• TORFdot0@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    5
    ·
    9 months ago

    TestFlight isn’t the same as sideloading. And preventing sideloading has no effect on your IT illiterate relative handing over MDM control to a malicious actor.

    Would you blame sideloading if your relative gave a random “fraud specialist” at their bank their online banking password and they had their bank account drained? That’s the essentially same kind of attack that happened here

    • GlitterInfection@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      3
      ·
      9 months ago

      You missed my point entirely. Once sideloading is available Trojan authors no longer need you to install an MDM to infect your parents devices.

      • umbrella@lemmy.ml
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        9 months ago

        They will still have to social engineer the target to get it enabled and installed.

      • TORFdot0@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        2
        ·
        9 months ago

        I get your point, but where I don’t agree is that sideloading is more insecure than already exploited systems. What safety does disabling sideloading provide when the same user vulnerable users are able to be socially engineered to bypass several restrictions and install the test flight app or a management profile to give hackers control?

        It’s not as if sideloading is going to be allow users to click a malicious ad that pops in at the last second where the real download button should be. It is going to behind the same multiple step processes that the current test flight or MDM vectors are

        • GlitterInfection@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          What safety does several layers of effective safety that removed this threat quickly and obviously prevented it from becoming a widespread issue provide?

          And that is not what people are pushing for for sideloading. People want to be able to have alternative app stores with their own sets of rules that will not require test flight or MDM vectors.