0

Are you looking forward to the new age of mobile app insecurity?

A contact recently told me that Apple handles thousands of inquiries from people who have forgotten or misplaced their Apple ID logins every day. That’s probably why Apple recently made it easier to access your Apple ID using any known email address.

But Apple reps are also inundated with requests related to third-party apps over which they have no control. As the EU looks to force Apple into allowing apps from alternative app stores onto its devices, a practice known as sideloading, the user experience with Apple devices — and the flood of inquiries and complaints — is about to get much, much worse.

Twist and shout

There are over a billion Apple device users in the world.

Each one of these has their own Apple ID to access and use their devices, and that ID is frequently also used when purchasing items from the App Store. When people forget that ID they go to Apple, and the nature of people is such that they turn to Apple any time they encounter a problem with their device.

What this means is that Apple’s online and physical stores already handle thousands of inquiries that relate to issues with third-party products every day. I guess the conversation goes like this:

  • Customer: “Hi, I have a problem with AppName. Can you help me?”
  • Apple: Takes a look. “Ah, but I see the problem is to do with the app password. That’s not something we can help you with.”
  • Customer: “What do you mean you can’t help? I purchased this app with your device and via your App Store. Why won’t you help me?”
  • Apple: “I’m sorry, dear customer, but we can’t help you with this, as the interaction was between you and the app. We literally don’t have access to the data you need to help you.”
  • Customer: “What do you mean?”

Result: the customer is left upset. The Apple representative is also upset, as they can’t help the customer. No one is happy.

This happens many, many times each day.

Don’t let me down

When it comes to platforms used by a billion people, it is inevitable that not everyone will properly secure their devices, recall their passwords, or understand the risks they take when purchasing apps, particularly when all the stores seem legitimate.

We already see these risks play out on Android. A 2022 report (PDF) from the UK’s National Cyber Security Centre confirms that “users of third-party stores are particularly vulnerable.” That report also describes a host of vulnerabilities in which scammers have shared infected software or made use of undermined or spoof app sales sites.

There are also problems on legitimate sites. Earlier this year, Android malware was identified as having been downloaded 400 million times from Google Play. There have also been rare instances in which the more heavily curated Apple App Store was undermined.

And where do people turn when they are attacked, their devices hacked, or their data subverted? They go right back to the platform vendors, and when the fault stems from a third-party app or service, end up in a similar conversation to the one above.

This already happens thousands of times each day.

It’s getting worser all the time

And soon it’s going to become worse. EU industry chief Thierry Breton recently told Apple CEO Tim Cook that the bloc is determined to force Apple to open up its platforms

Apple will be forced to support app sideloading from outside the App Store, to open up payments from third party services, and to make it possible to use alternatives to the stock apps.

This will likely make for a more homogenous and boring mobile ecosystem, and while some will profit from this deregulation, most ordinary users will still end up going right back to Apple to get tech support for third-party problems. We know this because this already happens.

Apple I guess will try to find some way to offer its customers the core Apple experiences they are used to and enable them to opt out of that experience at their own risk.

Shoppers will be able to choose to use third-party apps, payment services, and stores, and some big app developers will attempt to force them to take that choice. Inevitably, within the initial cacophony of competing payment services and app stores, some security problems will emerge. When they do, despite the terms and conditions users opting out of the secured Apple experience agree too, they will run to Apple for help.

Got to get EU into my life

Now the EU seems to have a plan to make it complicated for Apple or Google to offer a stock mobile experience for those customers who don’t want to be exposed to the risk of a free digital market in the middle of environmental collapse and global war. The bloc is advertising for someone to study the mobile markets to ensure that Apple and Google stick to the script and open up.

Prepare for chaos as, during a period of deep political and economic uncertainty and at a time of heightened online crime, the EU is about to demand iPhones and Android devices open up.

Get back

While the EU may argue that creating industry-wide standards and consumer protections will secure these environments, I’d quite like to see what those protections are before forcing billions of people and millions of businesses to take on this additional risk.

Given that the platform vendors will be the first port of call for millions of customers who fall foul of such risk, I presume Apple and Google will be entitled to charge third parties operating on their platforms a fee toward the development tools and tech support costs they will inevitably face supporting them.

The result of which will, I guess, translate into a slightly smaller 15-25% fee on app downloads, but an experience that for most users will be much worse than what they already have. What an epic victory.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and AppleDiscussions groups on MeWe.

Copyright © 2023 IDG Communications, Inc.

#age #mobile #app #insecurity