A move by European Union (EU) lawmakers to break Apple’s App Store monopoly will lead to an explosion of iOS and iPadOS malware, a cybersecurity researcher has warned.
While monopolies aren’t ideal, Apple has made it nearly impossible to infect iPads and iPhones by keeping the apps users have access to, according to security expert and WithSecure research director Mikko Hyppönen.
The EU’s proposals to open up its grip on the market, however, could inadvertently lead to an increase in the number of hackers spreading malware to users’ devices.
“I’m not a big fan of regulation – I think regulation almost always fails, unfortunately,” Hyppönen said. “I don’t like what the EU is doing regarding the App Store model.
“I can totally see why they do it; it’s a monopoly – clearly – and Apple is making money with both hands on the App Store,” he added. “Of course, monopolies are bad. I can totally understand why the EU wants to break this. But the end result is bad for security.
“As soon as you can start downloading arbitrary executables for your iOS devices, there will be more attacks.”
European lawmakers tentatively agreed on the terms of the Digital Markets Act (DMA) in March, with the proposals targeting services offered by tech giants like Apple and Meta.
The legislation would force these companies to open up their monopolies and, if passed, Apple could be forced to allow users of its devices to access third-party app stores, for example. This could lead individuals to load insecure apps onto their iPhones and iPads.
Currently, Apple’s hardware is very restricted and operates under what Hyppönen calls the “Security by Playstation” model. This approach is based on the idea that game consoles are the most secure hardware systems available.
Hyppönen said the restricted computing environments adopted by Playstation and Xbox units are notoriously difficult to infect. Although users own and operate these devices, they are not permitted to program them unless they obtain explicit permission from the manufacturer.
“It’s especially evident with Xbox because it’s made by Microsoft,” he said. “It runs on Windows. Oddly enough, the most secure version of Windows is on Xbox. The biggest software company on the planet has its most secure version of its operating system in a game console.
“You never have malware on your Xbox or Playstation,” he added. “You never hear of ransomware attacks on game consoles. They’re never hacked. They’re very locked down, very restricted devices; devices not modifiable or programmable by the end user. It’s a computer that you own, but that you do not have the right to program.
Malware rarely targets gaming hardware, but restricted devices are not immune to all cyberattacks. Phishing attacks can still target users through any device that accesses internet services like email, and iPhones have been jailbroken to sideload apps for years.
Apple’s hardware has also proven vulnerable to cyberattacks. In April, the company released patches for the fourth and fifth zero-day vulnerabilities affecting devices in its ecosystem this year.
A growing number of companies are moving to a “security by Playstation” model after observing the virtually non-existent reports of malware on gaming hardware, the CRO said.
The trend is especially true among startups that are known for handing out highly restricted hardware like Chromebooks or iPad Pros to employees, rather than the traditional Windows-powered machine.
The distribution of inherently restricted devices is a major shift that we’re likely to see accelerating across businesses over the next decade, Hyppönen added.
Accelerate your business with hybrid cloud
Harness the benefits of cloud and on-premises
Unified Endpoint Management Solutions 2021-22
Analyze the EMU landscape
The Total Economic Impact™ of IBM Spectrum Virtualize
Cost savings and business benefits with storage built with IBM Spectrum Virtualize
The COO’s Pocket Guide to Enterprise-Scale Intelligent Automation
Automate more cross-company and expert work for a better value chain for customers