Recently, Apple announced changes to the “iOS, Safari, and the App Store in the European Union.” Most significantly, the changes will allow third-party App Stores to distribute apps outside the official App Store. This means that EU users will soon be able to download apps from alternative app stores not run by Apple. This is commonly described as allowing for the “side-loading” of apps. Outside the EU, side-loading will still not be allowed.
Is this going to be good or bad for cybersecurity?
Only time will tell.
This will be the greatest A/B experiment and settle once and for all, whether side loading is bad for cybersecurity. Apple’s official position is that it will be bad for security and increase risks to their users. Soon, we will have quantitative data to compare the difference between EU and non-EU users and make a definitive call as to whether allowing for side-loading will harm users. If it turns out that EU users are significantly harmed by sideloading, then Apple can say, “We told you so”.
What has Apple done to ensure security?
From Apple’s official announcement, I can tell that sideloading under iOS/iPadOS will be different from sideloading under Android.
On Android, you can download any arbitrary app executable files (files with “APK” extension”) from any arbitrary website and install that app on your device (provided you configure your Android device in the Settings to allow for that to happen). If the APK file turns out to be malware, you are on your own.
So, on Android, any website operator can be an ‘app store’. As long as you can download files from the website, it can function as an ‘app store’. You can download and sideload apps from any random dude’s websites.
It should be obvious by now that this is an extremely risky behaviour that Android allows its users to indulge in if they wish to do so.
Onerous requirements on third-party app store operators
On iOS/iPadOS, you cannot download arbitrary apps from arbitrary websites.
Instead, you can only download apps through third-party app stores approved by Apple. Operating a third-party app store requires onerous effort, as this document from Apple shows. Behind the scenes, there are lots of things going on in the backend, as the app moves from the app developer to the app store and finally to the end-user’s device.
Why is there such an onerous requirement to operate a third-party app store in iOS/iPadOS?
Under Android, you are completely on your own when you sideload apps.
But under Apple’s regime, every app, whether from Apple’s official App Store or third-party app stores, has to be reviewed by Apple to ensure that it is not malicious, fraudulent or causes any harm to its users. The review process is called “notarization”. Notarization involves both automated and human review to ensure that the app is benign. Once Apple determines that it is safe and secure, Apple will cryptographically sign that app to ensure that the app cannot be tampered with.
In a way, this is similar to the macOS platform where all macOS apps need to be notarized by Apple before they can be installed. The difference between macOS and iOS/iPadOS notarization is that under macOS, notarized apps can be downloaded from any arbitrary website whereas in iOS/iPadOS, they can only be downloaded from approved app stores.
After notarization, the app will then be allowed to be distributed on third-party app stores.
What happens if malware is found after installation?
If malware is found in an app after installation, Apple can prevent it from being launched.
With Apple’s obsession with security, you can see there is a lot of complexity going on behind the scenes. For example, app developers must submit their apps to Apple securely. Then Apple must review the app before notarizing it. Next, the notarized app must be securely transmitted from Apple to the third-party app store. From the third-party app store, the notarized app must be securely transmitted to the end-user device. To complicate matters even further, any app updates from third-party app stores have to go through this convoluted process again.
More details are yet to be revealed
As the release of iOS/iPadOS 17.4 approaches, there are going to be more details to be revealed. So, I can only make more security assessments from there.
Is there going to be less safety?
You can be sure that during the notarization process, Apple will ensure that apps are safe in the narrowest sense. Third-party app stores will have to perform further due diligence to protect their users. If there is going to be any trouble, it will arise from there. As Apple said,
These protections — including Notarization for iOS apps, and authorization for marketplace developers — help reduce some of the privacy and security risks to iOS users in the EU. That includes threats like malware or malicious code, and risks of installing apps that misrepresent their functionality or the responsible developer.
However, Apple has less ability to address other risks — including apps that contain scams, fraud, and abuse, or that expose users to illicit, objectionable, or harmful content.