Application security, Government Regulations, Endpoint/Device Security

Apple lawsuit: US officials say iPhone ‘monopoly’ undermines security

Share
US Attorney General Merrick Garland

Apple is facing a lawsuit brought by the U.S. Department of Justice (DOJ) Antitrust Division alleging the tech giant engaged in anticompetitive conduct in violation of Section 2 of the Sherman Act.  

The lawsuit, which is joined by 16 other state and district attorneys general, was filed Thursday in the United States District Court for the District of New Jersey. It claims Apple illegally maintained a smartphone monopoly through its restrictive iPhone “ecosystem” at the expense of developer innovation and consumer choice.

Leveraging findings from a DOJ investigation and including quotes from internal Apple documents, the lawsuit outlines how Apple allegedly shut out competitors by placing restrictions on developers that prevent cross-functionality and interoperability with platforms other than the iPhone and iOS.

These restrictions, the plaintiffs argue, undermine user security and privacy by suppressing the use of more private and secure third-party options. The suit also contends that Apple willfully chooses not to provide encryption for text messages sent from iPhones to Android phones as part of its efforts to discourage Android adoption.

“Smartphone users are losing out on new, innovative and more secure features that could reduce the need for expensive hardware, unlock major technological advances and allow for more secure communications,” U.S. Assistant Attorney General Jonathan Kanter said at a DOJ press conference following the suit’s filing.

Apple has long contended that its requirements for third parties, including developers of apps and browsers for iOS, are necessary to maintain its “best in class” security and privacy rather than hinder it.

Earlier this month, Apple published a whitepaper about its plans to comply with the European Union’s Digital Markets Act (DMA), warning that the competition law’s requirement for Apple to enable app sideloading would decrease users’ protection and incentivize cybercriminals.

“At Apple, we innovate every day to make technology people love — designing products that work seamlessly together, protect people’s privacy and security, and create a magical experience for our users,” Apple said in a statement responding to Thursday’s DOJ lawsuit. “This lawsuit threatens who we are and the principles that set Apple products apart in fiercely competitive markets.”

Apple additionally stated that the suit “is wrong on the facts and the law” and that the company “will vigorously defend against it.”

In addition to claiming that Apple purposely prevents iPhone users from securely text messaging Android users, the plaintiffs also state Apple undermines privacy by forcing developers of third-party apps and services to work within Apple’s own digital wallet and App Store.

They argue this allows Apple to collect financial and personal data about the user in order for them to use these apps or services, and restricts the ability of the general public seek out more private and curated alternative app stores.

The lawsuit contends that Apple uses security and privacy as a “cloak” to defend itself against accusations of anti-competitive conduct while putting these values to the wayside to in order to “maintain its monopoly power.”

“An important element of the DOJ action is the balance between Apple’s role in setting security standards and the rights of developers to choose independent, potentially more flexible and cost-effective security and payments solutions,” Ted Miracco, CEO of mobile security company Approov, said in a statement provided to SC Media.

With the U.S., EU and UK all pursuing antitrust actions against Apple, regulators around the world are sending a message that it’s “unrealistic” for Apple to “think that they alone can provide security for the mobile ecosystem,” Miracco said. He warned that these high expectations can lull Apple users into a “false sense of security.”

“The high number of zero-days patched by Apple over the last year is substantial, and indicates that Apple users are attractive targets for advanced threat actors,” Miracco said. “It is important for all mobile users to recognize that Apple devices have been targeted by malware and other cyberattacks in the past, and they will continue to be targeted and exploited in the future, as none of these devices or applications is truly hack proof today.”

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.