FEBRUARY 4, 2022
Apple insists an antitrust bill that would force it to give up tight control over which apps iPhone users can download could have devastating consequences for cybersecurity.
But some cyber practitioners are skeptical – and senators aren’t backing down.
The Senate Judiciary Committee voted 20 to 2 yesterday to approve a bill that would force Apple and Google to allow customers to load competing app stores onto their phones. In so doing, they bucked Apple’s warnings that the change would raise the chances of customers downloading apps loaded with malicious software that could steal their personal information, as Cat Zakrzewski reports.
If the bill becomes law, it would mark one of the biggest moves in the past decade to rein in the power of tech giants. And as Big Tech firms push back against a wave of such antitrust reforms, cybersecurity is increasingly part of the battle space.
In addition to the app store measure, tech firms are fighting against a proposal to bar them from privileging their own products against rivals — a reform they say could advantage companies from adversary nations that would run roughshod over U.S. citizens’ security and privacy.
- The company said in a June 2021 presentation that a staff of roughly 500 security experts reviews 100,000 new apps and updates each week.
- The company has rejected more than 1 million apps and an equal number of updates that weren’t up to snuff, it said.
Industry groups backed by big tech have generally supported Apple’s claims. Consumer and digital rights advocates have accused the tech giant of using security arguments to support its bottom line.
Apple strictly bars outside apps from being downloaded to iPhones — a system known as “sideloading.” Google allows outside apps on smartphones that run its Android operating system but pop-ups warn consumers the apps haven’t been vetted for security.
Some cyber experts are don’t buy Apple’s claims.
Noted security technologist and Harvard University lecturer Bruce Schneier called Apple’s claims “self-interested, oversimplified, and dishonest,” in a letter to the Judiciary Committee.
Alternate app stores could offer equal or better security than what Apple offers he said. If people do download malicious apps from outside Apple’s ecosystem, the company could still take security measures that prevent those apps from doing harm, he said.
Apple’s arguments also ignore a key fact — that many iPhone users who currently want to download apps that aren’t approved by Apple simply jailbreak their phones, Jake Williams, a former NSA cyber pro, told me. That process of removing the phone’s software restrictions results in far less security, said Williams, who’s a security analyst at the SANS Institute.
For non-jailbroken phones, there are definite security advantages to Apple having full control over its app ecosystem, Williams told me. But he believes the security advantage is not so great that it outweighs the advantage to consumers of having more app store options, Williams said.
More from Williams:
Walled gardens only stop (some) scammers. You can’t convince me walled garden app stores are necessary for everyday security/privacy concerns.
Apple could have compromised years ago by unlocking secondary app stores, but requiring users to explicitly enable them. https://t.co/a6RCmtTut1
— Jake Williams (@MalwareJake) February 3, 2022
Members of Congress appeared open to Apple’s concerns, although they ultimately voted for the antitrust bill.
The bills sponsors, Sens. Richard Blumenthal (D-Conn.) and Marsha Blackburn (R-Tenn.), addressed some of Apple’s concerns. They added language stating that platforms can remove apps they can prove are malicious or fraudulent and provide information about the risks of downloading third-party apps.
But they pushed back on going further, defeating an amendment from Sen. John Cornyn (R-Texas) that would have allowed platforms to bar any apps they say “raise significant cybersecurity risks or otherwise harm users.”
According to Cornyn, the amendment’s aim was to “say that you’re not required to open your product to competition by something that will actually unload malware onto your device.”
But Blumenthal argued it would effectively give Apple and other app store providers free rein to block apps for competitive reasons and claim it was about cybersecurity.
“Anyone, whether it’s Apple or Google wanting to defeat a claim here would simply say, ‘oh, cybersecurity risk’ and there would be no real protections,” he said.
Sens. Dianne Feinstein (D-Calif.) and Alex Padilla (D-Calif.) also expressed some reservations about the measure but voted to move it forward. There’s a similar House bill but it’s not clear when the bill might be debated by the full House or Senate.
Courtesy/Source: Washington Post