this post was submitted on 15 Jan 2024
466 points (98.3% liked)
Technology
58303 readers
17 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
But here's the thing - side loading, even on android, is an opt-in feature. The user has to actively go out of their way to sideload an app. Even if an app tries to do it behind your back, you must first enable its ability to do so.
Yes, this doesn't exist when ADB is involved, but in that case you have to go out of your way to enable USB debugging (and be stupid enough to plug your phone into someone else's computer). The vast majority of iPhones will never have sideloading enabled by their users. The EU isn't grabbing their balls and saying that all users must have it enabled by default, otherwise they'd be going after Android too.
Sure, I get that. The issue is that as soon as you introduce the ability to install apps from outside the App Store, it becomes possible to trick unsuspecting users into clicking buttons they don't understand. By designing a web page to look like an actual Apple page, a malicious party could convince users to "opt in" to outside sources, in a similar way in which phishing websites harvest users' online banking credentials. Currently, this kind of attack is entirely impossible on iPhone.
Doesn't this argument essentially boil down to "people are stupid and we should take away their freedoms to protect them from themselves"? I'm not going to say that most people would make use of being able to install 3rd party apps, or even that it won't give malware more chances to get people. But people can get themselves hurt or compromise their electronic security in any number of ways taking away people's choices until they can't make bad decisions anymore just doesn't seem worth it to me
Sure, but at that point we're getting into the weeds of fake webpages, which really isn't anything apple could control anyway. Nothing's to say that if sideloading didn't exist, that page wouldn't just direct them to a form to fill out your banking information. All it does is change the method. Apple could simply maintain a hash database of files that are known as dangerous and package it into a built-in AV for iOS (like most OSes do)
Nothing's also to say that the page wouldn't just abuse one of the hundreds of vulnerabilities that currently exist in WebKit currently.
For your average user, they're probably only visiting legit sites on that browser anyway. My grandparents both have Android phones and to my knowledge have never been "tricked" into installing an APK. I can probably say the same for the vast majority of people.
I believe the benefits outweigh the costs here. Apple loses their grip on the walled garden which is punishing for developers and makes Apple judge, jury and executionor on not only what apps can run on iOS, but also how much developers have to give up to Apple (they could up their cut to 90% at anytime and currently developers can't do shit about it).