In defense of the Apple app store

A person using a smartphone.
(Image credit: Unsplash)

The apple app store is set to lose its place as the only app store allowed on iOS and Mac. The debate over whether or not Apple’s control over its store resulted in a monopoly has been fought out in the courts for the past 4 years. Breaking up monopolies to improve the health of a market is a classic objective of healthy economies, but iPhones are not a macroeconomic system, so should the same rules apply?

Opening up iOS to sideloading could lead to a slew of issues for the ecosystem that was built with the intention of being a ‘walled garden’. The court case in the US was recently dismissed, but the EU courts have yet to rule, and the recent signals on enforcing USB C ports and the wider Digital Markets Act suggest the ruling may not be as clear cut.

Jamie Moles

Senior Technical Manager at ExtraHop.

Epic’s Battle Royale

Apple had antitrust lawsuits brought against the company in both the EU and US where the case alleged that as the sole vendor on its platform, Apple had a monopoly in selling apps to its users. The Apple app store charges a 30% take of all charges made on its app store which had gross revenues of $85.1 billion in 2021. The original complaint was levied by Epic Games, the makers of Fortnite, who opposed the charges Apple applied to all transactions on mobile Fortnite. Epic deliberately created an alternative payment system to avoid the 30% charge.

The supreme court in the US has upheld that providing payment methods that circumvent the app store is legal, but forcing Apple to allow other app stores on its system was beyond the purview of the case. It would seem that the way Epic worked around the app store to initiate the case may have undermined its end goal to allow other stores (such as the Epic Games Store) onto the platform. Ultimately, this may be to the benefit of the platform's security.

Why does Apple say the app store is closed?

The high level of integration Apple apps can have with iOS creates its own security challenges. The integrations between different apps are crucial to the Apple brand offering, which is often surmised as ‘it just works’. The challenges of maintaining this walled garden ecosystem means that every app on the app store has to be audited. Alternative stores would be subject to their own internal moderation, therefore opening iOS to the problems that the more laissez faire GooglePlay store struggles with. Apple apps are not immune to malware and bad actors, but having strong checks on the front door helps minimize the issues that do make it past.

Consumers aren't the only stakeholders in this case, as 73% of workers use their personal devices rather than a work phone. iPhones make up about 50% of all phones currently in use in the UK, so any changes to the platform will have a corresponding impact on businesses. Android phones that are purchased through corporate channels tend to be locked down by the IT department to reduce the potential attack surfaces, whereas iPhones historically have not needed as much active intervention to maintain security. So much of a company's network interfaces with personal phones, slack, email, Office Suite and more. 

Phones are also constantly connected making them a perfect attack vector for bad actors trying to access a network undetected. Despite the benefits of Apple iPhones, no phone is immune to bad actors. Programs backed by nation states such as Pegasus have been documented for several years, and these programs are actively used by law enforcement and government agencies globally to track and monitor phone traffic. In late 2022 Uber was hacked via an employee mobile phone. The device, which had an unspecified operating system, was infected with malware and as the point of contact for two factor authentication it made it possible to get inside the network infecting the instance of G suite Uber used as well as its slack channels and intranet.

What’s the solution for businesses?

With recent reports suggesting Apple is preparing to open the app store to third parties in Europe, now is the time to start monitoring the parts of a network that businesses can control to mitigate risk and manage the web of devices that make up modern business networks. Breaches are inevitable, so it’s best practice to have a form of network detection and response in place. Making sure this solution can monitor the flow of traffic from a range of devices is common sense with the widespread adoption of hybrid work.

Despite the many risks associated with alternative app stores and sideloading, if anyone can manage the risks, it is Apple. Apple has been tightening its privacy controls over the last few years to cater to different privacy tolerances, while still being easy to use. If the proposed changes are pushed onto the platform it is likely that the existing permission framework will be expanded to account for the increased risk profile these programs represent.

For businesses that have a large amount of employees on iOS, the risk these apps pose could lead to internal bans on other app stores, or re-evaluation of the cost benefit of issuing work phones. Many firms have indirectly benefited from the push for better security on mobile devices, and changes to security for internal comms can tip the balance. For banks and other high regulation institutions, the security of mobile phones is a top priority. Regulation is already forcing banks to disclose work communications on personal devices, and if bad actors are able to get inside the comms networks of these institutions, it could lead to financial and legal consequences for many businesses.

We've featured the best business smartphone.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

TOPICS

Jamie Moles is Senior Technical Manager at ExtraHop.