Apple's Craig Federighi Says Sideloading on iPhone Would Open the Floodgates to Malware

[darkpaw]

but if they found an app they really wanted or needed, they could change it after seeing an explanation of it.

But why can't that app be available on the App Store?

If it's an app that does something funky to your phone via the use of private APIs, then there's a reason it isn't on the App Store. Apple restrict the use of private APIs because either they aren't fully functional yet, or they're unsupported and might change in future, rendering existing apps inoperable. That's a terrible experience for the consumer.

 

[contacos]

A.You are wrong. Every company, every bank, every greedy company will force you to download the app from an external store.
B. In my country, thieves thoroughly instruct victims how to disable android security and install fake bank applications. Hundreds of millions of losses. On iOS, this was impossible.

except that’s not the case at the Playstore either

 

[XXPP]

Yes, I agree. Essentially the iOS/iPadOS version of this from the Security & Privacy pane of System Preferences on the Mac...

View attachment 1901615

Like XBOX and PSP store.

 

[firewood]

Sideloading is already possible. All you need is a Mac, Xcode, a Developer enrollment, and source code to the app.

Even less in some circumstances (willing to re-sign weekly, use of a Mac-in-the-cloud, etc.)

Does that leave developers unprotected (those who don't actually read the code they compile)?

 

[Lounge vibes 05]

A) no one is forced to sideboard
Until Facebook/meta-, Google, Amazon, epic, etc. all remove their apps from the App Store and force you to get them by sideloading so they can scoot around Apple‘s app tracking transparency prompts

 

[JGIGS]

1. I might give more credence into Craig's statement if there weren't already a bunch of lets say at least suspicious apps in the Apple app store.

2. Most legit app creators aren't looking to put malware on your phone. Especially if you are buying the app, or paying for a subscription or making in app purchases. They don't won't to mess with that revenue stream and get cancelled if people find out about them putting malware on phones. You just have to be smart about what you sideload or you can still have the option of not sideloading your apps.

 

[chrisdazzo]

Homeboy ain't wrong. Walled garden has worked well - plenty of alternatives if you don't agree.

 

[standing]

Well not so fast. Was the OS ever designed to be open and secure?

Now we have an OS that requires a gatekeeper (Craig?) for it to work in the current landscape of push and pull and surveillance capitalism.

 

[JGIGS]

Sideloading is already possible. All you need is a Mac, Xcode, a Developer enrollment, and source code to the app.

Even less in some circumstances (willing to re-sign weekly, use of a Mac-in-the-cloud, etc.)

Oh gee is that all people need? Doesn't sound restrictive or complicated at all

 

[canadianreader]

Imagine having an F-Droid like app store for the iPhone with open source software. I know I'm dreaming ?

 

[I7guy]

NOT a BIG fan of side loading, but ALSO, NOT a fan of the Status Quo !

Apple needs to become Transparent with the per-Category Revenue Numbers, ON a weekly basis, & needs competition, at MIN, WRT "App Discovery" !

Unless/Until Apple moves away from its Total & Complete Stranglehold on App Discovery, this App Dev will be a proponent of Sideloading !

ONLY way to get Apple to get their act together !

In my opinion Craig is correct.

However to change the status quo is easy just get shareholders to agree on a change.

Apple should Not be under obligation to float numbers competitors dont or are within GAAP.

 

[LeadingHeat]

Except nobody realizes that when the app developers realize they can sideload to save the percentage fee, they will pull it from the App Store and force us to sideload. Leaving the App Store as barren as the Mac App Store.

 

[tann]

They just push this out as a form of marketing. If they truly believed it the Mac would be locked down.

They’re purposefully pushing the message that iPhones and iPads aren’t really computers.

 

[metapunk2077fail]

Craig is right and since he is head of the highest quality software standards in the world there is nobody more authoritative and qualified than him on this subject.

Imagine being in his place and you get to see first hand all the dirty tricks some developers try to do to get private data or hide some malicious code inside their apps. Steve Jobs spoke about it 2 years before he passed.

 

[azentropy]

Yep, this is exactly why you can't side load in macO—erm…

The Mac doesn’t have these issues. Sure android has malware from time to time, but are the floodgates really open? Nope. Give the users the choice and if they side load and their phone craps out, limit warranty or something.

There are multiple reasons why it isn’t an issue on MacOS. One of the biggest is that it is a relatively small market, both in marketshare and the number of active units. Bad agents typically like to go for the best bang for the buck which is why they focus on Windows. With iOS the market and marketshare is HUGE. By opening it up those bad agents would almost certainly target it.

 

[Gasu E.]

It’s a fair point, but the option should be given to the people who purchase the hardware.

If they want to implement limitations on warranty coverage or support, that’s their perogative.

I doubt very, very much that EU legislation would allow Apple to limit warranty coverage.

 

[Larabee119]

My wife can't wait to side load an invisible app that track my location 24/7. That's a nightmare comes true!!!

 

[NMBob]

That's right. Attacks and exploits should be limited to state actors and alumni of military intelligence units only!

And Apple. Don't forget our benevolent overlords.

 

[defferoo]

then put it behind a big warning message that says you're potentially allowing for malware to be installed on your phone by enabling side loading, or make it complex enough to do that it deters most people from doing it (only allow it in dev mode that needs to be unlocked via Xcode for example). 99% of users probably would never enable it.

 

[Gasu E.]

Yep, this is exactly why you can't side load in macO—erm…

There's a huge difference between the markets and historical user expectations. Macs are scaled-down IT equipment with a user-friendly wrapped. iPhones are consumer telephones that also perform clever tricks.

 

[turbineseaplane]

Yeah whatever Craig

I'm to the point of hoping Apple is forced to allow it.

Absolutely exhausted with their ego and hubris in seemingly every corner.

 

[thejadedmonkey]

The Mac doesn’t have these issues. Sure android has malware from time to time, but are the floodgates really open? Nope. Give the users the choice and if they side load and their phone craps out, limit warranty or something.

Similarly, even Windows is pretty darn secure these days. The last time I had an issue was over a decade ago, when I was downloading sketchy World of Warcraft addons.

 

[JGIGS]

Yep, this is exactly why you can't side load in macO—erm…

And funny how the graph without any percentages or context has Windows, Android and even other but no Mac OS? If the Mac OS number was close to the same as ios well guess what? There goes the argument that being able to side load on iOs would be catastrophic especially since even less people would do it on iOs vs Mac OS since most people are already trained to use the App store on iOS before thinking of sideloading.

 

[turbineseaplane]

Leaving the App Store as barren as the Mac App Store.

Good!

It's not even a good store as it is (filled with crap) and it shouldn't be allowed to exist simply due their nonsense lockdown.

 

[H2SO4]

I mean he's not wrong. Apple just needs to stick to their core privacy values to not look like hypocrites.

People choose iOS BECAUSE it's a better working closed ecosystem. You want a free-for-all OS where submitted App Store apps aren't reviewed then go get yourself an Android phone.

Where did you draw that conclusion, can you point me to source?