Apple Says Allowing Sideloading on iPhone Would Expose Users to Serious Privacy and Security Risks

[MacRumors]

Amid the ongoing controversy over its tight control of app distribution on iOS, Apple today laid out its case arguing that allowing apps to be sideloaded on an iPhone would expose users to serious privacy and security risks. Sideloading refers to installing apps from a source outside of the official App Store, such as a website or third-party app store.

In a new document shared on its privacy website, Apple said the App Store plays an important role in keeping users safe, as the company reviews all apps and app updates submitted to ensure they are free of inappropriate content, privacy invasions, known malware, or other violations of the App Store Review Guidelines.

The document cites Nokia's 2020 Threat Intelligence Report that found Android devices to be infected with significantly more malware than iPhones, in part due to Android allowing apps to be sideloaded outside of the Google Play store:

A study found that devices that run on Android had 15 times more infections from malicious software than iPhone, with a key reason being that Android apps "can be downloaded from just about anywhere," while everyday iPhone users can only download apps from one source: the App Store.

Apple said allowing sideloading on the iPhone would "spur a flood of new investment into attacks" on the iOS platform:

Because of the large size of the iPhone user base and the sensitive data stored on their phones – photos, location data, health and financial information – allowing sideloading would spur a flood of new investment into attacks on the platform. Malicious actors would take advantage of the opportunity by devoting more resources to develop sophisticated attacks targeting iOS users, thereby expanding the set of weaponized exploits and attacks – often referred to as a "threat model" – that all users need to be safeguarded against. This increased risk of malware attacks puts all users at greater risk, even those who only download apps from the App Store.

Apple added that allowing sideloading would potentially force users to accept privacy and security risks, because some apps necessary for work, school, or other tasks may no longer be available on the App Store, and scammers could also trick users into thinking they are safely downloading apps from the App Store when that is not the case.

In the end, Apple said users would have to constantly be on the lookout for scams, never knowing who or what to trust, and as a result many users would download fewer apps from fewer developers. On the other hand, Apple described the App Store as a "trusted place," noting that its many layers of security provide users with an "unparalleled level of protection from malicious software," giving users peace of mind.

Apple's document comes just weeks after its high-profile trial with Fortnite creator Epic Games, which argued that third-party app stores should be allowed on iOS. During the trial, when asked why sideloading is allowed on the Mac, but not the iPhone, Apple's software engineering chief Craig Federighi admitted that the Mac has imperfect security and said that the risks would be far greater on the iPhone due to its much larger customer base.

The full document can be read on Apple's website.

Article Link: Apple Says Allowing Sideloading on iPhone Would Expose Users to Serious Privacy and Security Risks

 

[I@beck]

At this point of time, I support Apple for not allowing sideloading. Security and privacy are my upmost important thing for me. please don’t make Apple become Android 2.

 

[Liquid Galaxy]

And only having the option to download from the AppStore is how it should continue to be. If people want to sideload etc. then they have the option to go and buy an Android device. This whole suing culture from companies that are getting their pants in a twist because they have to follow Apples App Store rules and regs baffles me every time.

 

[TheGhostWalker]

At this point of time, I support Apple for not allowing sideloading. Security and privacy are my upmost important thing for me.

I completely agree

 

[SurferPup]

I'm with you (I@beck). A lot of positives about iOS over Android and Windows.

 

[GubbyMan]

Interesting that they only mention side-loading on an iPhone. Nothing about the iPad also being locked down. I hope they make iPadOS as open as macOS.

 

[ian87w]

And only having the option to download from the AppStore is how it should continue to be. If people want to sideload etc. then they have the option to go and buy an Android device. This whole suing culture from companies that are getting their pants in a twist because they have to follow Apples App Store rules and regs baffles me every time.

This. The choice is already there. Making every platform to be roughly the same is not choice, it's removing choice.
It's funny how people demanding choice actually want to remove choice.

 

[bandrews]

At this point of time, I support Apple for not allowing sideloading. Security and privacy are my upmost important thing for me.

You could just not sideload then? I'm not into sideloading but what's the harm in allowing others to do it so long as they're presented with a warning/disclaimer before doing so?

 

[Your Royal Highness]

Give me a torrent app, a media player that supports all codecs, a browser that doesn’t use Safari API’s and Terminal. Then we won’t need another App Store. Oh and while we’re at it apps that improve file browsing and improves multitasking.

 

[iGobbleoff]

Didn’t the App Store let in apps that were fakes of real apps?

 

[passatgt]

"100,000 new apps and updates are reviewed every week on average by a team of over 500 dedicated experts, who review apps in different languages."

So one reviewer check 200 apps a week. With a 40 hour work schedule, thats 12 minutes / app to install, signup, test etc... I think it would make sense to at least double the review team. And that way it would be possible to actually communicate with someone regarding rejections, issues etc... at the moment it's really hard to do this. When i submitted my health-related app, i spent months getting it accepted, because the reviewers that tried my app didn't had any health data on his/her phone(i obviously explained this in the comments, to at least add one record). In the end i sent an appeal and it was accepted a couple of weeks later. But the lack of communication was very bad, i wasn't sure what was the issue with my app.

One time i submitted a broken app update accidentally, which would crash immediately on app launch. It was accepted just fine, so on review they didn't even start the app.

Just a quick App Store check reveals multiple apps that against the guidelines, yet they are still on the top free list. For example Lie Detector Truth Test is #191 in entertainment, while the guidelines clearly indicates: "False information and features, including inaccurate device data or trick/joke functionality, such as fake location trackers. Stating that the app is “for entertainment purposes” won’t overcome this guideline. Apps that enable anonymous or prank phone calls or SMS/MMS messaging will be rejected.". #133 is a ghost detector app... again, violation of the guidelines. Top #198, #194 and #85 is a prank call app. All of these apps feature in-app purchases. Like you can buy the PRO version of ghost detecting(what???) for just $3.99.

Since these all generate money for Apple, i don't think they really care to strictly employ the guidelines. And lets not talk about 99% of the dating apps in the social networking category, which are basically the same apps with different names, fakes user profiles, fake chats, highly erotic images and videos with super expensive in-app purchases...

Also, one would expect a report an issue button in the app store. But if you check, theres actually no option available to do this, you can only report issues or request a refund on apple's website and it's not that easy to find.

 

[ian87w]

You could just not sideload then? I'm not into sideloading but what's the harm in allowing others to do it so long as they're presented with a warning/disclaimer before doing so?

You can already jailbreak iPhones. Why do you want governments putting their hands in this?

 

[TheYayAreaLiving 🎗️]

Apple is so right about this. Make it stop Apple.

 

[Onelifenofear]

Apple's reasoning is like communist countries. "Don't be free, you will lose our protection". Pathetic.

What a ridiculous comparison. In your analogy, Android is America. Where everyone looks out for there own protection… and that worked out great right.

 

[kk200]

And only having the option to download from the AppStore is how it should continue to be. If people want to sideload etc. then they have the option to go and buy an Android device. This whole suing culture from companies that are getting their pants in a twist because they have to follow Apples App Store rules and regs baffles me every time.

what about iPhone 6 and iPad Mini 4? They can merely download anything new from AppStore.

 

[Patriks7]

I'm no lawyer (obviously), but I'm still trying to understand how other companies can attempt to dictate what Apple should provide on an OS that Apple themselves developed and are actively supporting.

 

[kk200]

You can already jailbreak iPhones. Why do you want governments putting their hands in this?

Because Apple doesn't provide official jailbreak guide.

 

[ian87w]

Because Apple doesn't provide official jailbreak guide.

Wait, people claim they're sophisticated enough to install apps outside the store that they don't need Apple's walled garden, but you want Apple's guide to jailbreak? Are you a novice? Novices should then stick in the walled garden.

 

[LFC2020]

At this point of time, I support Apple for not allowing sideloading. Security and privacy are my upmost important thing for me.

ABSOLUTELY agree 100%

If anything I hope they lock it down even more. 😎👌

 

[tcgjeukens]

I'm a MacOS users since 2005. I've always been able to exercise a decent degree of autonomy over my device. I can install apps from the AppStore, Identified Developers ... and after ignoring a set of warnings, Unidentified Developers.
Ever since, MacOS has been my safest and stable platform.
Unfortunately this level of autonomy does not extend to iOS. This needs to change! It is possible as MacOS has proven for so many years.

 

[Mutepointer]

Security and privacy is also very important to myself. That is why I tag everywhere I go, use Facebook, and other apps, and use smartphones, smart lights, use Apple Pay… oh wait! I’m being tracked more than ever! /s ?

 

[markfc]

If you don’t want to risk it then don’t side load. So long as there are api’s in place to detect phones that have side loaded apps then banking apps and the like can detect this and just not work.

 

[Khedron]

I'm a MacOS users since 2005. I've always been able to exercise a decent degree of autonomy over my device. I can install apps from the AppStore, Identified Developers ... and after ignoring a set of warnings, Unidentified Developers.
Ever since, MacOS has been my safest and stable platform.
Unfortunately this level of autonomy does not extend to iOS. This needs to change! It is possible as MacOS has proven for so many years.
View attachment 1796775

Ssshhhhhhh Tim doesn’t like people bringing up MacOS

 

[sdz]

That means they admit that their software is garbage and insecure ?

 

[kk200]

Wait, people claim they're sophisticated enough to install apps outside the store that they don't need Apple's walled garden, but you want Apple's guide to jailbreak? Are you a novice? Novices should then stick in the walled garden.

I can lock you up and say I don't forbid your freedom. You are free to open the cage.