Apple has released a new report entitled “Building Trusted Ecosystem For Millions of Apps” to combat sideloading apps to circumvent the App Store. Sideloading allows you to access popular apps that have been removed from the App Store due to privacy or security concerns, such as Fortnite. Apple’s latest report labels any sideloaded app a “serious cybersecurity risk” and states that sideloading could do everything, from putting ransomware onto people’s phones to stealing personal information.
Apple says sideloading apps would poke holes in its walled garden.
The 16-page Apple report starts by praising the company’s trust ecosystem as being free from malware, personal data theft, and other security threats. The report then states that sideloading apps could cause a flood of hacking and other threats to the platform. According to the report, Sideloaded apps can bypass parental controls, install ransomware, lead users to inadvertent pirates, and leak personal information. It ends with a list of Apple’s safety features, including automated scanning of AppStore uploads, the App Review process all developers must go through, limitations on personal data collection, and support and refund procedures.
This report doesn’t reveal anything new and is likely to be used as a PR move, as Apple is currently facing multiple antitrust investigations in different parts of the globe and lawsuits alleging anticompetitive behavior. Apple’s legal battle with Epic has just concluded. A decision is currently pending. Some legal experts believe that Epic did enough to force Apple to change its store policies. Similar lawsuits have been filed in Europe, including one by Spotify. The suit alleges that Apple’s platform has become a monopoly and that developers are subject to unfair terms. Epic was particularly critical of Apple’s 30% mandatory cut on sales through its platform. This is something many other antitrust actions have raised. In addition, the Epic was banned for making Fortnite purchases via other places than the iOS version. Epic has since provided users with the option to sideload their Epic Games app.
Critics say Apple overstates security risks.
The response from the various forces that gathered against Apple was predictable. Epic Games’ head Tim Sweney called the report “a sea of lies.” Many social media users pointed out that the burglarizing Fox illustration could also reference Apple taking 30% of all transactions. However, some developers had a more nuanced perspective. While they agreed with Apple’s sideloading of apps would make the platform less secure, they argued that the company should be proactive and make controlled changes to prevent governments from forcing a wider change that could create a greater security threat.
Although Apple has enjoyed a long-standing reputation for security, it is mostly based on the viewpoint of an end-user who downloads apps without knowing the dangers. Apple doesn’t always have a clear advantage in all situations. Sideloading apps is possible with Android, but privacy settings are more restrictive for controlling what apps can access on the device. While security flaws in iOS and core apps are less common, they can still be very valuable and develop occasionally. Malicious actors will go to greater lengths to keep them hidden and quiet and even exploit them for longer periods before others are aware. The iPhone’s security has been particularly compromised this year, with at most seven updates needed to fix new vulnerabilities (as of May 31).
Although the antitrust cases do not require Apple to allow sideloading, they argue that the App Store should adopt a more open model similar to Google’s Play Store and takes less from its developers. Sideloading apps are allowed on Android, but they will not be permitted unless they activate the “Install Unknown Apps” setting. Permissions can be set individually for each app. One possibility is that Apple could be legally forced to allow third-party apps stores on its devices. This was suggested in a bill written by David Cicilline, chairman of the antitrust subcommittee. Hank Schless is the Senior Manager of Security Solutions for Lookout. He shared some thoughts about what this outcome could look like regarding overall security risk and app purchase. This could expose them to increased risk. App stores that the government does not control tend to be less accessible. This means that a threat actor might upload a compromised version or a legitimate app they find.
The report praises Apple’s “trusted ecosystem” as a relatively free place from #malware and other security risks. The report then states that sideloading apps could lead to a “flood” of hacking. #respectdata
