Alongside a 16-page essay on why App Store protections are good and sideloading is bad, and lobbying calls to Congress by Apple CEO Tim Cook, the company’s head of user privacy is also arguing its case in a Fast Company interview.
While those in favor of third-party app stores for iOS apps argue that they would offer users and developers alike greater choice, Eric Neuenschwander suggests the exact opposite is true …
Neuenschwander spoke to Fast Company’s Michael Grothaus.
“Sideloading in this case is actually eliminating choice,” he says. “Users who want that direct access to applications without any kind of review have sideloading today on other platforms. The iOS platform is the one where users understand that they can’t be tricked or duped into some dark alley or side road where they’re going to end up with a sideloaded app, even if they didn’t intend to” […]
Even with the App Store’s security measures in place, malware does sneak onto iPhones. But Neuenschwander contends that its quantity “would be obviously much higher” if Apple opened the iPhone to sideloading. Why? Because right now there are two security checks that protect users from malicious apps.
The first is Apple’s developer policies and processes, which regulate what an app can and cannot do. Apple can check whether a developer is following these policies, because a human reviews every app submitted to the App Store. And by the very act of uploading an app to the App Store, that app is also scanned for all known malware, protecting users from nefarious apps even more.
The second security check is the users themselves. Because Apple requires developers to ask the user for permission in a universal way before it can access such features as an iPhone’s microphone or camera, a user can identify if something shady is going on inside the app.
Of course, iOS users who want Apple’s protections would still be free to stick to the official App Store, but Neuenschwander argues that they could be duped into sideloading apps without realizing it.
“Even users who intend—they’ve consciously thought themselves that they are only going to download apps from the App Store—well, the attackers know this, so they’re going to try to convince that user that they’re downloading an app from the App Store even when that’s not happening,” Neuenschwander says. “Really, you have to think very creatively, very expansively as an attacker would trying to go after so many users with such rich data on their device. And so users will be attacked regardless of whether or not they intend to navigate app stores other than Apple’s.”
Neuenschwander offers some weak arguments about why, if all this is true, the company doesn’t take the same approach to the Mac. There are more iPhones than Macs. We carry iPhones around more than Macs. We install fewer apps on Macs than iPhones. None of which addresses the question: Apple is simply stuck with defending a contradictory position here.
We can probably expect some more mainstream media interviews on the same topic – Apple is clearly on a PR blitz here.