Apple’s Federighi Delivers Dramatic Speech On Dangers Of Sideloading

Apple's Software Engineering SVP Craig Federighi speaks at Web Summit 2021.
Enlarge / Apple’s Software Engineering SVP Craig Federighi speaks at Web Summit 2021.

Apple executive Craig Federighi, who is responsible for the company’s iOS software for iPhones, delivered a lengthy speech intended to alarm listeners about what might happen if Apple is forced to allow users to sideload apps. The speech was given at Web Summit 2021 in Lisbon, Portugal, and it expands on earlier, similar statements from Apple CEO Tim Cook.

The European Commission is actively discussing the Digital Markets Act (DMA), which is intended to regulate big tech platforms to ensure a fair playing ground. Companies like Apple could face fines of up to 10 percent of their global revenue.

In its current proposed form, the DMA would force Apple to begin allowing sideloading on the iPhone or face such fines. Federighi called the DMA out specifically in his speech, briefly voicing support for it overall but singling out the sideloading provision in almost apocalyptic terms.

“Sideloading is a cybercriminal’s best friend, and requiring that on the iPhone would be a gold rush for the malware industry,” he said to a large audience. “That one provision in the DMA could force every iPhone user into a landscape of professional con artists constantly trying to fool them.”

The presentation was accompanied by alarming slide imagery, like illustrations of sinister eyes lurking in the darkness outside peoples’ homes.

In fact, Federighi compared mobile devices directly to homes and said that users with some homes (representing iPhones) suffer far fewer break-ins than users in other homes (representing Android phones). He said the difference is that the not-iPhone homes were less secure because they had always-open side doors that any intruder could walk through, and he likened the sideloading provision of the DMA to a mandate that every house have an unlocked door installed.

Federighi speaks in front of one of his key presentation slides.
Enlarge / Federighi speaks in front of one of his key presentation slides.

Federighi also said that it doesn’t matter if people say they would not sideload apps, because some malware is disguised in a way that has in the past tricked Android users into sideloading without realizing it. Even if tech-savvy individuals feel confident in avoiding those pitfalls, he said, they should still be concerned about the vulnerability of others.

While many of the statistics he cited about malware incidents on iOS compared to other platforms were accurate, he avoided the elephant in the room—that Apple’s macOS for laptop and desktop devices also manages to have fewer malware incidents than its biggest competitor, even though it allows the sideloading of apps.

Apple takes a different approach to security on the Mac, requiring apps to authenticate in specific ways to launch. Failing that, users must go through an explicit, multi-step process to force the OS to let those apps run anyway. It still proves relatively effective.

Federighi also never mentioned Apple’s likely other motive for fighting against sideloading: Sideloading would further hinder the company’s ability to ensure it gets a slice of every app’s revenue, after a US judge already chipped away at that capability by deciding that Apple must allow links to third-party payment systems in apps downloaded from the App Store.

He referenced the fact that the iPhone is in a minority market position by pointing out that only one in five Europeans have an iPhone as opposed to other kinds of smartphones (namely Android).

“Our goal has never been to sell the most,” he said. “Instead, our mission is to provide people with the choice of what we view as the best.”

Craig Federighi on sideloading at Web Summit 2021

Listing image by Web Summit

READ MORE HERE