Thats you
I can tell you if I didn't have half the apps available on my iPhone I wouldn't use an iPhone.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Says Allowing Sideloading on iPhone Would Expose Users to Serious Privacy and Security Risks
- Thread starter MacRumors
- Start date
- Sort by reaction score
I can tell you if I didn't have half the apps available on my iPhone I wouldn't use an iPhone.
1: don't use "snapchat" if you want security. this comes accross as one of thiose ridiculous ignorant comments from people who claim they'll only use Apple device, while they share all their information on social media.
2: this has nothing to do with the OS and are App specific restrictions. There is nothing stopping me today on going into any snapchat I have, and taking screen shots. this isn't something Apple is currently protecting you from.
I have only seen OS's protect content of apps when specifically under a managed solution that controls such access. For Example, I have outlook MDM'd on my corporate network. Users can load their outlook on their phone. but you cannot screenshot it as the app will only look blurry to all external programs. You cannot copy and paste between the apps either. This isn't specific to an OS. this behaviour is true on both Android and iOS and is a feature of the applications themselevs
honestly. Peopple need to learn exactly what Apple security is that they're being sold. You are NOT having your in-app content protected from 3rd party services by Apple's rules. As long as you are relying on someone elses servers and applications, you are theoretically at risk.
Even today, you need to assume that no communication, even with iOS users is "safe" u nless you are using a toolset that guarantees that there is no way of screen recording or taking images of your devices display.
Fair enough.
But still, iPhone is perfectly usable device without any 3rd party app, especially if there’s a website version.
YouTube is an example. I’m using the website because of ridiculous amount of ads in the app which can’t be adblocked.
But I get your point anyway
Because I read their publication and am capable of critical thought. Have you read it?
\
Webapps are a great idea and I'm all for removing the vendor tie down to either platforms and relying on open platforms that work on anything via a web browser.
but Apple also tells you those are insecure, and you should only use app store stuff that they receive money from
listen, I'm in the camp that the iPhone ahs a lot of really good security focused feature for removing tracking from us, but the coments in this thread alone evidence most people on these forums don't know what Apple is actually doing, nor do they understand the difference between privacy and security.
Apple does a lot to help us keep ourselves private and not-tracked. But they are not significantly different in the security realm. Apple doesn't block us from taking screenshots of app content and sharing it with whoever we want. there's no "knox" personal space that's kept isolated from the rest of the phone. Heck, there's not even the ability to offer mutli-login support, meaning if you ever loan your phone to someone else (like your kids), than they're accessing the same data and information you have.
Apple is very intentional in conflating "privacy and security". And it's part of their marketing push.
You’re conflating this a little bit yourself. ios is somewhat renowned for being the most secure os. There are limits to any security though, and they’re generally user based. Screenshots are in the privacy realm, not the security realm. And it’s also firmly in the user error camp. Don’t share what you don’t want shared. If you don’t do this then ios is extremely secure and extremely private, especially ios15.
yes
what I was responding to was directly the claim that someone on the other end of a conversation would have their security violated because someone else installed a 3rd party app
that's bunk. that is someone pulling nonsense out of their ass because they don't know know or understand security/privacy and are just following Apple's rhetoric talking points as fact.
As I was evidencing is that just because the person on the other end of the conversation has 3rd party sideloaded apps installed doesn't suddenly make this users conversation less secure. it's about the same it is now.
If Apple was truly trying to provide top tier security on iOS, than we would be able to individually sandbox all data from eachother. Including sandboxing and bluring out the screens from the OS (similar to what Outlook does when MDM controlled)
the fact that Apple doesn't provide native secure "zone" on the phone where you cannot even screenshot the app, means they aren't quite the "top" like they claim.
I can tell you from a Canadian financial regulatory perspective, Knox is considered far more secure since you can isolate the applications in that zone completely from the rest of the OS. not even screenshots can be taken that can leave knox area. Apple could do a lot more in the actual security realm by implementing something like this.
I will say, their privacy controlls are best in business
I think they’re trying to make it ‘for the masses’, and that’s a reason as to why it fails in some aspects. They want automatic as much as they can. Looking at where they’re heading, they’ll solve this problem and implement it. One day.
It actually makes little sense because you can still capture your screen using another device. But from developer’s point of view, you can detect screenshot or airplay and hide your content. But then again, it just an illusion of protection.
Guess it comes down to the second part of my statement. How do you explain away Apple misrepresenting how security works on the Mac (the default setting is app store apps and trusted developers with certificates they can revoke) to make it appear less suitable for the iPhone?
Absolute nonsense. To even access sideloading the user would have to have the tech know-how to actually, ya know sideload. It's not something you wind up doing accidentally.
He probably knows nothing about it. In his case, ignorance would be bliss... and safety. He wouldn't be able to sideload because he, in your scenario, doesn't even know what it is.
Why do you think it would change for anyone? Sideloading wouldn't be a requirement. Users could, and the vast majority of users would continue using the app store as they always have. I'm not sure you actually understand sideloading because all of your scary examples have no reason to exist. There's no "oops I sideloaded by accident scenario here".
There's no correlation between sideloading an that scam. That scam exists and doesn't require sideloading. You got it. Didn't come from sideloading either. Trying to use an unrelated scam example to bolster your point here is kinda disingenuous, whether by intent or accident.
Look. If instructed on how to, by a malicious developer or by a scammer, then it’s completely possible. Try downloading a Mac app and look at how it walks you through all w security settings, such as ‘allow full disk access’. I’m not saying it’s accidental.
Except in the above scenario. ‘Probably’ doesn’t cut it with device security.
Again, malicious actors would easily be able to walk the unsuspecting through the steps. You assume everyone knows about this but in reality, very few know the risks.
But if the link led to an app download page masquerading as the AppStore? The link already leads to a fake PayPal page. I can’t believe you’re that ignorant, it can’t be true as you’re posing intelligent questions. But to deny the possibility is being truly ignorant, so I’m at a loss.
The absolute fact of the matter is, if you introduce the ability- it can and will be used as I have described. If the ability doesn’t exist, it can’t be used and that’s the point and it’s valid, regardless of your apparent disregard.
Many many developers choose to follow Apple’s rules because to them it’s worth it overall. If that wasn’t the case, then yes it would be in Apple’s best interest to change their rules. But as long as the App Store is thriving, which it is, then there’s nothing to motivate Apple to change their views. That’s why some iOS app developers are turning to lawmakers to try to get their way. But as long as another major mobile platform like Android exists, I don’t see the legal basis to force Apple to conform. Apple is playing by the free market rules, the main one being letting the consumer choose which platform succeeds. If consumers truly valued openness over whatever Apple offers, then Apple would have already failed.
What you’re proposing is very developer-centric. Appease their demands and hope that they give the user everything the user wants. First, I don’t think the Netflix example is very compelling as a user. It’s not that big of a deal to go to the Netflix site to start a subscription. Second, I don’t think that trickle-down goodwill is the way things would happen in actuality. Sure, an app might make a subscription available within the app, but the larger issue is that every developer will be completely free to implement their app however they want. Some will do a good job. Some will do a bad job. Some will do shady, under-the-hood practices which will go unnoticed by users. This is Android. As a user, I don’t want this. That’s one of the main reasons why I choose Apple. As a user, I want the platform to do the policing for me (as best they reasonably can). And as I alluded to in my previous post, if you poke even one hole in the App Store enclosure, then all the pressure will cause a leakage out of that hole and compromise the entire system. Laws should not take away consumer choice by forcing that to happen.
The free market is consumer-centric. Developers want direct access to the consumer but they are failing to see that consumer demand is the end all, not developer demand. And they are ignoring that the consumer doesn’t just buy into individual apps, they buy into the entire package that platforms like iOS and Android offer. Some prefer the way iOS does it overall, some prefer Android overall (some are unhappy with both but that’s the way it is). Let different platforms continue to do things differently. Let developers continue choose which platforms are worth the venture. Let users continue to choose the platform that they prefer as an entire package. The law should not interfere with this basic free market functionality unless the balance eventually becomes too heavily lopsided toward one platform.
Tell me how this does anything at all if you can screenshot elsewhere in the os? Or if someone else screenshots something? That’s the rub, it’s like protonmail. I use it, it’s very secure, but as soon as you send the email into the wild, not to another pm user or not covered by pgp, then it’s there on someone else’s gmail or whatever account plain as day. Regardless of the steps you think you took.
Snapchat protects you. It notifies you when screenshots are taken from another user. There are apps that can be sideloaded on an iPhone that bypass this functionality. I love that you call Snapchat social media when I have never used it more than a messenger. Not saying any of them are perfectly trustworthy but there is a baseline and modded apps make even the baseline useless.
The point is people hack apps regularly in the jailbroken space to circumvent security features or bypass licensing. Maybe take five minutes and look at what people do with Jailbroken devices that will be opened up worse than it already is.
These modifications and piracy are rampant on Android/jailbroken iphones. Do some googling and get educated on what you are fighting for.
Facebook had their Apple enterprise certificate revoked for sideloading a VPN app that just tracked where people were at all times not too long ago. Lets not just let every Tom Dick and Harry throw out apps and mods that "trust me" are safe.
By the way you are throwing around MDM and talking about MAM. Yes I do this stuff too and have zero interest in making developers richer by getting more of my data. We already know Epic started this because they want your credit card information in their "safe hands" vs Apple.
You rant about nothing is safe. No kidding. Do you know how many people know how to even do a screen recording? Guess what people are stupid. If they have an easy button to install "conversation recorder" that's a lot different than yeah they can rig up a digital camera and take pictures of the phone screen.
Amazes me how many people would rather give every developer their credit card information vs Apple.
So you say… until devs only allow via ‘side loading’ because they want to escape the App Store. Then you’re forced to. And there goes all the privacy that was worked so hard for!
You’re confused by your lack of full understanding of iOS! Also by your lack of understanding of how it’s built.
Not true anything man made can be hacked. If you give the option it can be used against you.