Apple says side-loading apps could lead to iPhone security disaster

The App Store on a phone screen
(Image credit: Shutterstock / BigTunaOnline)
Audio player loading…

Apple has shot back at EU draft rules that would force the company to allow its users to sideload iOS apps (opens in new tab) on their devices.

The iPhone (opens in new tab) maker has voiced strong disagreement with the proposal citing the prevalence of malware (opens in new tab) in the Android (opens in new tab) ecosystem, which it argues is a direct result of enabling side-loading of apps.

“If Apple were forced to support sideloading, more harmful apps would reach users because it would be easier for cybercriminals to target them – even if sideloading were limited to third-party app stores only," claims Apple’s new report (opens in new tab) that presents a threat analysis of sideloading.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window (opens in new tab) <<

The report comes in the backdrop of the EU’s antitrust investigation (opens in new tab) against Apple initiated at the behest of Spotify (opens in new tab), for its apparent anti-competitive practice of forcing app developers to use its proprietary App Store for app installations and payments.

Can of worms

Speaking to TechRadar Pro, Ilia Kolochenko, founder of ImmuniWeb, and a member of Europol Data Protection Experts Network explains that “security by obscurity” is one of the main pillars of Apple’s mobile security model that actually works pretty well compared to Android. 

Kolochenko argues that by closing its mobile ecosystem to any third parties, Apple does indeed prevent countless mobile attacks. That said, he agrees that critical vulnerabilities in iOS (opens in new tab) that allow remote code execution expose the platform to abuse, and there have been reports of malicious iOS apps (opens in new tab) also managing to bypass Apple Store’s multilayered controls and get installed by unwitting users. 

"That being said, even if security by obscuring is clearly not a panacea, opening Apple’s ecosystem to third parties will, undoubtedly, bring a tenfold increase in malware targeting iOS devices and undermine Apple’s security model,” believes Kolochenko.

Just a distraction

The report cited figures from cybersecurity vendor Kaspersky (opens in new tab), which showed that Android devices are affected by nearly six million attacks per month.

However, speaking to Reuters, Damien Geradin, lawyer for the Coalition for App Fairness, dismissed Apple's arguments, saying that built-in security measures such as encrypted data and antivirus (opens in new tab) apps are responsible for securing the devices, and not Apple’s App Store.

He asserts that Apple is focusing on sideloading to step away from the real issue.

"What matters to us is the obligation imposed on developers whose apps sell digital goods and services to use Apple In-App payment system," he told Reuters.

Via Reuters (opens in new tab)

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.