Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I can think of one good case for not allowing sideloading of unverified apps.

If iOS only allows apple approved apps a employer/school cannot force me to install a intrusive monitoring app on a iphone/ipad.



That would be cool... except that Apple in fact approves intrusive monitoring apps--hell: they even have an Enterprise program that lets companies build apps for their employees that don't require App Store approval!--and then makes it so that not only can they be installed but the device is so locked down that you can't tamper with them, via Mobile Device Management.

https://developer.apple.com/programs/enterprise/


Apple still need to approve the organisations use of that program and provide certificates, which like in the facebook case can be revoked.

There are also two different tiers of MDM in the apple enterprise program. If its a bring your own device the device cannot be locked down to not let the users remove applications. It will also sevely limit the kind of information the MDM solution cant get out of the devices. These things can only be enabled on corporation purchased devices.

There is a good overview here: https://www.apple.com/hk/en/iphone/business/docs/iOS_Enterpr...

But maybe I am wrong, do you have examples of intrusive monitoring solutions that can be deployed (without exploits) on iOS?


Yes.

My company iphone when I first turned it on warned me that whatever I did on it was being monitored by my employer.

It's by design from apple.

I of course put it in a drawer and forgot about it.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: