Sideloading Bill Would Allow 'Malware, Scams and Data-Exploitation to Proliferate,' Says Apple

[turbineseaplane]

Because... nobody has yet suggested making a (not IOS) Android OS iPhone that allows side-loading.

Huh?

An Android OS iPhone?

Apple should not be forced to allow running any random OS on their hardware.
I agree

(well, I don't really care either way on that actually. I wouldn't do it personally, but wouldn't care if others did)

That's a different conversation than what we are having here

 

[Ethosik]

I can guarantee they’ll all scream that this approach was what they meant all along though.

I bet that’s not what Epic or this bill is intended to do though.

 

[cupcakes2000]

Not true. Almost all (if not all) folks here who are for sideloading agree that the option should be fairly difficult to reach for casual/technically illiterate user.

Yes. With a switch buried deep in settings. Which is the problem. This is easy to guide less tech minded people to deactivate for nefarious purposes. Unlike installing an AppStore explicitly on a computer as a server.

 

[turbineseaplane]

Which is the problem. This is easy to guide less tech minded people to deactivate for nefarious purposes.

No, it really isn't "a problem".

Good lord. Can we act like adults?

Apple isn't here to save us from our own actions.

If you walk your way through settings to enable side loading and go out of your way to install whatever you find out there, that's a "you problem"...

 

[Ethosik]

Yes. With a switch buried deep in settings. Which is the problem. This is easy to guide less tech minded people to deactivate for nefarious purposes. Unlike installing an AppStore explicitly on a computer as a server.

Yeah those comments are what threw me off. If we are talking that you still need to be tied to a computer, that changes my stance.

 

[nebojsak]

Yes. With a switch buried deep in settings. Which is the problem. This is easy to guide less tech minded people to deactivate for nefarious purposes. Unlike installing an AppStore explicitly on a computer as a server.

It implies that they know exactly what they're doing. You can't babysit half of the world.

Again, it's "let's ban all the cars and kitchen knives and microwaves and boiling water" attitude.

 

[cupcakes2000]

No, it really isn't "a problem".

Good lord. Can we act like adults?

Apple isn't here to save us from our own actions.

If you walk your way through settings to enable side loading and go out of your way to install whatever you find out there, that's a "you problem"...

I’ll tell my nan. Sure she’ll understand that some feck rinsed her life savings with a fake bank app. Cheeers for the advice.

 

[icanhazmac]

Good idea, this is getting really exhausting.

Honestly what is getting exhausting are the constant posts here claiming that nothing will change, presented as fact, when these are all opinions. If we are to debate in good faith we must acknowledge that we are all making assumptions and putting forth opinions on what will happen if the current Apple business model is legislated into extinction. As such we should be discussing the merits or shortcomings of our respective opinions.

I find many of the posts here claiming "nothing will change" incredibly naive. It is my opinion, based on other similar marketplaces that the following will occur if Apple is forced to allow alt-stores and alt-payments:

• Fragmentation of the marketplace based on apps going it alone or alt-stores offering exclusive distribution incentives.
  • Exclusives move and shift, the app you buy from Apple today will be exclusive on Epic tomorrow and Stream in another year, when you need to restore it to a new device who do you turn to and how will that work? Example: I believe that Epic will open their own store, none of their apps will be on the Apple stores, why, petty revenge, now if you want to play an Epic game you need an account on their store. Then epic will make offers to other devs for exclusive distribution rights. Others will do the same.
  • Negative user experience... why would you want to shop endless numbers of app stores for the best app instead of having them all in one place? I acknowledge there will probably be somewhere in the number of 10-20 major players but others will be independent.
• Fragmentation of payment systems based on alt-stores choosing their own processors.
  • Increased instances of data theft via hacks. Do you really trust individual devs, who are trying to save money, to do with a reputable processor? Do you even know who the reputable processors are? Some may continue to offer ApplePay but some won't.
• Decline of the customer service experience.
  • Have fun getting a refund from random dev X when your child buys $1000 on IAP.
• Decline in the amount of information know about data collected by apps.
  • Apple currently FORCES apps to declare what info they collect in the store, do you really believe that alt-stores will do the same?
• A unique ecosystem will be legislated into extinction instead of allowing the market to dictate what the consumer wants.
  • Vote with your dollars, if you don't like Apple, buy Android, if enough of you leave Apple will lose market share and correct as needed.

I and many others bought into this ecosystem and like it the way it is, we cannot go anywhere else to find the 1 stop shopping experience that Apple offers. Those in favor of the alt-systems have other places to go and if enough of you go there Apple will do market research and adjust accordingly. Yes it may take years to enact change but do you all really want to leave this in the governments hands? What exactly does the government do well?

Edit: For the record, I could care less about sideloading, malware, scams etc. I have no desire to fear monger. I care about the elimination of a unique, 1 stop shop, ecosystem that will be legislated into extinction. I care about the disruption of a seemless marketplace... I hear about a great new game... no problem, I hit the app store and buy it. I don't want to hear about a great new game, find out where it lives, create an account on that store, give them my CC and find out the game sucks and it was all for nothing, they still have all my info.

 

[turbineseaplane]

With the level of hand holding and babysitting some people seem to want/need, I'm a little concerned if you are out there driving cars and being in public in general

 

[aapl owner]

Dear lord I hope Apple loses this.

Wow this is one ignorant comment. Sideloading will totally destroy the security we now enjoy - if you want this feature then please go to Android.

This is a classic example of competitors using the monopoly power of government to ruin another company (Apple) and help themselves. This bill must not pass.

 

[nebojsak]

I’ll tell my nan. Sure she’ll understand that some feck rinsed her life savings with a fake bank app. Cheeers for the advice.

No. You just have to avoid doing the following

This is easy to guide less tech minded people to deactivate for nefarious purposes.

If your nan completely erases her device every other day (option buried two levels deep in Settings), now that's the other story.

 

[turbineseaplane]

Sideloading will totally destroy the security we now enjoy

No - it will not

Please read the thread

Literally everything you're going to say has been refuted in this thread.

 

[Sophisticatednut]

I'm not sure I get your argument. You actually want to have to look at the "scientific" section of multiple stores for your specialized apps instead of one? You also state login as an issue, while I see that ZDN allows direct downloads do you really believe that alt-iOS stores will give up their chance at your personal info by not forcing you to have an account? This might work for some really specialized small apps but in terms of games? Tell me that the Epic app store won't force you to login? Any app that you need to purchase will require a login or your personal info to be provided.

I still highly value the one stop shop, its what I, and many others bought into, we voted with our dollars!

If you don't like what Apple is doing, vote with your dollars and go elsewhere. If your segment of the market is large enough Apple will change their policies. Forced legislation will not end well for any of us.

Well apples App Store is extremely clunky. Some competitors would be healthy now that apple have grown fat and complicit

 

[aapl owner]

Completely inaccurate.

Sideloading would still be sandboxed and can be done exceptionally safely

"Sideloading would still be sandboxed and can be done exceptionally safely" until it isn't then it's over.

 

[M3gatron]

It certainly does make a point. With side-loading there no longer needs to be approval from Apple. So if one of these gets out there, Apple can't remove it from their store because its on Store X.

It's amusing that you obviously didn't understand the article you linked.
Most effective malware on Android is malware in Play Store. Atechnical people very rarely search for software in obscure locations when there's an incredibly well stocked official app store.
That linked article talks about the fact that there were 10.000 downloads but now about about how many people were actually affected(I wound say very few). In order for that app to be effective as a malware it needed the mother of all permission on Android with the culmination of users themselves allowing the app (for no reason) to install apps from other sources(something no authenticator app does). So basically you really needed to insist on allowing that app to compromise your device.
The point is that App Store apps do need to be aboved by Apple, and Apple can simply block any App Store apps that want to install other apps from outside sources. This will fix the problem for the most part as cases in which Android phones are compromised by APKs downloaded and installed directly by users are quite rare.

 

[Ethosik]

It's amusing that you obviously didn't understand the article you linked.
Most effective malware on Android is malware in Play Store. Atechnical people very rarely search for software in obscure locations when there's an incredibly well stocked official app store.
That linked article talks about the fact that there were 10.000 downloads but now about about how many people were actually affected(I wound say very few). In order for that app to be effective as a malware it needed the mother of all permission on Android with the culmination of users themselves allowing the app (for no reason) to install apps from other sources(something no authenticator app does). So basically you really needed to insist on allowing that app to compromised your device.
The point is that App Store apps do need to be aboved by Apple, and Apple can simply block any App Store apps that want to install other apps from outside sources. This will fix the problem for the most part as cases in which Android phones are compromised by APKs downloaded and installed directly by users are quite rare.

This is where all the confusions lie in this thread. Someone finally stated you will still need a computer to side load. If that’s the case then yes I agree. But having iOS open to the point where I can be randomly redirected to somehackerwebsitelul and it auto-downloading an app that iOS can run. That’s a different story.

If the context truly is limiting side loading g to requiring a Mac to deploy, I agree it won’t change anything with security.

 

[M3gatron]

This is where all the confusions lie in this thread. Someone finally stated you will still need a computer to side load. If that’s the case then yes I agree. But having iOS open to the point where I can be randomly redirected to somehackerwebsitelul and it auto-downloading an app that iOS can run. That’s a different story.

If you had any experience with side loading on Android you would know that auto-downloading an app is not possible. In order for an apps to be side loaded it needs express permissions from the user and the user is warned it's not safe and he's responsible for any negative outcome.

If the context truly is limiting side loading g to requiring a Mac to deploy, I agree it won’t change anything with security.

"requiring a Mac to deploy" makes no sense. Not to mention most iphone users don't own a Mac.
Apple only has to implement a few resonable and logical safety nets to avoid accidental sideloading and make it clear to anybody that they are mature persons responsible for their actions. Side loading from outside soucers is rarely a problem on Android, it's biggest problem remains Play Store, that's where the majority of malware is. An APK could probably generate a few thousands of downloads at most until it's discovered or flagged by other users while Play Store apps often get to millions of downloads. If you wanted to deploy malware what would you target: outside sources generally exploited by power users and users more aware of security or the default apps store full of noobs?

 

[OnawaAfrica]

1. you know that sideloaded apps would still need to ask permission to view your data, right?
2. do you have the same gripe with windows, mac, and android?

if the source code is not reviewed by apple before it can be used on the phone then malicious programmer can put any bad code in there which can bypass the sandbox and can defiantly take ur data

 

[mrat93]

Wow this is one ignorant comment. Sideloading will totally destroy the security we now enjoy - if you want this feature then please go to Android.

This is a classic example of competitors using the monopoly power of government to ruin another company (Apple) and help themselves. This bill must not pass.

it’s ignorant to think that sideloading alone would destroy security. you can hardly call it a feature. it’s more like them removing a limitation.

 

[Ethosik]

If you had any experience with side loading on Android you would know that auto-downloading an app is not possible. In order for an apps to be side loaded it needs express permissions from the user and the user is warned it's not safe and he's responsible for any negative outcome.



"requiring a Mac to deploy" makes no sense. Not to mention most iphone users don't own a Mac.
Apple only has to implement a few resonable and logical safety nets to avoid accidental sideloading and make it clear to anybody that they are mature persons responsible for their actions. Side loading from outside soucers is rarely a problem on Android, it's biggest problem remains Play Store, that's where the majority of malware is. An APK could probably generate a few thousands of downloads at most until it's discovered or flagged by other users while Play Store apps often get to millions of downloads. If you wanted to deploy malware what would you target: outside sources generally exploited by power users and users more aware of security or the default apps store full of noobs?

Auto download is literally seconds to do on an html page. Haven’t you seen pages like “your download will begin in a few seconds”. I’m not talking about auto launching, but auto downloading.

I think you people need to get on the same page. Someone mentioned side loading works by using a Mac today. So one of the ONLY change would be lifting the 7 day limit. If you think differently, you need to state so.

This is what others are referring to about side loading

AltStore

altstore.io

 

[mrat93]

if the source code is not reviewed by apple before it can be used on the phone then malicious programmer can put any bad code in there which can bypass the sandbox and can defiantly take ur data

this is untrue. you may have a point if we’re talking about jailbreaking, but we’re not.

 

[M3gatron]

I doubt it. We see it all the time once Apple does something, the industry follows. And Epic wants their own store, and will buy exclusivity app rights to popular apps so it is ONLY available on the Epic Store on iOS and Android. Once this happens, it will lead to what it is like on PC with dozens of installers and stores.

Epic can buy as many exclusive app rights as they want, they will never win against App Store and Play store. The only thing they will achieve is wasting money.

 

[M3gatron]

Auto download is literally seconds to do on an html page. Haven’t you seen pages like “your download will begin in a few seconds”. I’m not talking about auto launching, but auto downloading.

Honestly I don't remember the last time I encounter an unsolicited “your download will begin in a few seconds” on a regular/plain html page(not obvious scams). Maybe never.
Also just downloading something doesn't do anything.

I think you people need to get on the same page. Someone mentioned side loading works by using a Mac today. So one of the ONLY change would be lifting the 7 day limit. If you think differently, you need to state so.

It requires a computer actually. You gave the impression that it should require a Mac specifically.

 

[boss.king]

"Sideloading would still be sandboxed and can be done exceptionally safely" until it isn't then it's over.

You can apply that same logic to make anything sound dangerous.

Apple will respect your data and privacy until it doesn't, and then it's all over.
Air is safe to breath until it isn't, and then it's all over.
Time will move forward predictably until it doesn't, and then it's all over.

Just because you can put the words into a scary order doesn't mean that what you're suggesting is at all plausible.

 

[gregmancuso]

The presence of altstore is irrelevant. What matters is the actual changes that would be made would be utterly miniscule.

Removal of a needless 7 day timer

Ability to use altstore on more than one device on the same apple account.

Why is everyone blowing those 2 tiny things up into some fake security nightmare that doesn‘t exist?

So by this thinking the ONLY sideloading mechanism to allow is the what AltStore is doing? Basically providing a library of .ipa that you need. developer account and Xcode to load? That is not really the additional install vector you think it is. The install process within a direct Xcode deployment and from the AppStore are very similar - known insertion point, developer certificate, entitlements, and validation.

The Alternate App Store(s) and sideloading requested go far beyond this. I have not heard anyone pushing for sideloading to be limited to having to use Xcode or a developer account to do so. The limitations you mention are the part of the difference between a free developer account and paid account. You may not agree with the limitations but it really does not matter. Nor would the proposed bill force changes to those restrictions.