In the course of the ongoing legal battle with Epic Games, Apple recently released a whitepaper called, "Building a Trusted Ecosystem for Millions of Apps: A threat analysis of Sideloading." The document provides Apple's arguments for maintaining tight control over the highly lucrative iPhone app ecosystem, despite the pressure from major developers as well as U.S. lawmakers.
"Sideloading" is used by Apple as a general term to describe the possibility that apps can be downloaded from the internet or local storage in conjunction with third-party app stores, which is any source that's not scrutinized similarly to Apple's iOS App Store.
Read the article to find out more about sideloading and why apple is so against it...
The News:
In the ongoing legal battle between Apple and Epic Games, Apple recently released a whitepaper that reads, "Building a Trusted Ecosystem for Millions of Apps: A threat analysis of Sideloading." The paper provides Apple's arguments for maintaining strict control over the iPhone's extremely lucrative app ecosystem despite pressure from developers as well as U.S. lawmakers.
"Sideloading" is used by Apple as a generic term to refer to apps that can be downloaded from the internet or local storage in conjunction with third-party app stores, which is, basically, any source that's not scrutinized similarly to Apple's iOS App Store.
Like you would expect, the report paints the bleakest possible image of security on Android, which as a platform has permitted apps that were not part of the app store that defaults to being downloaded since its inception. The case studies and figures are selected to show the major competitor to Apple as a sort of Wild-West platform that allows anything to be installed, and the boogeyman of malware is everywhere.
Apple's argument against sideloading overlooks an important aspect of Android security.
The main issue with Apple's arguments is that it's faced with the choice between security and sideloading. The problem is that it's impossible to permit sideloading without opening up the floodgates to the type of malware that it claims is prevalent on Android.
However, the strategy Google has adopted in its use of Android shows that there is the possibility of managing both. Google Play Protect effectively nips any security risks that are based on apps in the bud, no matter where they've been downloaded from. Definitions of malware are always current because of Google Play Services, meaning even older devices that haven't been updated with firmware recently are protected against the latest dangers.
The whitepaper by Apple completely ignores the importance of built-in Android security features such as this. The only protections offered are the warning messages that are displayed when you install an app from any other source than the preloaded store for apps, as well as the "Unknown Sources" toggle in older versions of Android.
Apple also mentions third-party mobile security applications for Android and ignores the fact that Google-certified Android software comes with robust anti-malware features built-in.
Are the protections provided through Google Play Service and Play Protect superior to the option of not allowing third-party apps at all? Not necessarily. Slamming the door open to any sideloading option will fairly effectively stop malware that is based on apps, but at the expense of the user's decision-making. Android phones allow users to install apps at any location and any time, but the iPhone isn't able to.
It's not the false dichotomy portrayed in the whitepaper by Apple in its whitepaper. There are many ways to permit users to download software from third-party sites or the internet, an SD card, or another location while still maintaining a good degree of security. Apple certainly knows this, since it will gladly offer you a laptop that allows you to do just this.
When it comes to digital security, the MacBook you use to conduct online purchases, communicate with financial institutions, and file tax returns are just another treasured collection of your personal information like your phone. The iPhone isn't simply locked down to safeguard your personal information. It's also locked down for the reason that it helps Apple's ecosystem goals and, ultimately, boosts its bottom revenue.
On one hand, on the Android side, the vast majority of Android users will not install an app outside of the Google Play Store. If they decide to install an alternative app on their device, the platform will allow them to make an informed choice with a solid level of security to eliminate any malware-related apps that can pass through.
However, the possibility that Android can be trusted to let third-party app stores perform their functions is because it's been developed over the past decade to support this. Google's security system is designed to block harmful apps from being downloaded on your phone since the capability to install apps from third-party providers means that you're never ruled out of the possibility.
iOS, however, is designed to assume that Apple has the final say on the applications that run on your device. Consequently, there's nothing similar to Google Play Services or Play Protect to guard against malware-infected apps.
If Apple were to be forced to allow third-party apps to run on the iPhone and iPad, it would have to develop an equivalent to Google's on-device security suite. But it would be costly, time-consuming, and would ultimately enable the feature, which would weaken its control over its iOS ecosystem.
In this sense, Apple is right that suddenly dumping third-party app stores onto the iPhone isn't a good idea. It's untrue to say users can’t let sideloading exist alongside a safe native app store. Android is an excellent example of how to accomplish both. Apple's reasoning for not seeking to be open is not so much about control and money as it is about security.
Difference between Sideloading and Jailbreaking
Sideloading is the process of creating and obtaining temporary signatures for apps you won't find in an app store.
Jailbreaking entails using exploits to elevate your privileges from "guest" to "administrator," often known as "escalation permissions to root." It next installs Cydia, which now allows you to alter your permissions using your newfound additional permissions.
Well, what's the difference? While sideloading may install applications on the device, it doesn't increase your permissions.
Let's say that you sideloaded Cydia. It would be unable to perform anything because it needs root permissions to be capable of installing tweaks.
