Malicious hackers who focus solely on corporate espionage usually target the acquiring company,...
An Issue for iOS Security can be Third-Party App Stores
Apple, known for its strict policies, is undergoing a change as it will now allow for third-party app stores and direct sideloading of software on its iOS Security devices. The change has been brought about due to the European Union’s Digital Markets Act (DMA), which aims to promote open markets by limiting the power of digital “gatekeepers” to control the content on devices.
The shift to allowing third-party app stores and sideloading software on iOS devices comes with a potential security concern. This compliance-driven change has implications for Apple, app creators, and the protection of appropriate devices.
The DMA: Taking a Bite Out of Apple with iOS Security
In preparation for the European Union’s Digital Markets Act (DMA), which will be fully enforced on March 6, 2024, many organizations, including Apple, are making changes to comply. Apple is expected to allow users to install third-party app stores on their iOS devices and will incorporate USB-C ports into all iPhones by 2024 to meet the changes in cable connections mandated by the DMA.
The breaking down of digital restrictions can offer advantages to both app developers and end-users. For developers, the ability to sell their software through a third-party app store eliminates the need to pay a commission, which can be as high as 30% of user payments per app, to Apple. On the user side, having the option to access software outside the iOS app ecosystem provides more options and greater control. Instead of relying on Apple’s approval process for new software, users can find alternatives on third-party marketplaces or download them directly.
The Risks of Removing Gatekeepers with iOS Security
It’s not unexpected that Apple executives are unhappy about the change, as they view software sideloads as a tool for cybercriminals.
The shift to allowing third-party app stores and sideloading on iOS devices has caused some concern among Apple executives. They view the closed-loop nature of iOS as a selling point, as it reduces security risks by allowing for better control over application distribution and updates. This has been supported by data showing that after 10 months of the release of Android OS version 12, 30% of federal employees were still using older, less secure versions, compared to just 5% for iOS 15. However, this stricter control also means less choice for users.
However, this change to third-party app stores and direct software downloads affects Apple’s capacity to provide consistent security measures. For instance, apps obtained from stores other than the iOS store might contain security weaknesses or even malicious software. If cybercriminals can evade the security scans performed on the device, they may be able to breach users’ devices.
Apple’s move to allow third-party app stores and software sideloading could impact the consistency of device security. As the company won’t have a financial interest in these apps, it may not prioritize protection, leading to the potential for critical security vulnerabilities or even malware in the apps. On the other hand, Apple may save money on third-party security and could potentially see users return to the iOS ecosystem if they experience issues with these apps.
How Security Teams Can Prepare
Regardless of one’s view on the shift towards open digital borders, change is imminent. In light of this, security teams would benefit from taking steps to prepare. Here are three strategies to enhance iOS security after the change occurs.
Ban Third Party App Stores and Sideloading
An approach to increase security is to prohibit the use of both third-party app stores and sideloaded software on company-owned iOS devices and enforce this through the use of mobile device management tools.
This approach to bolster iOS security, which involves prohibiting the use of third-party app stores and sideloading on company-owned iOS devices and enforcing it through the use of mobile device management tools, has its benefits in terms of security. However, it can also result in challenges such as resistance from employees, particularly those who use their personal devices for work or while on the go. By disallowing third-party app stores on personal devices, organizations may find that employees opt not to use their personal devices for work purposes, ultimately lowering overall productivity.
Implementing a complete ban on third-party app stores and sideloading has the advantage of providing enhanced security, but it can also have negative impacts. For example, employees may resist the ban, especially if they use personal devices for work purposes, leading to a decrease in productivity. Additionally, companies may have to wait longer to access new features or functionalities that could improve their operations, since some useful apps may be available on third-party app stores sooner than in official channels.
Leverage Additional Security Tools
Another way to secure iOS devices is by using advanced security tools like next-generation web application firewalls (NGFWs) and AI-based behavior analysis to assess the risk of third-party apps or sideloaded software. These tools can prevent downloads if they detect any issues, and allow installation if the software is considered safe.
It is important to continuously monitor the safety of both user devices and business networks, even if the apps appear legitimate and pass initial scans, in order to guarantee protection.
Create New Security Guidelines
IT departments may want to consider establishing new protocols for where users can obtain apps and when sideloading software is allowed, along with procedures to minimize overall risk.
IT teams could establish new guidelines for app downloads that dictate acceptable sources and protocols for reducing security risk. They could evaluate popular app store options and only permit access to a carefully selected few, based on their offerings and security measures. They could also mandate that staff notify IT about any new downloads on their devices and allow IT to assess the apps for potential threats. Finally, they should establish clear consequences for non-compliance with the app download rules.
It is important to keep in mind that there is no definite solution. Given the constantly changing regulations, organizations need to find a way to deal with third-party apps and sideloading that strikes a balance between device security, user autonomy, and control.
From Closed Loops to Open Borders
The era of limited app options in the iOS store in the EU is coming to an end. However, this expanded choice also increases the likelihood of downloading harmful apps that can damage user devices and pose a threat to businesses.
IT teams should take a comprehensive approach to minimize the risk of device compromise in light of the ending of closed-loop iOS stores in the EU. This approach should encompass prohibiting suspicious app stores and sideloading, utilizing advanced security tools to identify potential issues, and establishing new security policies to clearly define user responsibilities.
Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.
For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com