In my work with #FDroid I've discussed our work with gov regulators for South Africa, UK, EU and Japan as well as competition litigators from multiple US States and the EU. From this, I'm starting to see a picture of #Apple's and #Google's semi-related strategies of making "sideloading" (installing apps outside of their #gatekeeper control) look bad as a way to keep their monopolies in the face of #DMA and other regulatory actions. I'm still looking for data about the actual real world risks 1/
Google and Apple provide data about the malware they catch in their app store review processes. Both of them talk about "sideloading" as a security risk. Notably, neither Apple nor Google provide data on how much malware comes from outside of their app stores. Nor do they provide data-based analysis of which is the bigger threat: malware that makes it into their app stores or from other channels. They have this data, they track installs and active apps plus there is #PlayProtect #XProtect etc 2/
For example, the biggest #mobile #malware incident that I know about remains #XCodeGhost https://en.wikipedia.org/wiki/XcodeGhost, which got into over 4000 apps, which all passed #Apple's review and were shipped by the Apple App Store. All told, those apps were installed 128 million times. Another measure is #NSOGroup #Pegasus which seems to have maintained zero click access to #Android and #iOS for years. That is spread by exploiting messenger apps, not by #AppStore or "sideloading" 3/
#ArsTechnica just posted a pointer to a bit of related data:
"Google hasn't published detailed stats about the dangers of sideloading in a while, but in 2018, it used to publish yearly security reports with statistics on malware installation sources. Back then, Google found that 0.04 percent of all downloads from the Google Play Store were "PHAs" (potentially harmful apps), while sources "Outside of Google Play" had a 0.92 percent PHA install rate."
I wonder why they stopped publishing this report in 2018? Since then, they have implemented and rolled out a number of key #security features in #Android that make installing outside of #GooglePlay a lot safer. I think the changes to "Unknown Sources" improved both the user experience and the security of the platform. I would have thought they would want to advertise that.
The reason is, that the top 100 apps in PlayStore are all harmful. I just have to say "TikTok" and "Temu".
Maybe there should be a website, that explains this to average users.