Malcolm Owen
Apple has written to the U.S. Senate Judiciary Committee to dispute claims made by an expect about sideloading, insisting its arguments about the technique being a malware vector are justified.
In February, the Senate Judiciary Committee voted to advance forward the Open Markets Act in February, legislation that could force Apple to allow the sideloading of apps. In a continued effort to fight the measure, Apple has written to lawmakers about malware dangers.
The letter, sent on Thursday and seen by Reuters, talks about comments from computer security expert Bruce Schneider, where he says Apple's concerns about sideloading are "unfounded."
In response, Apple argued that sideloading is beneficial to malware producers, as it relies on users being tricked to download it rather than requiring hackers to more directly break device security. The App Store review process "creates a high barrier against the most common scams used to distribute malware," writes Apple.
Though Apple does accept Schneider's comments that state-sponsored hackers have the potential to break device security directly, such attacks are a "rare threat" to consumers. "There is ample evidence showing third-party app stores are a key malware vector on platforms which support such stores," urges the iPhone maker.
Apple's letter was sent to Dick Durbin, the Senate Judiciary Committee chair, as well as its top Republican, Chuck Grassley. It was also sent to antitrust subcommittee chair Amy Klobuchar and its top Republican, Mike Lee.
In a previous letter to top Senate lawmakers on February 3, Apple said the Open Markets Act would harm user security and privacy. Sideloading "would enable bad actors to evade Apple's privacy and security protections by distributing apps without critical privacy and security checks."
The Open Markets Act is an antitrust bill that applies restrictions to Apple, Google, and other platform holders. It would ban policies preventing sideloading, as well as essentially forcing the acceptance of third-party payment systems, among other measures.
William Gallagher
Christine McKee
AppleInsider Staff
Chip Loder
33 Comments
Of course side loading is a malware danger. That was never being debated. The solution is simple: A switch that turns on side loading and turns off features like the official Apple App Store and iCloud that would be compromised by a side loaded app. Users who enable side loading would use third party app stores on their device. It's perfect for older iOS devices that otherwise would otherwise collect dust and is also a great way to recycle old devices. I bet less than 10% of iOS users would enable side loading on an old device but if they want to they should be able to. This is why jailbreaking exists. Apple should just make an official way to jailbreak old devices and be done with it.
I don't like the security argument, because if iOS sandboxing would work flawlessly, sideloading would not be a problem.
On the other side, the App Store review process was never good in preventing malware, more in being compliant with Apple's rules.
So I would like to see:
- iOS (and sandboxing) being more robust
- Sideloading being allowed, but with developer certificate (like on the Mac), so that bad apps can be wiped remotely by revoking the certificate
- 3rd party app store, that have their own review process and their own set of compliance rules
All in all I strongly believe this would help Apple to grow the platform and not be harmful at all!
Apple is not wrong.
It’s not going to be pretty.
I predict though that Apple will be who gets sued when people side load something that steals their data.