What you need to know
- Apple's head of user privacy says sideloading on iOS would eliminate user choice between platforms like iOS and Android.
- Erik Neuenschwander says users already have the option of a platform that lets them sideload apps without a review process.
- He also spoke about why Apple allows the practice on Mac but not iPhone.
Apple's Erik Neuenschwander has spoken about the company's stance on sideloading on the iPhone in a new interview.
Anew privacy paper published today by Apple has warned of the grave impact opening up the iOS ecosystem to third-party app stores and sideloading could have on iPhone security, privacy, and the user experience.
The paper, titled 'Building a Trusted Ecosystem for Millions of Apps' states that Apple's iPhone is designed in recognition that phones carry our most sensitive information about both our personal and professional lives, and that third-party app stores and sideloading (installing apps from somewhere other than the iOS App Store) could leave iPhone users vulnerable to attacks, ransoms, piracy, and more.
In the interview Neuenschwander states that adding sideloading to iOS would actually reduce consumer choice because they already have the option of third-party app stores through Android:
"Sideloading in this case is actually eliminating choice," he says. "Users who want that direct access to applications without any kind of review have sideloading today on other platforms. The iOS platform is the one where users understand that they can't be tricked or duped into some dark alley or side road where they're going to end up with a sideloaded app, even if they didn't intend to."
He also spoke about how sideloading would impact all users on iOS, not just the ones who might choose to download apps from somewhere other than the App Store:
"Even users who intend—they've consciously thought themselves that they are only going to download apps from the App Store—well, the attackers know this, so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening," Neuenschwander says. "Really, you have to think very creatively, very expansively as an attacker would trying to go after so many users with such rich data on their device. And so users will be attacked regardless of whether or not they intend to navigate app stores other than Apple's."
Finally, he defended Apple's policy to allow sideloading on macOS but not on the iPhone, stating there are 10 times as many iPhone users as Mac users, making it a much more enticing target:
"It's the device you carry around with you," Neuenschwander notes. "So it knows your location. And therefore somebody who could attack that would get pattern-of-life details about you. It has a microphone, and therefore that's a microphone that could be around you much more than your Mac's microphone is likely to be. So the kind of sensitive data [on the iPhone] is more enticing to an attacker."
He also noted the different patterns of use, stating Apple has found iPhone users tend to seek out new apps to download all the time, whilst Mac users download a select few they need to use their machine and not much more.
You can read the full report on Apple's new sideloading privacy paper here.