Apple explains why getting iPhone apps outside the App Store is a bad idea

Posted:
in General Discussion edited June 2021
Apple has released a new research report detailing the reasons why it prohibits the sideloading of apps on iOS, including some of the dangers of the distribution method.

Credit: Andrew O'Hara, AppleInsider
Credit: Andrew O'Hara, AppleInsider


Sideloading, which is prohibited on iPhone and iPad, refers to downloading or installing apps that originate outside of the App Store through unmonitored mechanisms like enterprise certificates. On Wednesday, Apple released a white paper titled "Building a Trusted Ecosystem for Millions of Apps," which details some of the issues with the practice.

For example, Apple notes that sideloaded apps could bypass some of the built-in control mechanisms on iOS. Apple gives the example of a game app that can bypass the Ask to Buy parental control for in-game purchases.

The Cupertino tech giant also gives the example of malicious apps, such as a copycat application that threatens to delete all of a user's photos unless they pay a ransom.

Other examples include pirated apps that funnel money to scammers and apps that infringe on a user's privacy.

"To protect iOS users from malicious apps and provide the world's best platform security, we take a multi-pronged approach, with many layers of protection," Apple writes.

The company also detailed why the privacy and security protections differ between iOS and macOS.

"iOS poses unique security challenges because users continuously and frequently download new apps onto their devices, and because iOS devices need to be safe enough for children to use unsupervised," Apple explains.

Additionally, Apple says that an iPhone is a much more attractive target for criminals because of how many devices are in the wild. It added that it's continuing to make moves to bring macOS closer to the iPhone, echoing comments from Apple SVP Craig Federighi about the Mac falling short of Apple's security standards.

Other portions of the paper focus on the App Review process, and how it keeps the majority of malicious or scam apps off of the App Store. That includes statistics on how App Review processes apps, such as the fact that Apple has stopped more than $1.5 billion in potentially fraudulent transactions.

Sideloading has been floated as a potential solution to antitrust concerns surrounding the App Store. For example, Epic Games lawyers in its trial with Apple argued that sideloading and alternative app stores could increase competition on iOS. Proposed rules in the European Union could also force Apple to allow sideloading.

Apple maintains that sideloading could be a danger to user security and privacy. It argued against the practice in court with Epic Games, and Apple CEO Tim Cook also spoke out against the proposed regulations in the EU earlier in June.

There have also been instances of developers abusing Apple's enterprise certificate program to sideload applications onto user devices. While the program is designed to facilitate the internal distribution of apps within companies, firms like Facebook and Google have been caught using it to sideload apps to bypass the App Review process.

The full white paper goes into further detail behind Apple's reasoning and offers additional context surrounding App Review and the ban on sideloading apps. It's available here.

Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
«134567

Comments

  • Reply 1 of 139
    22july201322july2013 Posts: 3,564member
    Apple could easily allay the concerns of antitrust authorities by allowing users to completely replace iOS with Android. Then users could get all the side loading they want. Apple would not warranty the hardware or operating system if users switched to Android. The T2 chip, which Android would not use, could track whether or not Android was ever installed.

    I'm just guessing that less than 1% would install Android, and that means Apple will have proved its point - consumers want protection.
    edited June 2021 JBSloughjimh2radarthekatwatto_cobraDetnator
  • Reply 2 of 139
    byronlbyronl Posts: 356member
    i still want to have the OPTION to enter UNSAFE environments apps etc 
    williamlondonelijahg
  • Reply 3 of 139
    Malware and middlemen. That's what they believe will improve things for consumers. Malware and middlemen. 
    GeorgeBMacBeatspscooter63mattinozradarthekaturaharawatto_cobrajony0
  • Reply 4 of 139
    fred1fred1 Posts: 1,112member
    So Apple is worried that the antitrust legislation will pass? They have no faith in their lobbyists?
  • Reply 5 of 139
    rcfarcfa Posts: 1,124member
    It’s one thing to warn people against the practice, it’s another to prohibit people from doing something on devices they own.

    if I wanted to install Android on my iPhone (not that I ever wanted to) I should be able to do it: it’s my damn hardware.

    Apple can warn against a practice, refuse software support for devices with sideloaded apps, etc. but prohibiting, is another matter.

    Having used NeXTstep (aka macOS, iOS, Darwin) since version 0.8 I’d like to e.g. run a NeXT emulation software. With a “huge” hard drive back then being 8GB (split in four 2GB partitions) and a lot of RAM being 128MB, emulating a NeXT cube and running legacy software is something the iPad Pro can do without breaking a sweat. But it’s not possible without side loading and even that was sabotaged in the latest iOS releases. For no good reason, on a device of that class. Running things well isolated in a virtual machine isn’t or shouldn’t be a security risk.

    Heck even running virtualized macOS or Windows should not be an issue, that’s the whole point of virtual machines. Heck, Apple could run a virtual iOS session for third-party apps, totally isolated from the AppStore side of things.

    The excuses Apple brings for saving its revenue stream are transparent and invalid, at least as far as the latest crop of devices and their powerful hardware is concerned.
    pbruttowilliamlondonelijahgOctoMonkeycropr
  • Reply 6 of 139
    22july201322july2013 Posts: 3,564member
    byronl said:
    i still want to have the OPTION to enter UNSAFE environments apps etc 
    Yes, if Apple allowed Android on iPhones, you would get exactly what you are asking for above.
    edited June 2021 KTRwatto_cobra
  • Reply 7 of 139
    sirdirsirdir Posts: 186member
    I’ve been able to survive those risks the last 40 years with an sorts of computers, I don’t need Apple to be my nanny now.
    williamlondonelijahgchemengin1docno42
  • Reply 8 of 139
    byronl said:
    i still want to have the OPTION to enter UNSAFE environments apps etc 
    Yes, if Apple allowed Android on iPhones, you would get exactly what you are asking for above.
    How would that practically work?  Who is going to create the Android installation that is configured for iPhones?
    KTRJBSlough
  • Reply 9 of 139
    JaiOh81JaiOh81 Posts: 60member
    rcfa said:
    It’s one thing to warn people against the practice, it’s another to prohibit people from doing something on devices they own.

    if I wanted to install Android on my iPhone (not that I ever wanted to) I should be able to do it: it’s my damn hardware.

    Apple can warn against a practice, refuse software support for devices with sideloaded apps, etc. but prohibiting, is another matter.

    Having used NeXTstep (aka macOS, iOS, Darwin) since version 0.8 I’d like to e.g. run a NeXT emulation software. With a “huge” hard drive back then being 8GB (split in four 2GB partitions) and a lot of RAM being 128MB, emulating a NeXT cube and running legacy software is something the iPad Pro can do without breaking a sweat. But it’s not possible without side loading and even that was sabotaged in the latest iOS releases. For no good reason, on a device of that class. Running things well isolated in a virtual machine isn’t or shouldn’t be a security risk.

    Heck even running virtualized macOS or Windows should not be an issue, that’s the whole point of virtual machines. Heck, Apple could run a virtual iOS session for third-party apps, totally isolated from the AppStore side of things.

    The excuses Apple brings for saving its revenue stream are transparent and invalid, at least as far as the latest crop of devices and their powerful hardware is concerned.
    So why not just get an android phone? There are plenty that have similar or better specs than iPhones. This is what I don’t understand. If you want the experience of being able to do all the things you want there are plenty of devices that allow you that freedom. Why buy a phone that has the “restrictions” Apple has? 
    foregoneconclusionGeorgeBMacBeatspscooter63williamlondonpatchythepirateBombdoeradarthekaturaharawatto_cobra
  • Reply 10 of 139
    sirdir said:
    I’ve been able to survive those risks the last 40 years with an sorts of computers, I don’t need Apple to be my nanny now.
    Those kinds of statements prove that Apple's approach to iOS is providing choice to consumers, not limiting it. Forcing iOS to be Windows/Android is narrowing consumer choice. 
    edited June 2021 GeorgeBMacBeatspscooter63williamlondonmacplusplusradarthekaturaharawatto_cobrajony0Detnator
  • Reply 11 of 139
    JaiOh81 said: So why not just get an android phone? There are plenty that have similar or better specs than iPhones. This is what I don’t understand. If you want the experience of being able to do all the things you want there are plenty of devices that allow you that freedom. Why buy a phone that has the “restrictions” Apple has? 
    Basically it just boils down to a lot of people in the computer industry being upset that the Windows model, i.e. Android, wasn't a decisive winner with consumers. They just assumed that it would be and were proven wrong. Now they're lobbying government to force the Windows model to be the winner because they prefer a monolithic market with less consumer choice on how the OS works in combination with software.
    edited June 2021 Rayz2016meterestnzBeatspscooter63williamlondonpatchythepirateradarthekaturaharawatto_cobrajony0
  • Reply 12 of 139
    KTRKTR Posts: 279member
    byronl said:
    i still want to have the OPTION to enter UNSAFE environments apps etc 
    Yes, if Apple allowed Android on iPhones, you would get exactly what you are asking for above.
    How would that practically work?  Who is going to create the Android installation that is configured for iPhones?
    And why would any want to.  Next thing you know, they gonna want to force apple to make IOS RUN ON MULTIPLE PLATFORMS( running on crappy hardware)
    Beatswatto_cobrajony0
  • Reply 13 of 139
    GeorgeBMacGeorgeBMac Posts: 11,421member
    THANK YOU APPLE - For Finally Laying that Out!

    The Libertarian / Free to do whatever I want crowd always tends to ignore the consequences of their actions.

    In this case, Apple's review and oversight of apps adds stability and security to my iPhone that I simply cannot get any other way.   So again, Thank You Apple.

    Some might argue:  Well give the user the Choice!   But that's another bullshit argument.
    Once Apple allows sideloading, more and more vendors will simply avoid the hassle and expense of going through the app store -- and iOS will become as porous, unreliable and insecure as Android or Windows.

    While some might scream:  "Don't take away my free choice!"
    I say:   "Don't take away my reliability and security!"
    meterestnzBeatspscooter63mike1uraharawatto_cobrajony0
  • Reply 14 of 139
    GeorgeBMacGeorgeBMac Posts: 11,421member
    sirdir said:
    I’ve been able to survive those risks the last 40 years with an sorts of computers, I don’t need Apple to be my nanny now.

    Samsung has some very nice phones you will love!
    Bye-Bye!
    Rayz2016meterestnzBeatsFidonet127pscooter63mike1uraharajony0
  • Reply 15 of 139
    CheeseFreezeCheeseFreeze Posts: 1,247member
    “Apple explains why getting iPhone apps outside the App Store is a bad idea for share-holder valuation and their monopoly on the App Store”

    Anyway…

    Just allow side-loading in a secure container, which iOS can already offer.
    Add a warning when installing, but don’t work against my intentional action to side-load.

    When a side-loaded app wants access to an OS-level API, it can trigger the same user permission requester as normal. Just add a big warning there that the app has been side-loaded.

    I need to be in control of the device that I own. Apple’s arguments are heavily orchestrated PR events. 

    If they do their job right, my incentive to side-load should be minimal, because if they do, I want the App Store to where I download my stuff.
    edited June 2021 williamlondonelijahg
  • Reply 16 of 139
    bulk001bulk001 Posts: 764member
    If Apple wants to prevent side loading they have to make radical changes:
    1. Allow all API’s to be used by developers and not limit some to just themselves. 
    2. Allow different payment systems so users don’t have to pay the 30% Apple tax. If a developer wants to pass that 30% savings on to customers instead of adding to Apple’s 2 trillion wealth they should be allowed to do so. 
    3. Approve all apps that don’t violate a very basic, very minimal set of rules like no data harvesting, piracy or apps that violate the law. Cloud game apps for instance should all be approved. 

    Apple’s arrogance displayed in the Epic suit is similar to the NCAA’s greed and arrogance at exploiting student athletes and the price their pay will be the same. 
    williamlondonelijahg
  • Reply 17 of 139
    Rayz2016Rayz2016 Posts: 6,957member
    How about this:

    As soon as you side load then your warranty is voided and you lose access to Apple Services?
    Beatslkrupppscooter63mike1radarthekaturaharajony0
  • Reply 18 of 139
    AppleZuluAppleZulu Posts: 1,989member
    rcfa said:
    It’s one thing to warn people against the practice, it’s another to prohibit people from doing something on devices they own.

    if I wanted to install Android on my iPhone (not that I ever wanted to) I should be able to do it: it’s my damn hardware.

    Apple can warn against a practice, refuse software support for devices with sideloaded apps, etc. but prohibiting, is another matter.

    Having used NeXTstep (aka macOS, iOS, Darwin) since version 0.8 I’d like to e.g. run a NeXT emulation software. With a “huge” hard drive back then being 8GB (split in four 2GB partitions) and a lot of RAM being 128MB, emulating a NeXT cube and running legacy software is something the iPad Pro can do without breaking a sweat. But it’s not possible without side loading and even that was sabotaged in the latest iOS releases. For no good reason, on a device of that class. Running things well isolated in a virtual machine isn’t or shouldn’t be a security risk.

    Heck even running virtualized macOS or Windows should not be an issue, that’s the whole point of virtual machines. Heck, Apple could run a virtual iOS session for third-party apps, totally isolated from the AppStore side of things.

    The excuses Apple brings for saving its revenue stream are transparent and invalid, at least as far as the latest crop of devices and their powerful hardware is concerned.
    You have the option to buy all the ‘freedom’ you want by purchasing an Android device. 

    I want the option to buy the device with the secure, locked down OS. Forcing Apple to adopt Android’s model would take that choice away from me. And no, I wouldn’t then be able to stay the same by choosing to only buy apps through the App Store. Clearly some developers of apps currently available through the App Store would choose to avoid it if they can. They want Apple’s customers, but they’d rather bypass Apple’s rules so they can scrape more user data and/or extract more money by shadier means. So I would lose options while you would gain different branded hardware with an Android-like experience. This would be a reduction of consumer choice disguised as “freedom.”

    Ironically, the only way left after that for consumers to (inefficiently and ineffectively) regain some of the lost iOS security and privacy protections would be through increased government interference and regulations of apps and operating systems. 
    BeatsGeorgeBMacwilliamlondonmike1radarthekaturaharajony0FileMakerFeller
  • Reply 19 of 139
    gatorguygatorguy Posts: 24,176member
    Rayz2016 said:
    How about this:

    As soon as you side load then your warranty is voided and you lose access to Apple Services?
    Why would the hardware warranty need to be voided unless it can be shown that some third-party software damages the hardware? As far as losing access to any Apple Services I can't see them cutting off their nose to spite their face. Apple makes a LOT of money from services. An occasional side-loaded app is less than a drop in a bucket. 
    GeorgeBMacmuthuk_vanalingamelijahg
  • Reply 20 of 139
    “Just as it’d be a bad idea to buy heart medications from a dude on the street …” 
    BeatslkruppFidonet127GeorgeBMacuraharajony0FileMakerFeller
Sign In or Register to comment.