Recently, two words “sideloading” and “Apple” are used together in many legal and social discussions. Technically the term Sideloading means to allow alternative app store(s) for distribution and in-app purchases system on a device. A practice which Apple stands strongly against for it gravelly impacts users’ privacy and security. Therefore to explain the horrors of sideloading for iPhone and iPad users, the company’s head of user privacy, Erik Neuenschwander sat down with Michael Grothaus of FastCompany.
The interview was conducted before the Cupertino tech giant released its privacy white paper “A Day in the Life of Your Data” which details the measures Apple takes to make its digital marketplace a safe place for users to download apps without worries of anyone poaching their personal information, invasively. And the paper also aptly, explains how miscreants would manipulate the system to violate their privacy and security.
Without App Store’s human review process, Apple would not be able to deliver a safe and secure iOS experience
Answering why does the company opposes sideloading when it provides users with a choice, Erik Neuenschwander said that in reality sideloading does the opposite.
“Sideloading, in this case, is actually eliminating choice. Users who want that direct access to applications without any kind of review have sideloading today on other platforms. The iOS platform is the one where users understand that they can’t be tricked or duped into some dark alley or side road where they’re going to end up with a sideloaded app, even if they didn’t intend to.”
Referring to App Store’s apps approval and review process, Neuenschwander said that the human review, scanning, and App Store reviews and rating are all defenses against malware. He added that “sideloading would negate those defenses.”
“Today, we have our technical defenses, we have our policy defenses, and then we still have the user’s own smarts.”
Neuenschwander clarified that an alternative app store and Apple’s App Store can not co-exist in the company’s ecosystem without impacting users’ safety.
Question:Some may argue that the drawbacks of sideloading would hit only those who sideload apps. Wouldn’t those who still choose to download apps only through Apple’s App Store be safe?
Explanation: But Neuenschwander points out (as does the company’s white paper) that the mere existence of sideloaded apps would encourage bad actors to target unsuspecting users more by trying to lure them to download their malicious ones from unofficial stores or sites. You might be savvy and cautious enough to know a fake app store when you see it, but is your 15-year-old nephew or 75-year-old father?
The discussion on the availability of alternative ways to download apps on macOS came up next. Neuenschwander reiterated the company’s CEO Tim Cook’s narrative that an iPhone is a more personal device than a Mac. It stays with a user 24/7, therefore, it is more likely to be a miscreants target.
“The pattern of use of the Mac—just the style, how people use that platform—tends to be that they get a few applications that they use to do their job or their hobby, and then it kind of reaches a steady state. But what we’ve all seen is that mobile platforms, including iPhone, are ones where users are downloading apps on a continuing basis. And that gives an attacker more opportunities to get in and get at that user. So the threat on the iOS side is much higher than the threat on the Mac side.”
Apple is fighting a battle to preserve its App Store ecosystem with legislators and developers. The U.S Congress is about to pass bills to limit the Cupertino tech giant’s control over the digital marketplace. Thus, Apple has explained its app approval process and its need in its detailed report. Read the company’s White Paper on Privacy here.