WEBVTT

00:00:00.000 --> 00:00:06.400
On your PC, installing software means downloading it from wherever you want.

00:00:04.360 --> 00:00:11.400
That could mean a developer's website, GitHub, an actual app store, or a

00:00:08.960 --> 00:00:15.520
sketchy forum at 2:00 a.m. For better or worse. But with our phones, we're used

00:00:13.760 --> 00:00:18.800
to a different workflow. If you want to put an app on your phone outside of the

00:00:17.040 --> 00:00:21.920
official app store, you need to do something called side-loading.

00:00:20.360 --> 00:00:26.080
Traditionally on Android, that hasn't been too difficult, but Google recently

00:00:23.760 --> 00:00:30.040
made it a lot harder. Meanwhile, it's always been nearly impossible to

00:00:27.800 --> 00:00:33.480
side-load on iPhone, but that seems to be changing, too.

00:00:31.560 --> 00:00:38.200
And for the better? I feel like I've taken crazy pills. What is side-loading?

00:00:35.920 --> 00:00:42.280
Why are Google and Apple so terrified of it? And is the fear even legitimate? Or

00:00:40.680 --> 00:00:47.080
are these tech giants just trying to keep us in their ecosystems? All right.

00:00:45.280 --> 00:00:51.040
Let's slow down. At its simplest, side-loading just means installing apps

00:00:48.920 --> 00:00:56.480
manually outside of an official app store. On Android, that's APK files. On

00:00:53.880 --> 00:01:00.280
iPhones, IPA files. Both are just how their respective systems package apps.

00:00:58.560 --> 00:01:04.839
This isn't really some fringe work-around. On computers, side-loading

00:01:02.520 --> 00:01:09.400
is just called installing stuff. App stores came later and just kind of took

00:01:07.200 --> 00:01:13.520
over, like an HOA that moved into a neighborhood where everyone was already

00:01:10.840 --> 00:01:18.320
just doing fine. So, what kinds of reasons do people have for side-loading

00:01:15.360 --> 00:01:22.560
apps? Lots, actually. Access to beta software, region-locked apps, or

00:01:20.360 --> 00:01:26.760
utilities that app stores won't approve of, like emulators, adult content, or

00:01:25.320 --> 00:01:30.840
tools that don't play by the gatekeeper's rules. Or maybe the app

00:01:28.960 --> 00:01:34.640
publisher doesn't want to surrender a huge chunk of its revenues to the

00:01:32.520 --> 00:01:38.640
platform. Or you're using alternative operating system that requires

00:01:36.520 --> 00:01:42.800
side-loading in order to increase user privacy. Or maybe the company that makes

00:01:40.920 --> 00:01:47.760
your phone was sanctioned from Google services altogether. Convenience,

00:01:45.360 --> 00:01:51.960
privacy, survival. Three different reasons, but they all point to the same

00:01:49.480 --> 00:01:57.040
conclusion. The official app store isn't always the answer. Android has always

00:01:54.760 --> 00:02:01.320
technically allowed side-loading. Hell, I've done it. But allowed doesn't mean

00:01:58.840 --> 00:02:06.000
encouraged. The toggle is buried behind warnings, and Google Play Protect flags

00:02:03.720 --> 00:02:10.840
side-loaded apps aggressively. Still, once you flipped that switch, you were

00:02:08.000 --> 00:02:14.120
in. It was like an open door, but one that made you feel nervous walking

00:02:12.400 --> 00:02:18.880
through it. Like those big revolving doors at the airport. Apple took the

00:02:16.360 --> 00:02:22.960
opposite approach. iOS flat-out banned side-loading, and Steve Jobs made it

00:02:20.760 --> 00:02:26.800
personal, famously telling a critic that the iPhone offered freedom from porn,

00:02:25.200 --> 00:02:31.880
and that anyone who disagreed could go buy an Android. The message was clear.

00:02:29.720 --> 00:02:35.800
If an app isn't in the app store, it probably doesn't need to exist, which is

00:02:33.840 --> 00:02:39.400
wild logic because Macs have been installing random software from the web

00:02:37.600 --> 00:02:43.280
for decades. Up until the recent changes, getting an app onto an iPhone

00:02:41.240 --> 00:02:47.040
from outside the app store meant jumping through hoops that would make a circus

00:02:45.000 --> 00:02:50.960
dog quit. To explain the process, here is alternative app store developer Riley

00:02:49.160 --> 00:02:55.200
Testut. So, before we had an official app store, we had AltStore Classic, and

00:02:52.920 --> 00:02:59.480
the process was you would download a program on your computer, Mac or PC, and

00:02:58.120 --> 00:03:03.120
then you would open up the program, and then you would >> [music] >> type in your little Apple ID and

00:03:01.920 --> 00:03:07.400
password, and just normal account information, you

00:03:05.000 --> 00:03:11.520
would send that to us, and then we would sign in on your behalf with Apple,

00:03:09.280 --> 00:03:15.680
pretend you're a developer, and then we would like basically install apps as if

00:03:14.200 --> 00:03:20.240
it was your own app that you had developed yourself, because Apple allows

00:03:18.520 --> 00:03:23.720
like developers to test out their own apps on their phone. And so, we had this

00:03:22.440 --> 00:03:30.360
whole system that required you to plug in your phone to a computer to install it, and apps expired every 7 days, so

00:03:28.320 --> 00:03:34.480
you had to refresh your apps like once a week. And and you could only install

00:03:32.600 --> 00:03:39.000
three. It was like all the restrictions you could think of,

00:03:35.840 --> 00:03:41.280
and yet people did it. That friction was

00:03:39.000 --> 00:03:45.320
not accidental. Companies have their own business reasons for gatekeeping what

00:03:43.320 --> 00:03:49.480
gets put on their platform. Take Amazon's Fire tablets. They're sold at a

00:03:47.320 --> 00:03:53.040
discount because Amazon expects to make that money back through their own app

00:03:51.280 --> 00:03:57.320
store ecosystem. They don't ship with the Google Play Store. So, if you want

00:03:54.720 --> 00:04:01.560
standard apps like YouTube or Gmail, you're forced to side-load, and millions

00:03:59.640 --> 00:04:06.560
of people do it, even if it's really onerous to do, because we want to use

00:04:04.160 --> 00:04:08.560
our devices the way we want to use them, damn it.

00:04:08.247 --> 00:04:14.080
>> [laughter] >> But are we taking on more risk when we side-load compared to using the official

00:04:12.560 --> 00:04:19.959
app store? Like it's like I can't say there can't be an app that could be malicious and could appear, but that's

00:04:18.280 --> 00:04:23.480
also true of the app store. Like that does happen. There are apps that like

00:04:22.079 --> 00:04:27.800
are tricked app review and they turn out to be something else in the app store. And so, I think it's kind of just like

00:04:26.040 --> 00:04:30.800
an inherent risk of if you're installing software

00:04:29.120 --> 00:04:33.720
on a device. But I think the key distinction that people do leave out a

00:04:32.720 --> 00:04:39.240
lot is the iPhone is not like the Mac, because the iPhone has sandboxing and

00:04:37.440 --> 00:04:43.520
entitlements and a whole bunch of security measures that just are not

00:04:41.440 --> 00:04:47.960
existing on the desktop. And those things really do so much to prevent a

00:04:46.360 --> 00:04:50.680
lot of things that could go wrong. Like your photos just can't be accessed in

00:04:49.360 --> 00:04:56.040
the background by a random app. Like you have to give permission to that. And I think it's good to say that that's why

00:04:54.240 --> 00:05:00.440
I'm such a proponent of side-loading. That's the critical distinction. What

00:04:57.840 --> 00:05:04.880
matters isn't where an app comes from. It's how much damage it can actually do

00:05:02.400 --> 00:05:09.240
once it's installed. And notably, the most headline-grabbing Android banking

00:05:07.000 --> 00:05:14.240
Trojans in recent years, like Anatsa, which hit over 150,000 devices across

00:05:11.840 --> 00:05:18.560
Europe, spread primarily through Google Play itself, not through side-loading.

00:05:16.760 --> 00:05:22.520
So, the app store isn't bulletproof, and side-loading isn't the wild west the

00:05:20.400 --> 00:05:26.320
tech giants try to make it out to be. But here's where things get interesting,

00:05:24.440 --> 00:05:30.680
because both platforms are changing the rules right now, and they're going in

00:05:28.120 --> 00:05:33.360
completely opposite directions. We'll get you up to speed right after this

00:05:31.960 --> 00:05:38.080
message from our sponsor. >> Micro Center, April is desktop deals

00:05:36.320 --> 00:05:42.720
month at Micro Center. Check out some of their amazing deals, like the Acer Nitro

00:05:40.280 --> 00:05:46.720
60 gaming PC. Micro Center has another store opening later this year in Austin,

00:05:44.880 --> 00:05:51.240
Texas. They're also finally doing their grand reopening of their location in

00:05:48.680 --> 00:05:54.480
North Jersey, if Texas is a little too out of the way for you. And if you sign

00:05:53.080 --> 00:05:59.120
up with our link below, you can get a free 128 gig flash drive when the stores

00:05:57.280 --> 00:06:02.600
open. Hey, while you're there, make sure to stay up to date with all things Micro

00:06:00.840 --> 00:06:06.960
Center and tech over at Micro Center News, as well.

00:06:04.680 --> 00:06:11.680
Both Android and iOS are changing their approach to side-loading. Let's start

00:06:08.600 --> 00:06:13.400
with Android. Android 16 already blocks

00:06:11.680 --> 00:06:16.880
you from enabling side-loading while you're on a phone call, specifically to

00:06:15.200 --> 00:06:20.960
stop voice phishing scams where attackers walk your grandmother through

00:06:18.920 --> 00:06:26.280
installing malware step by step. But the real shift is the upcoming advanced flow

00:06:23.960 --> 00:06:31.360
rolling out globally through 2026. If a developer isn't verified by Google, you

00:06:28.800 --> 00:06:36.080
can't just hit install on their app. You now have to enter a 24-hour protective

00:06:33.960 --> 00:06:40.200
waiting period. You have to restart your phone, which kills any active screen

00:06:37.960 --> 00:06:45.080
sharing or scam calls, and then wait a full day before the install button even

00:06:42.680 --> 00:06:49.320
becomes clickable. Google says this breaks the spell that scammers cast on

00:06:47.120 --> 00:06:55.440
victims. But for developers, it's a massive barrier. No impulse buyers. To

00:06:52.360 --> 00:06:57.360
be clear, power users can still bypass

00:06:55.440 --> 00:07:01.840
this by, well, waiting. But the message is clear.

00:06:59.480 --> 00:07:06.760
Android's open door is officially getting a bouncer. Meanwhile, on iPhone,

00:07:04.520 --> 00:07:11.560
regulators, first in the EU and as of iOS 26.2 in Japan,

00:07:09.560 --> 00:07:15.560
have forced Apple to allow apps from outside the app store. Luckily for

00:07:13.520 --> 00:07:18.600
Apple, they already knew how to accommodate side-loading whilst

00:07:17.080 --> 00:07:23.800
maintaining a certain standard of security, because they already solved

00:07:20.720 --> 00:07:26.480
this problem on the Mac back in 2019.

00:07:23.800 --> 00:07:30.680
It's called notarization. On macOS, you can download any app from the web, and

00:07:28.520 --> 00:07:35.160
Apple still performs a basic security check to make sure the code isn't signed

00:07:32.560 --> 00:07:41.680
by a known bad actor and doesn't contain obvious malware. It doesn't require the

00:07:37.600 --> 00:07:44.520
app store. It doesn't take a 30% cut. It

00:07:41.680 --> 00:07:48.800
just works. And now Apple has brought this system to the iPhone. They're still

00:07:47.000 --> 00:07:52.880
scanning apps for malware and sketchy behavior. They're just letting you

00:07:50.480 --> 00:07:55.120
install them from outside the app store. Beyond those select regions, though,

00:07:54.880 --> 00:08:01.240
>> [music] >> it's business as usual. Apple protecting your proprietary while collecting the

00:07:59.920 --> 00:08:06.480
toll. If you want to see just how far the side-loading rabbit hole goes, our video

00:08:04.480 --> 00:08:10.640
on running Windows on your iPhone shows exactly what becomes possible when you

00:08:08.320 --> 00:08:14.520
push past Apple's limits, and how much control you actually have over the

00:08:12.320 --> 00:08:18.280
device in your pocket. So, check it out.