IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

The EU’s Apple App Store crackdown ‘will fuel cyber attacks’

Organisations should be encouraged to embrace the ‘security by Playstation’ approach as much as possible, expert says

A close up of the blue Apple App Store logo, surrounded by other apps, on a smartphone screen

A move by European Union (EU) legislators to break open Apple’s App Store monopoly will lead to an explosion in iOS and iPadOS malware, a cyber security researcher has warned.

Although monopolies aren’t ideal, Apple has made it almost impossible to infect iPads and iPhones by gatekeeping the applications that users have access to, according to security expert and WithSecure chief research officer, Mikko Hyppönen.

Related Resource

Unified endpoint management solutions 2021-22

Analysing the UEM landscape

Whitepaper cover with title on shaded pink/purple backgroundFree Download

EU proposals to open up its stranglehold on the marketplace, however, might inadvertently lead to a surge in hackers pushing malware to people’s devices.

"I’m not a big fan of regulation - I think regulation almost always fails, sadly,” said Hyppönen. “I don’t like what the EU is doing regarding the App Store model.

“I can totally see why they’re doing it; it is a monopoly – clearly – and Apple is raking money in with both hands from the App Store,” he added “Of course, monopolies are bad. I can totally see why the EU wants to break that apart. But the end result is bad for security.

“As soon as you can start downloading arbitrary executables for your iOS devices, there will be more attacks.”

EU lawmakers provisionally agreed on the terms of the Digital Markets Act (DMA) in March, with the proposals targeting the services offered by tech giants like Apple and Meta.

The legislation would force these companies to open up their monopolies and, if passed, Apple could be forced to allow users of its devices to access third-party app stores, for example. This could lead to individuals sideloading unsecured apps to their iPhones and iPads.

At the moment, Apple’s hardware is highly restricted and operates under what Hyppönen refers to as the ‘security by Playstation’ model. This approach is based on the idea that games consoles are the most secure hardware systems available.

Hyppönen said the restricted computational environments adopted by Playstation and Xbox units are notoriously difficult to infect. Although users own and operate these devices, they have no right to program them unless they gain explicit permission from the manufacturer.

“This is especially obvious with Xbox because it’s made by Microsoft,” he said. “It runs Windows. Funnily enough, the most secure version of Windows is in Xbox. The biggest software company on the planet has their most secure version of their operating system inside a games console.”

“You never have malware on your Xbox or your Playstation,” he added. “You never hear of ransomware attacks on games consoles. They never get hacked. They’re very locked down, very restricted devices; devices which are not modifiable or programmable by the end user. It’s a computer that you own, but don't have the right to program.”

Malware rarely targets gaming hardware, but restricted devices are not immune to all cyber attacks. Phishing attacks can still target users through any device that accesses internet services like email and iPhones have been jailbroken to sideload apps for years.

Apple’s hardware has also been proven to be vulnerable to cyber attacks. In April, the company issued patches for the fourth and fifth zero-day vulnerabilities affecting devices in its ecosystem this year.

An increasing number of companies are pivoting to a ‘security by Playstation’ model after observing the virtually non-existent reports of malware on gaming hardware, said the CRO.

The trend is especially true among startups that are known to distribute highly restricted hardware like Chromebooks or iPad Pros to employees, rather than the traditional Windows-powered machine.

Distributing inherently restricted devices is a major shift we’ll likely see accelerate across enterprises in the next ten years, Hyppönen added.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Apple cuts ties with Jony Ive after 30 years
Hardware

Apple cuts ties with Jony Ive after 30 years

13 Jul 2022
Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more
Mobile

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more

23 Jun 2022
Apple faces a catch-22 decision with iPhones and USB-C
Policy & legislation

Apple faces a catch-22 decision with iPhones and USB-C

8 Jun 2022
Apple overhauls SwiftUI navigation and brings a score of new features to developers at WWDC 2022
software development

Apple overhauls SwiftUI navigation and brings a score of new features to developers at WWDC 2022

7 Jun 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022