'Sideloading Is A Cybercriminal's Best Friend' And Can Create A Malware 'Gold Rush'

Craig Federighi
Apple's Senior Vice President of Software Engineering

Apple's strict ecosystem can be annoying. For example, the strict rules prevents people to customize their phones to a degree than their Android counterparts have always enjoyed.

To some people, this makes the experience dull and kind of boring.

However, the rules do have some advantages.

For example, this allows Apple to have the utmost control of the ecosystem, allowing it to quickly patch holes and push updates. This also makes Apple a more versatile platform, and relatively more reliable and mature.

This has long been Apple's main selling point.

Apple has always been selling the experience. And this experience is what fanatics are always after. This is why the brand has cult followings, and reasons that made company amongst the most powerful and most profitable in the world.

But in Apple's own words, it's more about the safety of users.

Craig Federighi

Craig Federighi is Apple's Senior Vice President of Software Engineering.

When the top software executive rallied against Europe’s proposed Digital Markets Act, he said that requirements in the law would undermine the iPhone’s security and create a malware "gold rush."

EU's proposed legislation here includes provisions that would require "gatekeeper" companies such as Apple to allow third-party app stores on their devices.

Federighi believes that the Digital Markets Act has an "admirable mission" to promote competition and ensure that users have choice. But the thing, the process won't be safe at all.

"European policy makers have often been ahead of the curve, but requiring sideloading on iPhone would be a step backward," said Federighi at the Web Summit conference in Lisbon, Portugal.

"Instead of creating choice, it would open a Pandora’s Box of unreviewed, malware-ridden software and deny everyone the option of iPhone’s secure approach,” he said.

In other words, Federighi said that opening the iOS/iPadOS ecosystem to third parties would risk the security Apple has long been building.

"With sideloading, those layered protections are undone," he said. "Sideloading undermines security and puts people's data at risk."

Simply put, according to Federighi, "sideloading is a cybercriminal's best friend."

Craig Federighi who spoke to decry a provision in the Digital Markets Act offered the analogy of shopping for a house and picking one with the best security and locks.

Imagine, he said, that your municipality now votes to require “an always-unlocked side door" to optimize package delivery.

"Sideloading is that unlocked side door,” he said. “And requiring it on iPhone would give cybercriminals an easy point of entry on your device."

He also attacked the notion of making sideloading just an option, as it is in Google’s Android.

"History shows us, it doesn't play out the way we hope," he said, citing an Android ransomware scam app that mimicked an official Canadian COVID-tracking app. "Even if you have no intention of sideloading, people are routinely coerced or tricked into doing it."

He further suggested that "some social networking apps” would opt for sideload-only distribution to evade Apple’s privacy protections, warning "you'd be stuck with the risk of losing touch with your friends online."

And finally, Federighi noted that even if users try to completely avoid sideloading, a family member doing so could still leave others at risk.

"The fact is, one compromised device, including a mobile phone, can pose a threat to an entire network," he said.

"Malware from sideloaded apps can jeopardize government systems, enterprise networks, public utilities, the list goes on. So even if you never sideload, your iPhone is less safe in a world where Apple is forced to allow it."

"As an engineer who wants iPhone to stay as secure as possible for our users, there is one part I worry about, and that's the provision that would require iPhone to allow sideloading," said Federighi. "In the name of giving users more choice, that one provision would take away user's choice of a more secure platform."

Apple has a total control of the Apple ecosystem, forcing anyone who wants to use its platforms to obey and follow the rules.

And Federighi is defending that act.

At the event, Federighi speaks on behalf of Apple, a company fond of saying that "privacy is a fundamental human right."

"The constantly improving protections we've built have managed to stay one step ahead of the bad guys," he added. "Long story short, iPhone's security approach worked."

Federighi's speech came as Apple is also facing a number of legal challenges to its App Stpre.

From Fortnite maker Epic Games, that argued Apple has become a "behemoth seeking to control markets, block competition and stifle innovation," to then regulators and litigations who wish top open App Store to competition.

Apple, despite not feeling threatened, is doing whatever it can to stand to protect users' privacy, and also its App Store business, which brings in billions and billions of dollars per year for the iPhone maker.

It should be noted that Federighi did not address the risk factor of Apple’s macOS, on which sideloading (simply called "downloading") has always been allowed next to Apple’s Mac App Store.

Previously, Federighi stated that the reason for MacOS's walled-garden is because the level of malware on the operating system is "unacceptable."

It is rare for any Apple executive to speak outside of Apple's own presentations. But Federighi here made a point that in fact, there is no such thing as a perfect security system.

Read: The Reason For IOS' Walled-Garden Is Because MacOS Malware Level Is ‘Unacceptable’