Apple's Craig Federighi Says Sideloading on iPhone Would Open the Floodgates to Malware

[Mr.PT]

For the sake of argument:
Talk the talk walk the walk…
Security scrutiny: Does Apple assume or can be hold responsible for exploits generated from 3rd parties exclusively sold in it’s appstore?
Freedom of choice: Conversely, by the same standards, I wish and hope software companies and developers will be forced to offer MacOS and Linux versions of their products, for the sake of users…

PS:I’m no tech savvy, so can anyone inform how one could prevent unchecked malicious apps of stealthy disable your privacy and security settings?

 

[Smooch]

It’s a fair point, but the option should be given to the people who purchase the hardware.

If they want to implement limitations on warranty coverage or support, that’s their perogative.

 

[Skewlovevism]

Yep, this is exactly why you can't side load in macO—erm…

You might not understand, but for the not tech savvy, iOS devices are very safe. They will not get MacBook, they will get iPads. If you email my mother a scam (then, I will, of course kill you - not literally ) to install some "shady update", she would not know if it is fine to install or not. But as the system is closed, she will be fine. For computer, small kids, elderly, non tech savvy or just people like me, who don't care for customization, just want to use apps, the iOS is the best

The thing is, that not everyone buys a car to polish them, change engine, clean the engine, put stickers on it, wings, new steering wheel, F1 seatbelts, and do a weekly maintenance. Some people want to, simply, transport.

 

[Nuno Lopes]

Gaslighting

 

[Philip_S]

But why can't that app be available on the App Store?

Three good reasons: it falls foul of apple’s morality-based exclusions, or their performance-related restrictions (such as banning non-WebKit HTML rendering engines), or you wrote it yourself and don’t want to spend an extra $99/year to use it un-crippled.

There’s also trade disputes or embargoes, though they’re relatively easy for app developers to evade.

 

[Philip_S]

Now we have an OS that requires a gatekeeper (Craig?) for it to work in the current landscape of push and pull and surveillance capitalism.

That would be a lot less of an issue if Apple included the privacy and security measures added by the jailbreak community. The photo privacy thing was a step in the right direction, and so was HealthKit’s security, but they should do that for everything else too.

 

[Philip_S]

I doubt very, very much that EU legislation would allow Apple to limit warranty coverage.

Even in America that would require some very fancy lawyering to dodge the mangnussen-moss act.

 

[Philip_S]

If you want to side-load apps just get an Android phone.

Give me an android phone without spyware baked into the OS, and hardware support as long as apple’s, on hardware comparable to apple’s and I would. There’s no good phone supplier, the closest would be a jailbroken iPhone if it wasn’t likely to be bricked by an update and if the supplier was less shady.

I use Apple because they’ve been the least awful, and so I want them to be better about the things they do that are bad.

 

[theonlyeyes]

There is no suggestions from him about that Apple at least would allow it. It’s exactly the opposite. And he explained very well why it would be wrong. And he say truth, Apple is right to don’t allow it. Now we have freedom to buy products with different characteristics (iPhone or android or tizen ecc). If iPhone would be forced to become like an android, will zero privacy and security, then no real freedom of choice anymore for the people.

 

[mrochester]

Give me an android phone without spyware baked into the OS, and hardware support as long as apple’s, on hardware comparable to apple’s and I would. There’s no good phone supplier, the closest would be a jailbroken iPhone if it wasn’t likely to be bricked by an update and if the supplier was less shady.

I use Apple because they’ve been the least awful, and so I want them to be better about the things they do that are bad.

Trouble is people disagree with the idea that what Apple does here is bad.

 

[wanha]

weird, because even to this day with jailbreaking, this is a non issue.

but yall keep believing it just because he said so

Do you think average users jailbreak their phones? Like grammas and uncles? I highly doubt it.

The average jailbreaker is very likely quite technologically savvy, and this keeps malware issues to a minimum.

The same can be said of the Mac and its users, although their technological expertise is probably not on the same level as jailbreakers.

 

[wanha]

I totally get Apple's approach here. It makes sense considering the size and diversity of iPhone users that range from novice to expert.

However - and this is a thought I've had for a while - iOS is slick, smooth and reliable, but it's just not very exciting. It's restricting.

I love MacOS because of all the freedom and customization it allows.

The fact that iOS is designed for the dumbest user is understandable, but I sure would love an "advanced" version that would allow us to tinker with it more.

I don't even care much about side loading personally, but I do feel that it's a symptom of a general "playing it super safe" approach that Apple has taken with iOS.

I wonder if I am alone on this?

 

[BulkSlash]

What a simple polarised way demonising side-loading, as If apple engineers would suddenly lose all of their power for limiting side-loading apps to do certain things.

I'm not demonising side loading, I basically do it all the time when I use Xcode to build MAME. I just don't think Apple will want to dedicate resources to protecting users from side loaded apps. It would be a game of constant whack-a-mole, costing money keeping up with any attempts to circumvent iOS protections. Not supporting or protecting side loaded apps would be Apple's way of discouraging people from stepping outside the walled garden.

 

[Shirasaki]

I'm not demonising side loading, I basically do it all the time when I use Xcode to build MAME. I just don't think Apple will want to dedicate resources to protecting users from side loaded apps. It would be a game of constant whack-a-mole, costing money keeping up with any attempts to circumvent iOS protections. Not supporting or protecting side loaded apps would be Apple's way of discouraging people from stepping outside the walled garden.

I figure apple is not supporting user sideloading using Xcode janky solution either. So which part is missing?

 

[MVMNT]

It's an ecosystem that's trying to maintain security and some clarity with the apps it provides for it's huge userbase. If it doesn't fit your needs, use another that looks like a cluster**** in comparison.

What's the data on the number of people that want to side load anyway?

 

[ArtemSh]

I partially agree with Greg on this one sadly. Although I would like to side load apps, that would really compromise store integrity.

Personally I would like them to open the flood gate, but I understand why they don’t want to and their reasoning is solid.

 

[ArtemSh]

A) no one is forced to sideboard
B) just make it an opt in toggle hidden in some developer settings that no average user is ever going to bother even opening and maybe add like two ARE YOU REALLY SURE YOU WANT TO ENABLE IT pop ups.

If this is a deeply hidden feature, it’s useless as it’s a geek feature not usable for normal mass market customers. It doesn’t bolster competition and app developers, but benefits only a very niche group of IT people.

Is this is a relatively easy to use feature, this really opens a flood gate for social engineering based malware.

 

[osx'r]

Go ahead and do whatever you want then. Jailbreak or make your own OS by whatever means you choose.

Nobody is stopping you from doing that - you bought the hardware. What else do you want or expect?

Not sure what you’re point is, Buddy, or need to go on the offensive. I’m not complaining. Just providing a point of view.

In fact, I have no interest to side load, and am happy with the stock experience.

Hoping today ends up being a better day for you.

 

[Wildkraut]

We’ve already tried that and it doesn’t work. So what next?

Make space for upcoming smarter species, A.D. Humanity.

 

[svish]

macOS allows it. But don't want security of iOS to reduce as Apple claims

 

[standing]

The cumulative metadata collected from phones through sensors, near and farfield wireless tech, makes it a sweet target for all kinds of bad actors.
I don’t think anyone either for or againts sideloading disputes that.

But the notion that Apple can only do good on privacy by reinforcing the walls of its garden shows a lack of imagination. Nothing is impossible in code and can be done in incremental steps, if there is enough incentives to do so.

 

[GuruZac]

A) no one is forced to sideboard
B) just make it an opt in toggle hidden in some developer settings that no average user is ever going to bother even opening and maybe add like two ARE YOU REALLY SURE YOU WANT TO ENABLE IT pop ups.

This 100%.

 

[seek3r]

Yes it does. People need to just stop spreading lies.

Report: macOS malware boomed in 2020, but still a fraction of Windows threats - 9to5Mac

A study looking at new malware found in the wild during 2020 says that threats developed for macOS saw a...

9to5mac.com

The only reason macOS is as "secure" as it is, is because Windows has the most marketshare, most companies back-bone environments are Windows based.

That would have possibly been a good argument 20 years ago, but windows is pretty secure these days too, the average windows user is not getting infected left and right either

 

[RSB96]

Apple is right in this regard, obviously sideloading can be a malware sinkhole.

However, it cannot, in the interest of security, monopolize and impose unfair conditions on developers.

Apple now has a complicated situation, but the solution offered by Europe would not improve the situation, in my opinion, but rather the opposite.

 

[H2SO4]

Uh....me and everyone of my friends and family ONLY choose Apple due to being closed instead of Android. I would absolutely LOVE to get a MUCH BETTER phone for $500 Android than iPhone, but the locked down experience is worth it. Unless you are saying us 15 people are the only 15 people in the planet that thinks this way?

All I asked is where you got your data. I think, for whatever reason that there are more Android users than there are Apple users.
Can I infer from that that you, (and your family and friends), are in the minority?
I’ve been Apple for a while but it’s because of two things.
One is the “overall” experience.
The second is that I can’t be bothered to change. Looking to make sure I retain the same or increased level of functionality is too much of a bind. It’s easier just to get another iPhone.
Apple are dishonest when it suits them and just because they make a song and dance about privacy doesn’t mean that they don’t have ulterior motives and/or double standards.
They use third parties and shell companies to do their dirty work for them which keeps their name clean.
Don’t get it twisted.