This article is more than 1 year old
Apple scrambles to quash iOS app sideloading demands with 'think of the children' defense
And if that doesn't work, terrorism or satanic panic next?
Apple, fearing regulators will force it to allow people to sideload whatever apps they like on their own iOS devices, has published a paper arguing about the importance of its oversight. The iGiant also sent a letter to US lawmakers warning of supposed harm if its gatekeeping is disallowed.
The letter is directed at members of the House Judiciary Committee and its Antitrust Subcommittee, who on Wednesday held a markup hearing to amend and vote on the advancement of six antitrust bills intended to rein in Big Tech.
"We are concerned that many provisions of the recent package of antitrust reform legislation would create a race to the bottom for security and privacy, while also undermining innovation and competition," wrote Timothy Powderly, Apple senior director of government affairs for the Americas [PDF].
Apple faces the real possibility that its control over its iOS ecosystem will be diminished, if Epic Games prevails in its lawsuit against Apple or if lawmakers in the US, UK, Australia, or elsewhere decide Apple's authoritarian iOS regime is unfair to competitors and software makers.
Last week, speaking remotely for the Viva Technology conference, Apple CEO Tim Cook decried the language in the EU's proposed Digital Marketers Act, saying that it "would destroy the security of the iPhone and a lot of the privacy initiatives that we've built into the App Store." He also said that sideloading – allowed in the Android ecosystem – would do the same.
Apple articulated that point at greater length in its paper, "Building a Trusted Ecosystem for Millions of Apps: The important role of App Store protections" [PDF].
"By providing additional distribution channels, changing the threat model, and widening the universe of potential attacks, sideloading on iPhone would put all users at risk, even those who make a deliberate effort to protect themselves by only downloading apps through the App Store," Apple claims in its report. "Allowing sideloading would spur a flood of new investment into attacks on iPhone, incentivizing malicious actors to develop tools and expertise to attack iPhone device security at an unprecedented scale."
The paper goes on for sixteen pages, arguing more or less that iOS users are children who need to be protected.
"iOS poses unique security challenges because users continuously and frequently download new apps onto their devices, and because iOS devices need to be safe enough for children to use unsupervised," the paper says.
Laying the groundwork for its assertion that sideloading – a freedom afforded to every macOS user since the first Macintosh computer – is an existential threat, Apple SVP of software Craig Federighi testified at the recent Epic v. Apple trial that macOS security is terrible.
"[T]oday, we have a level of malware on the Mac that we don’t find acceptable and is much worse than iOS," he said. "Put that same situation in place for iOS and it would be a very bad situation for our customers."
- Germany's competition watchdog to investigate whether Apple's ecosystem damages other businesses
- UK competition watchdog begins probe into Apple and Google's total domination of the mobile landscape
- Apple: We didn't take commission on 90% of App Store sales and billings
- The Epic vs Apple trial is wrapping up, but the battle has just begun
Apple's arguments have not gone over well with developers, who question the mega-corp's claims and suggest Apple's refusal to compromise is putting the iGiant at greater risk.
In reference to Apple's sideloading paper, Marco Arment, creator of the Overcast app, said via Twitter that the best thing Apple could do to protect the safety and security of iOS would be to lift its anti-competitive rules requiring the use of its In-App Payment mechanism.
"Without them, no government would have enough reason to force larger changes like sideloading or alternative app stores," he wrote.
Similarly, Steve Troughton-Smith, creator of several apps such as Pastel and Broadcasts, suggested Apple's refusal to bend is only making things worse.
"You’d think if Apple actually wanted to avoid regulatory pressure they would reduce their rates across the board, and stop abusing their monopoly position by unjustly interfering in other peoples’ business models, but no, they want to have their cake and eat it too," he said, via Twitter.
He also expressed skepticism that sideloading would harm security, noting that if notarization – an app security process for macOS apps – is made mandatory on iOS, developers would still be submitting code to Apple for scrutiny.
The App Store, he said, only adds DRM and a few minutes of imperfect App Review.
For those 15 minutes, tops, of App Review, and a store page, Apple insists it deserves 15–30 per cent of your revenue
"For those 15 minutes, tops, of App Review, and a store page, Apple insists it deserves 15–30 per cent of your revenue, for all time, and a say in everything you make or do from now on," he said. "It’s a bonkers model when you actually think about it; it only 'works' when dev relations are positive."
According to Apple, 500 reviewers scrutinize 100,000 new and updated apps a week. That works out to 200 apps per reviewer per week, five apps per hour, or one app per 12 minutes, assuming a 40-hour work week and 100 per cent worker efficiency.
"Apple is correct that security researchers believe iPhones are more secure than Android devices," said Feross Aboukhadijeh, an open-source developer who runs Socket, in an email to The Register. "But that's not because of Apple's app store review process, which is notoriously inconsistent and uneven. The security of iPhone comes primarily from security features built into the iOS operating system itself – app sandboxing, memory safety, and permission prompts to access photos, contacts, etc."
Aboukhadijeh argues that these OS-level security features exist in macOS and allow apps to be downloaded from any source and run safely. He contends there's no reason iOS couldn't follow the macOS model.
"Nearly every macOS app offered outside of the Mac App Store uses Apple's 'notarization process, which requires developers to send a copy of their apps to Apple for inspection and malware scanning before Apple gives their seal of approval," he explained. "When a user runs an app for the first time, macOS checks that the app has been notarized first. Apps that lack notarization require the user to jump through several hoops before they can be run which discourages novice users from proceeding."
Security researcher Patrick Wardle, founder of free security project Objective See and director of research at security biz Synack, told The Register in a series of messages that these sorts of arguments are never cut and dry.
"Yes, the ability to side-load apps does increase the attack surface," he said. "To what extent, that is debatable. So Apple does make some fair points. However as others have pointed out ,the App Store is/has been already filled with scamming/fraudulent apps, including government spy apps."
As an example, he pointed to the app ToTok, said to be a United Arab Emirates spy tool, which was distributed through the iOS App Store and Google Play.
Let's be honest this is largely about control and money (versus user security)
"Let's be honest this is largely about control and money (versus user security)," Wardle said. "Currently Apple can say, 'Sorry, no adult-oriented applications' or 'Oh sorry, no VPNs apps if you're in China' and 'Yes please we'll take a 30 per cent cut of transactions."
"Sideloading is clearly a threat to Apple's control and bottom line, and it's sad (though completely understandable) that they are playing up the 'but think of the children' card ...even if yes, there is some truth to that," he said. "That is to say, apps in Apple's App Store will be better vetted, and can be quickly revoked if they are found to be fraudulent."
"But still, do we want Apple as the final and sole arbiter of what we can install on our devices?" he asked. "Especially when they acquiesce to the demands of the Chinese government. Ask any user, I'm sure the resounding answer would be 'um, no freaking way.' And yes, I'm sure they'd love the same level of control on macOS along with that juicy 30 per cent cut."
Wardle said if Apple is forced to allow sideloading, he expects the company will be able to provide parental or enterprise settings to only allow apps from the App Store, and parents or enterprises could choose to enable those settings.
"Whereas users who want more freedom, can leave that off, and sideload to their hearts' content! #winwin ya!?" ®