I’m surprised Apple was willing to enable this, but I guess there was too much push-back to their third-party-app-store plan.
I just hope there is sufficient warning to prevent naïve users from installing malware from random links without realizing it.
On the Android platform, you need to enable app-installation in system settings and you need to authorize it on a per-site basis. So clicking on a malicious link will not install anything unless you have previously authorized the site for app-installation. Instead, it will present an error telling you that the site is trying to install software, what that software is, and where to go in system settings to authorize installation.
Something like in iOS should be sufficient. It won’t prevent all malware, because there are plenty of users who do whatever a web site tells them to do, but it should protect everybody else.
It feels like these criteria should prevent most malware. But then again, it’s really hard to close all loopholes.
In addition, developers will soon be able to distribute apps directly from their websites, providing they meet Apple’s specific criteria, such as being a member of the Apple Developer Program for two continuous years or more and having an app with more than one million first installs on iOS in the EU in the prior year, and commit to ongoing requirements, such as publishing transparent data collection policies. Apps distributed in this way must meet Apple’s notarization requirements like all other iOS apps and can only be installed from a web domain registered in App Store Connect.
So if there are 285 million adults in the EU, and they all have smartphones, and 32.64% of those are iPhones [[Mobile Operating System Market Share Europe | Statcounter Global Stats]] that’s only about 93 million iPhones. So to qualify, you’d have to have an app that was first installed by over 1% of the iPhone users in the EU in the prior year to qualify. So, yes, I think that would keep out nearly all potential malware distributors – and most everyone else as well.