Apple has launched a passionate defence of its App Store security policies amid ongoing questions about fair competition and concerns over Apple’s control of its app marketplace.
The UK competition regulator and the EU are both currently investigating the tech giant over a number of concerns, including its terms and conditions for app developers, which have been criticised as anti-competitive and unfair.
But Apple says loosening its rules would make users less safe.
The iPhone maker has published a new document detailing its approach to safety and security on the App Store, and defended its “walled garden” approach which only allows apps to be downloaded on to the iPhone directly from the company’s official App Store, in contrast to rival platforms such as Android.
But critics have argued that this approach effectively makes Apple a gatekeeper and gives the company – unfairly, they claim – the definitive say on if and how a developer can distribute their app and get it on to an iPhone.
Apple, however, disagrees.
“Security researchers agree that iPhone is the safest, most secure mobile device, which allows our users to trust their devices with their most sensitive data,” the company says in the new document.
“We built industry-leading security protections into the device, and we created the App Store, a trusted place where users can safely discover and download apps.
“On the App Store, apps come from known developers who have agreed to follow our guidelines, and are securely distributed to users free from interference from third parties. We review every single app and each app update to evaluate whether they meet our high standards.
“This process, which we are constantly working to improve, is designed to protect our users by keeping malware, cybercriminals, and scammers out of the App Store.”
The new report, which is entitled Building a Trusted Ecosystem for Millions of Apps, also dismisses suggestions Apple should allow apps from in-direct and third-party sources on to the iPhone.
“Today, it is extremely rare for any user to encounter malware on iPhone. Some have suggested that we should create ways for developers to distribute their apps outside of the App Store, through websites or third-party app stores, a process called ‘sideloading’,” Apple said.
“Allowing sideloading would degrade the security of the iOS platform and expose users to serious security risks not only on third-party app stores, but also on the App Store.”
The company argued that the size of the iPhone user base would be an appealing target for cybercriminals and would see iPhone users being increasingly targeted by scammers.
It also suggested that Google’s Android, which does allow sideloading, was far less secure than Apple’s approach as a result.
“Studies show that third-party app stores for Android devices, where apps are not subject to review, are much riskier and more likely to contain malware as opposed to official app stores,” the tech giant said.
The document also included a scenario suggesting what could happen to iPhone users if sideloading from third-party stores was allowed on the platform.
It suggests that apps would be able to bypass parental controls which block children from seeing apps not appropriate for them because the App Store cannot police them, and copycat apps that contain ransomware could more easily trick users into downloading them, then take hold of someone’s data and demand payment to release it back.
The company also argues that as well as jeopardising user privacy, the wider app ecosystem would be damaged as a result.
“Scammers would be galvanised to develop tools and expertise to attack iPhone device security,” Apple said.
“The App Store is designed to detect and block today’s attacks, but changing the threat model would bypass these protections.
“Scammers would then use their newly developed tools and expertise to target third-party stores as well as the App Store, which would put all users at greater risk, even those who only download apps on the App Store.
“The additional distribution channels introduced by sideloading provide malicious actors expanded opportunities to exploit system vulnerabilities, thereby incentivising attackers to develop and disseminate more malware.”