Skip to main content

Apple worries DMA has lowered the cost of iPhone exploits

Avatar for Zac Hall  | Mar 15 2024 - 10:22 am PT
28 Comments

Apple has been forced by the EU to allow app purchases and installs without the App Store. The effort to enable the capabilities as securely as possible has been massive. The details continue to evolve based on developer arms regulatory feedback, and many more changes for EU customers are planned over the next year. Still, Apple continues to express concern that the Digital Markets Act that enforces all these changes could come at a cost.

Perhaps the clearest expression of that concern comes from Gary Davis, Apple’s Data Protection Officer. In an interview with iCulture, Davis summarizes his view of DMA risks. In short, the view is that it could be cheaper to target iPhone users who use non-Apple payment methods and marketplaces.

What we are concerned about and what can also be read in the whitepaper is that the “costs” for an attack on iOS could decrease. That’s because of these new potential ways to attack users. This can be done via alternative marketplaces or alternative payment methods. It’s possible we’ll see attacks we’ve never seen before. The costs of developing an iOS exploit are still very high. Our team at the Security Lab is trying to make those costs higher and higher so that it isn’t worth it for attackers to target iOS.

That is something we are concerned about at the moment. We just don’t know how it will develop. That’s why we show people who download apps from these alternative sources a special screen with more information. Together with the notarization process, we hope that users will maintain the same confidence.

In the brief interview, Davis avoids commenting on the economic prospects of payment method and marketplace competition on the iPhone in the EU given that’s outside of his expertise.

I think this properly frames something about the DMA: regulation can be good for fostering competition while also being a step back for security. It’s a win-win for Apple to control the flow of cash and potential attack vectors. But the DMA doesn’t exist to satisfy Apple or strengthen platform security.

Perhaps the cost of the market competition regulation will be user security. Or maybe this will prove a non-issue, thanks largely to how implements compliance. But it’s perfectly reasonable to fear the price for penetrating attack vectors in less now than before.

Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Guides

News

Author

Avatar for Zac Hall Zac Hall

Zac covers Apple news, hosts the 9to5Mac Happy Hour podcast, and created SpaceExplored.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing