Schneier on Sideloading
I would like to address some of the unfounded security concerns raised about these bills. It’s simply not true that this legislation puts user privacy and security at risk. In fact, it’s fairer to say that this legislation puts those companies’ extractive business-models at risk. Their claims about risks to privacy and security are both false and disingenuous, and motivated by their own self-interest and not the public interest. App store monopolies cannot protect users from every risk, and they frequently prevent the distribution of important tools that actually enhance security. Furthermore, the alleged risks of third-party app stores and “side-loading” apps pale in comparison to their benefits. These bills will encourage competition, prevent monopolist extortion, and guarantee users a new right to digital self-determination.
Previously:
- Epic Appeals Ruling in Apple Lawsuit
- “American Innovation and Choice Online” and “Open Markets” Acts
- Federighi and Cook on Sideloading
- Apple’s Threat Analysis of Sideloading
- Apple Attacks Sideloading
Update (2022-02-08): Guilherme Rambo:
Apple (and people who defend Apple no matter what) make it out as being a big deal that’s going to completely destroy the security of the platform and harm a huge number of innocent users. The reality is way less exciting…
[…]
What about malware? Well, if a bad actor has a vulnerability, I bet they could slip it through App Review without any problems. App Review is not composed of infosec experts. They’re there to ensure that Apple can make their money out of our apps, mostly
What about private API? Again, private API is not a magical thing that gives an app every power it wants. Besides, many apps you know and love from the App Store are probably using private API in one way or another, that’s just the reality of building for a complex platform
[…]
“But then Facebook would force people to sideload so they could spy”. It’s not that simple. Facebook wouldn’t be able to do whatever they want in the app (see above). There’s also at least one instance that proves that people are not willing to do that (Fortnite on Android)
[…]
By putting so much effort into defending that the security of iOS depends on the App Store review process, Apple is basically saying that they’re not competent enough to make a secure mobile operating system, and at the same time telling us that macOS is not secure.
When is Apple going to pull it’s head out of its ass and form a bunco squad for App Review?
Took about 30 seconds to identify this as phishing for Facebook credentials that’s been active for over a week.
John Gordon (tweet):
The best reason I know if for competing App Stores is that Apple’s App Store is trash.
Consider the case of the LuniScanner App; #85 in “Business” in the US App Store.
[…]
The VPN app has 22.9K ratings with an average of 4.7/5 by people like “yessirbruh”. The ‘most critical’ ratings (only accessible on iOS) make clear it is a scam with clever subscription pattern that tricks users into paying a high weekly rate.
The Scanner App is the similar scam that bit my family. It has 174K ratings and 5 stars. The vast majority are obviously purchased. The “critical” reviews mention unwitting subscriptions. A screenshot that appears on first launch shows how it works for the “Free” app with add-in purchases[…] This covers the entire screen. It appears that one cannot use the App without clicking Continue. In fact if a user closed this screen the App can be used. Of course most naive users, inducing our family member, will click Continue so they can start their “free trial”. Except that’s NOT what Continue does. Within 3 days charges will start. In our case, not $10 a month, but $5 a week.
The family member has some reading and processing issues, and a trusting nature, that made him particularly vulnerable to a scam. He thought “5 stars” actually meant something. It didn’t occur to him that Apple would allow fake reviews; he trusted Apple.
When I think about buying software from a users perspective, it seems a lot clearer.
Let’s say you pay £1000 for a mobile computer from a company. Then a separate company spends time to develop software for said device.
Why can’t I, as a user, buy that software directly from the developer?
From a developer’s perspective, my business is with the user, not with the manufacturer. And from a user’s perspective, my business is with the developer, also not with the manufacturer.
To be more specific, I don’t have any issue with the App Store existing, and I wouldn’t also mind an option where developers can sell notarised/sandboxed software outside of the store. But…
I think there also needs to be a way where you can buy software without Apple being involved at all. Surely after paying £1000 for a phone, I have earned the privilege of installing software on it? Or do I not actually own my phone?
Also, why does the manufacturer need to know what software I have installed on my devices? I thought Apple loved privacy?
You wouldn’t tolerate App Store Only on your Mac/PC. Why should you mobile phone be any different?
EFF:
The decision incorrectly presumed that, if customers are aware of the restrictions when purchasing a device, then competition in that market is sufficient to rein in Apple’s anticompetitive conduct and users are not locked into the App Store.
[…]
We also urged the court to not to buy Apple’s arguments that it needs to keep control over app distribution to protect users’ security and privacy. Despite Apple’s claim that only its paternalistic approach to security and privacy can protect users, Apple bans apps and features that would serve a wider range of those needs, like VPN apps for international travelers and apps that tell the user if their device has been jailbroken. More broadly, our antitrust laws are based on the principle that competition is the best way to create better, safer products, so Apple’s argument that more competition would be harmful to users shouldn’t fly with the court.
Take can today reveal a partial draft of developer guidelines aimed at qualifying applications distributed via sideloading, designed as a contigency plan if events force Apple to open up application distribution.
Previously:
Update (2022-02-11): JF Martin (tweet, Hacker News):
I’m changing my mind on the sideloading of apps on the iPhone. I’m all in, and it is all Apple’s fault. I’m the one who wrote, “A Message to Apple Developers: We Don’t Need Another Android Platform”. And yet, I’m changing my mind. In a perfect world, I wouldn’t want sideloading, but we’re not in a perfect world. Apple isn’t perfect. The App Store isn’t perfect. Developers aren’t perfect. The App Store review team isn’t perfect. Everything isn’t perfect.
If the App Store was scam-free, entirely free of copycats, I would trust Apple’s review team in its abilities. It’s not the case. Apple can’t honestly defend the App Store as being a secure place. It is not. The App Store today is full of crap. Sideloading has nothing to do with this fact.
In a world where sideloading is possible, I expect a proliferation of “curated” App Stores. Those stores won’t be perfect, either. They will probably be full of highly questionable applications. Horror stories involving scams will be inevitable. The world isn’t perfect. But it is not the issue at play here.
20 Comments RSS · Twitter
It may not be 100% accurate to say that 3rd-party app stores and side loading *will* put users' privacy and security at risk (but really, it will), but it's silly to think that the potential for that isn't there. Having just anybody being able to put up an app store *absolutely* allows for additional shenanigans.
"Users who do not want to side-load apps can easily choose not to, just as users today can choose not to jailbreak their phones."
Sure, just as I can "easily" chose not to side-load apps on my Mac?
That prediction is not at all obvious. It depends entirely on the market. Currently, I can get all the apps I need for my work and social life in the App Store. If some leave, the choice will not be "easy" anymore. If enough leave, it’ll be impossible.
For example, if WhatsApp leaves, what am I going to do? Stop talking to my family and friends? I’ll probably have to live with it and certainly not with improved privacy.
Sideloading might be a net positive, but it’s clearly not all upside.
@DJ: I disagree. True value lies in hacking Apple's software which all iPhone owners use.
In fact, I'd expect some 3rd party app stores to provide better security testing of the apps they provide, than Apple does. Apple largely uses the honor system, the threat of removal, some automatic checks and poorly trained warm bodies. It's not very impressive.
So your point is that they may be app stores that do a worse job than Apple. Sure, but that's true of everything in life. Some restaurants give you food poisoning, others don't.
So you think that an alternate app store is going to be general purpose like Apple's and still have some form of app review? Why would anyone do that? And what would it cost? Hosting and operating anything like that at scale would not be cheap. It seems more likely that a company like Epic would run one only for their own apps. Anything more and they would want to charge developers for it. Even if they undercut Apple's rates, is it going to be "better enough" to be worth doing?
I know this is quite the heated debate among developers, and maybe "power users" (whatever that means these days). But most people don't care, and they would much rather have a single place to go to get apps. Negative connotations like "walled garden" sound good in news stories and blog posts, but most people just don't see it that way.
@DJ Of course they see it that way, because they are prevented from knowing what they’re missing or how little they are actually being protected.
No, an alternative app store wouldn't cost much to host.
5% to host and check your app would make a lot of sense for good apps... Indeed, I could easily imagine a service which works with "premier" app developers to help them find and remove potential security flaws.
That sort of competition versus Apple's Appstore would actually improve the world and looks like good business to me.
@DJ
> It seems more likely that a company like Epic would run one only for their own apps. Anything more and they would want to charge developers for it.
I mean, they'd explicitly said that's what they want -- one app store, theirs, to rule the world. Timmy finally admitted that, which the rest of the world already knew, after they had a mostly devastating loss in court.
@Peter
> If enough leave, it’ll be impossible. For example, [what] if WhatsApp leaves[?]
I stand by my prediction, first made months ago, that Facebook will nearly immediately go sideload-only across Android and iOS if this comes to pass. Or if not "only," they will offer some benefit for people to sideload.
Note I am not opining on the general availability of sideloading, merely that Facebook will absolutely do everything they can to exploit the situation. And if you don't believe that, you have learned nothing from every single time they've been caught with their hand in the cookie jar over the last few years (setting aside everything they do out in the open, some of which is just as egregious).
@KS Exactly right. Just look at the news out in the last day or so on Facebook's historic stock slide. They would love to have people load their apps directly, so that they don't have to abide by all that evil anti-tracking stuff that Apple is forcing on them.
@MT What exactly are people unknowingly missing by not having more than one place to get apps?
I cannot understand adults who:
* despise Facebook so much that they want Apple to distort the market à la Standard Oil, to protect them from it
* and continue using Facebook thinking that Facebook can't do anything else evil because of Apple's "protections".
Facebook could easily sell all those things you put on it, to insurance companies (to increase your rates or to deny you coverage), to debt collectors, to future employers, to governments, etc. If you think they're evil, you should expect them to be doing that. But no, "the App Store will protect me".
Mind blown.
Here's a hint: if you don't trust Facebook, stop using it.
@DJ I think it’s a mistake to look at this as Apple protecting you from Facebook except in the most marginal way. And, like you were saying about the App Store, “most people don’t care” about what Facebook does, at least not enough to stop using it. I guess it’s a good bit of marketing from Apple, though. And now Facebook gets to use Apple as scapegoat for disappointing numbers, even though Apple doesn’t seem to be the main cause.
As to your question, there’s an entire universe of potential apps that could have existed but don’t. Plus, lots of ones that could work better than they do. I’m not saying that multiple stores at this point would necessarily change much, though. A lot of developers have already left for greener pastures. A generation of customers has been trained to believe that only the App Store is safe. If forced to allow this, Apple would do everything possible to make the experience suck.
@OUG
> Here's a hint: if you don't trust Facebook, stop using it.
I'm unclear if you're directing that me. I don't use Facebook on my computer (and in fact have it blocked completely in Little Snitch and uBlock Origin so I couldn't visit the site even if I wanted to). I use Messenger on my phone, with zero permissions and 1Blocker's Firewall enabled, for the sole reason that I have a group chat with my husband's family and they're not willing to move it to Discord or texts (most of them are Android people).
But the limits that are in place in the App Store do limit some of the more catastrophic impact that Facebook's lack of scruples could have on people that I know and care about who refuse to give it up.
I also don't think there's anything stopping them from doing any of the things you listed, today. What they do with data once they get it, Apple has no control over. What Apple does have control over is what Facebook can surreptitiously do now with their products (i.e. the enterprise scandal).
Anyway, I was responding to a specific point about how sideloading becomes required if apps decide it's no longer in their interest to be in the App Store and there's some reason that you have to use an app. In my case, I would have to think long and hard about communication with my husband's family if Messenger became sideload-only. It's not as cut and dry as "just don't use it" in a lot of cases.
@KS
Actually, I wasn't directing that specifically at you, but I appreciate the response.
If the iPhone were open, it would be possible to run Facebook messenger in a virtual box that prevents Facebook from collecting data (perhaps if necessary feeding it bullshit instead of real data). I.e. using an emulator or virtual box. That's the sort of thing one that is forbidden by the Appstore. In other words, part of the problem "solved by the Appstore" is actually caused by the Appstore. My guess is that if there were a demand for this, this would be available.
Nevertheless, moving your in-laws to some other tool would probably be better for them too... as you most likely have told them.
"So you think that an alternate app store is going to be general purpose like Apple's and still have some form of app review? Why would anyone do that?"
Is this a trick question? Have you looked at Apple's revenue?
"Just look at the news out in the last day or so on Facebook's historic stock slide"
And the way to solve that is to leave the App Store? I mean, companies do sometimes commit corporate suicide, but if you're predicting that Facebook would go that way, that just seems like yet another reason to support independent App Stores.
Presumably, a third-party store (or "sideloading" in general) would still have a mandatory sandbox, no?
I use android. I've sideloaded one app on my current phone, and that was one that my friend made. I used the Amazon store for a while three generations ago, because they gave away a free game each week.
Now I can't be arsed to reinstall it (if it's still there) to see if I can still get those games. I'mnot aware of facebook having made an appstore. I wonder if they would take the gamble to put more hurdles infront of their not too techsavvy audience.
Epic and Roblox though...
It's hard to feel sorry for Facebook (or rather, it's easy to NOT feel sorry for them). They built their entire business model on being able to track people online and sell that info. It's not surprising that most people don't want to allow that. I rarely use Facebook, don't use Messenger at all, and I don't have their app installed on any of my devices.
@Plume: I think that someone else *could* run a general-purpose app store, but they would have to put some money behind it and charge someone accordingly if they want to do it right. More likely is that XYZ Inc would run an app store for XYZ Inc products (apps, subscriptions, etc.) so that they can keep all of the money for those things themselves. If they also want to be the app store for ABC apps, what does that do to their cost model? And how is that better for the end user?
As for side-loading, I think I feel a little looser on that. If I want to load a random app on my iPhone without it going through the App Store, then I would like the option of doing that. (And, technically, there are ways to do that.). But I don't know that I want the non-tech members of my family or the users I support at work to be able to do that.
@MT : If forced to allow this, Apple would do everything possible to make the experience suck.
https://twitter.com/stroughtonsmith/status/1489558951905669120
I hope the EU responds harshly to this clear "up yours" from Apple.
Of course it could be that Apple's view is that all that someone using another payment saves Apple is the 3% credit card company fee - and the rest of the fee is the cost of provisioning and running the app store. So the 3% reduction may be passing on the savings Apple makes by a developer processing payments themselves.
Will be interesting to see what arguments Apple makes in this saga.
https://www.youtube.com/watch?v=xo9cKe_Fch8
"You've just spent 2 weeks writing this amazing app..."
Most apps take one or two orders of magnitude more time than "2 weeks", unless you're writing Tic-Tac-Toe.
"We have exactly the same interests as our developers".
Nope, not at all.
It's interesting the way the scale of "apps" have changed but the deal has not changed.
"More likely is that XYZ Inc would run an app store for XYZ Inc products"
Since such app stores basically don't exist on Android, Windows, or Macs (maybe excluding Adobe's installation tool?), I find it unlikely that they would exist on iPhones. The reason you run a store is to provide it as a service to other companies; that's how software scales, and makes money. That's what Steam and the Epic store are doing.