Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple's head of privacy doubles down on anti-sideloading stance

Erik Neuenschwander, Director, User Privacy, at Apple

As part of Apple's push on Wednesday morning, privacy lead Erik Neuenschwander reiterates the company's stance on sideloading on iOS — and says that it actually reduces user choice.

As Apple releases its study about how App Store curation protects users, the company's head of privacy has been explaining the publication and defending the position. Speaking to Fast Company magazine, Erik Neuenschwander, Director, User Privacy, says curation is a key part of keeping iOS users safe.

"Today, we have our technical defenses, we have our policy defenses, and then we still have the user's own smarts," Neuenschwander Mac">told the publication.

"Sideloading in this case is actually eliminating choice," he continues. "Users who want that direct access to applications without any kind of review have sideloading today on other platforms."

"The iOS platform is the one where users understand that they can't be tricked or duped into some dark alley or side road where they're going to end up with a sideloaded app, even if they didn't intend to," says Neuenschwander.

He points out that it is in the interest of bad actors to exploit opportunities, and specifically to work at fooling users into downloading their apps.

"Even users who intend — they've consciously thought themselves that they are only going to download apps from the App Store — well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."

"Really, you have to think very creatively, very expansively as an attacker would trying to go after so many users with such rich data on their device," he continued. "And so users will be attacked regardless of whether or not they intend to navigate app stores other than Apple's."

It is argue that while Apple insists on a curated, walled-garden for iOS apps, it does not for the Mac. Previously, Apple's Craig Federighi has said that gone as far as to say the Mac's security is not good enough, that it is "is not meeting that bar today."

Neuenschwander argues that the iPhone has to have far greater security, simply because of the different ways that people use their iOS devices compared to the Mac.

"[The iPhone is] the device you carry around with you," he told Fast Company. "So it knows your location. And therefore somebody who could attack that would get pattern-of-life details about you."

"It has a microphone, and therefore that's a microphone that could be around you much more than your Mac's microphone is likely to be," he continues. "So the kind of sensitive data [on the iPhone] is more enticing to an attacker."

"[Plus the] pattern of use of the Mac — just the style, how people use that platform tends to be that they get a few applications that they use to do their job or their hobby, and then it kind of reaches a steady state," he says.

"But what we've all seen is that mobile platforms, including iPhone, are ones where users are downloading apps on a continuing basis," continues Neuenschwander. "And that gives an attacker more opportunities to get in and get at that user. So the threat on the iOS side is much higher than the threat on the Mac side."

Apple's new "Building a Trusted Ecosystem for Millions of Apps" publication is available here.

Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.

If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.



22 Comments

beowulfschmidt 12 Years · 2361 comments

"Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."

While I in no way, shape, or form support forcing Apple to open up to other App Stores, this particular argument doesn't hold much water.  Apple could add a switch to iOS that simply disallows purchases or downloads from any App Store but Apple's own.  Such an option could be set to "disallow" by default.  Flipping that switch off could require authentication, i.e. password, Touch ID, or Face ID.

gatorguy 13 Years · 24627 comments

"Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."
While I in no way, shape, or form support forcing Apple to open up to other App Stores, this particular argument doesn't hold much water.  Apple could add a switch to iOS that simply disallows purchases or downloads from any App Store but Apple's own.  Such an option could be set to "disallow" by default.  Flipping that switch off could require authentication, i.e. password, Touch ID, or Face ID.

Exactly. No one forced to allow side-loading. My opinion is this has far more to do with protecting services revenue. While I don't think US owners would play much outside of the official Apple AppStore, I think Asian and Chinese iPhone/iPad owners would be more comfortably with doing so. Apple might see some slide in those regions AppStore profits which is what all the distraction from "security" handwringing is trying to avoid.

rob53 13 Years · 3312 comments

The problem I see with a setting to allow side-loading means there's a software ability to easily hack iOS. It's not a backdoor, it would be a front door without much of any lock on it. If the ability to side-load an app is included in iOS, it will be used to bypass iOS security and it will succeed. Most consumers don't know how to make any changes to their iOS devices or their PCs. They just want them to work out of the box. I'd guess almost 100% of the people reading AI know, or can figure out, how to make changes to their devices and what those changes do. We're not Apple's primary customers. People do things all the time they aren't supposed to do. That's what almost everything we buy has a safety label on it. Do people read and understand what the consequences of misuse are? I would hope most do. Apple has tried to protect consumers from scams and outright theft of personal information and that comes with forced limitations on usage. Can any of you envision what would happen if Apple is forced to allow a wide open iOS environment? I can, it's called early Android where nobody could really trust anything happening on their phones. 

Once iOS is open to any app, I would quit using it for any banking, medical, purchasing or anything dealing with my personal information. We all know every government has a group working on hacking iOS (and every other operating system) and forcing Apple to provide a key into the front door makes it very simple to force an app onto every iOS device making leaving it open for government monitoring. I'm sure none of us want this but this is what would happen and Apple would have a difficult time stopping it. Asian users (@Gatorguy) already have to fight their governments spying on them. Allowing side-loading makes it even easier. 

Prove me wrong. If Apple is forced to allow side-loading, how will they be able to guarantee every app is safe to use? (They can't do this now.) How will they guarantee privacy on their devices? Who do I sue when I get a message or email or click on a website and malware that never worked before downloads code that unlocks my phone so they can continue to download more malware? It isn't Apple. 

tjwolf 12 Years · 423 comments

"Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."
While I in no way, shape, or form support forcing Apple to open up to other App Stores, this particular argument doesn't hold much water.  Apple could add a switch to iOS that simply disallows purchases or downloads from any App Store but Apple's own.  Such an option could be set to "disallow" by default.  Flipping that switch off could require authentication, i.e. password, Touch ID, or Face ID.

I disagree.  First of all, there are lots of people who would flip that switch simply because they wanted to get that one cool app that is only available from outside the App Store....and then forget to flip it back.

Then there the millions of families who have several iPhones and/or iPads under the same Apple ID.  What if my daughter decides to flip that switch because her classmates point her to some cool app that she "just gotta have".  See above for the first issue.  But additionally, now her compromised device is affecting mine and my wife's iPhone as well!  Once that malicious app has gotten into one Apple device, it has the opportunity to get into others much more easily due to Apple's great integration between devices.

jungmark 13 Years · 6927 comments

"Even users who intend -- they've consciously thought themselves that they are only going to download apps from the App Store -- well, the attackers know this," he says, "so they're going to try to convince that user that they're downloading an app from the App Store even when that's not happening."
While I in no way, shape, or form support forcing Apple to open up to other App Stores, this particular argument doesn't hold much water.  Apple could add a switch to iOS that simply disallows purchases or downloads from any App Store but Apple's own.  Such an option could be set to "disallow" by default.  Flipping that switch off could require authentication, i.e. password, Touch ID, or Face ID.

You’re too naive to think side-loaded apps won’t contain Trojan horses to effectively make that toggle useless or worse.