The debate about Apple's "walled garden" approach to the App Store and OS-level customization, especially when compared to Android, is nothing new. However, today there have been a couple of interesting developments on this topic. The company has published a detail report citing the risks of sideloading apps and an executive has even recommended that users who want to engage in this activity should migrate to Android instead.
As spotted by MacRumors, Apple has published a document titled "Building a Trusted Ecosystem for Millions of Apps" on its privacy website. It explains how the company vets each submission to the App Store and rejects apps which are potentially harmful in terms of user privacy and security. It even highlighted a study which indicated that third-party app stores on Android are unsafe and not recommended by security experts. The firm went on to say that:
Some have suggested that we should create ways for developers to distribute their apps outside of the App Store, through websites or third-party app stores, a process called “sideloading.” Allowing sideloading would degrade the security of the iOS platform and expose users to serious security risks not only on third-party app stores, but also on the App Store. Because of the large size of the iPhone user base and the sensitive data stored on their phones – photos, location data, health and financial information – allowing sideloading would spur a flood of new investment into attacks on the platform. Malicious actors would take advantage of the opportunity by devoting more resources to develop sophisticated attacks targeting iOS users, thereby expanding the set of weaponized exploits and attacks – often referred to as a “threat model” – that all users need to be safeguarded against. This increased risk of malware attacks puts all users at greater risk, even those who only download apps from the App Store.
[...] Allowing sideloading would open the door to a world where users may not have a choice but to accept these risks, because some apps may no longer be available on the App Store, and scammers could trick users into thinking they are safely downloading apps from the App Store when that is not the case. Sideloading would expose users to scammers who will exploit apps to mislead users, attack iPhone security features, and violate user privacy. [...] Scammers would have the opportunity to trick and mislead kids and parents by obfuscating the nature of their apps, making both features less effective.
The 16-page document is quite interesting in its own right and you can read in its full glory here.
Interestingly in an interview about this topic that also happened today, Apple's head of user privacy Erik Neuenschwander further suggested that users should migrate to other platforms if they are interested in sideloading apps, because there is no way that Apple will support this activity. He went on to say that users trust that apps they download from the App Store will be safe and this is true freedom in essence because people know that won't be tricked into downloading something they don't actually want.
The executive explained how supporting sideloading apps on iOS is much more different and dangerous than being free to download software on Mac, saying that:
It's the device you carry around with you. So it knows your location. And therefore somebody who could attack that would get pattern-of-life details about you. It has a microphone, and therefore that's a microphone that could be around you much more than your Mac's microphone is likely to be. So the kind of sensitive data [on the iPhone] is more enticing to an attacker.
[...] The pattern of use of the Mac—just the style, how people use that platform—tends to be that they get a few applications that they use to do their job or their hobby, and then it kind of reaches a steady state. But what we've all seen is that mobile platforms, including iPhone, are ones where users are downloading apps on a continuing basis. And that gives an attacker more opportunities to get in and get at that user. So the threat on the iOS side is much higher than the threat on the Mac side.
Overall, it's clear to see that Apple is in no mood to enable mechanisms for easier sideloading on iOS, and is vehemently against the idea in general. You can read Neuenschwander's interview in detail here.
Apple's latest moves on this topic are in association to lawmakers' ongoing scrutinization of big tech monopolies. The U.S. House Judiciary Committee is planning to debate a set of related bills today including one that could force Apple to allow third-party app stores on its platform.
Source: Apple, Fast Company via MacRumors [1] [2]
35 Comments - Add comment