The obvious concern is that losing Apple as a gatekeeper would erode the protections that make iOS famous. People buy iPhones because Apple promises to keep your data private, a promise that Google cannot match, given the nature of their business and their operating system. Would breaking the App Store make iOS as insecure and prone to malware as Android?
Not according to Yair Ivnitsky, a mobile developer at cybersecurity company GK8. He said that review of App Store, where the company vets apps before they are added to the store, but one of a number of ways is that Apple secures the iPhone. And that, in general, in the very unlikely event that the iOS was opened, users would not be at too great a risk.
Ivnitsky explained how iOS is secure by design, starting with the secure enclave on iPhones and iPads. The enclave contains a hardware-based key controller that is isolated from the rest of the system.
There are then several layers of system security on top, including a secure boot process that prevents malicious code from entering the OS when it boots up. The data of each app is encrypted in AES (Advanced Encryption Standard), and locks the data with a key that is only available within the secure enclave.
When apps run, they do so in a sandbox, giving them “limited access to the phone’s resources,” Ivnitsky said. Part of this process is the fact that it constantly requires apps to request permission before it can access specific hardware and software features. And, as we’ve seen with iOS 14, these permissions can reveal how apps control their users. That may be enough, again, to reassure users.
iOS then includes more proactive threat management, such as a built-in firewall and antivirus that can, for example, stop you from trying a malicious URL. But the definitive layer, on top of all this, is App Store review, because iOS will only run apps with code that Apple has signed up for. Apple acknowledges that this process is “not a silver bullet”, but says that “the extent of potential damage is severely limited if an app is limited to the minimum set of privileges it needs to get its job done.”
In essence, Ivnitsky stated that the point here is not to make your iOS device inaccessible – that would be impossible – but to make it as difficult as possible. “A lot of hackers don’t like iOS because it costs a lot of money and time to find a vulnerability,” he said. The example he used was spy from companies, saying it was worth the money to access a CEO’s phone. If that is the level of effort required to break into an iPhone, it will hopefully limit the drive-by hackers who try to gain access to your controlling account data.
Another security professor who reflected that sentiment was Jakub Kobeldys, lead developer at VAIOT, a company that provides secure digital services to the legal sector. “It’s not that iOS is full of holes,” he said, but that “the App Store is a natural second layer that [Apple] can filter through and decide if something would be harmful. “He agreed that it was not idiotic, but that it could help to shield ‘unwanted’ apps.
Relaxing Apple’s system would greatly benefit companies that want access to Apple’s customers but are unable or unwilling to play by Apple’s rules. Spotify could sell your Premium without the current contortions it has to make to avoid Apple paying a 30 percent cut. Plus, you could access game streaming services that Apple does not currently allow, such as Stadia, xCloud and Facebook Gaming. Microsoft and Facebook have publicly grumbled about Apple’s need for individual review, forcing them to axle, or severely limit, gaming services on iOS.
One of the reasons people buy iPhones is the built-in security. Opening the App Store may not remove iOS, but it would certainly force users to be more careful about downloading apps that may not be as secure. And it will be up to each person, and the regulators, to decide if that’s a price worth paying.
