3
If Apple were forced to support sideloading:
• More harmful apps would reach users because it would be easier for
cybercriminals to target them – even if sideloading were limited to
third-party app stores only. The large amount of malware and resulting
security and privacy threats on third-party app stores shows that they do
not have sufficient vetting procedures to check for apps containing known
malware, apps violating user privacy, copycat apps, apps with illegal or
objectionable content, and unsafe apps targeted at children. Users would
now be responsible for determining whether sideloaded apps are safe, a
very difficult task even for experts. In the rare cases in which a fraudulent
or malicious app makes it onto the App Store, Apple can remove it once
discovered and block any of its future variants, thereby stopping its spread
to other users. If sideloading from third-party app stores were supported,
malicious apps would simply migrate to third-party stores and continue to
infect consumer devices.
• Users would have less information about apps up front, and less control
over apps after they download them onto their devices. Users may not get
accurate information about apps they sideload through third-party app stores
or via direct downloads because these app stores would not be required to
provide the information displayed on the App Store product pages and privacy
labels. And features like App Tracking Transparency and parental controls
that allow users to control what iPhone data, hardware, and services can be
accessed by those apps (such as the device’s location, microphone, and
camera) either would not be available or would be much easier for malicious
actors to manipulate. Large companies that rely on digital advertising allege
that they have lost revenue due to these privacy features, and may therefore
have an incentive to distribute their apps via sideloading specifically to bypass
these protections. Privacy on the iOS platform would therefore be eroded.
• Some sideloading initiatives would also mandate removing protections
against third-party access to proprietary hardware elements and
non-public operating system functions. This would undermine core
components of platform security that protect the operating system and iPhone
data and services from malware, intrusion, and even operational flaws that
could affect the reliability of the device and stop it from working. This would
make it easier for cybercriminals to spy on users’ devices and steal their data.
