Sideloading Bill Would Allow 'Malware, Scams and Data-Exploitation to Proliferate,' Says Apple

[vipergts2207]

Damn it, 23 pages of macrumors comments and not a single mention pull out of America.

No, but we do have ridiculous posts comparing sideloading with the pandemic and vaccinations.

 

[vipergts2207]

Yes. But opening up iOS is the solution to App Store holes helps how exactly?

That’s not a problem I’m trying to solve. I’m just pointing out that you’re applying two different standards and have set a lower bar for Apple.

 

[I7guy]

Sideloading 'could' work only as long as those who host the apps do proper vetting of the apps they have on their server because this has been a problem with the digital tech industry for years, many refuse to implement vetting and security checks because it's very time consuming and very costly. Just look at how much fight back Google, Facebook, Twitter, Youtube, Ebay, Amazon have given to countries governments with the governments telling them they must have better checks and vetting in place. Youtube and Ebay specifically have fought back hard for years against having stronger vetting/checking processes because they know it will cost them financially to do so.

Yes security will be a problem with regards to sideloading but it will only be a problem if those involved in sideloading do not have strong vetting/checking procedures in place.

The law should not come to pass. And then this issue of "security" will disappear.

 

[Sophisticatednut]

So throwing the baby out with the bathwater is a good idea?

It’s means it’s not a good defense to say we need to have the apps tore locked down to ensure security and safety, while the evidence show we don’t have ether and can likely expect the same situation if side loading is allowed. The biggest reason is likely solely a revenue reason with respect to their internal mails showing i dire state with rampant fraudulent applications sloping through undetected with users blindly trusting everything on the store.

 

[Wildkraut]

Well, the iOS platform already has a permanent scammer and data exploitation malware called Apple.

 

[Ethosik]

It therefore stands to reason that when faced with popup warning messages about the risks of installing a sideloading app, there will be many who will just ignore the warning and install the app. Now the question is, should we allow companies to take the responsibility of protecting us from ourselves, just like what Apple is doing with the app store?

Yep. I see it all the time with UAC warnings on Windows. If it randomly shows up out of nowhere they just click yes without even reading.

I will also add this point. If people understood security and nobody does these “oopsie” things, I would be more open to this. But that’s not the case. I have only had two malware infections in my life on Windows since Windows 95. Yet it’s always shocking dealing with the weekly call, or when every time I check on the system their computer is infected.

It’s a cascade effect. The more people installing malware side loaded apps the more attacks it will have, more malware kits will be available on the dark web, and more adjacent infections/impact. If my cousin gets infected, it then leads to my information being exposed. It’s happened. I have about 20 email addresses and one of them got targeted for Spam and I know how that address got out because my cousin’s address book was exposed. There was proof because the scammer emailed a full 20 people - all of which were from that cousin’s address book.

A few people have responded to me that some of my arguments show that the App Store has holes in it. I’m not denying that, I have said repeatedly that the App Store has issues. And the easiest solution to this is to have App Reviews take weeks to months instead of days.

Side loading won’t suddenly patch the App Store. Side loading won’t suddenly improve iOS security. It will in fact do the opposite. So I just don’t understand the attitude “gate is not 100% perfect so let’s just remove the gate!!!!”

I have also brought up that sandoxing isn’t 100%. People keep throwing this out there that oh you are still protected because it’s sandboxed. Not true. I have used many sandbox environments that have had security holes.

Back to a prior point, another response I had is iOS is essentially “security by obscurity” by my arguments. Yep, I agree. I have also said many times iOS and macOS are not as secure as the appear. I think it’s just so heavily dependent on the App Review process that it’s as secure as it is. Which is why personally I believe Android and Windows are far FAR more secure platforms. I fully expect iOS 16/17/whatever that has side loading is going to be Apple’s worst iOS from a security perspective. And Apple probably knows this too.

One last thing, could we please drop the greed responses? All companies exist to make money. Hospitals too. But they can exist for more than one reason. I fully believe Apple has a high bar for privacy and security. Sure they still want to protect their money, all companies would.

 

[wanha]

MANY of Apple's App Store rules are pro-consumer.

SOME of Apple's App Store rules are NOT pro-consumer.

But ALL of Apple's App Store rules are pro-Apple.

 

[Michael Scrip]

Well, the iOS platform already has a permanent scammer called Apple.

Good thing nobody has to ever buy anything from Apple.

If Apple is as bad as you always say it is... people should run far and run fast away from Apple.

Nobody should use a phone from a "scammer"

?

 

[wanha]

Well, the iOS platform already has a permanent scammer and data exploitation malware called Apple.

well aren't you a bundle of sunshine lol

I mean, what are you even doing here? Free public service to warn everyone of the evil's of Apple? ?

 

[wanha]

The fundamental problem with this proposal is that it will never be universally enforceable.

If we make Apple allow side loading, do we do the same thing to every platform in existence?

Playstation, Xbox, Nintendo, Tesla... will they all have to do the same?

Even if you think Apple needs to allow side loading, writing this into law is going to open a whole other can of worms.

 

[laptech]

I cannot but help think that Apple persistanly lamenting about the security issues of sideloading is their version of the issue pertaining to CSAM, which supporters of CSAM use the line 'think of the children' as a way to try and get people to think their way. With this sideloading debate, Apple appear to be using the line 'think of security' every time they talk about the issues of sideloading to get people to think Apples way.

 

[wanha]

Time to stop letting Apple command the app game in their favor.

Should we do the same to Playstation, Xbox, Nintendo, and Tesla?

 

[Ethosik]

I cannot but help think that Apple persistanly lamenting about the security issues of sideloading is their version of the issue pertaining to CSAM, which supporters of CSAM use the line 'think of the children' as a way to try and get people to think their way. With this sideloading debate, Apple appear to be using the line 'think of security' every time they talk about the issues of sideloading to get people to think Apples way.

I’m fully against CSAM but agree with Apple here.

 

[twinlight]

Half this forum appears clueless.

Sideloading on an Apple device will still be sandboxed.

There will be no impact from scams/malware anymore than scams that already exist and skate right through App review.

Yes but it will leak out.

A real kid in a real sandbox can get out of said sandbox and you as a parent tell them to leave the bucket and shovel in the sandbox. Then the kid has sand in his pockets and you have sand in your car, your sofa, his bed and all over the floor probably.

I would like more freedom for us users but the cost is that we will have users installing crap, getting more private information leaked and more scams, malware developed and used. More crap installed on devices and more shady developers taking chances to fool normal idiots.

 

[ksec]

No, but we do have ridiculous posts comparing sideloading with the pandemic and vaccinations.

Yes that will be on my radar if that ever get repeated again. ?

 

[Wildkraut]

well aren't you a bundle of sunshine lol

I mean, what are you even doing here? Free public service to warn everyone of the evil's of Apple? ?

Thanks!
Running out of arguments, Tim Cook?

 

[lazyrighteye]

I’m so tired of arguing about this. If you want to side load, buy Android. If you prefer the walled garden approach, buy iOS. If you don’t like those options, build your own damned system.

This. Right here. So simple.

 

[vipergts2207]

Stealing this video someone posted in another thread.

 

[boss.king]

This. Right here. So simple.

Except it's not so simple. There are plenty of things I like about my iPhone and iOS that I can't find on Android devices. I just don't like the restriction on where I can install apps from.

 

[vipergts2207]

Should we do the same to Playstation, Xbox, Nintendo, and Tesla?

Kind of took a weird turn there at Tesla. Otherwise yes.

 

[vipergts2207]

This. Right here. So simple.

No thanks.

 

[Michael Scrip]

Except it's not so simple. There are plenty of things I like about my iPhone and iOS that I can't find on Android devices. I just don't like the restriction on where I can install apps from.

Maybe these lawmakers should write a new bill to force Google to add those things you like to Android...

 

[boss.king]

Maybe the lawmakers should write a new bill to force Google to add those things you like to Android...

Watch out, keep talking like that and people are going to start yelling at you to "just buy an iPhone".

 

[laptech]

I’m fully against CSAM but agree with Apple here.

Many would agree with you as well but the thing is Apple is not being entirely honest with it's customer base as to the reasons why they are pushing the 'threat to security' angle so strongly. You do realise that if sideloading gets the go ahead Apple stands to lose billions of $$$ in app store revenue because all the apps that have in-app purchases have no choice but to use apples payment system which is where apple get's it 15% and 30% commission from, would be able to move to a sideloading server that does not ask for commission on in-app purchases, just a yearly hosting fee meaning the app developer would get 100% of the in-app purchase fee.

This therefore is a massive incentive for Apple not to allow sideloading and thus put the fear into people that their devices security would be at huge risk.

 

[JarikD]

No, I haven't misunderstood anything, and am aware of right to repair initiatives as well, but I see it as the same thing. Legislating that businesses find a new way to make money, open up their platforms and devices, and spend the additional time, resources, and money to make the hardware more open.

Whether it is side-loading (providing a way to circumvent the App Store/market, install, run, and access the hardware in a less fettered, less checked, less managed way) or creating the protocols and interfaces for 3rd parties to interact with hardware at a level not previously open to them, it's essentially same ruling. It's not just saying, "let us run our own store". The ability to do this must be built.

We're talking about legislating that companies must spend the effort, time, and resources to open up those systems. Systems that were well planned and intentionally designed to not just generate a profit through a market place, but also provide better security and generally a controlled user experience and thus a particular level of quality, which apparently has been quite profitable, and desirable by most of their users.

We're talking about legislating more open systems. The issue with this is that part of Apple's business plan or Nintendo's business plan or Sony's business plan OR even John Deere's business plan before they invested in these devices and platforms, methods of delivery, and maintenance, was/is to require usage of their services. Epic and other competitors on the software side of this have chosen not to invest in and develop the hardware or infrastructure side of it, but they want all of the benefits of that development. So, they're trying to by-pass their original agreements by having legislators demand more open systems. This will of course require engineers to actually open up those systems while on the business side of this, the companies will need to find new ways to make money since their competitors can now avoid their market or other prior constraints built into the platforms.

I guess the part I don't understand is if a consumer or a developer does not want to be constrained to using the company's platform the way it was designed, why don't they just use another phone or tractor or gaming console. No one is forcing me to buy an iPhone. I buy it because I like the quality and experience, and am certain that a large part of that is attributable to how it is designed and how they manage how apps and services operate on the platform.

Simultaneously, I don't want a tractor that I can't fix myself or drive down to my local shade-tree mechanic and have him fix it.

So, how this all plays out is going to be interesting. Will they try to make a law, a ruling to apply to just Apple or will they say that all companies must make this type of investment and open up their devices and platforms... and markets.

Great comment