Amid growing pressure from private companies and governments to allow sideloading on iOS, Apple is out today with a new security paper diving into real-world data on how malware is impacting mobile devices. Along with statistics like Android having between 15 and 47 times more malware than iPhone, Apple is making its latest case against sideloading with data and recommendations from the US Department of Homeland Security, European Agency for Cybersecurity, NIST, Norton, and more.
As proposed legislation in the US, Europe, and elsewhere aims to force Apple to allow sideloading on iOS, the company is out today with a new security report that goes in-depth on why it believes opening up the App Store is a harmful idea. Today’s paper comes as a follow-up to the guide it published in June on the benefits of its curated App Store.
Titled “Building a Trusted Ecosystem for Millions of Apps – A threat analysis of sideloading,” the new report is a 28-page document that covers:
- Current mobile threat landscape
- Snapshot of common consumer mobile malware
- How mobile malware attacks access devices
- Risks of opening the iOS ecosystem
- The limited mechanism to distribute apps outside of the App Store
- The impact of sidloading on iOS
- Sideloading and iOS users
- Guidance from security experts
At the outset, Apple reiterates that it believes opening iOS to sideloading would “cripple the privacy and security protections that have made iPhone so secure, and expose users to serious security risks.”
The first page also highlights reports from Nokia in 2019 and 2020 that showed malware on Android (which supports sideloading) was between 15 to 47 times greater over the last four years than it was on iPhone.
Apple closes out its introduction by saying that “mobile malware harms consumers, companies, developers, and advertisers.”
Apple also claims that even users who don’t want to sideload apps could be at risk if iOS was forced to open the ecosystem.
And another concern Apple brings up is those who would mimic the App Store or use freebies to encourage sideloading apps.
Users also may have no choice other than sideloading an app that they need to connect with family and friends because the app is not made available on the App Store. For example, if sideloading were permitted, some companies may choose to distribute their apps solely outside of the App Store.
The new Apple report also mentions recent Android trojans like Banker.BR, TeaBot, and BlackRock, the latter of which steals login credentials from 450 online services and poses as the popular Clubhouse app.
Cybercriminals may trick users into sideloading apps by mimicking the appearance of the App Store, or by touting free or expanded access to services or exclusive features.
Apple believes that “Sideloading would make it easier and cheaper to execute many attacks that are currently difficult and costly to execute on iOS” and open a door to harming users, businesses, developers, and advertisers.
In closing, Apple cites seven sources from the US Department of Homeland Security to the European Agency for Cybersecurity to Norton to help make its case. You can find Apple’s full October security paper here.
In contrast, European Commissioner for Competition, Margrethe Vestager, previously said Apple shouldn’t use privacy and security concerns as a shield for anticompetitive behavior. And Epic Games plus the Coalition for App Fairness of course agree with that belief.