Apple software chief blames sideloading for malware attacks

In a speech at Web Summit 2021 proclaiming the security risks, Apple senior vice president Craig Federighi stressed that “Sideloading is a cyber criminal’s best friend and requiring that on iPhone would be a gold rush for the malware industry.”

Federighi, on the other hand, opposes a solution that allows users to decide for themselves whether to take the risk of sideloading apps. The problem is that “criminals are smart and really good at hiding inconspicuously.”

The senior vice president, who oversees Apple’s iOS and macOS software divisions, was specifically protesting the European Commission’s proposed Digital Markets Act, which, if passed, would require Apple to let users install apps outside of the iOS App Store.

According to him, the lack of sideloading is what separates Apple’s relatively low rate of malware on iOS from the “5 million Android attacks per month,” and that if Apple were forced to let users install their own apps, “the floodgates are open for malware.”

In addition, he emphasizes the importance on the effect of malwares on children and parents who can be fooled. “The fact that malware can hurt everyone is something we shouldn’t support,” Federighi notes.

He added that “There is concern that if Apple allowed sideloading, some social networking apps will probably try to avoid the annoying privacy protection of the App Store and only make their apps available via sideloading.”

According to Federighi, Apple’s privacy requirements in the App Store go beyond those of the letter of the law, and social media companies looking to escape those could force customers to choose between “losing touch with your friends online or taking on the risks of sideloading.”

Sideloading undermines security and puts people’s data at risk, Federighi highlights, and that if customers and regulators want the option to sideload apps, the alternative of Android should be enough to meet that without requiring it for iPhones.

“But all the concerns on iOS are curious, given the other half of his job description: leading the macOS software team, where apps can be freely installed outside of Apple’s app store (and have been for decades) without suffering from apocalyptic malware attacks,” he acknowledged.

And one last thing, he says, that If Apple wanted, it could enable iOS sideloading in a similar manner and require something like the Gatekeeper system on macOS, which allows for Apple to check signed developer IDs to confirm the software is genuine.