Apple: Sideloading apps will undermine iOS security

Following CEO Tim Cook’s statements on security at a recent conference, Apple has come out fighting to protect the security of its App Store distribution model, publishing a white paper that argues enforced side-loading of apps would make the platform — and its users — far less secure.

Security isn’t simple

It’s an argument that makes sense. Anyone involved in enterprise security already knows that the biggest security problem in any business is the people in the business. Humans make mistakes, and today’s generations of hackers and crackers have become pretty good at identifying and attacking individuals to help create cracks in the security of larger targets.

Apple’s argument – that permitting unconstrained side-loading of apps from third-party stores would create a new attack surface – makes complete sense. However, legislation currently under consideration in the EU and elsewhere proposes to make side loading mandatory.

It really shouldn’t happen.

What about the Mac, though?

Some argue that this is no different than the security model on the Mac, which permits app installs from a variety of sources. We know the platform has become an increasingly attractive target as its adoption grows.

Apple doesn’t agree that the Mac should be seen as a template for iOS app distribution. It argues not only that the iOS platform is 10 times larger than the Mac, but that there’s a difference in how we use these platforms:

• iPhone users download apps on a regular basis, which extends the size of the attack surface.
• Mac users tend to install only apps they need.

It also points to the vast stack of uniquely personal data smartphones gather in the event security is compromised. Location, connections, contacts, website searches, documents, data, banking details, and every other fragment of life is gathered on these things.

The nature of this data is both personal and wide-ranging, exceeding the information gathered on Macs. It means that those who manage to take your data from your mobile device can build a complete picture of your pattern of life.

“I believe that what we’ve built and what we’re offering users now is uniformly better, because we can focus in on that smaller attack surface and our stronger protections to help keep users safe,” an Apple representative said.

At the same time, the company has said it sees Mac security in its present form as a problem.

What the App Store model provides

With a goal to protect the user and the ecosystem, Apple’s App Store delivers automated malware scans, vets app descriptions and features for mistruths, and reviews data accessed by the apps. It also makes sure software aimed at children meets a higher standard of protection.

Critics point to Apple’s errors as evidence it doesn’t always get this protection right, but in so doing they also prove the extent of the problem that does exist. If Apple were not policing its platforms, what would the situation be?

Fortunately, we already know the answer.

Android, while moving to adopt more Apple-like security, has 15 times more infections from malware than the iPhone. In part, this is because Android apps can be downloaded from multiple sources.

Earlier this year, Apple published data it claims illustrates the scale of the security challenge. In 2020, the company reviewed around 100,000 apps each week and rejected/removed nearly a million problem apps. Approximately 10% of those were removed for criminal intent, while 20% violated privacy guidelines.

It’s a big business

Apple’s white paper cites research that shows pirated apps published on third-party sites cost developers billions in revenue each year. But distribution of pirated apps isn’t the biggest business to rely on lax platform security models. Those shadowy firms selling iPhone unlocking solutions to law enforcement are making big money from their exploits, but even their bonanza is dwarfed when it comes to the money to be made in malware.

Apple’s data reflects the scale of this. The company has expelled 470,000 teams from the Apple Developer Program over fraud. It has also rejected 205,000 dodgy enrollment attempts.

Another facet of modern Apple crime sees app reviews used to help build trust in apps that may be fraudulent or criminal in intent. Reflecting the scale of this, Apple said it deactivated 244 million customer accounts due to fraudulent and abusive activity, including fake reviews. It also rejected 424 million attempts to create new customer accounts due to what it terms, “fraudulent and abusive patterns.”

The significance of all this data should be clear. It isn’t about looking at what Apple has done to protect its customers and its platforms but is about illustrating the scale of the tide its bulwarks already protect us against.

What happens if…?

In the event sideloading on iOS platforms became mandatory, there would be an instant business opportunity for tens of thousands of malicious developers to create fraudulent apps designed to steal your data, bolstered by millions of fake reviews.

“Malicious actors would take advantage of the opportunity by devoting more resources to develop sophisticated attacks targeting iOS users, thereby expanding the set of weaponized exploits and attacks – often referred to as a “threat model” – that all users need to be safeguarded against,” said Apple.

This would quickly weaken platform security and make users vulnerable. Doing so will also undermine enterprise security, unleashing a fresh tide of malware across Apple’s platforms to the eventual detriment of every business and every customer as ransomware runs rife.

We know this will happen because it already does happen: Security on every platform is under attack and insisting a platform become  less secure by design will unleash havoc on every single company going through digital transformation.

History is not a template

After all, merely because other platforms permit sideloading doesn’t mean that’s the correct decision. It reflects the app distribution models that existed in a far less networked age, when software shipped in packages, on CDs, and on floppy disks.

I can recall at least one incident when a magazine publisher inadvertently distributed a cover disk containing software demos that also contained malware. The relatively recent evolution of Internet distribution of apps reflected those distribution models, but is this really a viable approach when billions of users become vulnerable to being hoodwinked into downloading malicious apps?

I’d argue that side loading of apps should be seen as an inevitable historical anomaly. It reflects a time when the risks were lower, markets smaller, and the information gathered by devices more limited. The scourge of malware on every platform that permits this should be proof enough, and it won’t stop as platforms continue to proliferate.

Today, you have a choice

As things stand, you have a choice. You can choose platforms that permit sideloading, with all the risk that entails. Or you can choose Apple’s curated platform, which is the right choice for anyone who wants the best privacy and security. It’s certainly the appropriate choice for security-conscious enterprise users.

Weakening those models with sideloading will amplify risk across the mobile enterprise. Because humans are the weakest link, and even if every company mandates official app download sources there will be one or two who ignore that advice.

And when it comes to infecting your enterprise systems with worms, trojans, or tiny backdoors to enable data exfiltration, it only takes one successful exploit to undermine perimeter security.

What happens if sideloading is enforced?

If governments force Apple to support sideloading, you can rest assured that bad actors will use every tool in their arsenal to exploit the opportunity. Their creative approaches will span highly targeted phishing attacks, fake app download sites and malware-infested development environments, all bolstered by a network of genuine-seeming reviews designed to reassure suspicious users that these travesties are safe.

The extent of these attacks would be so vast that people will look back to the insane explosion of malware that impacted Windows and Internet Explore in the late 90’s as a golden age of app security. It wasn’t.

Apple will respond, of course, but the damage will be done and the result will be that no user, no business, no government, and no industry will ever be quite as secure again.

Who benefits from that? No one.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.