Cybersecurity experts fear fallout from Apple case

Cybersecurity experts fear fallout from Apple case
© Getty Images

Cybersecurity experts are worried about the fallout from a Supreme Court ruling allowing customers to sue Apple over the prices in its App Store, claiming it could eventually lead to more unsecured apps being sold to consumers.

The Supreme Court ruled on Monday that a group of iPhone users can proceed with their class-action lawsuit against Apple, which claims that the company’s monopoly over the downloading of apps from its App Store drives up prices.

The case will now work its way through the lower courts, but at issue is the potential that Apple could be forced to allow users to download apps from third-party groups and not just the App Store.

ADVERTISEMENT

Experts warn that scenario could lead to a higher rate of malware infections from apps for Apple's iOS devices.

Cyber experts see this issue in Android phones, with users already able to download apps from third-party sources easily, leading to a much higher rate of malware in Android phones than in iOS phones.

Renaud Deraison, the co-founder and chief technology officer of cyber exposure company Tenable, told The Hill that Apple’s current “stringent” review process for apps on the App Store has minimized the amount of malware that iOS users can download.

"While Apple's review process can seem restrictive and arbitrary in some cases — it is one of the most stringent in the industry — it also actually helps keep users secure,” Deraison said.

“If Apple were mandated to allow third-party app stores to exist, the likelihood of malware-ridden apps would be high, as we've seen on platforms with multiple stores. That level of autonomy is definitely not in the customers' best interest."

Apple did not respond to request for comment for this story, but the company put out a statement following the Supreme Court’s ruling defending its App Store practices and denying that it ran a monopoly.

"We’re proud to have created the safest, most secure and trusted platform for customers and a great business opportunity for all developers around the world,” the company said.

The high-profile fight over its App Store has pit Apple against developers and consumers over the company's 30 percent commission on apps sold. But the unintended cyber consequences have received little attention.

JT Keating, the vice president of product strategy at mobile security company Zimperium, compared the Supreme Court’s ruling to a “Rubik’s cube,” with consumer choice on one side and security of the apps on the other.

Keating noted that Apple has prevented many malware infections on its devices by vetting both the developers of an app and the app itself, while Google only investigates the security of the apps.

“On Android, there has always been an open ecosystem, it’s been very easy to get to third-party app stores,” Keating said. “The vast majority of the malware comes from these uncontrolled app stores ... if Apple is forced to open up the ability for people to go any place they want, it will most likely mirror the results we have on the Android side.”

Keating estimated that based on research done by Zimperium, around 4 percent of Android devices are currently infected with malware.

Jeff Greene, the vice president of cybersecurity global affairs at cyber group Symantec, agreed with the lack of app security on Android devices, and the potential for higher rates of malware infections on iOS devices if Apple loses the case.

“The Google Play Store is fairly well curated, but even there you see more, whether it’s a truly malicious app, you see more of that than in the Apple store,” Greene told The Hill. “Having a well curated App Store has been effective at maintaining a fairly high security level.”

In a report published in 2017, Symantec found that Android devices surpassed iOS devices in terms of mobile vulnerabilities reported. However, the report also noted that the amount of malware attacks on mobile devices overall had increased.

Should Apple be forced to allow their users to download apps from third parties, cyber experts said there are options to ensure the security of users’ devices.

But that would also mean Apple taking new precautions.

“The biggest thing they are going to have to do is make sure that there are no vulnerabilities,” Greene said. “They need to make sure their operating system is as secure as possible, and there are security tools available for iOS devices.”

Google currently uses its “Play Protect” service to secure more than 2 billion users daily. The program, which is a built-in malware protection service for Android devices, is described by Google as “always improving in real time” through machine learning algorithms.

Keating praised this system and said Apple should look at coming up with something similar.

“They are going to have to come up with some more systematic approaches to evaluate their entire ecosystem, similar to what Google is doing,” Keating said.

“They have a proactive service of vetting apps," Keating added.

"Apple will have to cast a wider net in terms of their ability to do that.”