IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

The EU’s Apple App Store crackdown ‘will fuel cyber attacks’

Organisations should be encouraged to embrace the ‘security by Playstation’ approach as much as possible, expert says

A close up of the blue Apple App Store logo, surrounded by other apps, on a smartphone screen

A move by European Union (EU) legislators to break open Apple’s App Store monopoly will lead to an explosion in iOS and iPadOS malware, a cyber security researcher has warned.

Although monopolies aren’t ideal, Apple has made it almost impossible to infect iPads and iPhones by gatekeeping the applications that users have access to, according to security expert and WithSecure chief research officer, Mikko Hyppönen.

Related Resource

Unified endpoint management solutions 2021-22

Analysing the UEM landscape

Whitepaper cover with title on shaded pink/purple backgroundFree Download

EU proposals to open up its stranglehold on the marketplace, however, might inadvertently lead to a surge in hackers pushing malware to people’s devices.

"I’m not a big fan of regulation - I think regulation almost always fails, sadly,” said Hyppönen. “I don’t like what the EU is doing regarding the App Store model.

“I can totally see why they’re doing it; it is a monopoly – clearly – and Apple is raking money in with both hands from the App Store,” he added “Of course, monopolies are bad. I can totally see why the EU wants to break that apart. But the end result is bad for security.

“As soon as you can start downloading arbitrary executables for your iOS devices, there will be more attacks.”

EU lawmakers provisionally agreed on the terms of the Digital Markets Act (DMA) in March, with the proposals targeting the services offered by tech giants like Apple and Meta.

The legislation would force these companies to open up their monopolies and, if passed, Apple could be forced to allow users of its devices to access third-party app stores, for example. This could lead to individuals sideloading unsecured apps to their iPhones and iPads.

At the moment, Apple’s hardware is highly restricted and operates under what Hyppönen refers to as the ‘security by Playstation’ model. This approach is based on the idea that games consoles are the most secure hardware systems available.

Hyppönen said the restricted computational environments adopted by Playstation and Xbox units are notoriously difficult to infect. Although users own and operate these devices, they have no right to program them unless they gain explicit permission from the manufacturer.

“This is especially obvious with Xbox because it’s made by Microsoft,” he said. “It runs Windows. Funnily enough, the most secure version of Windows is in Xbox. The biggest software company on the planet has their most secure version of their operating system inside a games console.”

“You never have malware on your Xbox or your Playstation,” he added. “You never hear of ransomware attacks on games consoles. They never get hacked. They’re very locked down, very restricted devices; devices which are not modifiable or programmable by the end user. It’s a computer that you own, but don't have the right to program.”

Malware rarely targets gaming hardware, but restricted devices are not immune to all cyber attacks. Phishing attacks can still target users through any device that accesses internet services like email and iPhones have been jailbroken to sideload apps for years.

Apple’s hardware has also been proven to be vulnerable to cyber attacks. In April, the company issued patches for the fourth and fifth zero-day vulnerabilities affecting devices in its ecosystem this year.

An increasing number of companies are pivoting to a ‘security by Playstation’ model after observing the virtually non-existent reports of malware on gaming hardware, said the CRO.

The trend is especially true among startups that are known to distribute highly restricted hardware like Chromebooks or iPad Pros to employees, rather than the traditional Windows-powered machine.

Distributing inherently restricted devices is a major shift we’ll likely see accelerate across enterprises in the next ten years, Hyppönen added.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more
Mobile

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more

23 Jun 2022
Apple faces a catch-22 decision with iPhones and USB-C
Policy & legislation

Apple faces a catch-22 decision with iPhones and USB-C

8 Jun 2022
Apple overhauls SwiftUI navigation and brings a score of new features to developers at WWDC 2022
software development

Apple overhauls SwiftUI navigation and brings a score of new features to developers at WWDC 2022

7 Jun 2022
Apple "completely redesigns" IT certifications, introduces two new exams
Careers & training

Apple "completely redesigns" IT certifications, introduces two new exams

19 May 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022