Apple's Craig Federighi Says Sideloading on iPhone Would Open the Floodgates to Malware

[randyhudson]

Why do you think macOS has a higher virus/malware threat than iOS despite there being more than 10x the users on iOS?

Because Apple makes less money from macOS?

 

[Ethosik]

So you're saying Apple can't protect their own System settings from an automation hack?
Even Android's "unknown sources" option cannot be set/enabled by an app or hack.
You have to physically open the privacy settings and designate what apps you want to have this capability. It's not a blanket system wide option anymore, and hasn't been for several years. And even when you do allow an app to install from unknown sources, the system still throws a pop-up telling you what is about to happen and giving you the ability to abort it.

Solarwinds, Microsoft Exchange. These are just a couple recent examples of systems getting hacked.

 

[Kierkegaarden]

From when our world becomes so black and white with no shade in between? Never? Good.

What world do you live in? There was outrage over CSAM scanning even though it was being done to fight child pornography — wasn’t this a black and white issue?

Besides, simple thinking like this is why armchair Craig can never be the next Craig.

What does this even mean?

 

[Ethosik]

Windows is as insecure as Android actually!

Fully agree. You can still take down an entire organization by a single Email attachment.

 

[frenchcamp49er]

Let the fools have it

 

[ipedro]

A) no one is forced to sideboard
B) just make it an opt in toggle hidden in some developer settings that no average user is ever going to bother even opening and maybe add like two ARE YOU REALLY SURE YOU WANT TO ENABLE IT pop ups.

Maybe you should listen to Federighi’s presentation. He debunks that argument with a strong counter-argument.

The whole point is that social-engineering will eventually get through that warning, either directly to you or to someone you’re connected with or whose services you rely on. And then there are apps that will avoid Apple’s walled garden entirely and you’ll either have to opt out of a popular app that all your friends are using or you’ll start to dip your toes into sideloaded apps through social pressure.

 

[Ethosik]

Are people really suggesting the solution to side-loading is to become "security experts"? I had to go through that with my Grandma with Windows 10 until we finally got Windows 10 S which is locked to the App Store. Its impossible for every person on the planet to become security experts. And if that DOES happen, hackers will become more clever.

And ANY infected device, impacts the world either by participating in sending spam emails, spam texts, DDoS participation and more.

I am tired of getting 2,000 spam emails a day, aren't you?!

 

[1284814]

So is scanny users photos, but I don’t see you tip thing arround it.

 

[Nuno Lopes]

It’s true. And we all know it. Even if you want differently.

They just launched a major machine line using an OS that allows sideloading … it’s all flooded … don’t buy it, don’t use it, it’s a security and privacy hazard …

Its weird that Apple propaganda does not mention at all … heck they even made Rosetta just to port the entire malware line up from Intel.

 

[ChrisA]

Why is "side loading" not a problem on the Mac?

To answer this, Apple needs to either say "It is a problem as we all know macs are very insecure" or they need to say "th iPhone's IOS is not as well designed as the Mac's macOS"

In other words, here is no way Apple can answer the question. It is is "bad" on one platform it is bad on others and if it works on one platform why can it not work on another.

It is very clear that Apple does not want to lose their 30% cut.

 

[dba415]

Craig and Apple are so disingenuous. They care about privacy SECOND. By far the reason they are making this argument is because they can't flat out say that they are greedy and want a monopoly on apps on the iPhone so they can make more money.

 

[nortonandreev]

I believe it should be an option for whoever needs it, however, it is clear it will lead to App Store revenue losses, so they will never do it.

 

[ChrisA]

No, but if it's possible, there will be drive-by attacks whereby apps are side loaded when you just visit a website, or receive a text message.

If side loading were an option, and someone enabled it, then Apple should refuse to provide any after-purchase service for software issues. Right now, if you jailbreak your iPhone Apple don't have to help you out when it goes wrong. If Apple implement a switch and you choose to enable it, you should be informed that you lose any right to software service from Apple. It's probably the only way of allowing it, but even then, who's to say some side-loaded app doesn't cause other issues that affect other users, i.e. sends spam messages to contacts? Why should Apple open the door to that experience?

The solution to this problem was invented in the 1960s and is used by use OSes. The concept is to invent the idea of "privilege." An app can't access the means for sending texts unless the user authorizes it. the same with files , apps can only access data they are permitted to access. There are many ways to implement this and any text book on operating system design will list them. It is a well studied problem and is something all computer science majors should know

So what is described is a common problem that is was solved 50 years ago and is now widely taught in universities

 

[InuNacho]

Because Android definitely already has this problem. I mean, I have an Android device, and I definitely know the pain of having to install the Microsoft App Store, the Spotify App Store, the Huntington Bank App Store, the Capital One App Store, the Firefox App Store...

What the heck are Microsoft App Store, the Spotify App Store, the Huntington Bank App Store, the Capital One App Store, the Firefox App Store?

 

[mrat93]

Last bit is hilarious…
Democracy through autocracy?

Seriously, Apple really should’ve preload more “non-removable” apps on each category and deny warranty if you download third party apps and causes issues. Apple approved way or no way. Absolute lockdown.

Sorry, I should have indicated sarcasm.

 

[ian87w]

"As an engineer who wants iPhone to stay as secure as possible for our users, there is one part I worry about, and that's the provision that would require iPhone to allow sideloading," said Federighi. "In the name of giving users more choice, that one provision would take away user's choice of a more secure platform."

Agree with you Craig, but before you speak further, go ahead disband that mass scanning system first. You speak about security, yet you want to put in a system that opens up for abuses.

 

[germinator]

What B.S. It's all smoke and screen to protect their revenue. I want to be able to sideload on my device if I so choose.

 

[ACHD]

Why don't we just allow a switch to to give owners the ability to activate the backdoor the government wants too.

Pay for an Apple Developer license, or Jailbreak your device so you have the option to side load.

My opinion: It is not a good idea to allow side loading. Again, it's just my opinion.......

Reference my above post. The one directly above yours.
Sideloading is already occurring. you dont need to jailbreak and you dont need a Developer license either.


Many websites allow downloading some random MDM and sideloading that way or using a profile with only one goal in mind and no one has any idea what is being given up when you DL a MDM/profile as they are all cusotmized each time and none are guaranteed to be alike.

 

[GrumpyCoder]

Ah, the old malware argument. Keep the system closed or we have security issues… oh wait… issues like these… https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html?

 

[Shirasaki]

What world do you live in? There was outrage over CSAM scanning even though it was being done to fight child pornography — wasn’t this a black and white issue?

What does this even mean?

What people argue over CSAM is not about combating it. It’s the way to combat it. Same here, sideloading is not something people universally reject, but there is little to no agreement on how iOS sideloading should work. No, I don’t mean Xcode weekly self-sign sideloading.

 

[sunny5]

The problem is even Mac is not able to use all iOS/iPad apps while Windows 11 can use android apps without any limitation unlike what Apple did.

 

[BuddyTronic]

It’s a fair point, but the option should be given to the people who purchase the hardware.

If they want to implement limitations on warranty coverage or support, that’s their perogative.

Go ahead and do whatever you want then. Jailbreak or make your own OS by whatever means you choose.

Nobody is stopping you from doing that - you bought the hardware. What else do you want or expect?

 

[Flight Plan]

This is what tickles me. The naysayers all scream about how the heavens will fall and the world will end if people are able to sideload apps on iOS, and yet billions of people use Android without bringing about the apocalypse. They can never quite explain how that's possible, just as they can never quite explain how it would terrorize them for other people to have the option to do a thing they themselves would not be forced to do.

Hint: if you don't like sideloading, don't do it!

I'll never understand the mindset of a person who says, "I do not like or require this thing, so it must not be allowed to exist and anyone who wants it is wrong and stupid."

But, but, but, the whole meaning of life is lost when you can't be told you're wrong by somebody on the internet!

 

[mrochester]

By teaching people to use that slimy flubber thing inside their heads.
But not only inside the AppStore or Internet, because the same conventions applies to many areas of life.
Not blindly click on stuff, read things carefully, visit serious sites by entering their domain address and not by clicking one of the top10 google results.
Don’t blindly fill out forms, nor fill out flyers to take part of stupid mall tombolas, etc. Teach people to become more careful, smarter and technology affine, instead of dumb consuming zombies.

We’ve already tried that and it doesn’t work. So what next?

 

[Mr.PT]

If sideloading would kill the App Store, then how does the Google Play store still exist after all these years?

Cybercrew:Source
“Even so, the Apple App Store led with an estimated revenue of $72.3 billion in 2020, responsible for 65% of total app revenue. In the same year, Google Play Store generated revenues of nearly $40 billion through Android apps. That is significantly less than Apple’s App Store profit. However, compared to the previous year it has still increased by 25%.
Moreover, Apple App Store outperforms Google Play in generated revenue even though Android accounts for 71.44% of the mobile & tablet operating system market share worldwide as of May 2021 (as compared to 27.77% owned by iOS).”
To be clear about what unfortunately is really at stake for Apple.