In defense of the Apple app store

A person using a smartphone.
(Image credit: Unsplash)

The apple app store is set to lose its place as the only app store allowed on iOS and Mac. The debate over whether or not Apple’s control over its store resulted in a monopoly has been fought out in the courts for the past 4 years. Breaking up monopolies to improve the health of a market is a classic objective of healthy economies, but iPhones are not a macroeconomic system, so should the same rules apply?

Opening up iOS to sideloading could lead to a slew of issues for the ecosystem that was built with the intention of being a ‘walled garden’. The court case in the US was recently dismissed, but the EU courts have yet to rule, and the recent signals on enforcing USB C ports and the wider Digital Markets Act suggest the ruling may not be as clear cut.

Jamie Moles

Senior Technical Manager at ExtraHop.

Epic’s Battle Royale

Apple had antitrust lawsuits brought against the company in both the EU and US where the case alleged that as the sole vendor on its platform, Apple had a monopoly in selling apps to its users. The Apple app store charges a 30% take of all charges made on its app store which had gross revenues of $85.1 billion in 2021. The original complaint was levied by Epic Games, the makers of Fortnite, who opposed the charges Apple applied to all transactions on mobile Fortnite. Epic deliberately created an alternative payment system to avoid the 30% charge.

The supreme court in the US has upheld that providing payment methods that circumvent the app store is legal, but forcing Apple to allow other app stores on its system was beyond the purview of the case. It would seem that the way Epic worked around the app store to initiate the case may have undermined its end goal to allow other stores (such as the Epic Games Store) onto the platform. Ultimately, this may be to the benefit of the platform's security.

Why does Apple say the app store is closed?

The high level of integration Apple apps can have with iOS creates its own security challenges. The integrations between different apps are crucial to the Apple brand offering, which is often surmised as ‘it just works’. The challenges of maintaining this walled garden ecosystem means that every app on the app store has to be audited. Alternative stores would be subject to their own internal moderation, therefore opening iOS to the problems that the more laissez faire GooglePlay store struggles with. Apple apps are not immune to malware and bad actors, but having strong checks on the front door helps minimize the issues that do make it past.

Consumers aren't the only stakeholders in this case, as 73% of workers use their personal devices rather than a work phone. iPhones make up about 50% of all phones currently in use in the UK, so any changes to the platform will have a corresponding impact on businesses. Android phones that are purchased through corporate channels tend to be locked down by the IT department to reduce the potential attack surfaces, whereas iPhones historically have not needed as much active intervention to maintain security. So much of a company's network interfaces with personal phones, slack, email, Office Suite and more. 

Phones are also constantly connected making them a perfect attack vector for bad actors trying to access a network undetected. Despite the benefits of Apple iPhones, no phone is immune to bad actors. Programs backed by nation states such as Pegasus have been documented for several years, and these programs are actively used by law enforcement and government agencies globally to track and monitor phone traffic. In late 2022 Uber was hacked via an employee mobile phone. The device, which had an unspecified operating system, was infected with malware and as the point of contact for two factor authentication it made it possible to get inside the network infecting the instance of G suite Uber used as well as its slack channels and intranet.

What’s the solution for businesses?

With recent reports suggesting Apple is preparing to open the app store to third parties in Europe, now is the time to start monitoring the parts of a network that businesses can control to mitigate risk and manage the web of devices that make up modern business networks. Breaches are inevitable, so it’s best practice to have a form of network detection and response in place. Making sure this solution can monitor the flow of traffic from a range of devices is common sense with the widespread adoption of hybrid work.

Despite the many risks associated with alternative app stores and sideloading, if anyone can manage the risks, it is Apple. Apple has been tightening its privacy controls over the last few years to cater to different privacy tolerances, while still being easy to use. If the proposed changes are pushed onto the platform it is likely that the existing permission framework will be expanded to account for the increased risk profile these programs represent.

For businesses that have a large amount of employees on iOS, the risk these apps pose could lead to internal bans on other app stores, or re-evaluation of the cost benefit of issuing work phones. Many firms have indirectly benefited from the push for better security on mobile devices, and changes to security for internal comms can tip the balance. For banks and other high regulation institutions, the security of mobile phones is a top priority. Regulation is already forcing banks to disclose work communications on personal devices, and if bad actors are able to get inside the comms networks of these institutions, it could lead to financial and legal consequences for many businesses.

We've featured the best business smartphone.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

TOPICS

Senior Technical Manager at ExtraHop.

Read more
Browser
The future of mobile browsers: time for a new model?
Actalis SSL encryption
Apple is right not to bow down to the UK government's encryption backdoor request - but users should still be angry
AirDrop on an Apple device.
The EU could force Apple to put AirDrop and AirPlay on Android phones
Vector illustration of the word Censored in a glitch distorted style
Google, Apple, and internet restriction – how Big Tech is making censorship "much worse" according to experts
Assorted streaming apps are seen on an iPhone, including Netflix, Prime Video, Max, Disney+, Hulu, YouTube TV, Sling TV, Paramount+, Apple TV, Peacock, fuboTV, Philo, DirecTV, tubi, Pluto TV, and Plex
UK CMA opens investigations into Apple and Google mobile ecosystems
iPhone 16 Pro in hand
I'm a huge Apple fan but even I'm getting bored of the iPhone
Latest in Pro
UK Prime Minister Sir Kier Starmer
UK PM says AI should soon replace civil servants
An image of network security icons for a network encircling a digital blue earth.
Why effective cybersecurity is a team effort
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Intel CEO Lip-Bu Tan
Intel reveals its new CEO
An AI face in profile against a digital background.
How to harmonize the complexities of global AI regulation
Data center racks with cables and servers
Data centers are being pushed to their limits, but digital twins could help
Latest in News
UK Prime Minister Sir Kier Starmer
UK PM says AI should soon replace civil servants
Eight Samsung TVs mounted to the wall showing different basketball games
Samsung is offering you 8 new TVs in one bundle for March Madness, in case you want to watch all games at once like a Bond villain’s lair
The Steam Logo on a mobile phone in front of a wall of games.
Today’s Steam Spring Sale features my absolute favorite game of all time - here's when the sale starts and all the key info
Apple iPhone 16 Pro Max REVIEW
The latest iPhone 17 Pro Max leak may have given us another look at its upcoming redesign
Half-Life running on a smartwatch
This Redditor installed a game engine on their smartwatch, and now it runs Doom, Quake, and Half-Life
Samsung Galaxy Z Fold 6
The Samsung Galaxy Z Fold 7 could be in line for a Galaxy S25 Ultra-level camera upgrade