How Apple should implement sideloading (if they need to by legislation or otherwise do so by choice)

[vertsix]

This post is due as a response to recent developments of Apple possibly being forced to allow sideloading.

Sideloading brings great choice for the user and by itself is a positive thing, but I understand all the privacy and security concerns around it. I've used Android for quite a while and just recently switched back, and the problem on the platform is not that sideloading is a choice (that's a positive thing), but rather an easy choice that is easily accessible.

I have several relatives that have sideloading clones of apps on their devices (mind you, they have little to no knowledge of technology) that obviously pose security and privacy risks, because sideloading on Android is too easy (yes, even though the system responsibly warns them of the risks).

That's why I feel Apple has the opportunity to do sideloading right, and yes, that would mean making it harder to do so than in competing platforms, to deter people who are not knowledgeable enough to understand the real disadvantages of sideloading to do so, and to prevent Apple issues in the support stage (both hardware and software).

This is how I can imagine it they should do it:

1. The sideloading state should be a switchable state and should only be controlled by a switch that must be activated or disabled on a computer, Finder on Mac and iTunes on Windows.
2. When a user wants to enable the sideloading state, a factory reset should be required. The user will, then, be prompted for an iTunes or Finder backup. This is so the secure, walled state of the device is ensured in backups. Users, of course, could have the choice to restore those same backups on devices with the sideloading state on.
3. AppleCare(+) coverage and support should be limited unless the sideloading state is turned off, again through a Windows PC or Mac, requiring another factory reset. A factory reset on-device when the sideloading state is on would turn it off.
4. Backups are disabled when the sideloading state is enabled. Again, this is to ensure users ONLY have secure backups of their data.
5. Certain iCloud and secure iPhone functionality could be disabled for security (like iCloud Keychain and the like, if Apple (who has actual security knowledge of these things) determines it is a risk).
6. As always, when users sideload an app, there should be a prompt warning the users of the possible risks.

I feel like this would be a compromise for both philosophies. What do you think?

 

[turbineseaplane]

1. No
2. HELL no
3. Absolutely no (doubt it would hold up to scrutiny anyhow)
4. Again, no
5. Once more, no
6. Yes, for sure, similar to macOS

None of these concerns are valid on macOS, nor should they be on iOS
Let's not over think the room here

Apple already has "side loading" (simply getting apps from sources other than Apple App Store) figured out wonderfully on macOS. It need not have all sorts of weird special hoops to jump through on iOS

On iOS, enterprises are already doing side loading and have forever!
Nothing needs to change dramatically at all here.

I think people just don't understand how secure of a system Apple has already built.
The security is not from the Apple App Store source part of it, but from the design for the entire iOS system.

 

[vertsix]

1. No
2. HELL no
3. Absolutely no (doubt it would hold up to scrutiny anyhow)
4. Again, no
5. Once more, no
6. Yes, for sure, similar to macOS

None of these concerns are valid on macOS, nor should they be on iOS
Let's not over think the room here

Apple already has "side loading" (simply getting apps from sources other than Apple App Store) figured out wonderfully on macOS. It need not have all sorts of weird special hoops to jump through on iOS

On iOS, enterprises are already doing side loading and have forever!
Nothing needs to change dramatically at all here.

I think people just don't understand how secure of a system Apple has already built.
The security is not from the Apple App Store source part of it, but from the design for the entire iOS system.

1. Care to explain why?
2. Why?
3. The AppleCare(+) terms already state that they can deny service at any time if your device is modified in hardware and software, similar clausure could be created in an updated terms of service. Again, this is such that the AppleCare service remains a seamless process for all of us.
4. Why?
5. Why?

I'm open to hearing dissenting opinions.

 

[turbineseaplane]

1. Care to explain why?
2. Why?
3. The AppleCare(+) terms already state that they can deny service at any time if your device is modified in hardware and software, similar clausure could be created in an updated terms of service. Again, this is such that the AppleCare service remains a seamless process for all of us.
4. Why?
5. Why?

I'm open to hearing dissenting opinions.

We've discussed this ENDLESSLY in various threads
Please go read those. We don't need yet another thread rehashing it all over again from scratch

Sideloading Bill Would Allow 'Malware, Scams and Data-Exploitation to Proliferate,' Says Apple

The U.S. Senate Judiciary Committee will on Thursday consider the Open App Markets Act, an antitrust bill that would allow for sideloading and alternate app stores. Ahead of the meeting, Apple's head of government affairs in the Americas Tim Powderly sent a letter to committee members, urging...

forums.macrumors.com

U.S. Senate Judiciary Committee Approves Another Antitrust Bill That Would Allow Sideloading on iPhone

The U.S. Senate Judiciary Committee today approved the bipartisan Open App Markets Act, an antitrust bill that would allow for alternative app stores and alternative in-app payment systems on the iPhone. The bill will now head to the Senate floor for a vote. Apple had urged the U.S. Senate...

forums.macrumors.com

I'm open to hearing dissenting opinions.

Lucky for you, the dissenting opinions are plentiful in those threads above (particularly the first link - 29 pages and going)

 

[vertsix]

1. No
2. HELL no
3. Absolutely no (doubt it would hold up to scrutiny anyhow)
4. Again, no
5. Once more, no
6. Yes, for sure, similar to macOS

None of these concerns are valid on macOS, nor should they be on iOS
Let's not over think the room here

Apple already has "side loading" (simply getting apps from sources other than Apple App Store) figured out wonderfully on macOS. It need not have all sorts of weird special hoops to jump through on iOS

On iOS, enterprises are already doing side loading and have forever!
Nothing needs to change dramatically at all here.

I think people just don't understand how secure of a system Apple has already built.
The security is not from the Apple App Store source part of it, but from the design for the entire iOS system.

If the currently easy sideloading system works on Macs, why is there so much malware on the platform?

Apple's Craig Federighi: Mac Not Meeting the Bar for Customer Protection

Apple software engineering chief Craig Federighi is testifying in the ongoing Apple v. Epic games trial this afternoon, providing details about...

www.macrumors.com

 

[KaliYoni]

1. Yes to switch. No to requiring a desktop computer because this restriction could be easily circumvented in an even less secure way (say, on a public library computer) and PC ownership is on a long term downward slope.
2. Yes to requiring a backup (perhaps Apple could create a special backup file for sideloaders). No to requiring a factory reset because it is too disruptive. Also because it could destroy data or settings for non tech-adept users who just want to download a "trending" game or app because of FOMO.
3. No because it is too restrictive on all iOS users.
4. I think it would be better if Apple developed a specific backup process for sideloading-enabled devices rather than preventing anybody who sideloads from backing up their devices.
5. Yes.
6. Yes.

----------
edited to fix typos

 

[vertsix]

1. Yes to switch. No to requiring a desktop computer because this restriction could be easily circumvented in an even less secure way (say, on a public library computer) and PC ownership is on long term downward slope.
2. Yes to requiring a backup (perhaps Apple could create a special backup file for sideloaders). No to requiring a factory reset because it is too disruptive. Also because it could destroy data or settings for non-tech adept users who just want to download a "trending" game or app because of FOMO.
3. No because it is too restrictive on all iOS users.
4. I think it would be better if Apple developed a specific backup process for sideloading-enabled devices rather than preventing anybody who sideloads from backing up their devices.
5. Yes.
6. Yes.

1. Interesting point. Don't iOS devices not communicate with computers already unless you trust it on device, which requires a device unlocked state?
2. Requiring a reset may be disruptive but that's the point - to deter those who probably shouldn't be sideloading from doing so. You could always restore a backup.
3. How should Apple handle (on the support side) issues possibly caused by a malicious sideloaded app? Let's say, one that freezes up the phone because it spams ads through notifications?
4. I suppose that could be a good idea. Preventing the restore of backups from sideloading-enabled devices should only be allowed on devices with that on though.

 

[KaliYoni]

1. Interesting point. Don't iOS devices not communicate with computers already unless you trust it on device, which requires a device unlocked state?
[...]
3. How should Apple handle (on the support side) issues possibly caused by a malicious sideloaded app? Let's say, one that freezes up the phone because it spams ads through notifications?

For 1: If somebody has physical access to their device, they can just tell the device to trust whatever it is connected to (best case, a family member's computer; worst case, a USB port in a charging station in a public place).

For 3: As long as there is a warning–or better, warnings–before approving the installation of non-App Store software, I would not be upset if Apple's response to me was to do a factory reset if I had a device that was affected by a malicious sideloaded app.

 

[svenmany]

Apple can't require people to buy a computer just to enable side loading.

 

[cnnyy20p]

They wouldn't. There are many advantages for Apple when they have total software control on their platform.
1. Profit obviously.
2. Safer selection of apps. I'm not saying it's 100% safe.
3. Ensures that iOS users are more willing to pay than other platform. There are already evidents showing iOS are likely to pay for apps and services than Android users even though the number of active iOS users are way less. As Android user have easier way to pirate stuffs.
4. This leads to higher quality apps since it's attracts better developers. I'm not saying low quality apps don't exist on App Store. But you can see that iOS has more high quality exclusive apps as a mobile platform. Like Bear, Ulysses, Photoshop, Pixelmator Photo, Affinity Photo, Focos, Spectre, ProCreate, GoodNotes, and more. (Even though I agree that enable side-load would lead to more developers create more capable apps for the platform. Because App Store payment model is so restrict for many developers to be substantial. Just like what happens on MacOS)
5. Leads to more users's satisfaction for the App Store ecosystem.

 

[boss.king]

If the currently easy sideloading system works on Macs, why is there so much malware on the platform?

Apple's Craig Federighi: Mac Not Meeting the Bar for Customer Protection

Apple software engineering chief Craig Federighi is testifying in the ongoing Apple v. Epic games trial this afternoon, providing details about...

www.macrumors.com

There isn’t. Believe it or not, Apple will sell the Mac down the river to defend the control they wield over their most profitable platform.

 

[Shirasaki]

So the numbering on Macrumors aint work the same way as Word huh.

1. The sideloading state should be a switchable state and should only be controlled by a switch that must be activated or disabled on a computer, Finder on Mac and iTunes on Windows.

On PC or Mac it is fine. Sideloading should only be tinkered with by power users and people who are literate enough to play around with computer software to deal with, not by your grandma or a 3-year-old kid.

1. When a user wants to enable the sideloading state, a factory reset should be required. The user will, then, be prompted for an iTunes or Finder backup. This is so the secure, walled state of the device is ensured in backups. Users, of course, could have the choice to restore those same backups on devices with the sideloading state on.

Factory reset is too much. Such deterrence would lead to DOA of sideloading. No doubt.

1. AppleCare(+) coverage and support should be limited unless the sideloading state is turned off, again through a Windows PC or Mac, requiring another factory reset. A factory reset on-device when the sideloading state is on would turn it off.

While yes, it is really up to Apple to determine if sideloading warrants a total denial of service. Even so, assuming Apple has that rule applied, it will either mean more lawsuits or DOA of sideloading.

1. Backups are disabled when the sideloading state is enabled. Again, this is to ensure users ONLY have secure backups of their data.

That's way too punishing. Somehow people enjoying sideloading are being discriminated to have no backup of the system and their data? Not to mention we still can only trust Apple saying our backups are secure (being encrypted =/= secure).

1. Certain iCloud and secure iPhone functionality could be disabled for security (like iCloud Keychain and the like, if Apple (who has actual security knowledge of these things) determines it is a risk).

This could easily lead to overreach and DOA of sideloading. Imagine Apple decides to disable iCloud entirely if user wants to do sideloading. DOA for sure.

1. As always, when users sideload an app, there should be a prompt warning the users of the possible risks.

Warning should always be there, no doubt.

These "deterrence" tbh are rather disruptive and much more punishing than they should've been. Going this length is the same as practically killing sideloading from the get go. I don't want to see the same sad state of iOS app on Mac situation again. (Before people "correct" me, just try to run ANY popular lootbox-based games on your Mac, or really most iOS apps nowadays. It just won't work)

 

[Arendellecita]

1. I think we can take it forward even more, that the activation process can ONLY be performed on MacOS and must have the same AppleID signed in;

2. This is truly genius thinking, factory reset is a must;

3. Undoubtedly, software-wise support should not be available to users who switched to Sideloading state.

4/5. The entire iCloud should be switched to a very limited state. Providing only basic functions.

6. Not only should users be warned when Sideloading an application, but also each time the sideloaded app is opened, an authorization will be required. After the sideloaded app is closed, its data will be cleared.

 

[svenmany]

It's safe to say that if the government legislates that Apple must permit a user to side-load applications, it will not tolerate any solution that requires some users to make an extra financial investment of $1000 or more to exercise that permission. Requiring a computer is a complete dead end for any imagined solution to making side loading safer.

Sideloading brings great choice for the user and by itself is a positive thing

Is it really ethical to only provide this positive thing to people who can afford it? No, it's not.

Or, are you suggesting that everyone who has an iPhone already has a computer? That's completely false.

 

[turbineseaplane]

These "deterrence" tbh are rather disruptive and much more punishing than they should've been. Going this length is the same as practically killing sideloading from the get go.

Beautifully said

 

[turbineseaplane]

4/5. The entire iCloud should be switched to a very limited state. Providing only basic functions.

Why?

What if you're a paying iCloud user?
Simply to be penal?

Why only "basic" functions?

 

[turbineseaplane]

1. I think we can take it forward even more, that the activation process can ONLY be performed on MacOS and must have the same AppleID signed in;

That's ridiculous

Apple supports Windows users with syncing, data access (wired), iCloud and Bootcamp drivers as well as Apple Music and Apple TV+ being all over the place.

They are not a "Mac centric" company in the way you are implying here.

 

[turbineseaplane]

2. This is truly genius thinking, factory reset is a must;

It's not genius thinking at all -- it's incredibly penal for no legitimate reason.

 

[ASentientBot]

This post is due as a response to recent developments of Apple possibly being forced to allow sideloading.

Sideloading brings great choice for the user and by itself is a positive thing, but I understand all the privacy and security concerns around it. I've used Android for quite a while and just recently switched back, and the problem on the platform is not that sideloading is a choice (that's a positive thing), but rather an easy choice that is easily accessible.

I have several relatives that have sideloading clones of apps on their devices (mind you, they have little to no knowledge of technology) that obviously pose security and privacy risks, because sideloading on Android is too easy (yes, even though the system responsibly warns them of the risks).

That's why I feel Apple has the opportunity to do sideloading right, and yes, that would mean making it harder to do so than in competing platforms, to deter people who are not knowledgeable enough to understand the real disadvantages of sideloading to do so, and to prevent Apple issues in the support stage (both hardware and software).

This is how I can imagine it they should do it:

1. The sideloading state should be a switchable state and should only be controlled by a switch that must be activated or disabled on a computer, Finder on Mac and iTunes on Windows.
2. When a user wants to enable the sideloading state, a factory reset should be required. The user will, then, be prompted for an iTunes or Finder backup. This is so the secure, walled state of the device is ensured in backups. Users, of course, could have the choice to restore those same backups on devices with the sideloading state on.
3. AppleCare(+) coverage and support should be limited unless the sideloading state is turned off, again through a Windows PC or Mac, requiring another factory reset. A factory reset on-device when the sideloading state is on would turn it off.
4. Backups are disabled when the sideloading state is enabled. Again, this is to ensure users ONLY have secure backups of their data.
5. Certain iCloud and secure iPhone functionality could be disabled for security (like iCloud Keychain and the like, if Apple (who has actual security knowledge of these things) determines it is a risk).
6. As always, when users sideload an app, there should be a prompt warning the users of the possible risks.

I feel like this would be a compromise for both philosophies. What do you think?

Interesting and well stated suggestions, though I don't agree with most.

The purpose should be to make users understand their choice, not punish them for it. A toggle with sufficiently scary warning and a passcode entry should do the job. Requiring a computer (not a Mac) might be reasonable, disabling arbitrary features or forcing a factory reset is certainly not.

Even with jailbreaking (i.e. control of the kernel, which is considerably more dangerous than sideloading unprivileged apps), I've seen zero cases of hardware damage, so I don't think there's a good argument for cancelling AppleCare. Limiting support for software issues would be fine.

I wouldn't have a problem with Apple limiting iCloud features for sideloaded apps; it's their service and devs not willing to pay for it can implement their own equivalent. Killing iCloud system-wide is extreme.

Some additional possibilities I thought of that seem fair:

• An API for third-party developers to check the sideloading state, like how many banking apps implement jailbreak detection. Or, a toggle when uploading to the App Store to only allow your app on "locked" phones. Let devs weigh the risks/benefits themselves.
• A mechanism to reduce piracy, e.g. block the sideloading of apps whose hash matches one on the App Store. (This would not sit well with me from a privacy standpoint, but I could see developers being in favor.)
• Periodic (not too frequent) prompts reminding users of the potential security risks.

I have no doubt that Apple could make sideloading quite safe, if they wanted to...

 

[turbineseaplane]

Interesting and well stated suggestions, though I don't agree with most.

The purpose should be to make users understand their choice, not punish them for it. A toggle with sufficiently scary warning and a passcode entry should do the job. Requiring a computer (not a Mac) might be reasonable, disabling arbitrary features or forcing a factory reset is certainly not.

Even with jailbreaking (i.e. control of the kernel, which is considerably more dangerous than sideloading unprivileged apps), I've seen zero cases of hardware damage, so I don't think there's a good argument for cancelling AppleCare. Limiting support for software issues would be fine.

I wouldn't have a problem with Apple limiting iCloud features for sideloaded apps; it's their service and devs not willing to pay for it can implement their own equivalent. Killing iCloud system-wide is extreme.

Some additional possibilities I thought of that seem fair:

• An API for third-party developers to check the sideloading state, like how many banking apps implement jailbreak detection. Or, a toggle when uploading to the App Store to only allow your app on "locked" phones. Let devs weigh the risks/benefits themselves.
• A mechanism to reduce piracy, e.g. block the sideloading of apps whose hash matches one on the App Store. (This would not sit well with me from a privacy standpoint, but I could see developers being in favor.)
• Periodic (not too frequent) prompts reminding users of the potential security risks.

I have no doubt that Apple could make sideloading quite safe, if they wanted to...

Phenomenal post. Great and very reasonable takes all the way around.

Can we put you in charge of this?

 

[turbineseaplane]

The purpose should be to make users understand their choice, not punish them for it.

This is the key point that should be the guiding principle when crafting the implementation.

Somebody wanting to exercise choice isn’t doing anything “wrong”, nor is it Apples right to go out of their way to, as you say, “punish them for it”

 

[Shirasaki]

It's safe to say that if the government legislates that Apple must permit a user to side-load applications, it will not tolerate any solution that requires some users to make an extra financial investment of $1000 or more to exercise that permission. Requiring a computer is a complete dead end for any imagined solution to making side loading safer.



Is it really ethical to only provide this positive thing to people who can afford it? No, it's not.

Or, are you suggesting that everyone who has an iPhone already has a computer? That's completely false.

Requiring a computer is the bare minimum nowadays to enable sideloading imo. If someone is so fond of using iPhone iPad without even touching a computer, I seriously doubt sideloading is among their radar.

 

[turbineseaplane]

Requiring a computer is the bare minimum nowadays to enable sideloading imo. If someone is so fond of using iPhone iPad without even touching a computer, I seriously doubt sideloading is among their radar.

I don't know - it seems like a penal choice for no real reason.
I'm not in favor of that.

People shouldn't get penalized for wanting to take advantage of a feature of their device.

Scary warnings, confirmations, all that I'm fine with -- but if you can flat out erase and reset your entire phone with just the phone itself, you should be able to toggle side loading on device also (IMO)

 

[Shirasaki]

1. I think we can take it forward even more, that the activation process can ONLY be performed on MacOS and must have the same AppleID signed in;

2. This is truly genius thinking, factory reset is a must;

3. Undoubtedly, software-wise support should not be available to users who switched to Sideloading state.

4/5. The entire iCloud should be switched to a very limited state. Providing only basic functions.

6. Not only should users be warned when Sideloading an application, but also each time the sideloaded app is opened, an authorization will be required. After the sideloaded app is closed, its data will be cleared.

Might as well provide a fake switch that does nothing just to please regulators temporarily and drag out implementation indefinitely then. Basically remaining status quo.

With so many caveats, even tech savvy won’t be bothered to Touch It. Essentially killing sideloading from the get go.

 

[Shirasaki]

I don't know - it seems like a penal choice for no real reason.
I'm not in favor of that.

People shouldn't get penalized for wanting to take advantage of a feature of their device.

Scary warnings, confirmations, all that I'm fine with -- but if you can flat out erase and reset your entire phone with just the phone itself, you should be able to toggle side loading on device also (IMO)

But one must say, this is one of the least disruptive methods that could be in place to enable/disable sideloading. Mind you that wifi sync enabling requiring the connection of a computer and so far it has been turned off by default.