Tim Cook: Users Who Want to Sideload Apps Can Use Android, While the iPhone Experience Maximizes 'Security and Privacy'

[januarydrive7]

That doesn't make any of their concerns less valid though. As for the researcher, it may have also been on Reddit but that's not where I saw it. I wish I could find the article now. If I do, I'll drop a link.

The issue is that their concerns were invalid, as evidenced by their own research.

Even then, there's still an extra step with clearly written warnings every time you want to install an app. And all of this is still only if you actively choose to use sideloading at all. Which you absolutely don't have to.

As the only technically literate person in my immediate family, I am the only person qualified to make a good sense decision on this matter --- I'm also the person who has to fix everyones machines every time I see them.

So you're essentially complaining that you don't want a feature that you'll never have to use and won't impact you at all included on you phone because you don't want someone else to use it on their phone. I just don't understand how that's a valid argument to you.

No, I'm arguing that macOS has a less secure model, by allowing side loading in the first place. I'm not arguing against it -- I do my dissertation work on my MBP, and would not be able to do what I do without the open nature of macOS. But that's my choice -- if macOS didn't have this open nature, then I'd use a linux box; I wouldn't stomp my feet for macOS to do what I want simply because I want it.

Things are different with my phone --- I've chosen it in part because of its locked down security features. If the model of security was changed so that the OS was OK with loading apps from outside the app store, then that is a new attack vector that can be utilized against myself. The argument against this is always "don't side load and you won't have issues," but that's invalid. You are fundamentally changing the security model of the OS, which means that there is now a potential new way for invalid software to run whether you were trying to side-load it or not. I'm not for that.

 

[hans1972]

Tg

That is the owner of the device restricting what can run on it, not the seller of the device doing so.

Yes, but it shows that the default security of Windows is not good enough for these companies.

Tthe buyer of a device should know what kind of the device they're buying. Buying iOS devices means you have outsourced a lot of your control of the software of the device to Apple. Which is pretty good if you want that.

The lockdown nature of the entire ecosystem and Apple's control of it is one reason why iOS is such a great ecosystem for me. It reduces the power of developers and advanced users.

 

[januarydrive7]

Well, that particular app exists on the store for 5 years, according to the date of the reviews.

This highlights the quality of the mac app store more than the quality of the iOS app store.

Again, that should not be on the app store, plain and simple.

 

[januarydrive7]

The Android malware problem is way overblown, especially by iOS devotees. But, even still, so what if it weren't? Windows has been just eat up with malware for decades and I've been a Windows user and a Mac user for a long time now.

You know how much malware I've been impacted by?

None.

Because I'm not an idiot who clicks on every suspicious link someone emails me or hangs out on shady websites downloading and installing every shiny thing that catches my eye.

I believe a standing ovation is in order.

The only sort of malware that worries me is the kind I mentioned earlier, like those exploits Apple just patched that didn't even require user interaction. All you had to do was visit an innocuous-looking webpage and they owned you.

If the OS freely supports side loading, then these types of bugs would be a lot worse.

 

[hans1972]

And yet Android has much larger market share than iOS and it has sideloading and somehow the world has not ended.

And Android as huge problems with malware as seen in the Epic vs. Apple trial.

The problem is particular huge in part of Asia like China.

 

[Mockletoy]

The issue is that their concerns were invalid, as evidenced by their own research.


As the only technically literate person in my immediate family, I am the only person qualified to make a good sense decision on this matter --- I'm also the person who has to fix everyones machines every time I see them.


No, I'm arguing that macOS has a less secure model, by allowing side loading in the first place. I'm not arguing against it -- I do my dissertation work on my MBP, and would not be able to do what I do without the open nature of macOS. But that's my choice -- if macOS didn't have this open nature, then I'd use a linux box; I wouldn't stomp my feet for macOS to do what I want simply because I want it.

Things are different with my phone --- I've chosen it in part because of its locked down security features. If the model of security was changed so that the OS was OK with loading apps from outside the app store, then that is a new attack vector that can be utilized against myself. The argument against this is always "don't side load and you won't have issues," but that's invalid. You are fundamentally changing the security model of the OS, which means that there is now a potential new way for invalid software to run whether you were trying to side-load it or not. I'm not for that.

Exactly. I mean, how dare someone have an opinion on a toolset they've invested thousands of dollars in!

The very nerve!

No one should ever agitate to improvements in their preferred toolchain! If it's not exactly what you want, just throw it out and buy a whole new toolchain!

Honestly, this whole thing cracks me up every time it comes up.

Your argument basically boils down to, "How dare you want something I don't want! No! Stop it! Stop it this instant!"

 

[Mockletoy]

I believe a standing ovation is in order.


If the OS freely supports side loading, then these types of bugs would be a lot worse.

Which is why Android failed so miserably and no longer exists and the Google Play store has been dead and gone lo these many years now.

Wait, what?

More popular than iOS, you say? Still going strong, you say?

Imagine that!

 

[januarydrive7]

Exactly. I mean, how dare someone have an opinion on a toolset they've invested thousands of dollars in!

The very nerve!

If the issue at hand was them reducing the utility of macOS, then I'd agree with you. The issue at hand is the reducing the security of iOS. If you're dumb enough to buy a device and invest thousands of dollars into that doesn't do what you need/want it to do, that's on you.

No one should ever agitate to improvements in their preferred toolchain! If it's not exactly what you want, just throw it out and buy a whole new toolchain!

Honestly, this whole thing cracks me up every time it comes up.

Your argument basically boils down to, "How dare you want something I don't want! No! Stop it! Stop it this instant!"

You're having a hard time reading, huh?

 

[nebojsak]

This highlights the quality of the mac app store more than the quality of the iOS app store.

Irrelevant. What do you do with your technically illiterate relative who owns an iPhone and a Mac? And -say- is in immediate need of a simple free metronome from AppStore.

 

[januarydrive7]

Which is why Android failed so miserably and no longer exists and the Google Play store has been dead and gone lo these many years now.

Wait, what?

More popular than iOS, you say? Still going strong, you say?

Imagine that!

Could you please point me to where I stated Android was failing?

 

[FrankNicklin]

I write enterprise apps and the ability to side load apps outside the App Store is a huge benefit for both Android and Apple. I don’t want to upload apps the the App Store or google play we have no need of of it.

 

[Mockletoy]

And Android as huge problems with malware as seen in the Epic vs. Apple trial.

The problem is particular huge in part of Asia like China.

Apple also said the Mac is a malware-riddled mess during that trial.

Which just goes to show that:

1) For some bizarre reason Apple doesn't care about Mac users, and allows the sideloading pirates to prey on them at will, which is really quite unforgivably cruel, isn't it?

and, 2) Those sweet App Store profits must be delicious indeed if they were willing to publicly throw the Mac ecosystem under the bus that way to protect them at all costs.

And that's the answer, right there: $$$.

A locked-down iOS is a more profitable iOS.

 

[M3gatron]

You mean "good sense" --- I don't believe it's so common.

There were lots of stats thrown around during the Epic v. Apple trial. The general consensus (amongst the research quoted and used for evidence) is that iOS, though it has its faults, is an objectively more secure system amongst mobile operating systems -- I don't recall an in-depth analysis on where the breakdown was, but Apple's stance, under oath, was that it was in large part due to the open nature of other systems.

As far as PEBKAC problem -- I don't disagree; I've mentioned several times you (and likely many reading here, though it's fairly obvious not all), are not the average user -- common sense isn't good sense.


You gotta dumb it up a bit for the sake of PR

More like the general assumption or belief.
An up to date Android smartphone is harder to crack than any iphone and offers a higher level of security.

Android Phones Now Harder To Hack Than iPhones

While governments and law enforcement agencies continue to push device makers to create backdoors, there is always a workaround that lets them crack open

fossbytes.com

The openness of a software does help to make it more secure as it's code is constantly under a magnifying glass and security vulnerabilities are found and fixed faster, that's why open source programs are the most secure.
The closed nature of iOS has lead to this: https://www.macrumors.com/2020/05/14/zerodium-pauses-acquiring-ios-exploits/

 

[hans1972]

The security on MacOS is perfectly fine. It already makes you jump through multiple hoops to install from outside the app store. You'll have to come up with a better excuse than that.

At worst you have to control-click on the application and choose open the first time. Most software have identified developers so you can just install it normally.

 

[januarydrive7]

Irrelevant. What do you do with your technically illiterate relative who owns an iPhone and a Mac? And -say- is in immediate need of a simple free metronome from AppStore.

If my technically illiterate relatives had the good sense to ask before doing something, I'd tell them what I've always told them: first, go to a trusted source (in this case, the app store); second, read the reviews (this particular app would then have obvious red flags). The issue is that they don't have that kind of sense to either ask or listen to the many times I've told them this.

 

[Mockletoy]

Could you please point me to where I stated Android was failing?

That was, uh, my entire point.

If all you say is true and sideloading would open iOS up to the same "horrors" currently facing Android users ... well, Android is thriving all over the world, so ... do the math, I guess?

It's not complicated. Your worse case scenario doesn't sound particularly frightening to me.

 

[Mockletoy]

If my technically illiterate relatives had the good sense to ask before doing something, I'd tell them what I've always told them: first, go to a trusted source (in this case, the app store); second, read the reviews (this particular app would then have obvious red flags). The issue is that they don't have that kind of sense to either ask or listen to the many times I've told them this.

I'm quite genuinely sad for you that everyone you know is a moron, but telling me I shouldn't be able to do as I please because they're all at risk of staring up into the sky and drowning during a heavy downpour isn't really fair, is it?

I suppose we should structure the whole world that way. Cars can only be made out of foam rubber and can travel at a maximum speed of 5mph (highway), perhaps?

We have to make everything safe!

 

[januarydrive7]

That was, uh, my entire point.

If all you say is true and sideloading would open iOS up to the same "horrors" currently facing Android users ... well, Android is thriving all over the world, so ... do the math, I guess?

It's not complicated. Your worse case scenario doesn't sound particularly frightening to me.

Ahh, I didn't realize your entire point was the bottom line. My bad -- I thought we were talking about security, here.

 

[hans1972]

Apple also said the Mac is a malware-riddled mess during that trial.

Which just goes to show that:

1) For some bizarre reason Apple doesn't care about Mac users, and allows the sideloading pirates to prey on them at will, which is really quite unforgivably cruel, isn't it?

and, 2) Those sweet App Store profits must be delicious indeed if they were willing to publicly throw the Mac ecosystem under the bus that way to protect them at all costs.

And that's the answer, right there: $$$.

A locked-down iOS is a more profitable iOS.

Having a secure Mac requires more of the user especially being a bit careful about installing software. A lot of users don't want to deal with that. For them iOS is a blessing. Those who wants to trade security for more freedom and control can choose a Mac.

It's a good thing that Apple makes a lot of money on a locked down system which they control. It will ensure that the system will remain so unless Apple is forced to do otherwise.

Why is it a negative that Apple makes money?

 

[Mockletoy]

Ahh, I didn't realize your entire point was the bottom line. My bad -- I thought we were talking about security, here.

I am talking about security, and about how if iOS worked like, you know, literally every other operating system in existence, it wouldn't be the end of all things. It wouldn't start raining toads, the rivers wouldn't run red with the blood of the innocent, etc.

 

[januarydrive7]

I'm quite genuinely sad for you that everyone you know is a moron, but telling me I shouldn't be able to do as I please because they're all at risk of staring up into the sky and drowning during a heavy downpour isn't really fair, is it?

I suppose we should structure the whole world that way. Cars can only be made out of foam rubber and can travel at a maximum speed of 5mph (highway), perhaps?

We have to make everything safe!

I'm saying that all users shouldn't be put into a place where bugs like you mentioned would be much worse just because you want iOS to be Android.

 

[jman240]

Having a secure Mac requires more of the user especially being a bit careful about installing software. A lot of users don't want to deal with that. For them iOS is a blessing. Those who wants to trade security for more freedom and control can choose a Mac.

It's a good thing that Apple makes a lot of money on a locked down system which they control. It will ensure that the system will remain so unless Apple is forced to do otherwise.

Why is it a negative that Apple makes money?

Lol sure, I'll just carry my mac around to make phone calls on the go.

 

[januarydrive7]

I am talking about security, and about how if iOS worked like, you know, literally every other operating system in existence, it wouldn't be the end of all things. It wouldn't start raining toads, the rivers wouldn't run red with the blood of the innocent, etc.

Again, no one suggested it would be the end of all things, but it would be the end of users being able to choose a more secure operating system.

 

[Mockletoy]

Having a secure Mac requires more of the user especially being a bit careful about installing software. A lot of users don't want to deal with that. For them iOS is a blessing. Those who wants to trade security for more freedom and control can choose a Mac.

It's a good thing that Apple makes a lot of money on a locked down system which they control. It will ensure that the system will remain so unless Apple is forced to do otherwise.

Why is it a negative that Apple makes money?

I'm all for Apple making all the money they want, up until they start doing it by employing the exact same sort of monopolistic bullying and control freak behavior they used to be so very, very put out by when they were circling the toilet and Microsoft was the one doing it.

 

[boss.king]

As the only technically literate person in my immediate family, I am the only person qualified to make a good sense decision on this matter --- I'm also the person who has to fix everyones machines every time I see them.

So tell them "hey, don't use this thing". I'm the tech support person in my family too (I suspect many of us are), I fully understand how annoying it can be to help family with things that seem obvious, but the solution is to teach them instead of babyproofing their digital life.

No, I'm arguing that macOS has a less secure model, by allowing side loading in the first place. I'm not arguing against it -- I do my dissertation work on my MBP, and would not be able to do what I do without the open nature of macOS. But that's my choice -- if macOS didn't have this open nature, then I'd use a linux box; I wouldn't stomp my feet for macOS to do what I want simply because I want it.

No one is stamping their feet, this is an Apple discussion board and people are discussing the direction they'd like to see their favourite gadgets go.

Things are different with my phone --- I've chosen it in part because of its locked down security features. If the model of security was changed so that the OS was OK with loading apps from outside the app store, then that is a new attack vector that can be utilized against myself. The argument against this is always "don't side load and you won't have issues," but that's invalid. You are fundamentally changing the security model of the OS, which means that there is now a potential new way for invalid software to run whether you were trying to side-load it or not. I'm not for that.

How do you reach that conclusion? By leaving the sideloading toggle off, your phone would be 100% unchanged from the way it operates right now. So either your phone is already an insecure mess (it's not) or you think Apple would implement the buggiest possible iteration of sideloading out of either spite or incompetence (also unlikely). Even with sideloading enabled, the iPhone is still far more locked down than a Mac. Everything is sandboxed and the OS can still scan for malware before installing anything. It's a non-issue.