New possibilities with sideloading in iOS 17.04
Apple’s latest update is opening doors to new app experiences
Apple’s decision to introduce sideloading in iOS 17.04 marks a major shift in the company’s tightly controlled app ecosystem. Previously, users were restricted to downloading apps only from Apple’s official App Store, a practice that guaranteed a higher degree of security and privacy.
With iOS 17.04, released in March 2024, users can now install apps from third-party app stores and sideload apps directly onto their devices—directly responding to the European Union’s Digital Markets Act (DMA), which mandates that “gatekeepers” like Apple must open their platforms to greater competition.
This update greatly impacts the app landscape. Users now have the flexibility to access a wider range of applications, including those that may not have met Apple’s stringent App Store guidelines.
For developers, this opens up new avenues to reach consumers without going through Apple’s review process. While this newfound freedom expands the possibilities for app experiences, it also introduces new challenges in terms of security and quality control.
Why Apple had to open the gates to third-party apps in Europe
The Digital Markets Act, introduced by the European Commission, is a landmark regulation aimed at curbing the dominance of major tech companies over digital markets. Apple, classified as a “gatekeeper” due to its enormous market influence, is compelled by this legislation to allow third-party software and app stores on its platform.
The DMA seeks to dismantle the monopolistic tendencies of large tech firms by making sure smaller competitors can also participate in the market.
For Apple, compliance with the DMA means relinquishing some control over its app ecosystem. While this move aligns with the EU’s goal of encouraging a more competitive digital market, it also challenges Apple’s longstanding approach to maintaining tight security and privacy standards within its ecosystem.
What you need to know about the Digital Markets Act
How the Digital Markets Act is impacting the tech world
The Digital Markets Act (DMA) is a regulatory framework designed to address the disproportionate control that large technology companies, known as “gatekeepers,” wield over digital markets.
The DMA’s objectives are clear: to foster competition, encourage innovation, and provide consumers with more choices. The DMA directly challenges the status quo that has allowed these companies to dominate their respective markets.
Breaking down the barriers built by Silicon Valley giants
One of the DMA’s primary goals is to reduce the market dominance of these gatekeepers. In the context of Apple, this means breaking the company’s near-total control over what apps can be installed on its devices.
The DMA seeks to level the playing field, giving smaller developers and companies a chance to compete—aiming to dismantle the barriers that have historically prevented new entrants from challenging established tech giants.
How Europe is forcing tech titans to open up to competition
The DMA actively mandates that gatekeepers like Apple enable third-party software and app stores on their platforms—forcing these companies to relinquish some of their control over their ecosystems—making it easier for smaller players to introduce new apps and services to the market.
In doing so, the DMA improves consumer choice and injects much-needed competition into the digital marketplace, which has long been dominated by a few major players.
Why Apple fought hard against sideloading and what it means now
Apple has historically opposed sideloading due to the potential security risks it poses. The company has built its reputation on providing a secure and privacy-focused environment for its users, and sideloading undermines this foundation.
Apple’s strict control over its App Store, including a rigorous review process, has been a key part of its security strategy.
Apple fears that by introducing sideloading, the security of its devices could be compromised, as users could inadvertently install malicious apps from untrusted sources.
Tim Cook’s warnings about sideloading and iPhone security
In 2021, Tim Cook, CEO of Apple, publicly voiced concerns that allowing sideloading would “destroy the security of the iPhone and a lot of the privacy initiatives” that the company had spent years building.
Despite these concerns, Apple had no choice but to comply with the DMA—pointing out the tension between regulatory compliance and the company’s commitment to maintaining a secure and controlled ecosystem.
While the DMA’s requirements may promote competition, they also highlight major challenges to Apple’s security framework.
Dangers of sideloading apps on your iPhone
Sideloading is upending the security we’ve come to trust
The App Store, along with Google Play Store, is key in safeguarding users by enforcing strict review processes before apps are made available for download. This review process, while not foolproof, greatly reduces the risk of malware and other malicious software reaching users’ devices.
With the introduction of sideloading, this safety net is bypassed, increasing the likelihood of security breaches.
App Store reviews are more important than ever
App stores rely on user reviews and rankings as an additional layer of security—providing valuable insights into an app’s performance, reliability, and safety, helping users make informed decisions.
In the sideloading scenario, this crowdsourced quality assurance is absent. Without these reviews, users are at greater risk of downloading apps that may be poorly optimized, unstable, or even harmful. Absence of this feedback mechanism further compounds the security risks associated with sideloading.
Specific dangers behind sideloaded apps
Third-party app stores are a breeding ground for malware
Third-party app stores typically lack the strict security protocols that official app stores enforce. As a result, these stores can become breeding grounds for malicious software.
Malware, which can range from data-stealing viruses to intrusive adware, is a huge threat in third-party stores where apps are not subject to the same rigorous checks. When users sideload apps from these stores, they bypass the protections that official app stores provide, exposing their devices to a host of security risks.
How missing updates on sideloaded apps could cost you dearly
One of the primary vulnerabilities associated with sideloading is the lack of automatic updates, including security patches.
Official app stores provide regular updates that address security flaws and improve app performance. By contrast, sideloaded apps often miss out on these updates, leaving them vulnerable to exploitation.
Given that many users do not manually update their apps, this creates a major risk, as unpatched vulnerabilities can serve as entry points for cyberattacks.
The business nightmare of uncontrolled sideloading
Why sideloading is widening the attack surface for businesses
For businesses, the absence of app store protections means that the attack surface for corporate devices is greatly widened.
Unsanctioned apps, installed without the oversight of IT departments, can introduce malware, compromise sensitive data, and weaken overall security posture. As more employees potentially sideload apps on their work devices, the risk of a security breach increases, making it more difficult for businesses to protect their data and networks.
Sideloaded apps could be invading your privacy
Sideloaded apps may request excessive permissions that official app store apps do not. These permissions can grant apps access to sensitive information, such as contacts, location data, and even camera and microphone functions.
Without the rigorous review process that official app stores enforce, there is a greater risk that these permissions could be misused, leading to unauthorized data collection and potential privacy violations.
Sideloaded apps can wreck your phone’s performance
Sideloaded apps may not be optimized for the specific device they are installed on, leading to crashes, slowdowns, and other performance problems. In a business context, such issues can result in reduced productivity and increased IT support costs.
User reviews are your first defense against bad apps
User reviews and rankings provide a community-driven mechanism for identifying problematic apps, allowing users to avoid apps that may be unsafe or poorly designed.
In the context of sideloading, this layer of security is missing. Without access to user reviews, users are left in the dark about the quality and safety of the apps they download, increasing the risk of encountering malicious or subpar applications.
Jailbreaking exposes iPhones to new vulnerabilities
Sideloading often requires users to jailbreak their iPhones, a process that involves bypassing the device’s built-in security features. Jailbreaking opens the door to a range of vulnerabilities, as it involves altering the device’s security settings to allow installations from unknown sources.
This then increases the risk of installing malicious software and makes the device more susceptible to other types of cyberattacks. For businesses, the presence of jailbroken devices on their networks can greatly compromise overall security.
The ripple effects of Europe’s move to open digital markets
Through breaking the control that gatekeepers like Apple have over their ecosystems, the DMA broadens consumer choice and facilitates competition. Consumers now have access to a wider variety of apps and services, potentially leading to more innovative and diverse offerings in the market.
The promise and risks of innovation under Europe’s new rules
The DMA’s potential to spur innovation is not insignificant. Similar to the impact of Open Banking regulations, which led to a wave of new financial products and services, the DMA could inspire a new era of creativity in the app development world.
Introducing third-party app stores and sideloading could lead to an increase in security threats, as developers may prioritize speed and novelty over security and quality. Balancing these risks with the potential benefits will be a key challenge for both regulators and the broader industry.
Sideloading is adding new layers of complexity for security teams
Traditional endpoint security strategies may not fully address the unique risks sparked by sideloaded apps. Security teams must now develop new protocols and monitoring techniques to manage these risks, making sure devices remain secure despite the increased threats.
Continuous monitoring, risk assessment, and user education will be key components of a comprehensive security strategy in this new environment.
Final thoughts
As the digital market shifts with regulatory changes like the EU’s push for sideloading, the question isn’t just how your brand will adapt, but how you will leverage these changes to secure your market position.
Will you proactively address the security challenges and tap into new opportunities, or will you be left vulnerable in a rapidly evolving ecosystem? Now is the time to rethink your strategy—are you prepared for this new digital reality?
