[TheRecord] Apple argues against allowing app sideloading by pointing out Android’s malware figures

Apple said today that one of the reasons it does not allow app sideloading or the use of third-party app stores on iOS is because of privacy and security reasons, pointing to the fact that Android sees between 15 to 47 times more malware compared to its app ecosystem.

The company’s report comes as Apple is currently under an antitrust investigation in the EU for anti-competitive practices — namely for forcing app developers to use its proprietary App Store for app installations and payments.

The company is also facing issues in the US, where two senators put forward a bill in August that would force the company to open its devices to sideloading and third-party payment systems.

But in a report today, Apple says that the reason its iOS devices are locked into the App Store as the only way to install applications is for security reasons, as this allows its security teams to scan applications for malicious content before they reach users.

Apple cited statements from multiple sources (DHS, ENISA, Europol, Interpol, NIST, Kaspersky, Wandera, and Norton), all of which had previously warned users against installing apps from outside official app stores, a process known as app sideloading.

Image: Apple

Apple’s report then goes on to list multiple malware campaigns targeting Android devices where the threat actors asked users to sideload malicious apps hosted on internet sites or third-party app stores.

The list included malware campaigns such as Goontact, HiddenAds, FakeSpy, SpyNote, BlackRock, Banker.BR, TeaBot, Fusob, Anubis, FluBot, HelloSpy, MalLocker.B, CopyCat, Android.Click.312.origin, and FakeAdsBlock.

The list includes a host of threats, such as mundane adware, dangerous ransomware, funds-stealing banking trojans, commercial spyware, and even nation-state malware, which Apple said threat actors have spread by exploiting the loophole in Android’s app installation process that allows anyone to install apps from anywhere on the internet.

Forcing sideloading onto the iOS ecosystem would make iPhone less secure and trustworthy for users. This would be true regardless of whether sideloading occurred via direct downloads or through third-party app stores.


Today’s 31-page report [PDF] is the second iteration of the same report, with a first version [PDF] being published back in June, shortly after EU authorities announced their investigation.

The post Apple argues against allowing app sideloading by pointing out Android’s malware figures appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2021-10-06

Actively exploited Apache 0-day also allows remote code execution www.bleepingcomputer.com/news/security/actively-exploited-apache-0-day-also-allows-remote-code-execution/ Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that the scope of the vulnerability transcends path traversal, allowing attackers remote code execution (RCE) abilities. Attackers can […]

Read More

Daily NCSC-FI news followup 2021-05-16

We Found Joe Bidens Secret Venmo. Heres Why Thats A Privacy Nightmare For Everyone. www.buzzfeednews.com/article/ryanmac/we-found-joe-bidens-secret-venmo BuzzFeed News found President Joe Bidens Venmo account after less than 10 minutes of looking for it, revealing a network of his private social connections, a national security issue for the United States, and a major privacy concern for everyone […]

Read More

Daily NCSC-FI news followup 2020-08-30

Major internet outage: Dozens of websites and apps are down edition.cnn.com/2020/08/30/tech/internet-outage-cloudflare/index.html Cloudflare, an internet service that is supposed to keep websites up and running, was down itself Sunday, taking dozens of websites and online services along with it. Hulu, the PlayStation Network, Xbox Live, Feedly, Discord, and dozens of other services reported connectivity problems Sunday […]

Read More