Politics: ‘Sideloading is a cyber criminal’s best friend,’ according to Apple’s software chief

Lawmakers praise upcoming establishment of cyber bureau at State

  Lawmakers praise upcoming establishment of cyber bureau at State Lawmakers on both sides of the aisle are praising the upcoming establishment of a new cybersecurity bureau at the State Department, following years of advocacy and escalating global attacks. The move to establish a Bureau of Cyberspace and Digital Policy, first reported Monday by The Wall Street Journal, would help to resolve criticism around the State Department's leadership on international cyber diplomacy efforts after the decision by former Secretary of State Rex Tillerson in 2017 to merge a former cyber office with another bureau.

“Sideloading is a cyber criminal’s best friend and requiring that on iPhone would be a gold rush for the malware industry,” according to Apple senior vice president Craig Federighi, who delivered a dramatic speech at Web Summit 2021 declaiming the security risks if Apple were required to let users sideload apps.

  ‘Sideloading is a cyber criminal’s best friend,’ according to Apple’s software chief

Federighi, who oversees Apple’s iOS and macOS software divisions, was specifically protesting the European Commission’s proposed Digital Markets Act, which, if passed, would require Apple to let users install apps outside of the iOS App Store. According to Federighi, the lack of sideloading is what separates Apple’s relatively low rate of malware on iOS from the “5 million Android attacks per month,” and that if Apple were forced to let users install their own apps, “the floodgates are open for malware.”

Blinken formally announces new State Department cyber bureau

  Blinken formally announces new State Department cyber bureau Secretary of State Antony Blinken on Wednesday formally announced the establishment of a new cyber bureau at the State Department to help tackle cyber and emerging technology diplomatic issues.The new Bureau of Cyberspace and Digital Policy was announced by Blinken as part of a speech around the reorganization and modernization of the State Department to meet 21st century needs, with Blinken noting he consulted with Congress and outside experts prior to establishing the office.

Federighi also argues against a popular proposed solution of letting users decide for themselves whether to take the risk of sideloading apps. The problem is that “criminals are clever, and they’re really good at hiding in plain sight,” and that even informed users might get caught by misleading websites, or even get stuck with fake app stores installed on their phones.

Apple is still very much against sideloading

And even if you, a tech-savvy smartphone expert, might not be fooled, Federighi plays on the heartstrings and asks the audience to think of the children or parents who might be fooled. “The fact that anyone can be harmed by malware isn’t something that we should stand for,” Federighi concludes, despite the fact that Apple still routinely deals with multimillion-dollar scams that the company only just added the ability to report in September.

Warner says cyber threats more worrying than 'traditional weaponry'

  Warner says cyber threats more worrying than 'traditional weaponry' Sen. Mark Warner (D-Va.), said Thursday that cyber attacks pose larger risks than conventional warfare citing the recent SolarWinds and Colonial Pipeline hacks as examples of a "dramatically" different security environment that has taken shape over the past decade."It means a whole set of cyber risks that frankly keep me up more at night than traditional weaponry," Warner said during an interview with The Hill's Steve Clemons.Warner, the"It means a whole set of cyber risks that frankly keep me up more at night than traditional weaponry," Warner said during an interview with The Hill's Steve Clemons.

Federighi’s picture of doom doesn’t just stop there, though: he also raises the concern that if Apple were to allow sideloading, “some social networking apps will probably try to avoid the pesky privacy protections of the App Store and only make their apps available via sideloading.” According to Federighi, Apple’s privacy requirements in the App Store go beyond those of the letter of the law, and social media companies looking to escape those could force customers to choose between “losing touch with your friends online, or taking on the risks of sideloading.”

“Sideloading undermines security and puts people’s data at risk,” according to Federighi, and that if customers and regulators want the option to sideload apps, the alternative of Android should be enough to meet that without requiring it for iPhones. But all the concerns on iOS are curious, given the other half of his job description: leading the macOS software team, where apps can be freely installed outside of Apple’s app store (and have been for decades) without suffering from apocalyptic malware attacks.

Sheriff defends filing of criminal complaint against Cuomo

  Sheriff defends filing of criminal complaint against Cuomo CLARKSVILLE, N.Y. (AP) — A New York sheriff on Friday defended his decision to file a criminal complaint against former New York Gov. Andrew Cuomo without consulting prosecutors or the accuser, a woman who says the Democrat groped her late last year. But Sheriff Craig Apple said he was confident in the strength of the case, which he said was based on witness interviews and voluminous records. “I feel very confident that the district attorney is going to prosecute this,” he told reporters at a news conference in Albany, the state capital. The sheriff said he spoke with the district attorney after Thursday’s filing, but declined to share what was said.

If Apple wanted, it could enable iOS sideloading in a similar manner and require something like the Gatekeeper system on macOS, which allows for Apple to check signed developer IDs to confirm the software is genuine. It’s an argument that Judge Yvonne Gonzalez Rogers noted as well during the Apple / Epic trial, commenting that Federighi may be “stretching the truth” on Mac malware concerns and that Apple could likely make a similar system work on iOS.

And most notably, Federighi’s speech completely ignores the fact that by requiring all apps to be installed through the App Store, it forces all app commerce to flow through the App Store, too — where Apple collects its highly contested 30 percent cut, to the tune of billions of dollars every year.

Hillicon Valley — Justice Department takes on Uber .
Today is Wednesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.Follow The Hill's cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.The Biden administration launched a lawsuit against another Silicon Valley company on Wednesday - this time setting its sights on Uber.

See also