Apple CEO Tim Cook: Sideloading Apps Would 'Destroy the Security' of the iPhone

[dannyyankou]

Why don't you just educate customers and let them make their own choices?

 

[nvmls]

I won’t comment on the other things, but personally, I love Apple Arcade. I love how the games are all under one subscription and how there are never any ads or in app purchases.

Oh wow, impressive huh? Wonder how gaming did throughout its history before Apple. God Bless Tim Bird.

 

[Acidsplat]

You can sideload all you want with a developer account.

Personally I feel sideloading should be allowed for everyone. Put it behind a switch, and multiple warnings. Mark side-loaded apps on the home screen. Require that the user accept the developer's certificate, like you already have to do for Enterprise distribution. Apple can still revoke certs that are used to sign malware, etc, much like they do with MacOS.

It's really not that big a security issue. The apps still run in the iOS sandbox and only have access to resources that you give them. Most people will still stick to the app store, including myself. Personally I'd use sideloading only for apps that aren't allowed in the app store, such as emulators.

You can only sideload your own app right, like you can't sideload a compiled iOS app?

 

[Absolute Trainwreck]

I won’t comment on the other things, but personally, I love Apple Arcade. I love how the games are all under one subscription and how there are never any ads or in app purchases.

Fair enough, the IAP thing is pretty nice admittedly. Entirely too many IAPs in “free” section

 

[Minerbot360]

I think that if Apple was to allow side loading, they’d make it so that when you install any side loaded apps, it voids your warranty and whenever you try to contact support, they’d tell you that you have side loaded apps onto your device and they can’t help you, because they don’t know what’s happening on your device.

 

[Minerbot360]

You can only sideload your own app right, like you can't sideload a compiled iOS app?

Download xcodeproject files?

 

[MVMNT]

Can we talk about the production on this video, we’ll not all of it, and the ~5 minutes of candid Tim we got. Composed as ever.

Wonder if they know you can edit your live video post show.

 

[zorinlynx]

You can only sideload your own app right, like you can't sideload a compiled iOS app?

You can sideload anything. Look up AltStore for example.

 

[jk1221]

What a crock. Leave sideloading off by default and allow it via a buried setting. You can already basically do it with Altstore or Impactor and a free dev account; you just jump through stupid hoops resigning every 7 days.

And FYI Timmy, the Mac can (always could) and is just fine. It's secure enough you keep releasing them and updating the OS; and you can still any app you want from anywhere.

 

[falkon-engine]

Destroy the security of the iPhone or destroy the security of Apple’s in-app purchase fees…?

I think Apple fears losing out on profits the most. Let’s be honest.

 

[Wowfunhappy]

Oh **** off.

If I CHOOSE to allow sideloading, that only affects the security of MY iPhone. Everyone else’s iPhone is 100% unaffected.

Android has more malware because Google lets more malware onto the Play Store (because Google sucks).

 

[Absolute Trainwreck]

What a crock. Leave sideloading off by default and allow it via a buried setting. You can already basically do it with Altstore or Impactor and a free dev account; you just jump through stupid hoops resigning every 7 days.

And FYI Timmy, the Mac can (always could) and is just fine. It's secure enough you keep releasing them and updating the OS; and you can still any app you want from anywhere.

Love the radio silence every time we bring up that uhhhh macOS has always worked that way??? “Yeah but it’s a phone so it’s totally different bro”

if you want to sideload on your phone knowing the “risks” (like having to use common sense every once in a while), then have it be a toggle. If you want to stay in the walled garden, flip that toggle to Off and nothing changes for you.

 

[Bug-Creator]

Riddle me that:

Cook went on to point out that Android has 47x more malware than iOS. "Why is that?"

Not gonna argue bout that 47x factor, it is >1 that is what counts here.

So if it isn't sideloading on Android, what is it? Google being incompetent to write a secure OS? Android users being stupid? Something else?

 

[Wowfunhappy]

You can sideload all you want with a developer account.

*with a $100 per year developer account. Free ones can side-load up ti three apps that expire after seven days. Completely useless except for cursory testing.

 

[bluecoast]

Ok fair enough re the point about side loading.

But that doesn’t mean that because there’s no side loading, that also means that we also have to have:

- Apple needs to take 15 or 30 percent commission
- the only payment method is Apple Pay
- and that Apple can use iOS/Mac fo constantly promote its own bolt-ones, disadvantaging 3rd parties.

It’s PR rubbish that Apple is bundling all of these things together.

 

[Naraxus]

BULL **** Tim. It would destroy your monopoly control over the app store and that's it

This has NOTHING to do with security

 

[Stella]

Sideloading Mac OS apps really destroyed the security of Mac OS, that's for sure

It also made Mac OS a whole lot more useful and versatile too.

I would never have been able to use Mac OS in a workplace environment had it been in a walled garden. Mac OS would not be practical.

 

[jk1221]

I am a dev but thanks for speaking on my behalf, even if you did it wrong.

the best way to prevent piracy is to make a good product that people deem worth the cost. If your stuff has been suffering from piracy well I’m sorry about that

This whole piracy defense is such a close-up magic sleight of hand card trick.

Even the creator of Minecraft says its not piracy https://torrentfreak.com/piracy-is-...hey-dont-exist-says-minecraft-creator-110303/

And even if so, would that person have EVER bought it anyway? Were they ever really going to be a customer?

And what about free apps? They still get the advertising benefits no matter where it's installed from.

We saw this same argument about jailbreaking back in the day and the data simply didn't support that people use it for piracy of legit paid apps.


It's money; no 30%, no IAP, not Apple pay translations they get a cut from. It's disgusting and IS anti-competitive in that sense. There is no legit metric that this would compromise security or cause developers true losses.

 

[needsomecoffee]

I got Affinity Photo & Designer for my Mac via App Store. Not sure if at the time one could buy direct from Affinity. I purposely bought Affinity Designer from Affinity directly. One real benefit of doing this has been Affinity knowing me directly via my email address. They make some really good offers for things like brushes and textures, and now 50% off all apps. Plan to take advantage of the latter to arm my daughter's new Windows portable for her upcoming journey to college. If Photo and Designer get major upgrades requiring a "refresh purchase" I will contact Affinity to try to get those products direct. The cost of Apple owning the consumer for companies like Affinity go beyond the 30%. For nearly all the apps I use from well-regarded publishers I want them to know about me, and I want them to get max revenue from my purchases. Personally I find the App Store scary because it can be hard to figure out that the "similarly named scam app" is not the legit developer's app. Seriously App Store search is scary notably on iPhones. Most reputable developers have their own web site. Easier to track them down there vs. App Store. As always YMMV.

 

[bbplayer5]

So don’t side-load apps?

 

[alex2792]

What Tim meant to say was “it would destroy my mega yacht fund”.

 

[Absolute Trainwreck]

What a bunch of BS….

You’d think technical knowledge on a mostly technical forum would be decently high. Sigh

 

[Mousse]

Sorry, but what you are saying makes absolutely no sense. If you are trying to make a comparison, it's not a good example.

A better comparison would be your house. Apple's way is like having a doorman open the door for you and your guest. Fine and dandy most of the time. But what if the doorman decides not to allow one of your guest into your house despite you allowing that guest in?

On Android, there are a lot of older version of an app that is superior to the new version. QuickPic before it was brought out by Cheetah Mobile* and had a bunch of tracking crap added. They don't have the pre-Cheetah Mobile version on the PlayStore. You can find it on the web though. Lots of apps from the geniuses at XDA are sideload only as well.

*They brought out a lot of useful apps I liked and added tracking/snooping crap to it. Why the heck would a app to display the photos you took need to know your location or want access to your contact list? I only use the pre-Cheetah Mobile version.

 

[Rogifan]

Can someone name an app that they’d side load on their iPhone right now? And why they aren’t able to get it in the App Store?

 

[gotluck]

relying on the app store for security is really security by obscurity no?

if the sideloaded 'malicious' app asks for various permissions and the user agrees to them via prompts, that isn't really malware. That is software working by design

If the software is otherwise malicious, perhaps OS security could be further enhanced to not allow whatever techniques come into play?

Using the app store for security is a crutch in a way

personally I love macOS