Apple’s Federighi gives a dramatic speech on the dangers of sideloading


Enlarge / Apple’s Software Engineering SVP Craig Federighi speaks at the 2021 Web Summit.

Apple CEO Craig Federighi, who is responsible for the company’s iOS software for iPhones, delivered a long speech designed to alert listeners about what could happen if Apple is forced to allow users to sideload apps. The speech was given at the Web Summit 2021 in Lisbon, Portugal and builds on earlier, similar statements by Apple CEO Tim Cook.

The European Commission is actively discussing the Digital Markets Act (DMA), which is intended to regulate large tech platforms to ensure fair conditions. Companies like Apple could face fines of up to 10 percent of their global sales.

In its currently proposed form, the DMA would force Apple to allow sideloading on the iPhone or face such fines. Federighi explicitly called out the DMA in his speech and spoke out in favor of it briefly, but emphasized the sideloading provision in almost apocalyptic terms.

“Sideloading is cybercriminals’ best friend, and asking for it on iPhone would be a gold rush for the malware industry,” he said to a large audience. “That one provision in the DMA could force any iPhone user into a landscape of professional scammers who are constantly trying to deceive them.”

The presentation was accompanied by alarming slide images, like illustrations of dark eyes lurking in the darkness in front of people’s homes.

In fact, Federighi compared mobile devices directly to households, saying that users with some households (representing iPhones) suffer far fewer break-ins than users in other households (representing Android phones). He said the difference is that the non-iPhone homes are less secure because they always had side doors open for any intruder to walk through, and he compared providing sideloading of the DMA to requiring every home to have an unlocked one Door has.


Federighi speaks in front of one of his most important presentation slides.Enlarge / Federighi speaks in front of one of his most important presentation slides.

Federighi also said that it doesn’t matter if people say they wouldn’t sideload apps because some malware is camouflaged in ways that in the past have tricked Android users into doing it without realizing it. Even if tech-savvy people are confident they can avoid these pitfalls, they should still be concerned about the vulnerability of others.

Although many of the statistics he cited on malware incidents on iOS compared to other platforms were correct, he avoided the elephant in the room – that Apple’s macOS for laptops and desktop devices also has fewer malware incidents than its main competitor, despite it allows apps to be loaded from the side.

Apple takes a different approach to security on the Mac and requires apps to authenticate in a certain way in order to start. Otherwise, users will have to go through an explicit, multi-step process to force the operating system to run those apps anyway. It still proves to be relatively effective.

Federighi also never mentioned Apple’s likely other motive for fighting sideloading: Sideloading would further hamper the company’s ability to ensure it receives a portion of any app’s revenue after a U.S. judge already ticked off that ability by ruling that Apple must allow links to third parties -Party payment systems in apps downloaded from the App Store.

He pointed to the fact that the iPhone has a minority position in the market by pointing out that only one in five Europeans own an iPhone, unlike other smartphones (namely Android).

“Our goal has never been to sell the most,” he said. “Instead, our mission is to give people the choice of what we consider best.”

Craig Federighi on sideloading at the 2021 Web Summit

Entry image from Web Summit