“Sideloading” is the term for installing apps on your iPhone or iPad from sources outside the App Store. Apple argues that this would considerably weaken iPhone security, undermine user trust, and put us at the mercy of malware and scams. The reality is different. First, Apple already offers at least two ways to sideload apps, which perfectly safe. Second, the App Store is already full of scams and junk. And three, Apple doesn’t mention that it stands to lose its 30% from apps installed from outside its store. “Even if a user only downloads apps from the official iOS App Store, they are still at risk. A handful of recent iOS updates have had vulnerabilities that require immediate patching,” David Gerry, chief revenue officer at WhiteHat Security, told Lifewire via email.
The Sleight
The thrust of Apple’s argument is that the App Store is a curated, safe, trusted environment. Every app is vetted and approved, and because most iPhone users only install apps from the App Store, they never have to worry about malware. The report seems timed to counter the latest anti-trust procedures and investigations in the EU and the US. Apple’s report paints alternate app stores as wretched hives of malware and scams. But this misrepresents the reality. Sideloading is already possible. One way is via TestFlight, Apple’s platform for third-party developers to distribute beta apps. Another is Enterprise Certificates, a method for big companies to distribute proprietary in-house software to their employees. For the reality of sideloading, look at the Mac. You can add apps from any source, but the default settings prevent launching apps that haven’t been vetted, notarized, and signed by Apple. Any developer can submit their app to be notarized, and it can then be used on the Mac. This is effectively the same as the App Store approval process, only Apple doesn’t take a 30% cut, and Apple only rejects the app if it is dangerous—not if it just contains something Apple doesn’t like. It is, then, entirely possible to safely sideload apps on the iPhone and iPad. This notarization process would make sure apps still complied with Apple’s ever-deeper privacy protections, for example. The only part Apple would have to skip would be taking its 30% revenue cut. “This is not because Apple cares about user privacy or safety, but rather because third-parties derive their revenues from user data, allowing them to profit off Apple’s user base, without the latter receiving much in the way of compensation,” Janis von Bleichert, founder and chief technology officer of EXPERTE, told Lifewire via email. “Loading apps outside of the App Store reduces Apple’s control over their content (as well as their ability to profit from them)."
The Risks
That’s not to say there aren’t risks in sideloading apps. Apple’s notarization process would not block a game designed to milk money from children via in-app purchases. On the other hand, developers of legitimate apps get rejected by App Store Review all the time, often arbitrarily. For instance, Apple rejected developer Phillip Caudell’s Big Mail app because of a problem with the subscription screen, “despite it being an exact copy of the one from their own guidelines,” says Caudell on Twitter. Meanwhile, scam apps already manage to evade Apple’s App Store review process. “Both The Washington Post and Verge have recently reported on scammy and/or ripped-off content and apps in Apple’s App Store, and what’s worse, that Apple seems not to care about removing it or doing anything about it,” says von Bleichert.
The Cut
As mentioned above, Apple can (and does) make sideloading apps as safe as the App Store. The only difference would be that it loses its revenue cut and gives up control of what kinds of apps are allowed. Seen through this filter, it’s easy to infer Apple’s reasons for defending the App Store as the (mostly) sole way to get apps onto its devices. The answer may not be third-party app stores, but the current situation is far from ideal.