It was recently reported that Apple may be moving forward with allowing apps to be sideloaded onto the iPhone. We know that the E.U. has been pushing for this, saying it’s needed to bolster competition and that developers shouldn’t be forced to pay Apple for the distribution and hosting of their apps as part of the Digital Markets Act, so it’s entirely possible.
What else is possible is how bad this move is going to be. Sideloading apps requires a lot more work than you might realize. It’s something that iOS wasn’t designed to allow.
It’s kind of silly when you really think about it. You buy something that can install third-party programs and software, yet the company selling it decides what and where you can find said software. I can’t think of any other computer system — yes, your smartphone is a computer — that has such a permanent restriction. Yet, users who would never be OK with Apple saying you can only install apps on your Mac that you get directly from Apple seem to be fine with the idea.
The other side of it all is that Apple is right when it says this keeps users’ phones more secure. It absolutely does. But shouldn’t it be for the user to decide? The E.U. thinks so and believes that allowing for more choice is what’s best for consumers.
This isn’t something that can just happen, though. Apple will have to take a page from the Android playbook if it wants to do this the right way.
What is sideloading?
It’s a pretty easy-to-understand concept. Sideloading is when you download an app from somewhere and install it manually.
Your phone, whether it be an Android phone or an iPhone, comes with a program whose only purpose is to find, download, and install other apps. On Android, it’s called Google Play and on the iPhone, it’s called the App Store. You open it, pick an app, tap a button and everything just works.
On Android phones (as well as computers running other operating systems like Windows, macOS, or even Chrome) there are also mechanisms in place that let you download apps from somewhere else and manually install them. You might have to jump through a hoop or two to make it happen, but the method that allows it is built into the software that powers your device.
That’s known as sideloading and unless you’re a developer who pays a yearly fee to Apple and uses Apple-approved development software, it’s not really possible on an iPhone or iPad.
User security
Apple says this makes iOS more secure because it protects users from malicious content. Apple is right. Malware does find its way into the App Store (and Google Play and the Windows Store, etc., etc.), but it’s pretty rare. Apple does a good job of catching what needs to be caught.
It’s not hard to build a mobile app that does bad things. It’s hard to make an app that does anything automatically or an app that can 100% hide what it’s doing, but writing an app that steals your information and sends it off to someone else is easy to do.
What’s hard to do is get a bad app past Apple and/or Google because both look over every app to ferret out the bad ones. If you get your app outside of the “official” app store, all bets are off, and other protections must be built into place. That’s where Android (and Windows, credit where credit is due) shine.
Google has developed its install process to scan through an app while it’s being installed and later when it’s used, even if it didn’t come from the Play Store. Google calls this Google Play Protect, and it’s a big deal. Any phone sold with an “official” version of Android that includes Google’s software has this protection built-in, and it actively monitors the apps on your phone to weed out the bad ones.
It’s all done on your phone without sending any information to Google unless one is found. Then, it can share information about the app, like when it was last used, and in extreme cases, Google can remotely disable it. Google scans apps by name and also by seeing what the code can potentially do, just like Windows Defender does.
I’m not suggesting that you should start sideloading apps on your Android phone. There are other factors to consider, such as forced “best practices” and privacy policy enforcement. But you’re probably not going to get outright hacked or anything if you do.
Apple doesn’t have anything like this because it never needed to have anything like this. The only people sideloading apps were developers installing their own apps, testers using approved software to install test versions of apps, and people who jailbroke their iPhones and took Apple out of the equation when it comes to privacy and security.
If Apple is forced to allow users to sideload apps, it absolutely has to have something like this in place. People will write malicious apps for the iPhone, find creative ways to distribute them and trick users into installing them. People using an iPhone have never really needed to worry about this before, and that makes them an easy mark. I hate saying it, but we all know how terrible the internet can be.
None of this means sideloading is bad or that Apple should keep people locked inside the App Store. It also doesn’t mean the E.U. is right when it says allowing it will be better for all consumers. I’m not taking any sides in that fight.
Apple doing it before the company has the right infrastructure in place, whether by choice or because it was forced, will be bad for consumers. If it happens, prepare for a shitshow.