[ad_1]
During the Apple vs. Epic In test, Apple software leader Craig Federighi argued that tight control over the App Store was needed to secure the iPhone. But Judge Yvonne Gonzalez Rogers disbelieved him, writing in her ruling on Friday that he may have “exaggerated the truth for the sake of the argument.”
Federighi cast serious doubts on whether Apple would be able to secure iPhones without its App Review system acting as a gateway, saying macOS’s security is fundamentally misplaced. Justice Rodgers doesn’t think Federighi has the evidence to support it (you can read his quotes below in context on page 114):
While Mr. Federighi’s views on Mac malware may seem plausible, they appear to have first emerged at trial, suggesting he is exaggerating the truth for the sake of the argument. When testifying, he said he did not have any data on the relative rates of malware on notarized Mac apps compared to iOS apps. At trial, he admitted that Apple only has malware data collection tools for Mac, not iOS, which begs the question of how it knows the relative rates. Prior to this trial, Apple always touted Mac as secure and immune to malware. Thus, the Court gives little weight to the testimony of Mr. Federighi on this subject.
Weft. Basically, Judge Rodgers says Federighi was trying to make the Mac look bad so iOS could shine, without much evidence. After discussing a little more about notarization and the App Review, she concludes that Apple could implement a Mac-like system without giving up much of the security that iOS already enjoys:
Ultimately, the Court finds it convincing that the review of applications can be relatively independent of the distribution of applications. As Mr. Federighi confirmed during the trial, once an app has been reviewed, Apple can send it back to the developer for distribution directly or at another store. So, although unlimited distribution of applications probably decreases security, alternative models are easily achievable to achieve the same goals, even if they are not currently in use.
It should be borne in mind that Judge Rogers did not end up forcing Apple to allow alternate app stores or sideloading, and that opinion only disputes one of Apple’s points. But that’s a scathing criticism of Apple’s most important defenses regarding its locked-down approach to iOS.
Epic argued at the lawsuit that Apple could provide security and privacy on iOS without controlling the exclusive mode of app distribution. He suggested that Apple could use a system similar to the Mac – scanning apps before they run and checking to see if they’re the same code Apple notarized. While the Mac notarization process currently doesn’t include all of the checks performed in App Review, in theory it could if Apple wanted.
Federighi strongly disagreed that this would be enough. He argued that iPhones contain more sensitive data than Macs, that the popularity of the iPhone makes it a bigger target than Macs, and that Mac users have just learned to be more careful when using it. installing applications. He also separately argued that Apple was not happy with security on macOS, and said adopting the same security model would be a “very bad situation for [Appleās] customers.”
Judge Rodgers opposes Apple’s position that app installs or third-party app stores would seriously undermine the security of iOS. The Mac’s notarization system currently doesn’t prevent the kinds of problems App Review does (or, at least, is supposed to), but there’s no reason it can’t. Even if Apple doesn’t want to implement it on iOS, it might consider taking its suggestions to heart if it’s not happy with the security status of macOS.
[ad_2]
Source link