Apple warns of perils installing rogue apps ahead of antitrust debate


Protect Your Access to the Internet

Apple CEO Tim Cook delivers the keynote address during a special event on September 10, 2019 in the Steve Jobs Theater on Apple’s Cupertino, California campus.

Justin Sullivan | Getty Images

Apple argued Wednesday that allowing iPhone users to install software from outside its App Store — a practice called sideloading — would open up its customers to ransomware, pirated software and apps that steal user data.

The post comes on the same day that lawmakers are set to debate a series of antitrust bills aimed at limiting Big Tech companies. Two of those bills in particular are meant to prevent tech platform owners from favoring their own services and could be interpreted to force Apple to allow sideloading.

In a 16-page paper posted to its website, Apple said allowing sideloading would encourage hackers and scammers to target iPhone users by helping them entice victims to download apps from outside the store, possibly for school or work.

Apple also warned that allowing sideloading could put children at risk by allowing apps to disregard parental controls or by collecting sensitive user data.

“Because of the large size of the iPhone user base and the sensitive data stored on their phones — photos, location data, health and financial information — allowing sideloading would spur a flood of new investment into attacks on the platform,” Apple said.

Apple currently prohibits sideloading on the iPhone. The only way for consumers to install apps on iPhones is through Apple’s App Store. Currently, questionable apps would have to go through the App Review process, which aims to reject scams.

In its post, Apple pointed to apps on Android, the rival smartphone operating system that was created and is loosely overseen by Google but allows companies much more freedom. Android devices also can download software from a wide variety of sources, not just the Google Play store.

Apple said Android apps can lock data and force users to pay to get it back, citing a sideloaded Android app that posed as an official Covid-19 app from Health Canada but actually encrypted the user’s data and forced them to email the attacker to unscramble it.

An Alphabet representative did not immediately respond to a CNBC…