Apple has once again warned of the dangers of sideloading apps with the release of a new security paper that says the practice could cripple the iPhone’s privacy and protections and expose users to serious risks.
This new paper comes at a time when Apple is facing growing pressure to allow developers the ability to offer customers their apps in a direct transaction rather than through the curated App Store.
This practice is called sideloading.
Apple is gaining support against sideloading with data and recommendations from the US Department of Homeland security, the European Agency for Cybersecurity, NIST and Norton.
Apple’s paper, titled Building a Trusted Ecosystem for Millions of Apps, paints an eye-opening picture of the current landscape and the many threats users face daily.
Apple also highlights the fact that mobile malware is on the rise and predominantly present on Android which does allow sideloading.
Some of the stats included in the paper mentioned that Android devices were found to have up to 47 times more malware infections than iPhone with the European Regulatory agency reporting 230,000 new mobile malware infections per day.
Apple says there are nearly six million attacks per month detected by security firms on its clients Android mobile devices.
With the smartphone becoming such a popular touchstone for customers who use it in their personal, professional and financial lives, cybercriminals have targeted that small computer we carry in our pocket.
Apple says most rely on third party app stores or direct downloads to spread their malware.
Apple is under scrutiny in Europe with governments proposing that the company allow developers the freedom to offer their apps directly to the customers rather than through Apple’s own App Store.
This sideloading is what Apple says could become a major concern for iPhone users.
In the new paper, Apple says sideloading would mean more harmful apps would reach users making them easier for cybercriminals to target them.
The four most common forms of mobile malware include adware which can generate ad revenue by serving the user aggressively with fraudulent ads; ransomware which tries to extract funds to release your files; consumer spyware which uses data to track users and sells data to hackers and banking and credential-stealing Trojans which can access device to try and steal banking information and other user login credentials.
There is already a large amount of malware resulting in security and privacy threats on third party app stores which indicate their vetting procedures are subpar when it comes to checking apps for malware, privacy concerns, copycat apps, apps with the legal or objectional content an unsafe apps which may be targeted at children.
In Apple’s case, if a fraudulent or malicious app actually makes it into the App Store, Apple has the power to remove it once it’s discovered and block any future variant which thereby stops its spread to other users.
If sideloading was supported, these malicious apps would simply spread like wildfire and infect a large number of consumer devices.
If apps are not vetted through the App Store and allowed to be directly downloaded from a third-party App Store, a user may not have accurate information about the app they are downloading and whether it may invade their privacy, steal their data, or defraud them. Without policing, an app developer would have nothing to stop them from including code that could be used to view your contacts, listen to your calls or track your keystrokes.
These developers would be able to mimic software update notifications to trick the user into installing even more harmful software on their device.
Apple reviews every single app that’s submitted to the App Store to ensure it’s free of malware, it is accurately represented to users and does not have an ulterior motive.
Apple’s security paper pointed out that one single mobile device infected with malware can cost an organisation an average of nearly $10,000.
Among a survey of more than 1800 US companies, it was found that 46 per cent had at least one employee who downloaded a malicious mobile app that threatened the company’s network and data.
There are some real-world examples of sideloaded apps that have caused harm for Android users including Fake Spy which fools users into downloading it after masquerading as a legitimate postal service app.
The app requests permissions to allow access to your text messages, contact lists, call logs and your network information.
Black Rock was an Android Trojan app that was posing as a fake version of Clubhouse to steal login credentials.
Once it has been sideloaded to an Android device the Trojan then poses as a Google update and asks for Accessibility Service privileges which will allow it to function without requiring user input.
Apple’s security paper concludes by saying that forcing sideloading into the iOS ecosystem would make the iPhone less secure and less trustworthy.
Researchers say that iPhone is the most secure consumer mobile device and is rare for any user to encounter malware.
This is because the iPhone provides users with powerful and multi layered security protections.
Apple’s goal with the App Store from the very beginning was to ensure that any apps downloaded were trustworthy and safe.
If Apple is forced to support sideloading it would seriously weaken these layers of security and expose users to a variety of knew and serious security risks and other dangers.
