Apple doesn't let anyone to install iOS apps outside the official iOS app store. So all the people needing to reinstall the OS is by design.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple's Phil Schiller Discusses Risks of Alternative App Stores on iPhone
- Thread starter MacRumors
- Start date
- Sort by reaction score
Ok, so the exploit targets a vulnerability in iMessage app. The article doesn’t say roughly how but if you want Apple to protect you from this kind of attack, they must make devices dumber not more capable, including but not limited to disabling third party apps, disabling App Store, disabling link handling etc etc and turn iPhone into a glorified dumb phone.I provided a link where a virus was delivered via iMessage, no visiting a website .
Zero-click iMessage zero-day used to hack the iPhones of 36 journalists
Malicious messages installed spyware that recorded audio and pics and stole passwords.arstechnica.com
Now, here is the counter. What if Apple, for whatever reason, decides to not patch that security flaw? How can alternative App Store make you even less secure when the door to your house is wide open anyways?
Surely you understand why Apple doesn't allow emulators, which require ROMs they don't have the rights to, on their App Store.
There’s homebrew games people make, and you can legally extract your own roms. Publishers could even sell their own roms of old games if they wanted and they do on Xbox and Playstation.
To be fair, it was an innovative design.
The store, or apps in the store, would be another attack vector. The more vectors available, the less secure the environment. Trusting another source for apps would be questionable for me. I had an android device at one time and got burned (I think) by an app I downloaded from Google play. That was many years ago and I stiil have trust issues with Google.
Emulators need ROMs to do anything, but are never supplied with ROMs (aside from the odd modern, free to play game). You can legally rip your own ROMs from media you own though. There’s nothing illegal about emulators themselves, unless they contain copyright code (so they don’t).
iPhones and Macs are both personal computers. You can still wreck a Mac if you do something dumb.
But that speaks to Google’s competence at vetting apps, not the risks of multiple app stores. You downloaded the app from the equivalent of Apple’s App Store and still got burned.
In any case, Apple’s current proposal has them applying the same malware scanning to apps regardless of store.
Yeah but think about this. Either everyone goes back to dumb phone era and tear down decades of technology advancement we have today to prevent such zero interaction attack from happening, or we start some draconian totalitarian level of surveillance just like one did in China but worldwide, so literally everyone‘s every action is monitored at all times. Most would choose neither for the sake of those 48 victims in a targeted highly sophisticated attacks.
The sheer fact that most still stick to google Play store despite third party App Store everywhere already speaks for themselves. People prefer a simpler App Store experience. hacker cannot target something that doesn’t exist As most will not be bothered to fumble around alternative App Store.
It's always nice to hear from Papa Phil, but why not just do it the way they do apps on their Mac App Store and warning people of downloads outside of it? Really honestly what it actually sounds like is Apple's fear of getting blamed for stuff they have no control over, and losing on profits.
That is legitimately the one aspect of this I totally do understand. App Store allows privacy while also allowing offline apps.
Other than that I generally like to be able to side load on occasion and heck even install my own OS. It’s not really that I do it often it’s just piece of mind that if Apple goes off its rocker and doesn’t allow something it may still be available to me. Example is when they banned project xcloud. On my androids I sometimes use f droid and I found some wonderful apps there. I realized some of those were also on the App Store for iPhone but they were easier to find on f-droid.
Except Apple still has to sign apps before the phone will run them, so piracy will be no more an issue on iOS than it is now.
It's like everyone complaining about this hasn't even taken the time to understand what will and what won't change.
Incredibly frustrating
Yup. It’s not like I’m an expert or anything, I’m sure there are parts of it that I’m misunderstanding or completely ignoring, but I at least looked at the changes and read discussions of the changes from people smarter than myself before I formed an opinion on them.
a lot are Tizen as well.
Still not easy for most people to sideload or install something different.
How many do you reckon have?
noone has said what they NEED to load that they cant currenty except for game emulators which is most likely use pirated ROMs.
you can do that on PCs or Macs.
With bigger screens.
Why is it so necessary to do this on a phone?
Why not push to do it ona Switch with a bigger screen and controllers?
It's like you all have just dug your heels in and demand the EU make it happen for a micro segment and no fiscal benefit for anyone.
I dont actually care if you jailbreak your phone. Your hardware, do what you want.
But dont expect the rest of us to jump for joy and support you loosening up the security that we paid to use.
A huge button at start up allowing you a one way street to do whatever you like would suit me.
Source all your own apps for everything.
Convince the devs to put them on some new store.
I dont care what you do.
But I dont what you putting apps with viruses on that then interfere with my use.
I dont want you having an app that accesses your contacts and sends them spam messages and dodgy links all because you want to use your hardware how you like.
Why do you want Apple hardware so much when Android will let you do this already?
iOS and Android are pretty damn similar. Android did a great job of copying most of the phone experience and Apple has copied features back...
They aint that different.
If you wanted a phone to install anything, you have it. Android.
Some even look eerily similar to iPhones.
So buy your S24.
I've had Android phones including Samsung as second devices for testing things. The original Note was great for reading on (at the time) as I could load PDFs easily on a micro SD. Some people like files on SD. Still do. Then if that's what you need, buy the phone that offers it.
they understand what the changes are and they dont like them.
they want access to a store where they dont get charged anything by Apple.
and can load any app they want. even pirated stuff. they dont want Apple verifying the app at all.
i'd bet the payment process wont get much action on these alt app stores
do
if you have two or more, should you be able to play the same game on each device without having to buy the app again?
should you be able to override the OS and install anything you like?
why is it OK for these to be walled environments? Same money issue by the console maker...
you complain about locked game consoles?
if you have two or more, should you be able to play the same game on each device without having to buy the app again?
should you be able to override the OS and install anything you like?
why is it OK for these to be walled environments? Same money issue by the console maker...
but but but they dont WANT that
noone is making them use an iPhone.
and it's hardly a huge number of posters on here complaining. just the same few. why?
Once again you assume that all people want to commit piracy and illegal activity. Some probably do I'll concede that. Others simply want additional functionality that Apple doesn't allow.
You don't want me putting apps on my phone that interfere with your use. Are you using my phone now? Your security isn't compromised in any way whatsoever by me using an alternative app store/payment process. Also when has there ever been an app that does what you describe - scan your contacts and then spams them?
I love how you say you don't care what people do with their own phones and then procede to tell them what they can and can't do with their own phones.
I’m struggling to find anyone other than you that’s complaining at this moment in time.
If Apple allows some users to install crapware, they must provide tools for the rest of users to protect themselves from that. Developers should allow to block any potentially compromised data coming from a 3rd party origin at user’s discretion.
Starting with iOS 17.4, currently in beta, Apple is allowing alternative app marketplaces on the iPhone in the EU. Apple made this change to comply with new regulations under the EU's Digital Markets Act, which takes full effect next month.
In an interview with Fast Company's Michael Grothaus published today, Apple's former marketing chief and current App Store head Phil Schiller said there are privacy and security risks associated with these alternative app marketplaces:One of these risks is the potential for users to download malicious or unsafe apps, although Apple will be notarizing all apps through a combination of automated processes and a basic human review in order to prevent these apps from being available on alternative app marketplaces as much as possible. Still, Apple has said notarization will not be as thorough as its App Store review process and guidelines that developers must adhere to.
Another risk is that the App Store's strict rules surrounding objectionable content might not extend to alternative app marketplaces, according to Schiller:Schiller's comments reiterate many of the risks that Apple outlined on its website:The full interview can be read on Fast Company's website.
Article Link: Apple's Phil Schiller Discusses Risks of Alternative App Stores on iPhone
For example, I wouldn’t want to see malicious posts created by an app version that wasn’t downloaded from Apple AppStore. I need a kill switch for that in Settings. It shouldn’t be hard for developers to implement this, and it should be mandatory. Similarly to the “ask not track” feature Apple introduced earlier.
Otherwise, it’s time go analogue or completely dark.