Apple comes out fighting to protect its users — and its App Store.
Following CEO Tim Cook’s statements on security at a recent conference, Apple has come out fighting to protect the security of its App Store distribution model, publishing a white paper that argues enforced side-loading of apps would make the platform — and its users — far less secure. It’s an argument that makes sense. Anyone involved in enterprise security already knows that the biggest security problem in any business is the people in the business. Humans make mistakes, and today’s generations of hackers and crackers have become pretty good at identifying and attacking individuals to help create cracks in the security of larger targets. Apple’s argument – that permitting unconstrained side-loading of apps from third-party stores would create a new attack surface – makes complete sense. However, legislation currently under consideration in the EU and elsewhere proposes to make side loading mandatory. It really shouldn’t happen. Some argue that this is no different than the security model on the Mac, which permits app installs from a variety of sources. We know the platform has become an increasingly attractive target as its adoption grows. Apple doesn’t agree that the Mac should be seen as a template for iOS app distribution. It argues not only that the iOS platform is 10 times larger than the Mac, but that there’s a difference in how we use these platforms: It also points to the vast stack of uniquely personal data smartphones gather in the event security is compromised. Location, connections, contacts, website searches, documents, data, banking details, and every other fragment of life is gathered on these things. The nature of this data is both personal and wide-ranging, exceeding the information gathered on Macs. It means that those who manage to take your data from your mobile device can build a complete picture of your pattern of life. “I believe that what we’ve built and what we’re offering users now is uniformly better, because we can focus in on that smaller attack surface and our stronger protections to help keep users safe,” an Apple representative said. At the same time, the company has said it sees Mac security in its present form as a problem. With a goal to protect the user and the ecosystem, Apple’s App Store delivers automated malware scans, vets app descriptions and features for mistruths, and reviews data accessed by the apps. It also makes sure software aimed at children meets a higher standard of protection. Critics point to Apple’s errors as evidence it doesn’t always get this protection right, but in so doing they also prove the extent of the problem that does exist. If Apple were not policing its platforms, what would the situation be? Fortunately, we already know the answer.