Michael Chertoff, who was the second United States Secretary of Homeland Security to serve under President George W. Bush, and the co-author of the USA PATRIOT Act, says that the U.S. government should abandon any legislation to mandate unrestricted side-loading of apps due to significant security risks.
Michael Chertoff for TechCrunch:
The Open App Markets Act, a bill that would, among many other things, require device makers to allow for the installation of unvetted applications on users’ mobile devices, won the approval of the U.S. Senate Judiciary Committee earlier this month.
This legislation [if passed and signed into law; a big “IF” – MDN Ed.] would confront the “walled garden” app distribution model, in which applications can only be installed from official app stores, that has been in place since the early days of smartphones…
This part of the proposed legislation introduces unintended, but potentially significant, device security risks by allowing app deliveries through unsupervised channels.
Poorly regulated app stores, like many found in China, are breeding grounds for compromised apps filled with malware. Inadequately regulated app stores lacking the most basic of security checks increase the risk to consumers by making it easier for users to download a compromised app that may steal their data or defraud them…
Fortunately, Congress can impose security standards on the new app stores that can help protect consumer end users.
First, they can require stores to have a base level of security review and monitoring of apps, including human review. Human review helps to ensure that the permissions used by the app reflect the app’s advertising, a step vital to preventing malicious apps from doing things they aren’t supposed to.
Second, the U.S. and other governments should abandon plans to mandate unrestricted “side-loading” — the risk to the average end user is simply too great when they can install an unknown app in a few clicks with no understanding of accompanying security risks.
MacDailyNews Take: Putting aside the richness of the co-author of the USA PATRIOT Act warning of unintended consequences, Chertoff agrees in principle with Apple CEO Tim Cook who, in June 2021, said that side-loading apps would “destroy the security” of the iPhone. If Apple had to allow side-loading, Cook explained, then features like App Store nutrition labels and App Tracking Transparency “would not exist anymore.”
I would say [side-loading] would damage both privacy and security. I mean, you look at malware as an example, and Android has 47x more malware than iOS. Why is that? It’s because we’ve designed iOS in such a way that there’s one App Store and all of the apps are reviewed prior to going on the store. That keeps a lot of this malware stuff out of our ecosystem. Customers have told us very continuously how much they value that. And so we’re going to be standing up for the user in the discussions and we’ll see where it goes. I’m optimistic, I think most people looking at security know that security is a major risk. – Apple CEO Tim Cook, June 16, 2021
Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!
Shop The Apple Store at Amazon.
How long have they been talking about this BS? You can’t force a company to add dumb features to technology nobody is required to use. Stop wasting time.
“Poorly regulated app stores, like many found in China, are breeding grounds for compromised apps filled with malware. Inadequately regulated app stores lacking the most basic of security checks increase the risk to consumers by making it easier for users to download a compromised app that may steal their data or defraud them…”
So pass laws to regulate them, including the Apple App Store, Google Play, Amazon, all others.
I completely agree. I just wrote a reply to Jason Snell’s article (for my Facebook page) in Macworld where he thinks Apple should allow sideloading. I don’t see much advantage to the consumer in it. Actually, I think it’s terrible. Suddenly, iOS will be flooded with malware and piracy. Likely lower security as well. For what, a handful of apps developers can’t get into the App Store? Or for Epic that doesn’t want to pay any fees, but in its own store, is even worse than Apple?
No thanks!
I say allow sideloading that runs within a safe and secure sandbox provided by iOS just like every other app does.
“The US Government should…
The US Government should not…
The US Government should….”
and coming from a co-author of the Patriot Act. It’s wearing me down…all the commands, recommendations, and requirements of those on High that repeatedly prove themselves questionable authorities.
Can someone call Hillary for the best path to take?
I can get on board for a program that mandates side-loading but also requires certification of App Stores to drastically reduce instances of malware. An annual re-certification wouldn’t hurt either. Consumers that choose to frequent only the OS provider’s App Stores are free to do so while letting those that want more choice to visit 3rd party App stores. Larger companies like Zynga, Epic, etc that have huge libraries of Apps may also have to be included in the certification process should they choose to allow/vend their Apps directly from their sites.
But then what about the open source App Stores that don’t have the big bucks to go through the certification process?
What about developers that just want to release without having to go through any third party store?
A provision may be added to a bill that defines what constitutes an App Store. e.g. Volume of Apps being sold, vending Apps that weren’t developed by the person/organization owning the ‘store’. At the same time not being able to legally display a ‘certified’ image to make users aware that they are at higher risk for installing malware should they choose to go ahead and use the store.