Tim Cook Delivers Speech Emphasizing Apple's Opposition to Sideloading

[mrat93]

Do you? While Google has followed (in a sense) in the steps of Apple with the whole "Do Not Track" feature, they make money off the ads they sell. While it is true that Play Store apps have to adhere to that rule, any side-loaded apps do not.

Google knows this and that's why they allow it. Hence there is always a way for them to make money. Any decision a company makes is always money generating oriented, rarely (if ever) a customer.

Do you think that sideloaded apps on iOS can bypass “Do not track”? I honestly don’t know, but I’m assuming not. Just because Google doesn’t do something perfectly (or even well) doesn’t mean that it’s simply impossible for Apple to do something similar in a way that’s safe for users.

 

[Wildkraut]

I think we are talking about different things here. As far as I know, companies aren’t trying to access or data mine the contents of your personal documents.

In fact, there are federal laws against someone else trying to read/access your personal documents and databases stored on your device. Hence, such activity is mostly limited to criminal hacking and government sponsored espionage.

But I assume you know this, and know exactly what people on this thread are concerned about. Not sure why you feel the need to make such a false comparison/argument.

Reinstall macOS and watch the setup dialogs guiding customers to iCloud and document uploads. Blah blah come on, sync your whole Document folder to the iCloud it’s much better that way, while at the same time Apple strictly refuses to introduce iCloud encryption and holds a masterkey even to backups. Yeah, yeah, Apple and privacy… fits just like Facebook and privacy… just worse because Apple makes false statements and fool customers. They fight so hard for your privacy that the first thing they did is to hang down the “What’s on your iPhone, stays on your iPhone” Ads with the CSAM introduction.

 

[jav6454]

Do you think that sideloaded apps on iOS can bypass “Do not track”? I honestly don’t know, but I’m assuming not. Just because Google doesn’t do something perfectly (or even well) doesn’t mean that it’s simply impossible for Apple to do something similar in a way that’s safe for users.

I'll give you an example. On the early days of Cydia AT&T had a restriction on Tethering. An app develop (or several actually) developed an app that tricked the OS into allowing Tethering on AT&T data plans.

Another example, Apple's in-app purchase system. There was an app (or script/apk) in Cydia that spoofed a successful payment to the App Store and as such, you could actually gain in-app "premium" content without paying for it.

Hence, it is conceivable that an app can be written with a baked-in option to bypass "Do not Track". These two events are not theoretical, they actually happened and there is evidence.

 

[MrDerby01]

Privacy? Really!? Did he have the guts to explain why he gave the Chine's government the golden keys to view everything on their citizens? He preferred the money from that market rather then protecting their privacy and rights.

 

[katbel]

I will believe him when on my iPhone I will have the choice to : Block this app
instead of "Ask do not track".

 

[MrDerby01]

Yeah people seem to think that this will automatically make it like a jailbreak, where its wide open down to the kernel.
It most certainly does not.

They can still do developer signatures like they allow on MacOS.

Just a thought.. Wish I were programmer to better understand how this really worked.. Would it be best if "Side loaded" apps used a set of API's except "X" API's that would use any identifiable info? Like .. You can write your app and offer your own store.. BUT because it's not signed it won't execute certain API used to harm the user? Location, device IMIE.............

 

[SpotOnT]

Apple will reverse course if they think they can make more money, shocking I know. For example going from "what happens on your iPhone stays on your iPhone" to local scanning for CSAM. It's all about selling more units at a higher average retail price.

So local scanning for CSAM would make Apple profit how exactly?

I think there is a fundamental misunderstanding of what the - thankfully failed - local scanning for CSAM was. It was an attempt to make the scanning of personal documents - uploaded to Apple servers - more secure. Now if you don’t believe that items you store in the cloud should be scanned, you should probably start getting politically vocal, since that is the direction US and EU legislation is heading.

 

[_Spinn_]

I'm not a fan of sideloading either. I still remember the tech support nightmares I would have with my family members before I got everyone to switch from Android. I don't want to go through that again on iOS.

 

[mrat93]

Usually, apps do not do that and developers do not go for that... usually. As we know, there are several types of apps that do as advertised and others that don't.

Those that don't while they don't directly target a kernel, can be made too if a situation arises that the need is there. Not saying it's an easy task, but the ability to do so is opened up as sideloading provides no safeguards; people can be fooled into downloading a dangerous app. Not saying that Apple's app review process is perfect.

So like, a few years ago there was a jailbreak that was installable via AltStore. If sideloading was allowed generally at the time, I can see how it could potentially be used harmfully. Somebody else could use the exploit and create an app that causes harm.

On Windows, there are daily checks (or maybe weekly) for security updates which install without restarting. At this point, I’m surprised that the only way to “update” your iOS device security is a full-on firmware update. I think Android issues security updates passively, but maybe I’m wrong.

 

[Appleman3546]

You know that Apple is worried when the CEO of Apple is still discussing sideloading almost a year after the Epic trial

 

[rp100]

Unfortunately for Tim, the modern mobile phone is a de facto personal computer and everyone sees it as such. Blocking non-AppStore installs is being viewed the same as if you blocked non-AppStore installs on a desktop or laptop.

Apple could be controlling the narrative and process, but it looks like they’re begging world legislatures to do it for them.

Also - the community needs to stop calling it sideloading - it makes it sound like one is hacking or modifying the device to do something shady. If it’s not sideloading on a desktop, it’s not sideloading on a phone or tablet - Apple is blocking you from using your device how you choose.

 

[jonblatho]

I'll give you an example. On the early days of Cydia AT&T had a restriction on Tethering. An app develop (or several actually) developed an app that tricked the OS into allowing Tethering on AT&T data plans.

Another example, Apple's in-app purchase system. There was an app (or script/apk) in Cydia that spoofed a successful payment to the App Store and as such, you could actually gain in-app "premium" content without paying for it.

Hence, it is conceivable that an app can be written with a baked-in option to bypass "Do not Track". These two events are not theoretical, they actually happened and there is evidence.

I assume you’re referring to App Tracking Transparency, the feature which displays a prompt asking you whether you would like to allow an app to track you.

This wouldn’t be straightforward to bypass outside the App Store, provided app sandboxing is left intact (which I expect would be the case if the installation of non-App Store apps was allowed on iOS). An app would have to find a way to store a tracking ID such that other apps, including those from other developers, could also see it. I don’t think that this is possible/feasible under the iOS app sandbox. Even if you “sideload” (install) an app through Xcode today, the app is still subject to that sandbox.

Even if it is possible, such a cross-app tracking ID would be much less useful than the one iOS optionally provides because there exist numerous data brokers who will all want their own tracking ID, with their own little fragment of the user’s data. It wouldn’t be a universally shared ID which corresponds to all the user’s data, like iOS’s.

 

[danakin]

So local scanning for CSAM would make Apple profit how exactly?

I think there is a fundamental misunderstanding of what the - thankfully failed - local scanning for CSAM was. It was an attempt to make the scanning of personal documents - uploaded to Apple servers - more secure. Now if you don’t believe that items you store in the cloud should be scanned, you should probably start getting politically vocal, since that is the direction US and EU legislation is heading.

"So local scanning for CSAM would make Apple profit how exactly?" It's actually a very simple calculus.

In Apple's view, local scanning for CSAM would be viewed as a value-add for their customers and a product differentiator.
They very likely concluded this would make the device more attractive to families, especially since court records revealed they had strategies in place to keep parents from giving their kids Android phones.

The net expected result = more sales and more money. Not exactly a leap of logic.

The bad press kinda messed with their narrative but there's no way they concluded: "Hey Tim, we're going to get a lot of heck for this and it likely won't make us any more money but let's ship it anyway".

This ain't rocket surgery.

 

[jav6454]

So like, a few years ago there was a jailbreak that was installable via AltStore. If sideloading was allowed generally at the time, I can see how it could potentially be used harmfully. Somebody else could use the exploit and create an app that causes harm.

On Windows, there are daily checks (or maybe weekly) for security updates which install without restarting. At this point, I’m surprised that the only way to “update” your iOS device security is a full-on firmware update. I think Android issues security updates passively, but maybe I’m wrong.

Windows does this because of the nature of openness and how well understood the entire kernel is. However, there is a huge difference between a Mac/PC and a phone.

Normally, you don't have the amount of financial and personal information on a laptop/desktop as a phone. You have some similarities, but the average user has more personal data on their mobile now-a-days.

Yes, a sort of a-la Windows update system could be implemented, but that's because Windows uses its own virus/malware scanning tool. What you update daily is the database of that tool which prevents you from opening suspected software. You don't update Windows itself, that still requires a reboot.

 

[Stromos]

I mean can everyone just take a major reality check?

I mean I think its funny people think that Apple will allow sideloading and not keep making exactly what they are making now. Look at the increasing costs of everything Apple. Sideloading will just mean increased prices across the board for everything Apple. People trying to save a buck on an app are going to be in for sticker shock and end up being priced out of the Apple ecosystem altogether.

The funnier part is people thinking they will save money by sideloading in general. That's a 100% no. Money developers are paying Apple will start coming out of your pocket. Net loss to consumes but I am sure you guys are all completely willing to pay more to support the devs right? That's what its about. You want to pay more.

These are just facts. Developers want more money directly or not it's going to come from you. This magical scenario in people's heads that Apple will just say yeah do what you want we will take pay cuts and our shareholders will understand is a truly clueless mentality.

Best part is this is the perfect time for this shift to happen. Apple won't publicly say oh so now that we don't get our cut we are adding 100 bucks to every product they will simply talk about the world and all the hardships and shortages and everyone will be like yeah I am doing the right thing supporting Apple!

 

[jav6454]

I assume you’re referring to App Tracking Transparency, the feature which displays a prompt asking you whether you would like to allow an app to track you.

This wouldn’t be straightforward to bypass outside the App Store, provided app sandboxing is left intact (which I expect would be the case if the installation of non-App Store apps was allowed on iOS). An app would have to find a way to store a tracking ID such that other apps, including those from other developers, could also see it. I don’t think that this is possible/feasible under the iOS app sandbox. Even if you “sideload” (install) an app through Xcode today, the app is still subject to that sandbox.

Even if it is possible, such a cross-app tracking ID would be much less useful than the one iOS optionally provides because there exist numerous data brokers who will all want their own tracking ID, with their own little fragment of the user’s data. It wouldn’t be a universally shared ID which corresponds to all the user’s data, like iOS’s.

Apps downloaded from Cydia or Installer were not built using Apple's tools, rather using Toolchain. Apple's SDK was later adapted. So many jailbreak apps that are side-loaded in (installed) may or may not follow the sandboxing tools.

Just look at the examples provided, these were examples of side loaded apps that were built using the SDK in a sense and still broke through Apple's OS security checks due to the nature of sideloading.

Heck, let's look a the BootNeuter back in the iPhone 2G and 3G days. It literally trimmed the ROM's instructions that checked for a modified baseband being installed and allow a lock-free baseband firmware to operate. Again, these are programs and apps that allowed extra functionality, but these techniques can easily be adapted to allow something worse. Cook is right when he said technology is neither good nor bad, it behaves as we use it.

 

[SpotOnT]

Reinstall macOS and watch the setup dialogs guiding customers to iCloud and document uploads. Blah blah come on, sync your whole Document folder to the iCloud it’s much better that way, while at the same time Apple strictly refuses to introduce iCloud encryption and holds a masterkey even to backups. Yeah, yeah, Apple and privacy… fits just like Facebook and privacy… just worse because Apple makes false statements and fool customers. They fight so hard for your privacy that the first thing they did is to hang down the “What’s on your iPhone, stays on your iPhone” Ads with the CSAM introduction.

Right, because scanning locally can be more secure than scanning server side.

You do realize that encryption issues and CSAM scanning are all about dealing with current and possible government regulation right? And you do understand the difference between tracking and data mining (Facebook) and storing user uploaded content (Apple) right?

I honestly can’t tell if you are just trolling or really don’t understand all the comments here.

Anyway, one thing I am sure we do agree on is that if you care about privacy, don’t use iCloud. I certainly don’t use iCloud on my Mac.

 

[Iconoclysm]

I so hate the term side loading.... they are acting like its a new thing to install your own software without the manufacturer's permission....

The iPhone is one of the highest volume general purpose computers in the world.....that users can spend up to $2000 to own.... not lease, not borrow, but own.... we should have the right to use it how we see fit, whether within the Apple controlled garden or however else we would want to use a general purpose computer.

As long as the software you install doesn't have direct access to cause trouble with the cellular network, I see no issue...

There's certainly an argument to be made on the opposite side. Maintaining a platform that's a closed box, like an electronic appliance (such as a video game console), makes quality control, support, user experience, etc. a whole lot easier and impactful. If you don't like that, buy an Android phone. There's a reason that Android didn't completely squash iPhone out of existence and it all comes down to the general public having had a good enough experience with it being stable and "just working". Revenue is certainly a biproduct of controlling sideloading but it's also an easy scapegoat to blame that for Apple's position. The revenue loss could be compounded by the cost to provide the same support. The checkbox option might work but I guarantee you it will still lead to class action lawsuits when someone's nudes are leaked online because they just HAD to sideload that SNES emulator onto their phone.

 

[dk001]

The sentence should have continued: "...As long as it doesn't impact our revenue line."

How else does he explain their "we always comply with local laws" comment?

That became so apparent with the Apple CSAM debacle.

 

[dk001]

I don't buy it. Sideloading on Android works just fine and hey, all major corps are still putting their apps in the PlayStore. I don't see a single reason why that should be different on iOS. Sideloading is a hassle for users, so the majority of users will stick with the AppStore therefore no "big" company is going to skip the store for a different solution.

If Apple allows multiple App Stores there really is no reason for side-loading. Apple could do this better than Android currently does if they want.

 

[Iconoclysm]

Reinstall macOS and watch the setup dialogs guiding customers to iCloud and document uploads. Blah blah come on, sync your whole Document folder to the iCloud it’s much better that way, while at the same time Apple strictly refuses to introduce iCloud encryption and holds a masterkey even to backups. Yeah, yeah, Apple and privacy… fits just like Facebook and privacy… just worse because Apple makes false statements and fool customers. They fight so hard for your privacy that the first thing they did is to hang down the “What’s on your iPhone, stays on your iPhone” Ads with the CSAM introduction.

If Apple is refusing encryption, how could they hold a master key? iCloud traffic is end to end encrypted and data is stored encrypted. Am I missing something?

 

[jonblatho]

Apps downloaded from Cydia or Installer were not built using Apple's tools, rather using Toolchain. Apple's SDK was later adapted. So many jailbreak apps that are side-loaded in (installed) may or may not follow the sandboxing tools.

Just look at the examples provided, these were examples of side loaded apps that were built using the SDK in a sense and still broke through Apple's OS security checks due to the nature of sideloading.

Heck, let's look a the BootNeuter back in the iPhone 2G and 3G days. It literally trimmed the ROM's instructions that checked for a modified baseband being installed and allow a lock-free baseband firmware to operate. Again, these are programs and apps that allowed extra functionality, but these techniques can easily be adapted to allow something worse. Cook is right when he said technology is neither good nor bad, it behaves as we use it.

If you don’t trust an app or its developer, don’t install the app(s). If you’re too mindless to understand that concept, install it and find out what happens, I guess. Actions have consequences, just like on a big-kid computer. Not my problem.

I’m skeptical of the inevitable counterargument to this that apps will leave the App Store if they’re allowed to do so. I’m sure a handful will, but only those that can demonstrably benefit from entering the slim gray area of functionality that is permitted by the iOS sandbox but not by the App Store. But for big developers like Microsoft and Facebook? They won’t (can’t?) take the hit in users (and therefore money) that would occur as a result of the hoops Apple would likely require one to go through in order to enable the installation of non-App Store apps on their iOS device. Many users will either not bother or get scared off by what I’m sure will be multiple dialogs informing the user of the risks of enabling it.

 

[boss.king]

For now, Apples plan is to eventually not allow any tracking, if a user doesn't want it. And that scares companies that need that tracking for profits, so the send out their lobbyists, and now the government cares.

So what you’re saying is that Apple should get the benefit of the doubt for future plans, even though at the moment their privacy efforts don’t actually do anything? Seems like a weird amount of trust to put into a corporation.

 

[jz0309]

I for one am glad that Apple continues to fight back against this side loading crap, the average user doesn’t care nor want this nonsense

 

[Iconoclysm]

If Apple allows multiple App Stores there really is no reason for side-loading. Apple could do this better than Android currently does if they want.

Does Microsoft, Sony, or Nintendo allow Steam, Epic, GOG, etc. stores on their consoles? Apple is extremely hands on with their phone and their App Store, Google handles this the complete opposite way, being very hands off and providing a fraction of the support. Either way works, but being in between would be a nightmare.