Costs of attacks against iOS could fall with DMA, says executive

In recent weeks, the Apple has been detailing the changes made to iOS due to the Digital Markets Law (Digital Markets Act, or DMA), in the European Union. Among them, the introduction of alternative distribution of applications in EU countries stands out, a requirement about which Apple has already expressed several security concerns as it supposedly increases the vulnerability of the system.

Exploring this question, the Dutch iCulture interviewed Gary Davis, senior director of data protection at Apple. He commented on the transformations necessary to implement DMA on iOS, with emphasis on the consequences in terms of vulnerability to threats.

For him, with the opening of the system to alternative stores and apps downloaded from websites in the EU, the costs and efforts required to carry out an attack on iOS could decrease. With the changes, new potential ways of conducting attacks may emerge, including through stores and alternative payment methods.

Given this, according to Davis, it is possible that attacks never seen before will be carried out. Currently, however, the costs of developing and exploiting a vulnerability in iOS are still high. Therefore, the company’s Security Laboratory is seeking to make them even higher, so that it does not pay to crackers attack the system.

He highlighted that this is a concern at the moment, but that it is not known exactly what will happen in the future. For this reason, a screen is shown with information about apps downloaded from an alternative source, and they must also be analyzed by Apple, in order to maintain user confidence.

Davis avoided talking about the impact of the DMA on the market, from an economic point of view, stating that he is “a privacy man”. He, however, highlighted points already detailed by Apple, such as efforts to adapt the system to meet the requirements of legislation while keeping iOS safe.

He also highlighted the new authentication processes, sending binaries to Apple and control over alternative stores implemented, in addition to the execution of app codes to discover possible irregularities.

Finally, he said that the objective of these measures translates into apps respecting the privacy of user data and ensuring that people make the right choices with confidence.

via 9to5Mac