Apple's head of privacy doubles down on anti-sideloading stance

Posted:
in iOS
As part of Apple's push on Wednesday morning, privacy lead Erik Neuenschwander reiterates the company's stance on sideloading on iOS -- and says that it actually reduces user choice.

Erik Neuenschwander, Director, User Privacy, at Apple
Erik Neuenschwander, Director, User Privacy, at Apple


As Apple releases its study about how App Store curation protects users, the company's head of privacy has been explaining the publication and defending the position. Speaking to Fast Company magazine, Erik Neuenschwander, Director, User Privacy, says curation is a key part of keeping iOS users safe.

"Today, we have our technical defenses, we have our policy defenses, and then we still have the user's own smarts," Neuenschwander Mac">told the publication.

"Sideloading in this case is actually eliminating choice," he continues. "Users who want that direct access to applications without any kind of review have sideloading today on other platforms."

"The iOS platform is the one where users understand that they can't be tricked or duped into some dark alley or side road where they're going to end up with a sideloaded app, even if they didn't intend to," says Neuenschwander.

He points out that it is in the interest of bad actors to exploit opportunities, and specifically to work at fooling users into downloading their apps.

"Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."

"Really, you have to think very creatively, very expansively as an attacker would trying to go after so many users with such rich data on their device," he continued. "And so users will be attacked regardless of whether or not they intend to navigate app stores other than Apple's."

It is argue that while Apple insists on a curated, walled-garden for iOS apps, it does not for the Mac. Previously, Apple's Craig Federighi has said that gone as far as to say the Mac's security is not good enough, that it is "is not meeting that bar today."

Neuenschwander argues that the iPhone has to have far greater security, simply because of the different ways that people use their iOS devices compared to the Mac.

"[The iPhone is] the device you carry around with you," he told Fast Company. "So it knows your location. And therefore somebody who could attack that would get pattern-of-life details about you."

"It has a microphone, and therefore that's a microphone that could be around you much more than your Mac's microphone is likely to be," he continues. "So the kind of sensitive data [on the iPhone] is more enticing to an attacker."

"[Plus the] pattern of use of the Mac -- just the style, how people use that platform tends to be that they get a few applications that they use to do their job or their hobby, and then it kind of reaches a steady state," he says.

"But what we've all seen is that mobile platforms, including iPhone, are ones where users are downloading apps on a continuing basis," continues Neuenschwander. "And that gives an attacker more opportunities to get in and get at that user. So the threat on the iOS side is much higher than the threat on the Mac side."

Apple's new "Building a Trusted Ecosystem for Millions of Apps" publication is available here.

Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
Dogperson
«1

Comments

  • Reply 1 of 22
    "Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."
    While I in no way, shape, or form support forcing Apple to open up to other App Stores, this particular argument doesn't hold much water.  Apple could add a switch to iOS that simply disallows purchases or downloads from any App Store but Apple's own.  Such an option could be set to "disallow" by default.  Flipping that switch off could require authentication, i.e. password, Touch ID, or Face ID.
    edited June 23 michelb76
  • Reply 2 of 22
    gatorguygatorguy Posts: 23,171member
    "Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."
    While I in no way, shape, or form support forcing Apple to open up to other App Stores, this particular argument doesn't hold much water.  Apple could add a switch to iOS that simply disallows purchases or downloads from any App Store but Apple's own.  Such an option could be set to "disallow" by default.  Flipping that switch off could require authentication, i.e. password, Touch ID, or Face ID.
    Exactly. No one forced to allow side-loading. My opinion is this has far more to do with protecting services revenue. While I don't think US owners would play much outside of the official Apple AppStore, I think Asian and Chinese iPhone/iPad owners would be more comfortably with doing so. Apple might see some slide in those regions AppStore profits which is what all the distraction from "security" handwringing is trying to avoid.
    muthuk_vanalingam
  • Reply 3 of 22
    rob53rob53 Posts: 2,646member
    The problem I see with a setting to allow side-loading means there's a software ability to easily hack iOS. It's not a backdoor, it would be a front door without much of any lock on it. If the ability to side-load an app is included in iOS, it will be used to bypass iOS security and it will succeed. Most consumers don't know how to make any changes to their iOS devices or their PCs. They just want them to work out of the box. I'd guess almost 100% of the people reading AI know, or can figure out, how to make changes to their devices and what those changes do. We're not Apple's primary customers. People do things all the time they aren't supposed to do. That's what almost everything we buy has a safety label on it. Do people read and understand what the consequences of misuse are? I would hope most do. Apple has tried to protect consumers from scams and outright theft of personal information and that comes with forced limitations on usage. Can any of you envision what would happen if Apple is forced to allow a wide open iOS environment? I can, it's called early Android where nobody could really trust anything happening on their phones. 

    Once iOS is open to any app, I would quit using it for any banking, medical, purchasing or anything dealing with my personal information. We all know every government has a group working on hacking iOS (and every other operating system) and forcing Apple to provide a key into the front door makes it very simple to force an app onto every iOS device making leaving it open for government monitoring. I'm sure none of us want this but this is what would happen and Apple would have a difficult time stopping it. Asian users (@Gatorguy) already have to fight their governments spying on them. Allowing side-loading makes it even easier. 

    Prove me wrong. If Apple is forced to allow side-loading, how will they be able to guarantee every app is safe to use? (They can't do this now.) How will they guarantee privacy on their devices? Who do I sue when I get a message or email or click on a website and malware that never worked before downloads code that unlocks my phone so they can continue to download more malware? It isn't Apple. 

    meterestnzbshankjas99watto_cobrajony0
  • Reply 4 of 22
    tjwolftjwolf Posts: 398member
    "Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."
    While I in no way, shape, or form support forcing Apple to open up to other App Stores, this particular argument doesn't hold much water.  Apple could add a switch to iOS that simply disallows purchases or downloads from any App Store but Apple's own.  Such an option could be set to "disallow" by default.  Flipping that switch off could require authentication, i.e. password, Touch ID, or Face ID.
    I disagree.  First of all, there are lots of people who would flip that switch simply because they wanted to get that one cool app that is only available from outside the App Store....and then forget to flip it back.
    Then there the millions of families who have several iPhones and/or iPads under the same Apple ID.  What if my daughter decides to flip that switch because her classmates point her to some cool app that she "just gotta have".  See above for the first issue.  But additionally, now her compromised device is affecting mine and my wife's iPhone as well!  Once that malicious app has gotten into one Apple device, it has the opportunity to get into others much more easily due to Apple's great integration between devices.
    bshankjas99auxiowatto_cobrajony0
  • Reply 5 of 22
    jungmarkjungmark Posts: 6,867member
    "Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."
    While I in no way, shape, or form support forcing Apple to open up to other App Stores, this particular argument doesn't hold much water.  Apple could add a switch to iOS that simply disallows purchases or downloads from any App Store but Apple's own.  Such an option could be set to "disallow" by default.  Flipping that switch off could require authentication, i.e. password, Touch ID, or Face ID.
    You’re too naive to think side-loaded apps won’t contain Trojan horses to effectively make that toggle useless or worse. 
    jas99FileMakerFellerjony0
  • Reply 6 of 22
    dmcdeedmcdee Posts: 6member
    Those who wish to sideload can jail break, even iOS 14.6 - or buy into Android.  I suspect the real issue is that some would-be sideloaders want to retain Apple's protection/guarantee of quality experience.  I too on occasion would like to have my cake after eating it.
    FileMakerFellerwatto_cobrajony0
  • Reply 7 of 22
    gatorguy said:
    "Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."
    While I in no way, shape, or form support forcing Apple to open up to other App Stores, this particular argument doesn't hold much water.  Apple could add a switch to iOS that simply disallows purchases or downloads from any App Store but Apple's own.  Such an option could be set to "disallow" by default.  Flipping that switch off could require authentication, i.e. password, Touch ID, or Face ID.
    Exactly. No one forced to allow side-loading. My opinion is this has far more to do with protecting services revenue. While I don't think US owners would play much outside of the official Apple AppStore, I think Asian and Chinese iPhone/iPad owners would be more comfortably with doing so. Apple might see some slide in those regions AppStore profits which is what all the distraction from "security" handwringing is trying to avoid.
    Your both missing a major point. You are only looking at today’s picture with all Apps on the Apple App Store. Picture if you will, major developers experimenting with their own web stores — Omni, 1Password, DEVONthink, etc. We would all be forced for one App or another to side load. Whatever form it takes, in this direction lies chaos. 
    tmayjas99watto_cobrajony0
  • Reply 8 of 22
    jas99jas99 Posts: 55member
    So this whole debate is over choice. The argument is that people who want to load software from anywhere should have the choice.
    What about my choice? I choose iOS because it protects my financial transactions and privacy as much as possible.
    If I didn't care about that I'd use Android.
    As expertly explained above, once side loading is allowed security is gone.
    Why is my ability to choose a high-security ecosystem less important that someone else's choice to load unregulated apps?
    Their choice eliminates my ability to choose.
    I argue giving the marketplace the choice of a high-security system is simply crucial and outweighs the minor inconvenience of not being able to load any unregulated software from any dark corner of the hacker-sphere.
    If you want to side load, you have plenty of non-Apple options.
    Let me be secure online!
    bsimpsenFileMakerFellerArchStantonwatto_cobrajony0Detnator
  • Reply 9 of 22
    nadrielnadriel Posts: 58member
    Yes, free up sideloading. This won’t kill App Store nor create some kind of plague of “cool” apps to be sideloaded that are actually  Trojan horse, malware or whatever.. for example this would open up open source apps, it does cost to put apps on App Store you know? And finally I’m really skeptical of any success of outside stores.

    Answer how to do this? Just keep sandboxing stuff in and make it even safer, make toggles in the settings that shout at you that do this at your own peril and separate toggle to allow running per executable. It’s not as if App Store itself is curated well enough not to have malicious crap in there.

    Opening sideloading wouldn’t open some Pandora’s box like some think. And finally, I want iOS better (for me and I think I’m not alone, optional is not forcing others to do it) and just saying I should just pick Android if I’m not happy with something with iOS/macOS/watchOS in general is just lazy and unimaginative. They’re not perfect nor are any of Apples hardware.
  • Reply 10 of 22
    Hold on a sec. Many people have side loaded apps on several platforms without anything bad happening. I side loaded apps on the Oculus Quest. It was a great way to try technology, such as wireless VR, that was not yet ready for most users. Mr. Neuenschwander's arguments are ingenuine. First, there is no actual protection from scam apps on the iOS App Store. There is only the perception of safety. Scam apps keep making their way through the app review process no matter what Apple claims. Second, there is little evidence of users getting scammed by side loaded apps. The truth is that the kind of user that would choose to side load an app is the same type that would be careful and only download them from reputable sites having read reviews from other users. Apple could allow side loaded apps if it fire walled them from the rest of iOS. Give them their own file system and network access but do not allow them to share data with App Store apps.
    edited June 23
  • Reply 11 of 22
    A concrete example: Google just released their new $99 Pixel earbuds. They use Google's assistant rather than Siri. Let's say you prefer to use Google's assistant and want to use the Pixel Buds on your iPhone. Right now you can't do that because Apple won't let you use the Google assistant automatically with the Pixel Buds. If Apple allowed side loading, you could load Google's assistant app and it would connect your Pixel Buds to Google's assistant. Now explain how side loading an official Google app reduces your security or choices as a consumer?
  • Reply 12 of 22
    tundraboytundraboy Posts: 1,768member
    "Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."
    While I in no way, shape, or form support forcing Apple to open up to other App Stores, this particular argument doesn't hold much water.  Apple could add a switch to iOS that simply disallows purchases or downloads from any App Store but Apple's own.  Such an option could be set to "disallow" by default.  Flipping that switch off could require authentication, i.e. password, Touch ID, or Face ID.
    Don't assume that every iPhone owner is as smart as you.  The internet is rife with people who are phished into turning off their security settings and are then fleeced substantial sums.  Most of these are elderly people who did not grow up using technology.  There is a need for a device that is highly secure and Apple is trying to fill that need.
    FileMakerFellermuthuk_vanalingamwatto_cobra
  • Reply 13 of 22
    tundraboytundraboy Posts: 1,768member
    A concrete example: Google just released their new $99 Pixel earbuds. They use Google's assistant rather than Siri. Let's say you prefer to use Google's assistant and want to use the Pixel Buds on your iPhone. Right now you can't do that because Apple won't let you use the Google assistant automatically with the Pixel Buds. If Apple allowed side loading, you could load Google's assistant app and it would connect your Pixel Buds to Google's assistant. Now explain how side loading an official Google app reduces your security or choices as a consumer?
    Google might be trustworthy (a highly dubious proposition) but some other developer might not be.  Now explain how Apple can allow side loading from some developers but not from others.

    I really would love to buy a Honda Accord but it doesn't come in the color I want.  Do I have grounds to sue Honda because they aren't offering the product feature that I want?
    edited June 23 jas99tmayFileMakerFellerwatto_cobrajony0
  • Reply 14 of 22
    davidwdavidw Posts: 1,329member
    A concrete example: Google just released their new $99 Pixel earbuds. They use Google's assistant rather than Siri. Let's say you prefer to use Google's assistant and want to use the Pixel Buds on your iPhone. Right now you can't do that because Apple won't let you use the Google assistant automatically with the Pixel Buds. If Apple allowed side loading, you could load Google's assistant app and it would connect your Pixel Buds to Google's assistant. Now explain how side loading an official Google app reduces your security or choices as a consumer?
    Because as a person in the article stated ...... hackers are a creative bunch. If side loading is allowed on iOS, then they will try to fool iPhone users into thinking that they are side loading Google Assistance from an official Google site. They don't have to be good enough to fool every iPhone users or even just 1% of them, to make their effort worth while.

    It's already impossible for Apple (and Google for that matter) to prevent all malware from being installed from their official App Stores. Just how is Apple suppose to prevent all malware from being side loaded from the internet or third party app stores? And Google is not even close to preventing all malware from being side loaded with their Google Play Protect scanning of side loaded APK.

    One can not argue that iOS is safer to use, without the ability for users to unlock a door to side load. iOS is much safer when there's no door at all. Maybe not for people as conscious about security risk as you are (or a lot of us here on an Apple forum), but there's a lot of iPhone users that aren't. Enough of them to attract more creative hackers to fool iOS users into unlocking that door.   

    Even Google realizes this, if this article is to be true .

    https://9to5google.com/2019/12/06/google-advanced-protection-program-block-sideload/

    Preventing side loading makes Android safer, for Android users enrolled in Google Advanced Protection Program.

      
    edited June 23 jas99tmaywatto_cobrajony0
  • Reply 15 of 22
    tundraboy said:
    A concrete example: Google just released their new $99 Pixel earbuds. They use Google's assistant rather than Siri. Let's say you prefer to use Google's assistant and want to use the Pixel Buds on your iPhone. Right now you can't do that because Apple won't let you use the Google assistant automatically with the Pixel Buds. If Apple allowed side loading, you could load Google's assistant app and it would connect your Pixel Buds to Google's assistant. Now explain how side loading an official Google app reduces your security or choices as a consumer?
    Google might be trustworthy (a highly dubious proposition) but some other developer might not be.  Now explain how Apple can allow side loading from some developers but not from others.

    I really would love to buy a Honda Accord but it doesn't come in the color I want.  Do I have grounds to sue Honda because they aren't offering the product feature that I want?
    Right, and you should be able to make that choice. I should be able to make it for myself as well. Not Apple.
  • Reply 16 of 22
    davidw said:
    A concrete example: Google just released their new $99 Pixel earbuds. They use Google's assistant rather than Siri. Let's say you prefer to use Google's assistant and want to use the Pixel Buds on your iPhone. Right now you can't do that because Apple won't let you use the Google assistant automatically with the Pixel Buds. If Apple allowed side loading, you could load Google's assistant app and it would connect your Pixel Buds to Google's assistant. Now explain how side loading an official Google app reduces your security or choices as a consumer?
    Because as a person in the article stated ...... hackers are a creative bunch. If side loading is allowed on iOS, then they will try to fool iPhone users into thinking that they are side loading Google Assistance from an official Google site. They don't have to be good enough to fool every iPhone users or even just 1% of them, to make their effort worth while.

    It's already impossible for Apple (and Google for that matter) to prevent all malware from being installed from their official App Stores. Just how is Apple suppose to prevent all malware from being side loaded from the internet or third party app stores? And Google is not even close to preventing all malware from being side loaded with their Google Play Protect scanning of side loaded APK.

    One can not argue that iOS is safer to use, without the ability for users to unlock a door to side load. iOS is much safer when there's no door at all. Maybe not for people as conscious about security risk as you are (or a lot of us here on an Apple forum), but there's a lot of iPhone users that aren't. Enough of them to attract more creative hackers to fool iOS users into unlocking that door.   

    Even Google realizes this, if this article is to be true .

    https://9to5google.com/2019/12/06/google-advanced-protection-program-block-sideload/

    Preventing side loading makes Android safer, for Android users enrolled in Google Advanced Protection Program.
    No one can make any computer perfectly safe and still have it be functional. I am totally in favor of users being able to choose to keep their computers and other smart devices as safe as possible. I will continue to do that with most of the devices I use but I still want the option to install some very special and very powerful software on a few devices I designate as less safe. This is a choice many people make every day. It's the choice I want to have on iOS.
  • Reply 17 of 22
    Hold on a sec. Many people have side loaded apps on several platforms without anything bad happening. I side loaded apps on the Oculus Quest. It was a great way to try technology, such as wireless VR, that was not yet ready for most users. Mr. Neuenschwander's arguments are ingenuine. First, there is no actual protection from scam apps on the iOS App Store. There is only the perception of safety. Scam apps keep making their way through the app review process no matter what Apple claims. Second, there is little evidence of users getting scammed by side loaded apps. The truth is that the kind of user that would choose to side load an app is the same type that would be careful and only download them from reputable sites having read reviews from other users. Apple could allow side loaded apps if it fire walled them from the rest of iOS. Give them their own file system and network access but do not allow them to share data with App Store apps.
    Emphasis added to the part of your post that seems like a fantasy. The kind of a user that would choose to side load an app is the same one that would hand over their credit card details for "age verification purposes only" on a porn site. Most people, having decided they want something, will move quickly and habitually to eliminate the obstacles to having that something. Look at how popular the jailbreaking community was in the early days of the iPhone, remember the number of people who had a friend jailbreak their device for them, remember the number of pirated apps on Cydia and other stores, remember how many apps were free but contained malware, etc, etc.

    I have far more faith in Apple's analysis of the outcomes than I do in any individual commentator: Apple have data from hundreds of millions of devices, collected over years. And the risk of a significant proportion of those devices being compromised by the requested functionality has to be proven to be exceedingly small before it's worth experimenting with (small risk multiplied by large possible impact = big risk).
    watto_cobra
  • Reply 18 of 22

    nadriel said:
    Yes, free up sideloading. This won’t kill App Store nor create some kind of plague of “cool” apps to be sideloaded that are actually  Trojan horse, malware or whatever.. for example this would open up open source apps, it does cost to put apps on App Store you know? And finally I’m really skeptical of any success of outside stores.

    Answer how to do this? Just keep sandboxing stuff in and make it even safer, make toggles in the settings that shout at you that do this at your own peril and separate toggle to allow running per executable. It’s not as if App Store itself is curated well enough not to have malicious crap in there.

    Opening sideloading wouldn’t open some Pandora’s box like some think. And finally, I want iOS better (for me and I think I’m not alone, optional is not forcing others to do it) and just saying I should just pick Android if I’m not happy with something with iOS/macOS/watchOS in general is just lazy and unimaginative. They’re not perfect nor are any of Apples hardware.
    Please provide data to back up your assumptions. We have the history of Windows malware, Android malware and the Cydia store, and current phishing and website hacking schemes to draw from, among others.

    Security is always a trade-off. ALWAYS. Make things too hard for your users and they will find a way to bypass what you have put in place to safeguard them because you've accidentally made it too difficult to do what they want/need to do. Make it too easy and bad actors will bypass it.

    Apple's approach is working pretty well, all things considered. Frankly, if you're interested enough to install whatever software you want on your iPhone, you're interested enough to set up a developer account, grab an IPA file and re-sign it so that you can install it on your device. Not convenient? Too bad, you're trading the convenience Apple already gives you for the freedom to do what you want - decide which is more important to you. No action is free from unintended consequences.
    muthuk_vanalingamwatto_cobra
  • Reply 19 of 22
    nadrielnadriel Posts: 58member

    nadriel said:
    Yes, free up sideloading. This won’t kill App Store nor create some kind of plague of “cool” apps to be sideloaded that are actually  Trojan horse, malware or whatever.. for example this would open up open source apps, it does cost to put apps on App Store you know? And finally I’m really skeptical of any success of outside stores.

    Answer how to do this? Just keep sandboxing stuff in and make it even safer, make toggles in the settings that shout at you that do this at your own peril and separate toggle to allow running per executable. It’s not as if App Store itself is curated well enough not to have malicious crap in there.

    Opening sideloading wouldn’t open some Pandora’s box like some think. And finally, I want iOS better (for me and I think I’m not alone, optional is not forcing others to do it) and just saying I should just pick Android if I’m not happy with something with iOS/macOS/watchOS in general is just lazy and unimaginative. They’re not perfect nor are any of Apples hardware.
    Please provide data to back up your assumptions. We have the history of Windows malware, Android malware and the Cydia store, and current phishing and website hacking schemes to draw from, among others.

    Security is always a trade-off. ALWAYS. Make things too hard for your users and they will find a way to bypass what you have put in place to safeguard them because you've accidentally made it too difficult to do what they want/need to do. Make it too easy and bad actors will bypass it.

    Apple's approach is working pretty well, all things considered. Frankly, if you're interested enough to install whatever software you want on your iPhone, you're interested enough to set up a developer account, grab an IPA file and re-sign it so that you can install it on your device. Not convenient? Too bad, you're trading the convenience Apple already gives you for the freedom to do what you want - decide which is more important to you. No action is free from unintended consequences.
    Provide data to what part? Not killing App Store? Android has multiple stores with google store being the bigges in number of apps https://www.statista.com/statistics/276623/number-of-apps-available-in-leading-app-stores/ I don’t think I can pull out enough data in the market share, but clearly it’s the most loaded one with only apple App Store come even a little close.

    Data on showing that platform will turn into malware infested pile of goo? Look at your example Windows and then MacOS and Linux. Then you have Android and all the usual suspects. They all still exist, have become more secure over time. When an issue comes up it is addressed and not just ignored. 

    Malware exists now on iOS, would it become safer with sideloading? No, is it safe now? Honest answer is that *we do not know*, transparency at Apple is bad. Phishing websites work even if you don’t free up sideloading, look at MacOS you have to explicitly allow programs that don’t have a license to run, that can be done On iOS, just in case make it so that no apps that do not work in sandbox do not work/run or they are forced in one. 

    Frankly I have a developer account, but that is a bit beside the point as is arguing over unintended consequences. 

    Sure security is a trade off, but your phone is not safe as it is now either. 

    Edit: found some sentences without verbs and I don’t mean to sound hostile so don’t take it that way. 
    edited June 24
  • Reply 20 of 22
    jungmark said:
    "Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."
    While I in no way, shape, or form support forcing Apple to open up to other App Stores, this particular argument doesn't hold much water.  Apple could add a switch to iOS that simply disallows purchases or downloads from any App Store but Apple's own.  Such an option could be set to "disallow" by default.  Flipping that switch off could require authentication, i.e. password, Touch ID, or Face ID.
    You’re too naive to think side-loaded apps won’t contain Trojan horses to effectively make that toggle useless or worse. 
    No, actually, I'm not.  It's just irrelevant to my point.
Sign In or Register to comment.