Xbox One/Series has Dev Mode, but that's only for UWP apps which have severe resource restrictions. If you want to use the Dedicated partition you need a devkit.
The reasons why consoles lock down developer access so hard is because those interfaces are also very useful for piracy. On iOS, because you can get access to developer tools, you can use AltStore to sign arbitrary binaries with your own dev key[0]. Apple may have said "sideloading is a cybercriminal's best friend", but what they meant is "you're all going to steal iOS apps if we let the general public install software without DRM"[1].
The old Microsoft "Darknet" paper[3] built up a sort of theory of piracy, which I still find useful to invoke here. In the paper, they break the piracy ecosystem down into five pieces:
1. Rippers, who pirate new works and make them available
2/5. Seeders, who transmit new works across the network[4]
3. Players that are capable of rendering creative works
4. Indexes that provide information as to where pirated works can be found
To stop piracy, you need to block at least one of these steps. For a variety of reasons, legal action against any of these actors is difficult. Players and indexes are identifiable, meaning we can sue them, but they have legitimate, non-pirate-y uses. Rippers and seeders are hard to conclusively identify, making them impossible to sue. Of course, when people using the power of the state cannot identify criminals, they revert to collective punishment - or in this case, technical restrictions. You can't DRM the seeders or the indexes, but you can encrypt the media, which gives legal leverage over player vendors: either make your player enforce our licensing terms or do not play our media.
But there's still a problem: players can still play unprotected media. Rippers will just strip the DRM and release unprotected data that will play anywhere. This is why the RIAA fought tooth-and-nail to ban DRM-free DAT and MP3 players, and only settled for legal restrictions on DRM removal. Console manufacturers have the advantage that each new console is it's own medium - they can just make players that only play DRM-encumbered work, and then nobody can pirate anything, even if rippers strip the DRM. Hell, even if people jailbreak the players - you control the supply of players, so you can ensure whatever updates you use to 'prevent tampering' are installed before the user even gets to the console. And this is far cheaper than working on new obfuscations that some socially maladjusted loner will break in a few days.
[0] At least, if you trust Riley Testut with your iCloud account password.
[1] In general, people who want to enforce copyright rarely, if ever, come out and say it. The public is generally unsympathetic to copyright owners. It's easier to conflate security of their work from copying with security of your data.
[4] In the original Darknet paper, this was broken down into 'transmission' and 'caching'. This division makes sense for the FTP topsite scene, but not BitTorrent trackers.
The reasons why consoles lock down developer access so hard is because those interfaces are also very useful for piracy. On iOS, because you can get access to developer tools, you can use AltStore to sign arbitrary binaries with your own dev key[0]. Apple may have said "sideloading is a cybercriminal's best friend", but what they meant is "you're all going to steal iOS apps if we let the general public install software without DRM"[1].
The old Microsoft "Darknet" paper[3] built up a sort of theory of piracy, which I still find useful to invoke here. In the paper, they break the piracy ecosystem down into five pieces:
1. Rippers, who pirate new works and make them available
2/5. Seeders, who transmit new works across the network[4]
3. Players that are capable of rendering creative works
4. Indexes that provide information as to where pirated works can be found
To stop piracy, you need to block at least one of these steps. For a variety of reasons, legal action against any of these actors is difficult. Players and indexes are identifiable, meaning we can sue them, but they have legitimate, non-pirate-y uses. Rippers and seeders are hard to conclusively identify, making them impossible to sue. Of course, when people using the power of the state cannot identify criminals, they revert to collective punishment - or in this case, technical restrictions. You can't DRM the seeders or the indexes, but you can encrypt the media, which gives legal leverage over player vendors: either make your player enforce our licensing terms or do not play our media.
But there's still a problem: players can still play unprotected media. Rippers will just strip the DRM and release unprotected data that will play anywhere. This is why the RIAA fought tooth-and-nail to ban DRM-free DAT and MP3 players, and only settled for legal restrictions on DRM removal. Console manufacturers have the advantage that each new console is it's own medium - they can just make players that only play DRM-encumbered work, and then nobody can pirate anything, even if rippers strip the DRM. Hell, even if people jailbreak the players - you control the supply of players, so you can ensure whatever updates you use to 'prevent tampering' are installed before the user even gets to the console. And this is far cheaper than working on new obfuscations that some socially maladjusted loner will break in a few days.
[0] At least, if you trust Riley Testut with your iCloud account password.
[1] In general, people who want to enforce copyright rarely, if ever, come out and say it. The public is generally unsympathetic to copyright owners. It's easier to conflate security of their work from copying with security of your data.
[3] https://www.cs.ucdavis.edu/~rogaway/classes/188/materials/da...
[4] In the original Darknet paper, this was broken down into 'transmission' and 'caching'. This division makes sense for the FTP topsite scene, but not BitTorrent trackers.