Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple's Arguments Against Sideloading on iOS: All Your Questions Answered
- Thread starter MacRumors
- Start date
- Sort by reaction score
I guess I should mention that Apple already censors apps out of the App Store if they don't agree with your politics. So Apple can go f-themselves. And, fix SIRI. It is a POS.
That statement seems to be a glaring indictment of Apple's own Mac security page:
macOS - Security
macOS is designed with powerful, advanced technologies that work together to keep your Mac and built-in apps more private and more secure.
www.apple.com
"Security. Built right in.
More secure hardware means more secure software.
And the Apple M1 chip keeps macOS secure while it’s running, just as iOS has protected iPhone for years.
Safely run apps like never before.
Technologies like XD (execute disable), ASLR (address space layout randomization), and SIP (system integrity protection) make it difficult for malware to do harm, and they ensure that processes with root permission cannot change critical system files.
Download apps safely from the Mac App Store. And the internet. Now apps from both the App Store and the internet can be installed worry-free.
App Review makes sure each app in the App Store is reviewed before it’s accepted. Gatekeeper on your Mac ensures that all apps from the internet have already been checked by Apple for known malicious code — before you run them the first time. If there’s ever a problem with an app, Apple can quickly stop new installations and even block the app from launching again."
Either that entire webpage is chock full of lies, or the 31 page paper is full of lies.
Last edited:
Thank you. They can't have it both ways, either it's secure or it's not. The flip-flopping is a clear sign that this isn't a security issue but rather a money one.Craig's statement seems to be a glaring indictment of Apple's own Mac security page:
macOS - Security
macOS is designed with powerful, advanced technologies that work together to keep your Mac and built-in apps more private and more secure.www.apple.com
"Security. Built right in.
More secure hardware means more secure software.
And the Apple M1 chip keeps macOS secure while it’s running, just as iOS has protected iPhone for years.
Safely run apps like never before.
Technologies like XD (execute disable), ASLR (address space layout randomization), and SIP (system integrity protection) make it difficult for malware to do harm, and they ensure that processes with root permission cannot change critical system files.
Download apps safely from the Mac App Store. And the internet. Now apps from both the App Store and the internet can be installed worry-free.
App Review makes sure each app in the App Store is reviewed before it’s accepted. Gatekeeper on your Mac ensures that all apps from the internet have already been checked by Apple for known malicious code — before you run them the first time. If there’s ever a problem with an app, Apple can quickly stop new installations and even block the app from launching again."
Either that entire webpage is chock full of lies, or Craig is lying.
Preventing side loading isn't just for consumers. With side loading, someone could download an app from a developer. strip the signature from it, inject code into the binary, re-sign it as needed for the side loading store (or not at all if no store is involved), and upload it as their own product. Not only does the user get a potentially modified app, the developer is cheated of any revenue.
Before you say "so what?" to the developer being cheated: cheat them out of enough revenue and they just won't survive, so the app stops being updated.
Before you say "so what?" to the developer being cheated: cheat them out of enough revenue and they just won't survive, so the app stops being updated.
Apple says I shouldn't have any worries about side loading on a Mac:
"Worry free" according to their own security page on MacOS.
Are you aware of any technology limitation that prevents Apple from porting Gatekeeper to iOS? I'm not.
Apple knows the best way to not get forced to allow side-loaded apps is just to make a better payment agreement with developers. The thing is that they want to make the cake and eat it, too.
If Apple were more fair in their way they approach their App store business with developers, this wouldn't be an issue at all. Developers only want to have side-loaded apps on iOS because Apple wants all their profit for free.
If Apple were more fair in their way they approach their App store business with developers, this wouldn't be an issue at all. Developers only want to have side-loaded apps on iOS because Apple wants all their profit for free.
For most things users should use the Mac AppStore. It's just a better experience. Many apps I use are truly cross-platform (Mac, iPad, iPhone) and benefit greatly from having one code base and one point of purchase. However, I don't believe Apple is going to eliminate third-parties from distributing their software outside the AppStore or users from running whatever they want on their machines. Doing so may just come with more caveats and extra steps to make sure breaking out of the sandbox is intentional and not accidental or malicious.
Last edited:
g
guys any chance we may get the same **** on macOS ? worse and worse restrictions until its barely possible to install from outside of the app store ...will that ever be athing ?
Sideloading is a fancy word for downloading an app binary from non-official platforms or the open internet and installing it on a device like a normal app. The practice is allowed on Android, granting users the flexibility of downloading apps from official or non-official app stores and the open internet. The iPhone, on the other hand, is a polar opposite.
Since the launch of the App Store in 2008, Apple has maintained stringent control over the experience of the iPhone and where customers can download and install apps. iPhone does not allow users to sideload apps, requiring that any self-contained app installed on the device is distributed through the App Store. A dedicated team at Apple vets all apps on the App Store before they're published.
Whether Apple should allow sideloading on iPhone has become a hot-button topic in recent months, partly due to the lawsuit between Epic Games and Apple. Epic Games, among other things, is seeking for users to be able to sideload apps, and it wants to bring its own Epic Games Store to iOS as a competitor to Apple's App Store.
Apple has strongly pushed back against this notion, saying that opening the iPhone to sideloading would leave customers vulnerable to malicious and insecure apps, compared to the curated experience offered by the App Store.
Apple has undertaken a sizable effort to provide users with context and information regarding its stance on sideloading, ranging from public comments by top executives to detailed studies and more. The wide range of information shared by Apple and top-ranking officials can make it difficult for customers to grasp the most important parts of Apple's anti-sideloading arguments.
To help facilitate a more constructive conversation, we've created this summary of some of the most popular questions regarding sideloading and Apple's answers to them, sourced from appearances by top company executives, testimonies, and more.
If users can sideload apps on macOS, why can't they on iOS?
While Apple offers an App Store on macOS, the Mac platform has always been an open one with users also freely able to install apps from anywhere on the internet and elsewhere. Some users have wondered why that same model can't be followed on iOS. More specifically, the question is why the security features in place on macOS that protect against malicious code from software downloaded from the internet can't run on iOS.
Apple says that Gatekeeper on macOS "ensures that all apps from the internet have already been checked by Apple for known malicious code — before you run them the first time." If malicious code is found, Apple can automatically disable installations of that app and update its database to reflect that specific piece of software as dangerous to users. Apple also utilizes notarization on macOS, where scanned apps free of harmful code are presented to users without warning.
During his testimony in the Epic Games trial, Craig Federighi explained why a similar security apparatus couldn't be ported over to iOS. First, Federighi notably admitted that macOS has a "malware problem" and that Apple finds the level of malware on macOS "unacceptable." Federighi is implying here that the macOS security model is not a perfect system and that it doesn't want to implement a system that yields "unacceptable" results, in its eyes, onto iOS.
Federighi went on to say that iOS "has established a dramatically higher bar for customer protection" and that as of May of 2021, macOS is "not meeting" that bar. While Apple built the iPhone from the ground up under the curated App Store model starting in 2008, the Mac's longer history which long predates that app distribution model has required more flexibility.
Another point Federighi made during his testimony is the different use cases for iOS and macOS. Federighi noted that customers tend to install many more apps on mobile devices than they do on macOS, generating many more opportunities for potential malware to infect users.
Why can't Apple give users a choice on whether they wish to sideload apps or not?
To answer this question, we don't have to look any further than a recent stage appearance by Federighi. At the 2021 Web Summit last week, Federighi said that while some users, such as those with a thorough understanding of technology, may not be harmed by sideloading, other users with less insight might be.
Apple's position here is that even if one device can be harmed or infected through a sideloaded app, then it's nothing it supports. Apple took a similar stance in 2016, where it refused to create a backdoor on iOS to access the information of a single iPhone, as it would have meant that the same backdoor could be used on other users.
Federighi continued, explaining that one infected iPhone could present a danger to all other iPhones on a network and that all users' data would be "less safe" in a world where sideloading was allowed on iOS.Lastly, Apple says that leaving decisions to users on whether a sideloaded app is safe or not is an onerous burden to put upon iPhone customers. "Users would now be responsible for determining whether sideloaded apps are safe, a very difficult task even for experts," Apple says in a paper arguing against sideloading. Furthermore, Apple says that even users who don't want to sideload could be led into doing so.
What if users were shown a prompt before being able to open a sideloaded app?
Concept of what an iOS pop-up could look like for opening sideloaded apps
On macOS, when users download an app from the internet, they're shown a warning if that app is not notarized. A similar pop-up warning on iOS for sideloaded apps is not a new idea, and as a matter of fact, it was even approved by Steve Jobs.
In a 2008 email uncovered during the Epic Games trial, Steve Jobs approved specific wording that users would have seen before opening a sideloaded app. Replying to an email from Scott Forstall, Jobs said he liked "Are you sure you want to open the application 'Monkey Ball' from the developer 'Sega'?"
With a pop-up, Apple would still be able to provide users with a choice while making it clear of the potential dangers of that app. Users who are uncomfortable or unaware of the risks can dismiss the pop-up and delete the app, while others wishing to follow through with opening the app still have the freedom. According to Federighi, however, even with this approach, users will have a "very difficult" time determining which sideloaded apps are safe or not.
Apple has said in the past it strongly believes in giving users choices over their privacy and data, and some have pointed out that such a pop-up would be in line with the company's past comments and philosophy.
What if sideloading were only allowed through authorized third-party app stores?
Facing the hypothetical situation that users would only be able to download apps from "authorized" third-party app stores such as an Epic Games Store, Apple points to the alleged lack of adequate oversight of those platforms compared to the App Store.While the App Store does have extensive rules, Apple has faced criticism for its app review process being lackluster, particularly when it comes to scam apps. Apple notes that its control over the App Store allows it to more promptly and quickly remove "rare cases" in which malicious apps make it onto the platform.
In a scenario with third-party app stores and sideloading, those malicious apps would simply move to a different medium and continue to pose a risk to users, according to the company. Why is Apple assuming all sideloaded apps are malware or dangerous to users?
Apple's position here is that while not all sideloaded apps are malware, the mere ability for users to install sideloaded apps means users are, by nature, more exposed to malware.
In its detailed 31-page paper, Apple explains that simply allowing sideloading would "weaken these layers of security and expose all users to new and serious security risks" and that "supporting sideloading on iOS devices would essentially turn them into "pocket PCs," returning to the days of virus-riddled PCs."Sideloading itself, irrespective of the specific app being sideloaded, also presents other dangers to users, according to Apple. For example, sideloading would allow spoofing on iOS, where ill-intended actors could "distribute copycat versions of popular apps that trick users" and would expose users to "apps with illegal content, such as illegal gambling apps, pirated apps, or apps containing stolen intellectual property."
These have been some of the most frequently asked questions, but it's impossible to list and for Apple to answer them all. Apple's anti-sideloading paper, published last month, is extensive and worth a read for those interested, and we've highlighted below some key facts and statistics shared by Apple in the paper.
For many users and developers, Apple's arguments will remain unconvincing, and regulators are clearly taking a close look at Apple's practices in this regard. It remains to be seen exactly how it will all play out, but it's clear Apple is under pressure to relax some of its restrictions related to the App Store.
- Platforms that support sideloading, such as Android, recorded more than 230,000 malware infections per day, according to the European Union's cybersecurity agency
- Mobile antivirus software, which some users may need to download to protect against sideloaded apps, cost consumers over $3.4 billion
- Android smartphones are 15 to 47 times more likely to be infected with malware infections compared to iPhone
- Sideloading would harm developers since user trust in the iOS ecosystem would decrease, leading to "users downloading fewer apps from fewer developers, and making fewer in-app purchases"
Article Link: Apple's Arguments Against Sideloading on iOS: All Your Questions Answered
It doesn't matter how much back and forth happens about this, it seems. I've participated in a few of those threads, and there are simply too many people who are swayed by anything Snowden et. al have to say, rather than being able to think critically for themselves. I've asked several times for anyone to respond to the fact that nearly all of the noise re: the proposed method for CSAM scanning has some root to the researchers I spoke of previously. It's a matter of fact that their own paper suggests that trust in the database is the thing to be concerned about, and Apple's method seems to be a very good method of ensuring that trust is maintained.
The idea is to allow side loading without opening the doors to malicious actors. For instance, with no oversight facebook could open their own store and enable their apps to collect more user data. Then they could pull their apps from the app store and all of a sudden users have no more choice than before and way fewer protections. This would almost certainly occur for many smaller developers who are interested in getting a quick buck.
An independent group could police app stores while making sure no one company maintains a monopoly. Several safe stores gives users options. Side loading alone does nothing for user choice or user protection.
Can people who want side-loading apps just use Android device? The solution is there. Are they blind or something. I use Apple device as a daily driver because how the platform regulates here. No one stopping you to buy an Android phone if you have an iPhone.
I do understand though that iOS is so good in many aspects compare other counterparts that some enthusiasm want to utilize their iDevices to their full potential without any limitation of iOS.
I do understand though that iOS is so good in many aspects compare other counterparts that some enthusiasm want to utilize their iDevices to their full potential without any limitation of iOS.
TBH I'm perfectly happy for Apple to handle all this, I've never considered my iPhone as my Mac. Having said that, I do think Apple are fighting a losing battle here....sooner or later they will allow it and I think with the current movement it will be sooner rather than later.
Why don't they list that allowing sideloading of apps will hurt Apple's profit? It's a legitimate reason. Funny, they list all of these other side reasons but leave out the biggest one.
Federighi continued, explaining that one infected iPhone could present a danger to all other iPhones on a network and that all users' data would be "less safe" in a world where sideloading was allowed on iOS.
What a PR load of nonsense. I guess Macs live in a "less safe world" then? I'm sure many people will buy into all this, but in the end, keeping iOS completely locked down is entirely for Apple's benefit, not the customer's.
What a PR load of nonsense. I guess Macs live in a "less safe world" then? I'm sure many people will buy into all this, but in the end, keeping iOS completely locked down is entirely for Apple's benefit, not the customer's.
This is all but guaranteed, over an imperceptibly long period of time. Look at the doublespeak Craig is already using ("we'd never do that!"; "it's not ideal, it's not in a place we like yet"), look at the work towards this already in place that has crept into macOS over time, look at the company you are talking about here.
Yep I also analyzed his words which make me wonder about it .I think it's ridiculous honestly,on a desktop platform I can't stand having to download every program and software from an only library .
How long till that happens tho? My guess is that it could come soon enough (within 3-5 years I believe )
Btw from your sentence "this is all but guaranteed",I deduce that it ISN'T guaranteed (I'm not a native ,yet I think that's what this "but" form means am i wrong ?)
Which contrasts with what you say afterwards
Well they may do the same to the Mac ,thus rendering it as equal lol
And I do not think it's a lost battle at all ,I believe they will keep it that way
It means it's not 100% guaranteed, but extremely likely (over a 10ish year arc), given the nature of the company and the path they are currently on. Perhaps if legislation on iOS sideloading succeeds, we may see macOS reconsider this course.
Don't give them any ideas. I'm pretty sure they're just waiting for the right moment to disable sideloading on Macs and that's a huge problem in my opinion
The fact that Apple even allows this on the app store is a perfect example of the fact that they _don't_ protect users from scams