Sideloading is a malware danger, Apple tells U.S. lawmakers

2»

Comments

  • Reply 21 of 33
    BlizzardBlizzard Posts: 34member
    Apple is just not credible, if side loading was such a danger, then why do they allow it on the MacOS?
  • Reply 22 of 33
    qwerty52qwerty52 Posts: 367member
    Apple should support third party curation, with some kind of revenue split. That way we can get better app stores, or at least better specialized app stores, but with Apple still getting the revenue it wants (and should receive) to ensure the App ecosystem is properly managed. This also isn't perfect, and it certainly has its own technical (and business) hurdles. But, it would solve one of the Apple App Store's biggest problem for both app developers and consumers, which is that it is a disorganized mess. 
    If you don’t like the way AppStore is working and the way it is organize, and you feel that you can do it better, why you don’t create your own OS and your own application store with your own regulations in it?
    it's very easy to say that the egg you are eating it’s not tasty, but try to lay an egg yourself!
    DBSync
  • Reply 23 of 33
    crowleycrowley Posts: 10,453member
    Blizzard said:
    Apple is just not credible, if side loading was such a danger, then why do they allow it on the MacOS?
    They offer several protections on macOS, including the ability to turn sideloading off altogether, and cautioning the user when opening applications downloading from the internet.  And running an unsigned application requires additional steps.  So they clearly feel it's something of a danger there too.
    rob53qwerty52DBSyncjony0
  • Reply 24 of 33
    netroxnetrox Posts: 1,415member
    Blizzard said:
    Apple is just not credible, if side loading was such a danger, then why do they allow it on the MacOS?
    Legacy reasons. Macs, like Windows, was created with little security in mind - they did not envision the threats that the Web would bring to them. After a decade of internet, Apple and MS took a note of how people download files not aware of the dangers and started to strengthen protections against them. 

    Even to this day, a lot of people have lost data or consigned to ransomeware. 


    qwerty52DBSyncjony0
  • Reply 25 of 33
    Side loading will harm many consumers. It will lead to an increase in fraud, an increase in personal data being stolen and all that follows. What I don’t understand is that there is a platform that allows it, a platform that most Android users say is better anyway. If you really want that aspect on your phone -side loading- there is the top selling ‘phone os’ available in multiple price points. So why turn iOS into what’s already there? It’s such a dumb argument that iOS has to be like Android. That consumers shouldn’t have a choice between systems. Ultimately that’s what the side loading fanatics are asking - make everything the same. 
    qwerty52DBSyncjony0
  • Reply 26 of 33
    dewmedewme Posts: 5,335member
    swineone said:
    Company that profits hugely from a 30% cut from non-sideloaded apps claims that sideloading is dangerous. It certainly is — to their bottom line.

    The only thing I’m surprised by is that anyone would even bother reading what Apple writes on the subject, given their inherent conflict of interest.
    Apple has a “vested interest” in maintaining the integrity and security of their platform against attack, just like individuals have a vested interest in maintaining the security of their home for the sake of themselves and their families. That’s the bottom line for me, integrity, safety, and security.

    Does putting locks on your doors and installing an alarm system constitute a “conflict of interest?” I don’t think so. Sanctioning jail breaking would in my opinion, allow a mechanism for third parties to install a new and unlocked door into your house through which they could enter at will. 

    Could a sandbox model be used to allow third parties access to just one or two isolated rooms of your house? I suppose such a scheme is possible, but why would the owner of a house agree to such a scheme when it consumes limited resources and allows a potential threat to be located in such close proximity and adjacent to the protected rooms in the same house? Not worth the risk for the homeowner, especially when the primary beneficiary is some third party trying to make a buck off of you. 
    edited March 2022
  • Reply 27 of 33
    technotechno Posts: 737member
    There is a typo in the first line: "...made by an expect about..."
    I think that should read "...made by an expert about..."
  • Reply 28 of 33
    netrox said:
    "The letter, sent on Thursday and seen by Reuters, talks about comments from computer security expert Bruce Schneider, where he says Apple's concerns about sideloading are "unfounded." "

    That computer security "expert" is definitely not trustworthy. Seriously, how can he even be qualified to make such a statement that is fundamentally wrong? 


    I suspect his comment is being taken out of context here, that's why it sounds so odd. We are literally getting a one-word quote. It would be interesting to read the full context. Schneier is an almost universally well-respected cryptography and security expert. I'm not saying he's infallible, but his credentials are unquestionable.
  • Reply 29 of 33
    MarvinMarvin Posts: 15,310moderator
    netrox said:
    "The letter, sent on Thursday and seen by Reuters, talks about comments from computer security expert Bruce Schneider, where he says Apple's concerns about sideloading are "unfounded." "

    That computer security "expert" is definitely not trustworthy. Seriously, how can he even be qualified to make such a statement that is fundamentally wrong? 
    I suspect his comment is being taken out of context here, that's why it sounds so odd. We are literally getting a one-word quote. It would be interesting to read the full context. Schneier is an almost universally well-respected cryptography and security expert. I'm not saying he's infallible, but his credentials are unquestionable.
    His letter is here:

    https://www.schneier.com/essays/archives/2022/01/letter-to-the-us-senate-judiciary-committee-on-app-stores.html
    https://www.eff.org/document/letter-bruce-schneier-senate-judiciary-regarding-app-store-security

    He's a typical Windows tech bro who thinks that running anti-virus software is the answer to security and says that all platforms are equally insecure. According to his blog, his wife uses a Mac and like typical tech bros, he likes to explain why she's naive in thinking she's more secure using a Mac. He gives the usual spiel about 'why can't we do everything on our phones that we can on Windows'. Because phones weren't designed that way and a phone doesn't have the same access to manage sensitive filesystem data that a desktop has. Nor does a desktop have as many attack vectors for highly personal information like location data, banking, biometrics, personal photos, chat logs, personal contacts. It's like he thinks he's going to be able to spool up a terminal window and grep around for malware files and keyloggers on a 5" touchscreen.

    There are some valid points in the letter like Chinese users being able to use a VPN that isn't approved by the App Store and the same applies for things like LGBT apps not approved in Russia, Saudi Arabia. These are issues with the governments of those countries, not the phones. They can't get Grindr on their Smart TVs either. They can also use other devices for these purposes.

    This guy uses the same flawed reasoning as everyone else supporting this - how dare Apple block users from installing what they want on their devices and how dare the government allow them to get away with it. This is totally ass-backwards. Apple didn't even have an App Store when they made the iPhone and they only allowed web apps. Developers wanted native software to make games. Apple didn't set out to create a monopoly, they gradually opened up security on the device and stopped at a point where they could maintain control of it and now run the largest, most secure App Store in the world. Apple's setup is standard across the entire industry of tech products, laptops/desktops are the exception. A few malicious developers got blocked from abusing customers and they want to pressure the government into forcing Apple to allow them to abuse customers and of course politicians who aren't qualified to run a grocery store think it's a great idea in the name of competition. Just like when they enforced cookie popups across the entire internet.

    All it would take is for one popular app like Genshin Impact to be made exclusive to a Chinese app store and then they have an attack vector that becomes a national security threat. Or a Russian messaging app:

    https://blog.malwarebytes.com/trojans/2022/01/purple-fox-rootkit-now-bundled-with-telegram-installer/

    Then hundreds of millions of Western users have malware or vulnerabilities running all across their devices and geniuses like Bruce Schneier will say, just install some popular malware scanner and have it running all the time in the background. Yeah that'll work real well on a mobile device.

    People will say, that hasn't happened on Android. Not so much in the West because 3rd party stores are blocked by default but it is prevalent on 3rd party stores as Bruce Schneier writes about:

    https://www.schneier.com/blog/archives/2021/03/system-update-new-android-malware.html
    https://blog.zimperium.com/new-advanced-android-malware-posing-as-system-update/
    https://www.schneier.com/blog/archives/2021/02/malicious-barcode-scanner-app.html
    https://www.schneier.com/blog/archives/2019/11/xhelper_malware.html
    https://www.schneier.com/blog/archives/2016/11/smartphone_secr.html
    https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html
    https://www.infosecurity-magazine.com/news/bruce-schneier-the-android-platform-is-where-the/

    It's pretty suspect when he openly writes about the security issues on Android with side-loading and 3rd party stores and then claims to politicians the problems don't exist. Maybe he has a malware scanner he wants to sell on iOS.

    It's way more of a problem in China, they block access to the Play Store and as soon as something like this is allowed on iOS, Apple will be locked out of China too. This is what Tencent wants, Tencent is Epic's publisher in China. This is worth $10b and it's what this is all about. Billion-dollar companies wanting to undermine Apple's business model and take the fees themselves and harvest user data that Apple currently blocks them from abusing. Facebook is one of those companies, they will make their own store and harvest personal data like never before. Then politicians will condemn Apple for allowing it to happen because that's how they are wired - they create a mess and then blame everybody else for it.
    netroxTenApplesUpOnTopdewmeDBSyncqwerty52killroyjony0
  • Reply 30 of 33
    sflocalsflocal Posts: 6,092member
    Of course side loading is a malware danger. That was never being debated. The solution is simple: A switch that turns on side loading and turns off features like the official Apple App Store and iCloud that would be compromised by a side loaded app. Users who enable side loading would use third party app stores on their device. It's perfect for older iOS devices that otherwise would otherwise collect dust and is also a great way to recycle old devices. I bet less than 10% of iOS users would enable side loading on an old device but if they want to they should be able to. This is why jailbreaking exists. Apple should just make an official way to jailbreak old devices and be done with it.
    Just stop.  Honestly, your constant rants about Apple is just an embarrassment.  I question your legitimacy as an actual "developer".  I think you're more a weekend wannabe developer than any real, legitimate one.  To even counter the nonsense of your post would be a waste of time.  Take a hike to the Android side and just go away.
    DBSyncqwerty52jony0
  • Reply 31 of 33
    killroykillroy Posts: 271member
    Blizzard said:
    Apple is just not credible, if side loading was such a danger, then why do they allow it on the MacOS?

    Macs are used to things that can not be done on a iPhone. Apps that run MacOS can cost in the thousands of dollars. And will not ever be seen in the app store.
    By the way those apps are checked by Apple.
    edited March 2022
  • Reply 32 of 33
    davidwdavidw Posts: 2,036member
    Blizzard said:
    Apple is just not credible, if side loading was such a danger, then why do they allow it on the MacOS?
    Because nearly every users of Macs and PC's  have software, games and drivers that they downloaded from websites like Microsoft, Adobe, Sony, Intuit, Blizzard, Epic, Canon, Epson, etc.. Software, games and drivers that they need and will still work on newer versions of OS's. Or software and games on a disc they bought from BestBuy, Walmart, Target, etc.. Or software that came on a disc for their digital cameras, game controllers, printers, scanners, etc.. If Apple were to no longer allow side loading on Macs, then how are these users suppose to install those software, games and drivers that they still need? App stores are relatively new for home computers OS's. 

    With a iOS devices , users don't have such software or games on their devices. Every installed software and game, since the first iDevice, had to come from the Apple App Store.

    iOS is much more secure than any MacOS. It's not that Apple chooses to allow side loading on Macs. There is no really no choice there. It's too late to make MacOS more secure, by not allowing side loading. But Apple can choose to not allow side loading on iOS devices, for security reasons, because they have that choice.   
    muthuk_vanalingamkillroy
  • Reply 33 of 33
    22july201322july2013 Posts: 3,564member
    Blizzard said:
    Apple is just not credible, if side loading was such a danger, then why do they allow it on the MacOS?
    I see your point. Your point is that if Apple chooses to make one OS open, they should be forced by the government to do the same thing everywhere. Your point is that Apple should not be free to sell more than one type of product. Your point is that you support government intrusion on everyone's freedom, especially Apple's. Your point is government control of our freedoms is a very good thing. Good for you. You have every legal right to be totalitarianistic and to express that view.
Sign In or Register to comment.