wordpress blog stats
Connect with us

Hi, what are you looking for?

Apple warns against sideloading apps once more, citing cybersecurity risks to iOS users

Apple cited Android as a cautionary tale of what could go wrong if users get to download apps from outside a primary app store.

Apple’s rules around downloading apps from outside of its App Store have been an issue for a long time. Earlier, it was reported that Apple even received a warning in this regard from the European Commission’s tech chief Margrethe Vestager who accused the company of “using privacy and security concerns to fend off competition on its App Store”. Now, the iPhone maker has come out with a report claiming that “sideloading”, or distribution of apps through direct downloads or third-party app stores, increases the risks of cybercrime.

In its report released on October 13, Apple claimed that sideloading would—

  • Allow more harmful apps to reach users because it would be easier for cybercriminals to target them – even if sideloading were limited to third-party app stores
  • Users would have less information about apps upfront and less control over apps after they download them onto their devices.
  • Some sideloading initiatives would also mandate removing protections against third-party access to proprietary hardware elements and non-public operating system functions.

This would undermine core components of platform security that protect the operating system and iPhone data and services from malware, intrusion, and even operational flaws that could affect the reliability of the device and stop it from working. This would make it easier for cybercriminals to spy on users’ devices and steal their data — Apple

Although it is imperative to flag issues of competition especially when it comes to Big Tech, it is equally important to ensure that the proposed antitrust solutions don’t lead to cybersecurity risks.

Using Android as an example of how bad things can get

Apple claimed that Android smartphones were “the most common mobile malware targets and have recently had between 15 and 47 times more infections from malicious software than iPhone. A study found that 98 percent of mobile malware targets Android devices. This is closely linked to sideloading.”

In addition, Apple said that cybercriminals and hackers rely on sideloading in Android devices to spread pirated apps, piracy, and intellectual property theft. “On the other hand, iOS users are unlikely to be exposed to malware, and many of the rare malware attacks on the platform are narrowly targeted attacks, often carried out by nation-states. Experts generally agree that iOS is safer compared to Android, in part because Apple does not support sideloading,” Apple claimed.

Advertisement. Scroll to continue reading.

Bad actors have found their way in, despite Apple’s tight controls

Apple said that it created the Developer Enterprise Program to provide a way for large organisations to develop and privately distribute apps (for instance, confidential apps that do not go through App Review) for use only by their organisation’s employees.

Despite the program’s tight controls and limited scale, bad actors have found unauthorized ways of accessing it, for instance by purchasing enterprise certificates on the black market. Bad actors have used illegitimately obtained enterprise certificates to distribute apps that violate App Store policies, including apps containing malware such as Goontact and pirated versions of popular iOS apps — Apple

Since then, Apple said it has attempted to tighten controls further but this abuse has persisted. “If the option to distribute apps via sideloading were available on a massive scale, without any restrictions, and with Apple powerless to revoke certificates from bad actors in cases of abuse, malware and other forms of illegitimate apps would run rampant,” Apple claimed.

What can users be exposed to if sideloading is enabled?

  • Malware: Apple said sideloading would expose iOS users to apps that contain known strains of malware. “App Review screens all apps and app updates submitted to the App Store to check for various types of known malware, including infected SDKs used in supply chain attacks,” it said.
  • Spoofing: “If sideloading were supported on iOS, malicious actors would be able to distribute copycat versions of popular apps that trick users. On the App Store, apps come from known and vetted developers only, and their content is reviewed by a member of the App Review team,” the company said.
  • Unsafe apps targeted at children: Apple said parents may inadvertently sideload apps appearing to be kid-friendly but actually put their children at risk. “App Store policies enforce strict guidelines around data collection and security on apps in the Kids category,” the company said.

Also read

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Do we have an enabling system for the National Data Governance Framework Policy (NDGFP) aiming to create a repository of non-personal data?


A viewpoint on why the regulation of cryptocurrencies and crypto exchnages under 2019's E-Commerce Rules puts it in a 'grey area'


India's IT Rules mandate a GAC to address user 'grievances' , but is re-instatement of content removed by a platform a power it should...


There is a need for reconceptualizing personal, non-personal data and the concept of privacy itself for regulators to effectively protect data


Existing consumer protection regulations are not sufficient to cover the extent of protection that a crypto-investor would require.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ