Sideloading is a malware danger, Apple tells U.S. lawmakers
Apple has written to the U.S. Senate Judiciary Committee to dispute claims made by an expect about sideloading, insisting its arguments about the technique being a malware vector are justified.
In February, the Senate Judiciary Committee voted to advance forward the Open Markets Act in February, legislation that could force Apple to allow the sideloading of apps. In a continued effort to fight the measure, Apple has written to lawmakers about malware dangers.
The letter, sent on Thursday and seen by Reuters, talks about comments from computer security expert Bruce Schneider, where he says Apple's concerns about sideloading are "unfounded."
In response, Apple argued that sideloading is beneficial to malware producers, as it relies on users being tricked to download it rather than requiring hackers to more directly break device security. The App Store review process "creates a high barrier against the most common scams used to distribute malware," writes Apple.
Though Apple does accept Schneider's comments that state-sponsored hackers have the potential to break device security directly, such attacks are a "rare threat" to consumers. "There is ample evidence showing third-party app stores are a key malware vector on platforms which support such stores," urges the iPhone maker.
Apple's letter was sent to Dick Durbin, the Senate Judiciary Committee chair, as well as its top Republican, Chuck Grassley. It was also sent to antitrust subcommittee chair Amy Klobuchar and its top Republican, Mike Lee.
In a previous letter to top Senate lawmakers on February 3, Apple said the Open Markets Act would harm user security and privacy. Sideloading "would enable bad actors to evade Apple's privacy and security protections by distributing apps without critical privacy and security checks."
The Open Markets Act is an antitrust bill that applies restrictions to Apple, Google, and other platform holders. It would ban policies preventing sideloading, as well as essentially forcing the acceptance of third-party payment systems, among other measures.
Read on AppleInsider
In February, the Senate Judiciary Committee voted to advance forward the Open Markets Act in February, legislation that could force Apple to allow the sideloading of apps. In a continued effort to fight the measure, Apple has written to lawmakers about malware dangers.
The letter, sent on Thursday and seen by Reuters, talks about comments from computer security expert Bruce Schneider, where he says Apple's concerns about sideloading are "unfounded."
In response, Apple argued that sideloading is beneficial to malware producers, as it relies on users being tricked to download it rather than requiring hackers to more directly break device security. The App Store review process "creates a high barrier against the most common scams used to distribute malware," writes Apple.
Though Apple does accept Schneider's comments that state-sponsored hackers have the potential to break device security directly, such attacks are a "rare threat" to consumers. "There is ample evidence showing third-party app stores are a key malware vector on platforms which support such stores," urges the iPhone maker.
Apple's letter was sent to Dick Durbin, the Senate Judiciary Committee chair, as well as its top Republican, Chuck Grassley. It was also sent to antitrust subcommittee chair Amy Klobuchar and its top Republican, Mike Lee.
In a previous letter to top Senate lawmakers on February 3, Apple said the Open Markets Act would harm user security and privacy. Sideloading "would enable bad actors to evade Apple's privacy and security protections by distributing apps without critical privacy and security checks."
The Open Markets Act is an antitrust bill that applies restrictions to Apple, Google, and other platform holders. It would ban policies preventing sideloading, as well as essentially forcing the acceptance of third-party payment systems, among other measures.
Read on AppleInsider
Comments
You are neglecting the fact that should side loading be allowed on iOS, companies like FaceBook would insist that any software developers who want data from FaceBook would be required to make their app "require side loading." That way FaceBook gets more data. And with a majority of software switching to side-loading to become more profitable, everything would have to be side loaded.
Allowing jailbreaking does not weaken iOS. It strengthens it. Currently jail breaking is possible in older versions of iOS. That's really bad for security because it means that apps the user downloads from the official App Store on those devices have their personal data exposed to other apps. With the method I propose, it means that side loaded apps would not have access to any secure information. Users would have to manage security on their own (or with third party apps). A jail broken iPhone would be exactly like a Mac Book, Windows PC or Raspberry Pi when it comes to security.
On the other side, the App Store review process was never good in preventing malware, more in being compliant with Apple's rules.
So I would like to see:
- iOS (and sandboxing) being more robust
- Sideloading being allowed, but with developer certificate (like on the Mac), so that bad apps can be wiped remotely by revoking the certificate
- 3rd party app store, that have their own review process and their own set of compliance rules
All in all I strongly believe this would help Apple to grow the platform and not be harmful at all!
It’s not going to be pretty.
I predict though that Apple will be who gets sued when people side load something that steals their data.
When you say "with the method I propose" are you saying that pressing that pressing that switch would prohibit any apps from accessing your location AND your address book AND your photos AND every other piece of data a user has on his device or in his iCloud? Do you really think there's any point to side-loading if the side-loaded app has NO access to ANY user data? Do you really think that's what FaceBook wants? No, they want access to ALL your data when they are side-loaded.
iPads, iPhones, Apple TVs, etc are general purpose computers, but are restricted by Apple from being programmed to behave as such. Apple's restrictions on these devices prevent apps from being general programming devices -- you can't install a c compiler, fortran, Julia, lisp, etc.
So, you can't turn these devices into network monitors, scanners which allow them to snoop around.
This is on my mind.
As an election official, the bogus claims of election fraud and the nonsense that voting machines were being controlled from China, Brazil, etc to change votes from Trump to Biden has strong backing by 70% of Republicans opens up the argument that anyone carrying an iPhone could be hacking into voting machines and thus invalidating every election result. I'm sure there is nothing that would prevent that story from gaining widespread adoption. No proof is necessary.
Of course, there is nothing to prevent these any machines from using http, or VNC protocols from controlling other machines if they've been designed to allow that connection.
There is nothing now that prevents any computer from monitoring insecure networks if users don't use VPN services.
At least, at this time, we can look to Apple to implement security protocols that limits snooping of, and by, our devices; but if side loading is allowed, no security of any kind is likely to be effective.
Maybe he’s like those doctors who used to say smoking was good for you. Say whatever aligns with those paying you.
There is no shortcut to thinking. One, or someone, needs to think in depth about the issues and facts to come to even tentative conclusions.
Nihilism is the result if it's enough to claim some bias to reject any discussion. If that's your approach, just believe anything you want, but don't claim any thought process was involved.
The people that mainly want side loading are the developers that have apps that don't adhere to Apple App Store policies or those wanting to download pirated apps or apps that cater to pirating. Apps that poses a security issue for Apple. The loss of App Store revenue for Apple from side loading, would only amount to a rounding error. If even that. (And that's not factoring the added revenue from the Android users that wants to be able to side load, that would be switching to iPhones and iPads.)
And think about this, the developers passes the commission to the customers. With iOS, small developers that don't have the means to provide side loading or their own payment method, don't have to compete with other developers that can sell their apps at a lower cost because of side loading and not having to pay the commission. Or worry about their apps being pirated by "cracked apps" app stores like the ones easily available on Android. iOS is a level playing field or at least more level than Android. Which maybe why developers make more money with iOS App Store.
That computer security "expert" is definitely not trustworthy. Seriously, how can he even be qualified to make such a statement that is fundamentally wrong?
Geez, not surprisingly, another clueless post from you.
Apple is not stopping you from using your Apple hardware as a paperweight, door stop, hammer, Frisbee, etc. It's your hardware, you bought and paid for it, you own it. Apple is not stopping you from installing jailbreak software, so you can do all the wonderful things you want with your Apple hardware, that you bought and paid for.
But iOS is not yours to do as you wish. iOS is Apple copyrights/patented IP. Apple do not have to make any changes to iOS, for the benefit of a very few. Just because you bought and paid for the Apple hardware, it doesn't mean that Apple have to make changes to iOS so that you can use the Apple hardware as you wish. If Apple hardware didn't do the things you needed it to do, then you should not have bought it.
When you buy a DVD or CD, can you do what you want with the copyrighted works on them? Why not, after all, you bought and paid for the DVD or CD? Why can't you make copies of those copyrighted IP and sell them at the flea market? Why can't you use any of those copyrighted works to make money with commercially? Why can't you sell tickets to a concert of you covering the songs on the CD that you bought and paid for? Or open your own theater and charge an admission to the public, to watch the DVD you bought and paid for, on a big screen? It's NO to all, because you do not own the copyrighted works, no matter how much you think that you do, because you bought and paid for the physical media they are on.
So are you suggesting, that Apple should invest in creating special new iOS versions, only to make old Apple devices be able to use third party app stores?…..
Without collecting any commission?…..
And why Apple should do this?
Apple is not a charity organization, remember?