Apple's head of privacy doubles down on anti-sideloading stance
As part of Apple's push on Wednesday morning, privacy lead Erik Neuenschwander reiterates the company's stance on sideloading on iOS -- and says that it actually reduces user choice.
Erik Neuenschwander, Director, User Privacy, at Apple
As Apple releases its study about how App Store curation protects users, the company's head of privacy has been explaining the publication and defending the position. Speaking to Fast Company magazine, Erik Neuenschwander, Director, User Privacy, says curation is a key part of keeping iOS users safe.
"Today, we have our technical defenses, we have our policy defenses, and then we still have the user's own smarts," Neuenschwander Mac">told the publication.
"Sideloading in this case is actually eliminating choice," he continues. "Users who want that direct access to applications without any kind of review have sideloading today on other platforms."
"The iOS platform is the one where users understand that they can't be tricked or duped into some dark alley or side road where they're going to end up with a sideloaded app, even if they didn't intend to," says Neuenschwander.
He points out that it is in the interest of bad actors to exploit opportunities, and specifically to work at fooling users into downloading their apps.
"Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."
"Really, you have to think very creatively, very expansively as an attacker would trying to go after so many users with such rich data on their device," he continued. "And so users will be attacked regardless of whether or not they intend to navigate app stores other than Apple's."
It is argue that while Apple insists on a curated, walled-garden for iOS apps, it does not for the Mac. Previously, Apple's Craig Federighi has said that gone as far as to say the Mac's security is not good enough, that it is "is not meeting that bar today."
Neuenschwander argues that the iPhone has to have far greater security, simply because of the different ways that people use their iOS devices compared to the Mac.
"[The iPhone is] the device you carry around with you," he told Fast Company. "So it knows your location. And therefore somebody who could attack that would get pattern-of-life details about you."
"It has a microphone, and therefore that's a microphone that could be around you much more than your Mac's microphone is likely to be," he continues. "So the kind of sensitive data [on the iPhone] is more enticing to an attacker."
"[Plus the] pattern of use of the Mac -- just the style, how people use that platform tends to be that they get a few applications that they use to do their job or their hobby, and then it kind of reaches a steady state," he says.
"But what we've all seen is that mobile platforms, including iPhone, are ones where users are downloading apps on a continuing basis," continues Neuenschwander. "And that gives an attacker more opportunities to get in and get at that user. So the threat on the iOS side is much higher than the threat on the Mac side."
Apple's new "Building a Trusted Ecosystem for Millions of Apps" publication is available here.
Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
Erik Neuenschwander, Director, User Privacy, at Apple
As Apple releases its study about how App Store curation protects users, the company's head of privacy has been explaining the publication and defending the position. Speaking to Fast Company magazine, Erik Neuenschwander, Director, User Privacy, says curation is a key part of keeping iOS users safe.
"Today, we have our technical defenses, we have our policy defenses, and then we still have the user's own smarts," Neuenschwander Mac">told the publication.
"Sideloading in this case is actually eliminating choice," he continues. "Users who want that direct access to applications without any kind of review have sideloading today on other platforms."
"The iOS platform is the one where users understand that they can't be tricked or duped into some dark alley or side road where they're going to end up with a sideloaded app, even if they didn't intend to," says Neuenschwander.
He points out that it is in the interest of bad actors to exploit opportunities, and specifically to work at fooling users into downloading their apps.
"Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."
"Really, you have to think very creatively, very expansively as an attacker would trying to go after so many users with such rich data on their device," he continued. "And so users will be attacked regardless of whether or not they intend to navigate app stores other than Apple's."
It is argue that while Apple insists on a curated, walled-garden for iOS apps, it does not for the Mac. Previously, Apple's Craig Federighi has said that gone as far as to say the Mac's security is not good enough, that it is "is not meeting that bar today."
Neuenschwander argues that the iPhone has to have far greater security, simply because of the different ways that people use their iOS devices compared to the Mac.
"[The iPhone is] the device you carry around with you," he told Fast Company. "So it knows your location. And therefore somebody who could attack that would get pattern-of-life details about you."
"It has a microphone, and therefore that's a microphone that could be around you much more than your Mac's microphone is likely to be," he continues. "So the kind of sensitive data [on the iPhone] is more enticing to an attacker."
"[Plus the] pattern of use of the Mac -- just the style, how people use that platform tends to be that they get a few applications that they use to do their job or their hobby, and then it kind of reaches a steady state," he says.
"But what we've all seen is that mobile platforms, including iPhone, are ones where users are downloading apps on a continuing basis," continues Neuenschwander. "And that gives an attacker more opportunities to get in and get at that user. So the threat on the iOS side is much higher than the threat on the Mac side."
Apple's new "Building a Trusted Ecosystem for Millions of Apps" publication is available here.
Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
Comments
Once iOS is open to any app, I would quit using it for any banking, medical, purchasing or anything dealing with my personal information. We all know every government has a group working on hacking iOS (and every other operating system) and forcing Apple to provide a key into the front door makes it very simple to force an app onto every iOS device making leaving it open for government monitoring. I'm sure none of us want this but this is what would happen and Apple would have a difficult time stopping it. Asian users (@Gatorguy) already have to fight their governments spying on them. Allowing side-loading makes it even easier.
Prove me wrong. If Apple is forced to allow side-loading, how will they be able to guarantee every app is safe to use? (They can't do this now.) How will they guarantee privacy on their devices? Who do I sue when I get a message or email or click on a website and malware that never worked before downloads code that unlocks my phone so they can continue to download more malware? It isn't Apple.
If you want to side load, you have plenty of non-Apple options.
Answer how to do this? Just keep sandboxing stuff in and make it even safer, make toggles in the settings that shout at you that do this at your own peril and separate toggle to allow running per executable. It’s not as if App Store itself is curated well enough not to have malicious crap in there.
Opening sideloading wouldn’t open some Pandora’s box like some think. And finally, I want iOS better (for me and I think I’m not alone, optional is not forcing others to do it) and just saying I should just pick Android if I’m not happy with something with iOS/macOS/watchOS in general is just lazy and unimaginative. They’re not perfect nor are any of Apples hardware.
I really would love to buy a Honda Accord but it doesn't come in the color I want. Do I have grounds to sue Honda because they aren't offering the product feature that I want?
It's already impossible for Apple (and Google for that matter) to prevent all malware from being installed from their official App Stores. Just how is Apple suppose to prevent all malware from being side loaded from the internet or third party app stores? And Google is not even close to preventing all malware from being side loaded with their Google Play Protect scanning of side loaded APK.
One can not argue that iOS is safer to use, without the ability for users to unlock a door to side load. iOS is much safer when there's no door at all. Maybe not for people as conscious about security risk as you are (or a lot of us here on an Apple forum), but there's a lot of iPhone users that aren't. Enough of them to attract more creative hackers to fool iOS users into unlocking that door.
Even Google realizes this, if this article is to be true .
https://9to5google.com/2019/12/06/google-advanced-protection-program-block-sideload/
Preventing side loading makes Android safer, for Android users enrolled in Google Advanced Protection Program.
I have far more faith in Apple's analysis of the outcomes than I do in any individual commentator: Apple have data from hundreds of millions of devices, collected over years. And the risk of a significant proportion of those devices being compromised by the requested functionality has to be proven to be exceedingly small before it's worth experimenting with (small risk multiplied by large possible impact = big risk).
Please provide data to back up your assumptions. We have the history of Windows malware, Android malware and the Cydia store, and current phishing and website hacking schemes to draw from, among others.
Security is always a trade-off. ALWAYS. Make things too hard for your users and they will find a way to bypass what you have put in place to safeguard them because you've accidentally made it too difficult to do what they want/need to do. Make it too easy and bad actors will bypass it.
Apple's approach is working pretty well, all things considered. Frankly, if you're interested enough to install whatever software you want on your iPhone, you're interested enough to set up a developer account, grab an IPA file and re-sign it so that you can install it on your device. Not convenient? Too bad, you're trading the convenience Apple already gives you for the freedom to do what you want - decide which is more important to you. No action is free from unintended consequences.
Data on showing that platform will turn into malware infested pile of goo? Look at your example Windows and then MacOS and Linux. Then you have Android and all the usual suspects. They all still exist, have become more secure over time. When an issue comes up it is addressed and not just ignored.
Malware exists now on iOS, would it become safer with sideloading? No, is it safe now? Honest answer is that *we do not know*, transparency at Apple is bad. Phishing websites work even if you don’t free up sideloading, look at MacOS you have to explicitly allow programs that don’t have a license to run, that can be done On iOS, just in case make it so that no apps that do not work in sandbox do not work/run or they are forced in one.
Frankly I have a developer account, but that is a bit beside the point as is arguing over unintended consequences.
Sure security is a trade off, but your phone is not safe as it is now either.