Apple iPhone App Sideloading Could Increase Risk of Phishing Attacks
Nov 15, 2023
Apple iPhone App Sideloading Could Increase Risk of Phishing AttacksCoin PricesApple iPhone App Sideloading Could Increase Risk of Phishing AttacksWith Apple reportedly set to enable EU iPhone users to install apps from outside the App Store, crypto security firms warned of the risks of malware. Create an account to save your articles. Your Web3 Gaming Power-UpWith Apple reportedly set to enable sideloading of apps for EU iPhone owners, blockchain security firms have warned that the practice could increase the risk of phishing attacks for crypto users. According to a recent Computer World report, Apple is set to let iPhone users in the EU install apps without needing to use its official App Store, in order to comply with the region's Digital Markets Act. This echoes previous reporting fromBloomberg in late 2022. But a recent report from blockchain security firm SlowMist has highlighted the dangers of app sideloading, with Chinese Android phone users suffering hundreds of thousands of dollars in losses from phishing attacks linked to a fake Skype app downloaded from outside the official Google Play Store. ADADWere Apple to enable app sideloading, crypto users could be targeted by "phishing attacks, asset theft, account password theft and other risks," SlowMist told Decrypt. "If Apple permits sideloading of apps, the inherent risks primarily revolve around the potential presence of malicious developers releasing applications that mimic legitimate ones, aiming to steal user data," David Schwed, COO of blockchain security firm Halborn,toldDecrypt. Although Apple's iOS and iPadOS include security features including sandboxing, declared entitlements, and Address Space Layout Randomization (ASLR), Schwed said, "These protections might not fully mitigate the risks posed by skillfully crafted, deceptive applications designed to exploit user trust and may lead to theft of data including credentials." While Apple declined to comment on the specific reports above, the company has previouslywarned of the risks of sideloaded apps in an October 2021 whitepaper . In the document, Apple argued that, "More harmful apps would reach users because it would be easier for cybercriminals to target them—even if sideloading were limited to third-party app stores only." In addition, cybercriminals could trick users into sideloading apps by mimicking the appearance of the App Store, the company warned. ADProtecting against phishing attacksBlockchain security firms provided advice on how crypto users can protect themselves against phishing attempts from sideloaded apps. "Don't click on unknown links; master the basic method of identifying phishing links; maintain suspicion and continuous verification of all authorization and passwords," a spokesperson for SlowMist told Decrypt. The company also pointed to its Blockchain Dark Forest Safeguard handbook . "Users can take proactive measures by scrutinizing the source of sideloaded apps," Halborn's Schwed toldDecrypt, who added that "users should exercise caution by examining the app developer's credibility." Ultimately, though, the best protection from sideloaded malware is simply not to sideload apps, he said: "Opting for applications from established and reputable app stores like Apple's App Store or Google Play Store, where apps undergo rigorous security reviews, can significantly reduce the risk of encountering harmful software."
As a seasoned cybersecurity expert with a deep understanding of the risks associated with mobile app security, I can attest to the critical nature of the concerns raised in the article regarding Apple iPhone app sideloading and its potential to increase the risk of phishing attacks.
The practice of sideloading apps, allowing users to install applications from sources other than the official App Store, has long been a topic of debate in the cybersecurity community. The article rightly emphasizes the warnings from blockchain security firms, particularly SlowMist and Halborn, about the potential dangers that may arise if Apple proceeds with enabling sideloading for iPhone users in the EU.
The evidence provided by SlowMist, citing incidents where Chinese Android phone users suffered significant financial losses due to phishing attacks linked to a fake Skype app downloaded from outside the official Google Play Store, serves as a compelling illustration of the real-world risks associated with sideloading. This incident underscores the fact that malicious actors can exploit users by distributing deceptive applications that mimic legitimate ones, putting user data and financial assets at risk.
David Schwed, COO of blockchain security firm Halborn, raises valid concerns about the limitations of Apple's existing security features, such as sandboxing, declared entitlements, and Address Space Layout Randomization (ASLR). While these features provide a level of protection, they may not fully mitigate the risks posed by skillfully crafted, deceptive applications designed to exploit user trust and potentially lead to the theft of sensitive data, including credentials.
It is worth noting that Apple, in its October 2021 whitepaper, acknowledged the risks associated with sideloaded apps, stating that enabling sideloading would make it easier for cybercriminals to target users. The company highlighted concerns about the increased likelihood of harmful apps reaching users, especially if sideloading were not limited to third-party app stores only. Furthermore, Apple warned that cybercriminals could trick users into sideloading apps by mimicking the appearance of the official App Store.
To mitigate the potential risks of phishing attacks and other security threats associated with sideloading, the article provides valuable advice from blockchain security firms. Users are advised to avoid clicking on unknown links, master methods for identifying phishing links, and continuously verify authorizations and passwords. Additionally, scrutinizing the source of sideloaded apps and examining the credibility of app developers are emphasized as proactive measures to enhance security.
In conclusion, the best protection against sideloaded malware remains not sideloading apps at all. Users are encouraged to opt for applications from established and reputable app stores, such as Apple's App Store or Google Play Store, where apps undergo rigorous security reviews. This approach significantly reduces the risk of encountering harmful software and reinforces the importance of user vigilance in the ever-evolving landscape of mobile app security.
