Craig Federighi blasts Mac security to prop up iOS App Store
Craig Federighi, Apple's head of software engineering, said that the Mac is not currently meeting the bar for customer security set by iOS and that the platform has an unacceptable level of malware.
Credit: Apple
Federighi took the stand on Wednesday in the ongoing Epic Games v. Apple trial, and offered details about the security of Apple products and some of the differences between the Mac and the iPhone.
For example, when asked by Judge Yvonne Gonzalez Rogers about why macOS can support multiple app stores -- something Epic wants on iOS -- Federighi used it as an opportunity to tout the security of the iOS platform by contrasting it with the Mac.
Multiple app stores are "regularly exploited on the Mac," Federighi said. He added that there's a "level of malware on the Mac that we don't find acceptable."
"iOS has established a dramatically higher bar for customer protection. The Mac is not meeting that bar today," he said.
The Apple engineering chief also used Android as an example of the dangers of third-party app stores. He pointed out that "it's well understood in the security community that Android has a malware problem." By comparison, "iOS has succeeded so far in staying ahead" of the problem.
Federighi said that there are 130 types of Mac malware that have affected at least 300,000 systems since last May. However, Federighi took the opportunity to defend the Mac as a different product with different users in mind.
"The Mac is a car. You can take it off road if you want and you can drive wherever you want. That's what you wanted to buy. There's a certain level of responsibility required. With iOS, you wanted to buy something where children can operate an iOS device and feel safe doing so. It's really a different product," he said.
Compared to other personal computers, Federighi said, the Mac is still "the safest possible" if operated correctly. "I've had a couple of family members who have gotten malware on their Macs, but ultimately, I believe a Mac can be operated safely," he said.
At other points during his testimony, Federighi explained and defended the thinking before iOS's walled garden approach.
If iOS was opened up, for example, "it would become commonplace for users to be directed to download misrepresented software from untrusted sources where they'd be subject to malware."
Federighi also contrasted the iPhone with the Mac by saying that the smartphone is much more personal, typically contains sensitive data, and has features like a camera and a microphone. All of these factors make iPhones "very attractive targets."
Similarly, the Apple executive said that Mac users are "typically much more wary of downloading software." By comparison, iOS users are accustomed "to getting apps all the time." Attackers, then, could find a much easier audience to exploit.
Federighi was also asked about the enterprise certificate program, which lets companies distribute apps on iOS outside of App Store review purview if they sign up for the initiative. Federighi says that the endeavor relies on a "specific trust relationship" between a company and its employees.
However, he said that Apple has seen "all manners of attack" through the enterprise program, and even called it "an area of significant abuse." The Apple executive added that the company has seen a "pattern" of bad actors signing up with fake companies and setting up app stores that are "absolutely full" of malware.
Epic's lawyer fired back during cross-examination, noting that Apple markets Mac as being suitable for use by children and does not position iOS as a safer, more secure alternative to Mac.
At another point, Epic's lawyers attempted to argue that features like App Notarization and the Mac Gatekeeper could be ported to iOS as a way of allowing outside app stores. Federighi disagreed, and said that the solution would not be practical.
Credit: Apple
Federighi took the stand on Wednesday in the ongoing Epic Games v. Apple trial, and offered details about the security of Apple products and some of the differences between the Mac and the iPhone.
For example, when asked by Judge Yvonne Gonzalez Rogers about why macOS can support multiple app stores -- something Epic wants on iOS -- Federighi used it as an opportunity to tout the security of the iOS platform by contrasting it with the Mac.
Multiple app stores are "regularly exploited on the Mac," Federighi said. He added that there's a "level of malware on the Mac that we don't find acceptable."
"iOS has established a dramatically higher bar for customer protection. The Mac is not meeting that bar today," he said.
The Apple engineering chief also used Android as an example of the dangers of third-party app stores. He pointed out that "it's well understood in the security community that Android has a malware problem." By comparison, "iOS has succeeded so far in staying ahead" of the problem.
Federighi said that there are 130 types of Mac malware that have affected at least 300,000 systems since last May. However, Federighi took the opportunity to defend the Mac as a different product with different users in mind.
"The Mac is a car. You can take it off road if you want and you can drive wherever you want. That's what you wanted to buy. There's a certain level of responsibility required. With iOS, you wanted to buy something where children can operate an iOS device and feel safe doing so. It's really a different product," he said.
Compared to other personal computers, Federighi said, the Mac is still "the safest possible" if operated correctly. "I've had a couple of family members who have gotten malware on their Macs, but ultimately, I believe a Mac can be operated safely," he said.
At other points during his testimony, Federighi explained and defended the thinking before iOS's walled garden approach.
If iOS was opened up, for example, "it would become commonplace for users to be directed to download misrepresented software from untrusted sources where they'd be subject to malware."
Federighi also contrasted the iPhone with the Mac by saying that the smartphone is much more personal, typically contains sensitive data, and has features like a camera and a microphone. All of these factors make iPhones "very attractive targets."
Similarly, the Apple executive said that Mac users are "typically much more wary of downloading software." By comparison, iOS users are accustomed "to getting apps all the time." Attackers, then, could find a much easier audience to exploit.
Federighi was also asked about the enterprise certificate program, which lets companies distribute apps on iOS outside of App Store review purview if they sign up for the initiative. Federighi says that the endeavor relies on a "specific trust relationship" between a company and its employees.
However, he said that Apple has seen "all manners of attack" through the enterprise program, and even called it "an area of significant abuse." The Apple executive added that the company has seen a "pattern" of bad actors signing up with fake companies and setting up app stores that are "absolutely full" of malware.
Epic's lawyer fired back during cross-examination, noting that Apple markets Mac as being suitable for use by children and does not position iOS as a safer, more secure alternative to Mac.
At another point, Epic's lawyers attempted to argue that features like App Notarization and the Mac Gatekeeper could be ported to iOS as a way of allowing outside app stores. Federighi disagreed, and said that the solution would not be practical.
Comments
People called me different names for suggesting the new M1 Mac software should be treated like iPhones App Store and said “PCs have always allowed software via web” as if moving forward was a bad idea.
macOS is still very much at risk from a user turning off Gatekeeper and installing an app from who knows where.
The irony is that the judge is questioning why they allow multiple app stores on Mac. Had Mac had one iOS-like App Store the argument wouldn’t have arose.
I would love if Apple gave more incentive to support the Mac App Store exclusively so we can have one giant pot to choose safe apps from. Apple dropped the ball on having one safe App Store with the M1 launch which would have been a huge incentive. Now that developers are in Apple’s new process, it’s too late.
At least on the Mac the number of applications floating around isn't all that large, and the number people actually install is even smaller.
All that said, Apple could make a far better App Store experience, and could probably enable third parties to serve as App Store marketers by letting them take a cut. If Epic was operating as the marketer for apps that were available through the regular iOS App Store but took, say, a 40% cut of the 30% paid to Apple by the user then there would be better marketing of those apps but the security model would still be in place.
The way Apple currently operates, broad marketing can only be done by Apple. Revenue sharing could change that enormously, and for the better for everyone. Imagine a website dedicated to writers or developers or gamers being able to review and link to the iOS App Store, with revenue sharing. We could end up with better writing apps, or better apps for developers or gamers, because we would have better dedicated gatekeepers motivated to be the place that users go to find well reviewed apps fitting a target market. Apple's own App Store is so freakin huge and has to balance presented apps to ensure fairness that it literally can't solve the problem of filtering apps to only the best to serve a particular purpose.
Marketing revenue sharing is hardly a panacea as well. It could certainly be abused, and until some trusted websites really get going and figure out how to reliable show up first in google versus crappy sites just popping up to get a cut, it could just end up being a cost to Apple with little user benefit. But it should be doable and would go a long way toward ameliorating Apple's potential anti-trust issues related to the App Store.
Apple could disallow non Mac App Store apps by default, and force you to go through some hoops to use apps not downloaded from there, which would be fine. Forcing Mac App Store as the only means of running stuff on the Mac would be platform suicide.
If you want an iPad, buy an iPad. It supports mice and trackpads well enough, with that support getting better with every iPadOS release. If you want a user experience limited by what is available on an Apple App Store, it works more than well enough.
And if you want a device you can safely give a parent or friend who you can't trust not to be talked into downloading crap (even with hurdles in place), buy them an iPad. Or, give them a non administrative account that is locked down from being able to install apps not from the Mac App Store. Just be prepared to be their IT person if they need to fix something that requires administrative access.
What a douche.