Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Apple Technology

Apple Software Exec Warns European App Store Regulation Would Open 'Pandora's Box' (cnbc.com) 106

Proposed European regulation that could force Apple to allow iPhone users to install software from the web would open '"Pandora's box" and could pose threats to entire networks of computers, Apple software senior vice president Craig Federighi said in a speech on Wednesday. From a report: The remarks at Web Summit in Lisbon, Portugal represent an escalation in Apple's rhetoric about what could go wrong if Apple is forced to change its App Store policies. [...] "European policymakers have often been ahead of the curve," Federighi said. "But requiring sideloading on iPhone would be a step backward. Instead of creating choice, it could open up a Pandora's Box of unreviewed malware and software."

The European Commission, the executive arm of the EU, presented the Digital Markets Act last December. The Act is designed to stop companies like Apple, Google and Meta, the company previously known as Facebook, from abusing their power. It contains a series of rules that would require them to open up their platforms to competitors. Failure to comply could result in fines as high as 10% of the companies' worldwide annual revenue. In a report filed with the U.S. SEC last month, Apple specifically named the Digital Markets Act and said that, if enacted, it could require changes to Apple's App Store that might harm the company's financial results. On Wednesday, Federighi didn't address the potential financial impact to Apple. Instead, he argued sideloading would cause users to be tricked into downloading malware. "Even if you have no intention of sideloading, people are routinely coerced or tricked into doing it," Federighi said, citing malware on Google's Android, which allows sideloading. Google warns users against doing so in system messages and pop-ups, however. Federighi argued that although technically skilled people might be able to identify malware on the internet, their parents or children might still be fooled, making everyone's iPhone data less secure.

This discussion has been archived. No new comments can be posted.

Apple Software Exec Warns European App Store Regulation Would Open 'Pandora's Box'

Comments Filter:
  • by rsilvergun ( 571051 ) on Thursday November 04, 2021 @11:49AM (#61957363)
    oh wait, they didn't. You can still side load applications. And I can install whatever I want on my PC (for now anyway, Microsoft seems to be making another go at the whole "walled garden" thing that Apple's got going)
    • by GameboyRMH ( 1153867 ) <gameboyrmh.gmail@com> on Thursday November 04, 2021 @01:05PM (#61957621) Journal

      Plenty of barely-disguised malware has made it into Apple's app store anyway, if anything app stores (especially Apple's which has the greatest PR/reality disconnect) create a dangerous false sense of security.

    • Re: (Score:3, Insightful)

      It is exactly why I choose Apple over Android. The walled garden provides a security layer that I'm willing to pay for, both in $$$ and in some restrictions. Android is available for those who don't wish to pay for security. I wish there was more government regulation of Android app environment to protect all the individuals out there who cannot afford security or who lack the awareness of the problems involved, but I understand why that is unlikely to happen.

      • Apple has delivered malware directly from their app store repeatedly, so the walled garden is not protecting you at all.

        Android phones do not permit sideloading until a switch is turned on in the settings, and each app that wants to initiate app installs has to be individually approved, and still cannot silently install anything without root.

        IOW you chose Apple for no reason and you don't know what you are talking about. Typical Apple user.

        • by narcc ( 412956 )

          That's not entirely fair. While it's true that it doesn't protect against all malware, that doesn't mean it doesn't still protect against some.

          Still, there's no reason not to add a switch, like Android or BlackBerry, to allow side loading. It's not like you'll be forced to use it.

          • by Rhipf ( 525263 )

            Apple's App Store doesn't really offer any more protection than Google Play store (both supposedly scan the apps for malware). I would guess that 90%+ of Android users never side load an app onto their devices anyway.

          • There is a reason: coercion and fooling. We just got my mother-in-law off of Android because she had been tricked by social media posts into enabling all sorts of stuff that you just cannot do on an iPhone. And those are options I do not want the kids in my family to have until they are old enough to evaluate the phone environment for themselves. I am glad Android exists to fill the expert niche in the market. But they are not devices that I would hand to average consumer.

            • by narcc ( 412956 )

              If she's actually that credulous, there are far greater concerns than the ability to sideload apps.

              How many iTunes gift cards has she purchased to resolve problems with the IRS?

            • There is a reason: coercion and fooling. We just got my mother-in-law off of Android because she had been tricked by social media posts into enabling all sorts of stuff that you just cannot do on an iPhone

              That is easily solved on an Android phone. You register the phone to yourself, so you get notifications if ever somehow someone gains access to it. Then you create another account for your maw-in-law that doesn't have access to developer or security settings (other than her own pass-whatevers.)

            • Apple fans make me think of slaves that think their master knows what's best for them, and if ever offered freedom, would decline because they're afraid of what would happen to them without their master

              • Apple is doing what I request of them, which is securing the digital frontier that I cannot patrol. It is the same justification as wanting an FDA checking my food supply or a SEC monitoring the stock market. It is an environment in which bad actors have more powers than any individual can anticipate and deal with unless they dedicate themselves to that task. Frankly, I don't have an interest in being any more vigilant for digital safety than I already have to be, and if I can get a company to provide some

                • Apple is doing what I request of them, which is securing the digital frontier that I cannot patrol.

                  Yeah, you really can control it, and no, Apple isn't securing anything. Actually it's funny, the largest mobile malware campaign ever was successfully carried out against iphone users, and Apple has by far a lot more remote code execution vulnerabilities under their belt than Google does (something like 3 to 1 last I looked.) Also, all of the exploit for hire companies, like celebrite, have always been able to crack iphones, whereas their success against Android phones is mixed at best (they still don't eve

          • Google has security theatre in their Play store app to scan whatever content you've previously downloaded from them.

            Nonetheless, I feel safer downloading apps that aren't ad-laden trialware from Fdroid. (on iOS I'd have to run an exploit 'jailbreak' to gain similar functionality.)

            • Yes, I have a de-googled phone running Lineage and I get apps from F-Droid. FFUpdater provides Firefox, Bromite and Lockwise, etc. Some companies really get butt-hurt if you won't use their app these days, but for the most part I can get stuff done through the web.

        • 1. Not being 100% perfect is a far cry from providing zero protection. 2. A switch that can be turned on is a switch that can be coerced/fooled into turning on. I definitely do not want my mother-in-law to have such a switch with apps badgering her to flip it. Same for the kids in my family.

          • 2. A switch that can be turned on is a switch that can be coerced/fooled into turning on. I definitely do not want my mother-in-law to have such a switch with apps badgering her to flip it. Same for the kids in my family.

            Where would the apps badgering her to flip it come from? Apple's App Store? I guess you wouldn't want to let such people anywhere near a computer either.

            • Well, if I'm being honest... ;-)

              • Well just use the parental controls on the iPhone then. Given the breadth of restrictions you can place on a device with them I would imagine that if an external app store switch were present then it would also be able to be restricted, that would solve your issue.
      • The incredible security of the walled garden works like this:

        • 1) There's no source code to audit, so apps get rubber-stamped
        • 2) Sit back and wait to see if apps cause mass destruction
        • 3) If so, maybe they will be de-listed in a few months... if they feel like it
      • who cannot afford security or who lack the awareness of the problems involved,

        Oh Gawd, the bullshit is getting thick in here. Someone woke up on the self-righteous side of the bed today. You actually buying any of what you said?

        Hey Diamond Jim, the App Store is full of abject shit. Shameless clones and ripoffs abound. Most apps openly flaunt the so-called rules. In fact, abject shit represents most of whatâ(TM)s in both App Stores, and many a predatory app has been caught ridiculously siphoning mon

        • Oh, and Slashdot canâ(TM)t fucking parse iPad apostropheâ(TM)s, while Android apostrophes are no problem, so I guess we know where they come down in the debate.

          The iPad has only existed for 12 years, though, so Iâ(TM)m sure Slashdot will get around to it eventually.

    • I am sure Apple would like to avoid it, but they have a sideloading disincentive to them. Namely, to make some or all iCloud features and sideloading into mutually exclusive options.

      For example, users with sideloading enabled might not be able to use iMessage They would be "green" in chats, giving any teenage correspondence conniptions. (Or maybe they would be red in chats, whatever).

      They could also disable some or all App Store apps for sideloading-enabled phones.

      • Yeah, that's a great solution that will certainly not get them sued. Mind you, I'd be happy for them to stop badgering me about icloud all the time, and making me disable everything there every time there's an update.

      • by bn-7bc ( 909819 )
        Am I missing something are unlimmited texts/mmses nit a thing globally? There us ofc the problem of chats that include people abroad(as in people with subscriptions from foreign carriers). Or am I missing something appart from possible costs?
    • Right. So if you want those options, there are platforms available for you.

      The platform that doesn't allow it should not be forced to.

  • When you can't win legally, just fearmonger your way in, sort of amusing that they are trying to backdoor the legal system on this subject.
    • Re: (Score:1, Interesting)

      by the_B0fh ( 208483 )
      You are wrong. I know there's a libertarian slant to things here, but you are wrong, as the past 10+ years of iPhones and Androids have shown.

      The amount of malware on Androids vs iPhones is simply incomparable.

      And by simply making the mechanism available, malware and bad business practices will force people to enable side loading which then makes their phone vulnerable. This is the same as law enforcement/govts asking for a "backdoor just for us, just for legal uses". By having such a mechanism avail

      • I don't think you understood what I wrote.
      • by jenningsthecat ( 1525947 ) on Thursday November 04, 2021 @01:37PM (#61957727)

        The amount of malware on Androids vs iPhones is simply incomparable.

        So? Apple maintains that "to allow iPhone users to install software from the web would open 'Pandora's box' and could pose threats to entire networks of computers". If they're right, then it's already far too late to do anything about it, because Android phones have incorporated that 'danger' for more than a decade so Pandora's box had been open at least that long. The choice here is between clawing back Android users' ability to sideload - and coming down heavily on the side of totalitarianism - or forcing Apple to open up their ecosystem.

        And by simply making the mechanism available, malware and bad business practices will force people to enable side loading which then makes their phone vulnerable.

        Say what? Who in the Android world was ever forced to enable sideloading, much less sideload any apps? Also, would you then disallow people from installing whatever software they want on their Windows, Mac, or Linux computers? You'd have to, in order to keep your argument logically consistent.

        This is the same as law enforcement/govts asking for a "backdoor just for us, just for legal uses".

        Sorry, I fail to see the connection between allowing users to have control over what does and does not go onto their phones, and governments asking for backdoors.

        If they are really interested in supporting and protecting the users, then they should craft laws regulating how Apple runs the AppStore as opposed to forcing Apple to open up side loading.

        That's kinda like saying "if they are really interested in supporting the users, they should craft laws regulating how much Apple charges for repairs instead of implementing and supporting right to repair legislation".

        You seem to implicitly - or perhaps explicitly - assume that the manufacturer has the right to control the product, and the users' experience of it, after the customer has paid for it. You might want to reconsider that stance. Then again, your BOfH handle suggests that in your mind's eye you may automatically put an "L" in front of every "user" you interact with.

        • by GateGuy ( 973596 )

          You seem to implicitly - or perhaps explicitly - assume that the manufacturer has the right to control the product, and the users' experience of it, after the customer has paid for it.

          You seem to assume that after it was sold to you, Apple has an obligation to add features.
          You want to side load, add it yourself.

          • You seem to implicitly - or perhaps explicitly - assume that the manufacturer has the right to control the product, and the users' experience of it, after the customer has paid for it.

            You seem to assume that after it was sold to you, Apple has an obligation to add features. You want to side load, add it yourself.

            And then wait for Apple to find a way to detect it and brick your phone.

      • You are wrong. I know there's a libertarian slant to things here, but you are wrong, as the past 10+ years of iPhones and Androids have shown.

        It sounds like you are making the libertarian argument.

        You chose your phone with the all the limitations that come with that. You want the perks of the iphone's infrastructure without any of the rules or regulations.

      • You are wrong. Zero Android phone users who have not rooted their phones have been compromised without deliberately enabling sideloading AND choosing to approve an app install. In no way does the ability to permit sideloading affect security on unwitting users' phones.

      • You are wrong. I know there's a libertarian slant to things here, but you are wrong, as the past 10+ years of iPhones and Androids have shown. The amount of malware on Androids vs iPhones is simply incomparable.

        ... By having such a mechanism available, it will be exploited

        I think you're making the wrong comparison... Try comparing Apples to Apples: macOS is based on the exact same technology as iOS and has allowed "side-loading" since its inception. It still has relatively little malware. So it's pretty cle

      • The amount of malware on Androids vs iPhones is simply incomparable.

        As is the amount of malware on Windows vs Macs despite Macs not being locked down.

      • Who needs to side load when security researchers have proven time and again (and been banned) that the app store is incredibly leaky in terms of malware? The only company who can bulk scan apps is apple, and looking at their history of silence... you think they would tell you they found something?
    • There is also the concept of malicious compliance as well. Ideology in which a lot of these laws are based off of, often pails in effectiveness to implementation.

      A bad ideology implemented well, is often much better than a good ideology implemented poorly. If Apple feels like it, they can probably make their platform be a haven for malware in EU, and when they complain, they just said, We were following your laws.

       

  • Open market (Score:4, Insightful)

    by GeekWithAKnife ( 2717871 ) on Thursday November 04, 2021 @12:01PM (#61957395)
    Imagine hiw terrible it would be if instead of some iCable Apple just used USB like everyone else? Apple exec would die of starvation, people would go mad and then of course the apocalypse. Regulate Apple's walled garden? That's surely a government conspiracy of some kind!
  • ... to Apples almighty profits from their 30% cut of every Appstore app purchase (for benevolently allowing it to be made available to their users and doing feck all else) to enter a tailspin.

    Boo hoo.

  • by WaffleMonster ( 969671 ) on Thursday November 04, 2021 @12:03PM (#61957405)

    I love this people can't be trusted to make up their own minds meme especially while Apples store itself is full of malware and fraud.

    https://www.washingtonpost.com... [washingtonpost.com]

    Competing software stores could do a much better job vetting software than Apple has managed thus far.

    The operating system at the very least should be expected to provide effective isolation. Something iOS and most general purpose operating systems have a long history of failing to do. Last I checked there are over a thousand CVE entries for iOS privilege escalation.

  • Anyone catch the tacit admission that Apple's App Store is "Pandora's Box?" As in, the only thing worse than opening it up is just having one in the first place.

  • ... full of malware, I fail to see how allowing "side loading" would make the situation worse, not better.

    Any commercial "App Store" will have to allow malware in, as malware companies could just sue the operator or otherwise create bad publicity for them. This has happened early on for Apple when some company making bogus radiation health claims offered an app that would guestimate how much you were exposed to the radiation of your phone.

    • "...full of malware..."

      Please. Specify.

      • Well there is the whole spectrum of malware.
        Most commonly you will have "user experience" frameworks that include 3rd party trackers.
        Then there's Adware which displays advertisements at you, this is often combined with software that, at least in its default settings, alerts you regularly to keep you interacting with it. Often you will also find things like "infinite scrolling", also known as "doomscrolling" in those apps.
        Of course there is also DRM malware trying to turn your machine against you.

        • So Malware is being expanded to include anything you might dislike?

          Grouping adware and malware is... incorrect.

  • OK, Craig! (Score:5, Insightful)

    by organgtool ( 966989 ) on Thursday November 04, 2021 @12:42PM (#61957543)
    For decades, users of Apple's Macs have been able to acquire software from any source and install it on their device via hard copy, downloaded digital copy, writing it from scratch, etc. Similarly, developers had the freedom to distribute their software however they saw fit: retail stores, digital sales on their own platform, or third-party digital platforms. However, now that Apple has managed to set up a gatekeeper around iOS devices which cuts out all other forms of distribution and guarantees a 30% cut of all software sales of that device, suddenly users can't be trusted to vet and install their own software. It's not like Apple wouldn't be able to put up a ton of warnings with extremely scary language before allowing the user to install software from sources outside the App Store. Despite the rhetoric from fanboys, this whole thing boils down to a money-grab by Apple. We'll have to see if the EU buys their into their scare tactics.
    • Despite the rhetoric from fanboys, this whole thing boils down to a money-grab by Apple. We'll have to see if the EU buys their into their scare tactics.

      No, no it doesn't. In Apple controlling the app store, hardware and OS, that means there's ONE source to blame when $#it goes sideways: Apple. There are ways to direct-install (you need a developer credentials) to a device, but what's not available that you MUST do this?

      A PCs and laptops do not need instant open/on several hundred times a day wile containing all of your data the way a phone or tablet does. I'd prefer the mobile apps be at least somewhat reviewed and the OS not being crash-happy.

      There's

      • In Apple controlling the app store, hardware and OS, that means there's ONE source to blame when $#it goes sideways: Apple.

        Many users value the freedom of choosing where they can go to buy their apps, especially if the price will differ due to differences in the fees charged by the platform, more than they value having a single person to blame. Developers would also like more freedom in how they can distribute their apps. But if you don't want to take advantage of those options, then simply never enable

        • "Many users" seems like it could be easily switched to "several vocal people, myself included" and be significantly more accurate.

          You're incensed by Apple and you're on slashdot . . . if we're completely honest, especially with you invoking "fanboy" as dismissive, this is about you.

          Just because you lose sleep attributing things to Apple as malfeasance does not mean that Apple executives sit up late at night like Monty Burns, plotting their next diabolical move.

          I mean, they COULD be doing that . . . it ju
      • by MeNeXT ( 200840 )

        Despite the rhetoric from fanboys, this whole thing boils down to a money-grab by Apple. We'll have to see if the EU buys their into their scare tactics.

        No, no it doesn't. In Apple controlling the app store, hardware and OS, that means there's ONE source to blame when $#it goes sideways: Apple. There are ways to direct-install (you need a developer credentials) to a device, but what's not available that you MUST do this?

        This is just not true. You have no legal right to blame anybody. You can't even get compensation for any damage done. It's in black and white in the license/TOS of using their product and/or service.

        A PCs and laptops do not need instant open/on several hundred times a day wile containing all of your data the way a phone or tablet does. I'd prefer the mobile apps be at least somewhat reviewed and the OS not being crash-happy.

        Phone's don't contain ALL your data. I have yet to find a phone that can store that much information. The most stable OS that I use doesn't have any restrictions placed on what I can install. In fact the developer doesn't force install any services unless I permit it. It has been upgraded and spawned across mult

    • For decades, users of Apple's Macs have been able to acquire software from any source and install it on their device via hard copy, downloaded digital copy, writing it from scratch, etc.

      To be fair, before OSX that frequently led to virus infection because MacOS classic had zero security and arseloads of bugs. So when Apple says that letting users install software on their operating systems will lead to massive infection they are credible, but only because their operating systems have been known to have security. If your OS is vulnerable to every little piece of malware that comes along, then it's natural that you'd want to keep people from running the software of their choice. OSX is clear

  • Most android "malware" are from the Play store, not side loading. Why would it be different on iOS?

    • by tlhIngan ( 30335 )

      Most android "malware" are from the Play store, not side loading. Why would it be different on iOS?

      No, most Android malware are from 3rd party app stores on Android. Not the F-Droid or Amazon app stores, but the obscure Chinese app stores and such, or torrent sites offering tons of APKs for pirated apps (surprise, surprise, that's where most of the malware originates - from people downloading pirated apps infected with malware).

      Play Store has some malware, because of its initial design - it was a free for a

  • by LostMyAccount ( 5587552 ) on Thursday November 04, 2021 @01:05PM (#61957619)

    What I don't get is why they didn't engineer in a secure sideloading system *if only* as a contingency that someone might make them do it. Or for whatever reason they decide its lucrative to allow other app stores (eg, in-house corporate ones, public ones tied to other vendors like Microsoft, etc).

    Developing this would have cost them, what, maybe a couple of million dollars of developer time? I'll bet they spend that in a month on private jet fees.

    And they could have totally done in a way that "allowed" sideloaded apps, but made them annoying to run (eg, requiring permissions for every launch, etc) and then told regulators "we allow it with default, user-manageable restrictions for security." This alone could sandbag the debate for years, causing regulators to lose interest and not want to go into the weeds of how sideloading actually worked.

    • The problem is if a facility to side-load safely exists and you are denying the use of it to third-party developers then that is active discrimination and easily proven in courts if it can be discovered. If you just deliberately don't create such a feature then that is passive discrimination and is very hard to prove.
    • What I don't get is why they didn't engineer in a secure sideloading system *if only* as a contingency that someone might make them do it.

      Because there's no need for that. There's nothing about iOS that technically prevents sideloading. When jailbreaks exist it is already possible to sideload on that platform.

      Or for whatever reason they decide its lucrative to allow other app stores

      That will never happen, because their whole business model with iOS devices depends on lock-in.

      And they could have totally done in a way that "allowed" sideloaded apps, but made them annoying to run

      No, that would be obviously anticompetitive, although so is not permitting sideloading. Still, it would be even more obvious.

  • Which is of course vastly worse than the reviewed malware you can get in the Applestore that Apple gets a cut from.

    Fuck off, we know what you really fear.

  • He has a very clear vested interest to say what he said. Duh.
  • then drop the price (to 5% from 30%) and remove every other restriction except those for malware.

    Then the issue Apple is complaining about goes away and the issues we are solving get solved.

    • by parker9 ( 60593 )

      If you're a small business (make less than 1 million in total from App Store) you can apply for Small Business and get the cut reduced to 15%. It took awhile for me to get approved. Still believe 15% is too much since I only ask for 'tips' and PayPal has been charging me about 6% (depends on how people pay).

      It appears Apple only scans for known malware. I don't buy their argument either.

      • It appears Apple only scans for known malware. I don't buy their argument either.

        I think it's funny, because Apple's whole permissions system (ie. "Do you want to allow this app to use your microphone?") is an obvious admission that they have no idea what apps are doing, and are asking you to make a choice if you trust it for yourself.

  • Yeah, it "might." Not much of a basis for an argument in court though - "The defendant might have killed the victim." How about an actual argument, i.e. "Side-loading shouldn't be allowed because... [insert facts here]?"
  • The issue isn't security it's pure profit motive. Perhaps apple can think outside the walled garden they built. I would love to sideload apps on both Apple and Android products. Problem is that Apple and Google both control the necessary code to safely load said software; and use that to their advantage for app stores.

Truly simple systems... require infinite testing. -- Norman Augustine

Working...