Apple's Arguments Against Sideloading on iOS: All Your Questions Answered

[840quadra]

This argument comes up every time this topic is discussed. The problem is that you can be as careful as you want, but your information is only as safe as the least common denominator of the people you communicate/know/associate with. If anyone at all that knows you is less careful thank you are, and lets bad software access all data on their devices, then everything they know about you becomes know as well.

Example: So often I get emails sent to me by people I know. They don't say anything that makes sense, and have a link for me to click. To anyone tech savvy, we know that the email did not really originate from our friend/family member. But to less savvy people, they might click the link. That contact email they used to email you became known to some scammer somewhere. What other information did they obtain? If they had access to someone's contact list, they would know your home address, email, phone number, and what else? Photos, videos.... files... etc. Do see my point? They don't need to compromise your device in any way at all to get all that. Just the device of anyone at all that you know that has any of that info about you. I take comfort in knowing who I communicate has an iPhone and is less likely to have malignant software.

I am not sure what your comment has to do with software installations on iOS.

Say one of those links has an application within it, Are you assuming iOS will not have similar safeguards as MacOS with regards opening / launching an application from an outside source?

Regarding your comment, What if they are sending you an email using their Apple ID from an infected PC or Android device? It is quite easy to send / receive iCloud / me / etc emails from Windows, Linux, Android or other Operating systems.

Don't assume because someone is an Apple user, that their content , data, or transactions are safer than anyone else.

 

[paradox00]

Ultimately if a user is careful and aware of what is being downloaded, sideloading cannot harm. But everyone may not be so careful. Only in this case can sideloading do harm. Apple is all about security. So don't see apple ever allowimg sideloading on iOS unless they are forced to do it by a court order

If Apple discovered that sideloading could somehow make them more money, they'd allow it in a heartbeat. Not only that; they'd tell the world just how amazingly secure their sideloading solution was. Apple is all about maximizing profit, then making things as secure as possible without compromising that profit. You don't get to a $2.43T market cap without that.

 

[gaggle]

If Apple discovered that sideloading could somehow make them more money, they'd allow it in a heartbeat. Not only that; they'd tell the world just how amazingly secure their sideloading solution was. Apple is all about maximizing profit, then making things as secure as possible without compromising that profit. You don't get to a $2.43T market cap without that.

Sometimes it can be both. iOS' success is they have married privacy and security with profits. Android has married being an open platform with their profits. Both are valid strategies, both are successful platforms, and we can each choose which tradeoff we want. I mean, you don't get to opt out of the big-business-earning-money model, that's baked into all the big players, but you can choose the tradeoffs around their maximized profits.

And in this case sideloading is inherently, by its very nature, less secure. It will always be less secure, there is fundamentally, physically, by the laws of nature and the Universe itself, no way to allow sideloading without also inviting more attack surface for malware. For better or worse (I think it's a lot better!) Apple has maximized profits in the direction of security so they should not allow sideloading. It's also not safe on macOS, it certainly won't be safe on iOS, so they need to stay away from it and demand they get to keep their users secure. It is the only way to make sure everyone with an iPhone, even the oldest grandpa and the smallest kid, can't be convinced to click a bunch of buttons and end up with evil apps and Yahoo toolbars and all the other **** that exists on PCs (including macOS!).

The path forward for Apple IMO is to more aggressively support web apps. The web is the only viable, fully open platform, which has received literally hundreds of thousands of work-hours to make it as secure and safe as possible. It is by far, BY FAR, not perfect, but it's the best it can be given its an open platform. If Apple doubles down on web apps, allowing e.g. touch-id and other features to be used, it will be possible to build web apps that behave more like native apps, and that'll close the gap. It won't ever be perfect, and there's a huge standardization body to work with to move the web in the direction of closing those gaps, but it has been done already for decades and will continue to do so, and Apple should make their committments to the web clear to shake themselves free from this regulatory noose they find themselves in.

 

[grandM]

LOL i don't even know what to say to this, because it feels awkward reading it.

I wonder where we were, if all was AppStore controlled from the beginning, from Servers, Routers, Switches to Macs, PCs, Macs, etc.

Almost our whole world runs on hardware and software where sideloading is possible.
Incl. your Bank Servers, Stock Exchanges, Hospitals, Police Stations, Other critical Infrastructure Hardware and probably even Reactors, etc. Our world wouldn't exist if sideloading were never possible.

Not even macOS, iOS, iPadOS would exist, because its based on multiple Software Sources that was freely available(KHTML,FreeBSD and more).

Those statements sounds like the next Zombie apocalypse will break in if they allow sideloading.
But they will get forced anyway, again "Digital Markets Act" to the rescue.

Sure. Our government was hacked for years by China. Company after company victim to ransomware. Those reactors luckily tend to run on ancient systems. Let's hope hackers stay away from hospitals.

 

[grandM]

Sometimes it can be both. iOS' success is they have married privacy and security with profits. Android has married being an open platform with their profits. Both are valid strategies, both are successful platforms, and we can each choose which tradeoff we want. I mean, you don't get to opt out of the big-business-earning-money model, that's baked into all the big players, but you can choose the tradeoffs around their maximized profits.

And in this case sideloading is inherently, by its very nature, less secure. It will always be less secure, there is fundamentally, physically, by the laws of nature and the Universe itself, no way to allow sideloading without also inviting more attack surface for malware. For better or worse (I think it's a lot better!) Apple has maximized profits in the direction of security so they should not allow sideloading. It's also not safe on macOS, it certainly won't be safe on iOS, so they need to stay away from it and demand they get to keep their users secure. It is the only way to make sure everyone with an iPhone, even the oldest grandpa and the smallest kid, can't be convinced to click a bunch of buttons and end up with evil apps and Yahoo toolbars and all the other **** that exists on PCs (including macOS!).

The path forward for Apple IMO is to more aggressively support web apps. The web is the only viable, fully open platform, which has received literally hundreds of thousands of work-hours to make it as secure and safe as possible. It is by far, BY FAR, not perfect, but it's the best it can be given its an open platform. If Apple doubles down on web apps, allowing e.g. touch-id and other features to be used, it will be possible to build web apps that behave more like native apps, and that'll close the gap. It won't ever be perfect, and there's a huge standardization body to work with to move the web in the direction of closing those gaps, but it has been done already for decades and will continue to do so, and Apple should make their committments to the web clear to shake themselves free from this regulatory noose they find themselves in.

Web apps are super inefficient. Native please!

 

[gaggle]

Web apps are super inefficient. Native please!

They don't really have to be though. Well, in some ways yes, GPU access, audio, and other low-level things means there'll always be more raw power available native, and by focusing just on the native featureset you can optimize for its resources better. So more inefficient? Yes, sure, you're right. But "super" inefficient? Mm, depends on the context. You could certainly run a great banking experience on the web. Spreadsheets, text editing, there's a long list of workloads that suits the web just fine. And, yes, also a lot of ways to mess it up, e.g. getting the native feel is difficult because the web doesn't have native controls… but what if the big companies came together and formed a standardized way to express native-feeling controls on the web? It's not that it's easy, but in principle the web could carry a lot of the native-app weight, and I'd love to see Apple dedicate resources towards that so the native experience can stay secure.

 

[SurferPup]

I'm against side loading except for one organisation that gave me a discounted subscription for the first month at a heavily reduced price of $5. I discontinued after the month and still have access to their lessons at no cost to myself. They may have deprived Apple of $2 however they pay staff to present their training and have no idea they have inadvertently done a bigger disservice to themselves. There are possibly other users who have figured out the free subscription method. For them and other companies that deprive themselves of income by circumventing Apple's platform, I say, "????????????????????????????????????."

 

[iLondoner]

I am totally in favour of Apple's stance on iOS, if I wasn't I would buy an Android phone. I would also be happy with preventing side-loaded apps on macOS and only being able to load Mac apps via the Mac app store. And whilst I'm at it, force all social media and other Internet traffic to be ultimately identified back to the originator. I have nothing to hide and there's a lot of bad guys out there.

 

[grandM]

They don't really have to be though. Well, in some ways yes, GPU access, audio, and other low-level things means there'll always be more raw power available native, and by focusing just on the native featureset you can optimize for its resources better. So more inefficient? Yes, sure, you're right. But "super" inefficient? Mm, depends on the context. You could certainly run a great banking experience on the web. Spreadsheets, text editing, there's a long list of workloads that suits the web just fine. And, yes, also a lot of ways to mess it up, e.g. getting the native feel is difficult because the web doesn't have native controls… but what if the big companies came together and formed a standardized way to express native-feeling controls on the web? It's not that it's easy, but in principle the web could carry a lot of the native-app weight, and I'd love to see Apple dedicate resources towards that so the native experience can stay secure.

I'm sorry to disappoint you. Every web app is a waste of resources. You give the example of a bank. Is a bank really so cheap it can't afford a dedicated team of developers? They've closed down near all their brick offices, service is crap, you must make an appointment so they can cheapen out on employees. Sure loans are less expensive but so are interest rates so maybe loans are in fact more expensive. The web is meant for surfing. It's already bad enough if that bank delivers an electron app costing you more energy for a worse performance.

 

[Wildkraut]

Sure. Our government was hacked for years by China. Company after company victim to ransomware. Those reactors luckily tend to run on ancient systems. Let's hope hackers stay away from hospitals.

As if your government don’t hack other governments. Finger pointing is easy.

 

[grandM]

As if your government don’t hack other governments. Finger pointing is easy.

'My' government doesn't have the skills to do so.

 

[Wildkraut]

I am totally in favour of Apple's stance on iOS, if I wasn't I would buy an Android phone. I would also be happy with preventing side-loaded apps on macOS and only being able to load Mac apps via the Mac app store. And whilst I'm at it, force all social media and other Internet traffic to be ultimately identified back to the originator. I have nothing to hide and there's a lot of bad guys out there.

You better shut your blinds and hide under the table, there’s a lot of bad guys out there. They probably cross your way multiple times a day, better stay at home, don’t go out. Safety first!

 

[ian87w]

No one chose iOS because it's a walled garden. Certainly not because they don't allow sideloading of apps.

It’s been how many years since iOS existed? 13 years? 13 years without sideloading, and people are still buying them. Shows that there’s a market demand for the iOS model for a platform.

 

[DHagan4755]

I feel you didn’t even read the whole article and how Craig specifically addressed you screenshot. Now if you have a counter argument to his remark maybe your comment would have some weight to it.

I've heard & read everything Craig had to say on the matter. It didn't change my mind. Frankly, Apple's defense was laughable & even they know it. Over the years Apple has built a system for safely sideloading apps on the Mac outside the App Store that specifically counters their sideloading arguments on the iPhone.

Notarizing macOS software before distribution | Apple Developer Documentation

Give users even more confidence in your macOS software by submitting it to Apple for notarization.

developer.apple.com

Key portion from the link:

Beginning in macOS 10.14.5, software signed with a new Developer ID certificate and all new or updated kernel extensions must be notarized to run. Beginning in macOS 10.15, all software built after June 1, 2019, and distributed with Developer ID must be notarized. However, you aren’t required to notarize software that you distribute through the Mac App Store because the App Store submission process already includes equivalent security checks.

 

[ian87w]

You heard it here first. The only difference between an iPhone and Android is sideloading. There are no other factors that a user might consider when making their purchasing decision. You can have a pizza with cheese. If you don't like it, you can have a salad. Don't you dare ask for other toppings.

Imagine going to McDonals but demanding them to sell a BK Whooper.
McDonalds has their own menu and how to conduct their business, Burger King has their own. Choice.
Apple has their own platform and how to conduct their business, other Android OEMs have theirs. Choice.

You don't go to McDonalds and then complain that they don't give you a choice because they don't sell a BK Whooper. You don't buy an iPhone, knowing how they run iOS for more than 10 years, and the complain that they don't give you a choice because they don't allow sideloading.

 

[Ceed]

That's very true about phones being highly sensitive, it reminds me of all those company secrets stolen off laptops you hear about all the time. Wait, we want to lock down and restrict those too, right? I sure hope so.

And think back to all those intimate photos stolen from iCloud in the biggest breach in recent memory! Why are we allowing smut like that online anyways? We need to scan for that kind of content and stop it from even uploading. A controlled internet is a safer internet.

 

[Wildkraut]

That's very true about phones being highly sensitive, it reminds me of all those company secrets stolen off laptops you hear about all the time. Wait, we want to lock down and restrict those too, right? I sure hope so.

And think back to all those intimate photos stolen from iCloud in the biggest breach in recent memory! Why are we allowing smut like that online anyways? We need to scan for that kind of content and stop it from even uploading. A controlled internet is a safer internet.

Better no internet at all! and generally prohibit phones, if they hold so many sensitive informations.
Safety first!

 

[I7guy]

Better no internet at all! and generally prohibit phones, if they hold so many sensitive informations.
Safety first!

Okay you’re right. But let’s start with not allowing sideloading.

 

[amartinez1660]

You better shut your blinds and hide under the table, there’s a lot of bad guys out there. They probably cross your way multiple times a day, better stay at home, don’t go out. Safety first!

I would entertain this extreme idea if we are willing to entertain the extreme opposite of no blinds, no walls, no doors, no locks for homes.
I’ll continue to have walls, doors and locks at home but I welcome others to be less paranoid than me and get rid of all that.

 

[the8thark]

Those arguments are nice. But seriously, put more app reviewers on the team.
Any more scam apps gaining traction on the App Store will put all those arguments rather unconvincing at best and pretty much invalid at worst.

More app reviewers means nothing when Apple policy restricts them from doing the job they should be doing.

 

[darcyf]

The arguments against sideloading on iOS/iPadOS are throughly unconvincing since we can already sideload apps on macOS.

View attachment 1908188​

They literally answer this in the article.

 

[darcyf]

Android isn't the problem, users being cheap, lazy, and not sourcing / buying quality applications is the problem. Side-Loading prompts you with similar warning messages that Mac OS does.

View attachment 1908192


The fact that you get the option like you can install any app on a PC and Mac, is actually a great feature. As long as you aren't obtuse, careless, or otherwise, Android is not much worse off than those operating systems or iOS.

Blaming the customer is a poor business model. Apple would rather believe customers are busy rather than lazy, and would prefer to cater to their needs rather than chastise them for not being savvy enough.

 

[darcyf]

Rubbish. That's like saying having Apple app store opens one up to unauthorized purchases.

No it isn’t. It’s not like saying that at all.

 

[Sciomar]

I hope Apple fights this one to the bitter end, sideloading is not a boon. When fighting cancer you don't invite more cancer in. The app store has enough malicious content as it is, imagine with sideloading being an option. Not everyone will do their due diligence or even read the warnings, now that potentially leads to their contacts' also being infected and so on. Either jailbreak your iphone, buy an android, or design your own smartphone if you want something outside the walled garden.

 

[Ceed]

I can't help but be reminded of impassioned Chinese netizens online pointing to the negative happenings in the US as an example of the folly of unrestrained "freedom" compared to their tightly controlled one-party system. It's the exact same language, the exact same line of thinking, everything.