@januarydrive7 this is called ‘selective replying’ - not responding to some things but picking holes in other ‘easily arguable’ nit picks. Avoiding the question and moving the goal posts to reinforce their own arguments. It’s sad really, but easy to see. Laughable I suppose. The problem lies with never actually ‘looking past ones nose’. It’s very common in real life but ridiculously noticeable within a forum environment.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Tim Cook: Users Who Want to Sideload Apps Can Use Android, While the iPhone Experience Maximizes 'Security and Privacy'
- Thread starter MacRumors
- Start date
- Sort by reaction score
If you have a good argument hit cmd-c and cmd-v and get it over with. It's easier than doing this dance. You chose to reply to me with a substance-less post. That's not my problem. This thread is 23 pages long, and just one of many on the topic. I've read thousands of comments, sorry I haven't stumbled across your "compelling" argument that you refuse to share again.
I read a thread before I reply, especially if I agree/disagree with the premise. I’m sorry you don’t. That’s not my problem.
To be fair, the reason this thread is 23 pages long is because there has been so much in the way of reasonably compelling arguments being repeated over and over again. ?♂️
Who forced you to buy an iPhone.I don't see the validity of this statement, I think it's a cop-out trying to hide the real reason.
Abusing people's desire for security as a false pretend to maximize Apple's profit!
Users who are not sideloading apps on iOS would be just as safe as they are now, how is their safety affected when other users sideload? Exploits of iOS are constantly found anyways, jailbreaks keep happening. Whoever wants to attack non-jailbreakers/sideloaders won't gain much here, at least not in comparison to the gains of the iOS users who want to sideload! If the OS is truly sandboxed well, where is the harm?
These devices (iPhones) are not a connected server cluster, they're individual devices!!!
Quick question: Why would it be unsafe on phones when it's normal for computers?
Take a guessiOS basically is a variant of MacOS, they claimed so at least (LOL). Does that mean that they do sub-par security for iOS, maybe get some devs from the MacOS team over to help? LMAO
I can imagine the entire Apple board of directory having dreamt of forbidding software installs on Mac computers just as much as they did on iOS for years now.
In the end, it's just common law. Everybody is used on it on iOS, so most people believe this makes sense and must remain like it is.... think again!
with Phil Schiller's words: "COURAGE!!!"..... c'mon Apple + Apple-Users, how about some courage!
I predict, Apple will lose this argument in court and will have to change their stance on this within the next few years.
____
edit
interesting to see, majority opts for the "courage" option of allowing what has been normal on any computer ever since they were invented.... so Apple, do the same for these pocket computers please!
There's already a model for how Apple does business with Apps. Big box retail store like Walmart and such have vendors stock with their products. Essentially if you want to move something you pay Walmart, or even better Amazon.
Sure Apple is trying to protect revenue. That's no secret. Why would they not? Cook is 100% right. Don't like Apples methods there are other place to go. Apple doesn't own this market. Go somewhere else.
A better analogy is that we have million and billion dollar companies arguing over the McDonald's dollar menu.
Sorry, but no -- the fact that sideloading apps exists already in the form of developer/enterprise options is evidence enough that the real argument isn't about signed apps. I've not seen anyone explicitly saying "we just want sideloading to be easier." What I have seen is dozens of users saying it should be a toggle, like macOS has, which includes the ability to run unsigned apps that run outside of any sandboxes and outside the purview of Gatekeeper.
For their use cases, developer/enterprise options are reasonable enough, but opening up the OS to allow unsigned apps to run is objectively less secure than restricting to only signed apps.
They believe google is actively working to block them from successfully competing with their own app/store by making sideloading too hard -- i.e., by making all these pop-ups proclaim "possible danger, here!"
I'd disagree. There are some compelling posts, but many are definitely not. Many just repeat Apple's/Cook's security argument verbatim without any critical analysis taking place.
When I come into these threads late, I kind of take a sandwich approach: read the beginning and the end and work back to the middle. My original post was not a reply to anyone, just my thoughts after taking in what I had read. Cupcakes chose to reply and chose to not address the meat of that post, and instead do the selective reply thing I've been accused of and latched onto the last sentence about profit with some apparent gotcha. If cupcakes has a point to make, they can make it. After all they chose to reply to my post and claim I needed a better argument.
It's in Apple's interest to paint this as an option between a secure app store and the wild west. That makes their security argument most compelling. The threat to Apple's revenue is roughly the same whether they allow sideloading of signed or unsigned apps (so they want to stop both), but the security implications are very different. They clearly want to talk about the security impact of unsigned apps as much as possible, and signed apps as little as possible, but that doesn't mean we shouldn't talk about it.
People bring up the Mac Gatekeeper example because it exists as an example of what Apple could do, not because they think it has to be exactly the same on iOS (unless they specifically say that). At the consumer level, I'm in favor of allowing signed apps to be sideloaded, and never allowing unsigned apps. I've held this position for years. I disagree that the current solutions are adequate, as they aren't consumer grade options. Apps that are safe, but Apple doesn't allow on their store (sometimes for anticompetitive reasons) should be available to consumers. A Gatekeeper for iOS solution could absolutely be set to default to store apps only, have a toggle to allow signed apps, and never allow unsigned apps.
"opening up the OS to allow unsigned apps to run is objectively less secure than restricting to only signed apps"
Opening up iOS to third party apps in the app store was objectively less secure than not allowing them at all (like with the first iPhone). Apple still opened the app store. I've said this several times, but what really matters is how much less secure would it become, and is that extra risk worth it? I'd agree its not worth it for unsigned apps, but notorized apps with developer certificates that Apple can pull seems like a reasonable trade-off. Yes, they can be abused, but Apple has the tools to handle it. Frankly, if Apple doesn't do it, the worst case scenario of regulating bodies requiring un-signed apps to run could happen. I think allowing notarized apps to be sideloaded would head that off completely.
With Epic vs. Google: again that's a small part about a bigger case. It's like latching onto rounded corners in Apple's design patent. It was one small element in a much larger description that collectively made the design that was patented. I don't find Epic's argument about the sideloading popups that compelling, but think they have a decent chance of winning the case because of Google's monopolistic behavior with respect to OEMs.
What questions are you actually answering in any great detail? All I'm seeing a lot of fallback to that old "I don't need to tell you, just do your research!" trope. We all know the type. (I am flawed too, as I'm sure you'll point out)
But side loading, itself, is a choice. The ability to side load an app doesn't make your device less secure if you never side load anything. Why not give consumers the choice?
Can you imagine selling a product to consumers and then telling them how they are allowed and not allowed to use it?
The issue is that we're now on page 24 of this thread, and the vast majority of outcry here is clearly for those who want unmitigated sideloading of all kinds, not just restricted to notarized apps.
I've repeated it many times --- if the issue is just sideloading of signed apps, then the tone ought to change quite a bit: sideloading of this type is already available (even if there are some hoops to jump through in order to get it working). People aren't complaining that they can side load, but it's quite difficult right now, but that they can't side load, period.
Security implications to opening up a more consumer grade sideloading approach (i.e., some global toggle that allows notarized apps to run outside of the app store) may still exist.
Would any developer be able to notarize, or would this be restricted to something similar to the enterprise program?
How is trust established? Enterprise apps right now are intended for internal use of some organization, so security issues are offloaded to said organization; developers who sign their own apps to run on their own devices have control of their own security --- who verifies apps that are available to the general public, and who is in charge of their security? Does it fall back on Apple, somehow? Or, are you expecting people, who in general are not tech savvy, but are more than willing to pretend they are, to understand security risks? Will they, as they already do, install apps without regard to pop-up warnings that these apps may be dangerous?
What happens when person A doesn't side load a single app, but their technically illiterate friend B does, and B's contacts get compromised, and now A is compromised even though they never side load at all?
Yes, there are means of sideloading now, but they aren't something the general user is permitted to do. If you're side-loading legally now you're either developing your own apps or in a company using an enterprise certificate. When people talk about allowing sideloading, they are not talking about those use cases. At all.
The typical end user is not permitted to sideload. Period. The discussion has always revolved around the end user being able to install (sideload) something just like you would on a mac. I doubt most people in support of sideloading really care about the mechanics of whether the app is signed or not. In other words, they aren't advocating specifically for unsigned apps with no restrictions (unless they actually say that). That's the narrative coming from Apple. Anyone who brings up gatekeeper would be at least acknowledging that some restrictions could be in place.
Same as with the Mac? Any developer can sign and Apple can revoke. If Apple actually has data on this being a major and successful attack vector, it would be helpful if they shared it.
Enterprise certificates are intended for internal organization use, but it still falls on Apple to revoke them if they are used outside of that purpose. From my POV this just shows that the socially engineered sideloading attack vector is already open; and allowing consumer sideloading wouldn't be breaking that much new ground.
I'm not sure I follow. How is B compromising A if A doesn't install anything? Or do you mean bad actors harvested A's contact information from B? Something an App Store app has probably already done if B is into installing sketchy software. (in fairness, Apple will at least ban them if they get caught now)
‘Inappropriate platform’ ~ BECAUSE the OS is castrated.
You make it sound like we’re disagreeing and in fact I think we’re saying the same thing, but just using different words to describe it.
Can you imagine a consumer that buys a product that has worked a certain way, through all its 15 different iterations since its inception 14 years ago, and then expects it to do things that it was never intended or designed to do?
Maybe because consumers don't always realise that they are being used in a political attack on Apple? Don't you think that having a true political choice without manipulation should be more important and paramount than a having choice of an electronic gadget?
This is a another gaslighting observation from Apple. Why would the only user option be sideloading an app on iOS? That is the question that Cook does not answer and requires a proper one from Apple CEO. For sure users that feel such a need in iOS aren’t thinking … “oh, I need someone to spy on me, a bit of malware, oh I feel too secure … need a sideloading jag” …. heheh ridiculous.
Here are some serious reasons: wanting to have access to Epic games or an app for xCloud (apps that Apple “disapproves” its content), access to special devs promotions that cannot be accessed in app, … just two or three examples. All these are left out of users devices as Apps with reasons nothing to do with either security or privacy, but the simple fact that users are being used by Apple as products. After all the devices belongs to the customer even though the OS is being licensed.
Cheers.
Here are some serious reasons: wanting to have access to Epic games or an app for xCloud (apps that Apple “disapproves” its content), access to special devs promotions that cannot be accessed in app, … just two or three examples. All these are left out of users devices as Apps with reasons nothing to do with either security or privacy, but the simple fact that users are being used by Apple as products. After all the devices belongs to the customer even though the OS is being licensed.
Cheers.
Last edited:
nobody.... who would force you to install apps from sources you don't trust in case it was an option? are you not capable of deciding for yourself?
So everything you do and purchase you agree 100% with and you don't want to own what you purchase, subscription only... haha? Your election vote, you agree with that party 100%? sure!
I fail to see how MORE freedom of choice is bad for the customer. ah, but I forget, you want to forfeit all flexibility in everything you purchase. So if the car vendor says, you can only purchase original parts for the car, not even 3rd party tires, you still agree, sure.
100% short sighted way of thinking - you're the perfect customer for any of the large international corporations.
Just like poor people without healthcare protesting against public healthcare.
What certain people are failing to recognize is that a great percentage of the user base does not want sideloading of apps. Once it’s allowed, the toothpaste is not going back in the tube. THANK YOU, APPLE, for so vigorously advocating for people like me. Yes, of course it aligns with their financial interests, but some people act as if their privacy and safety benefits are completely made up. They aren’t! Heck, I wish they’d crack down even further on crappy apps with irritating ads. Some developers have no class whatsoever when they create their crap UX with trashy ads everywhere. Sideloading would prevent Apple from ever being able to do anything about things like this. No, no, NO!
Because, to get around revenue sharing, most companies would be pressured to simply put out a crappy, sideloaded alternative instead of using the App Store. Then every standard that protects us would fade away, and every app you know of would be a little more like WIN REAL CASH.
Cheers!