Apple's Arguments Against Sideloading on iOS: All Your Questions Answered
Sideloading is a fancy word for downloading an app binary from non-official platforms or the open internet and installing it on a device like a normal app. The practice is allowed on Android, granting users the flexibility of downloading apps from official or non-official app stores and the open internet. The iPhone, on the other hand, is a polar opposite.
Since the launch of the App Store in 2008, Apple has maintained stringent control over the experience of the iPhone and where customers can download and install apps. iPhone does not allow users to sideload apps, requiring that any self-contained app installed on the device is distributed through the App Store. A dedicated team at Apple vets all apps on the App Store before they're published.
Whether Apple should allow sideloading on iPhone has become a hot-button topic in recent months, partly due to the lawsuit between Epic Games and Apple. Epic Games, among other things, is seeking for users to be able to sideload apps, and it wants to bring its own Epic Games Store to iOS as a competitor to Apple's App Store.
Apple has strongly pushed back against this notion, saying that opening the iPhone to sideloading would leave customers vulnerable to malicious and insecure apps, compared to the curated experience offered by the App Store.
Apple has undertaken a sizable effort to provide users with context and information regarding its stance on sideloading, ranging from public comments by top executives to detailed studies and more. The wide range of information shared by Apple and top-ranking officials can make it difficult for customers to grasp the most important parts of Apple's anti-sideloading arguments.
To help facilitate a more constructive conversation, we've created this summary of some of the most popular questions regarding sideloading and Apple's answers to them, sourced from appearances by top company executives, testimonies, and more.
If users can sideload apps on macOS, why can't they on iOS?
While Apple offers an App Store on macOS, the Mac platform has always been an open one with users also freely able to install apps from anywhere on the internet and elsewhere. Some users have wondered why that same model can't be followed on iOS. More specifically, the question is why the security features in place on macOS that protect against malicious code from software downloaded from the internet can't run on iOS.
Apple says that Gatekeeper on macOS "ensures that all apps from the internet have already been checked by Apple for known malicious code — before you run them the first time." If malicious code is found, Apple can automatically disable installations of that app and update its database to reflect that specific piece of software as dangerous to users. Apple also utilizes notarization on macOS, where scanned apps free of harmful code are presented to users without warning.
During his testimony in the Epic Games trial, Craig Federighi explained why a similar security apparatus couldn't be ported over to iOS. First, Federighi notably admitted that macOS has a "malware problem" and that Apple finds the level of malware on macOS "unacceptable." Federighi is implying here that the macOS security model is not a perfect system and that it doesn't want to implement a system that yields "unacceptable" results, in its eyes, onto iOS.
Federighi went on to say that iOS "has established a dramatically higher bar for customer protection" and that as of May of 2021, macOS is "not meeting" that bar. While Apple built the iPhone from the ground up under the curated App Store model starting in 2008, the Mac's longer history which long predates that app distribution model has required more flexibility.
Another point Federighi made during his testimony is the different use cases for iOS and macOS. Federighi noted that customers tend to install many more apps on mobile devices than they do on macOS, generating many more opportunities for potential malware to infect users.
Why can't Apple give users a choice on whether they wish to sideload apps or not?
To answer this question, we don't have to look any further than a recent stage appearance by Federighi. At the 2021 Web Summit last week, Federighi said that while some users, such as those with a thorough understanding of technology, may not be harmed by sideloading, other users with less insight might be.
Maybe you're thinking all this might be true, but I'll never download a sideloading-only app, and I won't be tricked into sideloading. Well, that might be true for you, but your child might be fooled, or your parents might be fooled, and even if you see through every deception, the fact that anyone can be harmed by malware isn't something that we should stand for.
Apple's position here is that even if one device can be harmed or infected through a sideloaded app, then it's nothing it supports. Apple took a similar stance in 2016, where it refused to create a backdoor on iOS to access the information of a single iPhone, as it would have meant that the same backdoor could be used on other users.
Federighi continued, explaining that one infected iPhone could present a danger to all other iPhones on a network and that all users' data would be "less safe" in a world where sideloading was allowed on iOS.
The fact is, one compromised device, including a mobile phone, can pose a threat to an entire network. Malware from sideloaded apps can jeopardize government systems, infect enterprise networks, public utilities, the list goes on. So even if you never sideload, your iPhone and data are less safe in a world where Apple is forced to allow it.
Lastly, Apple says that leaving decisions to users on whether a sideloaded app is safe or not is an onerous burden to put upon iPhone customers. "Users would now be responsible for determining whether sideloaded apps are safe, a very difficult task even for experts," Apple says in a paper arguing against sideloading. Furthermore, Apple says that even users who don't want to sideload could be led into doing so.
Even users who decide they don't want to sideload, and prefer to download apps only from the App Store, would end up being harmed. They could be forced to sideload an app they need for work, for school, or for social inclusion if it is not made available on the App Store. Furthermore, cybercriminals and hackers may trick users into unknowingly sideloading an app by mimicking the appearance of the App Store, or by touting free or expanded access to services or exclusive features.
What if users were shown a prompt before being able to open a sideloaded app?
On macOS, when users download an app from the internet, they're shown a warning if that app is not notarized. A similar pop-up warning on iOS for sideloaded apps is not a new idea, and as a matter of fact, it was even approved by Steve Jobs.
In a 2008 email uncovered during the Epic Games trial, Steve Jobs approved specific wording that users would have seen before opening a sideloaded app. Replying to an email from Scott Forstall, Jobs said he liked "Are you sure you want to open the application 'Monkey Ball' from the developer 'Sega'?"
With a pop-up, Apple would still be able to provide users with a choice while making it clear of the potential dangers of that app. Users who are uncomfortable or unaware of the risks can dismiss the pop-up and delete the app, while others wishing to follow through with opening the app still have the freedom. According to Federighi, however, even with this approach, users will have a "very difficult" time determining which sideloaded apps are safe or not.
Apple has said in the past it strongly believes in giving users choices over their privacy and data, and some have pointed out that such a pop-up would be in line with the company's past comments and philosophy.
What if sideloading were only allowed through authorized third-party app stores?
Facing the hypothetical situation that users would only be able to download apps from "authorized" third-party app stores such as an Epic Games Store, Apple points to the alleged lack of adequate oversight of those platforms compared to the App Store.
The large amount of malware and resulting security and privacy threats on third-party app stores shows that they do not have sufficient vetting procedures to check for apps containing known malware, apps violating user privacy, copycat apps, apps with illegal or objectionable content, and unsafe apps targeted at children
While the App Store does have extensive rules, Apple has faced criticism for its app review process being lackluster, particularly when it comes to scam apps. Apple notes that its control over the App Store allows it to more promptly and quickly remove "rare cases" in which malicious apps make it onto the platform.
In a scenario with third-party app stores and sideloading, those malicious apps would simply move to a different medium and continue to pose a risk to users, according to the company.
In the rare cases in which a fraudulent or malicious app makes it onto the App Store, Apple can remove it once discovered and block any of its future variants, thereby stopping its spread to other users. If sideloading from third-party app stores were supported, malicious apps would simply migrate to third-party stores and continue to infect consumer devices
Why is Apple assuming all sideloaded apps are malware or dangerous to users?
Apple's position here is that while not all sideloaded apps are malware, the mere ability for users to install sideloaded apps means users are, by nature, more exposed to malware.
In its detailed 31-page paper, Apple explains that simply allowing sideloading would "weaken these layers of security and expose all users to new and serious security risks" and that "supporting sideloading on iOS devices would essentially turn them into "pocket PCs," returning to the days of virus-riddled PCs."
Forcing Apple to support sideloading on iOS through direct downloads or third-party app stores would weaken these layers of security and expose all users to new and serious security risks: It would allow harmful and illegitimate apps to reach users more easily; it would undermine the features that give users control over legitimate apps they download; and it would undermine iPhone on-device protections. Sideloading would be a step backwards for user security and privacy: Supporting sideloading on iOS devices would essentially turn them into "pocket PCs," returning to the days of virus-riddled PCs.
Sideloading itself, irrespective of the specific app being sideloaded, also presents other dangers to users, according to Apple. For example, sideloading would allow spoofing on iOS, where ill-intended actors could "distribute copycat versions of popular apps that trick users" and would expose users to "apps with illegal content, such as illegal gambling apps, pirated apps, or apps containing stolen intellectual property."
These have been some of the most frequently asked questions, but it's impossible to list and for Apple to answer them all. Apple's anti-sideloading paper, published last month, is extensive and worth a read for those interested, and we've highlighted below some key facts and statistics shared by Apple in the paper.
- Platforms that support sideloading, such as Android, recorded more than 230,000 malware infections per day, according to the European Union's cybersecurity agency
- Mobile antivirus software, which some users may need to download to protect against sideloaded apps, cost consumers over $3.4 billion
- Android smartphones are 15 to 47 times more likely to be infected with malware infections compared to iPhone
- Sideloading would harm developers since user trust in the iOS ecosystem would decrease, leading to "users downloading fewer apps from fewer developers, and making fewer in-app purchases"
For many users and developers, Apple's arguments will remain unconvincing, and regulators are clearly taking a close look at Apple's practices in this regard. It remains to be seen exactly how it will all play out, but it's clear Apple is under pressure to relax some of its restrictions related to the App Store.