[cageface]

This would be a non issue if Apple allowed side loading apps from outside the app store. The argument that this weakens security is bogus because users that don't need this ability can leave it disabled.

The argument that this encourages piracy is also weak since most money in the app store is made on IAP.

[on_and_off]

Not to mention that sideloaded apps are still checked by Play Services on Android. Sure it is certainly more risky than the manual reviews done on the play store, but that's a weak argument for disallowing side load. Especially as the OS does it, with a huge warning telling you that it is less secure.

I have had to deal with Apple reviews for a long time, I am absolutely convinced that blocking sideload on iOS is 99% a business decision, not a security one.

[johncolanduoni]

Has Apple ever actually pretended that no side-loading was purely a security decision? I always thought they were very clear on their desire to provide "curation" of content.

[evgen]

You can use alternate Apple app stores, and the fact that limited access and curation of available apps does not in fact weaken security but enhances it is self-evident by comparing the Apple app store with the cesspool that is the Play store and sideloaded apps. You can disagree with the policy all you want, but trying to argue that it has not improved user security just makes you look deluded.

[cageface]

It has zero effect on security if you leave the switch to enable it off. If you want to stay in Apple's walled garden it's a no-op.

[evgen]

Given how easy it is to convince people to try to run Javascript in the browser console, just click this link in your email to find out if you won the lottery you didn't enter, or do other dumb things that none of us can believe actually work, the fact that there is no off switch is a major win for the security of the vast majority of Apple users. If you want to help people then create the open-source replacement for these apps and teach them to compile it and sideload it themselves.

[lallysingh]

.. just transfer your money here? If users are so stupid, protections won't help.

[johncolanduoni]

Many people understand the seriousness of transferring money. Fewer understand the seriousness of installing random stuff. There’s a reason pop up ads mostly promise to clean your computer, not transfer money to your account if you give them the number.

[eropple]

When I worked for a medical software company, we deployed to all our customers through an enterprise distribution source. They went to a web page we sent them via email, clicked a thing, and that was that.

To that end, 'evgen's post is extremely important to consider when it comes to malware and phishing. We could do that, and we were the "good guys"--opening it up even further would terrify me.

[cageface]

Enterprise config for iOS should have the option of disabling this on the device. Doesn't mean ordinary end users shouldn't have the choice if they want it.

[eropple]

I think maybe we're not on the same wavelength here: we were provisioning to end user devices, through this. Doctors had iPhones? Here you go, just click this link and now we can install anything we want. Nobody asked if it was legit, they just clicked.

Making this worse would be an Android-level disaster for end user safety.

[johncolanduoni]

If you added a button to Firefox (or Chrome, or IE, ...) that gave JavaScript access to your filesystem when it was switched on, would you expect user security to be unaffected because nobody would be tricked/pressured into turning it on by web pages? Remember there are many people that not only don’t know what JavaScript is, but don’t even know what a filesystem is.

[kodablah]

Why did you choose a button for this analogy? Why not a deeply buried setting with clear warnings? Or, to be a more apt analogy to side loading, why not a separate compilation flag when rebuilding the browser? Your analogy is unfair... making something like this possible doesn't mean making it easy or likely to be tricked into. Saying it does muddies the discussion.

[erikpukinskis]

It doesn't matter whether it's a button or a magical incantation you whisper to Siri. The point is the code path is a security hole, whether or not a user enables it. It's harder to secure a door against intruders than a brick wall.

[johncolanduoni]

A deeply buried button was what I imagined, not something on the address bar you could accidentally click. A separate compilation flag when rebuilding the browser is not accurate if you're comparing to Android's side-loading model (not even enabling developer tools require anything that onerous). I would argue your addition of "easy" or "without warnings" is what muddled the discussion.

[jpttsn]

I think users can jump through those hoops as well. Before emoji were available as a system keyboard, for international (non-Japanese) iOS users, many users downloaded apps to enable the emoji keyboard.

[seanmcdirmid]

You can change your App Store region and load those apps if you want, even if you live in china. You can even have apps from different App Store regions be loaded side by side (e.g. Facebook and xiami).

[cageface]

You need to be able to pay from a US credit card in order to buy anything from the US store. Which is out of the reach of ordinary Chinese. I often help my Vietnamese friends buy apps from the US app store for the same reason.

[seanmcdirmid]

Yes, but for the free apps it doesn’t matter; it really is something that is useful. Most ordinary Chinese aren’t going to be interested in those apps anyways, like they wouldn’t be interested in side loading.

[smegel]

What about the argument that Apple won't be able to take it's cut of apps sold and installed outside of the App store?

[willstrafach]

You can absolutely sideload on iOS, it is just a pain.