Craig Federighi, Apple's head of software engineering, used his time onstage at the Web Summit 2021 conference to air a laundry list of complaints about proposed requirements for sideloading apps onto iPhones.
Federighi, who is in charge of Apple's iOS and macOS software divisions, was expressing his displeasure with the European Commission's proposed Digital Markets Act, which, if passed, would force Apple to allow users to install apps outside of the iOS App Store.
According to Federighi, the lack of sideloading is what distinguishes Apple's relatively low malware rate on iOS from the "5 million Android attacks per month," and that if Apple were forced to allow users to install their own apps, the floodgates for malware would open.
Meanwhile, to limit malware, Apple uses human app review and a single point of distribution approach.
He also opposes a widely proposed solution that would allow users to decide for themselves whether or not to risk sideloading apps. The issue is that "criminals are clever, and they're really good at hiding in plain sight," which means that even well-informed users could be fooled by deceptive websites or end up with fake app stores on their phones.
Throughout the event, Federighi used a house analogy several times. He compared purchasing an iPhone to buying a "great home with a really great security system," only to have a new law enacted that forces you to compromise your home's security.
"The safe house that you chose now has a fatal flaw in its security system, and burglars are really good at exploiting it," Federighi said.
The Apple executive also warned that the legislation comes at a time when there have "never been more cybercriminals" determined to access the private information on your iPhone. "Sideloading is a cybercriminal's best friend," Federighi said. "And requiring that on iPhone would be a gold rush for the malware industry."
If Apple so desired, it could enable iOS sideloading in a similar manner and require something similar to the Gatekeeper system on macOS, which allows Apple to check signed developer IDs to confirm the software is genuine.
It's an argument that Judge Yvonne Gonzalez Rogers raised during the Apple-Epic trial, stating that Federighi may be "stretching the truth" about Mac malware concerns and that Apple could likely make a similar system work on iOS.
