Apple releases report saying that iOS is safer than Android

Apple has publicly released a document that it calls "a threat analysis of sideloading." The actual title of the report is "Building a Trusted Ecosystem for Millions of Apps," and was written to warn of the dangers inherent in the practice of sideloading. The latter is the act of installing apps from a third-party source.

For example, Apple does not allow iPhone or iPad users to install apps from locations other than its own App Store. Google, on the other hand, allows Android users to sideload apps from third-party stores in addition to installing them from the Google Play Store. With the European Commission's proposed Digital Markets Act, Apple could be forced to allow iOS and iPadOS users to sideload apps onto their devices.

Apple kicks things off right from the get-go with a statement that sums up everything: "iPhone is a highly personal device where users store some of their most sensitive and personal information. This means that maintaining security and privacy on the iOS ecosystem is of critical importance to users. However, some are demanding that Apple support the distribution of apps outside of the App Store, through direct downloads or third-party app stores, a process also referred to as 'sideloading.'"

The tech giant adds that "Supporting sideloading through direct downloads and third-party app stores would cripple the privacy and security protections that have made iPhone so
secure, and expose users to serious security risks." Apple notes that mobile malware and threats to security and privacy are "predominantly present" on platforms that allow sideloading, which sounds like a shot at Android."

Apple does mention its competitor by name when it states that over the past four years, Android devices contained 15 to 47 times the number of malware infections than the iPhone. Additionally, a large security firm has a client whose fleet of Android phones was racking up 6 million attacks each month.

Why is malware so dangerous? Apple points out that "Mobile malware harms consumers, companies, developers, and advertisers. Attacks on users employ various tactics and techniques. Common types of mobile malware affecting consumers are adware, ransomware, spyware, and banking and other credential-stealing trojans that masquerade as legitimate apps."

To spread these attacks, bad actors often use social media. Overall, malware can hurt not just consumers, but developers and advertisers too. Malware can result in the theft of intellectual property, and cost advertisers some revenue.

Apple says that if it is forced to allow sideloading,  it would become easier for cybercriminals to target users as more apps would become dangerous since many third-party app stores do not have vetting procedures in place. As Apple writes, "If sideloading from third-party app stores were supported,  malicious apps would simply migrate to third-party stores and continue to infect consumer devices."

Because third-party app stores wouldn't require developers to provide the information that Apple demands, users would not get accurate info about these apps. Even with direct downloads, users wouldn't have features like parental controls and App Tracking Transparency to help control what iPhone data, hardware, and services can be accessed by those apps.

Apple says that allowing users to sideload apps on the iPhone would undermine the core security that protects the operating system and iPhone data/services from malware, intrusion, and operational flaws that could make the device less reliable, stop it from working and allow bad actors to spy on users' iPhone devices and steal their data.

Apple says that even those users not interested in sideloading could be forced to do so if an app they need is no longer available on the App Store and can only be found in a third-party store. There is also the fear that cybercriminals will trick users into sideloading an app via phishing, or by promising exclusive features, or free access to an infected app.

Apple points out that thanks to the pandemic, consumers now rely on their mobile devices more than ever. Consumers are now more likely to store their personal health information on their mobile devices which Apple calls "valuable data that hackers can sell to multiple buyers." And the number of tricks being used to attack mobile users has been growing with mobile phishing incidents up 37%.