advertisement
advertisement

Exclusive: Apple makes its case against iPhone app sideloading

As critics and regulators question the company’s tight control over iPhone and iPad apps, it says it’s offering users a privacy- and security-first choice.

Exclusive: Apple makes its case against iPhone app sideloading
[Photo illustration: Pavlo Gonchar/SOPA Images/LightRocket via Getty Images]
advertisement
advertisement
advertisement

Recently there have been growing calls for Apple to allow third-party app stores for the iOS and iPadOS platforms, which would enable a process known as “sideloading”—installing an app on a device that originates outside of the official App Store.

advertisement
advertisement

Proponents argue that Android allows sideloading, so Apple should too. Allowing users to install apps on their iPhones and iPads without Apple serving as an intermediary would alleviate concerns about its App Store rejections and fees, which have been part of an ongoing drama since the first authorized third-party iPhone apps debuted 13 years ago. Sideloading would also weaken arguments that Apple’s control of the App Store amounts to an illegal monopoly.

But many security experts—and fans of Apple’s privacy features—find such a proposal alarming. It’s true that Android allows sideloading, but sideloading is one of the main reasons that Google’s mobile operating system is so riddled with malware. Bad actors know that if they want to attack an Android device, the easiest way to do so is to hide it in a sideloaded app disguised as, for example, a popular anti-virus app or even an Android system update. Once the app is installed on the Android device, it can then inject the malware payload, such as ransomware.

To help the public better understand Apple’s stance on sideloading, the company has released its newest privacy white paper, which focuses on the topic. In advance of the paper’s release, I spoke to Apple’s head of user privacy, Erik Neuenschwander, about the practice and why Apple—judging from our conversation—remains vehemently opposed to it.

advertisement

Want sideloading? You have a choice: Android

As someone who frequently writes about privacy and security, I agree with Apple’s position on the topic. Some who argue that Apple should allow sideloaded apps say that it would provide users with more choice. Yet choice is exactly what Neuenschwander says the company is offering users by providing a platform that does not allow sideloading.

“Sideloading in this case is actually eliminating choice,” he says. “Users who want that direct access to applications without any kind of review have sideloading today on other platforms. The iOS platform is the one where users understand that they can’t be tricked or duped into some dark alley or side road where they’re going to end up with a sideloaded app, even if they didn’t intend to.”

If you’ve ever had friends contact you in a panic, telling you their phone has been hit by malware, you’ll understand just how sound Neuenschwander’s argument is. Without iOS, users wouldn’t have a mobile operating system platform they could choose from that is impossible to be targeted by malicious sideloading. In Apple’s view, in other words: Do you want the best privacy and security possible? Your choice is iOS. Do you want sideloading? Your choice is Android.

advertisement

Neuenschwander wouldn’t speculate on just how much malware is floating around on the Android platform due to sideloading, but independent security experts have found a staggering amount of malware on Android devices—up to 15 times more than iOS. One of the main vectors of attack? Sideloaded apps.

Even with the App Store’s security measures in place, malware does sneak onto iPhones. But Neuenschwander contends that its quantity “would be obviously much higher” if Apple opened the iPhone to sideloading. Why? Because right now there are two security checks that protect users from malicious apps.

The first is Apple’s developer policies and processes, which regulate what an app can and cannot do. Apple can check whether a developer is following these policies, because a human reviews every app submitted to the App Store. And by the very act of uploading an app to the App Store, that app is also scanned for all known malware, protecting users from nefarious apps even more.

advertisement

The second security check is the users themselves. Because Apple requires developers to ask the user for permission in a universal way before it can access such features as an iPhone’s microphone or camera, a user can identify if something shady is going on inside the app.

Users will be attacked regardless of whether or not they intend to navigate app stores other than Apple’s.”

But if Apple were to allow sideloading via third-party app stores, it couldn’t run those human and automated checks on apps posted to those stores—negating that first important security check. It also couldn’t verify that sideloaded apps are asking users for permission to access system services within the bounds they are used to, which means it would be easier to fool a user into granting a malicious app access to content such as their photos or messages.

“Today, we have our technical defenses, we have our policy defenses, and then we still have the user’s own smarts,” Neuenschwander says, referring to Apple’s App Store processes. Sideloading would negate those defenses, he contends.

advertisement

Some may argue that the drawbacks of sideloading would hit only those who sideload apps. Wouldn’t those who still choose to download apps only through Apple’s App Store be safe?

But Neuenschwander points out (as does the company’s white paper) that the mere existence of sideloaded apps would encourage bad actors to target unsuspecting users more by trying to lure them to download their malicious ones from unofficial stores or sites. You might be savvy and cautious enough to know a fake app store when you see it, but is your 15-year-old nephew or 75-year-old father?

“Even users who intend—they’ve consciously thought themselves that they are only going to download apps from the App Store—well, the attackers know this, so they’re going to try to convince that user that they’re downloading an app from the App Store even when that’s not happening,” Neuenschwander says. “Really, you have to think very creatively, very expansively as an attacker would trying to go after so many users with such rich data on their device. And so users will be attacked regardless of whether or not they intend to navigate app stores other than Apple’s.”

advertisement

If you think that sounds far-fetched, let me introduce you to the fake Google Play Store.

Hey, what about the Mac?

Despite Apple’s insistence that sideloaded apps and app stores would be bad for both users who choose to access them and users who don’t, it must be pointed out that Apple isn’t against sideloading altogether. As a matter of fact, Apple’s oldest platform allows it: MacOS.

MacOS offers an App Store of its own, but you don’t need to use it to download apps. You can also do so via third-party stores or websites. So why the discrepancy in policy between the Mac and iPhone when it comes to sideloading?

advertisement

Part of the answer comes down to math. Neuenschwander notes that there are at least 10 times as many iPhones in the world as there are Macs, which makes the iPhone a much more enticing target to bad actors. An iPhone also likely carries much more sensitive user data than the average Mac does, and the iPhone is generally with a user everywhere they go.

“It’s the device you carry around with you,” Neuenschwander notes. “So it knows your location. And therefore somebody who could attack that would get pattern-of-life details about you. It has a microphone, and therefore that’s a microphone that could be around you much more than your Mac’s microphone is likely to be. So the kind of sensitive data [on the iPhone] is more enticing to an attacker.”

If Apple ever does allow sideloading of iOS and iPadOS apps, it might be because it has no choice.

But that’s not all. “The pattern of use of the Mac—just the style, how people use that platform—tends to be that they get a few applications that they use to do their job or their hobby, and then it kind of reaches a steady state,” Neuenschwander explains. “But what we’ve all seen is that mobile platforms, including iPhone, are ones where users are downloading apps on a continuing basis. And that gives an attacker more opportunities to get in and get at that user. So the threat on the iOS side is much higher than the threat on the Mac side.”

advertisement

It should also be noted that at the recent Epic Games v. Apple trial, Apple’s software chief Craig Federighi said there was an unacceptable level of malware on the Mac, an amount “that is much worse than iOS.” It’s understandable then that Apple doesn’t want the problem to propagate over to the iPhone.

If Apple ever does allow sideloading of iOS and iPadOS apps, it might be because it has no choice. Proposed laws in Arizona and North Dakota that aimed to break its App Store monopoly in those states have apparently failed. But the company remains in legislators’ crosshairs at the federal level, and antitrust remedies that would loosen its control over its platforms remain on the table.

Still, I suspect the number of iPhone users who would like to see sideloading supported on iOS is relatively small. Device security and privacy are some of the most important aspects of any gadget, and a huge selling point for Apple products. It’s hard to imagine that many iPhone users would be willing to sacrifice that for potentially dodgy sideloaded apps. And if they want to sacrifice security for sideloading, they already have that choice: They can get an Android phone.

advertisement

As for Neuenschwander, his argument against sideloading boils down to the case that everyone at Apple—including Tim Cook—has been making all along. “I believe that what we’ve built and what we’re offering users now is uniformly better, because we can focus in on that smaller attack surface and our stronger protections to help keep users safe,” Neuenschwander says.

Apple’s white paper is out now and can be accessed here. It’s an interesting, nontechnical read for anyone pondering the pros and cons of sideloading and security.

About the author

Michael Grothaus is a novelist, journalist, and former screenwriter. His debut novel EPIPHANY JONES is out now from Orenda Books. You can read more about him at MichaelGrothaus.com

More