Is macOS vulnerable to major cyber security flaws? Over time, Apple has repeatedly claimed that macOS is a considerably safer desktop operating system over its primary rival, Microsoft Windows, but last night, at the ongoing hearings in the Apple vs Epic Games court battle, this one particular point was rather surprisingly refuted and put in perspective by none other than Craig Federighi. The senior vice president of software engineering at Apple testified to questions around how Mac and iOS software work, and in a pivotal point, claimed that the state of cyber security on Macs is far from satisfactory – and cited this as one of the biggest justifications of why Apple chooses to so closely guard its app ecosystem in iOS.
Apple’s ‘walled garden’
Time and again, Apple has been accused of running a “walled garden”, an ecosystem that it guards and controls way too closely. It isn’t new – Apple has always envisioned to have end to end control over how things work in its software ecosystem – from apps that open as default, to how you download things, to even how a ringtone can be set on a device. This has attracted plenty of criticisms, too – from developers in antitrust cases blaming Apple for taking an unfair revenue cut from downloads, to other services accusing Apple of unfair bias with their own services, over others.
Apple keeps iOS “far more secure” than competitors, and the “walled garden” approach indicates that it “succeeds in doing so.”
At the hearing last night, Federighi’s statement touched upon Android, macOS, iOS and even standard PCs, to justify how such strategy has worked or hasn’t, for Apple. He took on Android and its ability to side-load apps, something that many developers have appreciated – and something that allows operating systems based on AOSP to feature a non-centralised and compulsory app service, such as how /e/ OS works. Addressing iOS as a “once in a generation opportunity”, Federighi stated that Apple set out to keep its mobile OS “far more secure” than its competitors, and then even stating that the so-called “walled garden” approach carries all indications that Apple has “succeeded in doing so.”
“It’s well understood in the security community that Android has a malware problem and that iOS has succeeded so far in staying ahead of the malware problem,” the executive said in court.
Security to scale
It is at this point that Federighi made the surprising disclosure that Macs are definitely not safe – at least not as safe as Apple would like it to be. Referencing the ability for users to download and install applications from third party sources on Macs, Federighi said that this has led to a “significantly larger malware problem” on macOS, than what Apple has on iOS. Making a case for this argument, he claimed that macOS’ installed user base was about a tenth of that of iOS, hence showing the scale of security concerns that Apple apparently faces as a result of supporting third party app download sites.
Instead of answering what Apple can do to support an open developer environment, the argument focused on what it shouldn’t.
While Federighi left the balance of the argument open with a car analogy, stating that it is on the user to ensure responsible off-roading with both cars and computers, his argument was clear. iOS has a much bigger user base, with an estimated active user count of over a billion. With this, if Apple were to open up the OS to support third party sites for downloading apps, it would also leave the OS in the hands of targeted threat actors, who regularly target Android through unverified download sources and load their devices with spyware, stalkerware, adware, ransomware and so on.
To justify this defence, Apple threw the security of its Macs under the bus – something that it has vehemently defended for long. Hence, instead of pulling in the question of what Apple can do to support a more competitive and open developer environment, the executive drove his argument towards what it shouldn’t do in order to keep its software safer than competition. There are both sides to this argument, and while iPhones have been repeatedly proven to be vulnerable to security flaws, too, the scale of security gaffes that it faces in comparison to Android or Windows is undeniably smaller.
Everything that’s been said
Apple has so far defended the reason behind developing such a closely guarded app environment, with Phil Schiller’s recent testimony throwing open a number of vital points. Schiller, who led marketing at Apple for almost 30 years, underlined how jailbreaking caused security concerns for Apple when users started putting their own apps on the phone, subsequently creating the App Store as it is known today.
Schiller spoke about the tools Apple has built for independent developers, the access to consumers it has given, and so on.
As Epic cited the late Steve Jobs’ statement of not intending to make money by selling apps as its argument that Apple is doing the wrong thing by making as much money as it is, Schiller defended by talking about all the developer tools that Apple has built, the access to consumers that it has given to independent developers, and other such factors. He also stated that he did not believe that the app market was a duopoly between itself and Google, but this seemed like the kind of stretch that we’ve gotten used to at antitrust hearings.
One pivotal hearing would be of Apple CEO, Tim Cook, who takes the chair at the hearing on Friday, May 21. Until then, we’re poised at Apple throwing the floodgates open on macOS, but in the other way round – instead of pushing iOS towards Mac, Federighi and Apple clearly want macOS to be more like iOS.