Apple's Craig Federighi Says Sideloading on iPhone Would Open the Floodgates to Malware

[ghostface147]

Actually Android is absolutely full of malware and so yes the floodgates were open a long time ago and no side loading is not a good idea, end of!

Show me the floodgates being open then. Not a report here or there, but the constant malware attacks happening everyday and affecting many devices.

 

[Bregalad]

Careful what you wish for. Apple has a very strong attachment to something called profit. If there's a drop in App Store revenue there will be a corresponding increase in the price of Apple hardware.

 

[jmgregory1]

The argument for sideloading on iOS is being made by such a small number of actors, you have to question why they so want this ability, instead of questioning Apple why they won’t allow it. The VAST majority of both iOS and Android devices don’t use, want or in all likelihood even know what sideloading apps even is.

 

[shplock]

NOT a BIG fan of side loading, but ALSO, NOT a fan of the Status Quo !

Apple needs to become Transparent with the per-Category Revenue Numbers, ON a weekly basis, & needs competition, at MIN, WRT "App Discovery" !

Unless/Until Apple moves away from its Total & Complete Stranglehold on App Discovery, this App Dev will be a proponent of Sideloading !

ONLY way to get Apple to get their act together !

If you do not like it then go to malware central known as Android for which you might wish to tell them to get their act together.

 

[Mockletoy]

Maybe nonsense to you because you don’t understand. An opening is an opening, no matter how large. I don’t think most people were opposed to the idea of stopping the spread of child pornography — it was the idea that scanning would have created the potential for problems by needing an opening to accomplish it.

Side loading would require an opening in the OS, and this has the potential for creating problems.

If you oppose CSAM scanning, you should automatically oppose side loading of apps.

I don't think it's me who fails to understand.

If I want to cut a new "opening" in the side of my house (sideloading), I should be able to do so. It's my house, after all. I can take all the doors and windows off if I want to. I can even put a sign on the door that says, "EVERYTHING INSIDE FREE" if I'm feeling especially self destructive and silly. But, hey, it's my house, it's my stuff, it's my decision.

If someone else wants to cut an opening in the side of my house and come inside and do whatever they want (CSAM scanning), that's, you know, not remotely the same thing.

 

[ksec]

From the view of Apple, it is Apple's devices and Apple's rules. So I think Apple should have the courage to follow what MR comments have been calling them to do, pull out of EU.

 

[shplock]

Yes, I agree. Essentially the iOS/iPadOS version of this from the Security & Privacy pane of System Preferences on the Mac...

View attachment 1901615

Not on about identified developed but NON identified ones. Side loading is bad as I already have explained !

 

[CmdrLaForge]

Of course he is somewhat correct. Now if that's an issue and people have to be protected is another one.

 

[Mockletoy]

The argument for sideloading on iOS is being made by such a small number of actors, you have to question why they so want this ability, instead of questioning Apple why they won’t allow it. The VAST majority of both iOS and Android devices don’t use, want or in all likelihood even know what sideloading apps even is.

Given that Android has had sideloading from the beginning, you just did a masterful job of explaining why bringing it to iOS wouldn't amount to much of anything at all, beyond giving a small number of people an extra option.

I agree.

 

[shplock]

except that’s not the case at the Playstore either

Except that the play store is absolutely riddled with malware and exploits such as side loading and FAKE BANKING APPS!

 

[kuwxman]

I mean he's not wrong. Apple just needs to stick to their core privacy values to not look like hypocrites.

People choose iOS BECAUSE it's a better working closed ecosystem. You want a free-for-all OS where submitted App Store apps aren't reviewed then go get yourself an Android phone.

No. People choose iOS because it is the current 'cool' operating system. Years from now people will move on to the next thing. It is drilled in to people that iOS = good; Android = bad...when that isn't the case at all. Both operating systems are great and have their pros/cons. Can't let your friends see that green bubble though.

Sideloading apps on the iPhone (or even iPad) wouldn't open the floodgates to anything. Arguing otherwise is just ignorant or self-serving, like in Apple's case here.

 

[rjohnstone]

The second side loading is allowed Facebook and Google will be off the App Store and be telling people to side load their apps to continue using their services. With Apple no longer able to scrutinise their apps I can see both of those companies bypassing iOS security and API restrictions to spy on people. The Facebook app would probably have the camera, microphone and GPS running all day regardless of the battery drain.

Really? They why is Facebook still in Google Play? Oh that's right... because most people always go to their respective app stores for software. It's simple and easy. If it's not there, they move on.
Enabling sideloading will not lead to the end of times for apps or app stores. If that were true, Google Play would have died years ago or be a barren waste land.

 

[jz0309]

As I posted to you earlier, around 2% of the top-grossing apps on the App Store are scams, form which Apple profits handsomely. So, the malware is already here.

Apple also recently patched several hair-on-fire, actively exploited security vulnerabilities in iOS that allowed an attacker to take over a device with no interaction -- all the user had to do was visit a website and they were compromised. There have been many, many such vulnerabilities over the years. So, the malware is already here.

Why people think iOS device security is so amazing as it stands is beyond me. It's anything but.

The App Store is not perfect and can certainly be improved, that is the route that should be taken vs opening the floodgates for malware…

 

[shplock]

Sideloading is already possible. All you need is a Mac, Xcode, a Developer enrollment, and source code to the app.

Even less in some circumstances (willing to re-sign weekly, use of a Mac-in-the-cloud, etc.)

Does that leave developers unprotected (those who don't actually read the code they compile)?

Talking about the iPhone not the mac and I am sure that Apple will ban you if you attempt to side load on the iPhone.

 

[Kierkegaarden]

So you're saying Apple can't protect their own System settings from an automation hack?
Even Android's "unknown sources" option cannot be set/enabled by an app or hack.
You have to physically open the privacy settings and designate what apps you want to have this capability. It's not a blanket system wide option anymore, and hasn't been for several years. And even when you do allow an app to install from unknown sources, the system still throws a pop-up telling you what is about to happen and giving you the ability to abort it.

There are some pretty sophisticated hackers out there — why take the chance? An opening is an opening.

 

[Mockletoy]

One is entitled to run a backup of what they own plus there are free homebrew games so that reasoning is a barefaced lie.

https://atariage.com/forums/forum/203-atari-homebrew-awards/

Going by your logic, if you surf illegal content with your browser then is it right for Apple to block browser for everyone else? It's not.

Exactly. If Retroarch is responsible for whatever people do with it, then wouldn't that make Apple responsible if someone used Safari to do something illegal? Or if they used iTunes to listen to or view pirated content?

How can people be so incapable of thinking these things through on even the shallowest level?

 

[shplock]

Well not so fast. Was the OS ever designed to be open and secure?

Now we have an OS that requires a gatekeeper (Craig?) for it to work in the current landscape of push and pull and surveillance capitalism.

Of course Malware will be a reality, once Apple retires from controlling the platform.

This is why Apple are not planning to retire, please stop with the FUD!

 

[turbineseaplane]

- Metazuck is gonna go there to avoid any scrutiny, most iOS user will go there cos they just can't live without it

Great - that's their problem - shouldn't be one for the rest of us

 

[usagora]

In other words, they want to control how you use your device that you own so basically treating it as a fully-paid lease.

Last time I checked, apps stored on your iPhone's SSD run on iOS. You don't own iOS. So, yes, as always, you are being licensed (not sold) iOS. Apple owns the rights to iOS so they can control its use as they please.

 

[shplock]

then put it behind a big warning message that says you're potentially allowing for malware to be installed on your phone by enabling side loading, or make it complex enough to do that it deters most people from doing it (only allow it in dev mode that needs to be unlocked via Xcode for example). 99% of users probably would never enable it.

Because that will not work as I already proved.

 

[shplock]

Yeah whatever Craig

I'm to the point of hoping Apple is forced to allow it.

Absolutely exhausted with their ego and hubris in seemingly every corner.

Then go elsewhere and have malware on your phone!
Craig is correct!

 

[shplock]

Similarly, even Windows is pretty darn secure these days. The last time I had an issue was over a decade ago, when I was downloading sketchy World of Warcraft addons.

Windows is as insecure as Android actually!

 

[jmgregory1]

Given that Android has had sideloading from the beginning, you just did a masterful job of explaining why bringing it to iOS wouldn't amount to much of anything at all, beyond giving a small number of people an extra option.

I agree.

Well, it wouldn’t amount to much other than the shyte-ton of negative press Apple will get when a handful of people sideload apps that then unload their wallets of all their money. Android is open all right, open to malware and the criminals and bad actors who populate it with apps that never should have seen the light of day. Android doesn’t care because they’re simply providing the software basis for devices that other companies use, so they’re insulated from most of the worst negative issues their open software allows.

 

[shplock]

Where did you draw that conclusion, can you point me to source?

Yes it is called Google, look up the recent new virtually unbeatable Malware on the Play Store!

 

[Mockletoy]

The App Store is not perfect and can certainly be improved, that is the route that should be taken vs opening the floodgates for malware…

Repeating the phrase "opening the floodgates for malware" over and over again doesn't make it true. Again -- and I don't know how folks aren't able to understand so simple a concept -- if you don't want to sideload and "open the floodgates to malware" then, you know, just don't do it.

For instance, I don't want to risk plummeting to my death due to a parachute malfunction, so I don't routinely jump out of perfectly functional airplanes.

Of course, a strong argument could be made that the best way to improve the App Store would be to force it for the very first time to face some actual competition. That's generally how the free market works, and why monopolies are such a detriment to innovation.