Sideloading is a cybercriminals best friend, and requiring it on iPhone would be a goldrush for the malware industry according to Craig Federighi, Apple senior vice president. He made a dramatic speech at Web Summit 2021 claiming the security threats if Apple required users to sideload apps.
Federighi is responsible for Apple's iOS and macOS software divisions. He was protesting the European Commissions Digital Markets Act that would, if it were passed, require Apple to allow users to install apps other than the iOS App Store. Federighi claims that Apple's low malware rate on iOS is due to the absence of sideloading. He also believes that Apple would be able to allow users to install their own apps if they were forced to.
Federighi also opposes the popular solution that lets users choose whether they want to sideload apps. Criminals are smart and can hide in plain sight. Even informed users could be caught by misleading websites or get stuck with fake apps stores on their phones.
Apple still strongly opposes sideloading
Federighi asks his audience to imagine the parents or children who may be tricked by malware, even though you might not be a smartphone expert. Federighi says that malware can harm anyone, and that this is something we shouldn't stand for. This despite the fact Apple continues to deal with multimillion-dollar scams, which the company just added in September.
Federighis doom picture doesn't stop there. He also points out that sideloading could be a problem if Apple allows it. Federighi says that Apple's privacy requirements are more stringent than the law and that social media companies seeking to escape them could make customers choose between losing touch online with friends or taking on sideloading risks.
Federighi says that sideloading can compromise security and expose peoples data. He believes that customers and regulators should have the option of using Android instead. However, it shouldn't be required for iPhones. All the concerns about iOS are curious given Federighi's other job title: leading the macOS software development team. This is where apps can be installed freely outside of Apples App Store (and have been since decades) without being subject to apocalyptic malware attack.
Apple could allow iOS sideloading in the same way if it wanted. This would require something similar to the Gatekeeper system for macOS. It allows Apple to verify the software's authenticity by signing developer IDs. Judge Yvonne Gonzalez Rogers also noted this argument during the Apple / Epic trial. She commented that Federighi may have exaggerated Mac malware concerns and that Apple could probably make a similar system on iOS.
Federighis' speech ignores the fact, most importantly, that all apps must be downloaded through the App Shop. This means all app commerce must flow through the App store, where Apple takes its highly-contested 30 percent cut. It is worth billions every year.