Apple software chief Craig Federighi: Sideloading is a cybercriminal’s best friend

Bottom line: On the second day of the 2021 Web Summit, Apple’s head of software development, Craig Federighi, gave a 10-minute speech focused on iOS security and the risks of downloading unpublished apps to Apple’s mobile platform. While appreciating the malware situation on iOS, Federighi noted that competing platforms were exposed to much more malware attacks, and cited “side loading” as the single biggest cause of the problem.

Apple’s refusal to allow iOS apps from any source other than the official App Store has been the subject of controversy for years. While avid fans on both sides of the fence have been doing this for a while now, we saw Tim Cook spotted earlier this year that sideloading was the main reason Android has 47 times more malware than iOS.

Unsurprisingly, Craig Federighi shared the same view at the 2021 Web Summit, where he called the sideload “a cybercriminal’s best friend.” He also cited government agencies, including Europol, which advises users to only install apps from official app stores. This is an interesting snippet that Apple shared at a time when the company was found in violation of EU competition rules and was forced to allow downloading of unpublished apps on the iPhone under the EU’s proposed Digital Markets Act (DMA).

Craig noted that downloading unpublished apps on iOS would compromise the security of the iPhone in the name of giving users more choice, depriving them of choosing a more secure platform. He also drew the analogy of a safe house equipped with a security system to keep out burglars, while some neighbors have suffered repeated intrusions due to inadequate protection. Adopting a DMA law, Federighi noted, would be akin to ordering all homes to build an “always open side door” to optimize parcel delivery.

Referring to the argument that people can decide for themselves whether they want to download unpublished apps, Federighi said that despite people’s intentions, they can still be tricked into running malicious apps. He went on to share an example from Android (of course) that included ransomware disguised as a COVID-19 tracking app and apps downloaded from the official Play Store that encouraged users to install a fake version of the store.

Whether the EU’s DMA law will be passed remains to be seen, but opponents of Apple’s position, including a number of developers and consumers, see the company’s policies as extremely monopolistic.

Downloading unpublished apps on iOS will ultimately bypass Apple’s security checks and also jeopardize 30 percent developer fees, which are billions of dollars annually. Apple’s lawsuit against Epic saw some change in this regard when Apple was forced to allow links to external payment systems – a decision it recently appealed.

Source link

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button