IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

The EU’s Apple App Store crackdown ‘will fuel cyber attacks’

Organisations should be encouraged to embrace the ‘security by Playstation’ approach as much as possible, expert says

A close up of the blue Apple App Store logo, surrounded by other apps, on a smartphone screen

A move by European Union (EU) legislators to break open Apple’s App Store monopoly will lead to an explosion in iOS and iPadOS malware, a cyber security researcher has warned.

Although monopolies aren’t ideal, Apple has made it almost impossible to infect iPads and iPhones by gatekeeping the applications that users have access to, according to security expert and WithSecure chief research officer, Mikko Hyppönen.

Related Resource

Unified endpoint management solutions 2021-22

Analysing the UEM landscape

Whitepaper cover with title on shaded pink/purple backgroundFree Download

EU proposals to open up its stranglehold on the marketplace, however, might inadvertently lead to a surge in hackers pushing malware to people’s devices.

"I’m not a big fan of regulation - I think regulation almost always fails, sadly,” said Hyppönen. “I don’t like what the EU is doing regarding the App Store model.

“I can totally see why they’re doing it; it is a monopoly – clearly – and Apple is raking money in with both hands from the App Store,” he added “Of course, monopolies are bad. I can totally see why the EU wants to break that apart. But the end result is bad for security.

“As soon as you can start downloading arbitrary executables for your iOS devices, there will be more attacks.”

EU lawmakers provisionally agreed on the terms of the Digital Markets Act (DMA) in March, with the proposals targeting the services offered by tech giants like Apple and Meta.

The legislation would force these companies to open up their monopolies and, if passed, Apple could be forced to allow users of its devices to access third-party app stores, for example. This could lead to individuals sideloading unsecured apps to their iPhones and iPads.

At the moment, Apple’s hardware is highly restricted and operates under what Hyppönen refers to as the ‘security by Playstation’ model. This approach is based on the idea that games consoles are the most secure hardware systems available.

Hyppönen said the restricted computational environments adopted by Playstation and Xbox units are notoriously difficult to infect. Although users own and operate these devices, they have no right to program them unless they gain explicit permission from the manufacturer.

“This is especially obvious with Xbox because it’s made by Microsoft,” he said. “It runs Windows. Funnily enough, the most secure version of Windows is in Xbox. The biggest software company on the planet has their most secure version of their operating system inside a games console.”

“You never have malware on your Xbox or your Playstation,” he added. “You never hear of ransomware attacks on games consoles. They never get hacked. They’re very locked down, very restricted devices; devices which are not modifiable or programmable by the end user. It’s a computer that you own, but don't have the right to program.”

Malware rarely targets gaming hardware, but restricted devices are not immune to all cyber attacks. Phishing attacks can still target users through any device that accesses internet services like email and iPhones have been jailbroken to sideload apps for years.

Apple’s hardware has also been proven to be vulnerable to cyber attacks. In April, the company issued patches for the fourth and fifth zero-day vulnerabilities affecting devices in its ecosystem this year.

An increasing number of companies are pivoting to a ‘security by Playstation’ model after observing the virtually non-existent reports of malware on gaming hardware, said the CRO.

The trend is especially true among startups that are known to distribute highly restricted hardware like Chromebooks or iPad Pros to employees, rather than the traditional Windows-powered machine.

Distributing inherently restricted devices is a major shift we’ll likely see accelerate across enterprises in the next ten years, Hyppönen added.

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download

Recommended

Linux edges closer to full Apple silicon support with version 6.2
operating systems

Linux edges closer to full Apple silicon support with version 6.2

21 Feb 2023
Microsoft officially brings Windows 11 to Macs via Parallels
operating systems

Microsoft officially brings Windows 11 to Macs via Parallels

17 Feb 2023
Apple issues patch for macOS security bypass vulnerability
Security

Apple issues patch for macOS security bypass vulnerability

20 Dec 2022
Apple issues fix for ‘actively exploited’ WebKit zero-day vulnerability
Security

Apple issues fix for ‘actively exploited’ WebKit zero-day vulnerability

14 Dec 2022

Most Popular

The big PSTN switch off: What’s happening between now and 2025?
Sponsored

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
HMRC lost nearly 50% more devices in 2022
Hardware

HMRC lost nearly 50% more devices in 2022

17 Mar 2023
Why – and how – IP can be the hero in your digital transformation success story
Sponsored

Why – and how – IP can be the hero in your digital transformation success story

6 Mar 2023