Apple on the attack! Company cites sideloading for Android's malware woes

12comments
Apple on the attack! Company cites sideloading for Android's malware woes
It's no secret that the late Steve Jobs despised Android and considered it to be a blatant rip-off of iOS. Jobs famously said that he wanted to destroy Android and would do so even if he had to wipe out Apple's cash assets. To the average layman, both operating systems appear to be similar but there are huge differences as phone enthusiasts know.

Apple blames Android malware on the platform's ability to sideload apps


Where iOS is, to use the typical cliche, a "walled garden," Android is open giving users the opportunity to customize their devices to their liking. And while Apple has borrowed from Android recently (the use of homescreen widgets, the new customizable lock screen coming in iOS 16 are two examples), one Android feature that Apple is adamant about never offering, is the ability to sideload apps.

Android users have the ability to install apps from third-party app stores. This is called sideloading and Apple has been under pressure from governments at home and abroad to allow it on the iPhone. The recently passed Digital Markets Act (DMA) in Europe could force Apple to allow sideloading on its devices (along with providing some sort of cross-platform support for messaging and allowing third-party payment options for iOS apps).

Not that sideloading is without its issues. Allowing the use of third-party app stores out of Apple's control could lead iPhone users to accidentally install malware on their handsets. The Senate Judiciary Committee has called Apple's stance on sideloading "unfounded, disingenuous, and dishonest." But Apple has returned service with a strongly written letter of its own to the committee which was obtained by 9to5Mac.

The letter, dated March 3rd, was signed by Apple's senior director of government affairs Timothy Powderly, The letter points out that of the top 20 Android malware apps listed in Nokia's 2021 report (which covers 99% of the Android malware detected by Nokia), "not a single one appeared to use a “technical exploit” to get onto the device or perform its attack. These apps all worked within the security boundary of the operating system, with no exploit required."

The letter notes that security researchers at Kaspersky came to the same conclusion. Kaspersky blamed the malware found on Android phones as the result of cybercriminals "passing a malicious application off as another, popular and desirable one. All they need to do is correctly identify the application, or at least, the type of applications, that are currently in demand."

Apple asks Congress to keep the status quo


You can read what is going on here. In an effort to defend its no-sideloading policy, Apple is blaming sideloading for all of Android's malware woes. Apple's Powderly wrote, "On Android, apps offered outside of the official store and claiming to help protect users' security turn out, with some frequency, to be malware. For example, it was recently found that an
Android app claiming to be a two-factor authenticator was also used to deliver malware designed to steal sensitive financial data from the user."

Recommended Stories
In a comment directed to cryptographer Bruce Schneier, who told lawmakers that Apple's concerns about sideloading were "unfounded," the letter states, "Mr. Schneier is correct that 'sophisticated malware,' often used by state-sponsored attackers, can bypass device security controls. But on iPhone, such sophisticated malware is highly complex, costs millions of dollars to develop, and often has a short shelf life. While Apple works hard to protect users from every threat, including this type of malware, the vast majority of users will never be targeted by such attacks."

Apple adds that "To focus the discussion on this rare threat misses what is actually harming millions of users every day on other mobile platforms: social engineering attacks, a threat that the Apple App Store has been incredibly effective at suppressing." The letter ends with a message pointed at lawmakers: "We hope Congress will preserve consumers' ability to chose the safest option for themselves and their families."

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless