Device Security (Pt. 3) Just One More Thing…

This article was previously published on CyberAwake but as it discusses some fundamental ideas about mobile device security and app stores, I thought it should be published here as well.


Following on from my two latest articles looking about device security (linked below), I am coming back to the subject, as last week there were some interesting changes in device security in the EU.

When discussing device security with clients or writing cyber security documents for them, we look at the devices their team are using. These are often used under a Bring Your Own Device (BYOD) policy, so the devices in question are not under the direct control of the organisation. This means that the control exercised over the BYOD is less than if the organisation owned the device. So the policy is written and the training delivered as advice and best practice rather than rules to be followed.

Up to now I have always been happier with Apple iPhones and iPad devices rather than Android phones and tablets for two reasons. Apple supports its devices for longer than most other manufacturers and the hardware and software are closely linked, making cyber security patching more effective. (You need to check the support for your individual devices.) Android OS is open to any manufacturer to adapt and fit to their hardware and software – cyber security patching is then up to that manufacturer, if they are interested!

A quick aside about Android Device Security

In the world of Android devices, both Google and Samsung offer reasonable cyber security support for their devices. Again, you need to check carefully how long that support lasts for.

Back to the list…

The second reason I like Apple iOS devices is that Apple curates its App store strictly, making it more cyber security safe – most of the time (Toulas, 2022). The Google Play Store and other Android App stores can be a bit more of a “Wild West”. A quick review of any tech-news site will provide multiple instances of malware obtained from these stores (Toulas, 2022).

The Apple “Walled Garden” is Breached

However, last week in the EU, this all changed with Apple being compelled by legislation to open its devices to third party app stores and so by Apple’s definition reducing the cyber security of their users (Liedtke, 2024). This has been done in the name of giving users more choice. But be assured if there is a way for threat actors to exploit this slacking of Apple’s device security, the cyber-criminals will exploit it. Apple will not relinquish all control – it has introduced a process they call “Notarization”, where they will monitor iOS app distribution across these new app stores – scanning for malware and other cyber security threats to users.

There are more complicated economic arguments in play here and Apple does enforce an interesting set of rules and charges developers and ultimately customers a substantial fee for this more secure app store, but I am only looking at the cyber security implications of the law. The article by Michael Liedtke covers some of the arguments on all sides on why this law is good and bad – it is complicated and also involves Big Tech arguing with Big Tech and lobbying with law makers about their cases.

But don’t worry the members of the European Parliament have given the citizens of Europe more choice.

device security now you have choices

The iOS update this weekend for my iPhone
but I did not get the app marketplace changes.

Of course, these changes could be heading over here as well…

Maybe it is time to review my device security policies and send updates out to the cyber security clients?

Clive Catton MSc (Cyber Security) – by-line and other articles

References

Liedtke, M. (2024, March 7). Apple is making Big App Store changes in Europe over new rules. could it mean more iphone hacking?. The Independent. https://www.independent.co.uk/news/world/europe/apple-ap-app-store-europe-epic-games-b2508569.html

Toulas, B. (2022, September 26). Adware on google play and Apple Store installed 13 million times. BleepingComputer. https://www.bleepingcomputer.com/news/security/adware-on-google-play-and-apple-store-installed-13-million-times/

Further Reading

Are you using Bring Your Own Device – BYOD – to save money?

NCSC warns of risks with App stores | Smart Thinking Solutions

About alternative app marketplaces in the European Union – Apple Support (UK)

The other two parts of Device Security:

Device Security (Pt. 1) – CyberAwake

Device Security (Pt. 2) | Smart Thinking Solutions

Photo by John Finkelstein

mobile device security can depend on just where your team download their apps from