Apple explains why getting iPhone apps outside the App Store is a bad idea
Apple has released a new research report detailing the reasons why it prohibits the sideloading of apps on iOS, including some of the dangers of the distribution method.
Credit: Andrew O'Hara, AppleInsider
Sideloading, which is prohibited on iPhone and iPad, refers to downloading or installing apps that originate outside of the App Store through unmonitored mechanisms like enterprise certificates. On Wednesday, Apple released a white paper titled "Building a Trusted Ecosystem for Millions of Apps," which details some of the issues with the practice.
For example, Apple notes that sideloaded apps could bypass some of the built-in control mechanisms on iOS. Apple gives the example of a game app that can bypass the Ask to Buy parental control for in-game purchases.
The Cupertino tech giant also gives the example of malicious apps, such as a copycat application that threatens to delete all of a user's photos unless they pay a ransom.
Other examples include pirated apps that funnel money to scammers and apps that infringe on a user's privacy.
"To protect iOS users from malicious apps and provide the world's best platform security, we take a multi-pronged approach, with many layers of protection," Apple writes.
The company also detailed why the privacy and security protections differ between iOS and macOS.
"iOS poses unique security challenges because users continuously and frequently download new apps onto their devices, and because iOS devices need to be safe enough for children to use unsupervised," Apple explains.
Additionally, Apple says that an iPhone is a much more attractive target for criminals because of how many devices are in the wild. It added that it's continuing to make moves to bring macOS closer to the iPhone, echoing comments from Apple SVP Craig Federighi about the Mac falling short of Apple's security standards.
Other portions of the paper focus on the App Review process, and how it keeps the majority of malicious or scam apps off of the App Store. That includes statistics on how App Review processes apps, such as the fact that Apple has stopped more than $1.5 billion in potentially fraudulent transactions.
Sideloading has been floated as a potential solution to antitrust concerns surrounding the App Store. For example, Epic Games lawyers in its trial with Apple argued that sideloading and alternative app stores could increase competition on iOS. Proposed rules in the European Union could also force Apple to allow sideloading.
Apple maintains that sideloading could be a danger to user security and privacy. It argued against the practice in court with Epic Games, and Apple CEO Tim Cook also spoke out against the proposed regulations in the EU earlier in June.
There have also been instances of developers abusing Apple's enterprise certificate program to sideload applications onto user devices. While the program is designed to facilitate the internal distribution of apps within companies, firms like Facebook and Google have been caught using it to sideload apps to bypass the App Review process.
The full white paper goes into further detail behind Apple's reasoning and offers additional context surrounding App Review and the ban on sideloading apps. It's available here.
Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
Credit: Andrew O'Hara, AppleInsider
Sideloading, which is prohibited on iPhone and iPad, refers to downloading or installing apps that originate outside of the App Store through unmonitored mechanisms like enterprise certificates. On Wednesday, Apple released a white paper titled "Building a Trusted Ecosystem for Millions of Apps," which details some of the issues with the practice.
For example, Apple notes that sideloaded apps could bypass some of the built-in control mechanisms on iOS. Apple gives the example of a game app that can bypass the Ask to Buy parental control for in-game purchases.
The Cupertino tech giant also gives the example of malicious apps, such as a copycat application that threatens to delete all of a user's photos unless they pay a ransom.
Other examples include pirated apps that funnel money to scammers and apps that infringe on a user's privacy.
"To protect iOS users from malicious apps and provide the world's best platform security, we take a multi-pronged approach, with many layers of protection," Apple writes.
The company also detailed why the privacy and security protections differ between iOS and macOS.
"iOS poses unique security challenges because users continuously and frequently download new apps onto their devices, and because iOS devices need to be safe enough for children to use unsupervised," Apple explains.
Additionally, Apple says that an iPhone is a much more attractive target for criminals because of how many devices are in the wild. It added that it's continuing to make moves to bring macOS closer to the iPhone, echoing comments from Apple SVP Craig Federighi about the Mac falling short of Apple's security standards.
Other portions of the paper focus on the App Review process, and how it keeps the majority of malicious or scam apps off of the App Store. That includes statistics on how App Review processes apps, such as the fact that Apple has stopped more than $1.5 billion in potentially fraudulent transactions.
Sideloading has been floated as a potential solution to antitrust concerns surrounding the App Store. For example, Epic Games lawyers in its trial with Apple argued that sideloading and alternative app stores could increase competition on iOS. Proposed rules in the European Union could also force Apple to allow sideloading.
Apple maintains that sideloading could be a danger to user security and privacy. It argued against the practice in court with Epic Games, and Apple CEO Tim Cook also spoke out against the proposed regulations in the EU earlier in June.
There have also been instances of developers abusing Apple's enterprise certificate program to sideload applications onto user devices. While the program is designed to facilitate the internal distribution of apps within companies, firms like Facebook and Google have been caught using it to sideload apps to bypass the App Review process.
The full white paper goes into further detail behind Apple's reasoning and offers additional context surrounding App Review and the ban on sideloading apps. It's available here.
Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
Comments
I'm just guessing that less than 1% would install Android, and that means Apple will have proved its point - consumers want protection.
if I wanted to install Android on my iPhone (not that I ever wanted to) I should be able to do it: it’s my damn hardware.
Apple can warn against a practice, refuse software support for devices with sideloaded apps, etc. but prohibiting, is another matter.
Having used NeXTstep (aka macOS, iOS, Darwin) since version 0.8 I’d like to e.g. run a NeXT emulation software. With a “huge” hard drive back then being 8GB (split in four 2GB partitions) and a lot of RAM being 128MB, emulating a NeXT cube and running legacy software is something the iPad Pro can do without breaking a sweat. But it’s not possible without side loading and even that was sabotaged in the latest iOS releases. For no good reason, on a device of that class. Running things well isolated in a virtual machine isn’t or shouldn’t be a security risk.
Heck even running virtualized macOS or Windows should not be an issue, that’s the whole point of virtual machines. Heck, Apple could run a virtual iOS session for third-party apps, totally isolated from the AppStore side of things.
The excuses Apple brings for saving its revenue stream are transparent and invalid, at least as far as the latest crop of devices and their powerful hardware is concerned.
Anyway…
Just allow side-loading in a secure container, which iOS can already offer.
Add a warning when installing, but don’t work against my intentional action to side-load.
When a side-loaded app wants access to an OS-level API, it can trigger the same user permission requester as normal. Just add a big warning there that the app has been side-loaded.
I need to be in control of the device that I own. Apple’s arguments are heavily orchestrated PR events.
1. Allow all API’s to be used by developers and not limit some to just themselves.
As soon as you side load then your warranty is voided and you lose access to Apple Services?
Ironically, the only way left after that for consumers to (inefficiently and ineffectively) regain some of the lost iOS security and privacy protections would be through increased government interference and regulations of apps and operating systems.