Skip to main content

Apple says side-loading apps could lead to iPhone security disaster

The App Store on a phone screen
(Image credit: Shutterstock / BigTunaOnline)

Apple has shot back at EU draft rules that would force the company to allow its users to sideload iOS apps on their devices.

The iPhone maker has voiced strong disagreement with the proposal citing the prevalence of malware in the Android ecosystem, which it argues is a direct result of enabling side-loading of apps.

“If Apple were forced to support sideloading, more harmful apps would reach users because it would be easier for cybercriminals to target them – even if sideloading were limited to third-party app stores only," claims Apple’s new report that presents a threat analysis of sideloading.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

The report comes in the backdrop of the EU’s antitrust investigation against Apple initiated at the behest of Spotify, for its apparent anti-competitive practice of forcing app developers to use its proprietary App Store for app installations and payments.

Can of worms

Speaking to TechRadar Pro, Ilia Kolochenko, founder of ImmuniWeb, and a member of Europol Data Protection Experts Network explains that “security by obscurity” is one of the main pillars of Apple’s mobile security model that actually works pretty well compared to Android. 

Kolochenko argues that by closing its mobile ecosystem to any third parties, Apple does indeed prevent countless mobile attacks. That said, he agrees that critical vulnerabilities in iOS that allow remote code execution expose the platform to abuse, and there have been reports of malicious iOS apps also managing to bypass Apple Store’s multilayered controls and get installed by unwitting users. 

"That being said, even if security by obscuring is clearly not a panacea, opening Apple’s ecosystem to third parties will, undoubtedly, bring a tenfold increase in malware targeting iOS devices and undermine Apple’s security model,” believes Kolochenko.

Just a distraction

The report cited figures from cybersecurity vendor Kaspersky, which showed that Android devices are affected by nearly six million attacks per month.

However, speaking to Reuters, Damien Geradin, lawyer for the Coalition for App Fairness, dismissed Apple's arguments, saying that built-in security measures such as encrypted data and antivirus apps are responsible for securing the devices, and not Apple’s App Store.

He asserts that Apple is focusing on sideloading to step away from the real issue.

"What matters to us is the obligation imposed on developers whose apps sell digital goods and services to use Apple In-App payment system," he told Reuters.

Via Reuters

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.