If Athens cries, Sparta does not laugh. Apple in recent years has grown tremendously and has encountered a number of lawsuits (the best known case is that of Epic Games), antitrust investigations and regulatory bodies, bills to change radically some of the fundamentals of the company’s business model, starting with the App Store, which is the only way for developers to sell apps on iPhone and the only way for iPhone owners to install them.
But the company claims that opening the iPhone to other ways of loading apps (such as sideloading) would only lead to a disaster in terms of security, privacy, and overall user trust. To better understand what he means, he published a report of about thirty pages which casts a decidedly dark shadow on the state of security in the competitor’s platform, namely Android.
The reasoning is simple: customer trust is difficult to gain, but it takes very little to lose it. And the company fears that opening the iPhone to other stores or alternative methods not only leads to the collapse of the security of the platform, but destroy this very trustworthy heritage. As for Android, at least according to the information collected by Apple, the numbers speak for themselves: in the last 4 years, Google’s operating system would have had 15 to 47 times more infections from malware and spyware due to the fact that it is a platform that allows for sideloading. According to Enisa, a European regulatory agency, there are 230,000 new malware infections per day on Android, while security expert Kaspersky Lab (also according to Apple) has recorded nearly 6 million attacks per month on customers’ Android phones.
2% of apps on the App Store contain some scam. And the other platforms aren’t faring better
by Simone Cosimi
Apple defends itself by attacking Android
The cost of this systemic insecurity of the Android platform, reads the report drawn up by Apple, is high: 2.94 billion euros to clean up compromised phones and for the damage caused by security incidents. From 2016 to 2021, the number of Android phones that have an antivirus or other protection system installed has increased 4 times, reaching 1.3 billion sets. The average cost per company of an attack in the US is $ 10,000, and out of a sample of 1,800 companies, 46% had problems with infectious apps. The damage emerging from insecurity is quantified with painstaking precision: from data theft (which cost an average of $ 4 million in damage to affected companies) to ransomware ($ 750,000 per incident). In report the loss of profits for companies is also counted: 1.5 million dollars in damages for lost business to be concluded (out of the 4 million total damages) for data theft.
There are 4 types of insecurities which, according to Apple, those who use an iPhone would face if the company were to comply with requests to open the platform. Steve Jobs himself said he wanted a closed system for greater user protection and to ensure better functioning from a technical point of view, and this resulted in the substantial absence of adware (advertising apps that use aggressive or fraudulent approaches) , ransomware (apps that blackmail the user after locking his phone, asking for a ransom), spyware for consumers (apps that intercept phone information and resell it online) and real ones trojan, that is, apps that pretend to be something else (a fake home banking app) and instead steal credentials and money.
There are numerous troubling stories of what can happen if digital tools are used without the proper culture and precautions: give it stalkware (apps that continuously spy on the user and that can be installed by particularly jealous partners) to app copycat, who pretend to be alternative versions of games or social apps and instead steal information.
Apple believes that these types of apps and various other types of attacks (from website spoofing to scareware, but to phishing and fake system updates) can become a problem not only for users who love sideloading a hypothetical future iPhone, but also for those who want to stick to the use of the original Store only. The technological solutions of a phone that allows the use of multiple stores definitively breaks the protective shell that gives security to Apple’s mobile platform.
Attack on the walled garden: why Apple doesn’t want alternative app stores on the iPhone
by Andrea Nepori
Once upon a time there was jailbreak
The risk of opening the iPhone would then affect the entire ecosystem, according to Apple. Currently 98% of the malware is directed towards Android terminals precisely because it is almost impossible to download apps that have not been verified by Apple to be sure that they do not contain viruses or are not malicious. Despite this, hackers have found ways to sideload, albeit in a rather laborious and limited way. The fashion of the jailbreak has passed, which broke the protection of the first iPhones and allowed you to load apps from alternative stores: now you use the certificates for the stolen developers (or obtained in violation of the agreements required by Apple) and offer the direct download of the app as it happens for i small groups of testers during the development of an app or as it happens in the distribution of internal apps by companies. Marginal solutions, which do not have a significant impact, but which would clearly suggest that the impact of sideloading on the Apple ecosystem would be very strong.
As a final piece of evidence, Apple has collected some statements related to Android, which explain how that platform should be made more closed, rather than the iPhone more open: Europol recommends installing apps on Android only from the Google Play Store, the European Cybersecurity Agency does the same, while the US Homeland Security Department says that “users should avoid (and companies prohibit it on their phones) from sideloading apps and using unauthorized app stores”. In short, to put it in the words of Norton Security, “one way to minimize the danger of third-party app stores is to avoid them completely”.