<p>The Apple App store app on an iPad</p>

The Apple App store app on an iPad

Apple argues customers will be at risk if it is forced to let people ‘sideload’ apps on iPhone

Andrew Griffin@_andrew_griffin
Wednesday 23 June 2021 11:21
comments

Apple has warned that users will be put at risk if it is forced to allow “sideloading” on iPhones.

The defence of its its App Store policies come amid increasing pressure from regulators and legislators, who are concerned that Apple is unfairly using the control it has over its platforms.

Some have argued that a solution to some of that concern would be the inclusion of other app stores on the iPhone, or the option to add apps without going through Apple’s official channels.

It is one of a number of possible solutions floated by critics, alongside the possibility of the reduction or reform of the 30 per cent charge that Apple takes from developers who sell software through its store.

But Apple says that letting apps be “sideloaded” – or added to the iPhone without going through its pre-installed and official App Store – would put users at risk of malicious apps and other security risks.

It has published a detailed security document that argues that the security of the iPhone relies on Apple’s ability to decide what software is made available on it.

The document contrasts its security with Android – which does allow sideloading, and which it says is more at risk of attacks. Apple also allows sideloading of apps on its own MacOS platform, though has in recent years restricted how easily new software can be added.

“Security researchers agree that iPhone is the safest, most secure mobile device, which allows our users to trust their devices with their most sensitive data,” the company says in the new document.

“We built industry-leading security protections into the device, and we created the App Store, a trusted place where users can safely discover and download apps.

“On the App Store, apps come from known developers who have agreed to follow our guidelines, and are securely distributed to users free from interference from third parties. We review every single app and each app update to evaluate whether they meet our high standards.

“This process, which we are constantly working to improve, is designed to protect our users by keeping malware, cybercriminals, and scammers out of the App Store.”

The new report, which is entitled Building a Trusted Ecosystem for Millions of Apps, also dismisses suggestions Apple should allow apps from in-direct and third-party sources on to the iPhone.

“Today, it is extremely rare for any user to encounter malware on iPhone. Some have suggested that we should create ways for developers to distribute their apps outside of the App Store, through websites or third-party app stores, a process called ‘sideloading’,” Apple said.

“Allowing sideloading would degrade the security of the iOS platform and expose users to serious security risks not only on third-party app stores, but also on the App Store.”

The company argued that the size of the iPhone user base would be an appealing target for cybercriminals and would see iPhone users being increasingly targeted by scammers.

It also suggested that Google’s Android, which does allow sideloading, was far less secure than Apple‘s approach as a result.

“Studies show that third-party app stores for Android devices, where apps are not subject to review, are much riskier and more likely to contain malware as opposed to official app stores,” the tech giant said.

The document also included a scenario suggesting what could happen to iPhone users if sideloading from third-party stores was allowed on the platform.

It suggests that apps would be able to bypass parental controls which block children from seeing apps not appropriate for them because the App Store cannot police them, and copycat apps that contain ransomware could more easily trick users into downloading them, then take hold of someone’s data and demand payment to release it back.

The company also argues that as well as jeopardising user privacy, the wider app ecosystem would be damaged as a result.

“Scammers would be galvanised to develop tools and expertise to attack iPhone device security,” Apple said.

“The App Store is designed to detect and block today’s attacks, but changing the threat model would bypass these protections.

“Scammers would then use their newly developed tools and expertise to target third-party stores as well as the App Store, which would put all users at greater risk, even those who only download apps on the App Store.

“The additional distribution channels introduced by sideloading provide malicious actors expanded opportunities to exploit system vulnerabilities, thereby incentivising attackers to develop and disseminate more malware.”

Additional reporting by Press Association

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments