Apple software director Craig Federighi: sideloading is a cybercriminal’s best friend

At the end of the line : On the second day of the 2021 Web Summit, Apple’s head of software engineering, Craig Federighi, took the stage for a 10-minute talk focusing on iOS security and the risks of side-loading on the platform. Apple mobile. While praising the malware situation on iOS, Federighi noted that rival platforms were subject to a much higher number of malware attacks and called “offloading” as the main reason for the problem. problem.

Apple’s refusal to allow iOS apps from any source other than the official App Store has been a subject of debate for many years. While hardcore fans on either side of the fence have been indulging in it for quite some time now, we saw Tim Cook earlier this year noting how sideloading was the main reason Android had 47 times the software. malicious than iOS.

Unsurprisingly, Craig Federighi shared the same point of view at the 2021 Web Summit, where he called sideloading “cybercriminals’ best friend.” He also cited government agencies, including Europol, which advise users to install apps only from official app stores. It’s an interesting snippet shared by Apple at a time when the company was found to be in violation of EU competition rules and would also be required to allow iPhone sideloading under the proposed law on the digital markets (DMA) of the EU.

Proceed at 7:32:00 for Federighi’s speech

Craig noted that sideloading on iOS would compromise iPhone security in the name of giving users more choice, taking away the choice of a more secure platform. He also gave an analogy of a safe house fitted with a security system to keep burglars at bay, while some neighbors suffered repeated break-ins due to inadequate protection. Passing the DMA bill, Federighi noted, would force all homes to build “an always unlocked side door” for optimized package delivery.

Addressing the argument of letting people decide for themselves whether they want sideloading, Federighi said that despite people’s intentions, they can still be tricked into running malicious apps. He then shared an example of Android (of course), which included ransomware disguised as a COVID-19 tracking app and apps downloaded from the official Play Store that tricked users into installing a fake version of the store.

Whether the EU’s DMA bill will be passed remains to be seen, but opponents of Apple’s position, including a number of developers and consumers, view the company’s policies as highly monopolistic.

Sideloading on iOS would ultimately bypass Apple’s security controls and threaten its 30% development costs which amount to billions of dollars each year. There have been some developments on this front in the Apple v Epic lawsuit, where Apple was forced to allow links to external payment systems, a decision it recently appealed.