Apple CEO Tim Cook: Sideloading Apps Would 'Destroy the Security' of the iPhone

[KermitF]

You can sideload all you want with a developer account.

Personally I feel sideloading should be allowed for everyone. Put it behind a switch, and multiple warnings. Mark side-loaded apps on the home screen. Require that the user accept the developer's certificate, like you already have to do for Enterprise distribution. Apple can still revoke certs that are used to sign malware, etc, much like they do with MacOS.

It's really not that big a security issue. The apps still run in the iOS sandbox and only have access to resources that you give them. Most people will still stick to the app store, including myself. Personally I'd use sideloading only for apps that aren't allowed in the app store, such as emulators.

I too thought this - Apple can offer side loading as "an option" but once you enable, you cannot go back without a full reset. I haven't thought this through, they could almost create a "second state" for your AppleID (less trusted), the devices associated with your AppleID could I guess "not explicitly" trust this side loaded device. It adds complexity Apple doesn't want, but the option would I think alleviate anti-competition concerns? Sideloading "should' be ok, but that is how bad guys exploit vulnerabilities (because Apple can't validate the app code . . . .) so it IS a security risk.

 

[tranceme]

I understand needing security for the average user, but it would be nice to sideload if you have a developer account or some other way to show that you understand what you're doing.

I agree. But, Apple show provide that. But, they wash their hands of supporting that user that chooses that. Which some would be fine with that.

 

[theonlyeyes]

They always have had a choice: buy an Android. Maybe you don't like it, but you have to respect it.

Exactly. So let us our iOS

 

[theonlyeyes]

I too thought this - Apple can offer side loading as "an option" but once you enable, you cannot go back without a full reset. I haven't thought this through, they could almost create a "second state" for your AppleID (less trusted), the devices associated with your AppleID could I guess "not explicitly" trust this side loaded device. It adds complexity Apple doesn't want, but the option would I think alleviate anti-competition concerns? Sideloading "should' be ok, but that is how bad guys exploit vulnerabilities (because Apple can't validate the app code . . . .) so it IS a security risk.

Anti competition don’t have nothing to do with this situation. Privacy is the point. Vestager, the European commissioner, is under investigation about spy’s story in Europe. And she want to set rules on a private company like Apple, that don’t expand their os or store on other brands.

 

[msp3]

Sideloading Mac OS apps really destroyed the security of Mac OS, that's for sure.

From a user experience, I already dislike we installed Office 365 for work from the Microsoft installer. It runs updates on its own, etc. If I had to do it again would have installed all the necessary programs from the Mac App Store and simply signed into each so behavior is centrally regulated. There's a good reason why no Google software appears in any desktop App Store on any OS...

 

[cicalinarrot]

Disagree. macOS security isn’t “destroyed” by allowing side loading. There are ways of allowing apps from outside the AppStore in a secure fashion.

What he really meant to say is that it’d destroy App Store revenue and entirely eliminate the embarrassment that is apple arcade.

this excuse might fly over certain peoples heads but anyone with even a modicum of technical knowledge will roll their eyes reading that headline

Disagree. Macs are safe because they are less popular (much less popular) than iPhones and because Mac users download fewer apps, so there are fewer people willing to try to use that maliciously.
I’m sure Apple is much more concerned about money than safety but I see what happens with Android and Windows and I don’t want that on my iPhone.

 

[anthogag]

Good interview.

Apple Car is up Tim's sleeve. Check his arm for a car tattoo.

 

[Muzzakus]

Time for diversity, equity, quotas and choice Tim Apple. It’s 2021

 

[4743913]

All that vaunted security of the App Store that Timmy talks about didn't stop Zoshy+ nor Noyox...

Sorry if this has already been mentioned but Im not going to wade through 150 childish nanny-nanny-booboo posts of people who think user freedom equals piracy...

Devs Sneak Movie Piracy Apps Into App Store Disguised as Other Things * TorrentFreak

Crafty developers are disguising piracy apps as puzzle games and Shazam-like music recognition tools on the App Store and Google Play.

torrentfreak.com

 

[jk1221]

Yeah no sorry, none of those tired old excuses work for me. Nobody is calling for the App Store rules to be relaxed, and nobody’s calling for everyone’s phones to allow outside apps. You can add a toggle so that both camps are happy.

Further, you can’t slippery slope into pornography and other entire operating systems with different philosophies and rule sets and try to call me out for not thinking before I write at the same time. You might want to get your opinions somewhere other than Apple’s press releases, I’ll keep mine thanks

The very same porno Safari can access. Such irony in some people's Apple defense.

We should just eliminate nearly all apps by some people's logic. No texting or social apps, the poor children can send each other nudes too.

Basically games. No drawing apps, may draw a peepee or something crude

At some point there has to be some personal accountability. That seems to be absent in the 2020s especially.

 

[I7guy]

All that vaunted security of the App Store that Timmy talks about didn't stop Zoshy+ nor Noyox...

Sorry if this has already been mentioned but Im not going to wade through 150 childish nanny-nanny-booboo posts of people who think user freedom equals piracy...

Devs Sneak Movie Piracy Apps Into App Store Disguised as Other Things * TorrentFreak

Crafty developers are disguising piracy apps as puzzle games and Shazam-like music recognition tools on the App Store and Google Play.

torrentfreak.com

Is security and privacy ever 100%? I don't recall Timmy ever saying it's 100%.

 

[quarkysg]

Personally I find the App Store scary because it can be hard to figure out that the "similarly named scam app" is not the legit developer's app. Seriously App Store search is scary notably on iPhones. Most reputable developers have their own web site. Easier to track them down there vs. App Store. As always YMMV.

Not trying to challenge you here, and it’s an honest question. What’s the difference between the iOS/Mac App Store results and what you get from a web search via the browser, if you already know the reputable developer?

 

[quarkysg]

Let the user decide. I can figure it out myself. If people are uncomfortable sideloading then don't do it. I don't need Apple to hold my hand for everything like a lot of people here.

Imagine an eight year old turning on this feature on mommy/daddy’s iPhone after watching a YT video on a super hack for their favourite game.

 

[rgeneral]

There are a lot more iOS devices than Mac.

 

[kmann1983]

So apparently MacOS is very insecure. We've definitely changed. I remember when Mac fanboi's claimed Mac was perfectly secure, more or less. Then "it's more secure than Windows" (which was wrong, they were equal insecure/secure). And now it's "MacOS is insecure" through implication of allowing third party apps.

Clearly he thinks MacOS allowing third party apps is a problem of which the fix for iOS is to not allow third party apps.

I bet they're still mad at Amazon for claiming the Kindle app is "just as good on iOS as it is on Android" and still want companies to nerf their products so it's worse on Android but instead developers just make it worse on iOS in those regards -- aka Kindle and not being able to buy books through the app because Jobs got offended.

That, alone, is why we need someone other than Apple being able to install apps. This is just one known example of them abusing their control.

But good on them for admitted MacOS isn't horribly secure by allowing third party applications. Things we've all known for decades and now even the most rabid of fanatics must now concede.

.. or perhaps, more likely, it's a profit motive and has absolutely nothing to do with security. Take note: Security != Privacy.

 

[Victor Mortimer]

The only "security" Timmy is concerned about is the security of his paycheck.

If he really cared about customer security iCloud would have end-to-end encryption for ALL content.

 

[Cosmosent]

I generally agree with Cook's position, BUT ... the status Quo is broken !

Tim Cook & Phil Schiller have had a Stranglehold on App Discovery for far too long !

That needs to end, & soon !

If they hadn't swung the pendulum so far in their direction, NO New Laws would be needed !

But, it is what it is, & New Laws are absolutely needed !

Cook & Schiller have NO ONE to blame but themselves !

 

[Kierkegaarden]

For those making the argument that side loading should be allowed because it works fine on a Mac, remember two points:

-Mac users are about 10% the number of iOS users (and PC users for that matter).
-Despite the lower number of Mac users, there is still more malware for Mac.

Then read these stats:
https://dataprot.net/statistics/malware-statistics/
And these:
https://www.malwarebytes.com/resources/files/2021/02/mwb_stateofmalwarereport2021.pdf

As others have pointed out, the sheer number of mobile users would create an opportunity for malicious intent.

 

[Freeangel1]

When Apple said there was more Malware out there for macOS than they would like I really think they were referencing Pirated APPS for macOS.

I really Truly feel that macOS will loose it's ability to Install Applications outside of downloading thru the App Store.

Apple is gonna brag about safety and security in MacOs verses Windows and the only way they can fully secure MacOs is to make it just like IOS and only allow things to be installed thru downloading apps thru approved places like the App Store. At the same time maximizing profits by stomping out APP Piracy.

With Windows 11 coming out and Apple choosing to close off their future computers to running Windows and Windows APPS there is an awful lot of Risk in MacOs market share.

I personally feel since we are going back to the Mac G5 days Apple will lose MacOs market share to Mac users that jump ship and move to Windows 10 or 11.

 

[true god]

It would definitely dent the iron curtain and eat away at some of Tim's profits.

 

[noraa]

While I have zero problems with side-loading in theory, my biggest concern is that by allowing side-loading you’re essentially creating a back door to bypassing iOS’ security model. In other words, currently, with no side-loading I don’t have to worry about malicious apps of malicious websites, etc (obviously there’s no such thing as 100% security, but you get the point). Without jail breaking my phone (which is easier said than done at this point), I don’t have to worry about the current security measures being circumvented. However, if side-loading was allowed, my biggest concern is that even with it off, it would be far easier for a malicious actor to circumvent iOS’ built-in security since the switch is baked directly into the house OS. I am also concerned this would make it easier for law enforcement to break into a phone.

There are countless examples of malicious Mac applications bypassing macOS’ Gatekeeper settings - even if set to only allow from the Mac App Store. So to say macOS doesn’t have security issues by allowing 3rd party non-App Store apps is simply false.

With that being said, if Apple could develop a way to keep the current security model fully intact and also allow side-loading I’d be all in - perhaps a physical hardware switch? As it stands, right now uses are basically given two choices: greater security/privacy or greater choice. I personally choose security, but fully understand and respect those who choose choice.

 

[arvinsim]

More like "Sideloading apps would destroy our business revenue model" 😂

 

[jk1221]

While I have zero problems with side-loading in theory, my biggest concern is that by allowing side-loading you’re essentially creating a back door to bypassing iOS’ security model. In other words, currently, with no side-loading I don’t have to worry about malicious apps of malicious websites, etc (obviously there’s no such thing as 100% security, but you get the point). Without jail breaking my phone (which is easier said than done at this point), I don’t have to worry about the current security measures being circumvented. However, if side-loading was allowed, my biggest concern is that even with it off, it would be far easier for a malicious actor to circumvent iOS’ built-in security since the switch is baked directly into the house OS. I am also concerned this would make it easier for law enforcement to break into a phone.

There are countless examples of malicious Mac applications bypassing macOS’ Gatekeeper settings - even if set to only allow from the Mac App Store. So to say macOS doesn’t have security issues by allowing 3rd party non-App Store apps is simply false.

With that being said, if Apple could develop a way to keep the current security model fully intact and also allow side-loading I’d be all in - perhaps a physical hardware switch? As it stands, right now uses are basically given two choices: greater security/privacy or greater choice. I personally choose security, but fully understand and respect those who choose choice.

Curious. Who would be FORCING you to download anything from anywhere else?

People keep talking like they would be forced to do this at all if they didn't want to. Despite having to actively enable it first. Same with Mac. You are free to get 100% of your software from the App Store if you so choose.

Are we generally living in an era of such denial of self-responsibility that Apple (or any OS maker for that) is liable for what you download from the internet? People get in trouble downloading stuff from shady sites or pirate/torrent sites; that is the vast majority of malicious attacks with installing software. Not from Adobe's website, or some legit developer's own site.

Apple is a $1 trillion plus company. They can surely figure out a prompt warning before any application is installed so that you don't click a malicious link and something is auto-installed without you knowing to avoid any of the outlier cases people raise.

How many people have had their data compromised from a jailbreak over all of the years? I have not heard of any in the community over the years at least.

But they won't. Apple will lose its a**. Think about a small developer with a $4 app. They sell 500k copies (not per month/year, just in general to keep the math easy). They pay Apple 30% or $600k of that $2 million. Now if they set up their own website store and use a traditional payment processor let's say it's 3-4%. They can let you download it from their site and side load it. Apple just lost $600k of income on 1 app and the developer saved $500k+ Hmmm I wonder what many developers would do..... I get App Store convenience of handling hosting/refunds/promoting, but talking half a million bucks is no pennies.

And that is not counting subscriptions or IAPs.

Apple would lose hundreds of millions of dollars or more in app revenue. That is the real reason.

 

[robjulo]

Why don't you just educate customers and let them make their own choices?

Because he cares about one thing…profit….no matter how many times he says he loves his customers. The amount of posters on here too blind to see this guy’s greed and hypocrisy is astounding.

 

[Rafterman]

I don't know about security, but I remember the days of Pocket PC, where apps had multiple activation ways. Serial codes, activation servers, license files, pre-activated downloaded files, some had one per, others allowed more than one activation per purchase. All tied to the device ID. New device, new codes needed. What a mess.

The app store may be tyrannical, but it's orderly and simple.