Apple’s Craig Federighi Says EU Proposal Undermines iPhone Security

Speaking at this year’s Web Summit in Lisbon earlier today, Apple’s Senior Vice President of Software Engineering Craig Federighi knocked on the European Union’s proposed Digital Markets Act (DMA), which the exec said would undermine security on the iPhone and result in a malware “gold rush.”

The news comes from tech columnist Jason Aten (@JasonAten), who live-tweeted Federighi’s speech.

The Digital Markets Act is currently being reviewed by EU lawmakers. If the DMA becomes law, companies like Apple will be compelled to allow third-party app stores on their devices.

Apple has historically and vehemently opposed the idea of ‘sideloading’ apps on its devices, i.e. installing apps from sources other than Apple’s App Store.

“When you talk about privacy, there are two types of attacks. Targeted attacks from state-sponsored hackers and malware,” says Federighi.

The VP added that Apple has implemented “a layered set of protections” against adware, malware, and social engineering attacks, and said the App Store and its human App Review processes are an integral part of that. It’s an open secret within the developer community that Apple’s App Review process is far from perfect, though.

Allowing users to bypass the App Store will mean that they can install apps that haven’t gone through Apple’s quality and security scans, which the iPhone maker believes will end in disaster.

“European policymakers have often been ahead of the curve, but requiring sideloading on iPhone would be a step backward,” he said. “Instead of creating choice, it would open a Pandora’s Box of unreviewed, malware-ridden software and deny everyone the option of iPhone’s secure approach.”

Most of what the software engineering VP said was taken directly from Apple’s recent whitepaper on app sideloading. Federighi went on to compare malware attacks on iOS to the “5 million attacks per month” on Android.

Earlier in the year, Apple CEO Tim Cook spoke out against the Digital Markets Act, saying it “would destroy the security of the iPhone.”

In response, the EU warned Apple against using privacy and security to “shield against competition.”

Apple currently finds itself under the microscope of regulators the world over for anti-competitive behaviour. In September, a U.S. federal judge ruled Apple must let app developers direct users to payment methods outside of its App Store.

This is not the only issue Apple and the EU are butting heads over either — back in September, the European Union released a proposal that would force all mobile devices, including Apple’s iPhones, to adopt USB-C for charging.