Craig Federighi ; side loading is a cybercriminal’s best friend

[mr moose]

If the app store actually lived up to the absolute arguments people are using to defend not permitting side loading, then I might be a little more interested in entertaining the idea that it's worthwhile.  But when not being able to side load hasn't prevented dodgy apps, malware or improved security then the concept you can use it as an argument for these things is ridiculous.   And that's before you realize that side loading hasn't made android inherently unsafe.  In fact I would argue google has done more to undermine user privacy and safety than a side loading option ever has.

[Bombastinator]

8 minutes ago, Gork said:

lol not a high bar. But then google is pretty bad. Which is lame since it used to work well.

I’ve been a gmail user from years back and watched as the thing lost quality. I’m finally getting shut of the thing though I had to be pushed.  Lot of inertia there. I generally avoid as many google apps as possible, gmail being the last one to go, but it is in the interest of advertisers to circumvent pop-up blockers so the whole technology might simply be losing effectiveness.

[Bombastinator]

2 minutes ago, mr moose said:

If the app store actually lived up to the absolute arguments people are using to defend not permitting side loading, then I might be a little more interested in entertaining the idea that it's worthwhile.  But when not being able to side load hasn't prevented dodgy apps, malware or improved security then the concept you can use it as an argument for these things is ridiculous.   And that's before you realize that side loading hasn't made android inherently unsafe.  In fact I would argue google has done more to undermine user privacy and safety than a side loading option ever has.

Isn’t that an absolute argument though? Prevention and reduction are different things.

[Video Beagle]

14 minutes ago, mr moose said:

You give way to much credit to apple for something that was always going to happen. 

This is one of those "if you could have created facebook, you'd have created facebook" things (I ddin't see the movie, mind you). "It was always going to happen." Are you Marvel's Watcher and can see the timeline where it happened without Apple?

[saltycaramel]

25 minutes ago, mr moose said:

You give way to much credit to apple for something that was always going to happen. 

 

Yeah, it’s not like iPhone changed the world or anything. 

[saltycaramel]

19 minutes ago, mr moose said:

If the app store actually lived up to the absolute arguments people are using to defend not permitting side loading, then I might be a little more interested in entertaining the idea that it's worthwhile. 

 

This argument is being used by anti-vaccine people.

Just saying.

[jagdtigger]

6 hours ago, Heraldique said:

Craig Federighi has told people on the web summit that side loading is a cybercriminal best friend

So im a criminal for sideloading the official YT app because play wasnt offering any updates just open/uninstall? Yeah bugger off.....

[saltycaramel]

4 minutes ago, jagdtigger said:

So im a criminal for sideloading the official YT app because play wasnt offering any updates just open/uninstall? Yeah bugger off.....

Can people read these days?

And I’m not even a native English speaker..

[jagdtigger]

1 minute ago, saltycaramel said:

Can people read these days?

And I’m not even a native English speaker..

Just edged it out a bit to highlight how stupid the statement is .

[saltycaramel]

Sideloading would be the best thing since sliced bread for cybercriminals suddenly having a far larger attack surface on a super popular mobile platform (incidentally that’s also the mobile platform where most of the money is, it’s the juiciest morcel)

 

Sideloading, hence, IS a cybercriminal’s best friend.

 

This does not equal to saying that EVERY sideloader is a criminal or something.

[saltycaramel]

 

 

 

 

I know, I know, clickbaiting is part of the game, etc.

[jagdtigger]

35 minutes ago, saltycaramel said:

Sideloading would be the best thing since sliced bread for cybercriminals suddenly having a far larger attack surface on a super popular mobile platform (incidentally that’s also the mobile platform where most of the money is, it’s the juiciest morcel)

 

Sideloading, hence, IS a cybercriminal’s best friend.

 

This does not equal to saying that EVERY sideloader is a criminal or something.

Except even on android by default you cant. 1st you have to activate the dev menu then dig up the relevant option. Guess how many normie will do that.....

[saltycaramel]

The minute side-loading becomes available on iOS, Tim Sweeney will buy ads everywhere to explain every normie how to do it..

[mr moose]

1 hour ago, Bombastinator said:

Isn’t that an absolute argument though? Prevention and reduction are different things.

Nope, it points to a variable that is already so small that there is little reduce.

1 hour ago, Video Beagle said:

This is one of those "if you could have created facebook, you'd have created facebook" things (I ddin't see the movie, mind you). "It was always going to happen." Are you Marvel's Watcher and can see the timeline where it happened without Apple?

No, tech advances all the time regardless of who created what,  if it wasn't zucks it would have been the next guy in line with the same idea.  You only have to look at history to see the people who we claim to have changed the world with things like the steam engine, the light bulb, the telephone etc were all just small fry adapting existing ideas, in fact some of them just outright stole the whole idea.    No one person or company has ever changed the world and people who think they did are just falling for the PR and marketing.

 

 

1 hour ago, saltycaramel said:

Yeah, it’s not like iPhone changed the world or anything. 

You know what it did change? it made phones a fashion accessory,  that's what it did, it took the best bits of all existing phones and sold it like a dress or expensive perfume.  I thank the iphone for flooding the market with this concept that phones are everyday items, because until then you only had BB, windows or palm to choose from and they were all expensive.

 

1 hour ago, saltycaramel said:

 

This argument is being used by anti-vaccine people.

Just saying.

More absurd commentary,  this is nothing like anti vaccine nonsense.   The thing apple are claiming to do by not permitting side loading is already happening.  Ergo continuing to not permit it will not change that.

 

 

[jagdtigger]

37 minutes ago, saltycaramel said:

The minute side-loading becomes available on iOS, Tim Sweeney will buy ads everywhere to explain every normie how to do it..

Then that is the users choice, no corporation should have the right to dictate what you can do with a device you own. And FYI even if its enabled it wont let silent installs to happen.

[saltycaramel]

It’s a company’s right to keep a device secure and profitable (people would spend less on the platform if it became an unsafe cesspool).

 

And “ownership” is not so clear cut…terms of the licence apply to the OSes and software we use as mere licensees..

[jagdtigger]

When they sold you the device they forfeited their rights to control it, period. BTW locking down a device so things can only go through you isnt security but a monopoly which shouldve been broken a very long time ago.

[RejZoR]

It's funny people always call iPhones fashion accessories or that only reason people buy iPhones is the Apple logo on the back and willfully ignoring the fact that iPhones have industry's best software support. When you taste 5 years of major OS updates, 7-8 years of security updates, global updates release without any of seeding idiocy all Android phone makers do that can range from days to even weeks and months of difference between some users getting the updates and you getting the updates. Browse any news article about new whatever software update for any Android brand that's not a Pixel phone and you'll see endless amount of comments where people are asking when the update will be live and why is it taking so long and then you'll see bunch of users saying they got the update and then bunch of users commenting on that how they still haven't got it after a month. Remember, I had to deal with this kind of shit since 2010 when I got my first Android phone. And all I ever got was 2 years of updates. I was so fed up with it I ditched Android phones around 2018 and bought an iPhone, literally a decision made over night because I was so fed up with it. And my god the experience is just sublime. One may argue it doesn't have so many bells and whistles as Android and it's slowly getting similar functionality, but I frankly don't really see it as an issue once I got used to it. I still use same apps and services I used on Android so I'm not really missing out a whole lot of things or features. And because hardware is so capable and software support actually exists, this is the first time ever that I have ZERO support anxiety and it's more of just wanting to experience or try the new models. And then I realize, it works so well I don't need to. And so I just keep on just sticking with XR. And it's still nice after 3 years.

 

The other one is, Android phones can be a very good experience or very shite one, especially when you trickle down the stack of models. With iPhones, basically no matter which one you buy, it'll always do everything really well. I have the "budget" iPhone XR and despite single camera and still using LCD, there's nothing wrong with it. It has excellent display where resolution isn't an issue despite everyone whining how it's only 720p, excellent single camera that does great photos without me having to take time to pick the right lens, I have a Night Mode with NightCam app that uses neural engine to do shots in pitch black, the sound is freaking amazing for a thin slab of glass and metal and its A12 Bionic chipset is still ridiculously fast 3 years after release. I can throw anything at it and it's smooth experience down to basic things like all menu animations and transitions never ever lag or stutter to a point I don't even care it's only 60Hz display. How many Android phones can brag with that after 3 years and running latest OS version? Most are lagging stuttering mess even out of the factory because vendors can't implement their skins right with Android core and it just gets worse with use. Always has and I kept factory resetting them to keep them feel smooth almost yearly. iPhone has been reset just once right in the beginning of these 3 years and even that was more of an old Android habit than necessity because it didn't fix anything and it was just a glitch that was fixed with an update that I didn't have to wait for months...

 

For me personally there is just so many fundamental things done better that I can live with Safari engine being mandatory for browsers or no sideloading or no NFC/BT general connectivity. All these things became a mild annoyance that I got used to and forgot about them. I just couldn't forget shit 2 years of updates and stupid seeding of updates alone, without bunch of other issues plaguing Android phones. Maybe things have changed in recent 3 years as I'm on iPhone/iOS, but I very much doubt it has.

[maartendc]

6 hours ago, Chris Pratt said:

It's BS. Apple just doesn't want people to be able to bypass their store, where they make obscene revenue. Apple already "solved" this in Mac, where installs from outside the Mac App Store are blocked out of the box, but you can disable it from it settings. Noobs that don't know better will leave it alone, while power users could then sideload if they want. It's trivial, costs nothing, and there's no reason not to enable it other than pure greed.

I agree to some extent.

 

However, there will always be a lot of users who can be fooled into clicking "allow this app" because during a phishing attempt, the perpetrator can just say: "oh yes, you will need to give access to install this really important piece of software...".

 

So yes, not enabling sideloading at all IS more secure, because it just takes the power away from the user to even enable non-verified installs. It decreases the chance grandma or little Timmy can install something malicious when being duped.

 

Whether or not you want to pay the price of less freedom over your device for more fool-proofness, that is another question. But it makes the device more idiot proof. And let's face it, a lot of people are just idiots.

[Sauron]

2 hours ago, Bombastinator said:

The default thing is already assumed I understand.  It’s how it’s apparently done in android already. Doesn’t change the safety aspect though.

Yes it does... if you're worried about safety risks (which Apple hasn't really proved exist in the first place) you can just opt out of the feature.

[Blademaster91]

22 minutes ago, jagdtigger said:

When they sold you the device they forfeited their rights to control it, period. BTW locking down a device so things can only go through you isnt security but a monopoly which shouldve been broken a very long time ago.

The locking down of a device only happens to be more secure, and I would've liked to see apple loose the epic vs. apple lawsuit as they monopolize the hardware and software with their products.

29 minutes ago, saltycaramel said:

It’s a company’s right to keep a device secure and profitable (people would spend less on the platform if it became an unsafe cesspool).

 

And “ownership” is not so clear cut…terms of the licence apply to the OSes and software we use as mere licensees..

It's still up to the device owner to keep themselves secure, companies aren't your friends and they're only marketing you security, apple wants you to keep you in the walled garden. And with the logic that everything should be up to the company then internet browsers and social media apps should be blocked as well.

And ownership is when you bought the hardware, the company can't tell you what you can or can't do with it.

[saltycaramel]

Quote

Yes it does... if you're worried about safety risks (which Apple hasn't really proved exist in the first place)

 

Apple needs to “prove” that speeding a red light is dangerous, sure..

 

Also, I like that for the CSAM thing people reacted like it was a backdoor, whereas a built-in actual backdoor that any user can be step-by-step convinced to enable (no matter how deeply hidden in settings it is) is somehow a good thing…maybe my iMessages will be intercepted on the receiving end by an infected iPhone, who knows..

[saltycaramel]

4 minutes ago, Blademaster91 said:

And ownership is when you bought the hardware, the company can't tell you what you can or can't do with it.

 

Pretty sure Terms&Conditions you accepted read otherwise..

[Sauron]

11 minutes ago, saltycaramel said:

Apple needs to “prove” that speeding a red light is dangerous, sure..

Please explain to me how the ability to sideload is a security risk even if you don't sideload anything. I'm very interested in your perspective on how this is comparable to speeding a red light.

12 minutes ago, saltycaramel said:

Also, I like that for the CSAM thing people reacted like it was a backdoor, whereas a built-in actual backdoor that any user can be step-by-step convinced to enable (no matter how deeply hidden in settings it is) is somehow a good thing…

You can phish someone to give you anything you want, no need to sideload anything. Again, the core issue there is the internet and I don't see Apple advocating for that to be blocked for security reasons.

[Bombastinator]

2 hours ago, jagdtigger said:

So im a criminal for sideloading the official YT app because play wasnt offering any updates just open/uninstall? Yeah bugger off.....

No.. he would have said doing so made you a criminal then.  A totally different thing.  There’s some facepalm logic there though.