Apple has endured a lot of heat from frustrated consumers over the years for the approach it takes to permitting the installation of third-party apps on its devices, and perhaps for good reason.
A screenshot of apps sideloaded onto an iPhone using AltStore.
In fact, Apple appears to be renewing this heated debate after the company’s own senior vice president of software engineering Craig Federighi took the stage this year’s Web Summit event to articulate Apple’s position on the matter of sideloading apps. Captivatingly, and even deceptively, Federighi coined the practice as “a cybercriminal’s best friend.”
Sideloading: Good or Bad?
The Problem
In most cases, when a user wants an app, they open the App Store, and then they search for that app. The user may then proceed with downloading and installing the app if they find it, but what about when they don’t find it? This happens more than some would admit, and not always because the app doesn’t exist, but instead because it doesn’t exist specifically for the iPhone due to App Store restrictions.
The App Store subjects app developers to specific guidelines and then holds their feet to the fire by means of a review process that brings each app to a head before it gets published. These guidelines are intended to shield users from low-effort and/or potentially malicious apps by working as a quality filter, but this good-faith process sports substantial burn backs as well.
For example, the App Store’s strict guidelines can sometimes handicap an app’s capabilities by subjecting them to a small bubble of what Apple considers ‘allowed.’ If the app does something that Apple doesn’t allow, then the company just declines the app, or more commonly, publishes the app and then pulls it down later after someone points it out. This type of control can stifle innovation on the developer’s end.
An alternative to the App Store exists, and it’s called sideloading. This process allows the end user to install an application file on their handset manually by completely bypassing the App Store. Users with free or paid developer accounts can do this effortlessly with computer software such as AltServer & AltStore, Cydia Impactor, and even Apple’s own Xcode development tools. Sideloading doesn’t require a jailbreak, however it’s worth noting that jailbreaking is another way users can install apps that wouldn’t typically get the green light from Apple’s App Store guidelines.
The caveat to slideloading is that many of the aforementioned methods aren’t provided by Apple or they otherwise require the end user to jump through an excessive number of hoops such as signing the app, trusting it on the device before it can run, and subjecting it to a limited usage period before it needs to be signed all over again. For jailbreaking, the user often needs to be running an outdated firmware with security vulnerabilities and a leaner feature set. The user experience is, obviously, far from perfect in either case.
The benefit of sideloading apps or installing them via a jailbreak’s package manager is that they aren’t subjected to the App Store’s strict guidelines or review process. This means that those apps can offer more unconventional functionalities than those that would otherwise by crippled by Apple’s guidelines, and that’s the chief reason why game emulators, pasteboard apps, jailbreak tools, and other types of apps are often installed by sideloading instead of via the App Store.
Apple’s Flimsy Argument Against Sideloading
As illuminated by Federighi’s own comments at this year’s Web Summit, Apple has no intention of mainstreaming sideloaded apps on its mobile platforms unless it’s forced to by legislative action. The company’s reason, you ask? “Security.”
While it’s certainly true that the App Store’s review process weeds out a high number of lower quality and perhaps even malicious apps from the mix, the bottom line is that what you choose to do with your own device should be your choice, and your choice alone. This is a sentiment that Jay Freeman (Saurik), also known as the father of jailbreaking, has defended for years to help secure the legality of jailbreaking via an exemption within the Digital Millennium Copyright Act (DMCA).
When it comes to your personal computer, be it a Mac, a PC, or even a Linux box, you can install pretty much whatever software you want on it without using an application store to achieve those means. Tried and true security mechanisms exist on those platforms, such as security software, to prevent malware and preserve user security, and so it continues to baffle users as to why the iPhone and iPad are still limited to just access to the App Store.
According to Federighi, sideloading is “a cybercriminal’s best friend” because it allows apps to be installed on a device without being verified by Apple. As a result, users may be tricked or coerced into inadvertently installing a malware-infested app on their device by way of sideloading.
Federighi repeatedly slammed the competing Android operating system for its susceptibility to malware and blamed sideloading apps on the mobile platform for this problem while making the case that Apple shouldn’t allow sideloading apps on its mobile platform. He went on to say that “history” supports Apple’s argument without providing any specific examples.
Ironically enough, history shows that even malicious apps have slid past the App Store’s purportedly ‘safer’ review process in the past, while security researcher Will Strafach points out that sideloading apps has been made both safe and practical with Apple’s help on security research devices.
The Obfuscated Truth of Apple’s Intentions
Apple’s App Store exhibits another downside that developers have actively called out in recent memory, and that’s the platform’s commission fees ranging from 15-30% that Apple swipes before a developer ever sees any revenue from their app. Apple insists that this cut goes toward operating costs and wages for its App Store, but yet it provides no alternative to the App Store for developers to dodge those fees while offering apps, instead back-pedaling on “security” as Federighi has in the latest arguments.
Anyone who jailbreaks their iPhone or iPad or uses other devices with less-restrictive operating systems would understand that security isn’t a problem for responsible individuals. I can personally attest to this, as I’ve been jailbreaking my iPhones for more than a decade and I’ve used a variety of different operating systems in which can I download apps and programs online instead of using dedicated nanny stores provided by the OEM. No malware here.
Rather than being a security issue, it seems more likely that Apple is defending the revenue perpetuation it generates by forcing app developers to use the App Store and then charging fees on every purchase or subscription. After all, there is no alternative to the App Store that app developers can use in protest; Apple wields absolute and unchecked control over what software can be installed on your device unless you jailbreak, and Apple seems to be vehemently against that too.
That can’t be a coincidence…
Apple is viewed favorably by much of its user base because the company spends endless funds on masterful marketing that touts “privacy” and “security” every chance it gets. Users feel safe and protected when they use Apple products because these buzzwords have been pounded into their heads now for the longest time, but just how private and secure are Apple device users, really? After all, exploit after exploit teased by prominent hackers demonstrates that Apple’s mobile software is far from hack-proof.
Given what I’ve just explained above, is it fair to call sideloading a cybercriminal’s best friend, or should we instead refer to the hackable handset itself as a cybercriminal’s best friend? After all, it’s a conveniently personal device that contains information about almost everything about you. You decide.
What Users Deserve From Apple
While it’s apparent that Federighi doesn’t like the idea of sideloading apps on iPhones and iPads, anyone familiar with jailbreaking or using other operating systems would be quick to point out that the history argument is both flimsy and subjective.
If anything, users should have a choice between letting Apple dictate to them what they can or can’t install on their devices in the name of security or being presented with a checkbox consenting to the risks that accompany side-loading apps. The checkbox would be a lot like accepting any other terms of service for any other platform or server, effectively releasing Apple from any obligation to provide support if you choose to go the more advanced and ‘dangerous’ route.
Of course, this hasn’t and likely never will happen without legislative action, at least not on Federighi’s clock. If Apple’s executives had any say, jailbreaking would be but a relic of the past and users would just mindlessly feed from Apple’s all-knowing hand ensuring that the company controls what they can and can’t install on their device(s). Such would help ensure the realization of the company’s revenue growth projections.
Conclusion
While there is certainly a distinction between the tech-savvy and the not-so-tech-savvy, Apple seems to go out of its way to lump all users into the same group, making major decisions for them instead of with them. Apple has taken this approach for as long as I can remember, but legislative action festering around the world could force the company another direction.
Personally, I think Apple should embrace the idea of sideloading apps instead of demonizing it. It would make the company’s platform more approachable by those who think it’s too restrictive as it sits currently.
Additionally, I find it wholesomely ironic that Apple doesn’t want to be dictated to by governments while on the other hand they dictate to users what they can and can’t do with their devices. Maybe it’s time for Apple to get a taste of its own medicine.
Where do you stand in the app-sideloading debate? Should users be able to sideload any app onto their iPhone or iPad without Apple saying otherwise? Discuss your position in the comments section down below.