If this is passed Apple could just allow you to install Linux on the iPhone. Then you can sideload all you want
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Upcoming EU Sideloading Bill Would 'Cripple the Privacy and Security Protections' iPhone Users Expect, Says Apple
- Thread starter MacRumors
- Start date
- Sort by reaction score
This is Europe.
We have robust data protection laws - we don't need Apple playing privacy guardian half as much as other countries with their anything-goes attitude to privacy (e.g. the U.S. of A.).
There are quite a few that do - to prevent payment card fraud through geolocation.
It's a quasi-government. Though not a really democratic one, governments make the rules for jurisdictions and markets.
Any company that doesn't agree with the rules is free to leave.
oh those poor people who exploit those who work on the assemble lines in other countries. Their profits will take hits.. It's an atrocity!
Goes to McDonald's only to find EU has made them make space in their parking lot for a stand that sells KFC.
If people want a more open system, they can use Android, which, BTW, has a larger market share, so the notion Apple is being anti-competitive is nonsense. It's pure legislative overreach. If the EU want to force Apple to change something, let it be abandoning CSAM scanning on mobile devices or making Apple guarantee the privacy and security of apps in the app store.
If people want a more open system, they can use Android, which, BTW, has a larger market share, so the notion Apple is being anti-competitive is nonsense. It's pure legislative overreach. If the EU want to force Apple to change something, let it be abandoning CSAM scanning on mobile devices or making Apple guarantee the privacy and security of apps in the app store.
You can sideload apps today, with Apple's Enterprise Developer Program.
If you need an app for your job, you're forced to sideload ...today.
At the same time... I hope the courts don't want Apple to allow any ol' app to have full access to the system for sideloaded apps to do whatever they damn well please, either.
There must be boundaries, sandboxing, etc.
If someone can download a calculator app from some sketchy developer's website... but it's actually carrying a malware payload... that would be bad.
We already know there are some bad apps that sneak into the App Store. And that's with app review.
So what happens when apps are downloaded from the web with NO app review?
It could be open season.
And before anyone says it... yes... nobody has to sideload.
But some people will. And it's those people who I fear for.
They're gonna see an ad on Instagram for some new game and they will be directed to a website. But it's malware disguised as a game.
Out of a billion iPhone users... there will be many people tricked into downloading sideloaded trash.
This would be great! Not a perfect solution but a good start. Stick to the Apple App Store rules or get no access to anything on the device besides your own sandbox!
The other thing that would soften my views on this would be if as part of being a "certified" app developer you would be required to maintain a presence on the Apple App Store and accept IAP through Apple. Go ahead and be on alt-stores or your own store with your own payment processor and offer a lower cost if you want but allow those of us that want the "one stop shop" to have it.
Happy you. Imagine all the Apps Apple keeps away from you cause Apple doesn‘t want you to do this or that. Imagine an Apple Watch App that simply shares your heart rate frequency like a heart belt does.
Why isn‘t this availbale now? Just because Apple wants to collect cash e.g. through the MFI program. So you can share the heart rate if the consuming device implements Apples gymkit and Apple can collect taxes for doing so. Just sharing the heart rate using a standard BLE signal is from hell - from Apples point of view.
Hell yeah! Will this be the first crack in the wall of Apples wallet garden?
As if Apple would be "responsible" for data losses today.
They aren't. Don't make stuff up.
Enjoy your Apple Google devices EU. I'm sure they will serve you well. I see no reason not to trust the leader of the EU in technology related matters. I'm sure she's over qualified for the job, and knows what's best for everyone. Because she has a history of IT and coding. Certs and all.
In a more serious note. Apple, here is a solution to this stupid problem. And yes, it's stupid.
Make another iOS for the EU. In this version of the OS, give them what they want. An OS with nothing on it. They can do whatever they want. Sell them no tools, offer no application creation software. Dev's have to "dev" it all. Hack it till you make it! No help from Apple. Offer this as a choice during purchase. You as a customer can purchase an iPhone/iPad (old or new) and get either option of OS. For those of us that don't want anything to do with this BS. We get our normal iOS that works as it should. For those of you that just can't live without having false choice. Well, here you go. Make it work however you want.
In a more serious note. Apple, here is a solution to this stupid problem. And yes, it's stupid.
Make another iOS for the EU. In this version of the OS, give them what they want. An OS with nothing on it. They can do whatever they want. Sell them no tools, offer no application creation software. Dev's have to "dev" it all. Hack it till you make it! No help from Apple. Offer this as a choice during purchase. You as a customer can purchase an iPhone/iPad (old or new) and get either option of OS. For those of us that don't want anything to do with this BS. We get our normal iOS that works as it should. For those of you that just can't live without having false choice. Well, here you go. Make it work however you want.
The EU capitulating to a handful of zealots who want to side load. Probably some greedy companies involved that don't want to pay to use the platform. One can only hope this is a total failure and I think it will be when the EU figures out that no one wanted this anyway. There is way too much friction to not use the App Store to pay for stuff and plus you do not give up your personal information.
One side effect of side loading and other payment systems is developers pricing the in App Store versions of their products higher or even significantly higher to discourage App Store purchases. I see this as anti-competitive and if the EU is serious about being fair for everyone they should force developers to charge the same price inside or outside of the App Store.
I also do not see why Apple could not charge $100 (or another amount) for the ability to unlock the phone for side-loading. This is kind of similar to carrier locks. you have to pay off the phone to free it or buy an unlocked phone.
One side effect of side loading and other payment systems is developers pricing the in App Store versions of their products higher or even significantly higher to discourage App Store purchases. I see this as anti-competitive and if the EU is serious about being fair for everyone they should force developers to charge the same price inside or outside of the App Store.
I also do not see why Apple could not charge $100 (or another amount) for the ability to unlock the phone for side-loading. This is kind of similar to carrier locks. you have to pay off the phone to free it or buy an unlocked phone.
Carrier unlocks are free in at least some EU countries.
I mean, sucks to be you if you're charged (in this day and age) to unlock a phone.
Great, some sketchy app that reads my heart rate data and leaves that data open to every other app on my phone? No thanks. Insurance companies would love that!
Ex: Next time you want life insurance the company tells you about their great, streamlined application via your phone, you download it and BAM, it grabs all the data it can from other apps on your phone like heart rate monitors or blood pressure monitors and just like that...... high premiums for you.
Same goes for auto insurance apps, only a matter of time before they start collecting location data to determine if you are speeding. Or maybe they will just skim data from your EZ-Pass app?
One critical point is that when these phones using side-loaded apps are hacked it needs to be made clear that it happened with a side-loaded app and was not downloaded via the App Store. Unfortunately that probably will not happen.
Who says they will be hacked? Take macOS for example, is it clear what happens?
Yes, you could.
You may have missed the part of the EU's proposal where platforms aren't defined as hardware devices - but as operating systems, too.
So offering Linux sideloading wouldn't satisfy that legal requirement with regards to iOS.
You may have missed the part of the EU's proposal that mandates "effective use" be possible and "obligations to ensure interoperability".
Weighing that against "proportionate measures to ensure that third party software applications or software application stores do not endanger the integrity of the hardware or operating system provided by the gatekeeper" will certainly be up to interpretation and I'm sure that lawyers will have a field day on this one.
But no, hardball sandboxing to lock out third-party apps wouldn't fly - it would just open up more regulatory action, fines and legal action.
No, I don't think I did. I suggested that if an app, such as a calculator, doesn't follow the Apple rules for data collection transparency then they should not have access to that data. Really, why does a calculator app need location data access anyway, other than to exploit it for profit?
It read as if you suggested that anything not adhering App Store rules (including prohibition of in-app purchases, possibly?) should access to nothing else on iOS.
If we're just talking privacy, well, we have app sandboxing today.
Why should a calculator app have data access to location? To provide currency or unit conversion services?
This isn't about the E.U. This about Threat Actors and the scams they are chomping at the bit to deploy to iOS users. Once this Pandora's Box is open for side loading on iOS they will make efforts to attack / infect / scam any and all iOS users. Some of whom are not technically savvy or not able to determine that they are being scammed. When such an incident occur, the threat actors won't be the ones getting the blamed. People will flood Facebook, Twitter, Tik-Tok and forums like this saying things like "Apple is trash", "I'm never buying an iPhone again". "Apple get your sh*t together" etc. etc. etc.. "Expanding options or others is putting all at risk"
I mean, this is a reason why Apple should lock down macOS to only install for the MAS.
If only that was the world we live in, unfortunately it isn't. It would be nice if devs had to fully explain, in plain language, why they need access to any and all data they access or collect.
It's interesting how this has been framed as "sideloading bad" when it doesn't actually require Apple to drop any technical platform security requirements. I have an Apple Developer account and have written iOS apps in the past (although no time for it recently). I can already sideload my apps to friends and family for testing using Xcode, and those apps run in the same sandbox container with exactly the same security restrictions and user warning as apps that you download from the App Store.
There are no technical differences between an App Store app and a side loaded one. There are some superficial differences though:
What we're talking about here is Apple letting people take those signed .ipa files and let people distribute themselves rather than go through the business review. Judging by developer frustration at the inconsistent review standards I think this would be a win all around. Those who want to stick with the App Store can continue to do so. Apple can continue to enforce all the technical security and privacy constraints on sideloaded apps that exist today.
There are no technical differences between an App Store app and a side loaded one. There are some superficial differences though:
- App Store apps are "reviewed". This is not done by a security professional, just someone enforcing Apple business rules. Judging by the amount of crap in the App Store - this is a highly subjective step.
- If I want to sell it on the App Store, then Apple takes a cut.
What we're talking about here is Apple letting people take those signed .ipa files and let people distribute themselves rather than go through the business review. Judging by developer frustration at the inconsistent review standards I think this would be a win all around. Those who want to stick with the App Store can continue to do so. Apple can continue to enforce all the technical security and privacy constraints on sideloaded apps that exist today.
If you have to fear your government that much, I'm sure you would have other worse problems than sideloading.