Apple has released a new paper outlining the perils of sideloading – installing apps on the iPhone or iPad from outside the App Store – that could expose the user to serious security and privacy dangers.
The timing of the paper’s release – entitled Building a Trusted Ecosystem for Millions of Apps – coincides with the proposal by the European Commission of the Digital Markets Act which could allow developers to offer their apps directly to customers to install on their iOS device instead through a “gatekeeper platform” like Apple’s App Store.
Apple CEO Tim Cook, speaking in an interview with media company Brut, says sideloading apps “would destroy the security of the iPhone”.
“Current Digital Services Act language that is being discussed would force sideloading on the iPhone. This would be an alternate way of getting apps onto the iPhone,” Cook told Brut.
“As we look at that, that would destroy the security of the iPhone and a lot of the privacy initiatives that we’ve built into the App Store, where we have privacy nutrition labels and App Tracking Transparency that forces people to get permission to track across apps.
“These things would not exist anymore, except in people that stuck with our ecosystem, and so I worry deeply about privacy and security.
“What we’re going to do is constructively take part in the debate and hope that we can find a way forward.”
Apple has also been involved in a court battle against Epic Games – the creators of Fortnite – which is claiming the App Store is a monopoly and charging high fees for in-app purchases.
As it stands, Epic pays 30 per cent of all in-app purchases to Apple.
Epic’s argument is that it should have other in-app purchase methods outside the App Store without Apple collecting its 30 per cent commission.
Epic approached Apple in June 2020 to negotiate a special deal to allow Fortnite players to pay Epic directly for in-app purchases but Apple refused.
The current case has concluded but it could be months before a decision is handed down.
Apple’s paper released today describes in detail why sideloading apps could put users at risk.
The App Store reviews all apps that are submitted to ensure they meet the strict guidelines for privacy, security and to ensure there is nothing appropriate or malicious code onboard.
In the report, Apple says it is extremely rare for any user to encounter malware on an iPhone.
The company says that allowing sideloading would compromise the security of the iOS platform and expose users to serious security risks.
In the report Apple highlighted a report that found that devices running the Android operating system have 15 times more infections from malicious software than iPhone.
This is because Android apps can be downloaded from anywhere, Apple says in its report.
The report went on to say that Android users would have to constantly be on the lookout for scams, never knowing who to trust.
The study mentioned in Apple’s report said Android apps aimed at children were found to be collecting data that violated a child’s privacy.
Sideloaded apps on Android, according to Apple’s report, have also been known to carry out “locker” ransomware attacks which lock users out of their phone or target their photos, unless they agree to pay a ransom.
Apple has had a strong approach to privacy and security and recently made it mandatory for developers who want to offer their apps through the App Store to display a digital “nutrition label” which outlines how the app would behave and what data it would be accessing.
The iPhone is used by billions of people every day for banking, managing health data and to take pictures of their loved ones.
Apple says this audience would be an attractive and lucrative target for cyber criminals and spur new investment into attacks on iPhone.
Apple’s App Review program has identified more than a million problematic apps including 150,000 for spam and copycats, 215,000 for violating privacy guidelines, 48,000 for containing hidden or undocumented features and 95,000 for fraudulent violations.
Apple also stopped more than $1.5bn in potentially fraudulent transactions, expelled 470,000 teams from the Apple Developer Program and deactivated 244 million customer accounts due to fraudulent and abusive activity.