Apple has released a new research report detailing the reasons why it prohibits the sideloading of apps on iOS, including some of the dangers of the distribution method.
Sideloading, which is prohibited on iPhone and iPad, refers to downloading or installing apps that originate outside of the App Store through unmonitored mechanisms like enterprise certificates. On Wednesday, Apple released a white paper titled "Building a Trusted Ecosystem for Millions of Apps," which details some of the issues with the practice.
For example, Apple notes that sideloaded apps could bypass some of the built-in control mechanisms on iOS. Apple gives the example of a game app that can bypass the Ask to Buy parental control for in-game purchases.
The Cupertino tech giant also gives the example of malicious apps, such as a copycat application that threatens to delete all of a user's photos unless they pay a ransom.
Other examples include pirated apps that funnel money to scammers and apps that infringe on a user's privacy.
"To protect iOS users from malicious apps and provide the world's best platform security, we take a multi-pronged approach, with many layers of protection," Apple writes.
The company also detailed why the privacy and security protections differ between iOS and macOS.
"iOS poses unique security challenges because users continuously and frequently download new apps onto their devices, and because iOS devices need to be safe enough for children to use unsupervised," Apple explains.
Additionally, Apple says that an iPhone is a much more attractive target for criminals because of how many devices are in the wild. It added that it's continuing to make moves to bring macOS closer to the iPhone, echoing comments from Apple SVP Craig Federighi about the Mac falling short of Apple's security standards.
Other portions of the paper focus on the App Review process, and how it keeps the majority of malicious or scam apps off of the App Store. That includes statistics on how App Review processes apps, such as the fact that Apple has stopped more than $1.5 billion in potentially fraudulent transactions.
Sideloading has been floated as a potential solution to antitrust concerns surrounding the App Store. For example, Epic Games lawyers in its trial with Apple argued that sideloading and alternative app stores could increase competition on iOS. Proposed rules in the European Union could also force Apple to allow sideloading.
Apple maintains that sideloading could be a danger to user security and privacy. It argued against the practice in court with Epic Games, and Apple CEO Tim Cook also spoke out against the proposed regulations in the EU earlier in June.
There have also been instances of developers abusing Apple's enterprise certificate program to sideload applications onto user devices. While the program is designed to facilitate the internal distribution of apps within companies, firms like Facebook and Google have been caught using it to sideload apps to bypass the App Review process.
The full white paper goes into further detail behind Apple's reasoning and offers additional context surrounding App Review and the ban on sideloading apps. It's available here.
Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too. If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.
If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.