Following CEO Tim Cook’s statements, Apple has decided to publish a white paper that argues enforced sideloading of apps would make the platform and its users far less secure.
The company stated that it adheres to a strict control framework with measures that oversee apps in the App Store. In this document, Apple explained why it doesn’t want to give users the ability to sideload apps on iOS. These measures prevent malicious actors from publishing apps on the App Store and keep the platform safe for both users and developers. The company claims that if it were to allow sideloading of apps, it would “degrade the security of the iOS platform and expose users to series security risks not only on third-party app stores, but also on the App Store.”
Because of the large size of the iPhone user base and the sensitive data stored on their phones – photos, location data, health and financial information – allowing sideloading would spur a flood of new investment into attacks on the platform. Malicious actors would take advantage of the opportunity by devoting more resources to develop sophisticated attacks targeting iOS users, thereby expanding the set of weaponized exploits and attacks – often referred to as a “threat model” – that all users need to be safeguarded against. This increased risk of malware attacks puts all users at greater risk, even those who only download apps from the App Store.
Apple also said that third-party app stores carry significant risks and are more likely to contain malware than official app stores. Therefore, giving users access to third-party app stores would change the threat model and expand the scope of possible attacks.
By providing additional distribution channels, changing the threat model, and widening the universe of potential attacks, sideloading on iPhone would put all users at risk, even those who make a deliberate effort to protect themselves by only downloading apps through the App Store. Allowing sideloading would spur a flood of new investment into attacks on iPhone, incentivizing malicious actors to develop tools and expertise to attack iPhone device security at an unprecedented scale. Having developed expertise in ever more sophisticated attacks, malicious actors would use it to target third-party stores as well as the App Store, putting all users at greater risk. Additionally, even users who prefer to only download apps from the App Store could be forced to download an app they need for work or for school from third-party stores if it is not made available on the App Store. Or they could be tricked into downloading apps from thirdparty app stores masquerading as the App Store
Finally, the company claims that this is how it protects the privacy on iOS, putting as a priority the protection of the personal data of its users.