Apple is battling increasing pressure to support sideloading on its App Store with an expansive 28-page white paper in which it offers glaring security and privacy warnings.
Sideloading risk
White paper, “Building a Trusted Ecosystem for Millions of Apps – Sideloading Threat analysis” argues that because iPhones and other devices capture so much personal information about people, maintaining privacy and security is extremely important. “Supporting sideloading via direct downloads and third-party app stores will cripple the privacy and security protections that have made iPhones so secure, and expose users to serious security risks,” the company said.
The European Commission, as well as legislators in several European countries, the US and elsewhere, appear to be currently inclined to build Apple-supported side apps. EC’s proposed Digital Marketplace application could compel companies to do so. Apple rejected this citing the potential danger to its customers and platform.
Apple published a similar document explaining the benefits of a curated App Store in June, warning of the significant dangers of a lack of curation. Sideloading critics argue that while curation isn’t perfect, it’s much, much better than nothing.
The paper cites a Nokia study that shows Android suffers from up to 47 times more malware than iPhone. It also reiterates European regulatory agencies reporting 230,000 new mobile malware infections per day.
Threat of new iCrime wave
“Android smartphones are the most common mobile malware targets and currently have between 15 and 47 times more infections from malicious software than iPhones. A study found that 98 percent of mobile malware targets Android devices.
“This is closely related to sideloading: In 2018, for example, Android devices that installed apps outside of Google Play, the official Android app store, were eight times more likely to be affected by potentially harmful apps than those that didn’t,” the paper wrote. say.
This paper examines malware that acts as a security update for a fake Android version of the Clubhouse app that prompts users to turn off security settings that would prevent malicious code from being installed.
The company also warned criminals could try to set up fake app stores to trick consumers into sharing payment details, the company warned. “Sideloading will make it easier and cheaper to execute many attacks that are currently difficult and expensive to execute on iOS,” he said.
The risk to consumers is even greater, because in some cases app developers can force consumers to ditch their apps by refusing to offer them through the App Store. “Users may not get accurate information about the apps they sideload through third-party app stores or through direct downloads because these app stores are not required to provide the information displayed on the App Store product pages and privacy labels. And features like App Tracking Transparency and parental controls,” notes Apple aptly.
Security experts seem to agree
The report supports Apple’s argument with statements from Europol, the European Agency for Cybersecurity, the US Department of Homeland Security, Norton, Interpol and NIST. The latter warns that “Sideloading, if done incorrectly, can make mobile devices very vulnerable to attacks.”
It also quotes security vendor Norton:
“One way to minimize harm from third-party stores is to avoid them.”
“If Apple is forced to support sideloading via direct downloads and through third-party app stores, iPhone users will have to be constantly on the lookout for scams, never sure who or what to trust, and, as a result, users will download fewer apps from fewer developers,” Apple said in its report.
[Also read: Apple makes a quiet transition to post-consumerism]
To summarize what it’s trying to do, Apple’s report repeats a 2007 statement by founder Steve Jobs: “We’re trying to do two opposite things at once: provide an advanced and open platform for developers while at the same time protecting iPhone users from viruses, malware, attacks. privacy, etc. This is not an easy task.”
Real risk to real people (and businesses)
“Many iOS users use mobile banking and payment apps, and buy goods and services on their devices. Employees also typically connect to the company network on their mobile devices for work-related tasks. App Store users come from all walks of life and all age groups, speak different languages, and live all over the world. But one thing they have in common is that they are all protected by App Store protection,” the company said.
While Apple’s arguments will almost certainly be rejected by rivals looking to force it to support sideloading, it’s possible they’ll be taken seriously enough by regulators that they’ll seek safer compromises for the platform.
Please follow me on Indonesiaor join me at the AppleHolic bar & grill and Apple Discussion group on MeWe.