• @TORFdot0
    link
    English
    210 months ago

    TestFlight isn’t the same as sideloading. And preventing sideloading has no effect on your IT illiterate relative handing over MDM control to a malicious actor.

    Would you blame sideloading if your relative gave a random “fraud specialist” at their bank their online banking password and they had their bank account drained? That’s the essentially same kind of attack that happened here

    • @GlitterInfection
      link
      English
      910 months ago

      You missed my point entirely. Once sideloading is available Trojan authors no longer need you to install an MDM to infect your parents devices.

      • @TORFdot0
        link
        English
        110 months ago

        I get your point, but where I don’t agree is that sideloading is more insecure than already exploited systems. What safety does disabling sideloading provide when the same user vulnerable users are able to be socially engineered to bypass several restrictions and install the test flight app or a management profile to give hackers control?

        It’s not as if sideloading is going to be allow users to click a malicious ad that pops in at the last second where the real download button should be. It is going to behind the same multiple step processes that the current test flight or MDM vectors are

        • @GlitterInfection
          link
          English
          110 months ago

          What safety does several layers of effective safety that removed this threat quickly and obviously prevented it from becoming a widespread issue provide?

          And that is not what people are pushing for for sideloading. People want to be able to have alternative app stores with their own sets of rules that will not require test flight or MDM vectors.