While the two mobile device platforms are often compared for their similarities, Google’s Android platform has historically differed from Apple’s iOS (and iPadOS) in at least one significant way: Android has always permitted end users to sideload applications, which includes the use of alternative app stores such as Amazon’s. This alleviates concerns of app rejection and allows software developers to bypass the up to 30% fees collected from each transaction.
As calls have been growing in Congress and in the European Union for Apple to allow third-party app stores for its iPhone and iPad, company executives such as CEO Tim Cook have been speaking out, arguing that such a change would “destroy the security” of Apple’s products.
In a report released on Wednesday, June 23, Apple argued that 3rd-party app sideloading would subject users of the company’s platforms to increased risks, create l app and OS instability — and potentially allow malware to install itself.
A Gatekeeper for iPhone and iPad?
Apple has allowed side-loading, but only for enterprises using the Developer Enterprise Program. This program enables companies to create and deploy custom applications on iOS, WatchOS, and TVOS devices and code-sign Mac apps, plug-ins, and installers with a Developer ID certificate for distribution to employee Mac computers. As with iOS, Mac also has an app store, but Apple does not require that Mac systems exclusively install applications from it.
While iOS does not currently have this feature, current versions of MacOS use a subsystem called “Gatekeeper,” which is a security feature used to enforce code-signing using digital certificates. Gatekeeper verifies downloaded applications’ signatures to ensure they are notarized before allowing them to execute, thus reducing the likelihood of inadvertently installing and running malware on the system.
While the Developer Enterprise program has dramatically helped reduce malicious software installed on iOS systems, it is not infallible. For example, the “Exodus” spyware, which managed to be installed directly from Google Play on Android devices, has been distributed…