Tim Cook says Android has 47 times more malware than iOS because of sideloading

[captaincranky]

Tim Cook has poured more fuel into the Apple vs. Android debate by claiming Google's OS has 47 times more malware than Cueprtino's, primarily because of how difficult iOS makes sideloading apps. He added that if Apple was forced to allow the practice, it would destroy the security of the iPhone.

If this messages were to fall on anyone's deaf ears, it should be Google itself.
Google is quite aware of, (and allows) app side loading. It would seem to be in their best interest to evaluate these apps, and get rid of then, or at the very least, publish a list of the dangerous ones. While that would cost money, and possibly cut into their app store profits, it would ultimately function to shut Tim Cook up.

That would be worth far more than the investment, IMHO

 

[NumberSix]

What he says is probably correct but he is just playing with the number to make Apple look good. I wonder what the figure is if you only take into account the overwhelming number of Android users that only install things from the Play Store and never even heard of side loading let alone done it.

 

[amghwk]

The first thing I sideload whenever I root my (Android) phones (of course), is, install AdAway and f-k most systemwide ads that are otherwise pushed on my face. Plus YouTube Vanced which also f-ks off all forced YT ads.

This is freedom to install what I want and kick out whatever is annoying.

 

[Puiu]

Then iOS isn't for you. What is so hard to understand?

Because people are, for some weird and completely illogical reason, defending Apple on this. They are saying that fewer options is better for consumers.

It's one thing to say "deal with it, it's how Apple rolls", it's another to be brainwashed into thinking that "it's better this way".

The only and only reason Apple doesn't allow sideloading is because they don't get any $$$ from it (it circumvents the store). It has nothing to do with security on a feature that actively requires the user to turn on and know how to use.

 

[captaincranky]

The only and only reason Apple doesn't allow sideloading is because they don't get any $$$ from it (it circumvents the store). It has nothing to do with security on a feature that actively requires the user to turn on and know how to use.

I can picture that many novice or greedy, "app hounds", can, or certainly could, manage to get their phones virused up in short order.

Thus, "caveat emptor deorsus onus" That's as close as I could come to "downloader beware", in Latin on such short notice. In my own defense, Rome certainly didn't have computers, let alone Apple or Android phones.

 

[dnous]

Honestly, I can agree with Apple's approach on iOS. More people than we want to admit need to be protected from themselves. A good example are scammers that sent fake links for example DHL tracking statuses. The user needs to sideload the app, enable sideloading and again agreeing to the risks of doing this and still end up scammed. For them the "walled garden" approach is ideal. It protects them from their own gullibility and generally gives them a better experience than they would have on an Android device (even if they are the reason that they have a worse experience).

And yeah, it's profitable for them (as it should), but that is a completely different conversation.

 

[captaincranky]

Honestly, I can agree with Apple's approach on iOS. More people than we want to admit need to be protected from themselves.

Some years ago,I recommended to an older gentleman, (coming from a flip phone and intending to buy a smartphone), that he purchase nothing but an iPhone. Oh sure, it was like I was standing next to myself watching the words come out of my mouth, but I did it nonetheless.

 

[HotToz]

He is using side load security concerns to impose monopolistic practices rather than focus in real os practices to have a secure system. Less benefits for consumers and bigger profits

 

[Danny101]

Except that side loading apps on Android is unlikely as common as he's making it out to be. I have, but rarely so. Even PlayStore apps get extra security investigation before I consider downloading them .

 

[ZedRM]

Tim Cook clearly doesn't understand the Android ecosystem. Part of what make Android great is the ability for users to run their own code/apps. Tim Cook wouldn't understand the concept of freedom if it bit him in the neck...

 

[Squid Surprise]

Tim Cook clearly doesn't understand the Android ecosystem. Part of what make Android great is the ability for users to run their own code/apps. Tim Cook wouldn't understand the concept of freedom if it bit him in the neck...

Pretty sure he DOES understand it... but he feels that the iOS ecosystem is better - or at least, far more profitable...

 

[ZedRM]

Pretty sure he DOES understand it... but he feels that the iOS ecosystem is better - or at least, far more profitable...

Fair point! That still makes his narrowmindedness exceedingly great.

 

[Shadowboxer]

Tim Cook is 100% correct. Sideloading on iOS would ruin it. I pity the people who are too thick to grasp this. Just leave it alone and don’t buy an iPhone? Literally no one is forced to own one and those that do don’t want buggy sideloaded garbage.

 

[Squid Surprise]

Fair point! That still makes his narrowmindedness exceedingly great.

Not sure "narrowmindedness" is the word I'd use.... He runs the chief competitor of Android - and his company is profiting more than almost any other on the planet... Perhaps "greedy" is what you're looking for?

 

[ZedRM]

Perhaps "greedy" is what you're looking for?

While that would be a fair thing to say, he is focused on doing things in a specific pattern & methodology and he very clearly thinks anything outside that pattern is bad. Some might call that bigoted. I call it pathetically narrowminded.

 

[Darth Shiv]

While that would be a fair thing to say, he is focused on doing things in a specific pattern & methodology and he very clearly thinks anything outside that pattern is bad. Some might call that bigoted. I call it pathetically narrowminded.

And he has a hugely successful business. What do you have?

 

[Darth Shiv]

Here are some incontrovertible facts. You cannot exploit a feature that doesn't exist. That includes social engineering or interventionless. One of the largest vectors for any exploit nowadays is social engineering. E.g. a user being tricked into doing something. Guess what a user can't be tricked into doing? Yes that's right. Something that is IMPOSSIBLE.

If I were Tim Cook, on that basis, I wouldn't give a flying F about all the whining on tech forums and for very good reason. You can't just magic away real security issues. Pretend all you like. One thing he never has to do is patch sideloading or train tech illiterates how to not fall for social engineering on that vector now does he?

Coming from a Microsoft eco, every feature those MSFT clowns adds ALWAYS introduces a mountain of risk and many many many real security holes have been exploited over the years from not only on by default insecure junk but also disabled stuff that other holes have allowed them to take advantage of too.

It's a no-brainer. Anybody who thinks that doesn't exist is just absolutely clueless and completely unqualified for IT security. Sorry. Just a fact.

 

[Puiu]

Here are some incontrovertible facts. You cannot exploit a feature that doesn't exist. That includes social engineering or interventionless. One of the largest vectors for any exploit nowadays is social engineering. E.g. a user being tricked into doing something. Guess what a user can't be tricked into doing? Yes that's right. Something that is IMPOSSIBLE.

If I were Tim Cook, on that basis, I wouldn't give a flying F about all the whining on tech forums and for very good reason. You can't just magic away real security issues. Pretend all you like. One thing he never has to do is patch sideloading or train tech illiterates how to not fall for social engineering on that vector now does he?

Coming from a Microsoft eco, every feature those MSFT clowns adds ALWAYS introduces a mountain of risk and many many many real security holes have been exploited over the years from not only on by default insecure junk but also disabled stuff that other holes have allowed them to take advantage of too.

It's a no-brainer. Anybody who thinks that doesn't exist is just absolutely clueless and completely unqualified for IT security. Sorry. Just a fact.

Patch sideloading? Why would you need to "patch" it?

 

[ZedRM]

@Darth Shiv
Those are some interesting perspectives.

First, Tim Cook did not create Apple nor make it the giant that it is, Steve Jobs did that. Tim Cook is riding those coat-tails and following that lead, but in a hard-line way. I suspect Jobs would be just as annoyed and disappoint at what Apple has become as Woz has. Values and ideals matter. Cooks concept of such leaves much to be desired.

Second, I will take freedom of use and of customization afforded by sideloading over your idea of device security ALL DAY LONG! Why? Because it's my device. I own it, I control it, my way. With sideloading and root level authoritatives I can(and do) actually secure my device in a way that locking out user control can not.

 

[Darth Shiv]

Patch sideloading? Why would you need to "patch" it?

This is why you aren't qualified to do security on embedded devices. If you have a feature like sideloading and it is disabled, a security vulnerability could allow malicious actors to ENABLE and EXPLOIT it. Security 101.

 

[Darth Shiv]

@Darth Shiv
Those are some interesting perspectives.

First, Tim Cook did not create Apple nor make it the giant that it is, Steve Jobs did that. Tim Cook is riding those coat-tails and following that lead, but in a hard-line way. I suspect Jobs would be just as annoyed and disappoint at what Apple has become as Woz has. Values and ideals matter. Cooks concept of such leaves much to be desired.

Steve Jobs wanted control. He is not an engineer purist like Woz. He is a businessman and visionary. VERY different things. Jobs was a control freak. He and Tim Cook understand that control grants you a security ecosystem unobtainable by allowing sideloading. There are simply vectors he completely rules out doing so.

Second, I will take freedom of use and of customization afforded by sideloading over your idea of device security ALL DAY LONG! Why? Because it's my device. I own it, I control it, my way. With sideloading and root level authoritatives I can(and do) actually secure my device in a way that locking out user control can not.

Again, they set the rules for the device they sell. You can choose not to buy it. Whine all you like. They are far far far more qualified in device security than you and they have to consider ALL their customers not just your wants or needs.

 

[Danny101]

What he says is probably correct but he is just playing with the number to make Apple look good. I wonder what the figure is if you only take into account the overwhelming number of Android users that only install things from the Play Store and never even heard of side loading let alone done it.

Most probable. Only enthusiasts really bother that much with side loading. The main question then really is 'Which company does a better job of policing their own App Store?"

 

[Squid Surprise]

This is why you aren't qualified to do security on embedded devices. If you have a feature like sideloading and it is disabled, a security vulnerability could allow malicious actors to ENABLE and EXPLOIT it. Security 101.

And malicious (and benevolent) actors HAVE enabled and exploited it on Apple devices... hence jailbreaking and sideloading being possible if you know what you’re doing....

 

[Puiu]

This is why you aren't qualified to do security on embedded devices. If you have a feature like sideloading and it is disabled, a security vulnerability could allow malicious actors to ENABLE and EXPLOIT it. Security 101.

what you just said makes no sense at all. you don't just sideload apps because of a vulnerability. you would need multiple major holes with administrive privileges. if this were a problem you would have seen it been used on Android already.

FYI iOS does have the sideloading feature baked into the OS, it's just not made available to normal user. all Apple has to do is make it visible in the settings this makes your entire point moot

the only "security" issues with sideloading are the apps you install. and these will circumvent the app store. profit is the only reason Apple won't allow this.

 

[Darth Shiv]

what you just said makes no sense at all. you don't just sideload apps because of a vulnerability. you would need multiple major holes with administrive privileges. if this were a problem you would have seen it been used on Android already.

FYI iOS does have the sideloading feature baked into the OS, it's just not made available to normal user. all Apple has to do is make it visible in the settings this makes your entire point moot

the only "security" issues with sideloading are the apps you install. and these will circumvent the app store. profit is the only reason Apple won't allow this.

It absolutely does make sense. Admin exploits or social engineering are not impossible. In any sophisticated software OS that adds any number of features this risk is real let alone a large stagnant one. We see exploits for old code on WinNT kernel all the time. Android and Linux in general are no different - they are far from immune to admin privilege exploit.