The level of Mac malware is not acceptable, says Apple’s Craig Federighi at Epic trial
The antitrust case between Apple and Epic continued today, and it brought Craig Federighi, Apple’s senior vice president of software engineering, to the stand. Federighi’s mission was pretty clear from the outset: to extol the security benefits that come with iOS’s walled-off ecosystem and warn of the dangers that would come with breaking the App Store model.
But in building that argument, Federighi also made some surprisingly blunt concessions about security on macOS.
“If you took Mac security techniques and applied them to the iOS ecosystem, with all those devices, all that value, it would get run over to a degree dramatically worse than is already happening on the Mac,” Federighi said in the testimony. “And as I say, today, we have a level of malware on the Mac that we don’t find acceptable and is much worse than iOS.”
Federighi made the claim as part of a broader argument for why iOS could not adopt the same software model as macOS, which allows for alternate software sources like the Epic Games Store. But in making the case for iOS security, the software chief ended up painting a bleak picture of security on the desktop platform. The full exchange is presented in context below:
Judge Rogers: There are multiple stores on the Mac. So, if that can happen on the Mac, why should we not allow the same stores to exist on the phone?
Craig Federighi: Yeah, it’s certainly how we’ve done it on the Mac and it’s regularly exploited on the Mac. iOS has established a dramatically higher bar for customer protection. The Mac is not meeting that bar today. And that’s despite the fact that Mac users inherently download less software and are subject to a way less economically motivated attacker base. If you took Mac security techniques and applied them to the iOS ecosystem, with all those devices, all that value, it would get run over to a degree dramatically worse than is already happening on the Mac. And as I say, today, we have a level of malware on the Mac that we don’t find acceptable and is much worse than iOS. Put that same situation in place for iOS and it would be a very bad situation for our customers.
Federighi also cast the difference between the two platforms in unusual terms, describing the desktop platform as something akin to a car. “If operated correctly, much like that car, if you know how to operate a car and obey the rules of the road and are very cautious, yes,” he said when asked directly whether macOS is safe. “If not, I’ve had a couple of family members who have gotten some malware on their Macs.” macOS allows software to be downloaded and installed from the web, but Apple advises customers that restricting this functionality to the App Store is “the most secure setting.”
In contrast, Federighi presented iOS as a child-safe version of the less restricted macOS. “With iOS, we were able to create something where children — heck, even infants — are able to operate an iOS device and be safe in doing so. It’s really a different product,” Federighi said.
Federighi’s testimony comes in the final days of the trial, with much of the remaining time devoted to testimony from Apple executives. CEO Tim Cook is expected to take the stand on Friday, with closing statements from both sides given on Monday.