Apple has shot back at EU draft rules that would force the company to allow its users to sideload iOS apps on their devices.
“If Apple were forced to support sideloading, more harmful apps would reach users because it would be easier for cybercriminals to target them – even if sideloading were limited to third-party app stores only,” claims Apple’s new report that presents a threat analysis of sideloading.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
The report comes in the backdrop of the EU’s antitrust investigation against Apple initiated at the behest of Spotify, for its apparent anti-competitive practice of forcing app developers to use its proprietary App Store for app installations and payments.
Can of worms
Speaking to TechRadar Pro, Ilia Kolochenko, founder of ImmuniWeb, and a member of Europol Data Protection Experts Network explains that “security by obscurity” is one of the main pillars of Apple’s mobile security model that actually works pretty well compared to Android.
Kolochenko argues that by closing its mobile ecosystem to any third parties, Apple does indeed prevent countless mobile attacks. That said, he agrees that critical vulnerabilities in iOS that allow remote code execution expose the platform to abuse, and there have been reports of malicious iOS apps also managing to bypass Apple Store’s multilayered controls and get installed by unwitting users.
“That being said, even if security by obscuring is clearly not a panacea, opening Apple’s ecosystem to third parties will, undoubtedly, bring a tenfold increase in malware targeting iOS devices and undermine Apple’s security model,” believes Kolochenko.
Just a distraction
The report cited figures from cybersecurity vendor Kaspersky, which showed that Android devices are affected by nearly six million attacks per month.
However, speaking to Reuters, Damien Geradin, lawyer for the Coalition for App Fairness, dismissed Apple’s arguments, saying that built-in security measures such as encrypted data and antivirus apps are responsible for securing the devices, and not Apple’s App Store.
He asserts that Apple is focusing on sideloading to step away from the real issue.
“What matters to us is the obligation imposed on developers whose apps sell digital goods and services to use Apple In-App payment system,” he told Reuters.