Apple software head Craig Federighi said in a speech on Wednesday that proposed EU App Store regulation that could force Apple to allow iPhone users to install software from the web would open “Pandora’s box” and could pose threats to entire networks of computers.
Apple is particularly concerned about the Digital Markets Act, which CEO Tim Cook has previously said would result in Apple being forced to allow “sideloading,” or the ability to install iPhone apps from the web instead of through Apple’s App Store.
“European policymakers have often been ahead of the curve,” Federighi said. “But requiring sideloading on iPhone would be a step backward. Instead of creating choice, it could open up a Pandora’s Box of unreviewed malware and software.”
The European Commission, the executive arm of the EU, presented the Digital Markets Act last December…
“Even if you have no intention of sideloading, people are routinely coerced or tricked into doing it,” Federighi said, citing malware on Google’s Android, which allows sideloading.
“The fact is one compromised device including a mobile phone can pose a threat to an entire network,” Federighi said. “Malware in sideloaded apps can jeopardize government systems, affect enterprise networks, public utilities, the list goes on.”
“That one provision in the DMA would force every iPhone user into a landscape of professional con artists constantly trying to fool them,” Federighi said. He said users can choose between iPhones and Android phones that allow sideloading.
MacDailyNews Take: If users want an insecure phone, they have plenty of iPhone knockoffs from which to choose.
Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!
If the concern is that malware by sideloaded Apps is seen to be a problem for Enterprise issued devices, surely they could add an Administrative option in the device management tool that removes/disables the sideloading option.
But that wont peotect or help you from a botnet of insecure iPhones DDOSing you.
Perhaps, but then again those Enterprise managed devices would not likely be part of that group. The same feature could be implemented in Family managed devices by parents further reducing the chance of iOS devices becoming part of your hypothetical botnet. Perhaps sideloading being an option would lead Apple to follow Android’s lead (as with many other features) in implementing automated on-device malware scanning as part of iOS.
Jaibreaking should have been even worse. Who did it hurt beyond the jailbroken device?
Basically Apple doesn’t trust it’s users, or actually, doesn’t want to deal with the support.
Well the free ride is ending.
Who did it hurt beyond the jailbroken device?
Everyone who has who happens to have e-Mail communication with someone with hacked/insecure device holder. All your communication with that person could be clearly visible to third partys. Not good.
So it’s already happening then.
PS…
And what about your Mac?
Yes, if you have a keylogger or trojan in your Mac or PC, of course your device with its infornatuon is taken over. At the moment it is much more difficult to achieve this situation on an iOS/iPadOS device.
The point I am making is that being reckless to your own privacy and security is also being reckless to other people privacy who trust you their communication.
I would not dare to send a single e-Mail to a person who proudly says: “I got nothing to hide, let everyone spy behind me. It wont hurt anyone”
I can see where a keylogger/tracker may be problematic on an iOS device, but with the way iOS is sandboxed, the only possible way that kind of malware could exist is as a 3rd party keyboard app. I doubt any significant number of iOS users are even aware of 3rd party virtual keyboards, let alone have any intention of replacing their current default keyboard. iOS also puts any App not in the foreground into a ‘sleep’ mode (with some background thread exceptions) so even from that angle a keylogger/tracker would be difficult to implement. Note also that unlike any other common OS every iOS App holds its own file storage. The exceptions being photo/video/music. Any experienced user has encountered this to their frustration when they have to download the same text/pdf document to each App that they want to use it in locally. The exception once more is if you leave that document in the cloud and access it that way.
But that’s your choice, your decision, not one made for you by Apple, at least in the czase of your Mac.