The App Store is not perfect. But protects us from countless attacks on our privacy and security. Threats that we have no idea are there. Tricks that can confuse the most expert user. For this reason, the method of downloading apps outside the App Store, known as sideloading, opens the door to a world of nightmare for the average user.
That is the thesis defended by Apple in a new document that analyzes the threat posed by sideloading. With him, the company has thrown all the meat on the spit: it is not a harmless method but fraught with risks and serious problems. And to illustrate its thesis, Apple places Android as an example of what could happen.
The sideloading it would end the iPhone as we know it
Tricks when downloading apps, theft of personal and banking data, uncontrolled ad placement, theft of credentials, fake apps, phishing, user data encryption. In the report we come across endless real examples of apps that sabotage the user in one way or another.
From apps that are more or less innocent and place ads while you browse the internet to others who hijack your device and demand a ransom to get it back. Going through the ones that naturally steal your financial data.
The image that Apple paints with this report is very negative. And the company assures that the iPhone would cease to be what it is, a place where the security and privacy of the user is respected. One of its main values against the competition.
A risk that affects all users
The “grace” of allowing the sideloading o uploading apps from alternative routes to the App Store is that it affects all users. Download apps from outside the official store or not. Because once that door is created, it’s easier to convince someone to walk through it, even if they don’t want to. Apple provides a multitude of reasons for this:
- It is an app that your friends or family use.
- An app asks to be downloaded from outside to expand or promise other additional functions.
- It is an app for school or work that is only available from an alternative website or store.
- They are apps that are downloaded from an alternative store that imitates the official one, deceiving the user.
Thinking that one is not going to resort to these types of apps is not realistic, as there are those who fall under deception
“I don’t care about sideloading, because I’ll only download from the App Store” may sound reasonable. Until you run into one of these situations where you are forced, invited or tricked into downloading an uncontrolled app. And then, a Calvary of dire consequences starts.
The most dangerous examples of threats in the sideloading
The report prepared by Apple is directed at the authorities who flirt with legislating in favor of the sideloading, especially after the case of Epic Games and the App Store. Although also to illustrate the risks to the user. Under the premise of giving more power to the consumer, it actually opens the doors to an ecosystem of nightmarish digital threats. Thus, the company has compiled several examples with names and surnames:
- HiddenAds– Infected apps behave like real Android apps (FaceApp or CoD). They advertise on YouTube to get downloads. They place pop-ups and ads in the browser to generate revenue for the author. The app is camouflaged with a Settings icon.
- CryCryptor– It pretends to be an official COVID tracker app, but it is a ransomware tool. As soon as it is installed by sideload, encrypts the content of the device and only shows an email address to rescue it.
- FakeSpy: the user receives an SMS with a package pick-up notice, inviting him to download an app. Obtaining the appropriate permissions, access messages, contacts, network information and other installed apps.
- BlackRock– It pretends to be the ClubHouse app, but it actually allows you to steal the credentials of up to 450 different websites. Including BBVA, Lloyds Bank and Facebook.
Entities such as Europol, the European Cybersecurity Agency or the US Department of Security specifically warn against sideloading
The risk involved in all these apps is obvious. The least advanced user can easily fall into their traps. But the most seasoned too, as the constant cases of phishing and other online scams that do not involve apps.
This report is a tangible document with which Apple hopes to clip the wings of the pro-sideloading arguments. We’ll see if it works.