Apple, a company that's not perfect but actually tries to do the right thing. That's why you get my money and I hope for your continue success.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Sideloading Apps Would 'Break' the Security and Privacy of iPhone, Says Tim Cook
- Thread starter MacRumors
- Start date
- Sort by reaction score
Seeing as how the App Store is riddled with literal data stealing spyware.
If you don't want users to side load apps then at the very least meet us in the middle and stop botching PWAs. I mean seriously already.
Seriously though, how would this work? Should sideloaded apps outside the App Store be able to use Apple's APIs (i.e. Metal, SceneKit, ARKit or even UIKit and the like)? Why? What kind of permissions should this apps have? Should they have access to all the photos in the photo library, for example? Should they need to ask for permission like App Store apps? What if an app uses an exploit to sidestep those permission-asking dialogs (which is certainly possible)? Could Apple remove, block or otherwise limit what those sideloaded apps can access? Would the app sandbox still be mandatory?
Quick example of sidestepping: From iOS 9.0 onwards, iOS apps can't get a list of all the installed apps on the device (the API was removed). This was used for stealthily fingerprinting users (as few people has the exact same list of apps installed on device). However, some apps still tried to build a list like that by pooling all possible URI schemes to check if any app is installed that can open that URI (for example, using canOpenURL on spotify:test-url, then twitter:test-url, facebook:test-url... to check if Spotify, Twitter and/or Facebook are installed). This is now policed at the App Store app level, and apps that try to do this are rejected. How should this be handled for sideloaded apps? Should some APIs be limited for sideloaded apps? Should privacy be disregarded altogether?
Quick example of sidestepping: From iOS 9.0 onwards, iOS apps can't get a list of all the installed apps on the device (the API was removed). This was used for stealthily fingerprinting users (as few people has the exact same list of apps installed on device). However, some apps still tried to build a list like that by pooling all possible URI schemes to check if any app is installed that can open that URI (for example, using canOpenURL on spotify:test-url, then twitter:test-url, facebook:test-url... to check if Spotify, Twitter and/or Facebook are installed). This is now policed at the App Store app level, and apps that try to do this are rejected. How should this be handled for sideloaded apps? Should some APIs be limited for sideloaded apps? Should privacy be disregarded altogether?
I think if Facebook or Google Apps are detected on the phone, side loading should be enabled. The user clearly doesn’t value their privacy
It doesn't really matter because we're using Apple's own words. Whatever Apple defines as "safe" or "privacy respecting" for an app that's been approved for inclusion in their app store would apply to any side-loaded app that is "certified" by Apple using the same process they follow for inclusion in their app store.
Apple certifying apps from third party stores rather sounds like the App Store! Surely the whole point of third party stores is so that apple has NO say over what is installed.
Uh..... yes it’s an issue on macOS. I have actually seen malware on a Mac before. Never on an iPhone.
Just search for macos malware on the rise in google. Do some research.
It terms of desktop environments, is more secure than windows. But let’s be real here, Windows is just a target due to market share. And macos malware was on the rise last year.
People need to stop comparing mobile devices to desktops. I don’t need my Mac to be able to cal 911 at any given time. On my iPhone I do. And actually I did have issues before where my phone (iPhone 7) was VERY SLOW and I needed to do something urgently.
You can always tell which businesses or governments are doing shady things when they flip out when people's privacy is protected. It's like the pushback that Apple gets for end-to-end encryption. You start asking questions when your government fights tooth and nail to force a vulnerability into a secure encrypted connection your device is sending its traffic through. And here we have Facebook fighting tooth and nail to keep Apple from letting people decide if they want to be tracked or not. I wonder if they think anyone is buying the "it'll hurt small businesses!" line.
Then why allow it on the Mac? Sideloading should be standard at this point.
Oh come on dude. At this point, sideloading should be part of the experience. You're complaints on sideloading should carry over to PCs, but of course, folks like you are "blind Apple's apparent love and goodness." (rolleyes).
This is called being a hypocrite.
At this point, if you're against sideloading, then you're against it on your Mac.
In a wide-ranging interview with The New York Times' Kara Swisher, on her podcast "Sway," Apple CEO Tim Cook talks about Apple's feud with Facebook, its stance on privacy, Apple's legal battle with Epic Games, and possible future Apple innovations such as Apple Glasses.
Apple is in the midst of a heated public spat with Facebook over privacy, particularly over an upcoming feature on iOS that will require apps to ask for users consent before tracking them.
The new feature called ATT, or App Tracking Transparency, coming with iOS 14.5 in "a few weeks," according to Cook, will force apps to ask users for permission to track them across other apps and websites. Facebook has argued vehemently against the new feature, saying it impacts small businesses that rely on personalized ads, derived from tracking, to keep afloat.
Tim Cook says he disagrees with that argument, indirectly saying that Facebook's point of view is "flimsy." Cook calls privacy the "top issue of the 21st century," adding that with tracking, companies, such as Facebook are able to put "together an entire profile of what you're thinking and what you're doing."
When asked how the new feature will impact Facebook, Cook says he's not "focused on Facebook," saying Apple adds new tools and features every year that improves and doubles down on user privacy. Speaking more specifically to what actions may need to be taken against companies that track users, Cook says he used to be a firm believer in the ability for companies to regulate themselves but notes that's now changed.
In a speech at a privacy conference in January, Cook strongly condemned social media companies that fuel conspiracy theories thanks to their algorithms. Cook says that Apple doesn't have a social media platform that is "pushing stuff in your feed," but notes it does have the App Store which it takes careful consideration in curating content for.
Cook in typical Apple fashion never comments on future, unreleased Apple products. However, possibly hinting at Apple Glasses, Cook says AR is "critically" important for the future of Apple. The CEO envisions a future where conversations include more than just words, but include charts, and "other things" appearing in a virtual space.
Speaking about Apple's fight with Epic Games, Cook says that Epic had long followed App Store rules, but decided to no longer follow the guidelines all other developers follow. Cook says Apple is "confident" in its case with the gaming giant.
One of Epic Games' biggest arguments about the Apple ecosystem is the lack of so-called "freedom" for users to download apps from places other than the App Store. Many have long voiced their hope that Apple would allow users to sideload apps onto their device, such as the iPhone. Cook says that sideloading apps, however, would "break the privacy and security" model of the iPhone.
In the remainder of the podcast, Tim Cook talks about his relationship with the President Biden administration and said he "probably" will not be Apple's CEO in 10 years. The full 36-minute long podcast is available over at The New York Times.
Article Link: Sideloading Apps Would 'Break' the Security and Privacy of iPhone, Says Tim Cook
Period.
You may not be stupid enough to need curators to avoid believing disinformation and conspiracy theories, but this last US presidential election and the subsequent storming of the Capitol on the 6th shows that there are many many out there who definitely are.
More creepy lip service. Guess that means Apple intends to dumb down MacOS where you can't side load reputable open source apps and have to stick with malware ridden app store.
Unless I picked up the wrong link.
The way the iPhone works is fine as it is. I even used to jailbreak years ago but now I have no reason to. The iPhone and iOS work great, I have all the apps I need, it’s secure and robust, I can’t remember the last time my iPhone had an error or crashed.
If you want a free for all insecure mess then you have Android for that. Personally once I few more apps end up on the Mac App Store like IINA, BitTorrent, I wouldn’t even be phased if macOS was locked down. Although macOS is a different kettle of fish as it’s never been a locked down platform like iOS.
If you want a free for all insecure mess then you have Android for that. Personally once I few more apps end up on the Mac App Store like IINA, BitTorrent, I wouldn’t even be phased if macOS was locked down. Although macOS is a different kettle of fish as it’s never been a locked down platform like iOS.
What a bunch of 🐂💩
Just notarize side loaded apps and score an easy win and move on here Tim
This company knows no bounds of greed
Just notarize side loaded apps and score an easy win and move on here Tim
This company knows no bounds of greed
No, the whole point of third-party stores is so developers have an alternative to Apple's 15% or 30% revenue take. Give developers the option for bearing the burden of a flat-rate certification and distributing costs for their app.
Well if you want Apple to pass on the profit you’ve also got to let them pass on everything else too. You can’t expect them to do the work and get none of the money!