Mini, Pro and ProMax condoms for your iPhone ... New revenue stream?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Sideloading Bill Would Allow 'Malware, Scams and Data-Exploitation to Proliferate,' Says Apple
- Thread starter MacRumors
- Start date
- Sort by reaction score
Mini, Pro and ProMax condoms for your iPhone ... New revenue stream?
Fear of Sideloading is THE ONLY THING that will bring Apple to the bargaining table !
I'm 100% convinced of that.
If Sideloading gets close to becoming Law, they will begin to offer-up concessions !
My best guess, they will offer to reduce their cut to 10% across the board for ALL transactions !
I'm 100% convinced of that.
If Sideloading gets close to becoming Law, they will begin to offer-up concessions !
My best guess, they will offer to reduce their cut to 10% across the board for ALL transactions !
It would have been smart of Apple to offer concessions in commissions if they wanted to keep their control over the App Store. Unfortunately for Apple, once the legislation exists there isn't anything for them to bargain over. Congress can pass any law it wants, regardless of how Apple feels about it.
I think there needs to be a compromise here.
By the time the next release of macOS rolls around, it's likely that system extensions will be removed entirely. Give it another iteration or two and "sideloading" of any kind will be gone from macOS completely.
But I think there is an interesting option with the current build of Monterey and the M1 where you can boot into recovery mode, enable Reduced Security and then go a step further by turning off SIP and enabling Permissive Security so you can do whatever you want. I like that option and I hope they don't remove it. I think this hard to activate option should continue to exist on macOS and possibly even be ported to iOS.
Apple has to make it difficult. Really difficult. But they should make it possible. If they make it easy then both lazy and malicious developers will just release apps for a permissive security state and encourage normal end users to use that—much the way that some developers now give instructions about how to enable system/kernel extensions. I don't like that. Perhaps the best thing to do is allow for a Permissive Security state that is not signature enforced, and then disable updates for systems in that state. This way people developing mainstream applications will have to work with whatever userspace tools exist, but the option still exists to create a build that is wildly custom for special applications.
I like the new security model that Apple is working towards. The stability of iOS is working its way over to macOS and I like that. But at the same time I still want a way to tinker, likely on a dedicated machine. Enabling this on iOS WILL present new security challenges, since it will allow people to develop malware more easily in a permissive security state and then find a way to execute it against an Apple signed state… but I think this is a compromise worth having. At least I think so today where there is no major or pervasive malware I have to worry about.
By the time the next release of macOS rolls around, it's likely that system extensions will be removed entirely. Give it another iteration or two and "sideloading" of any kind will be gone from macOS completely.
But I think there is an interesting option with the current build of Monterey and the M1 where you can boot into recovery mode, enable Reduced Security and then go a step further by turning off SIP and enabling Permissive Security so you can do whatever you want. I like that option and I hope they don't remove it. I think this hard to activate option should continue to exist on macOS and possibly even be ported to iOS.
Apple has to make it difficult. Really difficult. But they should make it possible. If they make it easy then both lazy and malicious developers will just release apps for a permissive security state and encourage normal end users to use that—much the way that some developers now give instructions about how to enable system/kernel extensions. I don't like that. Perhaps the best thing to do is allow for a Permissive Security state that is not signature enforced, and then disable updates for systems in that state. This way people developing mainstream applications will have to work with whatever userspace tools exist, but the option still exists to create a build that is wildly custom for special applications.
I like the new security model that Apple is working towards. The stability of iOS is working its way over to macOS and I like that. But at the same time I still want a way to tinker, likely on a dedicated machine. Enabling this on iOS WILL present new security challenges, since it will allow people to develop malware more easily in a permissive security state and then find a way to execute it against an Apple signed state… but I think this is a compromise worth having. At least I think so today where there is no major or pervasive malware I have to worry about.
Last edited:
And I keep telling you that you are asking the wrong person. I’m pretty sure my grammar was correct. Next time you tell me what you want me to support, quote my whole sentence. Maybe it will become more clear.
^^ A very well reasoned post
They definitely need to be wary of doing much more locking down on macOS at this point.
At this point, most of the flexing should be on the iOS side I think.
Let's end at a place where lots of things are still possible (including things Apple doesn't necessarily condone - that is CRITICAL), but the default modes that the majority will use are very secure and comfortable places for users to reside.
They definitely need to be wary of doing much more locking down on macOS at this point.
At this point, most of the flexing should be on the iOS side I think.
Let's end at a place where lots of things are still possible (including things Apple doesn't necessarily condone - that is CRITICAL), but the default modes that the majority will use are very secure and comfortable places for users to reside.
Not defending Parler or apps like it, but it's strange to see you champion side-loading and other openness, but take a stand here. I get it where you're coming from, but the Parler "ban/censorship" is one of, if not the main reason conservatives are backing these bills.
Not understanding your point at all.
Nowhere did I state or allude to your claim.
You do realize malware is an evolving item? As Apple, Google, MS, and others close out one kind, shady characters find new and/or improved methods of creating, evolving, and disseminating it.
Sideloading has nothing to do with this as the App Store is a bigger and far more lucrative target.
It is not unfounded. It is a fact. It is by the very definition that an open environment is inherently less secure than a closed system. I seriously don't understand why those of you are arguing this. Apple is not perfect, but opening up iOS will NOT improve security, only lessen it as that is the very definition of "open". Windows and macOS are, by this definition, less secure than iOS. Apple's statements are not unfounded.
OK, here's the whole sentence
I'd like to see your source for claiming that less than 1% of people (mostly outside the US) want to sideload on iOS. Couldn't be any clearer.
Every time the console debate comes up, I think if this: https://www.eurogamer.net/articles/2011-01-14-geohot-defends-playstation-3-jailbreak
Probably cos I’m not American. I don’t have quite as strong a stance that all speech should be protected, I think platforms as objectively horrible as Parker shouldn’t deserve to exist.
Last edited:
Once again, while your point may be valid, the numbers who actually sideload / jailbreak today do not support your assumptions.
Well with the people's logic here, its not perfect so why bother?! The same argument gets said over and over again that scam apps are on the App Store. So the response for that is do nothing? That will improve security how?!
This doesn’t work because we all know apps like Spotify, Netflix and big banks will drop their app from the store and demand you download it via the web.
No. Nice try reading into my posts.
I am saying Apple's (and others) Doom & Gloom claim is not based on any factual evidence. It is flat out false based on current use.
If Apple doesn't want side loading or allowing alternative app stores, they need a better (factual) argument.
I think we need to realize there are good points with both sides of this. I'm personally happy with how things are, iOS/iPadOS are not a monopoly and consumers have plenty of choice. I used to jailbreak my iPhone to side load things and modify the OS but I don't need to do that anymore. iOS is so polished and complete that I now value security and stability over choice, and it's not like the App Store doesn't have enough choice.
To add to this, I do not need to depend on my Xbox if I ever need to call 911 or if I need to call someone when my car stops on the highway. You know.....the PHONE component of the PHONE. I think that ALONE warrants that we should treat this with as much security as possible.
If this passes, how long do you think it will be before the same people shouting the loudest in favor of it start blaming Apple for all the malware apps?
I remember when people were screaming for a la carte streaming tv. Those same people are now complaining there are too many services.
I remember when people were screaming for a la carte streaming tv. Those same people are now complaining there are too many services.
You are making an incredible point here that is being missed by many.
With malware, you want to attack large surface areas (LOTS of users)
That's one of the reasons the Mac was actually less vulnerable to malware stuff for decades relative to Windows.
It simply wasn't worth the effort.
The same model would apply with sideloading
Even if that were some super great way to get malware in, the surface area (number of users actually doing it) would be so tiny that it wouldn't be worth it.
I don't think that's true. The whole point of sideloading is it becomes the Wild West, good luck keeping malicious apps in their box. One of the reasons sandboxing works is because of the tight control Apple has over the App Store and the API's developers can use.