A new Wild West?
Just because sideloading may become possible doesn’t necessarily mean the iPhone’s file system will become the Wild West, like the Windows PCs of old. Instead, Greig Paul argues that there are other new approaches that might work.
The first would be to change the iPhone’s “sandbox” rules that keep apps separate and unable to access the rest of the operating system. “Apple’s implementation of sandboxing rules at the moment places an assumption that they are a trusted intermediary that can make these decisions,” said Paul, who explained how under the existing system, Apple signs off that an app is safe, and it is linked to a manifest that outlines the permissions a given app has to operate on the iPhone. But this doesn’t work in a world where Apple doesn’t have sign-off, and a rogue app could access files and features that it shouldn’t.
So how should it work instead? One way around this could be to change the permission model at the operating system level, to one that doesn’t rely on the App Store granting permissions to sensitive parts of the phone, such as files and hardware features. Instead, users may be forced to explicitly grant permissions for each app’s different behaviour, at a very granular level.
“The big problem at the moment is you just can’t see what goes on,” explained Paul. “Most people don’t realise how much their apps are phoning home, sending their data to whoever. If you open an app, it might be firing beacons off to 20 different trackers.
“You ought to be designing your sandbox so that they can’t do it unless the user consents. The operating system can manage the consent… and the user can then be given a choice. Now, if the user says no, then it can’t do it.”
And as for spotting actual malware? Paul argues that Google has already solved that problem. He points to Google Play Protect on Android, an antivirus-like background service that scans apps installed on the phone for anything nefarious. And it works separately from Google’s own app store. “If Google was to remove stuff that was just because it competed with its business interests, then that would probably find its way very, very quickly to court,” said Paul.