Apple's macOS is sub-par for security, Apple exec Craig Federighi tells Epic trial

Trashing your desktop OS to save the iOS walled garden – it's a bold strategy. Let's see if it pays off for 'em


Apple's software supremo Craig Federighi on Wednesday condemned the security of macOS in an astonishing attempt to defend the walled garden that is the iOS App Store.

It's the latest twist in the ongoing Epic v Apple bench trial in which Cupertino is accused of illegally monopolizing app distribution and payments for iPhones and iPads. Federighi took the stand to argue that because Apple does not control the availability of software on macOS to the extent that it controls what applications are available from its iOS Store, Macs suffer as a consequence. He said the level of malware on Macs is unacceptable, and criticized the security protections in the desktop operating system.

The point, apparently, being that Apple needs to maintain and gatekeep its one and only iOS app store so that iPhone owners don't suffer like Mac users. And yes, that one and only app store needs to set standards and rules. One such rule is that Apple takes a cut of app purchases and in-app purchases, which is what Epic is suing over: it wants to handle payments without Apple's involvement, and if that involves distributing its iOS apps itself, so be it. iOS, unless jailbroken, generally speaking only accepts applications from Apple's official store, though.

Allowing iPhone and iPad owners to use third-party stores outside of Apple's control would be a "pretty devastating setback for iOS security," Federighi said.

"There are multiple stores on the Mac," Judge Rogers told the exec according to reports. "So, if that can happen on the Mac, why should we not allow the same stores to exist on the phone?"

"It’s certainly how we’ve done it on the Mac," replied Federighi, "and it’s regularly exploited on the Mac. iOS has established a dramatically higher bar for customer protection. The Mac is not meeting that bar today.

We have a level of malware on the Mac that we don’t find acceptable and is much worse than iOS

"And that’s despite the fact that Mac users inherently download less software and are subject to a way less economically motivated attacker base. If you took Mac security techniques and applied them to the iOS ecosystem, with all those devices, all that value, it would get run over to a degree dramatically worse than is already happening on the Mac.

"And as I say, today, we have a level of malware on the Mac that we don’t find acceptable and is much worse than iOS. Put that same situation in place for iOS and it would be a very bad situation for our customers."

Federighi's statement may seem shocking, particularly to those who bought Apple's Mac laptops and desktops on security grounds. The Mac's operating system isn't totally insecure, and is a cousin of iOS. iOS isn't bug or malware free, either. However, the argument appears to be that macOS is more open, it isn't as locked down as iOS, and thus it's more vulnerable to malicious software that can take over the computer.

And therefore, we're told, the way more popular iOS needs to be locked down, with a closed ecosystem, and only accept vetted applications, to avoid the fate of macOS, which can ultimately run whatever code the user wants. Which Apple is trying to paint as a bad thing. For security reasons, not for Epic reasons.

As Federighi said in court, iOS accounts for around 90 per cent of Apple's user base, and so it's the primary focus for Cupertino, and why it insists on a walled garden to protect all those customers. If malware attacks Macs, some people will have a bad day. If malware attacks iOS devices, it's going to ruin the week of a whole lot more people, he argued.

"The Mac is a very successful product, and I love it very much, but there are well less than a tenth as many Macs out there in active use than iOS devices," Federighi said. He also compared the Mac to a car you can drive around anywhere knowing that it's a car and therefore dangerous if you don't know what you're doing, whereas iOS is something you'd let a child use.

“I think of it as the Mac is the car: you can take it off road if you want, you can drive wherever you want," Federighi said. "As that comes as a driver, you’ve got to be trained, there’s a certain level of responsibility to doing that. But that’s what you wanted to buy, you wanted to buy a car.

“With iOS, you’re able to create something where children, even infants, can operate an iOS device and be safe in doing so. Really different products.”

Of course, Apple will still claim all of its platforms are strong in terms of security – though when there's money at stake, if macOS has to suffer to save iOS, then so be it.

Apple's CEO Tim Cook will take the stand on Friday. ®

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2021