Source: Tiny Ivan via Alamy Stock Photo
COMMENTARY
Thanks to the European Union's Digital Markets Act, earlier this year sideloading became possible on iOS devices in Europe. In a historic shift, Apple finally unlocked the gates to its tightly controlled ecosystem, enabling users to download apps from third-party marketplaces and websites. While many have welcomed this newfound freedom, it has, somewhat unsurprisingly, sparked major security concerns.
Since the very first iteration of iOS, Apple has maintained strict oversight over its operating system, ensuring a high level of security by thoroughly vetting each app before allowing it into the App Store. This centralized control has provided a key advantage in preventing malware and unauthorized apps from infiltrating Apple devices. For years, Apple's "walled garden" has distinguished it from its competitors — notably Android, where sideloading has long facilitated the widespread distribution of malware. Now with the "androidification" of iOS, Apple, too, must contend with these security concerns. But how will it do so?
The Garden Is Still Walled, the Walls Are Just Smaller
The first and most obvious line of defense is Apple's notarization process. Unlike Android, apps installed from outside of the App Store must be notarized by Apple or else iOS will not install them, ensuring that they meet certain security requirements. Any iOS developers reading this will already be thinking this sounds familiar. However, Apple's notarization differs from the traditional App Store review process in that it does not impose content restrictions, such as on pornography and illegal substances.
During this notarization process, Apple probes for malicious behavior by combining automated scanning and human review. The human aspect is a vital component as it detects threats that automatic tools may miss, such as social engineering attacks using fake apps. However, we should anticipate that malicious apps will still slip through the net. The fact that a fake version of the password manager LastPass made it into the App Store earlier this year shows that Apple's notarization process won't be bulletproof.
That being said, Google has never exerted this level of control, instead allowing anyone to generate a certificate and sign applications. So, while Apple won't catch every malicious app, this level of safeguarding will still play its part in preventing iOS from becoming an Android-like Wild West. This involves a process of identity verification in which all developers need to provide a legal name, phone number, and an address. Even though Apple prevented the creation of nearly 105,000 fraudulent developer accounts, in 2022, it's still widely known that there are sneaky methods to circumvent such identity verifications.
Ensuring a Resilient Runtime Environment
During the notarization process, Apple scans the apps that are submitted for sideloading for suspicious behavior. When and how these apps are scanned is key to reinforcing app security on iOS. To truly counteract the dangers of sideloading, iOS must bolster the real-time monitoring of its apps for vulnerabilities and threats while they're actively running in an authentic environment. This is because more advanced and dangerous apps can determine whether they are being run during the review process (e.g., by checking the date or the location of the device) and might not exercise their potential malicious behavior — a digital poker face, if you will, before it reveals its hand.
On Android, Google has been scanning installed applications with its Google Play Protect feature for some time. Apple could follow and expand on that example by actively observing the execution of the applications on their users' devices, a measure even Google has yet to implement. The observed behavior could then be analyzed with advanced threat detection algorithms.
Leveraging machine learning and behavioral analysis, such algorithms analyze app behavior and can proactively detect suspicious patterns. For instance, if a user sideloads an app onto their iOS device, unaware that it contains code designed to initiate unauthorized network connections, the app may exfiltrate user data to servers controlled by malicious actors. However, an advanced threat detection algorithm will detect anomalous behavior instantly, signaling it as a potential threat. The system can then initiate measures to quarantine or remove the malicious components and thus protect the user's device from harm.
To give Apple credit, there are some existing security features on iOS that will play a role in mitigating the dangers of sideloading. Sandboxing, for example, has long been used by Apple to contain the damage that a malicious application can cause when getting sideloaded. By walling off each app in a controlled, restricted environment (or sandbox), this method limits where certain code can be executed and, by extension, the capabilities of apps. This should prevent bad actors from accessing sensitive systems unless explicitly authorized. For instance, a user may sideload a video-editing app onto their iOS device that may, despite the app's legitimate functionality, attempt to access the device's microphone for undisclosed purposes. App sandboxing will detect and contain this unauthorized activity, blocking the app from accessing potentially sensitive data.
Apple's current approach to sideloading reflects a delicate balance, aiming to provide users with flexibility while ensuring that security standards are upheld. Ultimately, there's no way around the fact that sideloading will increase iOS's susceptibility to malware. Only time will tell how severe this threat will be.