The push to open up Apple's walled garden

Apple’s walled garden is well known as a tightly-controlled and secure place. 

But not everyone is happy with what goes on behind the garden walls. For a while now, some have glared at them with suspicious, sceptical eyes. They see a place that’s closed to competition where Apple sets the rules and profits too handsomely as a result.

Such is this strength of feeling, especially in the EU, that there’s now legislation in place that will push Apple to open up its walled garden and allow app sideloading (downloading apps from third-party sources). 

But what might the security implications be of this shift? 

And what does the move tell us about the wider tension in tech between a desire for greater freedom and competition and the need for robust security mechanisms?

Apple’s ecosystem is known as the walled garden because of its comprehensive security measures and the restrictions placed upon end users of its devices and operating systems.  

These restrictions are often cited when people compare iOS with its rival platform, Android. Those who value technological freedom above all else might choose the latter because by nature it’s a lot more open. But for the same reason there tend to be more risks and vulnerabilities in the Android ecosystem. 

To begin with, think for a second about all of the manufacturers of devices that run the Android OS. There are a lot of them, from Samsung to OPPO and Huawei. With Apple, on the other hand, there’s just one: Apple. And that means the company has complete control over development, distribution, and security. 

A good example of this is OS updates. The fragmentation of Android means that update rollouts aren’t always quick or consistent. Indeed, some older devices are often left out of this update process altogether. Apple updates, on the other hand, tend to be rolled out quickly and seamlessly. This helps to make sure that devices are equipped with the latest security mechanisms that protect against known vulnerabilities. 

iOS apps also go through a rigorous review process before they arrive on the App Store and can be downloaded by end users. This is done to make sure that new apps meet Apple’s quality, privacy, and security standards. As we’ll explore in more detail later, this is a key reason why Apple has been reluctant to allow app sideloading. 

Again, Android provides an interesting point of difference here. Google too has sophisticated security features integrated to the Android Play Store, but it also allows end users to install apps from several sources. Including from third-party websites and app stores. So, Android users have more freedom, but they’re also exposed to more vulnerabilities (including potentially malicious or compromised apps) if they choose to download them outside of the Google ecosystem. A pointer, perhaps, to what might be in store for iOS users should they choose to search for apps outside the App Store.

It’s useful to mention at this point that iOS security can be a little overstated. It certainly isn’t quite as infallible as some people think. Indeed, we sometimes have to explain to prospective customers of our own mobile app protection product, DexProtector, why they really should be applying the same protection mechanisms to both their Android and iOS apps. Especially if they want to protect their logic and sensitive data from reverse engineering, tampering, and theft.

That said, it’s true that the walled garden approach invites fewer outside unknowns that can become threats further down the line. Apple has invested heavily in achieving and maintaining a reputation as the safer of the two big mobile OS ecosystems. And on the whole this effort has paid off. End users do tend to associate iOS with a higher level of security than Android. And so security has become an important selling point for Apple in recent years.   

But while some users associate iOS with security and privacy, other individuals and groups have been more judgmental. Elon Musk has openly lamented what he sees as Apple’s payment monopoly. And he’s not the only one. Epic Games, the creator of the popular Fortnite game, took Apple to court in 2020 citing the App Store’s unfair in-app-purchases practices. Most saw the result of that case as a victory and vindication for Apple - more recently the company also won their appeal case - but there’s no denying it helped to more widely publicize what many see as anti-competitive behavior. The 30% cut that Apple takes from app purchases and in-app transactions in particular has seen plenty of raised eyebrows.

Among those to take note was the European Union. Rather than Elon Musk or Epic Games, it’s the EU Government that appears to have compelled Apple to open up its walled garden in this way and allow app sideloading - at least in Europe. Their Digital Markets Act (DMA) is designed to encourage competition in the app market. In Apple’s case that means making some big changes to how they operate - at least in Europe. They have until 2024 to comply with the DMA; if they don’t then they’ll be liable to pay a hefty fine (up to 20% of annual global revenue).

While this isn’t the first time that Apple has relaxed its policies - the company has made gradual changes in recent years, including loosening its restrictions for publishing to the App Store - app sideloading feels like the most significant shift yet.

So, what does it mean for security?

This isn’t the first time we’ve highlighted the difficult balance between a desire for greater level of competition and the need for strong protection mechanisms. It’s something of a recurring theme in the tech space, after all. But this latest example of a growing tension between the two begs the question: 

Could the DMA’s goal of increasing competition in the mobile app market come at the cost of more cyber risks facing end users? 

Apple has certainly claimed as much, stating that app sideloading would lead to end users being up against some serious security threats. 

App sideloading certainly has the potential to expose iOS applications, devices and users to more risks. Apps that are available to download and install on third-party stores might not be subject to the same strict review process carried out at the App Store. That means end users might mistakenly install apps that contain malware or other forms of malicious code. 

Similarly, Apple and others arguing against this shift are fearful that fake versions of genuine apps might appear on third-party platforms for unsuspecting end users to download. These apps too could come with malicious code or malware capable of stealing information via overlays or keyloggers.

In recent years Apple has also gained a lot of credit among end users and tech analysts alike for its privacy policies. Features like App Tracking Transparency exist to give end users more control over how their data is used. And so it’s unsurprising that privacy has also emerged as one of the key arguments against app sideloading. The fear for some is that third-party stores wouldn’t apply the same level of scrutiny that Apple does and so personal data might be misused or collected without authorization.               

Again, Apple currently has complete control over the applications uploaded to its App Store so it can monitor any bogus apps that slip through the net. But this would no longer be the case if app sideloading was allowed. The company would also have much less sway when it comes to enforcing security guidelines for developers to follow, with the potential end result being a greater number of less secure apps available for end users to download. 

Opening up Apple’s walled garden could therefore damage iOS’ hard-fought reputation as the more secure of the two big mobile platforms. And it could expose end users of iOS apps to the kind of threats that they’ve perhaps steered clear of up to now. 

But there are also implications for developers of applications. As we’ve already mentioned, there’s sometimes some complacency when it comes to protecting iOS apps. Apple’s reputation for security is such that some developers assume it isn’t necessary to apply the same kind of enhanced protection mechanisms used to protect Android apps. This isn’t true now - and it certainly won’t be true in the event of app sideloading and the increased vulnerabilities that this shift will bring about.

So, what should you as an iOS app developer be mindful of now and in the near future (once the iOS ecosystem opens up)?

The threat landscape is ever changing (as the push to open up Apple’s walled garden neatly illustrates) and so you need to cover as many bases as possible to make your app significantly tougher to crack. 

Perhaps the easiest way to think about this is that your iOS app needs four interconnected layers of security. 

First up is code and resource hardening. The idea here is that you use sophisticated encryption and obfuscation to make the decompiled code within your iOS app extremely difficult - if not impossible - to decipher. This is vital because decompilation is more often than not the first step an attacker would take before carrying out any of the attacks mentioned in the previous section.

These days, though, the vast majority of attacks happen while your app is running, which is why you need to ensure a secure runtime environment, too. A runtime application self protection (RASP) solution enables your app to protect itself at runtime by detecting the presence of rooted devices and dynamic instrumentation tools like Frida, among other threats. If they’re detected, you can then prevent the app from running, which stops bad actors from taking full control over your app’s execution.

Of course it isn’t only your iOS app that needs protecting but the communications channel between it and its remote endpoints, which brings us to our next layer of protection: secure network communications. iOS performs public key certificate validation checks to prevent network attacks, but it’s possible to override this system check and install fraudulent root certificates. So, it’s crucial - especially in a world where app sideloading is permitted - that you perform such checks from the mobile app itself.

Finally, there’s arguably the most important layer of all - application integrity. Last summer we wrote another article about protecting your app if it’s published on a third-party platform, and maintaining integrity control was our number one focus. Why? Well, application integrity is all about stopping an attacker from tampering with your app’s binaries. Because if they’re able to do so, they can disable other protection mechanisms we’ve set out in the previous layers. Being able to check that nothing has changed in your app is therefore absolutely essential, especially if it’s out of your direct control on a third-party platform.            

As one of the main dangers of sideloading apps is the existence of applications with malicious code or malware, it’s also important you equip your app with malware mitigation measures. This includes blocking screen capture, preventing the use of custom keyboards, and disallowing the presence of overlays on sensitive UI pages.

Educating your end users will also be incredibly important in the event that Apple is forced to accept app sideloading. After all, as iOS users they’ll almost certainly be less aware of the threats that exist out there compared to those using Android devices. The most obvious piece of advice would be to make sure that end users trust the company behind an app or its developer before downloading from somewhere other than the App Store.    

It’s also vital that end users keep an eye on the permissions that apps are asking for. This is something they should ideally be doing anyway, but away from the App Store and Apple’s lauded privacy measures, this becomes even more important.

It should be said that the intentions of the DMA are noble - there’s a very solid argument in favor of greater competition in the tech space. Opening up the application ecosystem can be a positive thing for creativity and innovation, too. It would potentially give developers more freedom as well as a greater share of the overall revenues their app generates. 

The problem is that unfortunately we’re living in a world where bad actors are skilled at exploiting any opportunity. And app sideloading can be such an opportunity if you don’t equip your iOS application with the means to protect itself in the wild world of third-party app platforms.     

When you think about it, the modern technological world we inhabit is one big balancing act between risk and reward. Deep down we’re all aware that when we use our favorite social platforms, we’re constantly sharing data about ourselves that can later be used for advertizing purposes. But we do so because we decide this is a price worth paying for the enjoyment we take from that app.

But as the digital landscape evolves, our risk-reward calculations might have to change, too. Ultimately it’s on end users to decide whether, for example, they’re willing to download a mobile game from a third-party store that doesn’t have the in-built safety features that the App Store has. 

Our objective here at Licel is to encourage the use of enhanced mobile app security so that a lot of the threats that can emerge as a result of app sideloading are less of an issue. But there will still always be threats and the potential for human error like falling for a social engineering scam - something that any of us are capable of in a distracted moment.

Apple is due to announce its strategy for dealing with app sideloading in the coming weeks. The most likely scenario is that they do open up their walled garden but with some conditions, such as ensuring that developers of apps abide by their strict security and privacy policies. 

But there will be those who seek to prod, probe and profit from any weaknesses as everybody recalibrates to this new reality. 

The best thing you can do is make sure that your app is protected as well as it can be. That way it won’t be exposed to these new threats that will almost certainly emerge.