The fight against the sideloading of apps continues, as Apple double downs on its stance against opening up its ecosystem in a new report, which pushes back against critics and regulatory pressure to open up its popular App Store.
Sideloading is the process of downloading and installing apps on a mobile device from a source other than the official App Store, such as a website or third-party app store. Standing firm that sideloading threatens users’ security and privacy, Apple’s latest report, Building A Trusted Ecosystem of Apps: A Threat Analysis of Sideloading, reiterates the security flaws that iPhone and iPad users would be exposing themselves to, should the option to sideload be forced upon the tech company.
In the report, Apple says that sideloading apps risks users to malware such as adware, ransomware, consumer spyware and banking and credential-stealing trojans. This has been a huge concern for the company, especially since CryCryptor ransomware posing as official COVID-19 tracing apps are becoming more and more common.
Even if users don’t have intentions to sideload apps, Apple is taking a stand on its decision to not open that gate for fear of exposing users to risks. While it might seem like an easy argument to make, Apple has had a good track record when it comes to securing its ecosystem against third party attacks, especially when compared to Google’s Android or Microsoft’s Windows. While not non-existent, malware on the Apple’s iOS is a rarity and the tech company feels that forcing sideloading would make the iPhone less secure and trustworthy for users.
Apple has been actively imposing safety and privacy measures within the App Store such as the Developer Enterprise Program and has been intensely vetting apps and developers on the App Store. The company feels that allowing sideloading will undo all their hard work to protect users and their privacy.
The company also believes that if sideloading was supported on iOS, the iPhone’s core on-device platform security protections would be undermined. Apple restricts apps from accessing sensitive hardware elements (such as the NFC chip, memory space, secure enclave etc) and sideloading would rid of the separation between apps and the operating system. With the operating system at risk, the iPhone won’t be able to prevent apps from stealing or modifying data without the user’s permission.
That said, there are legitimate reasons for supporting sideloading, such as bypassing the geo-restrictions put in place by app store owners that prevents the availability of a popular apps launched in one market, to consumers from another market. While there are no official numbers, it is known the US app store has a greater variety of apps that are not available outside of the United States.
As Android struggles to remove malicious apps and eradicate malware on their platform, Apple is choosing to avoid the problem altogether. And if they haven’t been clear enough, it’s a problem they want to avoid for a very long time.