Apple's Craig Federighi Says Sideloading on iPhone Would Open the Floodgates to Malware

[rjohnstone]

Except nobody realizes that when the app developers realize they can sideload to save the percentage fee, they will pull it from the App Store and force us to sideload. Leaving the App Store as barren as the Mac App Store.

Google Play has already proven that wrong.
You can sideload on Android, yet developers still use Google Play store to distribute their apps as it is a trusted installation source.
Sideloading on Android is also no longer a system wide option. You have to designate which apps are allowed to install from unknown sources. Never allow your browser to be one of those sources and you'd be safe from drive-by malware installations.

 

[mrat93]

This is what tickles me. The naysayers all scream about how the heavens will fall and the world will end if people are able to sideload apps on iOS, and yet billions of people use Android without bringing about the apocalypse. They can never quite explain how that's possible, just as they can never quite explain how it would terrorize them for other people to have the option to do a thing they themselves would not be forced to do.

Hint: if you don't like sideloading, don't do it!

I'll never understand the mindset of a person who says, "I do not like or require this thing, so it must not be allowed to exist and anyone who wants it is wrong and stupid."

Building on that, Apple can allow sideloading without allowing alternate App Stores.

 

[contacos]

couldnt they simply block sideloaded apps to gain access to the security features / sandbox or whatever would be the right terms and have them run in a sheltered „box“. Imagine an emulator to run sideloaded apps or something, keeping it separated

 

[mrat93]

Thank you! Developers want this for greedy reasons and nothing more, regardless of their customer’s privacy, which lets be honest; greedy devs don’t care about your privacy.

You do know that sideloaded apps will ask for permission to access your data like any other App Store app, right?

 

[Mockletoy]

Why do you think macOS has a higher virus/malware threat than iOS despite there being more than 10x the users on iOS?

Other people being too stupid and careless to keep their computers secure should have nothing to do with what responsible adults are allowed to do on their devices.

 

[tha_man]

Personally I would like to have option for side loading. Mostly because Apple does not allow certain applicatons into App Store (e.g. emulators). It would also be nice to be able to install apps, if they for some reason get removed from app store (or sometimes simply revert to older version).

But if they enable it, better make it a non-default setting and difficult enough to enable, so my parents don't get tricked into loading shady apps into iPad like they do on Android. And open the iOS to be more like macOS, so I can access the system and repair it, if one of those side loaded apps manages to screw something...

 

[ddtmm]

said Federighi. "In the name of giving users more choice, that one provision would take away user's choice of a more secure platform."

I just don't see how it takes away a user's choice of a more secure platform. Everyone would still be free to keep using Apple's App Store if they want.

It's the money they're worried about, not security. Everyone's free to load whatever software they want on their Macs and there are no rampant issues there so why would there be on a phone?

 

[MysticCow]

Google Play has already proven that wrong.
You can sideload on Android, yet developers still use Google Play store to distribute their apps as it is a trusted installation source.
Sideloading on Android is also no longer a system wide option. You have to designate which apps are allowed to install from unknown sources. Never allow your browser to be one of those sources and you'd be safe from drive-by malware installations.

Being "the trusted app platform" means you can easily allow sideloading AND people will still prefer to use your app store. You know, because it's "the trusted one" instead of some weird hack app.

Absolutely 100% agree here and Apple can safely cut a foot off the hedges of the walled garden. What shouldn't happen is the burning down of said garden.

 

[Kierkegaarden]

The Mac doesn’t have these issues. Sure android has malware from time to time, but are the floodgates really open? Nope. Give the users the choice and if they side load and their phone craps out, limit warranty or something.

There are 10x+ more iOS users than Mac users.

 

[Mockletoy]

Personally I would like to have option for side loading. Mostly because Apple does not allow certain applicatons into App Store (e.g. emulators). It would also be nice to be able to install apps, if they for some reason get removed from app store (or sometimes simply revert to older version).

But if they enable it, better make it a non-default setting and difficult enough to enable, so my parents don't get tricked into loading shady apps into iPad like they do on Android. And open the iOS to be more like macOS, so I can access the system and repair it, if one of those side loaded apps manages to screw something...

Allowing you to install DOSbox so you can play Duke Nukem or Commander Keen is just far, far too risky! Because ... reasons, I guess?

I'm never quite clear on exactly what it is they're protecting us from, other than losing an opportunity to give them more money.

 

[Starscape]

By this logic, I suppose Apple does not care about those ‘floodgates’ for Mac users, since they can install whatever they want.

Apple can spin it any way they want, but the common denominator will always be the same.

 

[Mockletoy]

Being "the trusted app platform" means you can easily allow sideloading AND people will still prefer to use your app store. You know, because it's "the trusted one" instead of some weird hack app.

Absolutely 100% agree here and Apple can safely cut a foot off the hedges of the walled garden. What shouldn't happen is the burning down of said garden.

The walled garden should absolutely remain an option for those who choose to hang out there.

But if someone else wants to install DOSbox on the phone they paid $1500 for to relive some 90s gaming nostalgia, I really can't see how that hurts anybody.

 

[Mockletoy]

By this logic, I suppose Apple does not care about those ‘floodgates’ for Mac users, since they can install whatever they want.

Apple can spin it any way they want, but the common denominator will always be the same.

If Apple could lock the Mac down the way they lock down iOS without inviting a PR conflagration they'd do it in a second.

As a bonus, you'd finally see Apple take gaming on the Mac seriously if that were to happen, because they'd be able to take their cut off the top of everything the way they do on iOS.

Edit: typo

 

[AppleTLDR]

Here's the issue with sideloading.

The vast majority of software is junk. Even on the App Store, any search query you enter will reveal duplicate junk apps that rip off the original, quality software. But at least the App Store had standardisation. It has defined rules. And if developers break those rules or try to inject malicious code they get kicked out. Not so with sideloading.

Here are a few key points.

Number 1) Look at what happened with Notability yesterday. They moved to a subscription-only model and are taking away features from customers that paid for them. Apple's developer guidelines make it clear you can't do that. And if the developer follows through with this after the 1 year grace period ends, Apple will kick them off the store. We've seen examples of this in the past.

Number 2) Those commenting that they want to sideload as a way to circumvent features like ads on YouTube are sapping the livelihoods of people who make content. If you don't want ads then pay for YouTube Premium. Why should content creators suffer because you're too greedy to get your wallet out? I don't like ads. I don't know many people who do. But there isn't a better alternative in creating a free and open internet. In your quest for sideloading with the view to find a more effective way to block ads, you're making the internet less free and less open. How are creators meant to make a living if you're freeloading ahem...I mean sideloading for this purpose?

Number 3) The quality of apps on Android sucks ass. If you think the App Store has some junk then go explore some of the third party stores on Android. It's like the black market. Dodgy dealers that operate using unauthorised API's. Apps that surreptitiously harvest data in the background and send it off to little Zuck and friends.

Number 4) Do you want your apps to break when new versions of iOS are released? Because that is exactly what will happen when unauthorised API's come into play. Don't believe me? Even under Rosetta 2, many Intel apps don't run perfectly (or at all...for example Logitech capture which is from a big company!) because they use totally different API's aside from the obvious difference in the programming language.

Number 5) A user switch to disable sideloading doesn't work. Your employer, your bank, your school, college, university heck even your health care provider will want you to download an App from their store. They won't put it on the App Store. So you're actually taking away a choice by giving the choice to sideload (a flawed and defective choice at that).

Apple should just do this:

Offer alternative payment options or reduced fees in exchange for an upfront commission from the developer that scales based on the size of the company. Ensure search algorithms on the store are fair, transparent and make it easy to discover content.

But sideload? No thanks. Just buy an Android phone if that's what you want to do.

 

[jz0309]

And yet somehow billions of Windows, Linux, macOS, ChromeOS, and Android users muddle through.

Apple keeps the App Store locked down tight because it makes them a whole bunch of money. That's the whole story.

highlighted is the KEY word ... there is an entire industry (apps, services ...) that cleans up for people that been created through malware - no thanks

 

[jonnysods]

People don't like this argument, but it is true. I work in IT, and the number of people that get tricked is huge.

I think putting in a few layers to allow side loading so that us folk who are comfortable with it would allow the unwary to be protected, and the risk takers ok to do what they want.

 

[Mockletoy]

highlighted is the KEY word ... there is an entire industry (apps, services ...) that cleans up for people that been created through malware - no thanks

Yeah, stay on the iOS App Store, where you're safe, except that 2% of the top-grossing apps are outright scams, from which Apple has made tens of millions of dollars.

The hypocrisy from them on this issue is so thick you couldn't cut it with a chainsaw.

 

[jz0309]

Some of us have enough sense not to visit a bunch of shady websites and "run any random program" we find on the internet.

According to your logic, no car should be able to go over 5mph because some drivers are self-destructive idiots.

what, 0.01% of all iPhone users?

 

[com.B]

How is Apple blocking reputable open source projects like Retroarch that runs on MacOS protecting you? Only thing they're protecting is their control and profit.

They need to be cleaning malware off of the app store instead of blocking legit apps.

RetroArch infringes on game developers' rights. You are fully aware of how disingenuous this comment is.

 

[Naraxus]

This guy is so full of ****. Towing the Apple lie of security when it's all about control and money eh Craig? This clown needs to be shown the door

 

[Kierkegaarden]

A) no one is forced to sideboard
B) just make it an opt in toggle hidden in some developer settings that no average user is ever going to bother even opening and maybe add like two ARE YOU REALLY SURE YOU WANT TO ENABLE IT pop ups.

I don’t think it works that way. If the platform were to be opened to allow side loading, settings like you mention could be thwarted. Why do you think there was such uproar over the CSAM issue? Because any opening, no matter how small could be just enough to cause problems. In the case of CSAM, this would have been as controlled as possible — but anyone still opposing this is a hypocrite if they are for side loading.

 

[Mockletoy]

RetroArch infringes on game developers' rights. You are fully aware of how disingenuous this comment is.

That's like saying iTunes infringes on musicians' rights because it doesn't care if it's playing pirated songs or not. Or that VLC infringes on movie and TV producers' rights because people use it to play pirated content.

 

[IamTimCook]

You do know that sideloaded apps will ask for permission to access your data like any other App Store app, right?

Not a definitive truth.

 

[JGIGS]

Except nobody realizes that when the app developers realize they can sideload to save the percentage fee, they will pull it from the App Store and force us to sideload. Leaving the App Store as barren as the Mac App Store.

Disagree. Most users will still be looking for apps in the App store and not interested in sideloading. Developers would lose money and exposure if they stopped offering the app all together in the App store.

Developers would likely just charge more for the app/subscriptions/in app purchases to users who install through the Apple App store to make up the lost margin. Or in better terms offer discounts for those who install it side loaded.

 

[Mockletoy]

I don’t think it works that way. If the platform were to be opened to allow side loading, settings like you mention could be thwarted. Why do you think there was such uproar over the CSAM issue? Because any opening, no matter how small could be just enough to cause problems. In the case of CSAM, this would have been as controlled as possible — but anyone still opposing this is a hypocrite if they are for side loading.

Where is the hypocrisy in

- wanting to control my own device as I see fit (sideloading)
- not wanting other people doing random crap to my device, about which I have no say (CSAM scanning)

?

That's pure nonsense.