Most active commenters
  • realusername(5)
  • neverokay(3)

←back to thread

Apple must open iPadOS to sideloading within 6 months, EU says

(arstechnica.com)
380 points rezonant | 21 comments | 30 Apr 24 04:44 UTC | HN request time: 2.694s | source | bottom
1. callalex ◴[30 Apr 24 06:21 UTC] No.40207786[source]
Can you explain how your risk profile will change if you don’t use the feature?
replies(4): >>40207807 #>>40207818 #>>40207839 #>>40208050 #
2. neverokay ◴[30 Apr 24 06:25 UTC] No.40207807[source]
It’s bad news for regular folks who will be clicking those install links with no protection from the App Store. The majority of people have been kept safe up until now.
replies(2): >>40207833 #>>40207892 #
3. ◴[30 Apr 24 06:25 UTC] No.40207813[source]
4. sakex ◴[30 Apr 24 06:25 UTC] No.40207818[source]
Someone could steal the iPad and boot a different OS from a hard drive
replies(1): >>40212454 #
5. SOLAR_FIELDS ◴[30 Apr 24 06:27 UTC] No.40207833{3}[source]
If it’s the Apple we all know, they will probably have to click through about 14 warnings to be able to do this. Someone might make the point that this is not enough of a deterrent, but I’ll counter with the fact that browsers helped make https a thing by giving an ugly looking sign whenever http came around and it definitely helped
6. klaushardt ◴[30 Apr 24 06:28 UTC] No.40207839[source]
I bet it will happen that some apps i now use, which are in the regualar app store, will be pulled in favor of a own app store which has more tracking and maybe even cost money. So it will be a downgrade if now working apps move to an ad and tracking app store which are not privacy sensitive like iAds.
replies(2): >>40208250 #>>40209769 #
7. realusername ◴[30 Apr 24 06:36 UTC] No.40207892{3}[source]
Why people are acting like the appstore is somehow safe? The top apps are casino-like games which aren't that far off malware. Not something I would like my family to use in any case.
replies(1): >>40208062 #
8. lynx23 ◴[30 Apr 24 07:06 UTC] No.40208050[source]
Barring temptation, the "feature" will hopefully not directly affect me. But since I am not an egoist, I tend to also think about other people...
replies(1): >>40208850 #
9. tgv ◴[30 Apr 24 07:08 UTC] No.40208062{4}[source]
So adding more of those is the answer?
replies(1): >>40208089 #
10. realusername ◴[30 Apr 24 07:13 UTC] No.40208089{5}[source]
Why would there be more outside the appstore since the appstore is fine with them?

I expect apps predominantly rejected from the appstore to try to go outside it and those casino-like scams are accepted on the appstore.

replies(1): >>40209260 #
11. Kbelicius ◴[30 Apr 24 07:42 UTC] No.40208250{3}[source]
> I bet it will happen that some apps i now use, which are in the regualar app store, will be pulled in favor of a own app store which has more tracking and maybe even cost money.

Did not happen for Andorid so there is no reason to think that it will happen in this case. Also, how would an app installed from another store be able to track you more if you are using the same OS. That just sounds like bad OS design from Apple.

12. lupusreal ◴[30 Apr 24 09:19 UTC] No.40208850{3}[source]
Personally I think other people should be welded into their homes to protect them from all the dangers they might face outside. If they opened their doors they would be subjected to all manner of hazards and risks like crime or being hit by a bus, and I'm not an egoist so.. weld them in!
replies(1): >>40272732 #
13. tgv ◴[30 Apr 24 10:19 UTC] No.40209260{6}[source]
Of course there will be more backdoored, hacked spyware outside the appstore, because there's no oversight for side-loading. And if some game dev says "hey, you can get rid of the ads by side loading" then quite a lot of people are going to do that. They don't understand security.
replies(1): >>40209970 #
14. sevagh ◴[30 Apr 24 11:22 UTC] No.40209769{3}[source]
That's what your app creators want, you should be happy for them to have the freedom to distribute their product to you as they see fit.
15. realusername ◴[30 Apr 24 11:50 UTC] No.40209970{7}[source]
I don't see how appstore reviews (because that's the only thing that changes compared to an install from a website) can prevent much spyware to happen. Only the most obvious stuff could possibly get caught in these processes.

Having passed the appstore review myself, they are nothing but very shallow (except for anything touching their revenue streams of course)

Saying that the phone will be full of malware with a normal install is just saying with other words that the iPhone sandboxing is trash, which it really isn't, it's well made.

replies(1): >>40210787 #
16. neverokay ◴[30 Apr 24 13:30 UTC] No.40210787{8}[source]
You may be not be aware of or simply have forgotten ever visiting a friend or family’s computer where all kinds of AskJeeeves toolbars are installed from god knows where. Many people I know managed to have entire pop ups installed soon as they start their computer.

I’m not worried about you or me. The EU is just wrong on this one. They are making the worst assumption about the average user, and that’s that they are tech savvy.

replies(1): >>40210857 #
17. realusername ◴[30 Apr 24 13:38 UTC] No.40210857{9}[source]
> You may be not be aware of or simply have forgotten ever visiting a friend or family’s computer where all kinds of AskJeeeves toolbars are installed from god knows where.

And how are you going to make those OS-wide popups with the iOS sandbox exactly?

Be sure that if apps could make it, they already would, appstore reviews or not.

There's some very strange communication on Apple side saying simultaneously that their phone is the most secure thing in the world on their website and pretending to the EU that it's Swiss cheese and that manual reviews kind of save the day instead. They have to pick one.

> I’m not worried about you or me. The EU is just wrong on this one.

No, I believe the EU is right here but very late to the party and not even pushing far enough if I'm being honest. There's some talks need to allow OS reinstalls and I don't see any yet.

replies(1): >>40212956 #
18. callalex ◴[30 Apr 24 15:53 UTC] No.40212454{3}[source]
That’s not what side loading is and that’s not how apple silicon’s secure boot works.
19. neverokay ◴[30 Apr 24 16:36 UTC] No.40212956{10}[source]
I’ve seen tracking apps that prompt the user to enable a vpn on iOS so all their traffic is routed through them (this was not a vpn app, this was a user tracking app - not malicious. Now imagine a malicious one that doesn’t go through App Store review). The vpn thing on iOS is concerning. The user may not even know or remember they allowed it and it could just be sitting on their phone indefinitely.

I’d like it if Apple restricted VPN access for only App Store approved apps.

Again, it’s not you who I’m concerned about. It’s everyone else. It’s not hard, watch:

here you go dumb teenager, download this crypto app and hit accept on everything and get mining this new alt coin

Boom, vpn enabled and traffic intercepted.

replies(1): >>40213385 #
20. realusername ◴[30 Apr 24 17:11 UTC] No.40213385{11}[source]
Even on the web, those are blocked with a malware list, I'm not sure that's the best argument for the appstore.

The contribution of the review here (which this kind of malware would easily pass with a server side trigger anyways) doesn't seem that important.

I don't think Apple should restrict which VPN can go though anyways just because of the privacy issues in a lot of dictatorships, they're aren't the best party to do that and are subject to dubious requests, as seen as in China or Russia.

21. lynx23 ◴[06 May 24 09:16 UTC] No.40272732{4}[source]
Very constructive comment, thanks you!

So, me liking the AppStore checks as an extra security measure leads to you suggesting people should be welded into their homes. That is totally sane and absolutely not childish.