to develop apps, and that what they were creating was of higher quality in terms of features (eg augmented reality and machine learning APIs). And as to if consumers benefited: he checked out the number of downloads. The first benefit is diversity of choice. We also see a slide showing “dramatic growth in consumer adoption.” 180 billion downloads in 2020. The consumer quality benefit is largely about security and privacy. 
So in conclusion, the trend lines bear obvious similarity: consistent, sustained, and significant growth over the time period, Malackowski says. These four graphs are put together to look for discontinuities. What you find is that there is a relationship between that starting investment (eg the protection of IP) and the consumer and developer use. 
Now onto point 3: Epic made substantial use of Apple’s licensed IP. Epic witnesses have testified to this. Epic experts have also mentioned this. We now see that Epic has used a number of Apple APIs, SDKs and Xcode to make Fortnite playable on Apple devices. “You can't not use them if you want to be on the platform," Malackowski says. Testflight was also used — so Apple IP was used at each step of the process, Malackowski says. 
Epic has used IP from Apple: 235 US patents and 52 patent applications, per a slide called “Epic has made substantial use of IP licensed from Apple.” As the owner of this IP, Apple can exclude others from using it, Malackowski says.
We are now looking at the Apple Developer Agreement. It offers a limited license to use Apple’s IP. Next: the Apple Developer Program License Agreement, which offers an additional limited license. There’s a $99/year program fee for it. The benefit of ADPLA is access to the IP, and it requires apps go through app review and be solely distributed through the App Store, Malackowski says. “This is very consistent with what a licensing professional would expect to see” in such circumstances, he says.
Opinion 4: From a licensing perspective, Epic is asking for a de facto compulsory license without compensation to Apple. The requested relief would take away Apple’s control and provisions of its license agreement and force Apple to house, for instance, a store within a store, Malackowski says.. The store within a store could impair Apple’s property rights in that it would not receive the compensation Apple negotiated for. They would also be compelled to continue to support Epic in its store not just today but in the future. “It’s quite extreme,” Malackowski says. From a business standpoint, that means it’s no longer possible to predict what return you’ll get on your innovation, and it may no longer be justified to invest in it.
Freeriding has a relevance to this point. Requested relief would result in free-riding. The requested relief isn’t consistent with the licensing agreement. It’s inconsistent with guidelines a licensing professional would use. There is no discussion of IP and compensation for IP in Epic’s expert reports, Malackowski says. This would increase Apple’s cost and remove their interest in innovation, Malackowski says..
CROSS:
Epic's Lauren Moskowitz is now discussing Malackowski’s previous expert opinions. He has been rejected from six other court cases (one is Oracle v Google) — but he’s testified in about 50 cases. I can’t keep up with how quickly Moskowitz is going, so let’s just stipulate he’s been excluded from several cases. Courts have found his testimony was "unreliable," "methodologically flawed" and "improper.” Other quotes include:  “flaw in the nature of your analysis.” “Allowing your testimony to allow such inflated numbers to the jury would be prejudicial to the jury even if you were cross-examined.” 
Malackowski is getting testy that he doesn’t have these documents in front of him. “If you could show it to me, I would be happy to confirm." Moskowitz is now showing one to him. The court prevented his opinion from being offered. We are now looking at another document saying that Malackowski “purports to opine on the comparability of license terms, products, patents and negotiation positions, much of that evidence is superficial or insufficient to show comparability.”
Another case: “The opinions are also inadmissible because they are unreliable.”
Malackowski testified that Apple has valuable IP. His work in the case was to provide an understanding of the value of the IP, but he did not conduct a financial valuation (or appraisal) on this. That’s true for IAP, no financial valuation or appraisal, he confirms.
Malackowski did not chart Apple’s R&D relative to revenue, profits, any version capitalization, its total assets or comparable companies. He didn’t try to disaggregate the lines of business. He did not quantify the amount Apple’s investments in IP assessments specifically associated with the App Store, either. Nor innovation that specifically relates to API or SDK. 
The specific cost of development of the App Store was not the basis for the 30 percent commission, Malackowski says. The $99 developer fee (and the $299 fee for enterprise) is a return on Apple’s investments, Malackowski says.. It also makes profits from its devices, he agrees. He was not asked to quantitatively determine what would be a fair return on Apple’s investment. No one at Apple gave him a file showing the specific IP relevant to DPLA and no one told him that list existed. Other than searching terms in the PTO, there’s no list at Apple of what IP is being licensed in the DPLA. Licensing agreements should actually show which patents are being licensed, he says. But the DLPA doesn’t talk about specific IP.  Malackowski admits that the entirety of the IP he mentioned isn’t necessarily licensed under the DPLA.
The source for all his patent data are publicly-available patents, and that’s how he generated the list from which he did his own work. He got help from a commercial program allowing him to identify patents, he says. His face is getting redder. He seems frustrated.
Malackowski said there were 165 patents that reference the App Store. Most of the review was done by the team; he personally reviewed about a dozen. One way this can be overinclusive is if “App Store” is referenced in the patent but the patent isn’t about the App Store. We now look at DX 1182. This is a design patent, which is included in his overall set, but app developers don’t generally use this. DX 5447 is a spreadsheet produced of the Apple App store patents. So if we find this patent here, it would be in the 165 list. We find it.
Should we delete it from the list, Moskowitz asks. No, Malackowski says. Is it relevant to the DLPA? I don’t believe they would be utilizing this patent, Malackowski says. 
We now look at the patent itself, D617,334 S: The App Store trademark is reference to its trademark (and that it is property of Apple Inc). It appears nowhere else. Malackowski says this relates specifically to the app store.
Now looking at PX 1183. It’s a patent also on the 165 list spreadsheet (DX 5447), Malackowski confirms. The invention is for determining quality of sleep. We search for “App Store.” Just one instance. “This App is publicly available on the iOS App Store,” the line reads.  Malackowski agrees the patent may be over-inclusive.
Moskowitz is now casting doubt on whether Apple is licensing *trademarks* to developers — Malackowski says sometimes yes. There are about 1,500 trademarks, but he doesn't believe those are licensed to developers in the DPLA. Under the DLPA, the developer gets access to a comprehensive suite of IP, and that Epic gets access to API. 
Open source shouldn’t be any part of your work here, right, Moskowitz says. So in terms of Webkit, it’s listed in your report. You’re aware it’s open source? Includes open source, sure. Many APIs include open source. He did nothing to disaggregate what the value is for proprietary stuff  versus open source.
Not all IP is protectable. THe most obvious example is an expired patent, Malackowski says. He’s also familiar with instances in which enforcing a copyright would introduce harm. Google v Oracle is one right? Yes. The Supreme Court found that some API were subject to fair use. Malackowski has not done analysis to determine whether the API Apple has is subject to fair use.
Malackowski has not cited or offered any evidence that shows that Apple was prohibiting store-within-a-store to protect its IP. Malackowski says Schiller testified about security. Moskowitz says set that aside. Does he know that’s to protect against free-riding on Apple’s IP? He believes that’s true. His only evidence is just live testimony? There are no documents? Malackowski doesn’t remember testimony or documents. Has he seen any evidence that the reason that prohibition came into being was to protect Apple’s IP rights? No. Has he seen any evidence that the prohibition on side-loading was to protect IP? I believe yes, Malackowksi says. He can’t recall a document specific to that, though.
Can Apple charge whatever it wants, even up to 90 percent? Yes, theoretically. 90 percent is an extreme rate, though, Malackowski says. The trade secrets can be licensed by the DLPA — and there’s no time limit for how long Apple gets commission. Restrictions on licensing agreements can harm competition? Yes. He’s not offering an opinion on whether these licensing agreements do harm competition.
REDIRECT. Doren is back. We have 3 hours, 10 minutes  left in Apple-Epic, YGR says.
We are looking DX3900, the DPLA. Malackowski says it is a portfolio license, instead of one that enumerates specific patents. This license remains in place over time, so every time Apple has a new patent it doesn’t have to be noted. The majority of ongoing licensing agreements are portfolio-based for that reason. App review is required as part of the license.
We are now discussing design patents. He says they are relevant because they specifically address the design of the display of the App Store on the iPhone. We also discuss the sleep patent. Would improvement in iPhone being able to determine quality of sleep help app developers? Yes, it would provide a toolkit that would help app developers come up with newer/better apps, Malackowski says. “It describes an invention they may use — the gyroscope feature, essentially — of the phone.”
Now onto prior cases, the long and boring segment that began his cross. Motions are filed in every case against every expert, he says. Trial testimony more than 50 times, more than 200 depositions. Oh no, we are going to look at specific cases again. Malackowski testified in some of the cases Moskowitz cited — just not specific pieces of testimony. I get the sense this is more for the judge (ie, what’s precedent and allowed) than it is for us.
Malackowski has testified 8 times in the Northern DIstrict of California, not counting this case.
Fair use: fact-specific inquiry. He did not analyze whether Apple’s IP is subject to fair use. Malackowski’s been retained by Epic’s counsel (Cravath) on other cases over the years, and has spoken to Cravath partners and associates about IP. "I may not be invited back again since you're asking about it.”
RECROSS.
Rembrandt case: the federal court rejected him.
REREDIRECT:
It was subsequently resolved by the federal circuit, making his motion moot.
Malackowski steps down.
Aviel Rubin, technical director at the Johns Hopkins University Information Security Institute, is sworn in at 12:27PM.
Jason Lo for Apple is conducting the direct exam. We begin by going through his degrees. In this case, Rubin was asked to look at the App Review process and App Store distribution, and determine whether it has an impact on security (privacy, reliability, trustworthiness); he was also asked to look for real-world data to inform his opinions.
Apple’s App Store review and centralized model has significant security benefits for iOS, resulting in lower infection rates on phones, and a lower volume of malicious and untrustworthy apps, Rubin says, summarizing his conclusion.
“I look at security as dealing with an adversary,” ie a bad person looking to cause harm. Safety has to do with making sure that malicious code isn’t running on a device. Privacy means protecting your data. Reliability means knowing your device will work when you need it. (ie, you can’t call 911 because of malware) Trustworthiness has to do with your confidence that all the security properties will be there — ie, that your device will protect you.
We now stand in recess until 1:15PM.
Court is back in session at 1:15PM. Doren is at the podium to discuss the rebuttal issue, which has “ripened.” Apparently Doren received a notice for an Apple employee to testify, and Apple feels misled. According to Doren, the deadline for rebuttal witnesses had passed before the notice; the notice was "intentionally and provocatively" late.
Forrest responds: Two potential third-party witnesses (Wenke Lee and Nancy Mathiowetz) were what Forrest was thinking of this morning. The issue has to do with IAP — what’s new was the back-and-forth with Schiller about in-app commerce before IAP. If there was an opportunity before IAP, then it would have effectively increased the cost to the developers of those in-commerce opportunities. They need not call her if the documents are admitted. 
“This is sandbagging, pure and simple.”
It may be late, YGR says. Give her the documents, and she’ll look. Doren is punchy!!!!! Forrest says she’s insisting because it’s critical.
YGR: If it’s critical, you should be prepared for it. At most, I’ll allow the documents in. No rebuttal witnesses.
We are now going back to Rubin.
There are several models of app distribution. So there’s direct distribution, where the dev gives the app directly to the user. There’s multiple app store distribution, where devs build apps and there are multiple app stores (numbered 1-5 on the slide), and both devs and users have choices about app stores. Occasionally there may be an app that’s only available on App Store 4, and so the user would need to get there to get that app. The two models aren’t mutually exclusive. The Android system uses the combination of the app stores and direct distro.
There’s the central model, where devs send their apps to the single app store, and users have to go to that app store as well. The iOS app store uses this model.
Phones have to be set up for the type of app distribution they’re participating in.
Security implications of direct distribution: Let’s say a developer is Bad, sending a malicious app to users. When users receive it, they’ll install it and be infected with this malicious app. Developers aren’t the only potential source. Say a user installs an app on the phone, because they are enabled for direct distribution, they can infect other phones and other users.
Multiple stores: let’s say we have one bad dev, creating a malicious app. The dev sends the bad app to 4 different app stores. Now app store 2 sends it out; app store receives the app but refuses to distribute it (because, say, there’s a stricter security policy); App 5 distrubtes, but App 6 does not.
Attacker tools: 1. Multiple listings - Bad App Dev will submit an app to more than 1 app store, not all of which have the same security criteria 2. Multiple listings with different variations - the idea here is that the dev makes 2 versions; one is benign, one is malicious. The good app is posted on a high-profile Good App Store, they wait for it become common, then distribute a bad version of the app that looks exactly the same as the good one. Now if people get the app from the wrong store, they get a malicious app. 3. Listing in one then updating in another - posting an app in multiple app stores. In less-secure app stores, there will be updates for the app that make it malicious 4. Imposter apps - borrows from a well-known apps. Take Evernote, well-known for being useful and safe. An imposter app calls itself Evernote and makes it look like Evernote, but behind the scenes something bad is happening. 5. Imposter store - next level of imposter app. Let’s say there’s a store that’s popular for productivity apps. There will be a whole store with a similar look and feel and name, with good apps there. Then, once people start using it, the apps will be replaced with malicious apps. 6. User infection - related to sideloading. Once a user is infected, they can then infect others with the app.
When we look at the data, we see that the weakest link is the problem, Rubin says. With multiple stores, there are different levels of security. They may not compete on security — and those stores may be much less secure places.
Centralized distribution has advantages from a security perspective. If it does a good job, it’ll prevent malware. The single app store may miss things form time to time — nothing is perfect when it comes to software security. The goal is to do as good a job as possible, Rubin says. The centralized app store lets you do that.
So if a malicious app gets through the centralized app store, the app store managers may find out that this happened. They can then change their review process so that kind of app will be blocked if it’s seen again. Further, the app store could ID the developer and ban them. “So the centralized distribution allows for a process that’s dynamic,” Rubin says.
“My view is that the central model is the best for security,” Rubin says. This is pretty similar to Craig Federighi’s testimony yesterday.
Rubin says he looked at third party data — three reports, one from Nokia, one from Risk IQ and one from PurpleSEC. Rubin often looks to industry studies, he says. Others in the industry also rely on reports like these.
Here’s the Nokia report (Threat Intelligence Report 2020) we also heard about with Federighi’s testimony. Their product, a security product that protects their network (and has anti-malware capabilities),  has visibility into 200 million devices. They also have a sandbox to see how malware works. They also use honeypots, or a popular security tool, devices on hidden parts of the internet. Not all IP addresses that are possible have been assigned. So Nokia puts their honeypot server into an unused area by giving it a random unassigned IP address. Any traffic that arrives there is by definition malicious, because no legitimate computer is trying to communicate with it — because the IP address is unassigned. Hackers, though, are generating random IP addresses. So the honeypot may be malware that’s never been seen before.
Infections by device: 26.46 Android, 38.92 Windows/PC, 32.72 other; 1.72 iOS.YGR: isn’t that just there are more Androids?
Rubin: well, globally, there are 3x Android compared to iOS, so we’d expect 5 percent Android not 26.6
What is iOT? YGR asks.
Rubin explains that he means smart thermostats etc. It’s not very well-controlled for updates.
The Nokia report says that “The fact that Android applications can be downloaded from just about anywhere still represents a huge problem… iPhone applications, on the other hand, are for the most part limited to one source, the Apple Store.”
DX4934: So this is a RiskIQ report: “2020 Mobile App Threat Landscape Report.” They looked at about 2 billion apps. In this study, they looked at over 120 different Android stores to find “blacklisted” apps. (Rubin doesn’t like the term) A “blacklisted app” is known to be suspicious or malicious or have some concern. Total Virus publishes a list of blacklisted apps, and there are other sources as well. 
P6 of the document: The most prolific stores of blacklisted apps in 2020 were 1. Google Play Store (10,292) 2. Xiaomi (3,020) 3. APK20 (1,708) 4. PConline (1,656) 5. Tencent (1,493)
The report considered Apple — looking at the store — and refers to Apple as “Fort Knox.” It rarely hosts dangerous apps, Rubin reads from the document.
Some app stores are more dangerous than others (ie, have a higher concentration of bad apps) 1. Xiaomi 2. Baidu 3. PConline 4. AppLenovo 5. APK20
So the stores with a higher concentration are more dangerous. These stores distribute android apps.
YGR: Can you tell me anything about this company, RiskIQ? How can I be sure it’s not biased?
It’s pretty well-known, Rubin says. Says it’s a pretty widely cited source.
YGR: Do you know if it has any funding by Apple?
Rubin: I think they're an independent security company but I don’t know for sure
DX4956 PurpleSEC report. They say that 98 percent of malicious attacks on the internet are related to social engineering, ie, when the attacker somehow fools the user into getting the user to participate. Here’s an example: There was a malware on Android that disguised itself as a systems update. The user would look at their phone, a pop-up would tell the user to update the system. The user would be asked to enable various things like GPS. Then the phone would connect to a botnet, a network of compromised devices. So the commands would come to the compromised phone, and it would then turn on the camera and take a photo. It could also say, launch an attack — and that would mean listening to the next phone convo, listen to both ends of the convo, and send the audio to the attackers. The device is completely owned at that point.
You can’t stop these attacks on a device level because the user has helped out and given access. That’s why human review is important, Rubin says.
From looking at the studies, his conclusions were reinforced that App Review and central distribution results in lower infection rates and a lower volume of malicious and untrustworthy apps. Rubin chose these reports because he liked the methodology. Other reports were consistent, he says. “I didn’t see a single report that showed the opposite.”
Some stores are ad-based, making money by getting eyeballs on the ads, Rubin says. Those stores are not as strongly incentivized for security. One study he reviewed showed that malware is more common when there’s adult content, Rubin says.
Rubin spoke to Kosmynka and looked at Apple documents, as well as Google's process in the Play Store. At a high level, Google internal info included statistics about the human app review process and internal evaluations. He found that Apple’s process looked at far more apps in human review, and their process was more effective, Rubin says. 
CROSS
Brent Byars is conducting the exam. 
Rubin has testified in court cases before, mostly patent cases, and he has worked on cases for Apple. He also heard Mickens’ testimony, and agrees Mickens is qualified.
Android has less secure runtime protections, and cited studies about sandboxing, Rubin says. Sandboxing is weaker on Android. In fact, he discussed one specific vulnerability due to external storage, which was not sandboxed on Android at that time. iOS, to his knowledge, does not have external storage. He hasn’t done an analysis to see if the “man in the disk” vulnerability would happen on iOS.
The uniformity of the iOS operating system contributes to security. All Android device makers use variations of Android, which means updates are irregular and don’t always occur. This is fragmentation of the OS. That makes Android devices more attractive targets for malware. Epic is not asking Apple to license iOS to other device makers, right? Byars asks “I have been very confused about what Epic is asking for,” Rubin says. He eventually agrees Epic is not asking for licensing iOS. 1. Less secure runtime protections 2. More fragmented os 3. Centralized app store with less comprehensive review processes
Each could contribute to malware on android.
Epic is not asking for the App Store to be banned. In China, though, there are multiple stores competing with the Android, but Rubin didn’t compare it. 
CVE is a broad term that may include more than apps — he didn’t look directly at the ones that are assigned to apps. Android’s code being open to the public could make it easier for the public to identify CVEs, right? Byars asks. “That answer is nuanced,” Rubin says. We turn to a binder. He had previously answered this question, “it might” per the binder testimony. This may be why more CVEs are reported for Android than iOS, Byars asks. Rubin says he can’t say yes or no to that. We now go back to the binder for Rubin’s deposition. He was previously asked a similar question, and answered. “It wouldn’t be possible if there weren’t vulnerabilities there, but given there are vulnerabilities, I think that is right.”
Now onto Nokia. DX 4975.8, which Rubin used to compare Android and iOS — but it’s not possible to compare iOS to Mac using this slide, Byars says. Mac is not represented on this slide. Rubin says he assumed it was built into the Windows/PC section, but it doesn’t say specifically.
Now looking at malware in mobile networks - fig. 2 monthly mobile infarction rate since Jan 2019. There’s a 2017 number, but we don’t know if it’s a typo. Rubin hadn’t noticed it until just now. He didn’t discuss the inconsistency with Nokia. His understanding of the 0.2 percent figure on the slide is that it would include all the infections and malware on Android he’d described previously, as well as any other mobile device. Rubin wonders if they meant 23 percent, if there was a typo. This just appears to be brief confusion, the 0.2 percent figure is accurate, we determine.
There’s malware that doesn’t activate or perform any malicious actions. That wouldn’t have shown in the study, though, Rubin says. “Based on their methodology, that’s how I understand it.” 
Byars says to look at slide 12. There’s only one infection expressly associated with a Mac. This infection achieved some notoriety because it was the first malware that was the first notarized by apple, Byars says. Rubin says he’s unaware of it.
There’s now a confidential email. At the bottom of the first page is a mention of Shlayer, the first Mac malware notarized by Apple. It includes part of a Wired article. The company was notified on Aug. 28, revoking the notarization and neutering the malware anywhere it was installed. Rubin’s report didn’t address notarization.
Rubin spoke with several people at Apple to develop his opinion, but didn’t discuss whether Apple had performed a formal security analysis before the iPhone was brought to market. Nor did he discuss whether Apple developed a threat model before the iPhone was brought to market.
Another step in the security analysis is the construction of policy invariance. He didn’t ask anyone at Apple for that, or see it. He assumed based on his conversations that Apple had created policy invariance. 
iOS has an extraordinary threat model, causing Apple to employ extraordinary features, Rubin agrees. One reason is the number of apps. Another is the number of app downloads. If Apple hadn’t anticipated the number of apps or downloads, those numbers could not have affected their development of a threat model, right? Byars says. If they never contemplated it, they wouldn’t have put it in the threat model, Rubin says.
Built-in microphones, cameras are features of both the iPhones and Macs. Both can expose a user in private moments. Rubin says there are fewer private moments with Macs. Byars says Macs are with users in their most private moments. Rubin blushes and giggles. Some people might use a mac in the office when they’re working on confidential documents, or in their living rooms or bedrooms. These are private moments, right, Byars asks.
Users sync information between their iPhone and Mac or store passwords and credit card information in iCloud, Rubin agrees. People have sensitive information in their email and photos, Rubin agrees. In Rubin’s view, the most sensitive info — payment, biometric info — on a phone is kept in an enclave. This is also true on a Mac.
App review enforces the App Store guidelines, some of which have a primary focus on something other than security, Rubin agrees. Part of his assignment was to get real-life data and evaluate app review. Rubin hasn’t done an empirical analysis of apps distributed through the App Store or the privacy of apps distributed through the App Store. Nor has he done empirical analysis of the reliability of apps in the App Store. He hasn’t addressed the quote we heard from the head of Apple's FEAR team that App Review was like bringing a plastic knife to a gun fight, or little better than the TSA. 
App Review’s key performance indicator is how many apps you can get through the pipeline, and Rubin didn’t address it. Rubin didn’t speak to Friedman to about these things. 
Manual and automated app review is the one that’s most directly related to the need for exclusive distribution, Rubin agrees. Other app stores could implement a manual review. If they had all of Apple’s resources and money, they could put in their own process, right? Byars asks. Maybe, if they “cloned Apple,” Rubin says. Byars asks a similar question. “They might need more,” Rubin says. We are now going back to the deposition. In the deposition, Rubin says that would be enough. He says he’d revise that answer now.
He hasn’t conducted an empirical analysis of the resources Apple puts into app review, or compared it with any other app store, Byars says. Rubin does compare Apple’s resources and Google’s, he says. We are now going back to the deposition again. In the deposition, Rubin says he has not compared them to Google. Rubin says he’d revise the answer from the deposition. “This is another answer you’d revise?” Byars says.
Rubin doesn’t know how much money Apple puts into app review, nor has he looked at what another hypothetical app store could do or would have done if it were allowed on iOs, he agrees. Bad apps can be blamed not just on an app store but on a device maker. His example, an iOS app that went through app review, was called Baby Shaker. If you shook the image of the baby hard enough, there’d be red xes on the eyes. This was an example of blaming the device maker and not the app distributor. This is the only example he gave.
In the Android ecosystem, it’s possible to get a bad app that’s not affiliated with the device maker, app store, or OS maker. Rubin says that some people will blame the device maker for a bad app. 
Byars says he has another 20-25 minutes. We are stopping for the day at 3:17PM. The first witness tomorrow will be Tim Cook. Rubin can’t talk to his lawyers before his next testimony.
Doren and Forrest are back up. Some matter about Schiller depositions. In these three segments, he says, first that he couldn’t recall whether there were IAPs, then says clearly that there were no IAPs, and then again that there were no IAPs, YGR says. That’s what he says, explicitly. The issue is that there’s a difference in functionality — IAPs and whether merchants were offering IAPs. So he was saying there was no formal IAP from Apple, but the record is clear factually that app developers had figured out their own methods for IAPs and Apple knew about it, Forrest says.
The record is the record, there will be no addition, YGR says. I can see it may be confusing, but I am going to take the record as it is. The fairest thing is to leave the playing field as the playing field. 
Doren is complaining that Epic hasn’t turned over some documents. YGR says it’s a cross examination and Doren can do his own search. “The playing field is the playing field,” YGR says. At 3:22 we stand in recess.
Elizabeth Lopatto
Deputy editor, The Verge
510-612-2139
@mslopatto