Apple's head of privacy doubles down on anti-sideloading stance

Erik Neuenschwander, Director, User Privacy, at Apple

As Apple releases its study about how App Store curation protects users, the company's head of privacy has been explaining the publication and defending the position. Speaking to Fast Company magazine, Erik Neuenschwander, Director, User Privacy, says curation is a key part of keeping iOS users safe.

"Today, we have our technical defenses, we have our policy defenses, and then we still have the user's own smarts," Neuenschwander Mac">told the publication.

"Sideloading in this case is actually eliminating choice," he continues. "Users who want that direct access to applications without any kind of review have sideloading today on other platforms."

"The iOS platform is the one where users understand that they can't be tricked or duped into some dark alley or side road where they're going to end up with a sideloaded app, even if they didn't intend to," says Neuenschwander.

He points out that it is in the interest of bad actors to exploit opportunities, and specifically to work at fooling users into downloading their apps.

"Even users who intend — they've consciously thought themselves that they are only going to download apps from the App Store — well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."

"Really, you have to think very creatively, very expansively as an attacker would trying to go after so many users with such rich data on their device," he continued. "And so users will be attacked regardless of whether or not they intend to navigate app stores other than Apple's."

It is argue that while Apple insists on a curated, walled-garden for iOS apps, it does not for the Mac. Previously, Apple's Craig Federighi has said that gone as far as to say the Mac's security is not good enough, that it is "is not meeting that bar today."

Neuenschwander argues that the iPhone has to have far greater security, simply because of the different ways that people use their iOS devices compared to the Mac.

"[The iPhone is] the device you carry around with you," he told Fast Company. "So it knows your location. And therefore somebody who could attack that would get pattern-of-life details about you."

"It has a microphone, and therefore that's a microphone that could be around you much more than your Mac's microphone is likely to be," he continues. "So the kind of sensitive data [on the iPhone] is more enticing to an attacker."

"[Plus the] pattern of use of the Mac — just the style, how people use that platform tends to be that they get a few applications that they use to do their job or their hobby, and then it kind of reaches a steady state," he says.

"But what we've all seen is that mobile platforms, including iPhone, are ones where users are downloading apps on a continuing basis," continues Neuenschwander. "And that gives an attacker more opportunities to get in and get at that user. So the threat on the iOS side is much higher than the threat on the Mac side."

Apple's new "Building a Trusted Ecosystem for Millions of Apps" publication is available here.

Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.

If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.