It is funny how fast Apple reacts to regulatory pressure after years of telling the community to get lost. Like as it turns out, alternative browsers were super possible. They just didn’t want to.
Imagine being able to select S3 as your iPhone backup with an app being able to use the same APIs as iCloud backup. Or being able to backup to your local Samba share when you get back on your home wifi.
Imagine being able to select S3 as your iPhone backup with an app being able to use the same APIs as iCloud backup. Or being able to backup to your local Samba share when you get back on your home wifi.
That’s where this all gets super interesting. You’re clearly excited about it. I’m sure a ton of people would be quite excited about it. But two scenarios come to mind that terrify me:
my mom installs some alt-backup service. She drops her phone down a sewer while bike riding. And when she tries to restore her backups we discover that the service she switched to has had a bug in it for the last 3 months that got tickled by some weird edge case and were unable to restore all of her stuff.
even worse my mom finds some alt-backup that is actually malware. It successfully backs her stuff up to a service that harvests all of her PII out of the backups and either sells it or uses it for blackmail.
While I’m a long time Apple user (phone, tablet, laptop) and also use Linux (laptop, server) quite heavily, I’m not really a fanboy. Maybe I’m lucky but I’ve been using their laptops since 2004 and their phones since the 4S, and have never experienced any kind of malware infection of any kind despite using all of those devices to occasionally do risky things. I occasionally wish I could add a little extra functionality to the iPad to take out from “quite useful” to “really awesome” (I travel a lot and while Blink is amazing for programming remotely for me, I occasionally wish I could write and run code locally on it… eg on an airplane).
For the phone? I like that it is a tightly controlled ecosystem that I’ve been able to rely on without regret for ~15 years or so. I’ve done Android development as well and have carried a second Android phone around for a month or two a few times and it’s never been a really confidence building experience.
Apple should have offered side loading before the legislators started poking around. It may well have avoided a lot of future pain for very little cost.
To support side loading you have to enable the ability to disable security protections, and that has to be available to everyone, the core of the security model is that there is no path to doing that.
Then you have other basics like “to use our app you must follow these steps”, and (1) malware has repeatedly used the fact that if you tell people to do X to get Y a reasonable number of people will do X, and (2) plenty of developers will just make it so the only way to use their software is to do X, so people have no choice but to allow side loading which results in a system wide regression in security.
It’s quite easy for scammers to prey on the vulnerable to induce them to download and install malicious applications. I believe that FB (ab)used the existing sideloading mechanism (intended for enterprises) to induce teenagers to download and install the Onavo VPN software which was then used to track their online behavior, MitM traffic to Snapchat, etc.
Theoretically, sure. Practically, though, this all seems like fearmongering to me?
Plenty of people are scammed right now, every day, with fully Apple-approved apps installed from the App Store.
It looks as if you’re going to have to click through a bunch of scary warnings before you can install an alternate app store, and Apple also insists on reviewing/notarizing the apps. (https://www.theverge.com/24100979/altstore-europe-app-marketplace-price-games) And from what I recall of the Onavo VPN thing you mention (it’s been a long time), that was also a very involved process to install?
There will be so many restrictions on this that I have a hard time believing it will be a very big deal
Wow these have been rejected for over a decade and the moment one appears as part of what the DMA enables they now become allowed in the first-party App Store.
We all should be grateful to EU.
I know you mean in this specific domain but it sounds dicey to say it unqualified lol
Indeed
And likely just to cut the legs out from under one of the probable first EU app stores (AltStore)? https://snailedit.social/@zmk/112220263952470929
Like, do Apple have to be such unrepentant assholes about everything? It’s hard for me to read this as anything other than just spite
It is funny how fast Apple reacts to regulatory pressure after years of telling the community to get lost. Like as it turns out, alternative browsers were super possible. They just didn’t want to.
Imagine being able to select S3 as your iPhone backup with an app being able to use the same APIs as iCloud backup. Or being able to backup to your local Samba share when you get back on your home wifi.
That’s where this all gets super interesting. You’re clearly excited about it. I’m sure a ton of people would be quite excited about it. But two scenarios come to mind that terrify me:
my mom installs some alt-backup service. She drops her phone down a sewer while bike riding. And when she tries to restore her backups we discover that the service she switched to has had a bug in it for the last 3 months that got tickled by some weird edge case and were unable to restore all of her stuff.
even worse my mom finds some alt-backup that is actually malware. It successfully backs her stuff up to a service that harvests all of her PII out of the backups and either sells it or uses it for blackmail.
While I’m a long time Apple user (phone, tablet, laptop) and also use Linux (laptop, server) quite heavily, I’m not really a fanboy. Maybe I’m lucky but I’ve been using their laptops since 2004 and their phones since the 4S, and have never experienced any kind of malware infection of any kind despite using all of those devices to occasionally do risky things. I occasionally wish I could add a little extra functionality to the iPad to take out from “quite useful” to “really awesome” (I travel a lot and while Blink is amazing for programming remotely for me, I occasionally wish I could write and run code locally on it… eg on an airplane).
For the phone? I like that it is a tightly controlled ecosystem that I’ve been able to rely on without regret for ~15 years or so. I’ve done Android development as well and have carried a second Android phone around for a month or two a few times and it’s never been a really confidence building experience.
Apple should have offered side loading before the legislators started poking around. It may well have avoided a lot of future pain for very little cost.
I mean undermining a core component of the platform security model for everyone to make a minority happy is not low cost.
I’ve seen other people post this and I don’t understand it. Sideloading is opt-in, right? How does it undermine security “for everyone”?
To support side loading you have to enable the ability to disable security protections, and that has to be available to everyone, the core of the security model is that there is no path to doing that.
Then you have other basics like “to use our app you must follow these steps”, and (1) malware has repeatedly used the fact that if you tell people to do X to get Y a reasonable number of people will do X, and (2) plenty of developers will just make it so the only way to use their software is to do X, so people have no choice but to allow side loading which results in a system wide regression in security.
It’s quite easy for scammers to prey on the vulnerable to induce them to download and install malicious applications. I believe that FB (ab)used the existing sideloading mechanism (intended for enterprises) to induce teenagers to download and install the Onavo VPN software which was then used to track their online behavior, MitM traffic to Snapchat, etc.
Theoretically, sure. Practically, though, this all seems like fearmongering to me?
Plenty of people are scammed right now, every day, with fully Apple-approved apps installed from the App Store.
It looks as if you’re going to have to click through a bunch of scary warnings before you can install an alternate app store, and Apple also insists on reviewing/notarizing the apps. (https://www.theverge.com/24100979/altstore-europe-app-marketplace-price-games) And from what I recall of the Onavo VPN thing you mention (it’s been a long time), that was also a very involved process to install?
There will be so many restrictions on this that I have a hard time believing it will be a very big deal