Apple Warns Sideloading Apps Would Undermine Privacy Protections



Apple has released a report titled: “Building a Trusted Ecosystem for Millions of Apps”. In short, it provides information about how the App Store protections are important for the safety and security of iOS and iPadOS. Sideloading would undermine this system because it would enable nefarious apps to cause harm to those who download them.

The report is an interesting read for those who use iOS and/or iPadOS. It provides details about what happens “behind the scenes” that enables Apple to provide security and privacy protections to users. It also talks about its App Review process, in which developers and users are screened and checked for malicious components like unwanted purchases or providing access to personal data.

In 2020, 100,000 apps and updates were reviewed each week on average by a team of over 500 dedicated experts, who review apps in different languages.

Nearly one million problematic new apps and a similar number of updates were rejected or removed. That includes more than 150,000 for being spam or copycats, or misleading users; more than 215,000 for violating privacy guidelines; more than 48,000 for containing hidden or undocumented features; and about 95,000 for fraudulent violations (predominantly for including “bait and switch” functionalities to commit criminal or other forbidden actions.)

Features like Apple’s privacy labels on the App Store, and its App Tracking Transparency, provide protections to users. Apple points out that allowing sideloading – allowing developers to distribute their apps outside of the App Store through websites or third-party app stores – “would degrade the security of the iOS platform and expose users to serious security risks not only on third-party app stores, but also on the App Store.”

One of the things that caught my attention in Apple’s report was that sideloading could cause harm to people who only download apps from the App Store. Those that choose to sideload apps will put other iOS or iPadOS users at risk. A malicious developer could attempt to fake something that looks like the App Store, which could trick users into thinking it was the real deal. That app could then grab people’s data, including health and financial information.