Apple white paper details dark side of sideloading

Dubai - Using apps from third-party sources means that these have not gone through stringent screening process

Apple on Wednesday released a white paper that further drove home its mission of providing a secure ecosystem for apps — particularly against the sideloading of apps — amid the ever-growing threat on every day users who are the most vulnerable targets for cyberattacks.

The study, Building a Trusted Ecosystem for Millions of Apps, explained the importance of a secure app environment using a light-hearted format starring every day characters John and Emma. From a sideloaded game an uneasy John was forced to download because Emma wants to try it to an app threatening to delete photos unless payments are made and a privacy-violating sleep-tracking app, the storytelling method shows how easy it is for unsuspecting users to fall prey to bad actors on their devices.

“Today, our phones are not just phones; they store some of our most sensitive information about our personal and professional lives,” Apple said in the white paper.

With almost two million apps on the App Store and thousands added each week available to over a billion users, managing the platform — given its sheer scale — in a secure manner seems daunting, but Apple has put in place endless processes and safeguards that guarantee app authenticity and honesty.

The late Steve Jobs, Apple’s co-founder, in 2007 — when the original iPhone was introduced — admitted that “this is no easy task”.

“We’re trying to do two diametrically-opposed things at once: Provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc,” he had said.

Even the US Department of Homeland Security and the European Union Agency for Cybersecurity, as early as 2016, had said that sideloading should be avoided, stressing the importance of using legitimate and authentic sources to mitigate threats from vulnerable apps. Top governmental agencies reminding users of this shows the high level of concern for both users and enterprises.

In fact, 2020 was a very busy year for Apple, no thanks to the increasing attempts to use the App Store for illicit purposes. Last year, almost a million apps and a similar number of updates were rejected or removed for various reasons, including for being spam or copycats (150,000 plus), violating privacy guidelines (over 215,000), containing hidden or undocumented features (more than 48,000) and including bait-and-switch functions (about 95,000).

In addition, Apple ejected 470,000 teams from its developer programme and deactivated 244 million customer accounts because of fraudulent activity, the latter including fake reviews.

Overall, this translated into stopping more than $1.5 billion worth of potentially fraudulent transactions.

Sideloading is the process of downloading and installing of apps on a device from a source other than the official app store of that device. Apple has a zero-tolerance policy for this practice, though workarounds have been developed by certain users to bypass this, a process known as jailbreaking, which removes restrictions in place.

Using apps from third-party sources, therefore, means that these apps have not gone through Apple’s stringent app screening process, which in turn puts an iPhone or any other Apple device at risk from cyberattacks, including malware installation and theft.

“To protect user security and privacy, we designed iPhone from the beginning not to allow sideloading for every day users,” it said in the white paper.

“The App Store… is a trusted place for users to securely download apps that are reviewed by Apple, from known developers who must abide by Apple’s guidelines.”

Allowing sideloading on iPhones is akin to “widening the universe of potential attacks”, it added, putting all users at risk, “even those who make a deliberate effort to protect themselves by only downloading apps through the App Store”.

alvin@khaleejtimes.com

• Business and Technology Review