Craig Federighi ; side loading is a cybercriminal’s best friend

[Bombastinator]

9 minutes ago, Blademaster91 said:

There was a recent article on ad companies revenue, and it actually turns out that apples revenue on targeted ads went up. I don't like google's data collection either, but now apple is hoarding data and still profiting off of user data. The walled garden doesn't seem any better to me, and I would rather not give apple my money, I don't want companies profiting from my data either, but there isn't any other choice out there.

I think theres a difference even though app store fees are similar, developers and users can choose to avoid those fees or having to pay more for apps.

Yes I meant more than just the app store, I was referring to the device and actually owning it in terms of the hardware, the scare tactics of "security" are used for that as well.

Microsoft has taken away a lot of choice with settings with Windows 11, making anything older than Intel 8th gen e-waste, and there has been a ton of backlash for it.

As for malware attacks, the infrastructure should be fixed, also reminds me of retail stores that get hacked and its barely a slap on the hand for them, while the consumer gets their identity stolen. The end user shouldn't be punished with less choice over their device when there are ways to allow the more tech inclined people to sideload, while keeping people that aren't comfortable with it in the app store.

If apple is running the big data game it’s a problem.  The question becomes “how much?” It used to be apple didn’t collect data for that.  Does “targeted ad” mean the same thing in each instance?  The accusation that apple is doing data hoarding on anything like the level of a google or a Facebook would be big big news. Something that would be trumpeted everywhere. I worried about that at one point. There is a legal requirement that says a company has to tell you all of the data it collects. That guy who did “supersize me” asked for his data from a bunch of companies.  One was google and one was apple from apple he got a few pages of stuff which was almost entirely specifics about his machine.  The other packet was inches thick and included specifics about his divorce amongst other things.  That was years ago though.  If it changed I’d want to know. I put up with the walled garden because I worry more about the eye over my shoulder. If both have the same sized eye the algorithm changes for me.  

[LAwLz]

Quote

“As an engineer who wants iPhone to stay as secure as possible for our users, there is one part I worry about and that’s the provision that would require iPhone to allow sideloading. In the name of giving users more choice, that one provision would take away consumers’ choice of a more secure platform. All of this comes at a time where people are keeping more personal and sensitive information than ever on their iPhones. And I can tell you there have never been cybercriminals more determined to get your hands on it.” 

I think this is a really bad argument.

It is true that sideloading would open some users up to security risks, but so does pretty much everything. Most viruses are spread through email. Does that mean we should just block all email ever? Most scams are delivered through email as well.

If we want to take it one step further, which is Apple allowing Internet access on their phones? The Internet is by far the biggest delivery method for malware and the iPhone would be far more secure than it is today if it couldn't connect to the Internet.

Allowing users to install software at all is a security risk. We should probably remove the app store from iOS because it is a security risk.

 

 

You have to weight the benefits vs the drawbacks of everything. The most secure computer ever is just a brick, because it can't do anything. So saying that a change reduces security is pointless, because basically everything does. There are also ways of implementing sideloading in a safe-ish way. Apple users can have their cake and eat it too. Just have the curated app store be the default and then give users the choice to use other stores. 

 

 

This entire argument is bullshit. It's trying to frame Apple getting competition on iOS as a bad thing. "It takes away consumers' choice", no it fucking doesn't. It does the opposite. Even if you buy his bullshit argument that allowing sideloading would make the platform less safe, it should be up to the consumer if they want their platform to be safe or not. Giving users the option to lower security is not the same as removing the choice of having security.

[saltycaramel]

The “choice” in that context would be being able to buy devices/OSes that strike different balances between security and sideloading-ness. 

[Bombastinator]

28 minutes ago, LAwLz said:

I think this is a really bad argument.

It is true that sideloading would open some users up to security risks, but so does pretty much everything. Most viruses are spread through email. Does that mean we should just block all email ever? Most scams are delivered through email as well.

If we want to take it one step further, which is Apple allowing Internet access on their phones? The Internet is by far the biggest delivery method for malware and the iPhone would be far more secure than it is today if it couldn't connect to the Internet.

Allowing users to install software at all is a security risk. We should probably remove the app store from iOS because it is a security risk.

 

 

You have to weight the benefits vs the drawbacks of everything. The most secure computer ever is just a brick, because it can't do anything. So saying that a change reduces security is pointless, because basically everything does. There are also ways of implementing sideloading in a safe-ish way. Apple users can have their cake and eat it too. Just have the curated app store be the default and then give users the choice to use other stores. 

 

 

This entire argument is bullshit. It's trying to frame Apple getting competition on iOS as a bad thing. "It takes away consumers' choice", no it fucking doesn't. It does the opposite. Even if you buy his bullshit argument that allowing sideloading would make the platform less safe, it should be up to the consumer if they want their platform to be safe or not. Giving users the option to lower security is not the same as removing the choice of having security.

Side loading is only one way to do that. It does seem to be the cheapest one though.  There are numerous things that have not been made clear to the public as to how this is actually working on the level that the manufacturers are at.  If a iPhone can side load there would be places they should not be allowed to be.  Like in any area where secure data is kept.  I don’t know how big a percentage of apple’s business that is. I’m not convinced apple gains a massive financial advantage by preventing side loading as far as the App Store goes.  There may be one as far as mindshare goes though.  If an iPhone is not more secure than an android phone they really don’t have much. 

[Bombastinator]

7 minutes ago, saltycaramel said:

The “choice” in that context would be being able to buy devices/OSes that strike different balances between security and sideloading-ness. 

I suspect if apple does allow side loading they may go in that direction. It might be too expensive to attempt. They’d have to design parts for each phone that wouldn’t fit inside the other at all, and the things would have to be quite visually different.  They’d also have to sell for the same price.  There would be an argument for making the non-side loading one more expensive, it would be massively more desirable. but that would just mean that people would fake up their cheap iPhone to look more expensive.  That one is already happening.  The whole thing could be very expensive. 

[saltycaramel]

Maybe Apple could run an “Actual Verified Store” program to host certified secure alternative stores.

 

This way they would move from being a single-brand supermarket to being a mall with many stores.  

 

It would be more secure than wild west style sideloading and it would appease anti-competitive concerns. 

 

Meta seems to believe this won’t be sorted out anytime soon so for the next big thing (supposedly HMDs) they want to break free from Apple/Google both on the hw and sw side.

[Bombastinator]

3 minutes ago, saltycaramel said:

Maybe Apple could run an “Actual Verified Store” program to host certified secure alternative stores.

 

This way they would move from being a single-brand supermarket to being a mall with many stores.  

 

It would be more secure than wild west style sideloading and it would appease anti-competitive concerns. 

 

Meta seems to believe this won’t be sorted out anytime soon so for the next big thing (supposedly HMDs) they want to break free from Apple/Google both on the hw and sw side.

Didn’t they recently announce something like that?  Something about the Epic store or some such?  I don’t remember.  

[Bombastinator]

49 minutes ago, LAwLz said:

I think this is a really bad argument.

It is true that sideloading would open some users up to security risks, but so does pretty much everything. Most viruses are spread through email. Does that mean we should just block all email ever? Most scams are delivered through email as well.

If we want to take it one step further, which is Apple allowing Internet access on their phones? The Internet is by far the biggest delivery method for malware and the iPhone would be far more secure than it is today if it couldn't connect to the Internet.

Allowing users to install software at all is a security risk. We should probably remove the app store from iOS because it is a security risk.

 

 

You have to weight the benefits vs the drawbacks of everything. The most secure computer ever is just a brick, because it can't do anything. So saying that a change reduces security is pointless, because basically everything does. There are also ways of implementing sideloading in a safe-ish way. Apple users can have their cake and eat it too. Just have the curated app store be the default and then give users the choice to use other stores. 

 

 

This entire argument is bullshit. It's trying to frame Apple getting competition on iOS as a bad thing. "It takes away consumers' choice", no it fucking doesn't. It does the opposite. Even if you buy his bullshit argument that allowing sideloading would make the platform less safe, it should be up to the consumer if they want their platform to be safe or not. Giving users the option to lower security is not the same as removing the choice of having security.

The default thing is apparently already assumed.  That is how android does it I believe.   This is why I am unsure money from the App Store is the factor here.

[saltycaramel]

Microsoft managed to sneak an alternative game streaming store on iOS by doing everything in-browser. 

 

Epic has sued both Apple and Google because they won’t allow them to use their own in-store payment system. Google’s tolerance for successful alternative stores on Android is not so different from Apple’s

https://www.theverge.com/2021/8/19/22632804/epic-google-lawsuit-unredacted-complaint-antitrust

[Gork]

4 hours ago, Arika S said:

Hey Apple, there are stupid people that say the same thing about encryption, are you going to ban encryption on your iphones too?

lol oh please do let them.

[Gork]

2 minutes ago, saltycaramel said:

Microsoft managed to sneak an alternative game streaming store on iOS by doing everything in-browser. 

 

Epic has sued both Apple and Google because they won’t allow them to use their own in-store payment system. Google’s tolerance for successful alternative stores on Android is not so different from Apple’s

https://www.theverge.com/2021/8/19/22632804/epic-google-lawsuit-unredacted-complaint-antitrust

 

Huh. Then why does android let me install the Aurara store(for example)

[saltycaramel]

Just now, Gork said:

 

Huh. Then why does android let me install the Aurara store(for example)

Because there’s a fine line between what can potentially be done and what would significantly hurt Google’s bottom line.

[Bombastinator]

1 minute ago, saltycaramel said:

Microsoft managed to sneak an alternative game streaming store on iOS by doing everything in-browser. 

 

Epic ha sued both Apple and Google because they won’t allow them to use their own in-store payment system. Google’s tolerance for successful alternative stores on Android is not so different from Apple’s

https://www.theverge.com/2021/8/19/22632804/epic-google-lawsuit-unredacted-complaint-antitrust

So a second lawsuit?  I vaguely remember that.  My suspicion is that they won’t be any more successful than they were the first time.  That will take a year or more to shake out I suspect. One would think Epic could pull the same thing microsoft did.  Might be specific stipulations in the ruling of the first lawsuit.  It seems to me if Epic wanted to get around this one it could.  I may be wrong about that though.  I was under the impression Epic properties had peaked in popularity and were starting to droop and with nothing like the cash cow that fortnight was on the horizon their only option to maintain increasing profitability is  to attempt to lower costs by attacking.  I don’t play shooters though much less on a phone so I don’t pay a ton of attention to the specifics. 

[saltycaramel]

Just now, Bombastinator said:

So a second lawsuit?  

Nope, I meant the same old lawsuit. 

[Gork]

9 minutes ago, saltycaramel said:

Because there’s a fine line between what can potentially be done and what would significantly hurt Google’s bottom line.

IE add blockers and anti tracker tricks. 

[Bombastinator]

3 minutes ago, saltycaramel said:

Nope, I meant the same old lawsuit. 

If it’s the first lawsuit that one is already over.  The impression I got from the various post mortems is that neither apple nor epic did well. I don’t even remember who technically won.  It sucked from both ends.  Iirc the Microsoft thing came after that.

[Video Beagle]

1 hour ago, LAwLz said:

This entire argument is bullshit.

no...to quote you: "You have to weight the benefits vs the drawbacks of everything."

Apple weighed the benfits and drawbacks and chose their side.

[Gork]

Just now, Bombastinator said:

If it’s the first lawsuit that one is already over.  The impression I got from the various post mortems is that neither apple nor epic did well. I don’t even remember who technically won.  It sucked from both ends.

I think Tim Apple (techically) baaarely won  but not. by  much.

[Video Beagle]

3 minutes ago, Bombastinator said:

 The impression I got from the various post mortems is that neither apple nor epic did well. I don’t even remember who technically won.

Epic lost on all the things that were actually important to them.

Apple lost on one thing they had already conceded months before.

 

[RejZoR]

4 hours ago, estiar said:

Android has side loading, but I don't see that being a gaping security flaw in it. The option to sideload isn't enabled by default, and those who are your average phone user will never turn that option on. Even I have never sideloaded an app in the past four years. There is no good reason (non-monitary) to ban side loading. A simple toggle switch in the settings will be just as effective in securing your device.

Except OS happily offers you to do it and points you where. And when people want to run something they'll do everything to achieve that even if they are entirely tech illiterate. Been there, seen that where users were disabling antivirus because it was bugging them with warning s on the file they wanted to run...

[Sauron]

That's absurd. Just make it an option that's disabled by default and requires user authentication to enable, problem solved. Also, by this logic web browsing should be disallowed too.

[Bombastinator]

2 minutes ago, Gork said:

IE add blockers and anti tracker tricks. 

From what I’ve seen ad blockers don’t work as well as they used to.  Also IE is long gone.  Windows uses edge now, which as I understand it is more or less chrome that doesn’t shove data to google and that bing is really difficult to remove from.  It can be done, sort of, but it’s a PITA.  I made it give me duck-duck-go but I remember seeing a bing splash screen recently so I’m not sure how effective my attempt was.  Microsoft. Needs to try and not monetize bing quite so hard.  It’s not the best search engine but it’s better than it used to be.

[Bombastinator]

2 minutes ago, Sauron said:

That's absurd. Just make it an option that's disabled by default and requires user authentication to enable, problem solved. Also, by this logic web browsing should be disallowed too.

The default thing is already assumed I understand.  It’s how it’s apparently done in android already. Doesn’t change the safety aspect though.

[Gork]

13 minutes ago, Bombastinator said:

From what I’ve seen ad blockers don’t work as well as they used to.  Also IE is long gone.  Windows uses edge now, which as I understand it is more or less chrome that doesn’t shove data to google and that bing is really difficult to remove from.  It can be done, sort of, but it’s a PITA.  I made it give me duck-duck-go but I remember seeing a bing splash screen recently so I’m not sure how effective my attempt was.  Microsoft. Needs to try and not monetize bing quite so hard.  It’s not the best search engine but it’s better than it used to be.

lol not a high bar. But then google is pretty bad. Which is lame since it used to work well.

[mr moose]

2 hours ago, saltycaramel said:

Profits for both Apple and the software economy the mobile revolution enabled.

You give way to much credit to apple for something that was always going to happen. 

 

2 hours ago, saltycaramel said:

One pillar of the mobile revolution has undoubtedly been the AppStore being a secure “mall” for one-click payments for apps. 

One pillar, the other is google apps,  another is straight up buying your software directly form the developer. you know because that's a thing that has always been a thing long before smart phones even were a thing.

 

2 hours ago, saltycaramel said:

Now suddenly everybody wanna side-load their own cereals into Walmart. 

Absurd.