Sideloading Apps on iOS? No, thanks!
I’ve noticed that some developers are excited about the idea of third-party app stores on iOS. I’m not one of them.
I do not welcome the idea of allowing sideloaded apps onto the iOS platform. I’m not saying that the App Store is perfect. But I do trust apps downloaded from the App Store. I know that Apple has implemented a strict code review and approval process. In addition, they have strict security measures in place to protect us from all sorts of malware and corrupted applications.
I understand that the review process can be frustrating at times. Also, bypassing the 30% fee per transaction may be another reason why some developers are interested in third-party app stores.
However, sideloading comes with potential security flaws that can harm the system and allow malicious code to run. This is not something that I’m willing to risk – and neither should you.
Our iPhone store our most intimate conversations and other sensitive personal data. We use them to make payments, check up on our investments, edit important business documents, and board flights. Just imagine if all of your sensitive data falls into the wrong hands…
Some may argue that Android has always allowed users to sideload apps. True.
What’s also true: nearly six million attacks per month were detected by a large security firm on its clients’ Android devices (yeah, you read that right, 6,000,000!).
By contrast, attacks on iOS are barely registered.
I’m not saying that iOS is completely immune to attacks, but having a curated app store reduces the chance of attacks significantly.
Sideloaded apps are often unverified and untested, so they can do anything they want to your device. Such apps are easy to exploit. And since they are not submitted to Apple for review, no one knows what they do. They can use all kinds of exploits and shady techniques to steal data from your device. And even if the developer has zero intention of doing anything nefarious, the application may be corrupted while it gets downloaded.
In the case of apps downloaded from the App Store, the system performs additional checks to ensure that the app hasn’t been tampered with. If an attacker injects their code, the runtime hashes are modified, so they won’t match the one store in the code directory and the system refuses to run the app.
So no, I don’t welcome third-party app stores on iOS.
If you want to delve deeper into iOS security, I suggest checking out my course iOS Development: Security.
Responses