With respect, I haven't heard any points in favor of lockdown that are actually real points.
Lots of people have the wrong impressions on what it would/wouldn't mean (and they are wrong about the security implications)
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Sideloading Bill Would Allow 'Malware, Scams and Data-Exploitation to Proliferate,' Says Apple
- Thread starter MacRumors
- Start date
- Sort by reaction score
With respect, I haven't heard any points in favor of lockdown that are actually real points.
Lots of people have the wrong impressions on what it would/wouldn't mean (and they are wrong about the security implications)
I doubt it. We see it all the time once Apple does something, the industry follows. And Epic wants their own store, and will buy exclusivity app rights to popular apps so it is ONLY available on the Epic Store on iOS and Android. Once this happens, it will lead to what it is like on PC with dozens of installers and stores.
No - the point of side loading is to not be vetted by Apple App Store policies. That doesn't mean it will be enabled in a way that jeopardizes device security, access to components/data/etc -- the devil is all in the details there.
Sideloading is only about installing Apps that haven't gone through the App Store review.
That doesn't infer that they can "do whatever they want" -- iOS isn't built that way.
This would not be installing a custom OS or anything like that (which truly WOULD be a Wild West)
No it wont. Once Epic buys exclusivities it will not be MY choice but DEVELOPERS choice.
This is the opposite. The whole problem with the Mac App Store is that it’s too restrictive and anti develop/consumer.
And apple is just too greedy to fix it
I have anti-virus on my mac and Windows PC. I don't want that on my phone. And as been said MANY MANY MANY times before - phone has you know PHONE capabilities that I need to make sure is always available for 911 or car breakdowns, all my health and financial data, all my contacts and email. My PC only has a fraction of my personal information.
No I am not reaching. How will the App be auto-removed on iOS if someone downloads that app from App Store X and Developer Y website?
Why shouldt they be allowed to pay developers for exclusives? It seems to work wonders for the Epic store.
Apple could do the same thing
It depends.
If they allow sideloading where all apps still have to be signed, it may not be that big an issue. But that's not what developers really want. They want to run unsigned apps. Because if Apple allows sideloading but still requires apps to be signed, then they will just choose to reject things they don't like anyway—like an Epic Games store. They will find a reason to revoke that signature and disable that application.
Sideloading is really about allowing unsigned applications to run in userspaceb (or beyond), which DOES create issues, particularly related to spyware. Both lazy and malicious developers will be very quick to encourage and instruct users how to enable more permissive security states, and once those states are entered… userspace is up for grabs and the end user really doesn't understand that.
No Apple can't do the same thing because you don't typically announce exclusivity contracts and Apple and Developer cannot break the contract without serious consequences.
My point was the whole argument "You can still choose not the side load" is not 100% true, because Epic WILL do this and it WILL be very popular apps.
The security implications are overhyped (allowing sideloading does not mean allowing unsandboxed apps like on Mac/PC) but if third party stores take off there could be convenience implications. One app store is more convenient albeit less competitive than many. Ideally, sideloading would be a niche thing and apps would be forced to remain in the Store because that's where the users are. But in that case developers would go back to complaining about Apple.
You need to stop thinking that this 1% on Android will stay the same. Once this happens on iOS, that 1% on Android will increase dramatically.
And also, don't forget Epic is also suing Google because it is "too difficult to side-load on Android".
Fair enough. Again, not a fan of these apps or speech, but you said it yourself, "platforms as objectively horrible shouldn’t deserve to exist." That's what has Conservatives so upset at Big Tech, as they do want these platforms removing apps; post or censoring users. We are more than likely going to see amendments to the bills doing just that in order to gain the votes need to pass these bills.
Not sure I'm with you on the vetting on signing
As far as I'm aware, on macOS they don't do really editorial control on what can get signed for macOS.
It's strictly about preventing true malware type issues.
Is that incorrect?
If you happen to have a link to info about their signing policies on macOS it would be super helpful actually.
I don't agree that iOS developers want to run unsigned apps (same as they usually don't want that on macOS)
It's simply about the revenue Apple is sucking up.
Why/how are Apple allowing paid macOS apps from third party sources that are signed if what your'e saying is true?
(That they'd shut down or not sign something like Epic Games from Epic directly)
If Apple adopted a notarization policy for iOS, and then banned apps from devs they don't like for non-malware reasons, they'd get in trouble real fast. Heck, a judge already stopped them from banning Epic's developer account due to their lawsuit.
I certainly would. I also would certainly NOT be using an iPhone because Android is FAR better in every other way except it is not a walled garden environment. I want Windows and macOS locked down. I am sick of dealing with malware at the office and on servers. I am sick of dealing with thousands of spams emails a day due to Zombie computers. I am sick of seeing websites and services go down due to DDoS due to Zombie systems helping.
I don't understand the logic if we are on Apple's side here we are just ignorant or just a blind Apple follower. I have HATED Apple for some of their decisions - 2013 Trash Can Mac Pro?! Butterfly keyboards?! Catalina being an absolute buggy mess?!
They have. Both on iOS and macOS.
If the device is connected to the internet, every time an application is run its signature is checked. Apple can (and has) revoked malicious applications in the past. I can't think of an example where they physically removed it, but they have disabled their execution. The process on macOS is trustd, which connects to ocsp.apple.com. When that sever got DDoS'd a year or two ago every internet connected Mac suddenly couldn't open any application.
I'm not sure. Some, from what I can gather here, want the government to come in regulate Apple till it bleeds...obviously something I am not for -- especially since at this time their business practices have not been found illegal in a court of law. However, there seem to be a few here and there who seem to care about gaming companies.
Right - but it's only about revoking malicious applications.
To my knowledge, on macOS, they've never gone down the road of shutting down App signature signings because they are trying to nuke a business they don't like or agree with, etc-- have you seen that?
Not even apple believe it. Considering the leaked internal emails shows the App Store have an extraordinary big fraud problem
The statistic was in the post he quoted. Less than 1% of Android users side-load