In my work with I've discussed our work with gov regulators for South Africa, UK, EU and Japan as well as competition litigators from multiple US States and the EU. From this, I'm starting to see a picture of 's and 's semi-related strategies of making "sideloading" (installing apps outside of their control) look bad as a way to keep their monopolies in the face of and other regulatory actions. I'm still looking for data about the actual real world risks 1/

Google and Apple provide data about the malware they catch in their app store review processes. Both of them talk about "sideloading" as a security risk. Notably, neither Apple nor Google provide data on how much malware comes from outside of their app stores. Nor do they provide data-based analysis of which is the bigger threat: malware that makes it into their app stores or from other channels. They have this data, they track installs and active apps plus there is etc 2/

Show thread

For example, the biggest incident that I know about remains, which got into over 4000 apps, which all passed 's review and were shipped by the Apple App Store. All told, those apps were installed 128 million times. Another measure is which seems to have maintained zero click access to and for years. That is spread by exploiting messenger apps, not by or "sideloading" 3/

Show thread

just posted a pointer to a bit of related data:

"Google hasn't published detailed stats about the dangers of sideloading in a while, but in 2018, it used to publish yearly security reports with statistics on malware installation sources. Back then, Google found that 0.04 percent of all downloads from the Google Play Store were "PHAs" (potentially harmful apps), while sources "Outside of Google Play" had a 0.92 percent PHA install rate."

Show thread

I wonder why they stopped publishing this report in 2018? Since then, they have implemented and rolled out a number of key features in that make installing outside of a lot safer. I think the changes to "Unknown Sources" improved both the user experience and the security of the platform. I would have thought they would want to advertise that.

Show thread

The reason is, that the top 100 apps in PlayStore are all harmful. I just have to say "TikTok" and "Temu".

Maybe there should be a website, that explains this to average users.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml