One week after launching the iOS 17.4 update for iPhone that will allow alternative application stores to the App Store that the European Union has forced with the Digital Markets Act (DMA), Apple has published a report on the security measures it has taken to try to guarantee a certain level of security with external apps, although it points out that it will not be able to eliminate all risks. Even so, the Californian company will have some control over the installation of this third-party software on its mobile phones, since it must provide an electronic signature so that the process can be carried out.
That electronic signature will be granted after a review that will use a combination of automated tools and human review "to verify that it is free of known malware and other security threats," according to the report available today for developers. The Cupertino company explains that "by performing these checks in the initial phase", you will be able to "help prevent cyberattacks and other threats before they spread to other users." This procedure, known as notarization, has been used for years on macOS.
Apple will require app developers to "verify your identity by requiring a legal name, phone number, and address." In some cases, you will also be asked for an official identification number or to prove your identity. The company justifies this prior measure because "it is an important anti-fraud measure that allows developers to be identified and held responsible for what they distribute." In 2022, this same initial safeguard prevented the creation of almost 105,000 fraudulent developer accounts.
Notarization begins when a developer submits their app binary to Apple and indicates which app markets they plan to distribute it in, including, if desired, the App Store. One of the checks will be if the app poses a threat to the security of the iPhone. In general, it will try to find out if it contains any type of malware. Second, the review will check whether the app "adequately supports" the privacy features built into your devices and does not attempt to circumvent them. This affects a multitude of iPhone hardware and software, including the microphone, camera, Face ID, saved passwords, location and health data, wallet, contacts, photos, calendars, reminders, and even the Apple Music library. .
In addition to the demands on developers, Apple has also established criteria for alternative stores, which it will ask to have the capacity to protect users and to commit to continuous monitoring to detect and eliminate malicious apps that were not blocked during the notarization or that have been updated incorporating malware. Among other measures that the apple company has designed, apps will not be able to access the iPhone's camera or microphone if the user does not first grant permission. In the case of the camera, it cannot work in the background to prevent the user from being spied on without them noticing.
