Apple Does Deep Dive Into Security Protections and Risks With Alternative App Marketplaces

[MacRumors]

Apple today published a whitepaper [PDF] detailing the privacy and security protections that it is implementing in the European Union to keep users as safe as possible while also complying with the requirements of the Digital Markets Act.

As a recap, with the upcoming iOS 17.4 update, iPhone users in the European Union will be able to install apps through alternative app marketplaces rather than the App Store. Several companies are working on marketplaces, with Setapp and Epic Games confirming plans to offer an App Store alternative.

Apps installed through marketplaces are essentially "sideloaded" and are not subject to the standard App Store review process. In an effort to minimize the risk of malware and fraud, Apple has implemented a Notarization process that app marketplaces and the apps sold through those marketplaces must submit to.

Notarization includes both an automated scan and human review to ensure that apps do not contain malware, function as advertised, and do not engage in "egregious fraud" attempts. An app can't be installed on an iPhone using sideloading unless it is signed by Apple through Notarization, and Apple is requiring developers to have a Developer account and provide legitimate details like name, address, and phone number. Apps will need to explain why they need access to sensitive data like the microphone, camera, Face ID, health data, and more, and user consent will also be required for these functions to work after an app is installed.

What Notarization won't do is look at the content of apps. Apps installed through alternative marketplaces can have adult content, copyrighted content, drug-related content, and other features that would not be allowed in the App Store. Apple will attempt to stop apps that impersonate other apps or that have undocumented features, but the company warns that sideloaded apps will not be as secure as those installed through the App Store.

Alternative app marketplaces need to adhere to baseline criteria that requires them to commit to monitoring for and removing malicious apps and providing support to users. Refunds, for example, will need to be provided by the app marketplace because marketplaces use alternative payment methods rather than in-app purchases. Alternative payment methods are also accepted in App Store apps under the DMA.

European users who install an app outside of the App Store will be presented with an app installation sheet that provides the app name, developer name, app description, screenshots, and ratings. Sheets can be turned off for a marketplace in the Settings app, and they also disappear if a marketplace is set as the default store.

Similar disclosures are also offered up for apps that use alternative payment methods. Apple provides warnings that features like easy subscription cancelation and Ask to Buy are not available, and that there is no protection from predatory pricing.

Apple says that it has received numerous emails from European users and government agencies that are concerned with the risks of alternative app marketplaces, and Apple promises to "work tirelessly" to protect users "to the extent possible under the law." There is no way for users to opt out of the DMA changes, and Apple suggests that some people may have to use alternative apps against their will. Employers and schools may require an app that is only available through a marketplace, for example.

Much of Apple's whitepaper walks through the risks that iPhone users will need to contend with and the work that alternative app marketplace operators will need to do in order to keep users safe.

Notably, Apple says that the changes that it is making have been discussed with the European Commission, and there have been no concerns raised. The DMA does recognize the privacy risks associated with alternative app marketplaces, and Apple says it is aiming to do what it can to protect and educate users under the new guidelines.

iPhone owners in the European Union who have additional concerns about alternative app marketplaces can read through Apple's full PDF to get a complete picture of the security and safety protections that Apple has put in place and the risks that still remain.

Article Link: Apple Does Deep Dive Into Security Protections and Risks With Alternative App Marketplaces

 

[krspkbl]

But they side-load apps on Mac.

Side-loading isn't bad. Competition (different stores) isn't bad... unless you're an AAPL shareholder, of course.

Why do we need a "whitepaper" for a basic feature that every other popular modern OS supports (excluding iPadOS lol) ?

Nice try Apple.

 

[icanhazmac]

Side-loading isn't bad. Competition (different stores) isn't bad... unless you're an AAPL shareholder, of course.

A one stop shop isn't bad either. It is a unique, and sadly, one of a kind model that may get legislated out of existence.

Yes, we all have survived with the PC/Mac app procurement model but does that mean it is the best or that other types of models shouldn't exist? Personally, I wish the walled garden extended to the Mac.

 

[milkrocket]

Apple could have just stopped forcing devs to pay 30% for IAPs and forcing them to use the AppStore payment methods. But no.

They could have simply charged the larger apps more or charged for their tools, or found a better way to make revenue. But they stuck to being greedy pigs.

So then the govts & courts will do what they have to and what the people demand.

Only in the US do corporations get to do whatever they want

 

[iOS Geek]

But they side load apps on Mac.

Sideloading isn't bad. Competition (different stores) isn't bad... unless you're an AAPL shareholder, of course.

Nice try Apple.

You're conveniently ignoring that Apple has said many times that macOS is a less secure platform because of side loading. It's actually why we aren't allowed to side load ANYTHING to our Macs at work. Because someone did once and it ****** up our entire system

You're also ignoring the fact that even Google/Android inform their users of the risks of side loading, and Google even recently issued a statement advising users to NOT side load because of those risks. If I remember correctly, Google is even testing BLOCKING downloads of apps, even if you confirm on the verification that you actually want to download that side loaded app. While the EU is forcing Apple to be more open like Google, Google is trying to impose limits like Apple does. Gee, maybe the ecosystem that allows it actually thinks it's not that great of a thing! Why else would they be trying to reign it in? Multiple stories about users getting scammed spring to mind.

Apple informing the user base of the risks of side loading isn't any different than what Google does. Save your fake outrage for something where it's actually warranted.

 

[krspkbl]

A one stop shop isn't bad either. It is a unique, and sadly, one of a kind that may get legislated out of existence.

Yes, we all have survived with the PC/Mac app procurement model but does that mean it is the best or other types of ecosystems shouldn't exist?

If you want things locked down, no freedom, no competition, and Apple making as much money as possible then yeah it's a good thing.

 

[vegetassj4]

Luckily, these nice people sent me an alert on how to protect myself from sideload dangers:

 

[nattK]

Apple's decision to include emails to Tim Cook in the whitepaper feels odd... and a bit cringy to me

 

[krspkbl]

You're conveniently ignoring that Apple has said many times that macOS is a less secure platform because of side loading.

You're also ignoring the fact that even Google/Android inform their users of the risks of side loading, and Google even recently issued a statement advising users to NOT side load because of risks. If I remember correctly, Google is even testing BLOCKING downloads of apps, even if you confirm on the verification that you actually want to download that side loaded app.

Apple informing the user base of the risks of side loading isn't any different than what Google does. Save your fake outrage for something where it's actually warranted.

Yet people love their Macs and Android is a huge success. There are risks and people should be warned but I'd rather have the freedom to do what I want with my devices than have someone hold my hand and tell me they know what's best for me.

Millions of businesses across the world use Windows, pretty much every server runs Linux and Android smartphones which "sideload" apps. The actual feature and functionality of it is not the problem and iOS/iPadOS should implement it worldwide.

Apple is just scared and desperately trying to not lose money.

 

[iOS Geek]

Yet people love their Macs and Android is a huge success. There are risks and people should be warned but I'd rather have the freedom to do what I want with my devices than have someone hold my hand and tell me they know what's best for me.

Millions of businesses across the world use Windows, pretty much every server runs Linux and Android smartphones and "sideload" apps. The actual feature and functionality of it is not the problem and iOS/iPadOS should implement it worldwide.

Then buy into the ecosystem that lets you do that. Don't buy into one that has NEVER allowed it and then **** and moan that it doesn't let you. You knew what you bought into. There was an option that did exactly what you wanted. If I wanted the same fragmented mess as Android, I would go back to Android. Instead, the EU has decided to meddle and ruin a simplified ecosystem that millions of users willingly chose over the other one that is a fragmented mess!

And yes, millions of businesses across the world use Windows. And most if not all of them probably heavily restrict what can be side loaded because it's a risk. That sure sounds like the actual feature and functionality of it is a problem, to me! If the actual feature and functionality is not a problem, then why is it so heavily restricted or advised against on the platforms that already allow it?

 

[eicca]

Meanwhile, scam apps abound in their own oh-so-safe-and-cuddly App Store.

 

[RalfTheDog]

I do hope that Apple in Europe allows users to prevent their devices from being able to download content from that is signed by other stores. More importantly, I hope they allow developers to block their software from running on devices that have alternative store content. I don't want any contaminated devices connecting to any of my networks.

Providing minimum safety standards for alt stores is a good first step, but it it is only a first step. Now that I think of it, they should allow companies to whitelist what developers can download, even from their own stores. Give the user some flexibility, but don't allow random content.

 

[JosephAW]

Since most iOS devices are continually connected to the internet and Apple and other servers unlike a computer there could be a zero day malicious code with side loading that could spread quickly to all online devices or bringing down networks where each device acts like a robot.

 

[tobybrut]

But they side-load apps on Mac.

Side-loading isn't bad. Competition (different stores) isn't bad... unless you're an AAPL shareholder, of course.

Why do we need a "whitepaper" for a basic feature that every other popular modern OS supports (excluding iPadOS lol) ?

Nice try Apple.

They allow side loading on macOS because the horse left the barn decades ago. They cannot enforce it for an OS that was designed originally in the 1990’s as NeXTStep. This kind of thing has to be enforced from the beginning to avoid breaking everything that exists today. IOS and its derivations were written from the ground up with this kind of security in mind. MacOS is nice, but it is a far bigger security risk than iOS, something Apple can mitigate such as asking apps to sandbox, but they cannot force them. Nor can Apple enforce no direct interapplication communication, something that’s forbidden in iOS where Apple spent years inventing mechanisms that avoid that, but go through the operating system to accomplish things that resemble that.

The biggest security hole in macOS is allowing unfettered access to the file system where anyone can muck with the key system files as much as they want given root privileges. They cannot take away rooting through Terminal that has existed as long as there has been Unix, while iOS blocks that ability beyond actual jailbreaking. MacOS is just a different beast they cannot pull back in time to revamp to their iOS security standards. I’ve said this many times. If Apple could have done it all over again, macOS’s security would look very much like iOS, but they can’t. It would be like resetting macOS back to square one with no apps available, something they can’t do without essentially killing the Mac.

 

[RalfTheDog]

Meanwhile, scam apps abound in their own oh-so-safe-and-cuddly App Store.

At it's worst the IOS platform is better than Google's on it's best day.

 

[iLoveDeveloping]

But they side-load apps on Mac.

Side-loading isn't bad. Competition (different stores) isn't bad... unless you're an AAPL shareholder, of course.

Why do we need a "whitepaper" for a basic feature that every other popular modern OS supports (excluding iPadOS lol) ?

Nice try Apple.

You could not be more wrong but I guess everyone is entitled to their opinion. Side loading is dangerous for malware, if you can’t see that then you should go learn something. No, just no. Just because you can do something on a Mac or pc doesn’t make it safe.

 

[RalfTheDog]

Since most iOS devices are continually connected to the internet and Apple and other servers unlike a computer there could be a zero day malicious code with side loading that could spread quickly to all online devices or bringing down networks where each device acts like a robot.

More importantly, they are connected to the cell networks. It would be almost but not quite trivial to write code that accessed the baseband and dialed emergency services continuously. If you set them all to go off at the exact same time, you could bring emergency services down just at the moment of a large terrorist attack.

 

[Jamie0003]

Tl;dr: Pls don’t do this. We like our Monopoly money 😥

If you do, you, your family, and your pets will die of malware. Also Apple assassins

 

[Timo_Existencia]

I want a modern OS that is closed. I've knowingly made that choice for reasons that are important and valuable to me.

I trust business to make critical decisions on privacy and safety in tech much more than I trust Government to make those decisions; or at least I trust Apple more than I trust the EU.

I would like Apple to allow me to close off Alternate App stores on my child's devices.

I appreciate those of you who want to live in an open os ecosystem.

But why do you insist on taking my choice away? Why do you empower governments to make these choices?

 

[StuBeck]

Eh, I'm personally not concerned with the security ramifications. I stopped thinking that the App Store was safe after they consistently allow apps through that are clearly not safe.

 

[Timo_Existencia]

Tl;dr: Pls don’t do this. We like our Monopoly money 😥

Can you cite me a reputable source that argues that IOS in the EU is a monopoly?

 

[icanhazmac]

If you want things locked down, no freedom, no competition, and Apple making as much money as possible then yeah it's a good thing.

If you choose to see it that way. I see it as the following:

• Research: all apps are in 1 store so you see them all in one place, in a similar format, with reviews all in one place versus having to web search app types with 1 in each tab to make comparisons.
• Privacy Scorecards: have fun finding these when apps move to alt-stores and are not forced to publish them
• Payment: right now everything goes though Apple, or at least for the most part, and I am not forced to give my name, address and CC info to a hundred different stores/devs that may choose a bargain basement processor that is prone to getting hacked. To the best of my knowledge Apple's payment system has not been hacked.
• Updates: currently all triggered from one place instead of multiple stores or in the individual app
• Customer service: if I have a problem, like canceling, I don't need to call some random dev, I call Apple

Are there things I don't like, there sure are:

• Apple doesn't need to be the moral arbiter of apps, have a 21+ section if that helps you sleep at night. If people want to make weed apps or pr0nz apps then they should be able to do so.

It's not perfect, but I bought into it knowing the limitations. If those limitations become too annoying I will leave, if enough people leave Apple will lose market share and need to adjust their practices, if not then the market has decided. The problem for the "alt-store" crowd is that no one is leaving.

YMMV but choosing to ignore what others find as legitimate benefits of the ecosystem and reducing them to "Apple Greedy" is disingenuous.

 

[tobybrut]

I do hope that Apple in Europe allows users to prevent their devices from being able to download content from that is signed by other stores. More importantly, I hope they allow developers to block their software from running on devices that have alternative store content. I don't want any contaminated devices connecting to any of my networks.

Providing minimum safety standards for alt stores is a good first step, but it it is only a first step. Now that I think of it, they should allow companies to whitelist what developers can download, even from their own stores. Give the user some flexibility, but don't allow random content.

That would be a nice feature, but there will always be risks, such as the EU decision forcing Apple to accept web browsers with their own web engines. Those apps can be submitted to Apple’s own App Store and by law Apple cannot reject them unless they detect something dangerous. This is their explanation for why PWA’s go away in the EU. The only way they can secure stuff like that is to deny access to key OS functions that would require privileges beyond normal apps. Decisions like that do puncture a hole in the walled garden even if you could completely isolate iOS from third party app stores.

 

[Timo_Existencia]

Eh, I'm personally not concerned with the security ramifications. I stopped thinking that the App Store was safe after they consistently allow apps through that are clearly not safe.

That you can find a bad app doesn't mean that we should therefore allow all bad apps to have free access.

That's an odd bit of logic.

 

[iOS Geek]

Eh, I'm personally not concerned with the security ramifications. I stopped thinking that the App Store was safe after they consistently allow apps through that are clearly not safe.

And yet they still allow less unsafe apps than their open competitors do. Closed iOS is still more secure than open Android and open Windows.