Sideloading Bill Would Allow 'Malware, Scams and Data-Exploitation to Proliferate,' Says Apple

[turbineseaplane]

Plus a gazillion fake apps. Saw an app mentioned, went to look for it on Apple App Store but confronted with a gazillion fake questionable apps so just turned off my iPad.

Oh it’s freakin’ awful

The App Review process borders on doing nothing of actual substance that benefits consumers and certainly not developers.

It reminds me of how some employees think HR is working for them and their interests…

(Psst..it’s to protect the interests of the mega corp, not the staff or customers)

 

[I7guy]

Oh it’s freakin’ awful

The App Review process borders on doing nothing of actual substance that benefits consumers and certainly not developers.

It reminds me of how some employees think HR is working for them and their interests…

(Psst..it’s to protect the interests of the mega corp, not the staff or customers)

Oh it’s freakin’ awful

The App Review process borders on doing nothing of actual substance that benefits consumers and certainly not developers.

It reminds me of how some employees think HR is working for them and their interests…

(Psst..it’s to protect the interests of the mega corp, not the staff or customers)

Alternate app stores and alternate payment methods, sideloading etc are only going to make this worse. This will not benefit the general consumer.

 

[Ethosik]

Oh it’s freakin’ awful

The App Review process borders on doing nothing of actual substance that benefits consumers and certainly not developers.

It reminds me of how some employees think HR is working for them and their interests…

(Psst..it’s to protect the interests of the mega corp, not the staff or customers)

And how many fake apps do you think will exist with zero....let me repeat that.....ZERO....review process AT ALL? This is what you people are asking for. For stuff to bypass Apple's HORRIBLE review process by having NO review?! That will make all the fake apps suddenly disappear?

As I have said, a horrible review process is better than no review. I have yet to hear a valid counter argument to this other than repeating the same thing of "oh scams exist on the App Store". Well yeah, hundreds or thousands MORE will exist without a review.

 

[turbineseaplane]

Alternate app stores and alternate payment methods, sideloading etc are only going to make this worse. This will not benefit the general consumer.

That’s just fear mongering

It also skirts the legitimate issues with the current Apple monopoly on iOS app distribution and payment collection.

 

[I7guy]

That’s just fear mongering

It also does nothing to address the legitimate issues with the current Apple monopoly on iOS app distribution and payment collection.

There is no evidence going forward with the above that this will benefit consumers either.

There is no illegal monopoly on iOS app distribution.

 

[turbineseaplane]

@I7guy

Our discourse is just polluting the thread at this point.
Stepping away and may reply to new stuff that pops up from others.

No offense meant.
Just wanted you to know why I may not reply much more.
We’ve both covered our views quite adequately

Cheers.

 

[I7guy]

@I7guy

Our discourse is just polluting the thread at this point.
Stepping away and may reply to new stuff that pops up from others.

No offense meant.
Just wanted you to know why I may not reply much more.
We’ve both covered our views quite adequately

Cheers.

No problem at all. It’s great to discuss the legal merits of this (I’m an arm chair lawyer and play one on tv as they say), but the two camps of thoughts will not meet….and what will be will be.

 

[Ethosik]

People just need to stop with the "fear mongering" or "no evidence that this will happen" arguments. BOTH sides are having discussions/guesses/speculations. We can however draw from existing trends and history - for example my worry about Apps not being on the App Store by Epic (and potentially others) buying up exclusivity rights to how it is on the PC space. VALID comparison.....still no proof it WILL happen but we can draw from what is happening. Doesn't make it a "unreasonable fear" because it is perfectly valid and is occurring elsewhere.

And some stuff is such common sense it doesn't need proof. App Review still lets fake apps through. NO review process AT ALL will let MORE fake apps through. Because....now follow me with this....it WONT be reviewed!

So the majority of the time BOTH sides is speculating and guessing and drawing from current trends to help the argument. It is a perfectly valid security concern that apps from ANY SOURCE will expose security to a greater degree than from the App Store alone. This is just common sense. NO REVIEW does more harm than a half-*** review does.

 

[AppliedMicro]

Alternate app stores and alternate payment methods, sideloading etc are only going to make this worse. This will not benefit the general consumer.

Well, confusion about scam apps like this here (Link) certainly wouldn't happen if we could download the app directly from Meta (Facebook), would it?

 

[turbineseaplane]

Remember for anyone stirring up fear about “what will happen on iOS if Apple doesn’t have a monopoly on iOS app distribution!”

macOS provides us wonderful parallel examples of how things could be on iOS also…and there is essentially “no issue to worry about”

Also, see the post just above this that just came in

 

[turbineseaplane]

Apple over markets to users the real level of “you can trust what’s on our App Store”

Making that worse…

Apple users overly trust Apple, thus making scams in their App Store much more pernicious and easy to proliferate once they are in.

The scammers leverage that misplaced “over trust” of Apple

 

[Ethosik]

Well, confusion about scam apps like this here (Link) certainly wouldn't happen if we could download the app directly from Meta (Facebook), would it?

It happened on Android with Fortnite. People downloaded scam Fortnite apps instead of the real one.

Fortnite Fans On Android Are Being Scammed By Malicious Apps

Fans of the popular game Fortnite who own iPhones or iPads can now play it on the go. Those with an Android device, not so much... and scammers are taking advantage.

www.forbes.com

Fortnite scam warning over FAKE Android download links – here's how to stay safe

FORTNITE players are being warned about a dangerous new scam targeting naive fans of the game. Fraudsters are tricking players into links offering a download for the game on Android smartphones – b…

www.thesun.co.uk

 

[cupcakes2000]

Who only knows what AppStore you’re all using to be so inundated with fake and scam apps as to need to just turn off your iPad.

You know - come to the conclusion you need an app. Research the app choice in the internet. Look at reviews and compare the top 3 or 4, find them on the App Store. That’s what I do and it doesn’t get much simpler.

If you’re all having this much trouble finding genuine apps with just this one method open to you - you’ll have some trouble with ten half arsed stores available.

But you’re not. What you’re doing is the fear mongering you keep accusing everyone else of, whilst seemingly not realising that we all use the same AppStore, and regardless of whatever links you will undoubtedly share to the contrary - are not hoodwinked left right and centre presently by fakes or scams.

 

[turbineseaplane]

You know - come to the conclusion you need an app. Research the app choice in the internet. Look at reviews and compare the top 3 or 4, find them on the App Store. That’s what I do and it doesn’t get much simpler.

You just described the exact same process for independent distribution

The only difference is at the end you go directly to the creator of the actual software and don't have to worry about scams having gotten past Apple's App "Review"

(...and if you don't trust the software creator, why are you installing something from them?)

If you’re all having this much trouble finding genuine apps with just this one method open to you - you’ll have some trouble with ten half arsed stores available.

Thus the desire to go right to the creator of the software themselves.

The weak point in all this is the requirement of trust of "App Stores".

The Apple App Store has somewhat spotty App "Review" and that is actually mostly reviewing the Apps for compliance with Apple guidelines -- a large percentage of which are more about their financial/business rules (their interests, not consumers necessarily).

The real security on iOS is from App signing and the architecture of the system overall.

 

[Sophisticatednut]

Alternate app stores and alternate payment methods, sideloading etc are only going to make this worse. This will not benefit the general consumer.

I think we need apple to provide some date to back this up.
It could be for all we know close to parity when it comes to the number of scams and viruses on the AppStore/iOSmarket and play store/ android market.

And it would barely be a rounding error if changed

 

[turbineseaplane]

Don't hold your breath on data from Apple, particularly if data exists that would destroy the narratives they are trying to push.

 

[Sophisticatednut]

Alternate app stores and alternate payment methods, sideloading etc are only going to make this worse. This will not benefit the general consumer.

I’m sure in EU this will only benefit consumers as payment methods are heavily regulated and only verified methods are allowed to be used.

Europe adopted chip+PIN not because anyone really wanted it but because it was mandated by law a decade or so ago

Are you saying in USA there is no security standards? Perhaps that explains why magnetic strips are so common there or the ability do purchase without using a pin or ID verification

 

[Sophisticatednut]

Don't hold your breath on data from Apple, particularly if data exists that would destroy the narratives they are trying to push.

Absolutely. And the data likely exist just deep inside apples walls. Considering it showed in internal apple mails 200 million consumers was affected by the the XcodeGhost in 2015. And it wasn’t apple that discovered it but a random developer in China almost 6months after it likely started infecting apps. So don’t be surprised if that’s the case now.

 

[Ethosik]

I think we need apple to provide some date to back this up.
It could be for all we know close to parity when it comes to the number of scams and viruses on the AppStore/iOSmarket and play store/ android market.

And it would barely be a rounding error if changed

Why do you need data to back this up? Having applications go through zero review process will be far worse than even the horrible review process Apple has in now. If I can just release my malicious iOS app on my website without Apple even reviewing it, that is all the proof alone that you need.

 

[Sophisticatednut]

Why do you need data to back this up? Having applications go through zero review process will be far worse than even the horrible review process Apple has in now. If I can just release my malicious iOS app on my website without Apple even reviewing it, that is all the proof alone that you need.

The problem is you can do that right now. Users can surf to malicious websites and be infected or fall for scams on their iDevises right now, click infected email links or receive a SMS string click YouTube comments, discord messages or any number of vectors of attacks right now on their device.

the XcodeGhost affected close to 200 million users and 4.000 official apps. And was discovered by a random Chinese developer and not apple. And the evidence points to it to have been active for 6months before it’s discovery by apple.

And it completely depends on what changes are made.

• Alternate app stores

Probably will stay about the same with other stores having a review process.

• alternate payment methods

In EU it will have no impact even with high usage. Payment methods are highly regulated and payment verification is needed for online transaction by ID, code or other security means.
USA probably a big problem considering the non existent safety standards or regulation in place.

• sideloading

Probability the highest impact but limited to limitations of iOS security and lack of root access. But minimal amount of user will use it


And then we need to compare this to android that already have all these. If little to no impact happen to users compared to the freedom and increased competition between developers, payment solution to apple and their store/ IAP solution. It might be hard to justify.

If apple right now have equal amount of fraud and malware as android ( we don’t know untill apple shows us)
This would show that apples review process have little to no impact.

If their data shows a drastic difference to android, this would show that apples review process have a drastic security effect.


because if this the effect of apple’s review process, then it’s effectively just for show and not security

 

[Ethosik]

The problem is you can do that right now. Users can surf to malicious websites and be infected or fall for scams on their iDevises right now, click infected email links or receive a SMS string click YouTube comments, discord messages or any number of vectors of attacks right now on their device.

I cannot download and run an iOS app right now from any website. Not sure how you consider it the same thing or its happening now.

 

[djgamble]

To be honest, if It’s my property, then Frankly their rules don’t mean squat. Because I must have missed when I started renting/leasing my property and it became “their” product

They built the system this way, advertised it that way and knew it was a sandboxed system when you entered a contract to purchase their device. You purchased it 'as is' and no misrepresentation was made about the nature of the purchase.

As such, there's no contractual obligation for them to make all the changes you want AFTER you've entered into a contract to buy it (too late - you shoulda bought something else if you don't like the products Apple sells). A feature allowing you to sideload was never part of the contract.

Of course,you can jailbreak it if you like. Nobody's stopping you from hacking/modding your device in order to make it the way you want it to be. Apple don't have a contractual obligation to do this for you though! They sold you one iPhone... as advertised.

---

Your argument is like saying 'I bought a hamburger... it is MY hamburger... so the shop MUST provide me with a sauce that isn't on their menu'. Again, you bought a burger WITHOUT that sauce, that was the contract. You can add that sauce if you can find some, but they don't have to actively assist you in doing so.

 

[44267547]

It’s simply amazing the mental gymnastics some here go through to defend Apple as if Apple actually cares about them ….

I wouldn’t go as far as ‘mental gymnastics’, that’s a bit extreme on the hyperbole. But yes, I defend Apple at times and I do think they care about the consumer who invests in them in return, because they are publicly owned company.

I’m not brand specific, As I cross-shop many different brands, but Apple is at the top for a reason (Not to mention, they’re setting record goals in their quarterly reports), because of their customer service standards coupled with outstanding hardware, they value my privacy and put the consumer first.

 

[I7guy]

I think we need apple to provide some date to back this up.
It could be for all we know close to parity when it comes to the number of scams and viruses on the AppStore/iOSmarket and play store/ android market.

And it would barely be a rounding error if changed

Apple isn’t providing data. I don’t believe this will happen the way you believe.

 

[Sophisticatednut]

I cannot download and run an iOS app right now from any website. Not sure how you consider it the same thing or its happening now.

Pleas read my comment again.

If I can just release my malicious iOS app on my website without AppStore with Apple even reviewing it..

You can just release it on the store. Apple doesn’t have the tools or ability to do a proper search for malicious code.

• From apple about review process 2019
• From apple reviews are equivalent to tsa 2016
• From homeland security tsa failure rate 95%+ 2016
• from apple AppReview fails to review properly Wrong incentives 2018
• From apple Black Market App Store Follow-up 2014 became public 2019
• From apple Is no one minding the store? This is insane!!!!!!! 2012 this shows it’s been a continuous problem.
• From verge APP STORE ISN’T CATCHING THE MOST EGREGIOUS SCAMS 2021 most highest earning fermium apps are scams

2015 3% of rejections seems to be fraudulent. And <2% and less are rejected for outright scams and/or contain malicious code. If this internal slider is to be believed
Or just use every other ability to spread malicious code.

Apple needs to backup their claim, as their own public information doesn’t support their narrative.
So I don’t know how easy it is to argue security above freedom for a measly 2% risk…