• TurboLag@lemmings.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    26
    ·
    11 months ago

    I think that’s exactly the problem. The real user benefit will be very small, but in order to enable those changes, functionality will be implemented on everyone’s phones to support sideloading. In my eyes, this increseas the attack surface against iPhones. Time and time again alt stores have been used to distribute fake apps and malware on Android, and the victims are often those users who haven’t asked for sideloading and are unlikely to use it intentionally.

    Yes, maybe this will enable an F-droid equivalent on iPhone and it will be great to have direct access to open-source apps. But is this niche addition worth potentially reducing the security of all iPhones? I’m not convinced.

    • dXq9dwg4zt@lemmings.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      11 months ago

      The real user benefit will be very small

      Time and time again alt stores have been used to distribute fake apps and malware on Android, and the victims are often those users who haven’t asked for sideloading and are unlikely to use it intentionally.

      Can you offer any evidence to back up either of these claims?

    • thoughts3rased@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      2
      ·
      11 months ago

      But here’s the thing - side loading, even on android, is an opt-in feature. The user has to actively go out of their way to sideload an app. Even if an app tries to do it behind your back, you must first enable its ability to do so.

      Yes, this doesn’t exist when ADB is involved, but in that case you have to go out of your way to enable USB debugging (and be stupid enough to plug your phone into someone else’s computer). The vast majority of iPhones will never have sideloading enabled by their users. The EU isn’t grabbing their balls and saying that all users must have it enabled by default, otherwise they’d be going after Android too.

      • TurboLag@lemmings.world
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        2
        ·
        11 months ago

        Sure, I get that. The issue is that as soon as you introduce the ability to install apps from outside the App Store, it becomes possible to trick unsuspecting users into clicking buttons they don’t understand. By designing a web page to look like an actual Apple page, a malicious party could convince users to “opt in” to outside sources, in a similar way in which phishing websites harvest users’ online banking credentials. Currently, this kind of attack is entirely impossible on iPhone.

        • Storm@slrpnk.net
          link
          fedilink
          English
          arrow-up
          8
          ·
          11 months ago

          Doesn’t this argument essentially boil down to “people are stupid and we should take away their freedoms to protect them from themselves”? I’m not going to say that most people would make use of being able to install 3rd party apps, or even that it won’t give malware more chances to get people. But people can get themselves hurt or compromise their electronic security in any number of ways taking away people’s choices until they can’t make bad decisions anymore just doesn’t seem worth it to me

        • thoughts3rased@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          3
          ·
          11 months ago

          Sure, but at that point we’re getting into the weeds of fake webpages, which really isn’t anything apple could control anyway. Nothing’s to say that if sideloading didn’t exist, that page wouldn’t just direct them to a form to fill out your banking information. All it does is change the method. Apple could simply maintain a hash database of files that are known as dangerous and package it into a built-in AV for iOS (like most OSes do)

          Nothing’s also to say that the page wouldn’t just abuse one of the hundreds of vulnerabilities that currently exist in WebKit currently.

          For your average user, they’re probably only visiting legit sites on that browser anyway. My grandparents both have Android phones and to my knowledge have never been “tricked” into installing an APK. I can probably say the same for the vast majority of people.

          I believe the benefits outweigh the costs here. Apple loses their grip on the walled garden which is punishing for developers and makes Apple judge, jury and executionor on not only what apps can run on iOS, but also how much developers have to give up to Apple (they could up their cut to 90% at anytime and currently developers can’t do shit about it).