In the months leading up to Apple’s sideloading iPhone announcement last week, I told you that I had no plans to download apps from other sources. I don’t want 3rd party app stores and will happily pay a 30% commission to cover Apple’s fees.
It gives me peace. It’s not just the security and privacy of my data and transactions — it’s also the convenience of having all my digital purchases in one place.
I also said that I think Apple should release side-loading iPhones worldwide, not just in Europe, where the new Digital Market Act (DMA) requires such changes. Then every iPhone user could decide for himself how to buy applications and other contents. And I’m pretty sure Apple’s bottom line would be fine.
But one side-loading iPhone scenario made me worry about the iPhone owners in my family who aren’t as smart as I am. They could be targeted by infected apps from those less regulated storefronts. But now that Apple has shown us what a side-loading iPhone will look like, I’m no longer worried.
How side loading can be dangerous
Here’s the most reasonable argument in favor of sideloading: if it’s possible on a Mac, it should be possible on an iPhone.
The people making these claims are probably those iPhone and Mac users who wouldn’t easily fall prey to malware scams. They know how to check which apps are being installed and what red flags to look out for, regardless of the device they’re using.
But the iPhone is now the primary device for many people, including those who don’t have extensive experience with smart devices.
Imagine if, after iPhone sideloading became widely available in Europe, hackers began targeting unsuspecting users with spam messages and emails about this one or that An iPhone application that they must install on their devices.
Imagine if your child, who is more likely to use your credit card to make an in-app purchase than pay attention to your rants about iPhone security, installs that dubious app. Or your mom thinks she’s getting the latest version of her mobile banking app, but it’s malware.
This may be an exaggeration, but I was still preparing for the worst. I planned to instruct others in my family not to trust strange emails or text messages after DMA was introduced. They are already somewhat trained to do this, and I keep reminding them to pay attention to how they use their smartphones. I will still direct them to contact me if they think anything is suspicious.
The reality of sideloading
Now that Apple has released its new developer agreement and planned changes for the EU, I’m no longer worried about the sideloading that comes with malware. It is not impossible; it just seems that Apple is doing everything it can to ensure the safety of those users who choose to install apps from other app markets.
As I’ve explained before, the side-loading iPhone isn’t what we thought it would be. A hacker may have all the information they need to launch a spam campaign to convince people to install their apps. But the current requirements for sideloading iPhone apps make it nearly impossible for that hacker to actually offer malware apps for direct download.
Apple has very specific rules that prevent true side-loading of the iPhone. You will not be able to install apps from any source. Apple has many prerequisites that developers must meet before offering their apps outside of the App Store.
I’ve already described all the new rules Apple has developed to be DMA compliant, many of which will affect sideloading on the iPhone.
I still won’t be leaving the App Store anytime soon, though I’ll be able to experience App Store alternatives when DMA rolls out in Europe. But I won’t be so concerned about the potential security impact.
Other threats
That doesn’t mean iPhone security is perfect. We’ve covered the sophisticated hacks that nation-state attackers have used to spy on iPhone users. They have nothing to do with iPhone sideloading and affect a limited number of targets.
However, malware isn’t a problem on the iPhone like it is on Android. And we see reports of malware on Android all the time. Also, even if someone was able to successfully deploy malware to the iPhone, other protections in iOS could kick in to prevent that app from actually snooping around.
Finally, hacker George and his friends can always launch phishing campaigns targeting iPhone users that have nothing to do with sideloading. You still need to protect yourself online, regardless of DMA. It’s just that iPhone sideloading, in its current EU-only form, isn’t as bad as I feared.