Tim Cook Delivers Speech Emphasizing Apple's Opposition to Sideloading

[Naraxus]

Tim Cook is such a hypocritical scumbag.

Privacy, "most essential battle of our times"....

Except if you are:

1. Russian
2. Chinese
3. Uyghur

Then it's "Abiding by all laws in countries we do business in"......

I would have LOVED to have been there to ask if privacy is as essential as he claims it is then why did his company try and slip spyware into its os.

 

[Iconoclysm]

So what you’re saying is that Apple should get the benefit of the doubt for future plans, even though at the moment their privacy efforts don’t actually do anything? Seems like a weird amount of trust to put into a corporation.

Don't actually do anything? Come on...ANYTHING?

 

[Iconoclysm]

Tim Cook is such a hypocritical scumbag.

Privacy, "most essential battle of our times"....

Except if you are:

1. Russian
2. Chinese
3. Uyghur

Then it's "Abiding by all laws in countries we do business in"......

Isn't that simply "Privacy to the extent allowed in the country"? I'm sure there's some nuance here but your obvious bias towards the guy would hide that. Are you expecting Tim Cook to lead a revolution in China and Russia?

 

[boss.king]

Don't actually do anything? Come on...ANYTHING?

What do they do? If I ask an app not to track me, that doesn’t stop an app from being able to track me. So yeah, it doesn’t currently do anything.

 

[SpotOnT]

If Apple is refusing encryption, how could they hold a master key? iCloud traffic is end to end encrypted and data is stored encrypted. Am I missing something?

Most user data uploaded to iCloud (Contacts, Calendars, etc) live on Apple servers in an encrypted state, but Apple maintains the decryption key and can turn over that information in an unencrypted form to anyone they want (or are legally required to).

For your reference:

iCloud data security overview - Apple Support

iCloud uses strong security methods, employs strict policies to protect your information, and leads the industry in using privacy-preserving security technologies like end-to-end encryption for your data.

support.apple.com

 

[usagora]

The iPhone is one of the highest volume general purpose computers in the world.....that users can spend up to $2000 to own.... not lease, not borrow, but own.... we should have the right to use it how we see fit, whether within the Apple controlled garden or however else we would want to use a general purpose computer.

You only own the physical device. You don't own the OS that runs on it; you're licensing it and by doing so are bound by the licensing agreement that you agree to when setting up your iPhone. So, no, you don't have the right to do what you want with the OS.

 

[jonblatho]

If Apple is refusing encryption, how could they hold a master key? iCloud traffic is end to end encrypted and data is stored encrypted. Am I missing something?

Encrypted in transit, encrypted at rest, and end-to-end encrypted are all different things. Everything iCloud is encrypted in transit, meaning that others on your network and your ISP can’t snoop on exactly what is being transmitted. Everything iCloud except Mail is encrypted at rest, which means that only those with the key(s) to decrypt the data can access it. Only some iCloud data (iCloud Keychain, Health, Safari, Screen Time and some other minor stuff) is end-to-end encrypted, meaning that only your devices, not Apple, hold the keys to decrypt the data.

iCloud Backup, for example, is encrypted in transit and at rest, but not end-to-end encrypted. That means that Apple holds the key to decrypt your iCloud backups and turn over the data should they receive valid legal process to that effect. That’s particularly tricky for Messages in iCloud, which Apple claims is end-to-end encrypted, but iCloud Backup includes the iMessage encryption key, which in turn can decrypt the Messages in iCloud database. So, for truly end-to-end encrypted Messages in iCloud, you must disable iCloud Backup. Fun stuff.

 

[danakin]

Tim Cook is a liar and a greedy capitalist. He's no different than Donald Trump, whom he seems to despise.

The award for "Least Nuanced Post of 2022 goes to BGPL" - close the balloting.

No doubt Tim Cook is sanctimonious, capitalistic, and cloying. I find him and most Apple executives difficult to listen to because, to me, they speak down to their customer's intellect. That's my $0.02.

He's also steered the company to unprecedented heights. How that was achieved is subject to perspective and opinion. The shareholders aren't complaining though.

To suggest he's no different from Donald Trump is, frankly, a ridiculous statement. No matter whether you love Trump and hate Cook, love Cook and hate Trump, like both, or hate both, they are not the same. Any scrutiny of their actions and beliefs reveals this.

 

[PandaPunch]

It would be cool if Apple finally allowed for sideloading, even though I personally would gain very little from it myself.

 

[SpotOnT]

Does Microsoft, Sony, or Nintendo allow Steam, Epic, GOG, etc. stores on their consoles? Apple is extremely hands on with their phone and their App Store, Google handles this the complete opposite way, being very hands off and providing a fraction of the support. Either way works, but being in between would be a nightmare

That is the funny part. The answer is no they don’t, but no one seems upset that you can’t sideload games on your Playstation or XBox.

I guess one solution for Apple - they could just copy Sony, Nintendo, Microsoft etc and require that all apps for iOS be submitted to them for approval and charge a “licensing fee” from developers. Then let the apps be sold anywhere anyone wants after they are approved and the fee has been paid.

 

[usagora]

I've not listened to the speech but can someone fill me in on how its different to "sideloading" on a mac instead of downloading from the Mac App Store?

It's different because there are far, FAR more iPhone users than Mac users, so the iOS platform would be a far more lucrative target for malicious app developers than macOS.

 

[mrat93]

I'll give you an example. On the early days of Cydia AT&T had a restriction on Tethering. An app develop (or several actually) developed an app that tricked the OS into allowing Tethering on AT&T data plans.

Another example, Apple's in-app purchase system. There was an app (or script/apk) in Cydia that spoofed a successful payment to the App Store and as such, you could actually gain in-app "premium" content without paying for it.

Hence, it is conceivable that an app can be written with a baked-in option to bypass "Do not Track". These two events are not theoretical, they actually happened and there is evidence.

Totally valid, but with those examples, the prerequisite is a full jailbreak, and well before “Do not track” was a thing.

Additionally, if there EXISTS a way to bypass “Do not track” — I’m pretty sure Apple has bug bounties for these sort of things. If somebody finds an vulnerability, it’s POSSIBLE that they could sell it to a third party or use it for harm, but it is probably best for many reasons (legal, ethical, career-building) that they disclose to Apple and receive a decent payout. Regardless, there ARE ways to do it, but I believe this is an example of Apple protecting their profits, rather than primarily being about security. Which, I get it, but tell it how it is.

 

[jav6454]

If you don’t trust an app or its developer, don’t install the app(s). If you’re too mindless to understand that concept, install it and find out what happens, I guess. Actions have consequences, just like on a big-kid computer. Not my problem.

I’m skeptical of the inevitable counterargument to this that apps will leave the App Store if they’re allowed to do so. I’m sure a handful will, but only those that can demonstrably benefit from entering the slim gray area of functionality that is permitted by the iOS sandbox but not by the App Store. But for big developers like Microsoft and Facebook? They won’t (can’t?) take the hit in users (and therefore money) that would occur as a result of the hoops Apple would likely require one to go through in order to enable the installation of non-App Store apps on their iOS device. Many users will either not bother or get scared off by what I’m sure will be multiple dialogs informing the user of the risks of enabling it.

Apparently, you have misread (to your convenience) what I stated. I never said I'm ignorant when it comes to downloading things. I said, I chose not to.

Like you stated, actions have consequences, and for the average person who is basic computer literate, this will be an issue as they can easily be fooled into downloading things. How many will blame the handset maker for this?

 

[npmacuser5]

I don't buy it. Sideloading on Android works just fine and hey, all major corps are still putting their apps in the PlayStore. I don't see a single reason why that should be different on iOS. Sideloading is a hassle for users, so the majority of users will stick with the AppStore therefore no "big" company is going to skip the store for a different solution.

Look at the Mac App Store to answer your comment…no "big" company is going to skip the store for a different solution. My private systems, application not in the App Store, very few exceptions to no sale rule. Includes the Mac.

 

[jav6454]

Totally valid, but with those examples, the prerequisite is a full jailbreak, and well before “Do not track” was a thing.

Additionally, if there EXISTS a way to bypass “Do not track” — I’m pretty sure Apple has bug bounties for these sort of things. If somebody finds an vulnerability, it’s POSSIBLE that they could sell it to a third party or use it for harm, but it is probably best for many reasons (legal, ethical, career-building) that they disclose to Apple and receive a decent payout. Regardless, there ARE ways to do it, but I believe this is an example of Apple protecting their profits, rather than primarily being about security. Which, I get it, but tell it how it is.

Jailbreak is another way of saying sideloading; it's just a fancy word for forcing in an alternate App Store. After all, Installer was the true first App Store. Apple can issue as many bounties as possible, but once you have the tools to disable the feature, there is nothing you can do. Look at the Israeli companies that develop software to bypass Apple's iOS lockdown features.

It's never a question of if, but when. In this case, sooner than expected given that the developer community has had the tools to do so for over 14 years (since 2008). They just haven't been allowed to.

 

[SpotOnT]

Tim Cook is such a hypocritical scumbag.

Privacy, "most essential battle of our times"....

Except if you are:

1. Russian
2. Chinese
3. Uyghur

Then it's "Abiding by all laws in countries we do business in"......

I would have LOVED to have been there to ask if privacy is as essential as he claims it is then why did his company try and slip spyware into its os.

Do you really want to live in a world where private companies exist above the law and can choose what legislation they want to follow?

You can make the argument that no company can morally operate in China (Apple is no longer in Russia), but I don’t think you can make the argument that it is moral for companies to operate above the law.

 

[citysnaps]

"By checking this box, I confirm that I understand that sideloading apps will reduce the privacy and security of my data, and Apple will not be responsible for any privacy leakage"

Sorted

Nope. That only protects Apple from harmed individuals who are looking to be made whole.

That's relatively mice nuts.

It will not protect Apple from damage its brand and public reputation will incur once loads of people start complaining about their phones being hacked/bricked and their data stolen and/or held for ransom from side loading nefarious apps.

 

[jonblatho]

Apparently, you have misread (to your convenience) what I stated. I never said I'm ignorant when it comes to downloading things. I said, I chose not to.

Like you stated, actions have consequences, and for the average person who is basic computer literate, this will be an issue as they can easily be fooled into downloading things. How many will blame the handset maker for this?

I meant that as a generic “you,” not you specifically. Apologies.

About as many as blame Apple for malware on macOS or Microsoft for malware on Windows, which is to say that it’ll be an afterthought.

Assuming apps are sandboxed, they can’t get away with much anyway. Unless, of course, they are exploiting a vulnerability to escape the sandbox, in which case that’s something Apple should fix anyway — it is entirely possible that app review wouldn’t catch it in the App Store either. App review is essentially only able to see what an app does just like you or I can. They don’t audit an app’s source code to actually make sure that it’s not doing anything it shouldn’t be doing. (Xcode does do a scan for private API usage as part of the app upload process, but that’s easily fooled and not the same thing as exploiting vulnerabilities.)

After all, how do you think Epic Games pulled off what it did with Fortnite’s non-Apple IAP system that kicked off its court case? That got through app review just fine…until Epic Games flipped a switch after the app had been released to the public.

 

[Mousse]

I guess one solution for Apple - they could just copy Sony, Nintendo, Microsoft etc and require that all apps for iOS be submitted to them for approval and charge a “licensing fee” from developers. Then let the apps be sold anywhere anyone wants after they are approved and the fee has been paid.

That leaves the door open for the homebrew apps. Lots of really good homebrew apps floating around for the Wii/3Ds. I had a few for my PSP back in the day. Good times, good times.

Like you stated, actions have consequences, and for the average person who is basic computer literate, this will be an issue as they can easily be fooled into downloading things.

A necessary sacrifice to improve the user base.? How many people had to earn Darwin awards before we taught our kids to look both way before crossing the street?? But companies don't like a smart consumer (Caveat emptor, y'all). They want use to accept whatever they put out and act as if it's the greatest thing ever.

 

[Wildkraut]

You only own the physical device. You don't own the OS that runs on it; you're licensing it and by doing so are bound by the licensing agreement that you agree to when setting up your iPhone. So, no, you don't have the right to do what you want with the OS.

Well, in this case the device is tied to the OS, which renders the device unusable if you don’t further accept the OS agreement updates. Also something i dislike and the EU law makers also. In my opinion it’s about time to forbid closed and tied hardware and enforce hardware specification openness so that alternative operating system can be developed. Just like with medical products, when you invent something new you you are fully entitled, but after 3-5 years it becomes open, that’s why there exist Aspirin alternatives.

 

[jav6454]

I meant that as a generic “you,” not you specifically. Apologies.

About as many as blame Apple for malware on macOS or Microsoft for malware on Windows, which is to say that it’ll be an afterthought.

Assuming apps are sandboxed, they can’t get away with much anyway. Unless, of course, they are exploiting a vulnerability to escape the sandbox, in which case that’s something Apple should fix anyway — it is entirely possible that app review wouldn’t catch it in the App Store either. App review is essentially only able to see what an app does just like you or I can. They don’t audit an app’s source code to actually make sure that it’s not doing anything it shouldn’t be doing. (Xcode does do a scan for private API usage as part of the app upload process, but that’s easily fooled and not the same thing as exploiting vulnerabilities.)

After all, how do you think Epic Games pulled off what it did with Fortnite’s non-Apple IAP system that kicked off its court case? That got through app review just fine…until Epic Games flipped a switch after the app had been released to the public.

In mobile phones? It won't be an afterthought, it'll be on the forefront given how more dependent people are on mobiles than a laptop.

In the Epic's case, they submitted an emergency bug-fix request to update the app and Apple accepted it as they were a "big trusted" developer. At least that's how the MacRumors article (and other sources) stated happened.

Yes, there is a degree of automation in code scanning, but as you stated, it can be fooled, just like a human can. But that is the nature of this cat and mouse game. The only difference is that with Apple there is a sense or semblance of control where as side-loaded apps can do as they please as there is no one watching or mediating them.

That control is what allowed Apple to pull the Fortnite when it was doing unauthorized dealings. Not to mention the iPhone app kill switch that as of today, Apple has never once used. An app in the wild that can be side loaded? Good luck stopping that. And yes, any app can break out of a sandbox, that's not even a question that should be asked.

 

[Nuno Lopes]

Apple CEO Tim Cook today delivered the keynote speech at the Global Privacy Summit in Washington D.C. The conference, hosted by the International Association of Privacy Professionals, is focused on international privacy and data protection.

Cook reflected on Apple's ongoing commitment to privacy, which the company has repeatedly described as a fundamental human right.

"The fight to protect privacy is not an easy one, but it is one of the most essential battles of our time," said Cook. "We at Apple are proud to stand alongside all those who are working to advance privacy rights around the world. As a company, we are profoundly inspired by what technology can make possible, but we know too that technology is neither inherently good, nor inherently bad. It is what we make of it. It is a mirror that reflects the ambitions of the people who use it, the people who build it, and the people who regulate it."

Cook highlighted Apple's privacy features that give users control over their data, like App Tracking Transparency, but said he is "deeply concerned" about proposed regulations that would diminish these features and expose users to privacy and security risks. In the European Union, for example, the proposed Digital Markets Act would require Apple to allow sideloading of apps on the iPhone outside of the App Store.

"Here in Washington and elsewhere, policymakers are taking steps in the name of competition that would force Apple to let apps onto iPhone that circumvent the App Store through a process called sideloading," said Cook. "That means data-hungry companies would be able to avoid our privacy rules and once again track our users against their will. It would also potentially give bad actors a way around the comprehensive security protections we have put in place, putting them in direct contact with our users."

Cook said that Apple believes in advancing regulations that do not undermine privacy protections in the process.

"If we are forced to let unvetted apps onto iPhone, the unintended consequences will be profound," warned Cook. "And when we see that, we feel an obligation to speak up and to ask policymakers to work with us to advance goals that I truly believe we share, without undermining privacy in the process."

Cook's speech was streamed live on YouTube and begins around the 14:05 mark of the video.

Cook and other senior Apple executives, such as software engineering chief Craig Federighi, have repeatedly expressed the company's opposition to regulations that would require sideloading and third-party app stores on the iPhone.

Article Link: Tim Cook Delivers Speech Emphasizing Apple's Opposition to Sideloading

A bunch of platitudes … everyone is a crook but us when it comes to privacy, danger danger … therefore give us control over all your devices and digital businesses. We are the next gen gov … Imagine this deep into the enterprises workstations, hospitals, schools, banks …. it Will never happen.

Just the thought that Apple is pushing for such an unilateral control while playing with peoples concerns if not fears over privacy gives me the chills.

They have a perfectly good approach with macOS. The concept of sideloading does not even a apply … totally foreign.

Here is the thing. If people treasure privacy and if sideloading is such a threat … people will decide themselves to disable it.

 

[jav6454]

[...]

A necessary sacrifice to improve the user base.? How many people had to earn Darwin awards before we taught our kids to look both way before crossing the street?? But companies don't like a smart consumer (Caveat emptor, y'all). They want use to accept whatever they put out and act as if it's the greatest thing ever.

That's true. I agree, but given that we have a way to help prevent that, should we really let that someone assume that risk because a few want an ability which is arguably reserved for the more tech educated?

 

[MrDerby01]

Does Microsoft, Sony, or Nintendo allow Steam, Epic, GOG, etc. stores on their consoles? Apple is extremely hands on with their phone and their App Store, Google handles this the complete opposite way, being very hands off and providing a fraction of the support. Either way works, but being in between would be a nightmare.

Umm, Yes. I'm really not understand this question. Each allow others on their consoles and Microsoft tragically(LOL) allows on their Windows 11.

 

[JM]

I'm pretty sure apps can still track you even if you ask them not to.

Yep. Just enable Privacy Report and feel your eyeballs spin.