White paper identifies sideloading apps as risk for iPhone users
Apple, the world’s most valuable company, has continued its tough stand against the use of sideloading applications, saying the process would make iPhone users more vulnerable to security risks.
Sideloading is generally defined as the process of installing an app that is not officially sanctioned by a device’s app store, or comes from a third-party or an unknown source.
The process could lead to an increase in severe risks, including credential theft and billions in fraudulent transactions, according to a new white paper released by Apple.
“Sideloading would open opportunities for cyber criminals. Malicious actors would be galvanised to develop tools and expertise to attack iPhone users because of the additional opportunities and distribution channels sideloading would provide,” Apple said. “Plainly, sideloading is not in the best interest of users.”
If Apple did support sideloading, users could become easier targets for cyber criminals, have less information up front and would be forced to remove protections against third-party access.
The company implements several layers of checks and verifications on apps before they are permitted to be posted on the App Store. All apps also need to get users’ permission before tracking them across third-party apps or websites.
The most common method of sideloading apps on to Apple devices is through jailbreaking, or the process of removing security restrictions on their products, commonly used by hackers.
This allows a user to freely install apps from sources other than the App Store. However, it also exposes an Apple device to threats, while nullifying its warranty.
Sideloading on devices using the Google-developed Android system is easier as users can utilise an option deep in settings that gives permission to install downloaded app packages from unknown sources. Research also shows that malware detection is higher in these devices.
A 2020 report from Finnish network gear and phone maker Nokia showed that malware detection on Android devices was at 26.6 per cent, while iPhones had a meagre 1.6 per cent.
On platforms that support sideloading, many consumers also need to add antivirus software to stem the problem – at a cost of $3.4 billion per year for those services. In 2021, an estimated 1.3 billion smartphones worldwide were equipped with security solutions, four times as many as in 2016.
The EU’s cybersecurity agency, Enisa, reported 230,000 new mobile malware infections per day – translating to about 84 million per year – in 2019 and early 2020. Cyber security company Kaspersky Lab estimates that in 2020, nearly 6 million attacks per month affected Android mobile devices.
Consumers are often the primary targets but malware attacks can also harm and expose developers, online advertisers and even businesses that are not direct participants in the mobile app ecosystem.
Companies face potentially high costs from malware attacks, which can originate from mobile apps. A single infected mobile device can cost an organisation an average of $10,000, while data breaches can set them back anywhere from $4 million to as high as $50m, according to a study by IBM. Among US companies, 46 per cent had at least one employee download a malicious app that threatened their network’s security, research by Checkpoint showed.
Aside from Enisa, Apple is also citing guidance from government and international agencies, including the US Department of Homeland Security, the European Union Agency for Law Enforcement Co-operation and Interpol, to tackle the growing threat to app security.
The white paper is a follow-up to a study released by Apple in June, detailing a busy 2020 in which it rejected almost 1 million new apps for violating rules, expelled about 470,000 teams from its developer programme for fraud-related reasons and deactivated 244 million customer accounts.
Overall, the company said this resulted in stopping more than $1.5bn worth of potentially fraudulent transactions.
The App Store, which was launched in 2008, a year after the original iPhone, was involved in $643bn worth of commerce in 2020, up 24 per cent from a year earlier, according to an Analysis Group study. It was one of the few companies that flourished during the Covid-19 pandemic as demand for mobile services surged.
Apple’s services revenue, which counts the App Store, reached another all-time high in the third quarter of this year, rising 33 per cent to $17.49bn from a year ago.
Among US companies, 46% had at least one employee download a malicious app