8 min Security

Apple makes sideloading more dangerous than necessary to favour its App Store

Apple makes sideloading more dangerous than necessary to favour its App Store

Apple tries to keep its own App Store as secure as possible. While reports of Android malware circulate relatively often, dangerous iOS apps appear to rear their ugly head far less often. Apple claims this is due to the full control it has over the App Store. As European legislation forces the company to allow alternative app stores, it warns of the security risks involved. Are these warnings justified?

Apple recently had to accept that it has to comply with the Digital Markets Act. Specifically, it means that the company may not prevent the installation of apps from outside Apple’s own App Store. For the first time, users will be able to break through the well-maintained walled garden of the App Store ecosystem relatively easily.

Now Apple’s proposal is to allow third-parties to start their own app store – with a catch. For example, the company wants to collect 50 cents for each app installation. Critics call that proposed step “a new low“.

Recently, Apple executive Phil Schiller revealed that his company is taking steps to ensure the continued security of apps, even if they’re outside the App Store. For example, with more than 600 APIs, it provides tools for developers to give users control over apps. In addition, apps from outside the App Store still need to be presented to Apple and get a go-ahead. A safety check measuring ‘notarization’ should ensure that at least a rudimentary security check remains for all applications. The App Store is set to remain more secure than its alternatives. The main reason for this is that the requirements from Apple are stricter and are its security measures for its own store feature faster human moderation. Thus, the company remains the final gatekeeper, but does not want to be fully responsible for any malware that still slips by from third-party stores. In essence, Apple’s trying to have it both ways here.

Important line of defense

The criticism from Apple of sideloading from random sources is quite justified, though. If any app can run on iOS, there’s practically no safeguard in place at all. Nevertheless, it is a bit odd how strident it’s being when it comes to the suggested alternative app stores. Only the App Store itself can apparently be fully provided with the best surveillance. For 50 cents per installed app, you should expect more from the alternate option. That type of monetization can even exceed the percentage Apple collects in App Store transactions, meaning its a lose-lose situation for users’ safety and app developers’ wallets alike.

Read more about the changed App Store policy here: Apple App Store and browser policy changes offend competitors

To briefly highlight how Apple keeps its own store safe: the company states that it scrutinizes 90 percent of all apps within the App Store within 24 hours. In almost all cases, you’d expect this methodology to keep malware at bay. Sideloading of apps hasn’t been allowed in any way. Not from any third-party app stores, not by putting a separate file on the phone via another device, as is possible on Android. The latter is what is usually meant when referring to ‘sideloading’, if we’re being fair about it.

The App Store security check, as it happens, is not foolproof. This week, for example, news emerged that it had approved a fraudulent LastPass copycat under the name LassPass for the App Store. The legitimate app maker felt compelled to warn users of its own accord. Apple has since removed the counterfeit app.

Still, the App Store defensive walls provide an important security trump card for Apple. After all, one of its main requirements is that apps operate within a sandbox. This shields the most privileged access to sensitive data from app developers. On paper, it should prevent malware from doing immeasurable damage. For that reason, it is not surprising that Apple rejects nearly a million apps a year.

Apple’s protection proves itself

Studies repeatedly show that vulnerabilities are more prevalent on Android, even though iOS does suffer more zero-days. Given it keeps a tight leash on the apps that come in, exploitation of such vulnerabilities is somewhat unlikely. Gil Shwed, founder and CEO of Check Point, stated to Forbes in 2021 that Apple devices are harder to attack, but also harder to protect. The opposite is true of Android, he opined.

That hasn’t changed in recent years. Google has, however, recently added a new feature to its Play Protect safeguards. With real-time scanning, the company can now also detect malicious apps that have ended up on a device via sideloading. A test by TechCrunch showed that the tool does not pick up every rogue app (something Apple can’t lay claim to doing either), but it does add an extra layer of security. As it turns out, platform holders can help make sideloaded apps stay secure. While Apple has a plan to provide third-party stores with an added layer of protection, there’s no mention of this extra defensive layer. Should sideloading from an alternative source other than just another app store become possible, Apple makes no promises in terms of security. However, the company has at least already done extensive research to prove that that form of sideloading should be avoided at all costs.

Many times more malware infections

Apple’s research finds a stark contrast between successful attacks on Android on the one hand and iOS on the other. Specifically, there are 15 to 47 times as many malware infections on Android phones than on iPhones. This leads to 6 million Android attacks per month at major security companies, Apple reports. Apple unfortunately does not share how many attacks per month occur on iPhones.

Apple’s criticism of allowing sideloading features many arguments. For one, cybercriminals will have easier targets. This is because attackers could convince a potential victim to install a rogue app. Consumers may also have less control over apps before and after installation. That’s because these apps would not have to comply with Apple’s restrictive policies. Because employers and schools might not want their app to go through all the time-consuming App Store verification steps, users may even be forced to use sideloading if it becomes tenable to do so. This undermines the previously described layers of protection, including sandboxing. In a worst-case scenario, threat actors could build entire fake App Stores to fool users.

Apple is not the only party to observe this. Threat intelligence lead by Trend Micro Lewis Duke makes no bones about it, “The introduction of sideloading functionality will lead to an increase in malware targeting Apple devices.” He argues that it will be necessary to run antivirus software on iOS once apps from outside the App Store can be installed.

Apple alone as referee?

Apple also warns of objectionable content appearing on iPhones. It highlights the danger to children if another party has a say in what’s allowed in an alternative app store. The suggestion that only Apple could provide this kind of protection is rather strange. After all, the current option on the table only proposes a handful of third-party app storefronts. These would still be bound by some of Apple’s rules. In the meantime, Microsoft, for example, has no immediate control over which apps run on Windows. By contrast, Apple has developed its proposed App Store changes to ensure it retains the final say.

Would apps actually be sideloadable, this mountain of criticism is justified. The mere loss of the exclusive refereeing role isn’t deserving of all the alarm bells going off in Cupertino. Apple will still continue to scan for threats, but actively chooses to cut back its safety measures for App Store alternatives. Having already spent countless years defending itself against any kind of competition to the App Store, it has lost much of its credibility among developers. It would be only right to ask for a fee to do a security check, but it should be a full-fledged one to be believable.

A solution could have been found if the negotiating position had focused on the thing (and the people) Apple is trying to protect. This consists of users’ personal data, private photos and other sensitive data. That should have been central to the discussion of allowing alternative app stores. How can users protect this data as much as possible while using something other than the App Store? That is a question that has not been addressed, primarily because Apple has only warned of the potential dangers in a worst-case scenario. That worst case Apple has presented need not be relevant if the company had cooperated with its fierce critics all along.