Apple's Craig Federighi Says Sideloading on iPhone Would Open the Floodgates to Malware

[Mockletoy]

And yet somehow billions of Windows, Linux, macOS, ChromeOS, and Android users muddle through.

Apple keeps the App Store locked down tight because it makes them a whole bunch of money. That's the whole story.

 

[Berti10]

Yep, this is exactly why you can't side load in macO—erm…

Yes, but people buying a Mac do not do so by accident, or because it is jut 49$ on a 2-year plan. iOS devices are Go-to devices for kids and grandparents, macs only for those, who know.

 

[macfacts]

Apple's system isn't perfect, but for the most part, it works. Keep the loop closed!

Apple's system? Which one? iOS or mac os?

 

[elvisimprsntr]

If you don't like Apple's walled garden or developer terms, don't let the door hit you in the [redacted] on the way out!


RE: https://www.techspot.com/news/91607-new-android-trojan-malware-can-completely-take-over.html

If the Android ecosystem has shown us anything this summer, it is that the Android landscape is rife with clever social engineering, outright fraud, and malicious software all designed to deceive and steal mobile users' money and other sensitive information," said the team. "These schemes can appear quite convincing and may play on fears or emotions that cause users to let down their guard.

 

[standing]

Yes, but people buying a Mac do not do so by accident, or because it is jut 49$ on a 2-year plan. iOS devices are Go-to devices for kids and grandparents, macs only for those, who know.

…and I’d like to add: white iPhones are for women and black ones for men. Simple as that. Yin and Yan. /s

 

[Mockletoy]

If you don't like Apple's walled garden or developer terms, don't let the door hit you in the [redacted] on the way out!


RE: https://www.techspot.com/news/91607-new-android-trojan-malware-can-completely-take-over.html

You know that old expression about people who live in glass houses being unwise to hurl stones?

Bad Apple: App Store Rife with Fraud, Fleeceware

Malicious apps make up 2 percent of top grossing apps in Apple App Store.

threatpost.com

A new analysis from the Washington Post reveals just how widespread fraud is across the Apple App Store, while also offering glimpse into the revenue flowing into Cupertino generated by those malicious activities.

The Apple App Store has been under heightened scrutiny for maintaining its iron grip on the apps available to iOS users. CEO Tim Cook says the company’s monopoly on app access is necessary to maintain certain standards for safety and effectiveness.

But the data from The Post suggests otherwise, showing that out of all of the the top-1,000 grossing apps, almost 2 percent are scams. Notably, these apps have billed Apple customers $48 million while they’ve been available in the store, and Apple gets a 30 percent cut of every transaction. Once alerted to 18 fraud apps in the Store found by The Post, two-thirds were taken down, according to the report.


Threatpost has not yet received a response from Apple regarding the report.

 

[Mousse]

My wife can't wait to side load an invisible app that track my location 24/7. That's a nightmare comes true!!!

You know, she can already track you 24/7 via Find My Phone on iCloud, right?

Sideloading opens the floodgates to malware.🙄 Fear mongering at it's best.😑

If Apple and Google would build a firewall into the OS, a lot of us would not have reasons to sideload. Seriously, a firewall could easily increase securty several folds by blocking data transmission. I would stills sideload older versions of some apps because the latest versions goes subscription or spams ads or starts data mining or some other BS that didn't exist in the older, better version.

 

[_Spinn_]

This is 100% true even if people want the side-loading. Windows and Mac OS are more vulnerable to malware because you can run any random program you get off the internet. The app store is not perfect but it is better than nothing.

If you want to side-load apps just get an Android phone.

 

[Realityck]

Speaking at the Web Summit conference in Portugal, Federighi said sideloading would result in the "floodgates" opening to malware.

Enterprises/government orgs/contractors tend to greatly restrict any form of users just being able to install anything they want. Its against their policies. Epic brought this forward because they didn't like the App stores percentages. Seems we should revisit how to make the store more attractive to developers and the industry, not cater to bypassing the store security altogether with side loading.

 

[Mockletoy]

This is 100% true even if people want the side-loading. Windows and Mac OS are more vulnerable to malware because you can run any random program you get off the internet. The app store is not perfect but it is better than nothing.

If you want to side-load apps just get an Android phone.

Some of us have enough sense not to visit a bunch of shady websites and "run any random program" we find on the internet.

According to your logic, no car should be able to go over 5mph because some drivers are self-destructive idiots.

 

[thejadedmonkey]

But why can't that app be available on the App Store?

If it's an app that does something funky to your phone via the use of private APIs, then there's a reason it isn't on the App Store. Apple restrict the use of private APIs because either they aren't fully functional yet, or they're unsupported and might change in future, rendering existing apps inoperable. That's a terrible experience for the consumer.

Perhaps it goes against Apple's rules. The Kindle app is a great example. I can't buy a Kindle e-book via the Kindle app, because Amazon doesn't want to pay a 30% cut to Apple.

Or if Netflix wants to put games in their app, that aren't streaming based.

Etc, etc.

 

[Bug-Creator]

If sideloading becomes an option:

- Metazuck is gonna go there to avoid any scrutiny, most iOS user will go there cos they just can't live without it
- Fortnite and lots of other games with questionable business models will go and there won't be any floodgates on how you (or your kids) get tricked to spend way to much mones
- any level of privacy Apple might have offered will mean nothing at this point
- Since everybody already sideloads plenty "good" apps will be offered there maybe even at small discount over the app store
- you will have a very hard time to see what is real and what is malware


Sure, I do understand the simplistic solution of "give me everything for less" but in the end if thats what you want, just use Android......

 

[mrat93]

A.You are wrong. Every company, every bank, every greedy company will force you to download the app from an external store.

You are wrong. Why is this not the case with Android?

 

[IG88]

It’s true. And we all know it. Even if you want differently.

Is it? Can you cite some respected sources on how sideloading on Android has caused significant malware problems, anything resembling a "floodgate?"

 

[rjohnstone]

Yes, I agree. Essentially the iOS/iPadOS version of this from the Security & Privacy pane of System Preferences on the Mac...

View attachment 1901615

Disable Gatekeeper altogether.

 

[sracer]

"As an engineer who wants iPhone to stay as secure as possible for our users, there is one part I worry about, and that's the provision that would require iPhone to allow sideloading," said Federighi. "In the name of giving users more choice, that one provision would take away user's choice of a more secure platform."

I appreciate Federighi's admission that iOS and iPad OS are too fragile to accommodate sideloading without compromising security. Of my many Android devices (all of which support sideloading) none of them have suffered security-wise because of sideloading.

 

[mrat93]

What supporters of sideloading don’t realize is that allowing sideloading would cause Apple to make less money. Why won’t anybody consider the financial strain this will put on Apple. You wouldn’t want that, would you??? Then they might not be able to make as good products.

\s

 

[boss.king]

It’s true. And we all know it. Even if you want differently.

They could just do what they do on the Mac. Issue solved.

 

[kamilstudios]

Sideloading will cause app piracy which is bad to app developer. Look what happened on Android. Paid apps got pirated the minute they sent it to Play Store.

 

[Mockletoy]

You are wrong. Why is this not the case with Android?

This is what tickles me. The naysayers all scream about how the heavens will fall and the world will end if people are able to sideload apps on iOS, and yet billions of people use Android without bringing about the apocalypse. They can never quite explain how that's possible, just as they can never quite explain how it would terrorize them for other people to have the option to do a thing they themselves would not be forced to do.

Hint: if you don't like sideloading, don't do it!

I'll never understand the mindset of a person who says, "I do not like or require this thing, so it must not be allowed to exist and anyone who wants it is wrong and stupid."

 

[Kierkegaarden]

Yep, this is exactly why you can't side load in macO—erm…

Why do you think macOS has a higher virus/malware threat than iOS despite there being more than 10x the users on iOS?

 

[mi7chy]

In other words, they they protect millions of people.

How is Apple blocking reputable open source projects like Retroarch that runs on MacOS protecting you? Only thing they're protecting is their control and profit.

They need to be cleaning malware off of the app store instead of blocking legit apps.

https://www.theverge.com/2021/2/8/22272849/apple-app-store-scams-ios-fraud-reviews-ratings-flicktype

 

[mrat93]

I think it’s in Apple’s best interest to limit Safari and web browsers. Currently, it’s possible for people to go to websites that don’t accept Apple Pay. Absurd! Did you know that people get scammed via web browsers all the time?

Apple needs more control, not less. Any power taken from them is a direct threat to my personal data, my safety, and our democracy.

 

[Mockletoy]

"As an engineer who wants iPhone to stay as secure as possible for our users, there is one part I worry about, and that's the provision that would require iPhone to allow sideloading," said Federighi. "In the name of giving users more choice, that one provision would take away user's choice of a more secure platform."

Um, why?

No one would have to step outside Apple's walled garden and sideload if they didn't want to, and, besides that, something like 2% of the top-grossing iOS apps are outright scams (from which Apple profits handsomely), so preaching about how safe and secure the App Store is with stats like that is kinda silly.

 

[IamTimCook]

Thank you! Developers want this for greedy reasons and nothing more, regardless of their customer’s privacy, which lets be honest; greedy devs don’t care about your privacy.