Epic Games Points To Mac's Openness and Security in Its Latest Filing in App Store Antitrust Case (techcrunch.com) 71
In a new court filing, Epic Games challenges Apple's position that third-party app stores would compromise the iPhone's security. And it points to Apple's macOS as an example of how the process of "sideloading" apps -- installing apps outside of Apple's own App Store, that is -- doesn't have to be the threat Apple describes it to be. From a report: Apple's Mac, explains Epic, doesn't have the same constraints as found in the iPhone operating system, iOS, and yet Apple touts the operating system used in Mac computers, macOS, as secure. The Cary, N.C.-based Fortnite maker made these points in its latest brief, among several others, related to its ongoing legal battle with Apple over its control of the App Store. Epic Games wants to earn the right to deliver Fortnite to iPhone users outside the App Store, or at the very least, be able to use its own payment processing system so it can stop paying Apple commissions for the ability to deliver its software to iPhone users.
Redifining "secure" (Score:2)
Is someone saying since linux is secure, iOS is secure?
Re: (Score:2)
Since nothing is 100% secure, the definition of "secure" only makes sense when comparing one thing to another and ensuring similar context is used for the comparisons,
Re: (Score:2)
I find the point brought up by Epic interesting although. I never cared much about this whole debacle but Epic's point seems clever at first glance.
Re: (Score:1)
I'm wondering why it took them this long to point it out. This policy inconsistency between macOS and iOS has been incredibly obvious since the iOS app store first launched, with very specious reasoning behind it - I remember Jobs saying some bullshit about protecting the cellular network at the time.
Re: Redifining "secure" (Score:2)
I remember *exactly* that comment and thinking to myself back then, sure.
Re:Redifining "secure" (Score:5, Informative)
I'm wondering why it took them this long to point it out. This policy inconsistency between macOS and iOS has been incredibly obvious since the iOS app store first launched, with very specious reasoning behind it - I remember Jobs saying some bullshit about protecting the cellular network at the time.
As I understand it, that actually was true. Initially, none of the cell phone companies wanted to work with Apple, because they were an unknown entity in the cell phone space. AT&T eventually agreed to do so, but was concerned about the integrity of its network. You see, prior to the iPhone, cellular phone apps were sold by cellular service providers, not by device manufacturers, and they were individually vetted by the cellular service providers, as were cell phone firmware updates, etc. Apple turned that model on their heads, with firmware updates over the air, fully functional web browsing, and the potential for eventually allowing third-party software not vetted by Apple.
A big part of their concerns involved folks doing tethering without paying the extortionate data prices that the phone companies wanted them to pay for that privilege. Cellular data from phones was metered at a much cheaper rate than data from computers at the time, largely because capacity was very limited, and computers tended to consume more data than they could easily handle, and they needed to use that extra revenue to build out capacity (and also probably because they assumed that anybody who was rich enough to buy a cellular modem could afford the extra data cost). So by making tethering unaffordable, they discouraged people from using it at all, thus ensuring the network could cope. But third-party software could easily get around those limitations (and did, which is likely what forced U.S. phone companies to eventually support proper tethering through these devices).
Of course, all of that changed when LTE became widespread, because that massively increased the available capacity, making it possible for people to run apps like Netflix on their phones that consumed more data than was even remotely feasible when the iPhone first came out. And at that point, charging 10x as much for tethered data as for cell phone data ceased to be a thing, and nobody really cared about protecting the phone network anymore. But by then, the damage was done.
Re: (Score:2)
I remember Jobs saying some bullshit about protecting the cellular network at the time.
As I understand it, that actually was true. Initially, none of the cell phone companies wanted to work with Apple
A majority of Europe and Eastern Asia had phones sold by phone manufacturers instead of cellular service providers. If by "actually was true" you want to allude to a technical vulnerability that only exists in the US, then sure. But in the details you have only mentioned what the companies "wanted" to do, not described any technical vulnerabilities.
Re: (Score:2)
I remember Jobs saying some bullshit about protecting the cellular network at the time.
As I understand it, that actually was true. Initially, none of the cell phone companies wanted to work with Apple
A majority of Europe and Eastern Asia had phones sold by phone manufacturers instead of cellular service providers. If by "actually was true" you want to allude to a technical vulnerability that only exists in the US, then sure. But in the details you have only mentioned what the companies "wanted" to do, not described any technical vulnerabilities.
I mean in the U.S., not Europe or Asia. Apple is not a European company or an Asian company, and there's no way they would have started a major new product line in Europe with no U.S. carriers on board.
Re: (Score:2)
And just to clarify, the main concern, I think, was abusers flooding the network with so much data traffic that it would be unable to cope. For example, running VoIP apps over EDGE is technically possible, but it would have brought the backhaul network to its knees.
Another concern was that someone would write software that somehow hacked the baseband processor and changed the way the cellular radio worked.
Neither of those concerns would have been specific to the U.S.
Also, it was not about whether the phone
Re: Redifining "secure" (Score:2)
Neither of those concerns would have been specific to the U.S.
Also, it was not about whether the phones were sold from the manufacturer or not, but rather whether the apps that could be added to the phone were individually vetted by the carrier.
Yes, the "concerns" were not specific to the US, which is what I was saying. Yet others were coping fine.
Yes, "carriers" didn't vet the "applications". S60 had a whole python runtime ported to it, with many frameworks. No "carrier" went bankrupt by getting VoIP floods, no baseband got "hacked" any more than it does in the US.
Re: (Score:2)
Because even IF macOS is more open than iOS, and maybe it's less secure and IF Apple is inconsistent in their claims of security, it still has no relevance for the security concerns on iOS, which is separate product/service. So it's a shitty fallacious argument to make.
However in many legal systems around the world whataboutery can hold some water at times if the plaintiff and or defendant are inconsistent in their application of what they present as some kin
Re: (Score:2)
For sideloading I can somewhat understand security concerns as a reason. But for not allowing 3rd party payment systems or something like justifying a 30% cut is utter bullshit. And I'm surprised that so many around here seem to be happily drinking the Kool-Aid.
The most minor of security concerns really. As for the kool-aid, the only thing that comes to mind is that Americans will die for their freedom to be fucked over by mega-corps.
Re: (Score:2)
People act as if the option to sideload something would mean that they're forced to sideload something insecure and or that their device, even though not sideloading anything, could be infected by someone else's device, compromising their ability to "call 911" for example.
If there was some truth to that kind of reasoning, we ought to have some examples when looking at Android.
Though as far as I'm aware, this isn't a
Re: (Score:2)
iOS isn't Linux based, it is BSD based. (Android is Linux based)
However, that is the general argument yes.
However the Kernel is only part of an operating system, while the Kernel if written for security can offer some features that can make the operating system more secure (randomizing memory allocation mapping, isolating executable instructions from general data, putting the system in a safe failure state, etc.) It can't protect the operating system from other decisions that may effect security (say the O
Re: Redifining "secure" (Score:2)
Security through Obscurity (Score:5, Insightful)
Re: (Score:3)
Re: (Score:1)
Windows Phone failed because the "Windows CE improved for Phones" simply sucked.
Crashes
Windows based tool chain
Windows based programming languages
Idiotic UI
Re: (Score:1)
My Mac(s) computers are NOT my only phone connection to the world, in case of an emergency.
Someone can hack my computer and honestly my life doesn't change that much, but I lose use of my phone, I can't call people or emergency services, etc.
(I cut the land line long ago)
The phone can potentially be life or death things whereas the computer rarely rises to that level in household importance.
Re: Security through Obscurity (Score:2)
What did people do before cellphones when they left the safety of their landlines everytime they left the house?
Re: (Score:2)
But thanks to Apple's iMobileEmitter, holographic people can now exist everywhere.
Maybe an interesting case study would be to find out how many people have died because of their Android phones not working in emergencies. After all those are deemed less secure and they also have a larger market share, which should at least in theory provide a better sample size.
Re: (Score:1)
Re: (Score:2)
Well, back then, there were tons of pay phones all over the place you could use if you needed to make a call, or an emergency....we don't really see those everywhere on the street anymore.
And I was talking primarily at home...if my iPhone is out, I have no home phone.
Re: (Score:2)
LOL! I have a brother in law doing alarm systems who told me at a Christmas party that Mac was unhackable and that just by using it he was 100% secure. I didn't reply anything.
Re: (Score:2)
I don't think Apple is necessarily obscure. They are a much harder to hit target.
Re: (Score:2)
Not true at all.
There are things like the sandbox concept, which is quite good and has been standard for a long time. Also the simple fact that the OS has been telling you for a decade or more that this program you are about to launch was downloaded from the Internet and are you sure? - that alone prevents malware silently launching in the background.
There's a nice bit of security in macOS. Is it perfect? Nope. Is it better than Windows? In many parts, yes.
Re: (Score:2)
> The only thing making macOS more secure than a different OS is the fact that most major targets are using the different OS.
iOS is a very common OS - what, 30% of all phones are iOS, or something? What's more, typically iPhone owners spend more on apps, possibly have more disposable income, maybe are more wealthy, etc than Android owners. If you're a hacker, iOS is most definitely a target you want to attack.
Yet somehow, there are very few reports of malware on iphones - how can this be? Could it be bec
Re: (Score:2)
Epic Fail (Score:1)
Getting a little petty now, isn't it
Good strategy (Score:4, Insightful)
The question is not whether or not MacOS is secure. The issue is that Apple touts it as secure, which undermines their whole "We can't open up the app store for security reasons!" claim.
Re: (Score:3)
Didn't a spokesperson for Apple state that the Mac is the least secure of their platforms?
Yes. I was about to point that out.
Craig Federighi, SVP of Software Engineering, stated this in his (presumably sworn) testimony in Open Court during Epic's original, largely-unsuccessful, trial.
https://apple.slashdot.org/sto... [slashdot.org]
https://www.apple.com/leadersh... [apple.com]
Now the Haters want to lie about that, too.
Re: (Score:2)
Meh, that's just Apple trying to preempt the Epic strategy. They'll say it when it helps their case and they won't say it when it hurts their marketing.
Re: (Score:1)
Re: (Score:2)
That would be Epic's point of view, for certain.
But it's also a matter of degrees. Historically, Windows was so full of security holes, that very nearly anything looked better by comparison. Apple very much enjoyed showcasing that fact in their ads, for a time. Microsoft is of course doing a little bit better today... but they're still the broad side of a barn as malware targets go, so they still get the lion share of active malware exploits as an obvious result. Mind you, whether we credit Apple's macOS se
Re:Good strategy (Score:4, Insightful)
The question is not whether or not MacOS is secure. The issue is that Apple touts it as secure, which undermines their whole "We can't open up the app store for security reasons!" claim.
It's indisputable that iOS and Android are more secure than any widely used multiuser desktop OS. Multiuser risks aside, they use entirely different security models and the App Store policy is a part of that.
A linux desktop doesn't employ user process isolation, so a weather widget can access my emails. Is it insecure? It is less secure. Does a smartphone OS NEED process isolation? No, but they have it, and that's a widely accepted Good Thing.
Does a smartphone OS need this, or a desktop OS need that? Good questions, but if you directly compare them don't cherry pick one feature among all the other differences.
Definition of risk (Score:2)
Risk is a combination of the likelihood and consequence of an event.
With close to a billion active iPhones in the world there is literally an order of magnitude higher likelihood of the same given event as on a Mac.
With most people using their Macs for computer stuff, and iPhones used for mobile banking, not to mention directly linked to (almost by force) Apple's financials systems directly the consequence of malware compromising a typical mobile device is also worse.
I'm no fan of Apple but fuck this line o
Re: (Score:2)
There are tons of attackers attacking Linux. But they tend to attack servers or IoT devices and most of the bugs are not in the Linux kernel, but in applications or poor design of the system (like default passwords, for example.)
Re: (Score:2)
I'm no fan of Apple but fuck this line of reasoning. You can't compare security of two different platforms which are used differently and have a different scale.
This.
Smartphones and Personal Computers are, for the vast majority of Users of both, used in largely different ways. They just are. Users tend to keep far more, and generally more sensitive, information and transactions, on their phones than on their PCs. In a lot of subtle ways, our Smartphones have become our "Digital Wallets"; and for a very good reason:
Portability. Our Smartphones are in our Pockets; our Personal Computers are not.
Add to that the fact that the average User of both is far, far more likel
Re: (Score:1)
Risk is a combination of the likelihood and consequence of an event.
Not really. That is only (half true) for an insurance company. As the only thing they risk in the end is money.
Risk is simply what you risk.
You risk your life. You are dead in the right likelihood.
If you risk some money. You lose the money in the right likelihood.
Has nothing to do with "chances". You risk what you risk.
Re: (Score:2)
"Risk is a combination of the likelihood and consequence of an event."
Exactly. If the computer turns into a Crater of Smoking Ruin, it does not affect my ability to call 911.
Re: Definition of risk (Score:2)
Yeah, and computers didn't by default cone with the ability to run up large bills in an instant. Payments by SMS and premium rate phone numbers. Indeed Android has seen malware targeting both methods.
If sideloading were a huge problem (Score:1)
They'd disable it for macbooks also.
Re: (Score:2)
They'd disable it for macbooks also.
Sorry, wrong.
The same Craig Federighi who testified in Open Court that the Mac has an "unacceptable" level of Malware, also utterly rejects the idea that Apple will make macOS into a "Walled Garden"; because he acknowledges (quite reasonably), that the vast majority of people use their Personal Computers in fundamentally different ways than their Smartphones, and those differences make it both impractical as well as undesirable to restrict the ability to Install Software from "non-curated" Sources on macOS.
Re: (Score:2)
he acknowledges (quite reasonably), that the vast majority of people use their Personal Computers in fundamentally different ways than their Smartphones
There's no reason to think this would be true (in the relevant way) if mobile OSs had been made more open like desktop ones from the beginning.
Re: (Score:2)
There's no reason to think this would be true (in the relevant way) if mobile OSs had been made more open like desktop ones from the beginning.
We are talking about two different classes of devices with completely different user interfaces. Of course they will be used differently. It is the UI, physical form factor, and provided hardware services that determines how a device will be used - not how open it is.
Nobody is carrying a PC to make an NFC purchase. Nor do they pull out a laptop when they are lost and require GPS services. It is a given they will be used differently.
Re: (Score:2)
But what's relevant here is the differences that Apple would have us believe create the need to lock down a mobile OS.
No one has ever made any kind of case for why a cell phone shouldn't be fully accessible to its owner.
Most people use their phones as if they had no filesystem and each app were a self-contained thing, with each file belonging to only one app.
Most people transfer the files on their phones only to and from the cloud, not to and from their computers.
Most people get software on their phones fro
Re: (Score:2)
the vast majority of people use their Personal Computers in fundamentally different ways than their Smartphones
This is the statement with witch you disagree. Sorry but the statement is correct. It is correct with closed systems and would also be correct with open systems. The "openness" of a system has nothing to do with how it is adopted by the general public with the exception of some fringe cases.
The argument that a closed system is more secure then an open system (the underlying argument) is something else entirely. I lack sufficient expertise to be able to answer this question. But let us not pretend th
Re: (Score:2)
the vast majority of people use their Personal Computers in fundamentally different ways than their Smartphones
This is the statement with witch you disagree. Sorry but the statement is correct. It is correct with closed systems and would also be correct with open systems. The "openness" of a system has nothing to do with how it is adopted by the general public with the exception of some fringe cases.
The argument that a closed system is more secure then an open system (the underlying argument) is something else entirely. I lack sufficient expertise to be able to answer this question. But let us not pretend that a smartphone is used in the same way as a traditional PC. They might both have CPUs and screens - but they are fundamentally different devices.
Unfortunately, you'll never win with those idiots. They sincerely believe that every single line of code should, by law, be Open Source, and that, and only that, will cure the world's problems.
Re: (Score:2)
he acknowledges (quite reasonably), that the vast majority of people use their Personal Computers in fundamentally different ways than their Smartphones
There's no reason to think this would be true (in the relevant way) if mobile OSs had been made more open like desktop ones from the beginning.
Wrong.
Re: (Score:2)
Compared to windows macs do not have an unacceptable level of malware
Re: (Score:2)
Compared to windows macs do not have an unacceptable level of malware
As an Apple User since 1976, who has also had to suffer Windows at several jobs, I tend to agree.
However, I think Craig was basically comparing the level of macOS Malware to that historically-low level, and to iOS' next-to-non-existent Malware.
No Fortnite on MacOS. (Score:2)
the fix for apple is simple (Score:1)
demand in return to be setup as a payment processor on the epic games platform; where people can buy game and pay apple (say 10% less since why not) for the game but epic still has to deliver it and support the platform out of their own pocket.
Tit for tat. They should be forced to add Google Pay and Steam as options to pay with, too.
MacOS Secure? (Score:1)
When Apple brutally locked Macs to the app store by default, it helped a lot.
I believe Apple's high app store cost is justified as a user. I expect Apple to closely monitor all free and paid apps and to be held accountable for the actions of bad actors who get past their controls
Re: (Score:2)
How are Mac apps brutally locked to the App Store? You can download a .dmg or .pkg file and install what you feel like, or from a command line, run "brew install" and it will fetch and install what you want. In fact, you can have a shell script that fetches Homebrew, installs it, then goes out and grabs all the packages you want, be it Google Chrome, or whatnot. iPadOS or iOS are different, but Macs are pretty open. If needed, you can just turn off SIP and install whatever you want.
Re: (Score:2)
Epic giving away free games (Score:1)
Re: (Score:2)
But.. (Score:2)
Re: (Score:2)
No they don't. Apple doesn't publish roadmaps.
Re: But.. (Score:2)