Apple is continuing its campaign to explain why sideloading on Apple devices is a bad idea.
Apple Software vice president Craig Federighi appeared at Web Summit 2021 to passionately champion his company’s approach to platform security on iPhone. He was speaking out against a clause in the EU’s digital markets law that would require the company to support downloading apps to iPhones.
There are four main reasons people want Apple to do this:
- For commercial reasons, like selling products created using Apple’s APIs to people on Apple’s platforms without paying for the chance to do so.
- For Consumer choice, it therefore becomes possible to install and use applications that are not available on the App Store.
- For devious reasons, such as avoiding the App Store review process to continue tracking users without their consent or for other forms of monitoring.
- For criminal purposelike setting up bogus app stores to distribute malware, ransomware, etc.
It is perfectly acceptable to try to seek a business advantage, and we have already seen how the “open beats closed” mantra is often used to undermine consumer interest. Google used it when they took on Apple with Android, although years later Android had become much more closed.
Show your face
However, I think much of the energy behind the current campaign comes from a loosely fused set of interests that work to undermine Apple’s privacy and security for their own benefit. The group also has allies, also determined to make their fortune in the so-called “metaverse,” which many see as a virtual world that we can still enjoy once climate change makes the real world too toxic.
In my opinion, when a company that can afford to hire a former British Deputy Prime Minister who is rejected by voters as a lobbyist complains about something, it is probably going to reflect its own self-interest. In this case, he wants to undermine Apple’s privacy protections to protect his business and wants to build a bulwark against the looming war on augmented and virtual reality.
The protection of Meta’s business model is the basis of the company’s motivation. This is why he accuses Apple of the same thing. And a recent move to create its own internal market that flies in the face of Apple’s App Store guidelines shows how far that will go.
An even bigger business model
But there are others who have a business interest in undermining the security of Apple’s platform: criminals who want to break into your digital life.
The problem is, they’re good at what they do. They are smart, sophisticated, and quite capable of setting the scene to trick innocent users into making mistakes. Who hasn’t clicked the wrong link at least once in an email?
They don’t work in isolation either. Online crime is a richly funded industry, it’s not just lonely geeks in basements. These are banks of computers in seemingly legitimate office spaces paid for by state sponsored groups, not state sponsored. Cybercrime is expected to cost the world $ 10.5 trillion a year by 2025. A single successful ransomware attack would cost an American business about $ 9 million if successful, according to IBM.
With that kind of money at stake, it is trivial for criminals to set up bogus apps and app stores for the purpose of injecting malware into devices. A little social engineering and a few targeted phishing scams and they might be able to set up stores that target locations, individuals, businesses, or government agencies.
“Even if you don’t intend to do it, people are regularly coerced or tricked into doing it,” Federighi points out. The impact of such attacks is considerable in terms of revenue, business continuity and reputation.
Humans are vulnerable
In all of these cases, the challenge is that humans are vulnerable. In all my years writing safety tips for users, I have come across this. Many claim that they don’t have to worry about security when using a Mac (they do); others will argue that they can download what they like, and no one else will be affected. This is not true either – you can be used as a conduit to infect others.
Think about those annoying messages we all get from friends in case their online address book gets hacked. I think we’ve all seen a few of them. Or consider these vast treasures of data regularly stolen from businesses, including a shocking data breach involving half a million people in the UK this week.
All of this information can be militarized.
Now imagine if this weapon relied on extracting these statistics from data to detect particular groups of people and then creating compelling software products that can be distributed to those people through your own malware infested app store. .
Someone who downloads malware can end up divulging all the information they have about you. At the corporate level, it is much worse. As an attack at Target showed, a security vulnerability in a relatively low level system can be used as a pathway to your overall corporate technology stack.
Federighi put it this way: “The point is that a compromised device, including a mobile phone, can pose a threat to an entire network. Malware from downloaded applications can jeopardize government systems, infect corporate networks, public services… ”
But what about…?
There are two common arguments put forward to undermine Apple’s position: That few people are turning to Android, which allows it. And that the Macs to do allow users to install applications from other sources.
I did not find any proof of the first claim. I have found reports that point out that sideloading apps is more popular in the APAC region than in the United States. I also saw a report (from Google) suggesting that downloading apps does indeed create a risk. But I haven’t found any evidence of a way that not many people are loading on Android. So, it is probably not appropriate to claim that this is the case.
And as for the second claim, even Apple admits that Mac security is not as strong as it would like, despite being the most secure PC platform out there.
Ultimately, a decision to force sideload on Apple devices will not provide any significant benefit to most users, but can have costs and consequences for most businesses and individuals that far outweigh the benefits. doubtful.
Consumers already have a choice they can make if the overload is important to them. The argument that it’s about choice ironically negates choice by removing the option of a secure system.
Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.
Copyright © 2021 IDG Communications, Inc.