What is ‘Sideloading?
In Apple’s new white paper titled “Building a Trusted Ecosystem for Millions of Apps,” it describes the threat posed by ‘sideloading’ on its App Stores. The Techolony team takes a deep dive and shares a breakdown of "sideloading" and exactly what it is.
Sideloading normally refers to transferring a file between two local devices without the use of the internet e.g., by connecting your computer to a smartphone or tablet. The threat that Apple is referring to, however, is the sideloading of apps and alternative app stores on iOS – thus allowing developers to distribute apps outside of the App Store, through direct downloads or third-party app stores - essentially the ability to install iPhone smartphone that does not come directly from the Apple-controlled iOS App Store.
Apple is currently facing pressure from regulators and some developers to support sideloading. Also, Apple does not currently allow third-party app stores to be downloaded from its own App Store and is under investigation in the EU, UK, and US over its App Store policies, and awaiting the outcome of a legal battle with Epic Games relating to allegedly unfair terms set by Apple.
Arguments For Sideloading
Some of the arguments for allowing sideloading are that:
– It’s a way to tackle a monopoly (e.g., Apple’s) and give developers more freedom, improve competition, plus it could help developers to implement alternative business models and make the platform even more attractive.
– It gives users greater choice and perhaps allows us to pay a lower price for some apps.
– Apple may not be able to guarantee the absolute security of the apps in its official store anyway - there have been instances previously
Arguments Against Allowing Sideloading
Some of the main arguments that Apple has given against allowing sideloading are:
– It would cripple the privacy and security protections that have made iPhone so secure, and expose users to serious security risks, such as mobile malware (i.e., adware, ransomware, spyware) plus banking and other credential-stealing Trojans that masquerade as legitimate apps.
– Developers and advertisers could be harmed by the mobile malware attacks that allowing sideloading would enable (e.g., through piracy, intellectual property theft, and loss of advertising revenue).
– Developers could be harmed by the proliferation of fake, copycat, and pirated apps.
– Even if sideloading were limited to third-party app stores only, more harmful apps could reach users because it would be easier for cybercriminals to target them.
– Users would have less information about apps up-front, with less control over apps after they download them onto their devices
– Being made to remove protections against third-party access to proprietary hardware elements and non-public operating system functions could undermine core components of Apple’s platform security that protect the operating system and iPhone data and services, thereby making it easier for cybercriminals to spy on users’ devices and steal their data.
– Users could be forced to sideload an app they need or duped into sideloading e.g., by mimicking the appearance of the App Store, or by suggesting free or expanded access to services or exclusive features.
– Apple has spent a long time investing in (and creating) industry-leading security protections for its iPhone App Store.
– According to Apple, most threats are predominantly present on platforms that support sideloading.
– Malware-infected mobile apps put all stakeholders in the mobile ecosystem at risk.
– Governments and international agencies worldwide along with cybersecurity experts warn against the risks posed by downloading apps from third-party app stores:
– For the full list (and explanation) of Apple’s objections to the idea of having to support sideloading, see Apple’s white paper (pdf) here: https://www.apple.com/privacy/docs/Building_a_Trusted_Ecosystem_for_Millions_of_Apps_A_Threat_Analysis_of_Sideloading.pdf
But others allow it?
Google’s Android already allows apps to be installed that don’t come directly from its official store, as do computing platforms. Also, Apple’s MacBooks and Microsoft Windows-powered laptops and desktops have allowed it.
What does this mean for your business?
The pressure on Apple to allow sideloading relates essentially to antitrust /anti-competition arguments. Some developers and others are objecting to what they see as Apple’s anti-competitive rules and Apple’s controversial app review process, and some developers have consequently dismissed many of the arguments that Apple presented in its recent white paper. Few would argue that Apple does have a generally good reputation over the security of its products and services, and individual and business users would clearly see the value in decisions made by Apple that would help protect the privacy and security of their data, but users also want choice, and app developers want more freedom. One threat on the horizon for Apple on this matter is that new EU regulation of digital markets could possibly force Apple to enable sideloading.
The facts remain, however, that competitors allow it, although this can, as Apple argues, sometimes lead to issues. For example, in 2019, a Security researcher discovered that 24 apps available for download in the Google Play Store contained contain ‘Joker’ malware.
Whether or not Apple does eventually allow sideloading, most of us (particularly Android users) are already aware of the fact that we need to be cautious when choosing apps to download. To minimize the risk of falling victim to damage caused by fake or malicious apps, users can check the publisher of an app, check which permissions the app requests when you install it, delete apps from your phone that you no longer use, and contact your phone’s service provider or visit the high street store if you think you’ve downloaded a malicious/suspect app.
Techolony specializes in Cyber Security, Project Change, and Infrastructure solutions complemented by 24/7 SIEM and Service Desk support solutions.
If you'd like to learn more, call 0161 209 3922 or click below to book an appointment with the team.