Tim Cook says Android has 47 times more malware than iOS because of sideloading

captaincranky

Posts: 16,948   +5,706
Tim Cook has poured more fuel into the Apple vs. Android debate by claiming Google's OS has 47 times more malware than Cueprtino's, primarily because of how difficult iOS makes sideloading apps. He added that if Apple was forced to allow the practice, it would destroy the security of the iPhone.
If this messages were to fall on anyone's deaf ears, it should be Google itself.
Google is quite aware of, (and allows) app side loading. It would seem to be in their best interest to evaluate these apps, and get rid of then, or at the very least, publish a list of the dangerous ones. While that would cost money, and possibly cut into their app store profits, it would ultimately function to shut Tim Cook up.

That would be worth far more than the investment, IMHO
 

NumberSix

Posts: 29   +39
What he says is probably correct but he is just playing with the number to make Apple look good. I wonder what the figure is if you only take into account the overwhelming number of Android users that only install things from the Play Store and never even heard of side loading let alone done it.
 

amghwk

Posts: 1,054   +968
The first thing I sideload whenever I root my (Android) phones (of course), is, install AdAway and f-k most systemwide ads that are otherwise pushed on my face. Plus YouTube Vanced which also f-ks off all forced YT ads.

This is freedom to install what I want and kick out whatever is annoying.
 

Puiu

Posts: 4,666   +3,533
TechSpot Elite
Then iOS isn't for you. What is so hard to understand?
Because people are, for some weird and completely illogical reason, defending Apple on this. They are saying that fewer options is better for consumers.

It's one thing to say "deal with it, it's how Apple rolls", it's another to be brainwashed into thinking that "it's better this way".

The only and only reason Apple doesn't allow sideloading is because they don't get any $$$ from it (it circumvents the store). It has nothing to do with security on a feature that actively requires the user to turn on and know how to use.
 

captaincranky

Posts: 16,948   +5,706
The only and only reason Apple doesn't allow sideloading is because they don't get any $$$ from it (it circumvents the store). It has nothing to do with security on a feature that actively requires the user to turn on and know how to use.
I can picture that many novice or greedy, "app hounds", can, or certainly could, manage to get their phones virused up in short order.

Thus, "caveat emptor deorsus onus" That's as close as I could come to "downloader beware", in Latin on such short notice. In my own defense, Rome certainly didn't have computers, let alone Apple or Android phones.
 

dnous

Posts: 34   +36
Honestly, I can agree with Apple's approach on iOS. More people than we want to admit need to be protected from themselves. A good example are scammers that sent fake links for example DHL tracking statuses. The user needs to sideload the app, enable sideloading and again agreeing to the risks of doing this and still end up scammed. For them the "walled garden" approach is ideal. It protects them from their own gullibility and generally gives them a better experience than they would have on an Android device (even if they are the reason that they have a worse experience).

And yeah, it's profitable for them (as it should), but that is a completely different conversation.
 

captaincranky

Posts: 16,948   +5,706
Honestly, I can agree with Apple's approach on iOS. More people than we want to admit need to be protected from themselves.
Some years ago,I recommended to an older gentleman, (coming from a flip phone and intending to buy a smartphone), that he purchase nothing but an iPhone. Oh sure, it was like I was standing next to myself watching the words come out of my mouth, but I did it nonetheless. :rolleyes:
 

HotToz

Posts: 31   +42
He is using side load security concerns to impose monopolistic practices rather than focus in real os practices to have a secure system. Less benefits for consumers and bigger profits
 

Danny101

Posts: 1,741   +756
Except that side loading apps on Android is unlikely as common as he's making it out to be. I have, but rarely so. Even PlayStore apps get extra security investigation before I consider downloading them .
 

ZedRM

Posts: 534   +325
Tim Cook clearly doesn't understand the Android ecosystem. Part of what make Android great is the ability for users to run their own code/apps. Tim Cook wouldn't understand the concept of freedom if it bit him in the neck...
 

Squid Surprise

Posts: 4,094   +3,249
Tim Cook clearly doesn't understand the Android ecosystem. Part of what make Android great is the ability for users to run their own code/apps. Tim Cook wouldn't understand the concept of freedom if it bit him in the neck...
Pretty sure he DOES understand it... but he feels that the iOS ecosystem is better - or at least, far more profitable...
 

Shadowboxer

Posts: 1,535   +1,106
Tim Cook is 100% correct. Sideloading on iOS would ruin it. I pity the people who are too thick to grasp this. Just leave it alone and don’t buy an iPhone? Literally no one is forced to own one and those that do don’t want buggy sideloaded garbage.
 

Squid Surprise

Posts: 4,094   +3,249
Fair point! That still makes his narrowmindedness exceedingly great.
Not sure "narrowmindedness" is the word I'd use.... He runs the chief competitor of Android - and his company is profiting more than almost any other on the planet... Perhaps "greedy" is what you're looking for?
 

ZedRM

Posts: 534   +325
Perhaps "greedy" is what you're looking for?
While that would be a fair thing to say, he is focused on doing things in a specific pattern & methodology and he very clearly thinks anything outside that pattern is bad. Some might call that bigoted. I call it pathetically narrowminded.
 
Last edited:

Darth Shiv

Posts: 2,183   +765
While that would be a fair thing to say, he is focused on doing things in a specific pattern & methodology and he very clearly thinks anything outside that pattern is bad. Some might call that bigoted. I call it pathetically narrowminded.
And he has a hugely successful business. What do you have?
 

Darth Shiv

Posts: 2,183   +765
Here are some incontrovertible facts. You cannot exploit a feature that doesn't exist. That includes social engineering or interventionless. One of the largest vectors for any exploit nowadays is social engineering. E.g. a user being tricked into doing something. Guess what a user can't be tricked into doing? Yes that's right. Something that is IMPOSSIBLE.

If I were Tim Cook, on that basis, I wouldn't give a flying F about all the whining on tech forums and for very good reason. You can't just magic away real security issues. Pretend all you like. One thing he never has to do is patch sideloading or train tech illiterates how to not fall for social engineering on that vector now does he?

Coming from a Microsoft eco, every feature those MSFT clowns adds ALWAYS introduces a mountain of risk and many many many real security holes have been exploited over the years from not only on by default insecure junk but also disabled stuff that other holes have allowed them to take advantage of too.

It's a no-brainer. Anybody who thinks that doesn't exist is just absolutely clueless and completely unqualified for IT security. Sorry. Just a fact.
 

Puiu

Posts: 4,666   +3,533
TechSpot Elite
Here are some incontrovertible facts. You cannot exploit a feature that doesn't exist. That includes social engineering or interventionless. One of the largest vectors for any exploit nowadays is social engineering. E.g. a user being tricked into doing something. Guess what a user can't be tricked into doing? Yes that's right. Something that is IMPOSSIBLE.

If I were Tim Cook, on that basis, I wouldn't give a flying F about all the whining on tech forums and for very good reason. You can't just magic away real security issues. Pretend all you like. One thing he never has to do is patch sideloading or train tech illiterates how to not fall for social engineering on that vector now does he?

Coming from a Microsoft eco, every feature those MSFT clowns adds ALWAYS introduces a mountain of risk and many many many real security holes have been exploited over the years from not only on by default insecure junk but also disabled stuff that other holes have allowed them to take advantage of too.

It's a no-brainer. Anybody who thinks that doesn't exist is just absolutely clueless and completely unqualified for IT security. Sorry. Just a fact.
Patch sideloading? Why would you need to "patch" it?
 

ZedRM

Posts: 534   +325
@Darth Shiv
Those are some interesting perspectives.

First, Tim Cook did not create Apple nor make it the giant that it is, Steve Jobs did that. Tim Cook is riding those coat-tails and following that lead, but in a hard-line way. I suspect Jobs would be just as annoyed and disappoint at what Apple has become as Woz has. Values and ideals matter. Cooks concept of such leaves much to be desired.

Second, I will take freedom of use and of customization afforded by sideloading over your idea of device security ALL DAY LONG! Why? Because it's my device. I own it, I control it, my way. With sideloading and root level authoritatives I can(and do) actually secure my device in a way that locking out user control can not.
 

Darth Shiv

Posts: 2,183   +765
Patch sideloading? Why would you need to "patch" it?
This is why you aren't qualified to do security on embedded devices. If you have a feature like sideloading and it is disabled, a security vulnerability could allow malicious actors to ENABLE and EXPLOIT it. Security 101.
 

Darth Shiv

Posts: 2,183   +765
@Darth Shiv
Those are some interesting perspectives.

First, Tim Cook did not create Apple nor make it the giant that it is, Steve Jobs did that. Tim Cook is riding those coat-tails and following that lead, but in a hard-line way. I suspect Jobs would be just as annoyed and disappoint at what Apple has become as Woz has. Values and ideals matter. Cooks concept of such leaves much to be desired.
Steve Jobs wanted control. He is not an engineer purist like Woz. He is a businessman and visionary. VERY different things. Jobs was a control freak. He and Tim Cook understand that control grants you a security ecosystem unobtainable by allowing sideloading. There are simply vectors he completely rules out doing so.

Second, I will take freedom of use and of customization afforded by sideloading over your idea of device security ALL DAY LONG! Why? Because it's my device. I own it, I control it, my way. With sideloading and root level authoritatives I can(and do) actually secure my device in a way that locking out user control can not.
Again, they set the rules for the device they sell. You can choose not to buy it. Whine all you like. They are far far far more qualified in device security than you and they have to consider ALL their customers not just your wants or needs.
 

Danny101

Posts: 1,741   +756
What he says is probably correct but he is just playing with the number to make Apple look good. I wonder what the figure is if you only take into account the overwhelming number of Android users that only install things from the Play Store and never even heard of side loading let alone done it.
Most probable. Only enthusiasts really bother that much with side loading. The main question then really is 'Which company does a better job of policing their own App Store?"
 

Squid Surprise

Posts: 4,094   +3,249
This is why you aren't qualified to do security on embedded devices. If you have a feature like sideloading and it is disabled, a security vulnerability could allow malicious actors to ENABLE and EXPLOIT it. Security 101.
And malicious (and benevolent) actors HAVE enabled and exploited it on Apple devices... hence jailbreaking and sideloading being possible if you know what you’re doing....
 

Puiu

Posts: 4,666   +3,533
TechSpot Elite
This is why you aren't qualified to do security on embedded devices. If you have a feature like sideloading and it is disabled, a security vulnerability could allow malicious actors to ENABLE and EXPLOIT it. Security 101.
what you just said makes no sense at all. you don't just sideload apps because of a vulnerability. you would need multiple major holes with administrive privileges. if this were a problem you would have seen it been used on Android already.

FYI iOS does have the sideloading feature baked into the OS, it's just not made available to normal user. all Apple has to do is make it visible in the settings this makes your entire point moot

the only "security" issues with sideloading are the apps you install. and these will circumvent the app store. profit is the only reason Apple won't allow this.
 

Darth Shiv

Posts: 2,183   +765
what you just said makes no sense at all. you don't just sideload apps because of a vulnerability. you would need multiple major holes with administrive privileges. if this were a problem you would have seen it been used on Android already.

FYI iOS does have the sideloading feature baked into the OS, it's just not made available to normal user. all Apple has to do is make it visible in the settings this makes your entire point moot

the only "security" issues with sideloading are the apps you install. and these will circumvent the app store. profit is the only reason Apple won't allow this.
It absolutely does make sense. Admin exploits or social engineering are not impossible. In any sophisticated software OS that adds any number of features this risk is real let alone a large stagnant one. We see exploits for old code on WinNT kernel all the time. Android and Linux in general are no different - they are far from immune to admin privilege exploit.