Sideloading Apps Will 'Cripple' iPhones' Privacy And Security, Said Apple

Building a Trusted Ecosystem for Millions of Apps

It has been for a long time, that Apple is considered a monopoly to lots of people. But Apple always argues otherwise.

Controlling its supply chain from software to hardware, Apple maintains an ecosystem with utmost power. And who ever is displeased with its decision, can have themselves kicked. Apple knows how to use this level of control, and this is why nobody can stop it from doing what it does best.

One of the things Apple is best for, is to suggest that its ecosystem is the safest, especially if compared to Google's Android.

And if ever regulators blame it for anything, Apple would say that everything it does is for the sake of its users and nothing more.

This time, with the European Commission's proposal Digital Market Acts, Apple could be forced to allow iOS and iPadOS users to sideload apps onto their devices.

Apple argues with a released documents it calls "a threat analysis of sideloading."

The whitepaper titled "Building a Trusted Ecosystem for Millions of Apps", Apple explained the dangers inherent in the practice of sideloading.

Sideloading is a practice of installing apps from third-party sources.

Android for example, has been allowing this from the very beginning, allowing users to visit Android app stores other the official Google Play Store to download apps. Android users can even sideload apps by downloading .apk files directly to their phones, and install apps from there.

iOS and iPadOS on the other hand, don't allow this.

Apple does not allow iPhone or iPad users to install apps from locations other than the Apple's App Store.

In its argument, Apple said that "iPhone is a highly personal device where users store some of their most sensitive and personal information. This means that maintaining security and privacy on the iOS ecosystem is of critical importance to users. However, some are demanding that Apple support the distribution of apps outside of the App Store, through direct downloads or third-party app stores, a process also referred to as 'sideloading.'"

Apple even mentioned its competitor by name, when it stated that over the past four years, Android devices contained 15 to 47 times the number of malware infections than iPhones.

Additionally, there was a case where a large security company has a client whose fleet of Android phones, was racking up 6 million attacks each month.

Apple said that "experts generally agree that iOS is safer compared to Android, in part because Apple does not support sideloading."

Building a Trusted Ecosystem for Millions of Apps
Credit: Apple

"Mobile malware harms consumers, companies, developers, and advertisers. Attacks on users employ various tactics and techniques. Common types of mobile malware affecting consumers are adware, ransomware, spyware, and banking and other credential-stealing trojans that masquerade as legitimate apps," Apple continued.

To defend its argument, Apple said that most malware come from sideloading.

Apple claimed that malware infections on iOS devices are rare, and said that many of the attacks on the platform are "narrowly targeted attacks, often carried out by nation-states."

The company said that if it is forced to allow sideloading, it would become easier for cybercriminals to target users as more apps would become dangerous since many third-party app stores do not have vetting procedures in place.

"If sideloading from third-party app stores were supported, malicious apps would simply migrate to third-party stores and continue to infect consumer devices," explained Apple.

This can happen because third-party app stores don't require developers to provide the information that Apple demands. As a result, users won't receive the most accurate information about the apps they wish to download.

And if direct download is to be allowed, users won't benefit from features, like App Tracking Transparency, which helps users control what data, hardware, and services can be accessed by installed apps.

Apple said that by allowing users to sideload apps, Apple would be forced undermine the core security that protects the operating system. The result of this, would be a flawed device that is less reliable, malware prone.

Even if users are not interested in sideloading, they can be forced to do so if an app they want to download is no longer available on the App Store, and can only be found on a third-party store. This creates security holes, where hackers can trick users to sideload apps via phishing attacks, for example.

Apple points out that due to the COVID-19 pandemic, consumers are relying more and more on their mobile devices. It's on those devices that consumers store personal health information, which Apple calls "valuable data that hackers can sell to multiple buyers." And the number of tricks being used to attack mobile users has been growing with mobile phishing incidents up 37%.

Building a Trusted Ecosystem for Millions of Apps
Credit: Apple

Apple believes that “sideloading would make it easier and cheaper to execute many attacks that are currently difficult and costly to execute on iOS," and that it will open a door to harming users, businesses, developers, and advertisers.

"If Apple were forced to support sideloading, more harmful apps would reach users because it would be easier for cybercriminals to target them – even if sideloading were limited to third-party app stores only."

"Forcing sideloading onto the iOS ecosystem would make iPhone less secure and trustworthy for users," said Apple. "iPhone users would have to constantly be on the lookout for scams, never sure whom or what to trust, and, as a result, users would download fewer apps from fewer developers."

In the end, users will be at risk, and Apple is not risking this by opening its iOS ecosystem to third-parties.

In its argument, Apple is making its case against sideloading with data and recommendations from the U.S. Department of Homeland Security, European Agency for Cybersecurity, NIST, Norton, and more.

The 28-page document Apple created, came as a follow-up to the guide it published in June on the benefits of its curated App Store.

At the time, Apple CEO Tim Cook claimed that sideloading apps "would destroy the security of the iPhone" and "a lot of the privacy initiatives that we've built into the App Store."

Published: 
15/10/2021