Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Apple is Making Big App Store Changes in Europe Over New Rules. Could it Mean More iPhone Hacking?

Apple is opening small cracks in the iPhone’s digital fortress as part of a regulatory clampdown in Europe— at the risk of creating new avenues for hackers to steal personal and financial information stored on the devices.

iOS App Store

Apple is opening small cracks in the iPhone’s digital fortress as part of a regulatory clampdown in Europe that is striving to give consumers more choices — at the risk of creating new avenues for hackers to steal personal and financial information stored on the devices.

The overhaul rolling out Thursday only in the European Union represents the biggest changes to the iPhone’s App Store since Apple introduced the concept in 2008. Among other things, people in Europe can download iPhone apps from stores that aren’t operated by Apple and are getting alternative ways to pay for in-app transactions.

European regulators are hoping the changes mandated by the Digital Markets Act, or DMA, will loosen the control that Big Tech’s “digital gatekeepers” have gained over the products and services that consumers and businesses use as they become more dominant forces in everyday life.

The measures are taking effect just days after EU regulators fined Apple nearly $2 billion (1.8 billion euros) for thwarting competition in the music streaming market.

Apple has lashed out at the new regulations for unnecessary security risks to iPhone users in Europe, exposing them to more scams and other malicious attacks launched from apps downloaded from outside its ecosystems and raising the specter of more unsavory services peddling pornography, illegal drugs and other content that the company has long prohibited in its App Store.

Despite trying to maintain security safeguards while also adhering to the new rules in the 27-nation bloc, Apple is warning that “the changes the DMA requires will inevitably cause a gap between the protections that Apple users outside of the EU can rely on and the protections available to users in the EU moving forward.”

But some smaller tech companies such as music streaming service Spotify and video game maker Epic Games are attacking the ways Apple is complying with the DMA as little more than a facade that’s making a “mockery” of the regulations’ intent.

“Rather than creating healthy competition and new choices, Apple’s new terms will erect new barriers and reinforce Apple’s stronghold over the iPhone ecosystem,” Spotify, Epic and more than two dozen other companies and alliances wrote in a March 1 letter to the European Commission, the EU’s executive arm overseeing the DMA.

Advertisement. Scroll to continue reading.

Epic, which is behind the popular Fortnite game, also contends Apple is already brazenly violating the DMA by rejecting an alternative iPhone app store it planned to release in Sweden. Epic asserted Apple thwarted its attempt to compete as retaliation for scathing critiques posted by CEO Tim Sweeney, who spearheaded a mostly unsuccessful antitrust case against the iPhone App Store in the U.S.

In response, EU regulators said Thursday that they want to question Apple over allegations it blocked Epic’s app store. Apple was defiant, saying it “chose to exercise that right” to boot the app store based on Epic’s past behavior.

Europe’s shifting digital landscape also is forcing changes at other technology powerhouses such as Google and Facebook, but the new regulations strike at the core of Apple’s philosophy of maintaining ironclad control over every aspect of its products.

This “walled garden” approach conceived by late co-founder Steve Jobs begins with the meticulous design of the hardware and then extends into all the software powering it devices, as well as overseeing the commerce occurring on them.

The approach built an empire with nearly $400 billion in annual revenue — a measure of success that Apple directly traces to the trust it has built through decades of vigilant management of the iPhone and other popular products such as the iPad, Mac and Apple Watch.

Even Epic’s Sweeney acknowledged that one of the reasons he uses an iPhone is because of the staunch security measures that Apple has deployed to thwart hackers and protect the privacy of its customers. That came during testimony in a May 2021 trial resulting in a U.S. judge ruling that the App Store isn’t a monopoly.

In that decision, the judge required Apple to begin allowing links to outside payment options inside iPhone apps in the U.S. It’s a requirement that the company began to allow earlier this year after the U.S. Supreme Court refused to hear an appeal on that issue.

Apple — which is making changes in Europe through an iPhone software update — still doesn’t permit alternative iPhone app stores in the U.S. or more than 100 other countries outside the EU.

European regulators appear convinced that the benefits consumers stand to reap from more competition will outweigh the increased security risks.

One potential positive is lower prices for digital transactions within apps if competing stores charge lower commissions than the 15% to 30% fees Apple has been imposing for years.

But critics are raising doubts that will happen because Apple still plans to charge fees after app downloads reach relatively low thresholds and have set up other hurdles that will make it daunting for alternative options to make significant inroads in Europe.

For its part, Apple insists the security problems being hatched by the DMA are so worrisome that it has been hearing from government agencies — especially those involved in defense, banking and emergency services — wanting to ensure they will be able to block employees with iPhones from accessing apps distributed from outside Apple’s walled garden.

“These agencies have all recognized that sideloading — downloading apps from outside the App Store — could compromise security and put government data and devices at risk,” Apple said.

Related: Apple Points to Android Malware Infections in Argument Against Sideloading on iOS

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Cody Barrow has been appointed the new CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

More People On The Move

Expert Insights

Related Content

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.