Francisco TolmaskyI really hate the term “side-loading.” We shouldn’t need a word for the normal way we’ve been installing apps for the past 40 years. If tomorrow Apple decided they were going to start only letting you visit web pages they approved of, we wouldn’t call some sort of alternating system that let you see *the rest of the fucking internet* “side-paging”. We’d instead call the whole thing bullshit.
Jeff Atwood@tolmasky trading binaries makes this a far more dangerous game than the web
@codinghorror We didn’t call it side loading binaries on macOS either. Arguably the AppStore has done nothing for security, that’s all sandboxing. Apple constantly allows scam apps on the store, takes forever to take them down, lets them advertise [1], and often lists them higher in search! To quote Phill Schiller: “Is no one minding the store?!” Arguably it’s worse for security since people are convinced everything there is safe. It’s the TSA of app security.
Shady Authenticator Apps Flood Apple and Google App Stores After Twitter Shifts from SMS-Based 2FA
Security researchers are sounding the alarm over a wave of questionable authenticator apps flooding the Apple App Store and Google Play after Twitter’s recent shift from SMS-based 2FA [https://www.
@tolmasky yeah, that's all fine, but to say "just like the web" isn't correct when you are dealing with binaries. There is a movement to put binaries on the web (webassembly?) https://webassembly.org/
Miguel Arroz@codinghorror @tolmasky There's a big difference between a user explicitly downloading, installing and running a binary, and the browser downloading and running some binary that does who knows what from some advertising company when I open the newspaper website.
Either I trust the provider of the software I install on my Mac… or I don't. The means of distribution are irrelevant, as long as there's a system that guarantees the binary isn't tampered along the way (and there is, code signing).