Apple Says Allowing Sideloading on iPhone Would Expose Users to Serious Privacy and Security Risks
Amid the ongoing controversy over its tight control of app distribution on iOS, Apple today laid out its case arguing that allowing apps to be sideloaded on an iPhone would expose users to serious privacy and security risks. Sideloading refers to installing apps from a source outside of the official App Store, such as a website or third-party app store.
In a new document shared on its privacy website, Apple said the App Store plays an important role in keeping users safe, as the company reviews all apps and app updates submitted to ensure they are free of inappropriate content, privacy invasions, known malware, or other violations of the App Store Review Guidelines.
The document cites Nokia's 2020 Threat Intelligence Report that found Android devices to be infected with significantly more malware than iPhones, in part due to Android allowing apps to be sideloaded outside of the Google Play store:
A study found that devices that run on Android had 15 times more infections from malicious software than iPhone, with a key reason being that Android apps "can be downloaded from just about anywhere," while everyday iPhone users can only download apps from one source: the App Store.
Apple said allowing sideloading on the iPhone would "spur a flood of new investment into attacks" on the iOS platform:
Because of the large size of the iPhone user base and the sensitive data stored on their phones – photos, location data, health and financial information – allowing sideloading would spur a flood of new investment into attacks on the platform. Malicious actors would take advantage of the opportunity by devoting more resources to develop sophisticated attacks targeting iOS users, thereby expanding the set of weaponized exploits and attacks – often referred to as a "threat model" – that all users need to be safeguarded against. This increased risk of malware attacks puts all users at greater risk, even those who only download apps from the App Store.
Apple added that allowing sideloading would potentially force users to accept privacy and security risks, because some apps necessary for work, school, or other tasks may no longer be available on the App Store, and scammers could also trick users into thinking they are safely downloading apps from the App Store when that is not the case.
In the end, Apple said users would have to constantly be on the lookout for scams, never knowing who or what to trust, and as a result many users would download fewer apps from fewer developers. On the other hand, Apple described the App Store as a "trusted place," noting that its many layers of security provide users with an "unparalleled level of protection from malicious software," giving users peace of mind.
Apple's document comes just weeks after its high-profile trial with Fortnite creator Epic Games, which argued that third-party app stores should be allowed on iOS. During the trial, when asked why sideloading is allowed on the Mac, but not the iPhone, Apple's software engineering chief Craig Federighi admitted that the Mac has imperfect security and said that the risks would be far greater on the iPhone due to its much larger customer base.
The full document can be read on Apple's website.