I'm saying that the flashing/side-loading is the back door. A malicious actor with physical access to your phone (think screen repair shop, TSA agent, etc) could flash a compromised OS or install malware on your device.
Also, there a lot of not-savvy people who will follow instructions in a well-crafted email or pop up and allow themselves to succumb to spyware and malware.
I should have been more clear. I was using Tim Cook's statement as an analogy for flashing/side-loading. Allowing good guys to do it means bad guys can do it too.
Tricking a user into side-loading malware does not require physical access to the device and is relatively common on the Android side (more so on third-party stores).
Well, it's a good thing we have Apple's track-record to show us it's impossible to break out of these walled gardens, otherwise we'd really be in trouble if someone got physical access to our phones.
Fair enough. I used to keep up with jailbreaks way back before I started buying unlocked phones and had read about difficult-to-crack OS versions (and the as-of-yet unjailbreakable 3rd generation Apple TV), but I wasn't aware that it was still this pervasive.
While I hate the economic stifling of tech innovation that is the App Store culture, I would like to point out that Jailbroken iphone were used by the Chinese government to target protesters in Hong Kong quite recently.
My point is that stating that side-loading is a back-door that can be abused when your phone is in someone else's possession ends up not being a very good argument when that actually ends up being the harder way to accomplish getting software onto the phone, considering side-loading is both password protected (if your phone is) and still doesn't expose functionality beyond what the OS allows (unlike jail-breaking).
The device clears user storage before allowing you to flash a new OS, so that isn't an effective way to compromise a user's data. Application installation requires unlocking the device, so the ability to sideload doesn't give an attacker any meaningful ability over installing from an unscanned app store like Apple's.
Also, there a lot of not-savvy people who will follow instructions in a well-crafted email or pop up and allow themselves to succumb to spyware and malware.