Welcome to Brown’s Bytes! Your weekly insight from Mobliciti’s CTO Andy Brown. Follow #brownsbytes
26th July 2018
For a long time now, enterprises have seen iOS as more secure than Android. I’ve covered this a lot in previous Bytes so will focus on just one of the reasons that is often given – the App Store.
Simply because Apple police their App Store pretty well (arguably better than Google have in the past). Not much has slipped through the net over the years… it’s not perfect, but it does mean that as a rule, enterprises have a level of trust in that anything that comes from the App store has undergone a basic level of testing for things such as malware.
For an enterprise this is doubly important as it’s the only trusted source for applications on a device by default. They add details for any in-house apps via EMM, but otherwise it is a single trusted source. If it didn’t come from EMM then it came from the Apple App Store. Users have to jailbreak to get around this and if they do then enterprises will most likely just block the phone.
In the background there has been a legal case knocking around for a while now (look for Apple v Pepper if you want to know more) that could have serious implications for this iOS security.
In a nutshell the claim is that Apple’s App Store has monopolised the app distribution market on their OS and this is being challenged under US Antitrust law. I’m not qualified to comment on the legal details of the case (and my legal team would likely have a fit if I did), but this has now made it up to the US Supreme Court and they have agreed to hear the case.
Clearly there is a lot at stake here for Apple from a financial perspective, but for enterprise customers there is also the potential risk that Apple is forced to open up their Operating Systems to other App Stores if they lose. If this happens then it breaks the existing single source of trust model above and would potentially bring Apple in line with how Android has been since the outset… which as stated, isn’t something that is much loved by enterprise customers (although in fairness Google has made massive strides recently in this space).Once there are multiple sources of apps you’re then into the thorny issue of which sources you allow… now it seems pretty likely that Apple would remain the master App Store that enterprises look to, but all it takes is a major app to shift across to a competing App Store (for arguments sake something popular in enterprise like Google Maps, Microsoft Office Apps or even something like BBC News) and suddenly there’s a can of worms opening up. Questions like “how will Apple allow users to add other sources?” and “will there be MDM hooks to control this?”
This case has been rumbling around for a while and I suspect will continue to do so for some time yet, but if you’re an iOS security admin you should definitely keep an eye on this as the implications are significant.
In the meantime, if you’d like to know more on how to control app security beyond just trusting the App Store vetting processes, then please do get in touch.