Reading the comments from that article is a prime example of how a cult functions.
In reality this will have a 0,002% impact. Most phone users are tech-illiterate and have no idea how to use their devices. You expect these people to go to a different store?
On Android you can have other app stores, why don’t you have? Because Play Store is default and all app developers want to be where most users are, not on a 3-4% user share store.
It will most likely be background noise in the first months and everyone will go back to the App Store. The only people that will use an alternate store will most likely be the same ones that use F-droid, so 0,002% of the users.
But hey, it’s better to scream how this whole thing is making their devices less secure, because Apple told them so.
It’s always about the minority.
Just because something fits 99% should not mean this is the only thing in existence, when other ways do not disturb.
And one not fulfilled minority there, one not fulfilled there and soon we realise that almost everyone fit in some unfulfilled minority that is not dealed with.
Many Android manufacturers actually have either their own store, or an app that acts as an interface to the Google Play Store. These are installed by default, and subtly pushed over the vanilla Play Store. So I’m guessing millions of users do end up using them.
I think that’s exactly the problem. The real user benefit will be very small, but in order to enable those changes, functionality will be implemented on everyone’s phones to support sideloading. In my eyes, this increseas the attack surface against iPhones. Time and time again alt stores have been used to distribute fake apps and malware on Android, and the victims are often those users who haven’t asked for sideloading and are unlikely to use it intentionally.
Yes, maybe this will enable an F-droid equivalent on iPhone and it will be great to have direct access to open-source apps. But is this niche addition worth potentially reducing the security of all iPhones? I’m not convinced.
Time and time again alt stores have been used to distribute fake apps and malware on Android, and the victims are often those users who haven’t asked for sideloading and are unlikely to use it intentionally.
Can you offer any evidence to back up either of these claims?
This is just my gut feeling. It is based on not knowing anyone IRL that has willingly installed an Android app from outside the Play Store, but actually knowing people that avoid it because of the potential security implications.
You have to remember that the vast majority of smartphone users are not power users, and not the people who hang out on these forums. While something may look attractive in small circles like these, there are many other factors to consider when targetting the entire userbase.
Your third link actually discredits your point. The Play store is the “main”/1st party app store for Android devices and the article says how it’s the biggest distributer of malware over 3rd party app stores
But here’s the thing - side loading, even on android, is an opt-in feature. The user has to actively go out of their way to sideload an app. Even if an app tries to do it behind your back, you must first enable its ability to do so.
Yes, this doesn’t exist when ADB is involved, but in that case you have to go out of your way to enable USB debugging (and be stupid enough to plug your phone into someone else’s computer). The vast majority of iPhones will never have sideloading enabled by their users. The EU isn’t grabbing their balls and saying that all users must have it enabled by default, otherwise they’d be going after Android too.
Sure, I get that. The issue is that as soon as you introduce the ability to install apps from outside the App Store, it becomes possible to trick unsuspecting users into clicking buttons they don’t understand. By designing a web page to look like an actual Apple page, a malicious party could convince users to “opt in” to outside sources, in a similar way in which phishing websites harvest users’ online banking credentials. Currently, this kind of attack is entirely impossible on iPhone.
Doesn’t this argument essentially boil down to “people are stupid and we should take away their freedoms to protect them from themselves”? I’m not going to say that most people would make use of being able to install 3rd party apps, or even that it won’t give malware more chances to get people. But people can get themselves hurt or compromise their electronic security in any number of ways taking away people’s choices until they can’t make bad decisions anymore just doesn’t seem worth it to me
Sure, but at that point we’re getting into the weeds of fake webpages, which really isn’t anything apple could control anyway. Nothing’s to say that if sideloading didn’t exist, that page wouldn’t just direct them to a form to fill out your banking information. All it does is change the method. Apple could simply maintain a hash database of files that are known as dangerous and package it into a built-in AV for iOS (like most OSes do)
Nothing’s also to say that the page wouldn’t just abuse one of the hundreds of vulnerabilities that currently exist in WebKit currently.
For your average user, they’re probably only visiting legit sites on that browser anyway. My grandparents both have Android phones and to my knowledge have never been “tricked” into installing an APK. I can probably say the same for the vast majority of people.
I believe the benefits outweigh the costs here. Apple loses their grip on the walled garden which is punishing for developers and makes Apple judge, jury and executionor on not only what apps can run on iOS, but also how much developers have to give up to Apple (they could up their cut to 90% at anytime and currently developers can’t do shit about it).
Reading the comments from that article is a prime example of how a cult functions.
In reality this will have a 0,002% impact. Most phone users are tech-illiterate and have no idea how to use their devices. You expect these people to go to a different store? On Android you can have other app stores, why don’t you have? Because Play Store is default and all app developers want to be where most users are, not on a 3-4% user share store.
It will most likely be background noise in the first months and everyone will go back to the App Store. The only people that will use an alternate store will most likely be the same ones that use F-droid, so 0,002% of the users.
But hey, it’s better to scream how this whole thing is making their devices less secure, because Apple told them so.
It’s always about the minority. Just because something fits 99% should not mean this is the only thing in existence, when other ways do not disturb. And one not fulfilled minority there, one not fulfilled there and soon we realise that almost everyone fit in some unfulfilled minority that is not dealed with.
Many Android manufacturers actually have either their own store, or an app that acts as an interface to the Google Play Store. These are installed by default, and subtly pushed over the vanilla Play Store. So I’m guessing millions of users do end up using them.
I think that’s exactly the problem. The real user benefit will be very small, but in order to enable those changes, functionality will be implemented on everyone’s phones to support sideloading. In my eyes, this increseas the attack surface against iPhones. Time and time again alt stores have been used to distribute fake apps and malware on Android, and the victims are often those users who haven’t asked for sideloading and are unlikely to use it intentionally.
Yes, maybe this will enable an F-droid equivalent on iPhone and it will be great to have direct access to open-source apps. But is this niche addition worth potentially reducing the security of all iPhones? I’m not convinced.
Can you offer any evidence to back up either of these claims?
On malware being distributed through alternate stores, yes. For example:
This is just my gut feeling. It is based on not knowing anyone IRL that has willingly installed an Android app from outside the Play Store, but actually knowing people that avoid it because of the potential security implications.
You have to remember that the vast majority of smartphone users are not power users, and not the people who hang out on these forums. While something may look attractive in small circles like these, there are many other factors to consider when targetting the entire userbase.
Your third link actually discredits your point. The Play store is the “main”/1st party app store for Android devices and the article says how it’s the biggest distributer of malware over 3rd party app stores
But here’s the thing - side loading, even on android, is an opt-in feature. The user has to actively go out of their way to sideload an app. Even if an app tries to do it behind your back, you must first enable its ability to do so.
Yes, this doesn’t exist when ADB is involved, but in that case you have to go out of your way to enable USB debugging (and be stupid enough to plug your phone into someone else’s computer). The vast majority of iPhones will never have sideloading enabled by their users. The EU isn’t grabbing their balls and saying that all users must have it enabled by default, otherwise they’d be going after Android too.
Sure, I get that. The issue is that as soon as you introduce the ability to install apps from outside the App Store, it becomes possible to trick unsuspecting users into clicking buttons they don’t understand. By designing a web page to look like an actual Apple page, a malicious party could convince users to “opt in” to outside sources, in a similar way in which phishing websites harvest users’ online banking credentials. Currently, this kind of attack is entirely impossible on iPhone.
Doesn’t this argument essentially boil down to “people are stupid and we should take away their freedoms to protect them from themselves”? I’m not going to say that most people would make use of being able to install 3rd party apps, or even that it won’t give malware more chances to get people. But people can get themselves hurt or compromise their electronic security in any number of ways taking away people’s choices until they can’t make bad decisions anymore just doesn’t seem worth it to me
Sure, but at that point we’re getting into the weeds of fake webpages, which really isn’t anything apple could control anyway. Nothing’s to say that if sideloading didn’t exist, that page wouldn’t just direct them to a form to fill out your banking information. All it does is change the method. Apple could simply maintain a hash database of files that are known as dangerous and package it into a built-in AV for iOS (like most OSes do)
Nothing’s also to say that the page wouldn’t just abuse one of the hundreds of vulnerabilities that currently exist in WebKit currently.
For your average user, they’re probably only visiting legit sites on that browser anyway. My grandparents both have Android phones and to my knowledge have never been “tricked” into installing an APK. I can probably say the same for the vast majority of people.
I believe the benefits outweigh the costs here. Apple loses their grip on the walled garden which is punishing for developers and makes Apple judge, jury and executionor on not only what apps can run on iOS, but also how much developers have to give up to Apple (they could up their cut to 90% at anytime and currently developers can’t do shit about it).