Apple Executive Says Users Who Want App Sideloading Already Have That Option With Other Platforms

[xmatix]

For those who claim that Apple provides the more secure ecosystem because of no sideloading: how it's possible that a company, which pays for security bugs, Zerodium (well known), pays more for Android RCEs: https://zerodium.com/program.html - do they pay because these bugs are easier to find on Android? That would sound ridiculous.

So yes, sideloading completely does not mean it's more or less secure.

 

[Unregistered 4U]

Microsoft Warns That Hackers Using Call Centers to Trick Users Into Downloading Ransomware

The BazarCall group is trying to fool users into thinking they will be billed for a subscription unless they download an infected file.

gizmodo.com

Microsoft did NOT say if iOS/iPadOS was affected or not, but of course those users don’t have to worry.

 

[spinedoc77]

Sorry, but it’s quite common to have more personal data on your phone than computer. I don’t do my finances on my computer, but I have my banks app on my phone. I record my health on my phone, my computer does not know about my health. I call and text people, sometimes have very private conversation. My computer does not have my call log. I take my phone when I leave my house so my location is known. My computer does not know where I went and it might be embarrassing if that got out.

My computers just know I use Final Cut Pro and Logic Pro on Mac, gaming and visual studio on Windows. Yeah real private info there.

Isn't one of Apple's biggest selling points how interactive it is with your information and your computer? Things like text messaging, calls, etc are all shared if you want them to be. Personally I use banking apps on my computer all the time, I just make sure I have a very strong password and use 2FA, but nothing is foolproof. Sure you can turn it off, but if we are talking about other consumers, well Apple makes their business off of providing this level of interaction between MacOS and iOS devices.

 

[Ethosik]

Apple controls the apps that want to be on the app store, so why couldn't Apple say that only websites it vets are allowed on Safari? Of course it's not feasible, but I'm not questioning feasibility, just the position that it's a strawman argument.

You are comparing the App Store to vetting the probably billions of websites out there? And a lot of websites start every day? It’s not possible to do what you are saying. The backlash would be massive. “My friend can access site A on his Android but I can’t on my iPhone!” And site A is legitimate.

 

[MacBH928]

I didn't use Android for extended period but my impression is defragmented apps integration, a complex web of settings, shady apps, unpleasant user experience, the whole thing is horrible in comparison to iOS.

But... iOS can still use a huge developement, there is a lot you can improve on. The whole thing is stale and they are adding novelty features like App Library and PiP video on an a phone screen? At least improve the phone app user interface.

The whole thing needs overhaul, OS 7 style lasted more than the original iOS.

I honestly don’t understand the problem. Why not simply allow sideloading apps if enabled in System settings buried under several popups and warnings about possible consequences when enabling that option? Most people would probably leave the sideloading option disabled and the other ones probably know what they are doing and accept possible consequences or privacy violations.

because that will make people get pirated apps for free and kill the income source for Apple which is the App Store.

The iPhone is much more private than a Mac. Only ’YOU’ use it. Not the same for Mac.

You, Apple, Google, Facebook, your network admin, your ISP, and the NSA....

 

[Amazing Iceman]

It‘s all about control and money. Apple wants to control what I can install on my iPhone. This may actually drive me away from them one day. I love the ecosystem but this is taking it too far.

The 'Ecosystem' is not maintained for free, it's not crowdsourced, it doesn't get funded by advertisements or any other way. The AppStore infrastructure and the hundreds, if not thousands of people working to maintain it, are not unpaid volunteers. They work for a salary. And the server farms and cloud services hosting it have a huge operating cost.

So if you want to complain about Apple wanting to make money, then perhaps you should set the example and work for free. Suddenly a lot of people are against making money. Does Apple have a lot of money? Yes, they do. But they overworked their butts to get to this point. So why criticize them for being successful? It sounds more like jealousy and envy, than a real 'concern' of a monopoly.

 

[Ethosik]

Isn't one of Apple's biggest selling points how interactive it is with your information and your computer? Things like text messaging, calls, etc are all shared if you want them to be. Personally I use banking apps on my computer all the time, I just make sure I have a very strong password and use 2FA, but nothing is foolproof. Sure you can turn it off, but if we are talking about other consumers, well Apple makes their business off of providing this level of interaction between MacOS and iOS devices.

I don’t use those features on my Mac for reasons I have stated. I have been through malware on Windows about 20+ years ago. I have supported businesses that had malware problems. I keep my computers clean of personal data. If I need to format and reinstall today, I don’t need to back up and restore any data. Just programs.

 

[Amazing Iceman]

It's not rocket science. Every app has a unique checksum. White list vetted checksums while yellow flag unknown checksums and let the user decide if they want to take the risk just like on MacOS. And, red flag known malware.

Checksums have existed for decades, and that hasn't prevented infected apps from being distributed.
And remember, you can't Red Flag the unknown, just like your antivirus program cannot detect a newly release virus.
By the time it's added to the virus definitions, it has already propagated all over.

 

[spinedoc77]

You are comparing the App Store to getting the probably billions of websites out there? And a lot of websites start every day? It’s not possible to do what you are saying. The backlash would be massive. “My friend can access site A on his Android but I can’t on my iPhone!” And site A is legitimate.

Anything is possible with the right amount of money and manpower. Even the app store, as many have stated including devs with their experiences of having their apps approved, is not as secure in vetting its apps as Apple would leave you to believe. As someone else pointed out, for Apple to truly vet an app would not make sense in terms of manpower. In that sense the internet example isn't as far fetched as it would seem. Apple wouldn't need to exclude anything, they would just need to include what they wanted to include in a curated model similar to News+.

 

[spinedoc77]

I don’t use those features on my Mac for reasons I have stated. I have been through malware on Windows about 20+ years ago. I have supported businesses that had malware problems. I keep my computers clean of personal data. If I need to format and reinstall today, I don’t need to back up and restore any data. Just programs.

Yes that's the point, just because you don't use them doesn't mean they don't exist. In particular what I feel is the point is that Apple makes a profit extolling, advertising and including exactly those services which integrate your phone's data with your computer.

 

[mi7chy]

Checksums have existed for decades, and that hasn't prevented infected apps from being distributed.
And remember, you can't Red Flag the unknown, just like your antivirus program cannot detect a newly release virus.
By the time it's added to the virus definitions, it has already propagated all over.

Dude it's not rocket science. Ever been on VirtusTotal which security professionals use? It's the same concept based on hash checksums.

 

[scotsdezmond]

I can’t help but feel that some of the assessments of impact to the ecosystem are overstated to some extent. If sideloading was enabled in such a way that required additional steps for apps to be installed, it would deter more casual or less knowledgable users from proceeding.
Even in a world where there were competing app stores, some users would be put off by having to first install another store to be able to get to the app, so developers of the big apps will still have an incentive to get into (and therefore comply with the policies of) the official App Store.
“What? I have to change this scary-looking setting, and then install this other store thing first, to be able to install AppX? Meh, forget it” - probably a significant number of users?

Also, for sideloading, a lot of the concerns against seem to be focussed on the phone side of things, which is understandable, and I share this view to a large extent. Surely the more logical ground for sideloaded apps would be the iPad, with the larger form factor and proliferation of accessories that have it occupying a space traditionally held by laptops.

Speaking as an iPad Pro owner, I’d prefer to have optional sideloading to enable more open source projects to be developed and distributed, such as Quake engine ports, and emulators as mentioned by others. I even wouldn’t mind it having to be done via xcode, if they would remove the current expiration of apps (currently 7 days with a free account).

 

[sracer]

But it opens the potential for mischief. Even I know that if a user is presented with a popup question with a yes or no answer, an embarrassingly large number will click 'yes' without reading the message. THAT is a danger to users and potentially anyone connected to them...

It seems like you are saying that it is important for Apple to protect their customers from themselves. Is that what you are saying?

 

[rpmurray]

and they aren't very good at doing what you ask

Yes, and that's my point.

 

[Abraxsis]

What I'm mainly reading in these comments is "Since I cant control myself/not intelligent enough to avoid scams or malware, then no one else should be allowed to do things on the phones they bought and paid for."

This is nothing but fearmongering. If you are honestly afraid of "accidentally" sideloading malware, then educate yourself on how to avoid it. Don't restrict other users for your own self interest/ineptitude, or for Apple's cash cow App Store.

 

[subi257]

Yes I read messages that pop up on my phone asking me to enable / do things. I won't say I read every Term of Service or don't accidentally click away an alert occasionally without acting on it, but that's quite a bit different than moving from an app to my system settings and following directions to enable a hypothetical side-loading with hypothetical warnings. Could be more than warnings. Even make a user enter their passcode or apple-id password. Hell void the warranty even if they want.

I bought an iPhone for a wide range of reasons (and their vetted App Store, even if a lot slides through, is a motivator), but I really don't think apple should or needs to restrict power users who want to knowingly do more with their phone in order to protect other users. Personally I think finance has more to do with than they'll admit.

Either way I think regulation will force their hand.

So forcing a change to the app store will take away my choices. Apple has been a "walled garden" from day one. That is why I have always chosen them. I am of the opinion that if you don't like it...there is always Android. That's like the people in a development near me, it was build near a rock quarry that has been there for over 75 years. Now people buy a unit there and then complain that it's too noisy....It was f'n there first and if you saw it, then you accepted that it was there and if you didn't know it was there, then shame on you for not doing your research.....it was there first.

 

[Silverstring]

The problem is that every "power" user tends to be someone who follows directions they found on Google and Apple has to clean up the mess.

Nailed it.

One has to go no further than this very forum to see this evidence all over the place. I’ve lost count of how many “Had to send my watch back to Apple to downgrade after Dev Beta x” threads I’ve seen over the years.

…and that’s just one platform, with Apple’s own approved software.

Of course, in a world of no constraints, everyone would want the ability to have their cake and eat it. In this world, everything is a trade off. Anyone posting “why doesn’t Apple just simply…” or “they could easily…” has already lost the plot.

Every piece of conjecture about motivation and/or difficultly—like how it’s only about greed/money/control for Apple—is people trying to reconcile wanting their wants without acknowledging that there are downsides/trade offs (most of which they have no concept of the complexity of—that would be inconvenient).

That’s not me “cheerleading” for Apple or doing “mental gymnastics” for Apple, just an acknowledgment that every decision is a tradeoff, with downsides that can’t be hand-waved away. That goes for every decision, every company, every person.

Every “solution” would be a no-brainer if one could just say “oh, the associated negative impact? That’s nothing.”

 

[djphat2000]

It's not rocket science. Every app has a unique checksum. White list vetted checksums while yellow flag unknown checksums and let the user decide if they want to take the risk just like on MacOS. And, red flag known malware.

If it was that easy, then why do Windows and MacOS have anti-malware software? Couldn't they just do the same thing? I mean how do all of these AV software vendors survive?

 

[gsurf123]

Wanting sideloading after buying a phone knowing it does not allow it and it is one of the standout features of the iPhone is like buying a home in the flight path of an airport and wanting the flight path changed or reduced flights or the airport closed.

You know what you are buying into before you bought. Plus it is a minuscule number of users who even know what side loading is and an even smaller number of people who would.
I suspect those who want to do it the most are ex-Android users who can’t stand the available Android phones and/or the OS.

 

[rpmurray]

I'm fine with rigorous.

I suspect you are expecting 100.0% perfection 100.0% of the time. Please let me know where those expectations are being met...100.0% of the time.

For me... the only case where that expectation appears to be met has to do with gravitational force.

Don't like Apple's stance and policies? No worries. Simply switch to another phone manufacturer and find happiness. Easy.

I think you misuderstood what I was trying to allude to. MR seems to be using the word "rigorous" just so they can have an adjective in the statement. Where essentially ANY reviewing Apple does is deemed rigorous whether it is or not. The very articles on MR that we read every day point out that rigorous is something where Apple reviewers are falling down on the job time and again. If you're going to set up a walled garden for the product you are selling then you are also obligated to tend it and remove the weeds before they crowd out the stuff worth keeping.

 

[SpinThis!]

Apple controls the apps that they want to be on the app store, so why couldn't Apple say that only websites it vets are allowed on Safari? Of course it's not feasible, but I'm not questioning feasibility, just the position that it's a strawman argument. I think while it's far fetched, it's a perfectly reasonable argument.

Apple and Google already do a similar thing, it's called the safe browsing list. You can certainly disable it but what you're describing is already happening.

It‘s all about control and money. Apple wants to control what I can install on my iPhone. This may actually drive me away from them one day. I love the ecosystem but this is taking it too far.

That's BS. You can compile your own apps if you want. And you can even use an ad hoc provisioning profile and distribute your app to 100 devices, outside of the App Store. This is more or less a form of side loading. It's certainly not as convenient as allowing certain "stores" via a checkbox but claiming Apple controls what goes on your phone is BS. No jailbreak required, either.

 

[LordVic]

If it was that easy, then why do Windows and MacOS have anti-malware software? Couldn't they just do the same thing? I mean how do all of these AV software vendors survive?

Well, some of them are as bad as the viruses they claim to detect/prevent

 

[Silverstring]

What I'm mainly reading in these comments is "Since I cant control myself/not intelligent enough to avoid scams or malware, then no one else should be allowed to do things on the phones they bought and paid for."

You might want to look more closely at what you “bought and paid for.”

People use “bought and paid for” as though it’s some sort of all-encompassing argument-ender, but it isn’t.

I’m positive that if you use an Apple phone, you agreed to its terms and conditions. Now, if you want to argue that the notion of a terms and conditions should be done away with, I’d agree with you, but that’s a separate argument.

You might not like—and I don’t either—that what you “bought and paid for” doesn’t grant you what you wish it did, but that doesn’t change the agreement that you entered into.

Also, you are “allowed” to sideload. Pay for the developer program or jailbreak. Done.

 

[LFC2020]

Absolutely, see ya later. 🥾🚪

 

[LordVic]

You might want to look more closely at what you “bought and paid for.”

People use “bought and paid for” as though it’s some sort of all-encompassing argument-ender, but it isn’t.

I’m positive that if you use an Apple phone, you agreed to its terms and conditions. Now, if you want to argue that the notion of a terms and conditions should be done away with, I’d agree with you, but that’s a separate argument.

You might not like—and I don’t either—that what you “bought and paid for” doesn’t grant you what you wish it did, but that doesn’t change the agreement that you entered into.

Also, you are “allowed” to sideload. Pay for the developer program or jailbreak. Done.

this is a big question that s still up for debate today. there are several lawsuits if i'm not mistaken (not involving Apple, but along the similar lines)

The question is: Who owns what.

under current legal framework. Once we buy the phone, we outright own the hardware itself. Apple has zero claims to it. it is 100% owned and operated by you.


However: iOS is a licensed piece of software that all rights are retained by Apple. We only agree to the terms set forth by its use.,



the question that needs to bea sked is what rights do we as the hardware owner have over the software on our devices that is owned by the software vendor?

does it make sense that the company such as Apple can force you to only use their software only, provide zero ability to use alternative OS's, but at the same time, also restrict and use taht software to control the hardware, removing your own agency from what you do with it.

I'm 100% of the opinion that every single hardware device should by law be allowed to have the OS stripped from it and any 3rd party OS installed should we wish (and one exists).


by using the "License terms" of the software as a means to control the hardware yo own, it can absolutely be argued that the software company is stepping too far into your own personal rights.