Apple explains security & privacy risks of side-loading in detailed new paper
Apple has published a new research paper taking a deep dive into some of the security and privacy risks of side-loading, or obtaining apps outside of the App Store.
Credit: Andrew O'Hara, AppleInsider
The whitepaper, "Building a Trust Ecosystem for Millions of Apps," is an update on a previous version released in June. It leaves behind the approach of using fictional characters to explain security threats in favor of a more academic tone.
From the start, the paper takes a hard stance against side-loading, claiming that the practice would "cripple the privacy and security protections that have made iPhone so secure, and expose users to serious security risks."
Apple says that being forced to allow side-loading on iOS would allow harmful apps to proliferate among users, take away user control once apps are already downloaded onto their systems, and mandate removing protections from sensitive areas on an iPhone. The company claims these risks would be present even if side-loading was only available through third-party app stores on a device.
"Users could be forced to sideload an app they need for work or school," Apple writes. "Users also may have no choice other than sideloading an app that they need to connect with family and friends because the app is not made available on the
App Store."
The rest of the paper takes a deep dive into the current mobile threat landscape, using statistics and examples of current spyware that leverage side-loading or tricking users to spread.
Apple gives specific malware examples too, including adware HiddenAds, ransomware CryCryptor, and surveillance app FakeSpy. Notably, those mobile threats are all present on Android, which Apple used as an example of the dangers of allowing side-loading.
The Cupertino tech giant highlights research suggesting that the iPhone is the most secure mobile consumer device. It also details some of the methods that make malware rare on the platform, including the App Review process and an iPhone's built-in layers of protection.
Apple has argued against wide adoption of side-loading in the past, including in court during the Epic Games v. Apple trial. Company CEO Tim Cook also spoke out against the practice in the EU earlier in 2021, claiming that it would threaten iPhone security.
Individual users can side-load through Xcode now, but it requires a modicum of technical ability to do so. Enterprise certificates exist as well, but there are restrictions on what it can be used for, what volumes of installs are allowed, and more.
While Android can be configured to allow side-loading, it is not shipped with the feature enabled by default. Both Google and Samsung consider it a security risk.
Compared to previous iterations of its security research, the new white paper is much more in-depth and features expanded information on what it believes are the threats of side-loading. The paper is available to download.
Read on AppleInsider
Credit: Andrew O'Hara, AppleInsider
The whitepaper, "Building a Trust Ecosystem for Millions of Apps," is an update on a previous version released in June. It leaves behind the approach of using fictional characters to explain security threats in favor of a more academic tone.
From the start, the paper takes a hard stance against side-loading, claiming that the practice would "cripple the privacy and security protections that have made iPhone so secure, and expose users to serious security risks."
Apple says that being forced to allow side-loading on iOS would allow harmful apps to proliferate among users, take away user control once apps are already downloaded onto their systems, and mandate removing protections from sensitive areas on an iPhone. The company claims these risks would be present even if side-loading was only available through third-party app stores on a device.
"Users could be forced to sideload an app they need for work or school," Apple writes. "Users also may have no choice other than sideloading an app that they need to connect with family and friends because the app is not made available on the
App Store."
The rest of the paper takes a deep dive into the current mobile threat landscape, using statistics and examples of current spyware that leverage side-loading or tricking users to spread.
Apple gives specific malware examples too, including adware HiddenAds, ransomware CryCryptor, and surveillance app FakeSpy. Notably, those mobile threats are all present on Android, which Apple used as an example of the dangers of allowing side-loading.
The Cupertino tech giant highlights research suggesting that the iPhone is the most secure mobile consumer device. It also details some of the methods that make malware rare on the platform, including the App Review process and an iPhone's built-in layers of protection.
The research paper comes in response to increasing talk of side-loading as a potential remedy for antitrust concerns. Both the U.S. and European Union, for example, are exploring legislation or rules that could force Apple to allow side-loading on its platforms.Forcing Apple to support sideloading on iOS through direct downloads or third-party app stores would weaken these layers of security and expose all users to new and serious security risks: It would allow harmful and illegitimate apps to reach users more easily; it would undermine the features that give users control over legitimate apps they download; and it would undermine iPhone on-device protections. Sideloading would be a step backwards for user security and privacy. Supporting sideloading on iOS devices would essentially turn them into "pocket PCs," returning to the days of virus-riddled PCs.
Apple has argued against wide adoption of side-loading in the past, including in court during the Epic Games v. Apple trial. Company CEO Tim Cook also spoke out against the practice in the EU earlier in 2021, claiming that it would threaten iPhone security.
Individual users can side-load through Xcode now, but it requires a modicum of technical ability to do so. Enterprise certificates exist as well, but there are restrictions on what it can be used for, what volumes of installs are allowed, and more.
While Android can be configured to allow side-loading, it is not shipped with the feature enabled by default. Both Google and Samsung consider it a security risk.
Compared to previous iterations of its security research, the new white paper is much more in-depth and features expanded information on what it believes are the threats of side-loading. The paper is available to download.
Read on AppleInsider
Comments
Secondly, we read all the articles about how leaky Android is regarding security but we don’t see reports of massive compromises of Android user’s. I know a lot of people who use Android phones and not one of them has lamented having their data stolen. Are they more careful than iOS users?
Apple has used the security and privacy issue as one of the pillars of its marketing campaigns. It’s a pillar that’s a little unstable these days.
1) For legitimate reasons they want to control what apps are associated with an Apple branded AppStore, as they affect the Apple brand.
OR
2) Apple wants to control privacy and security, then it must allow for more fine-grained access to resources (e.g. access to MAC addresses if the user confirms and the app can demonstrate a legitimate use during the application process) and permit all apps to be listed in their AppStore.
Also, there are some restrictions, like the ban on emulators, which in the context of sandboxed apps makes no sense. If someone ports e.g. Previous to iPadOS allowing legacy NeXT apps to run within a sandboxed emulator, exactly what are privacy implications supposed to be?
As it stands, sideloading aka installing apps, should always be possible; Apple can warn against the potential risks, but the decision must remain the users’.
I’m glad Apple doesn’t manufacture cutlery: it would be spoons only, because knives are dangerously sharp, and forks and chopsticks might get someone’s eyes poked…
Gaming consoles (which today offer more than gaming, 30% and closed as well) ...
Computers you say well yeah I'll trust my computer with my personal and financial data, NOT, for the reason it's an open door, though I'm not easily to fool, I;'m not so sure about my family members ...
Apple needs to be paid for the constant free updates/ hosting / reimbursement if for example you get tricked into IAP scams etc ...
Last but not least, not happy, there is choice out there, so buy something else ,,,, I do not want to manage another set of stores like on Windows, what a Fing nightmare that has become, hence the reason I'm switching to an AppleSilicon Mac soon.
From Wired and written by security researchers: “Android security is improving with every new release of the OS thanks to the security teams of Google and Samsung, so it became very hard and time-consuming to develop full chains of exploits for Android and it’s even harder to develop zero-click exploits not requiring any user interaction.” But on the other hand, he writes, “During the last few months, we have observed an increase in the number of iOS exploits, mostly Safari and iMessage chains, being developed and sold by researchers from all around the world. The zero-day market is so flooded by iOS exploits that we’ve recently started refusing some of them.”
Maor Shwartz, an independent vulnerability researcher who also spoke to Wired, agreed. He says that the majority of the targets are Android users, but the number of vulnerabilities is lower because a lot of those vulnerabilities have been patched. “Every researcher I’ve talked to, I’ve told them, if you want to make money, go focus on Android,” said Shwartz.
Shwartz also says that the reason Android vulnerabilities are more valued is because it’s harder to find a browser vulnerability in Chrome than Safari. That, combined with the difficulty of finding something called a “local privilege escalation exploit, makes Android a difficult target. Previously, this exploit was only hard to find in iOS, but recent security improvements have made it rare in Android as well.
Over the years, Google has also been silently strengthening Android by adding new file-based encryptions, modifying what resources an app can access and how, and adding mitigations to make hacking harder even with zero-day exploits. If you’re interested in learning more about this, watch Android’s principal software engineer, Narayan Kamath, go over the privacy features of the upcoming Android 11 in this video. Ironically, Shwartz credits these improvements to Android’s open source approach. For many years, the better security in Apple devices was attributed to its closed nature.
Instead of explaining something yourself you are only capable of telling others to “go read this” or “go watch that”. It’s the hallmark of someone who doesn’t know anything about the topic at hand, but has a strong opinion on it anyway. You lack the ability to formulate your own argument so you let others speak for you. As long as what they say aligns with your beliefs.
You are the Apple/Google tech equivalent of a fiat-Earther.
Then again the Commodore 64 had side loading but mostly because it didn't have enough space on the top of the machine so the drive/tape deck sat behind and was easier to get to if you put the door to the side.
iOS don't even have tape drives to side load from. ;-)
So, what's the risk when changing the OS on the device? For one thing, if you want to make "minimal" changes by keeping most of the code in place and "just" allowing side-loading, you're going to have to contend with Apple's copyright on iOS - you might be able to get away with making changes for personal use, but sharing that information (even for free) is opening you up to significant legal risk and most individuals don't have the resources to cope with that. You can put a modified version of Android on there (AOSP, anyway), but if you want Android on a phone it's a heckuva lot easier to just buy an Android phone.
What it all boils down to is that the risks and effort for an individual become much too high to make changes to the phone, even though the individual has the right to do so. Forming a community of like-minded individuals to share the effort doesn't actually reduce the legal risk by much. And this is why everyone who wants to side-load is clamouring for Apple to make the required changes - but Apple has financial incentives to not do it, and demonstrable benefits to the user base from not doing it.
So the complainers voice their frustrations online, discover that they're a minority, and try to use that minority status as influence with government regulators in that hope that Apple can be forced into spending millions of dollars to satisfy their whims. Even when Apple has a system to allow the loading of arbitrary code (but you need a free developer account, and you have to reload the software every seven days). Even when Apple has a system to allow the loading of precompiled apps (but you need to be registered with their Enterprise system so you can deploy those apps to devices with a specified profile).
No, no, these people think Apple should open up everything on the iPhone even if that has a significantly negative impact on hundreds of millions of people around the world because their own personal desires are not being met.
You know what? Western society has a mechanism for dealing with situations like this - it's called the free market. If you think it's so important to have these capabilities, go form a company, gather investors, and build your own damn phone. Discover how many people will give you money for your idea and implementation, and live with the consequences. Apple did it. You can too.
Very few users, whether on iOS or Android, wants to side load. They would rather get their apps from the Apple App Store or Google Play Store and pay for it using the account they already have with Apple or Google. And for most, they will not take the extra few steps to side load an app, even if that app is not available in the app store.
The people that mainly wants side loading are the developers that wants to avoid paying Apple or Google the commission. Or are offering apps that do not meet the security and privacy standards, to be in Apple or Google app stores. These are the people that are crying the loudest about not being able to side load on iOS devices.
Android can said to be as secure as iOS (for sure Gatorguy would say this) but Google has to work hard at it. Very hard. And even Google admits that preventing side loading is the better way to make Android devices more secure. They recommend to their users needing the highest security, to enroll in their Advance Protection Program, which prevents side loading apps over the internet, on their devices.
>This program was devised to offer extra protection for Google accounts owned by people who may be prominent targets of malware attacks and phishing scams, such as business leaders, political campaign teams, activists, journalists and so on. <
https://www.sammobile.com/news/google-new-advanced-protection-security-features-sideloading/
One thing for sure, with iOS devices, one don't have to worry about their old not so tech savvy parents or grandparents or young kids being scammed into loading a malicious app by way of an email link. Even Mac users can and have been known to, fall for that.
Any extra steps required or features removed, in order to side load, will be seen as Apple using the dominate power they have with their App Store, to be anti-completive. And the developers will sue.
Epic lawsuit against Google includes a claim that Google is behaving like an illegal monopolist with their Google Play Store, even though Android allows side loading and third party app stores. That's because Google puts up barriers to side loading. When side loading on Android, Google puts up various warnings, alerting the user to the danger of side loading. (Plus a few extra steps that might be scary or difficult to understand for some.) Even if one is side loading from a trusted site like Epic's website. Epic claims that this is anti-completive by discouraging users from side loading and puts developers that don't want to use the Google Play Store, at a disadvantage.
Developers would never allow Apple to get away with (specially in the EU) having iOS users that wants to side load apps, (even if it's just one app), give up some of the features in their devices, features that iOS users that will never side load apps on to their devices, gets to keep and use. if only a small percentage of iOS users would even consider side loading and put their devices in "side loading mode", then developers would lose easy access all the other iOS users not in "side loading mode". The big developers will not stand for this and won't quit crying about the users rights to side load until is just as easy and convenient to side load an app, as it is to load an app from the App Store. And to them, it's not about the rights of iOS users, but about their "rights" to not have to pay Apple a commission for making money using Apple IP.