Apple's Arguments Against Sideloading on iOS: All Your Questions Answered

[Wildkraut]

I hope Apple fights this one to the bitter end, sideloading is not a boon. When fighting cancer you don't invite more cancer in. The app store has enough malicious content as it is, imagine with sideloading being an option. Not everyone will do their due diligence or even read the warnings, now that potentially leads to their contacts' also being infected and so on. Either jailbreak your iphone, buy an android, or design your own smartphone if you want something outside the walled garden.

Yeah yeah, the history is repeating, Microsoft described Linux as a cancer, too.
See where Linux is today, and Microsoft even partly added it as WSL to Windows.

It's inevitable, Apple will be forced to make more changes, and will stay on the watch list.

 

[Ethosik]

Goto this Apple article and read up on the feature. https://support.apple.com/en-us/HT202491

You’ll see that the feature can be overridden and therefor a user could be compelled to install an application that is not notarized and could compromise their Mac. Which is likely why Craig said macOS has a malware problem. Just because folks have a choice doesn’t mean they’ll will make good decisions.

If you want to open an app that hasn’t been notarized or is from an unidentified developer​

Running software that hasn’t been signed and notarized may expose your computer and personal information to malware that can harm your Mac or compromise your privacy. If you’re certain that an app you want to install is from a trustworthy source and hasn’t been tampered with, you can temporarily override your Mac security settings to open it.
If you still want to open an app for which the developer cannot be verified, open System Preferences.*

Go to Security & Privacy. Click the Open Anyway button in the General pane to confirm your intent to open or install the app.

The warning prompt reappears, and if you're absolutely sure you want to open the app anyway, you can click Open.

The app is now saved as an exception to your security settings, and you can open it in the future by double-clicking it, just as you can any authorized app.

Yep I had to do this with Minecraft. Windows still has unsigned applications.

 

[phpmaven]

they don't even need to do that. if you have geolocation on, companies compare your geolocation to other users and can pretty much know who you hang out with and target them with the same products they target you with. that's why if someone in your household goes to home depot, all of a sudden you'll get toilet ads.

The best geolocation could do is figure out what city you are in.

 

[Sciomar]

Yeah yeah, the history is repeating, Microsoft described Linux as a cancer, too.
See where Linux is today, and Microsoft even partly added it as WSL to Windows.

It's inevitable, Apple will be forced to make more changes, and will stay on the watch list.

I'm glad we agree that if users want different apps they should get a device running the operating system with security protocols matching their needs.

 

[Ethosik]

Drinking and driving impacts others. Grandma getting malware on her phone most likely doesn’t.

Apple has the ability to remotely kill apps that are found to be malicious. Between that, app sandboxing, and the apparently 6 people who have the common sense not to install apps from untrusted sources, that should be sufficient.

Yes it does. Leads to contact list being taken, have that device participate in sending spam/scams and DDoS.

 

[Ethosik]

It's simple. All who wants sideloading have valid reasons IF iOS was the only mobile platform. In reality, it's not.

So, consumers already have a choice if they want a platform that allow sideloading. That's Android. That's choice. iOS' existence is actually providing more choice as it offers a walled garden approach to those who want to. Demanding iOS to be like Android is actually removing choice, as now you only have two platforms that are more of the same.

Conformity != choice. Wanting iOS to be like Android is just conformity.

Love this! The ONLY reason I, and the rest of my family and friends, ONLY use iOS due to it being completely closed. If iOS becomes Android, I’ll stop using Apple as android phones are cheaper and better.

 

[TheToolGuide]

That sounds like a grandma problem. If apps have unfettered access to grandma’s contacts, that’d be an Apple problem.

With that line of thinking, maybe iOS isn’t actually so secure and the App Store is the only thing keeping the house of cards from collapsing.

Actually for the most part Apple is pretty secure, which is why so many people are against this idea. However people are not nearly as secure and store their data in less secure ways. Or they might have your information and are not being careful with it. Again you are coming off a bit ignorant and narrow minded since you are only talking about ‘Grandmas’. I guarantee if you are using an iPhone and I took the time to inspect it ‘with your permission’ you are doing something that is compromising your data and in turn possible compromising someone else’s. Its almost a statistical fact that I will find something, though maybe minor.

When you take into consideration all the people who use iOS and the varying degrees of carelessness people take with data you’ll begin to see just how other people get compromised.

But if you want to side load you can always go to Android or jailbreak you iPhone if you feel so comfortable with it.

 

[TheToolGuide]

I've heard & read everything Craig had to say on the matter. It didn't change my mind. Frankly, Apple's defense was laughable & even they know it. Over the years Apple has built a system for safely sideloading apps on the Mac outside the App Store that specifically counters their sideloading arguments on the iPhone.

Notarizing macOS software before distribution | Apple Developer Documentation

Give users even more confidence in your macOS software by submitting it to Apple for notarization.

developer.apple.com

Key portion from the link:

Hold my beer while I bring up the Gatekeeper site here. I suggest you read the whole thing but specifically this section below will show you that it is not full proof. So while you may have provided at least a bit of information about your view it is not concise.

macOS was around long before iOS. When iOS started they wanted to avoid this issue on that platform so it was there from the beginning. However Craig has stated since macOS was already allowing for Apps to be install from an external source they came up with systems like GateKeeper which still is not enough. These are comments from his own testimony. Below is exactly how people can get around it and also how companies would compel people to circumvent it. Kids download stuff on computers all the time so they can record audio off of YouTube, many of these apps are unidentified developers. Other people just click on the warnings because they need to get a thing on their Mac to do something.

While you and many others are good about what you are putting on your Mac there are millions upon millions of people who have even less awareness about it. Gatekeeper is just a band-Aid Apple came up with to mitigate malware on a platform they couldn’t close like iOS. They are completely different things and comparing them becomes silly when you get into the details of how they differ.

If you want to open an app that hasn’t been notarized or is from an unidentified developer​

Running software that hasn’t been signed and notarized may expose your computer and personal information to malware that can harm your Mac or compromise your privacy. If you’re certain that an app you want to install is from a trustworthy source and hasn’t been tampered with, you can temporarily override your Mac security settings to open it.
If you still want to open an app for which the developer cannot be verified, open System Preferences.*

Go to Security & Privacy. Click the Open Anyway button in the General pane to confirm your intent to open or install the app.

The warning prompt reappears, and if you're absolutely sure you want to open the app anyway, you can click Open.

The app is now saved as an exception to your security settings, and you can open it in the future by double-clicking it, just as you can any authorized app.

​

 

[DHagan4755]

The app is now saved as an exception to your security settings, and you can open it in the future by double-clicking it, just as you can any authorized app.

I don't know how much more explicit those prompts have to be. But if you're John Q. Public & after these prompts still proceed to open this... that's on you. You qualify as a dumbass. Why should some dumbass prohibit me from sideloading apps on my iPhone or iPad? They don't on the Mac. The point is the guardrails are there on macOS & would work on iOS/iPad OS.

 

[Khalmoon]

• "Mobile antivirus software, which some users may need to download to protect against sideloaded apps, cost consumers over $3.4 billion"

but iOS has a lot of antivirus software

???

 

[Pro Apple Silicon]

This is completely false. There are zero day flaws, exploits and social engineering. And if any of your FRIENDS or FAMILY gets infected, your contact information is then turned over.

LOL. Zero day = zero concern.

 

[elmateo487]

Yes I did, because I am not caught in the obscurity distortion field that Apple is pushing. That same paper hardly touches on the increase in zero day issues, and malware found on their own platform. Additionally, Did you know that many of the source documents in Apple's report don't specifically call out Android at all?

Lets look at their very first source citation within this 31 page marketing paper.

What MacRumors posted.


What was actually said in Apple's paper, in a bold section, right next to an unrelated comment about Android. (This is a classic psychological marketing trick to cause an inference)



Apple lists the source.



The source says the following



The Word Android is never used in that report.

There are other instances in Apple's report where I can only assume they expect readers to assume they are talking about Android, but they are actually citing Computing in general, malware in general, ransomware in general, not Android specifically.


At the same time I bet there are some solid facts mixed into that report, but I question some of the numbers as a few sources explain if the devices are even current (with modern security patches) devices, or old relics being used in lower income situations worldwide. Android is a Much much bigger ecosystem than iOS, and there are millions more devices (mostly currently unsupported) that can greatly inflate these malware numbers to make Apple look far more secure than it actually is.

So because you are skeptical of Apple, you went and picked out parts you THINK might be ingenuous then whole sale discounted everything said... that is so typical.

When all you had to do was see that Android has a HUGE malware prevention market on it...

What even is your usecase for wanting sideloading? I am sure you will give the same answer for people who like to torrent "LINUX DISTROS CAN BE DOWNLOADED VIA TORRENT" when in reality everyone just wants to pirate.

 

[topdrawer]

I see apple deployed their marketing team into the forums.

 

[topdrawer]

Please read the whole article before responding anymore. Specifically address the issue that Crag stated about what you are posing as a pro for your argument.

please understand my argument before replying. it doesn't need to be like the mac. they could simply not allow non notarized apps. mac apps that are notarized are checked just like apps distributed on the app store and dont give you a warning. this level of security could be used on an iphone. unless "notarized" apps aren't as safe as apple claims to be and they aren't really checking them.

so no the article did not address my argument.

 

[840quadra]

So because you are skeptical of Apple, you went and picked out parts you THINK might be ingenuous then whole sale discounted everything said... that is so typical.

When all you had to do was see that Android has a HUGE malware prevention market on it...

What even is your usecase for wanting sideloading? I am sure you will give the same answer for people who like to torrent "LINUX DISTROS CAN BE DOWNLOADED VIA TORRENT" when in reality everyone just wants to pirate.

I posted a link to one of Apples sources, pointing out it doesn't actually mention Android, there are other subjective infrances in Apples 31 page report that have nothing to do with Android.

Regarding your comment on anti-malware apps

Anti-malware apps exist on Android mainly because they are permitted, apple essentially does not allow for them due to app store policies and sandboxing apps. Android is similar but allow users to open their device up more to applications to access system files ( if they chose to do so). As a general rule, you don't need them on a supported Android device either.

Another reason they are so popular on Android is for the exact reason I outlined in my reply to you. Many devices older than 3 years don't get security patches. People buy these apps assuming it will make their device safer to use for a longer time. A flawed idea.

In this regard, Apple has a clear win , they support systems longer than Android, and provide security updates for years. That is the main reason I still hold onto my older iOS devices and enjoy using them.

That said, Google is adapting and extending security on new devices for upto 5 years, and it is expected other reputable OEMs will follow.

Regarding overall would numbers if malware on Android, Apple doesn't actually dig into reports that Google shares where they themselves outline how a majority of Infected devices are running very old copies of Android. That is the main cause of malware, not the small subset of global users that actually do install software outside of the play store.

It is not in Apples interest to detail any of that. Why silo and clarify when you can dump all in one basket and produce a higher (scarier) number to market their own products?

If alternative app sources are opened on iOS, it is likely that very few users will actually tap into it ( just like on Android ). Simultaneously, the arguments stating that major developers will ditch the apple approved app store in favor of others will likely not happen either. I can't think of one major software provider that has left the Google play store to force users to sideload. Amazon tried, but has since returned to Google play with prime video and their other apps.

Lastly,
Not going to justify my use of alternative sourced software with you. Judging by your nonsensical suggestion for my use case, and other ad hominem comments, you appear to simply be here for an argument.

I am disinterested.

 

[dba415]

Yes it does. Leads to contact list being taken, have that device participate in sending spam/scams and DDoS.

Umm unless you only give out your phone number to people on iOS, your contact info is at risk no matter what if you are assuming that side loading on Android leads to contacts being stolen.

 

[paradox00]

Sometimes it can be both. iOS' success is they have married privacy and security with profits. Android has married being an open platform with their profits. Both are valid strategies, both are successful platforms, and we can each choose which tradeoff we want. I mean, you don't get to opt out of the big-business-earning-money model, that's baked into all the big players, but you can choose the tradeoffs around their maximized profits.

And in this case sideloading is inherently, by its very nature, less secure. It will always be less secure, there is fundamentally, physically, by the laws of nature and the Universe itself, no way to allow sideloading without also inviting more attack surface for malware. For better or worse (I think it's a lot better!) Apple has maximized profits in the direction of security so they should not allow sideloading. It's also not safe on macOS, it certainly won't be safe on iOS, so they need to stay away from it and demand they get to keep their users secure. It is the only way to make sure everyone with an iPhone, even the oldest grandpa and the smallest kid, can't be convinced to click a bunch of buttons and end up with evil apps and Yahoo toolbars and all the other **** that exists on PCs (including macOS!).

The path forward for Apple IMO is to more aggressively support web apps. The web is the only viable, fully open platform, which has received literally hundreds of thousands of work-hours to make it as secure and safe as possible. It is by far, BY FAR, not perfect, but it's the best it can be given its an open platform. If Apple doubles down on web apps, allowing e.g. touch-id and other features to be used, it will be possible to build web apps that behave more like native apps, and that'll close the gap. It won't ever be perfect, and there's a huge standardization body to work with to move the web in the direction of closing those gaps, but it has been done already for decades and will continue to do so, and Apple should make their committments to the web clear to shake themselves free from this regulatory noose they find themselves in.

Something can be technically less secure with the actual difference itself being largely irrelevant. Imagine I offered to give you $2 or $2.01, which would you choose? Probably $2, the "lesser" option. Who wants to carry around a useless penny/1c coin? Here in Canada, we got rid of it. Same deal here. I want the "less safe" option because the difference in extra security is small enough that it just isn't worth the inconvenience of keeping (unless you're Apple taking a 30% cut).

To my knowledge, Apple has never given actual statistics on how many MacOS infections come from signed apps vs unsigned apps or from flaws in the OS itself. I suspect the numbers wouldn't support their position that they can't even allow signed apps to be sideloaded in fear of security apocalypse.

I don't disagree they should do more to support web apps though.

 

[paradox00]

Imagine going to McDonals but demanding them to sell a BK Whooper.
McDonalds has their own menu and how to conduct their business, Burger King has their own. Choice.
Apple has their own platform and how to conduct their business, other Android OEMs have theirs. Choice.

You don't go to McDonalds and then complain that they don't give you a choice because they don't sell a BK Whooper. You don't buy an iPhone, knowing how they run iOS for more than 10 years, and the complain that they don't give you a choice because they don't allow sideloading.

Go re-read my post; especially the third sentence. The iPhone wouldn't become an Android phone (or a BK Whopper as you say) if Apple enabled sideloading. People who love 99% of something can still criticize the part they don't like (and even be right in their criticism).

 

[jonblatho]

What even is your usecase for wanting sideloading?

I’d love to be able to use a proper text editor with Git support, because right now nanny Apple tells me that downloading, editing, running, and syncing my own code — that I myself wrote — is dangerous. Oh, the humanity!

 

[Zalmox]

There is no better slave than the one that thinks he is free !

 

[dba415]

It’s been how many years since iOS existed? 13 years? 13 years without sideloading, and people are still buying them. Shows that there’s a market demand for the iOS model for a platform.

People purchase iOS in spite of the fact that it's a walled garden, not because of it.

No one says "I love iOS because whenever I talk to Android users, I don't get iMessage functionality".

 

[Ethosik]

I posted a link to one of Apples sources, pointing out it doesn't actually mention Android, there are other subjective infrances in Apples 31 page report that have nothing to do with Android.

Regarding your comment on anti-malware apps

Anti-malware apps exist on Android mainly because they are permitted, apple essentially does not allow for them due to app store policies and sandboxing apps. Android is similar but allow users to open their device up more to applications to access system files ( if they chose to do so). As a general rule, you don't need them on a supported Android device either.

Another reason they are so popular on Android is for the exact reason I outlined in my reply to you. Many devices older than 3 years don't get security patches. People buy these apps assuming it will make their device safer to use for a longer time. A flawed idea.

In this regard, Apple has a clear win , they support systems longer than Android, and provide security updates for years. That is the main reason I still hold onto my older iOS devices and enjoy using them.

That said, Google is adapting and extending security on new devices for upto 5 years, and it is expected other reputable OEMs will follow.

Regarding overall would numbers if malware on Android, Apple doesn't actually dig into reports that Google shares where they themselves outline how a majority of Infected devices are running very old copies of Android. That is the main cause of malware, not the small subset of global users that actually do install software outside of the play store.

It is not in Apples interest to detail any of that. Why silo and clarify when you can dump all in one basket and produce a higher (scarier) number to market their own products?

If alternative app sources are opened on iOS, it is likely that very few users will actually tap into it ( just like on Android ). Simultaneously, the arguments stating that major developers will ditch the apple approved app store in favor of others will likely not happen either. I can't think of one major software provider that has left the Google play store to force users to sideload. Amazon tried, but has since returned to Google play with prime video and their other apps.

Lastly,
Not going to justify my use of alternative sourced software with you. Judging by your nonsensical suggestion for my use case, and other ad hominem comments, you appear to simply be here for an argument.

I am disinterested.

And Epic is suing Google with one of the complaints is “side loading is too difficult on Android”

 

[Septembersrain]

The people who want to sideload figure it out anyway. I'm jailbroken but AltStore is more than just for jailbreak.

 

[840quadra]

And Epic is suing Google with one of the complaints is “side loading is too difficult on Android”

I haven't side-loaded anything on my Pixel 6, but I did on Android 12 with my older pixel 3. You get a decent quantity of warnings (just like you do on MacOS), and you have to activate access to various areas in your phone OS (Similar to how Apple Adopted the same feature on iOS after Android had it).

Some seem to think that side loading would be as simple as downloading an EXE on Windows XP, and simply opening it. There are a fair amount of security prompts, and permission approvals before an app will work. I can only assume that when (likely not if at this point) Apple is forced to allow 3rd party app stores and similar, they will enact a comprehensive swath of warnings, approvals and prompts before any side loaded app would even function.

 

[turbineseaplane]

Apple is forced to allow 3rd party app stores and similar, they will enact a comprehensive swath of warnings, approvals and prompts before any side loaded app would even function.

Yep -- and the world would proceed ahead just fine.

Apple just doesn't want anything touching their lockdown on App Store money.

This has always and only been about Apple and their collection of money.

Everything else they throw up is a distraction.