Apple Software Exec Warns European App Store Regulation Would Open 'Pandora's Box' (cnbc.com) 106
Proposed European regulation that could force Apple to allow iPhone users to install software from the web would open '"Pandora's box" and could pose threats to entire networks of computers, Apple software senior vice president Craig Federighi said in a speech on Wednesday. From a report: The remarks at Web Summit in Lisbon, Portugal represent an escalation in Apple's rhetoric about what could go wrong if Apple is forced to change its App Store policies. [...] "European policymakers have often been ahead of the curve," Federighi said. "But requiring sideloading on iPhone would be a step backward. Instead of creating choice, it could open up a Pandora's Box of unreviewed malware and software."
The European Commission, the executive arm of the EU, presented the Digital Markets Act last December. The Act is designed to stop companies like Apple, Google and Meta, the company previously known as Facebook, from abusing their power. It contains a series of rules that would require them to open up their platforms to competitors. Failure to comply could result in fines as high as 10% of the companies' worldwide annual revenue. In a report filed with the U.S. SEC last month, Apple specifically named the Digital Markets Act and said that, if enacted, it could require changes to Apple's App Store that might harm the company's financial results. On Wednesday, Federighi didn't address the potential financial impact to Apple. Instead, he argued sideloading would cause users to be tricked into downloading malware. "Even if you have no intention of sideloading, people are routinely coerced or tricked into doing it," Federighi said, citing malware on Google's Android, which allows sideloading. Google warns users against doing so in system messages and pop-ups, however. Federighi argued that although technically skilled people might be able to identify malware on the internet, their parents or children might still be fooled, making everyone's iPhone data less secure.
The European Commission, the executive arm of the EU, presented the Digital Markets Act last December. The Act is designed to stop companies like Apple, Google and Meta, the company previously known as Facebook, from abusing their power. It contains a series of rules that would require them to open up their platforms to competitors. Failure to comply could result in fines as high as 10% of the companies' worldwide annual revenue. In a report filed with the U.S. SEC last month, Apple specifically named the Digital Markets Act and said that, if enacted, it could require changes to Apple's App Store that might harm the company's financial results. On Wednesday, Federighi didn't address the potential financial impact to Apple. Instead, he argued sideloading would cause users to be tricked into downloading malware. "Even if you have no intention of sideloading, people are routinely coerced or tricked into doing it," Federighi said, citing malware on Google's Android, which allows sideloading. Google warns users against doing so in system messages and pop-ups, however. Federighi argued that although technically skilled people might be able to identify malware on the internet, their parents or children might still be fooled, making everyone's iPhone data less secure.
This is exactly why Google shut down Android (Score:4, Insightful)
Re:This is exactly why Google shut down Android (Score:4, Insightful)
Plenty of barely-disguised malware has made it into Apple's app store anyway, if anything app stores (especially Apple's which has the greatest PR/reality disconnect) create a dangerous false sense of security.
Re: This is exactly why Google shut down Android (Score:1)
Re: (Score:3, Insightful)
It is exactly why I choose Apple over Android. The walled garden provides a security layer that I'm willing to pay for, both in $$$ and in some restrictions. Android is available for those who don't wish to pay for security. I wish there was more government regulation of Android app environment to protect all the individuals out there who cannot afford security or who lack the awareness of the problems involved, but I understand why that is unlikely to happen.
Re: This is exactly why Google shut down Android (Score:5, Informative)
Apple has delivered malware directly from their app store repeatedly, so the walled garden is not protecting you at all.
Android phones do not permit sideloading until a switch is turned on in the settings, and each app that wants to initiate app installs has to be individually approved, and still cannot silently install anything without root.
IOW you chose Apple for no reason and you don't know what you are talking about. Typical Apple user.
Re: (Score:2)
That's not entirely fair. While it's true that it doesn't protect against all malware, that doesn't mean it doesn't still protect against some.
Still, there's no reason not to add a switch, like Android or BlackBerry, to allow side loading. It's not like you'll be forced to use it.
Re: (Score:2)
Apple's App Store doesn't really offer any more protection than Google Play store (both supposedly scan the apps for malware). I would guess that 90%+ of Android users never side load an app onto their devices anyway.
Re: This is exactly why Google shut down Android (Score:1)
There is a reason: coercion and fooling. We just got my mother-in-law off of Android because she had been tricked by social media posts into enabling all sorts of stuff that you just cannot do on an iPhone. And those are options I do not want the kids in my family to have until they are old enough to evaluate the phone environment for themselves. I am glad Android exists to fill the expert niche in the market. But they are not devices that I would hand to average consumer.
Re: (Score:3)
If she's actually that credulous, there are far greater concerns than the ability to sideload apps.
How many iTunes gift cards has she purchased to resolve problems with the IRS?
Re: This is exactly why Google shut down Android (Score:2)
More than she should. But, regardless, i want to decrease the threat surface, not increase it.
Re: This is exactly why Google shut down Android (Score:2)
Re: (Score:2)
There is a reason: coercion and fooling. We just got my mother-in-law off of Android because she had been tricked by social media posts into enabling all sorts of stuff that you just cannot do on an iPhone
That is easily solved on an Android phone. You register the phone to yourself, so you get notifications if ever somehow someone gains access to it. Then you create another account for your maw-in-law that doesn't have access to developer or security settings (other than her own pass-whatevers.)
Re: This is exactly why Google shut down Android (Score:2)
Apple fans make me think of slaves that think their master knows what's best for them, and if ever offered freedom, would decline because they're afraid of what would happen to them without their master
Re: (Score:2)
Apple is doing what I request of them, which is securing the digital frontier that I cannot patrol. It is the same justification as wanting an FDA checking my food supply or a SEC monitoring the stock market. It is an environment in which bad actors have more powers than any individual can anticipate and deal with unless they dedicate themselves to that task. Frankly, I don't have an interest in being any more vigilant for digital safety than I already have to be, and if I can get a company to provide some
Re: (Score:2)
Apple is doing what I request of them, which is securing the digital frontier that I cannot patrol.
Yeah, you really can control it, and no, Apple isn't securing anything. Actually it's funny, the largest mobile malware campaign ever was successfully carried out against iphone users, and Apple has by far a lot more remote code execution vulnerabilities under their belt than Google does (something like 3 to 1 last I looked.) Also, all of the exploit for hire companies, like celebrite, have always been able to crack iphones, whereas their success against Android phones is mixed at best (they still don't eve
Re: (Score:2)
Google has security theatre in their Play store app to scan whatever content you've previously downloaded from them.
Nonetheless, I feel safer downloading apps that aren't ad-laden trialware from Fdroid. (on iOS I'd have to run an exploit 'jailbreak' to gain similar functionality.)
Re: (Score:2)
Yes, I have a de-googled phone running Lineage and I get apps from F-Droid. FFUpdater provides Firefox, Bromite and Lockwise, etc. Some companies really get butt-hurt if you won't use their app these days, but for the most part I can get stuff done through the web.
Re: This is exactly why Google shut down Android (Score:2)
1. Not being 100% perfect is a far cry from providing zero protection. 2. A switch that can be turned on is a switch that can be coerced/fooled into turning on. I definitely do not want my mother-in-law to have such a switch with apps badgering her to flip it. Same for the kids in my family.
Re: (Score:2)
2. A switch that can be turned on is a switch that can be coerced/fooled into turning on. I definitely do not want my mother-in-law to have such a switch with apps badgering her to flip it. Same for the kids in my family.
Where would the apps badgering her to flip it come from? Apple's App Store? I guess you wouldn't want to let such people anywhere near a computer either.
Re: (Score:2)
Well, if I'm being honest... ;-)
Re: (Score:2)
Re: (Score:1)
The incredible security of the walled garden works like this:
Re: This is exactly why Google shut down Android (Score:2)
Your theory does not match my experience.
Re: This is exactly why Google shut down Android (Score:2)
Re: (Score:2)
who cannot afford security or who lack the awareness of the problems involved,
Oh Gawd, the bullshit is getting thick in here. Someone woke up on the self-righteous side of the bed today. You actually buying any of what you said?
Hey Diamond Jim, the App Store is full of abject shit. Shameless clones and ripoffs abound. Most apps openly flaunt the so-called rules. In fact, abject shit represents most of whatâ(TM)s in both App Stores, and many a predatory app has been caught ridiculously siphoning mon
Re: (Score:2)
Oh, and Slashdot canâ(TM)t fucking parse iPad apostropheâ(TM)s, while Android apostrophes are no problem, so I guess we know where they come down in the debate.
The iPad has only existed for 12 years, though, so Iâ(TM)m sure Slashdot will get around to it eventually.
Sideload -- no cloud (Score:2)
I am sure Apple would like to avoid it, but they have a sideloading disincentive to them. Namely, to make some or all iCloud features and sideloading into mutually exclusive options.
For example, users with sideloading enabled might not be able to use iMessage They would be "green" in chats, giving any teenage correspondence conniptions. (Or maybe they would be red in chats, whatever).
They could also disable some or all App Store apps for sideloading-enabled phones.
Re: (Score:3)
Yeah, that's a great solution that will certainly not get them sued. Mind you, I'd be happy for them to stop badgering me about icloud all the time, and making me disable everything there every time there's an update.
Re: (Score:2)
Re: This is exactly why Google shut down Android (Score:2)
Right. So if you want those options, there are platforms available for you.
The platform that doesn't allow it should not be forced to.
The government strategy in action. (Score:1, Interesting)
Re: (Score:1, Interesting)
The amount of malware on Androids vs iPhones is simply incomparable.
And by simply making the mechanism available, malware and bad business practices will force people to enable side loading which then makes their phone vulnerable. This is the same as law enforcement/govts asking for a "backdoor just for us, just for legal uses". By having such a mechanism avail
Re: (Score:2)
Then simply don't load anything that isn't from apple store, and let people who OWN iPhones who want to side load do so. I see no conflict here, my phone my choice. If i get a virus from a side loaded app then that is my problem.
Re: (Score:2)
I see no conflict here, my phone my choice.
Yes - you chose your phone with the all the limitations that come with that.
Re: (Score:2)
Or we, through our representative governments, ask Apple to do the right thing. Which is another totally valid way of getting the phone you want. After all, the phones they're selling use the radio spectrum that belongs to all of us and our governments protect their intellectual property, so I see nothing wrong with asking for a few things that benefit everyone in return.
Re: (Score:2)
The air we breathe belongs to everyone. So we should be able to go whoever our air is going.
Re: (Score:2)
Re: (Score:2)
I don't think it's likely that a non-technical user is going to be able to side load an app without help.
Besides, I can guarantee that a switch to allow side-loading will come with an awful lot of scary warnings.
Re: (Score:2)
Then buy a phone that let's you load what you want and let the rest of us buy an iphone that does exactly what we want.
Is the iPhone so badly designed that you'd be forced to install apps from all over the web just by owning one?
Re: The government strategy in action. (Score:2)
Yes. Yes it is. The Stockholmed users all know it
Re: (Score:2)
Please fuck off and die.
Excessively vulgar and uncalled for.
Users ALONE should decide what software they run on thier devices. So tired of people like you thinking they know what is best for others.
I do agree with this, my hardware, my choice.
Re: (Score:3)
Yes you can do whatever you want with your hardware, but that doesn't mean Apple has to support or enable everything you want to do. If you want to try to crack their OS so you can side load, go for it.
Re: (Score:2)
Sure, but since we grant then permission to have exclusive rights to certain technology (patents) and use radio spectrum (which we all own), there's nothing wrong with asking them (through regulation) to make their products benefit everybody. I don't have to bu
Re: (Score:2)
my hardware, my choice.
can't Apple say the same thing? They've made the software & hardware
In short, no. For one thing, once they sell it to you it's not theirs any more. For another, a corporation is a legal fiction. We grant a corporate charter supposedly because it is in the public interest. If We The People (and/or our elected representatives) believe that there is greater public interest in permitting sideloading than denying it then it is well within our rights to deny Apple the right to prevent it, or terminate their charter as clearly not being in the public interest — since their e
Re: (Score:2)
Re: (Score:1)
Users should decide, period.
And they did already, with their wallet.
With no gun against their head.
Re: (Score:2)
Not exactly though because Apple has been given the benefit of copyrights and patents. Both of those ideas exist to create incentives for people to make new things (which is good for everybody) but instead Apple is using both of them to restrict competition (which is bad for everybody). So a competitor can't make "an iPhone but without the App Store"-- which of course would be the device I and many others would choose. Our choice is being
Re: (Score:1)
Not exactly though because Apple has been given the benefit of copyrights and patents.
You are just not going to be happy until my iPhone scams / steals a ton of money from me.
If that happens one day in the future, I hope I can hold you accountable. But alas, I am certain you know how to hide very well.
Re: (Score:2)
Users should decide, period.
And they did already, with their wallet.
With no gun against their head.
Therefore they're not allowed to criticise any aspect of the product or voice their opinion that some aspect of it should operate differently?
Re: (Score:2)
Please fuck off and die.
Really? They should die simply for disagreeing with you on a walled garden from an Iphone you knowling bought?
Re: (Score:1)
Re:The government strategy in action. (Score:4, Insightful)
The amount of malware on Androids vs iPhones is simply incomparable.
So? Apple maintains that "to allow iPhone users to install software from the web would open 'Pandora's box' and could pose threats to entire networks of computers". If they're right, then it's already far too late to do anything about it, because Android phones have incorporated that 'danger' for more than a decade so Pandora's box had been open at least that long. The choice here is between clawing back Android users' ability to sideload - and coming down heavily on the side of totalitarianism - or forcing Apple to open up their ecosystem.
And by simply making the mechanism available, malware and bad business practices will force people to enable side loading which then makes their phone vulnerable.
Say what? Who in the Android world was ever forced to enable sideloading, much less sideload any apps? Also, would you then disallow people from installing whatever software they want on their Windows, Mac, or Linux computers? You'd have to, in order to keep your argument logically consistent.
This is the same as law enforcement/govts asking for a "backdoor just for us, just for legal uses".
Sorry, I fail to see the connection between allowing users to have control over what does and does not go onto their phones, and governments asking for backdoors.
If they are really interested in supporting and protecting the users, then they should craft laws regulating how Apple runs the AppStore as opposed to forcing Apple to open up side loading.
That's kinda like saying "if they are really interested in supporting the users, they should craft laws regulating how much Apple charges for repairs instead of implementing and supporting right to repair legislation".
You seem to implicitly - or perhaps explicitly - assume that the manufacturer has the right to control the product, and the users' experience of it, after the customer has paid for it. You might want to reconsider that stance. Then again, your BOfH handle suggests that in your mind's eye you may automatically put an "L" in front of every "user" you interact with.
Re: (Score:2)
You seem to implicitly - or perhaps explicitly - assume that the manufacturer has the right to control the product, and the users' experience of it, after the customer has paid for it.
You seem to assume that after it was sold to you, Apple has an obligation to add features.
You want to side load, add it yourself.
Re: (Score:2)
You seem to implicitly - or perhaps explicitly - assume that the manufacturer has the right to control the product, and the users' experience of it, after the customer has paid for it.
You seem to assume that after it was sold to you, Apple has an obligation to add features. You want to side load, add it yourself.
And then wait for Apple to find a way to detect it and brick your phone.
Re: (Score:3)
You are wrong. I know there's a libertarian slant to things here, but you are wrong, as the past 10+ years of iPhones and Androids have shown.
It sounds like you are making the libertarian argument.
You chose your phone with the all the limitations that come with that. You want the perks of the iphone's infrastructure without any of the rules or regulations.
Re: The government strategy in action. (Score:2)
You are wrong. Zero Android phone users who have not rooted their phones have been compromised without deliberately enabling sideloading AND choosing to approve an app install. In no way does the ability to permit sideloading affect security on unwitting users' phones.
Re: (Score:2)
I think you're making the wrong comparison... Try comparing Apples to Apples: macOS is based on the exact same technology as iOS and has allowed "side-loading" since its inception. It still has relatively little malware. So it's pretty cle
Re: (Score:2)
The amount of malware on Androids vs iPhones is simply incomparable.
As is the amount of malware on Windows vs Macs despite Macs not being locked down.
Re: The government strategy in action. (Score:2)
Re: (Score:2)
There is also the concept of malicious compliance as well. Ideology in which a lot of these laws are based off of, often pails in effectiveness to implementation.
A bad ideology implemented well, is often much better than a good ideology implemented poorly. If Apple feels like it, they can probably make their platform be a haven for malware in EU, and when they complain, they just said, We were following your laws.
Open market (Score:4, Insightful)
Re: (Score:2)
Taking the thing Apple built at their own expense and giving it away for free to their competitors is the exact opposite of an open market.
No one wants to do that. They want to stop Apple from using the vendor lock-in they built at user expense (the users paid for it) to abuse consumers, and you think that's a bad thing. Why do you support abuse of consumers?
Open Pandoras Box... (Score:2)
... to Apples almighty profits from their 30% cut of every Appstore app purchase (for benevolently allowing it to be made available to their users and doing feck all else) to enter a tailspin.
Boo hoo.
Who to trust? (Score:3)
I love this people can't be trusted to make up their own minds meme especially while Apples store itself is full of malware and fraud.
https://www.washingtonpost.com... [washingtonpost.com]
Competing software stores could do a much better job vetting software than Apple has managed thus far.
The operating system at the very least should be expected to provide effective isolation. Something iOS and most general purpose operating systems have a long history of failing to do. Last I checked there are over a thousand CVE entries for iOS privilege escalation.
Re: (Score:2)
The App store is not iOS. Being able to sideload a Facebook app will not allow the Facebook app to bypass iOS security. The only change that sideloading would make for Facebook is that they wouldn't have to have the little privacy spiel that is on their App Store listing.
Re: (Score:2)
Being able to sideload a Facebook app will not allow the Facebook app to bypass iOS security.
So why are Apple saying this would compromise the security of the operating system? More to the point why doesn't this happen on macOS?
Ookay then. (Score:1)
Anyone catch the tacit admission that Apple's App Store is "Pandora's Box?" As in, the only thing worse than opening it up is just having one in the first place.
Considering that app commercial "App Stores" are.. (Score:2)
... full of malware, I fail to see how allowing "side loading" would make the situation worse, not better.
Any commercial "App Store" will have to allow malware in, as malware companies could just sue the operator or otherwise create bad publicity for them. This has happened early on for Apple when some company making bogus radiation health claims offered an app that would guestimate how much you were exposed to the radiation of your phone.
Define that please. (Score:2)
"...full of malware..."
Please. Specify.
Re: (Score:2)
Well there is the whole spectrum of malware.
Most commonly you will have "user experience" frameworks that include 3rd party trackers.
Then there's Adware which displays advertisements at you, this is often combined with software that, at least in its default settings, alerts you regularly to keep you interacting with it. Often you will also find things like "infinite scrolling", also known as "doomscrolling" in those apps.
Of course there is also DRM malware trying to turn your machine against you.
Re: (Score:2)
So Malware is being expanded to include anything you might dislike?
Grouping adware and malware is... incorrect.
OK, Craig! (Score:5, Insightful)
Re: (Score:1)
Despite the rhetoric from fanboys, this whole thing boils down to a money-grab by Apple. We'll have to see if the EU buys their into their scare tactics.
No, no it doesn't. In Apple controlling the app store, hardware and OS, that means there's ONE source to blame when $#it goes sideways: Apple. There are ways to direct-install (you need a developer credentials) to a device, but what's not available that you MUST do this?
A PCs and laptops do not need instant open/on several hundred times a day wile containing all of your data the way a phone or tablet does. I'd prefer the mobile apps be at least somewhat reviewed and the OS not being crash-happy.
There's
Re: (Score:2)
Many users value the freedom of choosing where they can go to buy their apps, especially if the price will differ due to differences in the fees charged by the platform, more than they value having a single person to blame. Developers would also like more freedom in how they can distribute their apps. But if you don't want to take advantage of those options, then simply never enable
Re: (Score:2)
You're incensed by Apple and you're on slashdot . . . if we're completely honest, especially with you invoking "fanboy" as dismissive, this is about you.
Just because you lose sleep attributing things to Apple as malfeasance does not mean that Apple executives sit up late at night like Monty Burns, plotting their next diabolical move.
I mean, they COULD be doing that . . . it ju
Re: (Score:2)
Despite the rhetoric from fanboys, this whole thing boils down to a money-grab by Apple. We'll have to see if the EU buys their into their scare tactics.
No, no it doesn't. In Apple controlling the app store, hardware and OS, that means there's ONE source to blame when $#it goes sideways: Apple. There are ways to direct-install (you need a developer credentials) to a device, but what's not available that you MUST do this?
This is just not true. You have no legal right to blame anybody. You can't even get compensation for any damage done. It's in black and white in the license/TOS of using their product and/or service.
A PCs and laptops do not need instant open/on several hundred times a day wile containing all of your data the way a phone or tablet does. I'd prefer the mobile apps be at least somewhat reviewed and the OS not being crash-happy.
Phone's don't contain ALL your data. I have yet to find a phone that can store that much information. The most stable OS that I use doesn't have any restrictions placed on what I can install. In fact the developer doesn't force install any services unless I permit it. It has been upgraded and spawned across mult
Re: (Score:2)
For decades, users of Apple's Macs have been able to acquire software from any source and install it on their device via hard copy, downloaded digital copy, writing it from scratch, etc.
To be fair, before OSX that frequently led to virus infection because MacOS classic had zero security and arseloads of bugs. So when Apple says that letting users install software on their operating systems will lead to massive infection they are credible, but only because their operating systems have been known to have security. If your OS is vulnerable to every little piece of malware that comes along, then it's natural that you'd want to keep people from running the software of their choice. OSX is clear
Re: OK, Craig! (Score:2)
Source of "malware" on android is not from side lo (Score:2)
Most android "malware" are from the Play store, not side loading. Why would it be different on iOS?
Re: (Score:3)
No, most Android malware are from 3rd party app stores on Android. Not the F-Droid or Amazon app stores, but the obscure Chinese app stores and such, or torrent sites offering tons of APKs for pirated apps (surprise, surprise, that's where most of the malware originates - from people downloading pirated apps infected with malware).
Play Store has some malware, because of its initial design - it was a free for a
Apple could have been prepared for this (Score:3)
What I don't get is why they didn't engineer in a secure sideloading system *if only* as a contingency that someone might make them do it. Or for whatever reason they decide its lucrative to allow other app stores (eg, in-house corporate ones, public ones tied to other vendors like Microsoft, etc).
Developing this would have cost them, what, maybe a couple of million dollars of developer time? I'll bet they spend that in a month on private jet fees.
And they could have totally done in a way that "allowed" sideloaded apps, but made them annoying to run (eg, requiring permissions for every launch, etc) and then told regulators "we allow it with default, user-manageable restrictions for security." This alone could sandbag the debate for years, causing regulators to lose interest and not want to go into the weeds of how sideloading actually worked.
Re: (Score:2)
Re: (Score:2)
What I don't get is why they didn't engineer in a secure sideloading system *if only* as a contingency that someone might make them do it.
Because there's no need for that. There's nothing about iOS that technically prevents sideloading. When jailbreaks exist it is already possible to sideload on that platform.
Or for whatever reason they decide its lucrative to allow other app stores
That will never happen, because their whole business model with iOS devices depends on lock-in.
And they could have totally done in a way that "allowed" sideloaded apps, but made them annoying to run
No, that would be obviously anticompetitive, although so is not permitting sideloading. Still, it would be even more obvious.
Re: Apple could have been prepared for this (Score:2)
Re: (Score:2)
I mean this is my speculation about what they should do, and maybe they have.
But there have been other times where I wonder if they do much of this speculative development, going back a long time.
A lot of their development choices baffle me, I'm still kind of surprised that IOS wasn't fully resolution independent from day 1. Each of the phone screen size increases and the iPad release revealed how stuck they were with fix resolutions and screen sizes (blurry pixel scaling versus just line drawing).
Unreviewed malware (Score:1)
Which is of course vastly worse than the reviewed malware you can get in the Applestore that Apple gets a cut from.
Fuck off, we know what you really fear.
He would, wouldn't he? (Score:2)
If they truly cared about malware... (Score:2)
then drop the price (to 5% from 30%) and remove every other restriction except those for malware.
Then the issue Apple is complaining about goes away and the issues we are solving get solved.
Re: (Score:2)
If you're a small business (make less than 1 million in total from App Store) you can apply for Small Business and get the cut reduced to 15%. It took awhile for me to get approved. Still believe 15% is too much since I only ask for 'tips' and PayPal has been charging me about 6% (depends on how people pay).
It appears Apple only scans for known malware. I don't buy their argument either.
Re: (Score:2)
I think it's funny, because Apple's whole permissions system (ie. "Do you want to allow this app to use your microphone?") is an obvious admission that they have no idea what apps are doing, and are asking you to make a choice if you trust it for yourself.
"might" (Score:2)
Then Apple needs to fix their problems (Score:2)