Federighi is sent at ease to the Web Summit 2021

During this week it is celebrated the Web Summit 2021 in Lisbon, Portugal. Apple’s senior vice president of software, Craig Federighi, came to give a talk on iOS security. And in it, the ability to decentralize app distribution on the iPhone has been shipped comfortable against sideloading.

Sideloading as a culprit for malware on other platforms

The only reason [del reducido número de ataques en iOS] is that the rest of the platforms allow side loading. On the iPhone, sideloading would mean downloading software directly from the open Internet or from a third-party store, bypassing App Store protections.

We talked about the pillars that protect customers on the iPhone. With side loading, these successive protections are canceled. There is no human review of apps and no single distribution point for apps downloaded via sideloading. The floodgates are open to malware attacks. And we’re not the only ones who think it’s risky.

In less than 15 minutes, Craig Federighi outlined Apple’s reasons against sideloading. It’s a similar argument to the one we saw last month in Apple’s attack on sideloading risks, which was pretty forceful. The reason for this conference is the Digital Markets Act, the legislation presented in the European Union in December 2020.

In one of its sections, the European Union wants to force manufacturers to allow downloading and installing apps from sources other than that designated by the platform owner. While Android already allows it (generating considerable risks according to Federighi), iOS remains centralized in the App Store. Apple wants it to stay that way for security reasons.

And that’s why, again published various data and arguments of third parties related to this practice of distributing applications. Between them:

• One company detected 5 million attacks on customers on “another” mobile platform in just one month.
• Europol assures us that “we should only install applications from official stores”.
• The US Department of Homeland Security recommends that “users (and businesses prohibit their devices) from downloading apps and using unauthorized app stores.”

Federighi praises the goal of DMA, which is to promote competition and provide more options for users. But criticize this on behalf of “Giving more options to the user, this provision would remove the choice of a more secure and private device”. In other words, it is legislation that would cause precisely the dangers from which it claims to protect the citizen.

It doesn’t matter if you don’t use side loading

Apple’s senior vice president of software continues to criticize these measures with examples of what could happen. Among them is the argument that we should ‘let people choose whether or not to offload themselves, let them judge the risks and decide for themselves’. Yes indeed, shows a seemingly official app which allows to follow the evolution of COVID.

In reality, this Android app has not helped the health conscious people. Rather, it was “a vehicle for malware.” Not a good experience for someone looking to protect themselves and their family.

On another occasion, he mentions how security experts they detected up to 27 malicious apps that mimicked the official Google Play Store from Android. Instead, they opened the door to waves of adware. Federighi goes on to talk about the rest of the measures that protect our privacy, measures that arise from the evaluation of each application that would be absent from sideloading applications.

In short, even if a user is smart enough to detect Everybody fraud, this does not mean that their children, partner, parents or grandparents are also. Allowing sideloading would lead to enormous insecurity among these types of users, forever breaking trust in a secure and private app distribution. The next time they went to download an app, they’d be wondering, “Is this a real app or will my data be stolen?” “

You can see Federighi’s talk below connect, from 7 hours 31 minutes.