Apple's Overconfidence in Built-In Security:


            A False Sense of App Security?



            Mobile  App  Security  is  Complex.  For  Full  App  and  API  Protection,  Developers  Must  Apply
            Supplementary Security Measures Such as App Attestation.


            By Ted Miracco, CEO, Approov Mobile Security


            In  a  recent  workshop  organized  by  the  European  Union  to  address  concerns  regarding  Apple’s
            implementation of the Digital Markets Act (DMA) legislation, Kyle Andeer of Apple made a statement that
            I believe encapsulates one of the most harmful messaging themes that comes out of Apple regarding the
            iPhone. He boldly claimed, "We've not had to offer 3rd party or 1st party security services or applications
            on iPhone because it's built in." This is so damaging because while this assertion is to reassure iPhone
            users, it clearly blurs the line between the device user and app developer, and completely masks the
            complex reality of app security.

            Andeer's statement overlooks a crucial aspect of app security: the vulnerability of backend data. While
            iPhones boast robust built-in security features, such as sandboxing and user security controls, these
            features are primarily to protect the device user. They provide little protection to apps which can be
            extracted and cracked from jailbroken devices, and do not provide any protection for attacks targeting






                                                                                                            143