Epic Games expert says iOS could be like macOS without security drawbacks
An Epic Games expert witness laid the groundwork for an argument that Apple could make iOS more like macOS in terms of app distribution and third-party access without suffering in security.
Credit: AppleCredit: Apple
During his testimony on Friday, Harvard University Computer Science Professor James Mickens laid out the differences between iOS and macOS to Judge Yvonne Gonzalez Rogers. Some of the key areas of distinction include security, app distribution, and third-party app access.
For example, Mickens says that Apple's App Review process provides negligible security benefits over iOS's built-in defenses. That's because of mechanisms like sandboxing, which prevents app from interacting with other parts of the system.
At another point, when asked by Judge Gonzalez Rogers whether iOS is more secure than macOS, Mickens said that he believed it's not "meaningfully more secure."
Additionally, Mickens said that opening iOS to third-party app stores would not have a "meaningful difference on the security experience." If Apple opened up iOS, it wouldn't prevent users from only obtaining apps from the App Store, he added.
In response to the third-party access comment, Judge Gonzalez Rogers said that Mickens had "made a good point," but noted that she's concerned about the numbers.
At other points during his testimony, Mickens said it would be trivial to port security features like malware scanning and notarization to iOS.
Mickens' testimony defends a crux of Epic Games' argument against the iOS App Store. Epic notes Apple says both iOS and macOS are safe and secure, though Apple does not enforce the same restrictions on Mac. This seeming disconnect could undermine Apple's claims that security and privacy are at the heart of iOS App Store rules.
The Harvard University professor is slated to give additional testimony on Monday.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Credit: AppleCredit: Apple
During his testimony on Friday, Harvard University Computer Science Professor James Mickens laid out the differences between iOS and macOS to Judge Yvonne Gonzalez Rogers. Some of the key areas of distinction include security, app distribution, and third-party app access.
For example, Mickens says that Apple's App Review process provides negligible security benefits over iOS's built-in defenses. That's because of mechanisms like sandboxing, which prevents app from interacting with other parts of the system.
At another point, when asked by Judge Gonzalez Rogers whether iOS is more secure than macOS, Mickens said that he believed it's not "meaningfully more secure."
Additionally, Mickens said that opening iOS to third-party app stores would not have a "meaningful difference on the security experience." If Apple opened up iOS, it wouldn't prevent users from only obtaining apps from the App Store, he added.
In response to the third-party access comment, Judge Gonzalez Rogers said that Mickens had "made a good point," but noted that she's concerned about the numbers.
At other points during his testimony, Mickens said it would be trivial to port security features like malware scanning and notarization to iOS.
Mickens' testimony defends a crux of Epic Games' argument against the iOS App Store. Epic notes Apple says both iOS and macOS are safe and secure, though Apple does not enforce the same restrictions on Mac. This seeming disconnect could undermine Apple's claims that security and privacy are at the heart of iOS App Store rules.
The Harvard University professor is slated to give additional testimony on Monday.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Comments
Do you know what I do when I want to save money on a purchase? I look for discounts instead of just expecting them to manifest, but maybe that's me and my lack of entitlement speaking.
That isn't to say that there's not an argument for saying Apple takes too high of a cut, but you haven't made that argument or factored in how much other stores take for the same or even less service. And let's not forget how much app stores charged before the Apple introduced the App Store for iOS.
Problem is, Sweeney Turdd, WE AREN’T THE CEOS OF APPLE.
You think it cost Apple, Google, Microsoft, Sony or Nintendo nothing to provide Netflix, Epic and Spotify to have their free app on their platform. Apps that depends on platforms whose owners invested billions of dollars in R&D to develop, maintain and update?
Epic or Spotify not wanting to pay anything to the owner of platforms that their free apps are on, for the access to those platforms customers, cost of R&D to develop those platforms and cost to maintain those platforms, would be like setting up a food truck in a McDonalds parking lot and then telling customers that purchase food from them, to go inside McDonalds is they need napkins, straws, ice, condiments, get out of the cold, to throw away their garbage or to use the restroom. What's in it for McDonalds?
You purchasing of a TV from Best Buy is also a bad example. When you buy a TV from Best Buy and take it home, Best Buy do not own the IP that the TV depends on, in order for you to view anything on it. On the other hand, Apple, Google, Microsoft, Sony and Nintendo owns the IP that makes their devices work and allows free apps from Netflix, Epic or Spotify, to exist. And you never ever purchase that IP.
No, Epic, it would not be nice if iOS was as vulnerable to malware and code pollution as macOS.
iOS isn’t “meaningfully more secure”. Based on what? There are significant differences between them and for him to minimize those differences as being “meaningless” shows his ignorance.
He’s also wrong about third party stores not affecting the security of users who choose not to use them. The mere act of opening iOS up to allow outside installs automatically makes iOS less secure. iPhone users will now get bombarded with links to encourage them to install this or that App. The reason mass targeting people works is that a small number fall for it. This vector doesn’t exist right now.
Third party Apps will almost certainly not be vetted the same (these stores will be operating on razor thin margins and won’t have the budget to) meaning that we’ll see things like SDKs with built-in tracking/harvesting used to suck as much data as possible.
He’s also ignoring privacy (concentrating only on security). This is an area that will be blown wide open with third party stores. If your friend downloads a shady App then any communication you have with them could now be intercepted. Your iPhone is “clean” but the other persons isn’t and because of that your personal information can be extracted. Apple also has many APIs that are available to enterprise developers, but not regular developers. Does anyone think third party stores will bother to check which APIs an App is using and if they’re abusing APIs that are only for enterprise users?
This guy isn’t really thinking this through.
I cannot put up a fence around my front lawn (weird one). I cannot build a four storey extension in my back garden, even though I own the land. I cannot build a massive three hundred foot satellite dish in the roof. I cannot do anything that would make the house unsafe and then try and sell it.