Apple’s new privacy white paper explains the “Real-world attacks on platforms that allow sideloading”

Apple is facing alot of scrutiny over its control of the App Store and now it is being pressed by legislators and developers to allow alternative app stores on its iOS and iPadOS platforms. Called ‘sideloading’, the practice would give free access to genuine and malicious apps to users’ devices which Apple argues will be detrimental to their privacy and security.

The company calls the iPhone and iPad the most secure smartphone devices because of its App Store’s review and approval process which serves as a barrier or a layer of protection between malicious software and users. And the most imminent threat to that defense is the upcoming regulatory bills by the U.S Congress which would allow sideloading on iOS and iPadOS. Therefore, to explain how sideloading would make users vulnerable to “real-world attacks”, Apple has published a privacy white paper titled “A Day in the Life of Your Data.”

Apple- App Store

Sideloading will take away the safe and secure ecosystem Apple provides to the iPhone users

When an app is submitted to the App Store for approval, firstly its reviewed by a human for malware, then scanned, and lastly ranked based on users’ 5-star rating and review. Cupertino tech giant justifies the commission it charges for in-app purchases via its digital marketplace to sustain and improve this practice. So, as testimony, the report opens with a section from the U.S. Department of Homeland Security Report, 2017 commending the App Store review process. It states that;

“The best practices identified for mitigating threats from vulnerable apps are relevant to malicious and privacy invasive apps. Additionally, users should avoid (and enterprises should prohibit on their devices) sideloading of apps and the use of unauthorized app stores.”

The company explains how an iPhone is a very personal device that not only stays with users 24/7 but also stores their personal and professional information. And that information in the wrong hands can be manipulated for blackmail, theft, spying, and other illicit means. Apple makes its case against sideloading in a very creative and explicit story form of “a family’s everyday experience using their iPhone would be different with sideloading. We’ll follow the day of John and his 7-year-old daughter, Emma, as they navigate this more uncertain world.” And this is how their day goes with proper security.

  1. A sideloaded game bypasses parental controls
  2. At the park, the copy-cat filter app John had sideloaded threatens to delete all of his photos unless he pays up
  3. John unknowingly downloads a pirated app from a third-party app store
  4. A sideloaded app violates John’s privacy

Apple- App Store

The company concludes that;

Scammers would be galvanized to develop tools and expertise to attack iPhone device security. The App Store is designed to detect and block today’s attacks, but changing the threat model would bypass these protections. Scammers would then use their newly developed tools and expertise to target thirdparty stores as well as the App Store, which would put all users at greater risk, even those who only download apps on the App Store. The additional distribution channels introduced by sideloading provide malicious actors expanded opportunities to exploit system vulnerabilities, thereby incentivizing attackers to develop and disseminate more malware.

Before publishing the new privacy report, Apple’s head of user privacy, Erik Neuenschwander reiterated the same reasons in an interview, pressing that sideloading will not give users choice but rather take it away.

Read More:

About the Author

Addicted to social media and in love with iPhone, started blogging as a hobby. And now it's my passion for every day is a new learning experience. Hopefully, manufacturers will continue to use innovative solutions and we will keep on letting you know about them.

4 comments

Leave a Reply

Your email address will not be published.