![](\"https:\/\/images.idgesg.net\/images\/idge\/imported\/imageapi\/2022\/09\/20\/11\/iphone-app-store-red-100932515-small.jpg\"\/)
<\/p>\n
Ask anyone who knows, and they\u2019ll tell you that when it comes to security, the weakest point is always people. Yet, as pressure grows for Apple to allow app purchases from outside the App Store<\/a>, the fact the company fired App Store staff for \u201cbusiness misconduct\u201d is cause for alarm.<\/p>\n As first reported by The Information<\/a><\/em>, the Apple story is pretty simple.<\/p>\n As a result of those \u201cinteractions,” it sounds likely some apps were given prominence on the App Store home pages, which helped boost sales.<\/p>\n The report doesn\u2019t delve deeply into what actions these employees actually did, but I don\u2019t think that matters much.<\/p>\n What matters is that App Store employees were compromised to provide business benefit to certain apps.<\/p>\n Now consider this. Apple runs a well-policed App Store<\/a>. The fact these problems were identified and action taken proves this, and while we don\u2019t know how long these events were taking place, the fact that the company was able to slam the brakes on things is a good thing.<\/p>\n The matter exposes one of the biggest threats to App Store security: people.<\/p>\n People can be corrupted or misled, so at what point will staff within these teams become targets for criminals, hackers, or worse? After all, if you can get your app promoted at the App Store with a few meals and a little entertainment, what will it cost to bribe members of the team to get an app carrying a malware payload into the store?<\/p>\n What will the affect be on those maverick nations that are effectively legislating to make digital platforms less secure<\/a>?<\/p>\n Apple has lots of protections against that, of course. And as of now, I can\u2019t recall a single App Store incident of this kind. As far as I know, malicious developers haven\u2019t been able to bribe bad apps into the Apple stores. Some have managed to trick their way in, and some have managed to break into the OS via different routes.<\/p>\n But…<\/p>\n While Apple\u2019s protection isn\u2019t perfect, what about the other stores? We know App Stores are going to proliferate soon. The EU will force Apple to support third-party stores<\/a>, and once it does, the company will be forced to do so on a global basis over time.<\/p>\n But not all those competing stores will be as well resourced, managed, or policed as Apple\u2019s own digital retail outlet \u2014 and there will be a lot of them, at first. Obviously, the cost of running these stores and the challenges of attracting customers to them mean that in a relatively short time, just a handful will remain in business; the so-called benefits of \u201cfree market competition\u201d will only mean a slightly larger number of people share the cash<\/a>.<\/p>\n That\u2019s how these things work.<\/p>\n Most of the time when people arguing over money talk about \u201cfreedom,\u201d the only liberty they really crave is freedom to grab as much of it as possible<\/a>. Your insecurity is far less important than their profit.<\/p>\n With a lot of stores in open competition for apps and customers, money will be tight and most smaller operators won\u2019t be able to deliver the same degree of protection<\/a> larger retailers provide.<\/p>\n Staff turnover will likely be frequent, salaries low, and business stakes high. This is a perfect environment in which nation state or organized criminal gangs<\/a>\u00a0will approach staff to find out what they can get for a few meals and a little \u201centertainment.” It\u2019s really a no-brainer that at least one store will be compromised and at least one app containing malware and\/or surveillance code given a high profile on one of these independent stores.\u00a0<\/p>\n While the relative reach of smaller stores may be much less than Apple\u2019s, you can bet your last dollar that the first company customers tricked into installing such malware will go to for help will be the one headquartered in Cupertino.<\/p>\n It\u2019s a nightmare waiting to happen, and this latest Apple App Store story shows how likely this dark dream will be realized.<\/p>\n (This already happens on some Android stores, of course).<\/p>\n Given the sheer quantity of data on digital devices, and the vast difference in tech knowledge across the globe\u2019s billions of users, the impact of such theft will be a quantum scale worse than a hacked PC.<\/p>\n As the App Store economy gets \u2018liberalized,” IT would do well to mandate which stores should be used by managed devices. And it seems plausible that enterprise tech will need to closely examine each store\u2019s privacy and security policy before permitting employees to get software there.<\/p>\n That’s particularly true as more and more Apple devices are used across the enterprise<\/a>.<\/p>\n Please follow me on\u00a0Mastodon<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0<\/em>Apple<\/em>\u00a0Discussions<\/em><\/a>\u00a0groups on MeWe.<\/em><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Ask anyone who knows, and they\u2019ll tell you that when it comes to security, the weakest point is always people. Yet, as pressure grows for Apple to allow app purchases from outside the App Store<\/a>, the fact the company fired App Store staff for \u201cbusiness misconduct\u201d is cause for alarm.<\/p>\n As first reported by The Information<\/a><\/em>, the Apple story is pretty simple.<\/p>\n<\/p>\n