Sideloading Apps Would 'Break' the Security and Privacy of iPhone, Says Tim Cook

[quarkysg]

Whatever Apple defines as "safe" or "privacy respecting" for an app that's been approved for inclusion in their app store would apply to any side-loaded app that is "certified" by Apple using the same process they follow for inclusion in their app store.

Apple also certifies that a user actually 'bought' an App before installing it. Certifying only the app will result in rampant piracy. In such an event, Apple would be blamed by the same developers advocating for side-loading of apps for not protecting them from rampant piracy.

Looks like a damned if you do and damned if you don't situation.

 

[quarkysg]

You create a system where to be successful you need to create something valuable from the ground up, and when that thing becomes successful, you begin to act entitled to it, so much so that you try to regulate the owner of the property as if they don't own it...you take honorary possession of it.

The key point here is that Apple is trying to protect iOS (i.e. the system - emphasis mine) from malicious actor. An iPhone is a vessel to run iOS. IMHO, Apple has been 'acting' entitled to protect iOS since it began life, and I say Apple have every right to. That iPhones are made safer compared to their competitors' offering is a by-product of Apple making iOS as safe as they possibly can. And I welcome Apple's effort in continuously trying to improve iOS' safety.

Nobody (especially Apple) is stopping anyone from dumping their iPhones into the river once they bought it. Anybody can do anything they want with the devices they legally purchased, as long as they don't cause harm to others.

 

[milkrocket]

Uhhhhh....its their product? You are essentially telling apple to FORCE their developers to enable side loading and probably re-think their entire app distribution process. So yes, they do have the right to say some things. This is like saying what right does a video game company have to prevent me from having this one setting. Devs actually take resources you know.

It becomes mine once i pay for it.

 

[cmaier]

If security was the reasoning, then macOS would be locked to the macOS App Store as well.

That’s stupid. Apple is entitled to sell different products with different levels of security. If you really care about security, they have iPads for you. If you want the flexibility to side load apps, there’s Macs.

Not every product has to be identical.

 

[cmaier]

I don't understand the authoritarian stance that Apple has on this.

Allow people to do enable side-loading etc if they want. It should be like an official Jailbreak switc

iOS should warn people and make it a slightly complex process (malware concerns). Also allow people to revert back if they want to.

Maybe even have options like root shell, jailbreak, 3rd party app stores etc.

So it remains streamlined and apple-ish, but also gives people the freedom to do whatever

And what’s to stop bad actors from leveraging that new mechanism to inject code onto my device even though I have no interest in side-loading apps?

Once you create a door you can’t control who uses it.

 

[I7guy]

So glad this is the first and top voted comment. And strange there are no down vote. Because normally whenever there is a suggestion for lower commission, you have ( cough ) people coming in and tell you if you dont like it Get Out!

- No "objectionable content" rejections : That is the whole point of my objection. They are increasingly lefty, nanny state. And exactly as you said, as long as it is legal, if there are objection. Let the court decide.

- Standardized commission of 10% : I have an even better solution. Break App Store into App and Game Store. Keep the Game Store at 30% commission, which represent ~80% of all current App Store spending. And standardised App Store on 10%, continue to add value to App Store and Developers. Things like Search and other features from App Store are pathetic. Make the 10%, which increase processing fees, and all sort of handling well worth the money rather than making developer felt it is rent seeking.

As an ex-dev I loved the work apple put into the app store, giving me the tools to manage my virtual storefront, easily.

Speaking of the suggested tiered commission rates you are describing, which demographic are you in?
- as a dev
- as stockholder
- as a concerned customer of Apple
- as a concerned observer
- one or more of the above

It's interesting to me, the focus that is on Apple's fees and commission in the app store, especially those that are not devs.

 

[firewood]

I have the entire history of major consumer facing general computing operating systems (other than iOS) allowing sideloading as my justification. Apple is the only major player doing this, and so far, the status quo for iOS is the only justification.

And a unique product differentiation is one of the best ways to maintain profit margins. Possibly consumer satisfaction ratings as well. And record high iOS developer revenues. Are you an AAPL short seller?

 

[IG88]

And a unique product differentiation is one of the best ways to maintain profit margins. Possibly consumer satisfaction ratings as well. And record high iOS developer revenues. Are you an AAPL short seller?

No holdings in AAPL. Using profit margin to justify monopolistic control? Um, LOL?

 

[IG88]

I’m asking for specific arguments and points, not one generic argument that is in fact fallacious. “All of computing history has done this, therefore we must do this”. There is nothing concrete in that. It is lazy and you come off as if you are engaging in willful ignorance.

Ok Lol. I'm sure you'd applaud Microsoft if they locked Win 10 down to their own App Store tomorrow. Good talk.

 

[firewood]

Ok Lol. I'm sure you'd applaud Microsoft if they locked Win 10 down to their own App Store tomorrow.

MS can’t, because if they did, their ”monopoly” revenue and profits would drop through the floor.

 

[Darth Tulhu]

Ah, ye olde "freedom vs security" debate.

The way I see it, people wanting Apple to change their stance on this is the equivalent on China telling the US how to run their country (and frankly, vice versa).

Choose your team, folks.

You are free to choose one or the other, but not what that team's philosophy is.

You are also free to build your own team, though.

 

[thealkimist]

Ok Lol. I'm sure you'd applaud Microsoft if they locked Win 10 down to their own App Store tomorrow. Good talk.

I'd applaud you if you made a cogent argument.

 

[Jake James]

"Switch to Android" is the worst argument to support what Tim is saying. While you'd gain your freedom and sideloading and whatnot, you'd lose plenty of other things that make iOS great. For most iOS users it's not as simple as switching, the best solution would be for Apple to stop prentending it's for security when it's for their money.

 

[qoop]

Anyone remember iJewel in the early days of the app store? I seem to remember it was the most expensive app of all. Turned out to be just a jpeg of a jewel. It's hard to find a news story about it now.

 

[Michael Scrip]

Anyone remember iJewel in the early days of the app store? I seem to remember it was the most expensive app of all. Turned out to be just a jpeg of a jewel. It's hard to find a news story about it now.

iAmRich?

 

[qoop]

iAmRich?

That's the one!! He originally launched it with iJewel name.

 

[Td1970]

I am for the app store staying closed like it currently is.

Any such lawsuit is going to drag on for years and Epic's position appears weaker with each passing lawsuit.

Continue to fight and continue to win, Apple.

 

[MacBH928]

I could load anything on my Mac since Jaguar days and everything safe and secure. My iPad and iPhone will be much better used if Apple would allow different browser engines, browser plugins, loading emulators, loading apps that Apple does not agree with their politics, religion, and social views.

They could put an option deep in the settings menu to unlock installing apps out of the app store with a warning and password verification, this should release Apple from any responsibility.

 

[I7guy]

[…], the best solution would be for Apple to stop prentending it's for security when it's for their money.

Can’t really prove apple is pretending.

 

[IceStormNG]

And I'm pretty sure, Apple will also use that argument to lock down macOS at some point... They already "prepared" M1 machines a bit as now every piece of software has to be signed (if it's ARM64 native). So all your open source CLI software needs to be signed (which package managers like homebrew do on-the-fly during install).
Downloading "potentially" malicious code and signing it, doesn't do anything for security or privacy.

If your security relies on reviewing apps, you have (almost) no security.

And there was always malware for iOS and security holes. A jailbreak is technically abusing a security vulnerability to modify the OS and most iOS versions could be jailbroken. Sometimes even by just visiting a webpage through Safari.

And there was also that one https://en.wikipedia.org/wiki/Pegasus_(spyware) one of the more known spywares for iOS.


The current situation is problematic. Apple always yells about how secure their app store is. And still it's full of scam apps.

Maybe it's better when people will learn to use their brain and understand that the internet is like wild west. It's always better to think twice on your own instead of letting others think for you.
The most "important" thing Apple does is protecting their money (which is not surprising because every company does that).

They should just have the balls and say: "No we don't allow side-loading because we would loose money then."

Macs are pretty secure. Like Windows, their security are mostly dependent on the user's actions. Most malware these days needs to be actively installed by the user to get into the system. If you download and install only reputable software and no shady crap, your chances getting infected is pretty low. Why shouldn't the same apply to iOS?

Apple could just do it like Android. Sideloading is disabled by default and has to be enabled through a menu that's a bit hidden. Apps should still be code signed. If that makes iOS completely insecure, then iOS was never secure to begin with.


And now I will wait for the Apple bootlickers to downvote me to hell.

 

[I7guy]

[…]The current situation is problematic. Apple always yells about how secure their app store is. And still it's full of scam apps.

[…]

And sideloading is going to fix this?

And now I will wait for the Apple bootlickers to downvote me to hell.

Love comments such as this. Shows your “opinions” are out of touch.

 

[quarkysg]

Maybe it's better when people will learn to use their brain and understand that the internet is like wild west. It's always better to think twice on your own instead of letting others think for you.

I like your optimism, but sadly the real world doesn’t work like this. That’s why there are law enforcement agency to help ensure law and order.

In your said ideal world, the Jan 6 insurrection of the US Capitol would not have happened as everyone would be researching what’s right and wrong. The sad fact is that human as a species are kind of lazy and frequently falls for charismatic persuasion. A determined crook will be able to persuade a gullible person to do just about anything they would like the person to do. Any deterent to prevent this is better than none. Relying on the masses to do the right thing is usually a recipe for disaster.

 

[IceStormNG]

And sideloading is going to fix this?

No. But it also wouldn't make it worse on the App Store. Just because Side loading is allowed it doesn't mean everyone has to use it and will use it. I'm sure most Android users also just download their apps from the Play Store.

And why does everyone thinks other AppStores must be worse? As if Apple was the only company in the world that cares about security. Apple only cares so much for security as it is profitable. No more no less (and go figure: other companies do the same). So why not give the user choices?
If you don't trust any other company besides Apple, you can still download your Apps from the AppStore only.


But I know. Apple Fanboys don't want choices. They want Apple to tell them what they want...

If Apple finally locks down the Mac and tells you "it's for security", people like you will probably applaud and enjoy that Apple "cares" ...

I like your optimism, but sadly the real world doesn’t work like this. That’s why there are law enforcement agency to help ensure law and order.

In your said ideal world, the Jan 6 insurrection of the US Capitol would not have happened as everyone would be researching what’s right and wrong. The sad fact is that human as a species are kind of lazy and frequently falls for charismatic persuasion. A determined crook will be able to persuade a gullible person to do just about anything they would like the person to do. Any deterent to prevent this is better than none. Relying on the masses to do the right thing is usually a recipe for disaster.

And who defines what's "good" and "bad"? Apple? They don't allow a lot of Apps on their store because they're against their "moral" (funny word to use when talking about companies). It's not that they scan for malicious apps, they also scan for Apps they don't "like" and especially to make sure all the money goes through (and to) them.

And yeah.. I know people are stupid and gullible. The pandemic has shown that better than ever. And I'm always surprised how Apple treats their customers like completes idiots and people applaud. So yeah... you're right with "charismatic persuasion".

 

[falkon-engine]

I don’t think you understand what sideloading is. There is no vetting. A user can download any installable and run it themselves as admin. There is no API. There is no formal programmatic and human vetting.

I perfectly understand what sideloading is. If Apple is concerned about users installing apps onto the phone outside of the App Store, sideloading is not necessarily the only way to do so. Since there is no API for installing apps on the phone in a manner similar to how the App Store does it, sideloading exists.

But if Apple is concerned about the breakage of security, and thus a purported reason why it wants to deny the existence of other App Stores, couldn’t Apple develop a secure API for installing apps? Hence why I asked about creating an API.

I was hoping not to have to explain all of that but people like you don’t seem to understand.

 

[I7guy]

No. But it also wouldn't make it worse on the App Store. Just because Side loading is allowed it doesn't mean everyone has to use it and will use it. I'm sure most Android users also just download their apps from the Play Store.

Sideloading has the potential for exacerbating any malware issue. I understand the point being made by those who are not in favor of sideloading is the potential for reputational damage due to user stupidity.

And why does everyone thinks other AppStores must be worse? As if Apple was the only company in the world that cares about security. Apple only cares so much for security as it is profitable. No more no less (and go figure: other companies do the same). So why not give the user choices?

About alternate Android app stores... are they generally considered the high water mark for well-written, useful, malware free apps?

If you don't trust any other company besides Apple, you can still download your Apps from the AppStore only.

The above doesn't help the entire ecoysystem.

But I know. Apple Fanboys don't want choices. They want Apple to tell them what they want...

Apple "fanboys" are paying customers? No? Isn't a paying customer allowed "to tell them" what they want? I suppose as is a paying customers what wants something different.

If Apple finally locks down the Mac and tells you "it's for security", people like you will probably applaud and enjoy that Apple "cares" ...[...]

What does "people like you" even mean? I'm sure that's supposed to be some type of ad-hom but maybe you can explain exactly what that is supposed to signify? There are clearly arguments to made on all sides of this issue, but label assignments because you don't like one's position in this is childish.