With iOS, one thing has always been clear: apps can only be found in the Apple App Store – and they are pretty secure. But this will change from iOS 17.4 (publicly available from March 2024). Because the Digital Markets Act (DMA) forces Apple among other things to allow 3rd party app stores. This is intended to break the monopoly position of the Apple App Store.
This has significant consequences in terms of security, which are highly relevant for both private individuals and companies. Even though Apple is accompanying the changes with a number of security precautions, companies should prevent alternative app stores as a first step until further information is available.
In our blog article, we explain what is changing for app stores, what this means for companies and what precautions we recommend admins take.
What does the Digital Markets Act require and what does it change?
The Digital Markets Act requires Apple to allow alternative app stores in future. In the EU, Apple will therefore allow 3rd party app stores from iOS 17.4 onwards, thereby giving up a major advantage that iOS previously had over Android: until now, apps on iPhones could only be downloaded from the Apple App Store. In order to make it in there, apps had to meet high requirements and were thoroughly checked. The risk of malware or other harmful content reaching a device via a downloaded app was therefore significantly lower.
This was just as much of an advantage for private individuals as it was for companies: Users could be confident that the apps did not pose a major risk, and for companies, the risk of malware sneaking in via an app was considerably lower. This meant that one of the many gateways for cyberattacks was largely closed – and is now being opened.
What is Apple doing to minimize the risk?
To minimize the risk for end users and companies, Apple is introducing a number of security features:
Notarization for iOS apps
All apps – regardless of which marketplace they are offered through – must undergo a basic review before publication. According to Apple, both an automated check and a manual review will take place.
Data sheets
Information from the notarization process as well as information on functions, developers, etc. are summarized in a document and can be viewed by users before downloading.
Authorization of marketplaces
App store providers must commit to complying with Apple’s requirements.
Additional malware protection
According to Apple, additional malware protection is intended to prevent apps from being launched if they contain malware.
Why is there still a risk for companies - and an urgent need for action?
By taking these measures, Apple reduces the likelihood of malware or malicious code getting onto a device. However, the precautions cannot completely eliminate the risk. There is still a risk of malicious apps entering a marketplace and being downloaded. This is because it can be assumed that the checks Apple carries out on apps for alternative app stores will not be equivalent to the checks carried out for the Apple App Store. Users and companies can therefore not rely that apps from alternative app stores are secure.
What can companies do?
Even if it can be assumed that there will not be too many alternative app stores and apps at first, we strongly recommend that companies prevent alternative app stores for the time being. Apple is providing a restriction for this with iOS 17.4, which you should distribute to the iPhones in your company.
It is to be expected that UEM manufacturers will integrate this restriction into their solutions in the near future so that it can be easily installed on the devices. However, you should definitely distribute the restriction to the devices in your company in advance so that you do not leave a gateway for cyberattacks. This is possible via the Apple Configurator on the Mac. The profile can be exported there and then made available via the UEM platform.
In this way, you can ensure that no insecure apps get onto the iPhones in your company in the future.
Please contact us if you would like advice on the new app store situation and support in preventing alternative app stores.
