Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
66,664
35,988


The European Union is set to introduce new legislation as soon as this month that would significantly affect how the App Store operates in Europe, reports The Wall Street Journal.

iOS-App-Store-General-Feature-JoeBlue.jpg

The Digital Markets Act has been in development for some time and the finalized version that could be completed as soon as this month will allow for sideloading and alternate app store options. Apple will be required to allow customers in Europe to download apps outside of the app stores, and it will also allow developers to use alternate purchase methods.

Failure to comply with the law could cost Apple tens of billions of dollars, and Apple's efforts to fight the act have been unsuccessful. Back in November, Apple software engineering chief Craig Federighi said that the sideloading mandated by the Digital Markets Act would open the "floodgates" to malware. The legislation would, said Federighi, "take away [the] choice of a more secure platform."

In a statement provided to The Wall Street Journal, Apple shared a similar sentiment.
Governments and international agencies world-wide have explicitly advised against sideloading requirements, which would cripple the privacy and security protections that users have come to expect."
European officials have been unswayed by Apple's privacy and security-related arguments, and in July, European Union digital competition chief Margrethe Vestager said that Apple should not use privacy excuses to limit competition. "Customers will not give up neither security nor privacy if they use another app store or if they sideload," she said.

The full scope of the sideloading provision in the bill is not yet known as final language could give Apple some room to limit the scope of sideloading. After the bill is finalized, it will be approved by the parliament and member states, and it would take effect early next year.

Article Link: Upcoming EU Sideloading Bill Would 'Cripple the Privacy and Security Protections' iPhone Users Expect, Says Apple
 
If Apple's actions in the Netherlands are any indication, Apple might just pay whatever fines the EU assesses and not make any changes to the App Store. Things could get interesting, though, if the EU tries to anticipate a "just pay" response by including a ban on App Store sales in the penalties. Would user outrage be enough to force EU regulators to back off? Or would Apple be willing to fight a multiyear legal battle with the App Store shut down?
 
Last edited:
I would personally like to see this not happening. I didn't pay for such an expensive device so that I can have an open system. I still use android devices but that's when I want to experiment with things and don't care about the device. My personal information is in these iDevices and I'd prefer them to be locked down secure. I don't trust any android device period. hence not having personal information stored on my android devices!
 
In my opinion, this is still the best take about App Stores and Apple's implied security risks on "sideloading": https://world.hey.com/dhh/the-mac-proves-apple-can-safely-open-the-iphone-cfa68a72

Here is my favorite part:
The fact is that the iPhone is already a considerably more secure device than even the Mac! Apps run in a tighter sandbox, and everything is far more locked down than traditional computers. This is where the defense against malware rests, along with the kill-switch power to nix any app that exploit novel vulnerabilities to escape detection up front.

The only thing these technical defenses can't guard against is business model threats. That's why Apple employs thousands of people in the App Store review department without any technical or security qualifications! Because they're not there to uncover security threats, only threats to the faucet of monopoly rents. And they're very good at that, because even when they fail to detect a scam, Apple still takes a cut. It's win-win for Apple, lose-lose for consumers and developers.
 
At worst, the next step will be: Require Apple to allow governments to preload software on all phones sold in the region.

At best, the next step will be: Zero Day exploit that runs through contact lists and exploits everyone’s data because of just one person who sideloaded “Flappy Bird Returns!”(_V1rus H@x De@th Bl0w).

Awesome.
 
Apple should give its customers more credit. Nobody is forcing anyone to sideload. I sure as hell won't, except for maybe a couple of video game system emulators.
and that's what malicious individuals hope you will do, sideload that one emulator/app that helps them score a jackpot of your money.

and I'm not gonna lie, I'd probably risk it & sideload an emulator too.
 
I'm glad to see this being forced. I understand its NOT good business sense for Apple as it will just mean more support calls and lost profits for them but as far as innovation goes and being able to use the device you bought the way you want then its the way to go. I'm sure there are plenty of ways it could be done to not hinder privacy or security until you even decide to go the route of sideloading anyway so it should at least be a choice we can make.
 
Apple should give its customers more credit. Nobody is forcing anyone to sideload. I sure as hell won't, except for maybe a couple of video game system emulators.
Here’s the perfect chance for me to plug my crazy theory that Nintendo is somehow involved with this whole sideloading debacle.

Switch can be easily emulated on mid-range laptops and PCs. It’s only a matter of time before there is a functional emulator on iOS via sideloading or on Apple Silicon.

With the release of the Steam Deck, Nintendo is trying to remove videos of people showing Switch emulation on the device. We’re at the point where PCs can make Switch games look better than original hardware in many cases, and it will only get better.

Maybe I’m being an alarmist, but I think that Nintendo is worried about every new smartphone being able to emulate their latest hardware.
 
I would personally like to see this not happening. I didn't pay for such an expensive device so that I can have an open system. I still use android devices but that's when I want to experiment with things and don't care about the device. My personal information is in these iDevices and I'd prefer them to be locked down secure. I don't trust any android device period. hence not having personal information stored on my android devices!
Do you use a desktop?
 
As an indie iOS developer, I would love to see sideloading allowed, especially as it would allow useful apps like virtualization tools on iPad (e.g. UTM), but my biggest concern is whether it would make it easier for people to distribute pirated/cracked versions of apps that have in-app purchases (including mine). I do not want my apps being pirated.

Right now, limits on sideloading appear to do a good job of keeping this from the mainstream (though I could be wrong). If sideloading were enabled, it seems like it would be much easier for this activity to occur. How am I to address this issue?
 
I would personally like to see this not happening. I didn't pay for such an expensive device so that I can have an open system. I still use android devices but that's when I want to experiment with things and don't care about the device. My personal information is in these iDevices and I'd prefer them to be locked down secure. I don't trust any android device period. hence not having personal information stored on my android devices!
so just don't sideload, no one is forcing you.
 
I think what most people are missing is the long term threat to security and privacy. If just 1 application creator decides to only offer their app via sideloading it isn't a big deal. But over time, most major apps will decide to just offer the sideload link on their website, and it will become the common way for people to load apps on their phones. None of those apps will go through the reviews the app store requires.

Sideloaded apps will be able to use any and all APIs (public and private) iOS has, without restriction, because of how Objective-C works. They'll be able to get the MAC address of the wifi adapter or the serial# of the device to make their fingerprinting perfect.

Additionally, apps will be able to use any and all exploits in iOS to get more privileges on the device and escape the sandbox, and Apple will be able to do nothing about it (since they will no longer have the thread of pulling the developer's apps from the app store). Right now most exploits are of the type that require clicking a link (or receiving a text message), but there are a lot more vulnerabilities in iOS if you already have an app on the phone and you don't care about being "banned from the app store."
 
so just don't sideload, no one is forcing you.
Easy to say right now, but that falls down when most major apps decide to leave the app store to avoid the fee to Apple. Then you'll only be able to get small-time games and utilities from the app store, and if you want any real functionality you'll have to sideload because all the major publishers only put their apps out that way.
 
Just release a different version of iOS for EU and the secure version for everyone else. Apple already has a different iOS version for iCloud in China.
If Apple is worried that iPhone devices will get hacked by side loading just remove all connectivity to iMessage and iCloud in the EU version.
When you toggle side loading your device reboots and disables all Apple features like iMessage, FaceTime and iCloud.
If you toggle side loading off it reboots and deleted all apps that were side loaded and reenables Apple services.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.