{"id":34114,"date":"2021-11-09T16:55:54","date_gmt":"2021-11-09T21:55:54","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=34114"},"modified":"2025-10-11T12:18:22","modified_gmt":"2025-10-11T16:18:22","slug":"federighi-and-cook-on-sideloading","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/11\/09\/federighi-and-cook-on-sideloading\/","title":{"rendered":"Federighi and Cook on Sideloading"},"content":{"rendered":"

Chance Miller<\/a> (tweet<\/a>, video<\/a>, Slashdot<\/a>, MacRumors<\/a>):<\/p>\n

Last month, it was announced<\/a> that Apple senior vice president Craig Federighi would attend and speak at Web Summit 2021, which takes place in Lisbon, Portugal. In a keynote delivered today, Federighi vehemently spoke out against legislation that could force Apple to open the iPhone up to sideloading…<\/p>

The Digital Markets Act legislation was first unveiled<\/a> last December in the EU, and it could lead to major changes for the App Store and pre-installed first-party applications on the iPhone. The DMA in Europe would force Apple to allow sideloading on the iPhone, among other changes. <\/p>

[…]<\/p>

The Apple executive also warned that the legislation comes as there have “never been more cybercriminals” determined to access the private information on your iPhone. “Sideloading is a cybercriminal’s best friend,” Federighi said. “And requiring that on iPhone would be a gold rush for the malware industry.”<\/p><\/blockquote>\n\n

Will Strafach<\/a>:<\/p>\n

\n

reminder: this is not very accurate. Apple has already solved side-loading in a reasonably smart way with their SRDs.<\/p>\n<\/blockquote>\n\n

Michael Love<\/a>:<\/p>\n

If your best response to “let people who want to take the risk sideload” is “people might be tricked into sideloading” when YOU WOULD BE THE ONES DESIGNING THE SIDELOADING UI, that’s not a very good response. (also, again, sideloaded != insecure)<\/p>\n

People get tricked into subscriptions all the time and yet, despite proclaiming the superiority of App Review, Apple’s attempts to stop that are half-hearted at best. But when it’s a form of trickery that they don’t get a 30% cut of, somehow then it’s an unavoidable disaster.<\/p>\n

Also, if you’re really worried about the malware industry you could, y’know, increase + actually pay out security bounties and stop antagonizing security researchers.<\/p>\n

[…]<\/p>\n

Provisioning profiles are a way<\/em> bigger security hole than sideloaded apps, and yet Apple accepts that those are necessary + allows them.<\/p>\n

You can install a sketchy file from a third party that allows them to more-or-less take total control of your phone, but you can’t install a fully-sandboxed third party app unless it’s from the App Store.<\/p><\/blockquote>\n\n

Nilay Patel<\/a>:<\/p>\n

This is so weird and disingenuous. Are they going to lock down the Mac next?<\/p><\/blockquote>\n\n

Chaim Gartenberg<\/a>:<\/p>\n

\n

If Apple wanted, it could enable iOS sideloading in a similar manner and require something like the Gatekeeper system on macOS, which allows for Apple to check signed developer IDs to confirm the software is genuine. It’s an argument that Judge Yvonne Gonzalez Rogers noted as well during the Apple \/ Epic trial<\/a>, commenting that Federighi may be “stretching the truth” on Mac malware concerns and that Apple could likely make a similar system work on iOS.<\/p>\n<\/blockquote>\n\n

Benjamin Mayo<\/a>:<\/p>\n

Apple doesn’t trot out Federighi to a third-party conference with a highly-produced Keynote deck for the fun of it. They are clearly concerned that European lawmakers are actually going to do something they don’t want; that is, pass laws requiring them to offer sideloading as an option.<\/p>\n

[…]<\/p>\n

Federighi posits that a social networking app may choose to “avoid the pesky privacy protections of the App Store” and only make their apps available via sideloading. Apple’s customers would then have to leave the ‘safe’ Apple software ecosystem, or lose touch with their family and friends. This is sort of true. But what is omitted is that an app choosing to leave the App Store is not primarily doing so to avoid Apple’s privacy standards, but because it would then be able to avoid Apple’s IAP rules.<\/p>\n

Apple benefits financially — measured in the billions of dollars per year — by keeping the App Store as a monopoly. However much it wants to tout the user privacy and safety benefits, Apple’s position would be far stronger if cynics weren’t able to point to the money being accrued by the App Store gravy train.<\/p><\/blockquote>\n\n

Sam Fathi<\/a>:<\/p>\n

Apple CEO Tim Cook said today that customers who wish to sideload apps should consider purchasing an Android device as the experience offered by the iPhone maximizes their security and privacy.<\/p>

[…]<\/p>

Cook drew the comparison of sideloading to a carmaker selling a car without airbags or seatbelt, saying it would be “too risky.”<\/p>

[…]<\/p>

The App Store’s in-app purchase method, which developers are required to use for digital purchases made within apps, gives Apple a 15-30% commission on all purchases made. Cook noted today that Apple has only ever lowered the commission, never increasing it.<\/p><\/blockquote>\n

He’s said this multiple times, and I still find it misleading because increasing the categories of purchases subject to the commission, which Apple has done several times, is like raising it from 0% to 30%.<\/p>\n\n

Michael Love<\/a>:<\/p>\n

It’s kind of a hopeful sign that the pressure regarding sideloading has gotten serious enough that Apple feels the need to keep trotting out various executives to make this same disingenuous point.<\/p>

Also that it’s gotten serious enough that Tim Cook is actually telling people who want sideloading to buy an Android phone when in the past the’ve tiptoed around even using the word “Android” in product keynotes.<\/p><\/blockquote>\n\n

Previously:<\/p>\n