Intego Mac Security Podcast

Apple and the EU: Changes Coming Soon – Intego Mac Podcast Episode 330

Posted on by

Apple attributes a hacker with a discovery of a vulnerability just after he’s arrested for hacking and scamming Apple. Researchers in Cupertino have created a new AI model that assists with image editing; is it coming to Apple’s Photos app? And the Digital Markets Act takes effect in the EU soon. What differences can European iPhone users expect when it comes to buying and downloading software?

  • Apple patches first “exploited” vulnerability in visionOS 1.0.2
  • Security researcher used Apple systems to scam $2.5M of iPhones, Macs, and gift cards
  • Why Did Apple Put Through a Fraudulent Charge on my Credit Card? Is it Related to My Apple Support Profile?
  • New Apple AI Model Edits Images Based on Natural Language Input
  • Global ransomware threat expected to rise with AI, NCSC warns
  • The Mac and iPhone malware of 2023—and what to expect in 2024
  • Deepfake colleagues trick HK clerk into paying HK$200m
  • WhatsApp Chats Will Soon Work With Other Encrypted Messaging Apps
  • No, 3 million electric toothbrushes were not used in a DDoS attack
  • Apple announces changes to iOS, Safari, and the App Store in the European Union
  • Changes Coming to Apple App Stores, Browsers, and Contactless Payments in the EU
  • Mozilla is ‘Extremely Disappointed’ With Implementation of Apple’s EU Browser Engine Change
  • Apple Opens Up NFC to Third-Party Apps in EU, Allowing New Tap-to-Pay Options
  • Here’s the new Apple tax every developer is going to hate
  • If Apple allows sideloading in iOS 17, how will iPhone security be affected?
  • VirusBarrier for iOS 8
  • VirusBarrier X9: How to Scan iPhone, iPad, and iPod Touch

  • If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.

    Have a question? Ask us! Contact Intego via email if you have any questions you want to hear discussed on the podcast, or to provide feedback and ideas for upcoming podcast episodes.

    **Intego Mac Premium Bundle X9** is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you’re ready to buy.


    Transcript of Intego Mac Podcast episode 330

    Voice Over 0:00
    This is the Intego Mac podcast—the voice of Mac security—for Thursday February 8 2024. This week’s Intego Mac Podcast security headlines include: Apple attributes a hacker with a discovery of a vulnerability just after he’s arrested for hacking and scamming Apple. Researchers in Cupertino have created a new AI model that assists with image editing. Is it coming to the Photos app? And the Digital Markets Act takes effect in the EU soon. What differences can European iPhone users expect when it comes to buying and downloading software? Now, here are the hosts of the Intego Mac podcast. Veteran Mac journalist Kirk McElhearn. And Intego’s. Chief Security Analyst, Josh Long.

    Kirk McElhearn 0:49
    Good morning, Josh, how are you today?

    Josh Long 0:52
    I’m doing well. How are you, Kirk?

    The visionOS running on Apple’s Vision Pro gets its first vulnerability patched

    Kirk McElhearn 0:53
    I’m doing quite well. We’re in February, Apple has a new device out. And they have already patched the first exploited vulnerability in visionOS. I guess we’re not surprised that no sooner did the Vision Pro come out, then a vulnerability would be found. But to be fair, this is not a new vulnerability specific to the Vision Pro is it.

    Josh Long 1:14
    That’s right. This is a an existing WebKit vulnerability that was patched in January. This is one of the vulnerabilities that was patched in the in the last round of updates for all the things macOS, iOS, etc. I believe that this version of visionOS 1.0.2 update actually came out before people actually had Apple Vision Pro in hand. So you know, as soon as you get your device, you install this one update, which only apparently patches the one vulnerability, that was a little surprising to me. So although this is the only actively exploited or now Apple’s calling it exploited vulnerability, there were a bunch of other things that were patched at the same time like other WebKit vulnerabilities. So does that mean they didn’t get patched in visionOS? Or does that mean they were already fixed, and somehow not the actively exploited vulnerability? I don’t know. I’m kind of scratching my head puzzling over that one a little bit. But it certainly won’t be the last security update we get. But hey, it’s kind of it’s kind of fun to note, you know, we got our first security update for Apple Vision Pro.

    Kirk McElhearn 2:18
    When we were talking about this before we started recording, I realized that the Vision Pro, the visionOS for Vision Pro is kind of like Chrome OS in the sense that everything is wrapped into this one browser based image. So the whole thing is WebKit. Imagine that when you’re looking at the Vision Pro, you’re seeing a live wallpaper of what’s around you, right, because of the cameras in front of the Vision Pro. And you’re seeing the windows of different apps in front of that. So it must all be built out of WebKit the entire interface from the background to the windows to the elements, which means that WebKit is well it is the operating system. Hmm, that’s interesting Vision Pro as Chrome as it’s like a Chromebook. Well, we call it a vision goggle would be a better name for the device, right? It’s basically a device that runs an operating system like a browser.

    Josh Long 3:17
    By the way, I’m really curious to see whether any of our listeners have bought apple Vision Pro if you have sent us an email [email protected]. I’m very curious.

    Kirk McElhearn 3:25
    It’s only been what is it less than a week now we’re recording this on Wednesday, the seventh, I think it first shipped on the second. So it hasn’t been that long. I know a couple of people, obviously not here because it’s not for sale in the UK. But people I’m in touch with on social media, I know a couple of people who have ordered it and who got it. And it’s interesting to see some of the reactions that are not gee whiz that are more nuanced than Apple wants. Another thing we’re talking about before the show is imagine if this device only costs $1,500. And more people bought it, there would be more disappointment because people would be expecting so much more. So having set the bar really high in price, it means they’re only getting cutting edge people who are probably expecting that things aren’t perfect. Being on the real cutting edge of a new technology like this.

    Josh Long 4:13
    Well, I’m not gonna get the first generation Apple Vision Pro. It’s, it’s a little too expensive and a little too brand new of the technology. I’ll wait for revision two maybe, maybe.

    Hacker arrested for defrauding Apple but not before Apple acknowledges his discovery of a vulnerability

    Kirk McElhearn 4:25
    Okay, now we’ve talked a lot about white hat hackers and black hat hackers and the white hat guys. They’re the good guys and they’re the ones who find bugs and report them to companies and maybe make money from the bug bounties. The black hat guys are the ones who find bugs and exploit them for their own profit. We have an interesting story about a white hat hacker who turned black hat using Apple systems to scam two and a half million dollars of iPhones Mac and gift cards. Now this is someone who after he was arrested, got credit for discovering a vulnerability in Apple secure already knows I’m not sure if this vulnerability that he got after the arrest was the one that he was exploiting to get into one of Apple’s back end systems. I doubt that it was. But basically, he accessed a system that Apple uses to place orders on hold during which time they can be edited. And he managed to get access to an employee account, and was able to change orders access more accounts within this third party companies working with them two and a half million dollars. So this is a guy who I mean, Apple knew who this guy was right? They thought he was a white hat hacker, what could have made him change the color of his hat?

    Josh Long 5:36
    Well, that is the question. I think what’s most interesting about this, though, is just that, here’s this guy Apple’s like actively crediting for reporting vulnerabilities. And yet he also defrauded the company two and a half million dollars like that. That’s I don’t I don’t really understand what happened here. Like, maybe he was like, Oh, look at this cool vulnerability I found, but that’s where it should stop. Normally, it’s like, you know, you find out oops, accidentally scammed apple out of $1. Like, I better report this right now. And it should not go beyond that. Right? How how it got to $2.5 million. I mean, obviously, he was trying to get as much as he could, and you’ve crossed some ethical boundaries there, buddy.

    Kirk McElhearn 6:20
    So someone accessing the back end system of Apple reminds me of a story that I wrote on my blog in 2015. Why did Apple put through a fraudulent charge on my credit card isn’t related to my Apple support profile. I’ll link them in the show notes. This article, I won’t go into too much detail, but I had a fraudulent charge on a credit card. And it was from the Apple online store. And it was clear that my bank didn’t really flag it as fraud initially, and I contacted the bank and I contacted Apple canceled the card got refunded, got a new card got a new charge on the new card for the cost of an iPhone 6 and had to cancel that. The punchline of the story, was it someone at Apple said and they probably shouldn’t have said this to me. We know who did it. But we can’t tell you we can tell the police if they asked us. My bank had suggested it was an inside job like some Apple employee who somehow got access to my credit card number, which seems surprising. But it actually sounds like this exact story, someone accessing the back end order system and placing orders on it, and charging it to someone else’s card. Anyway, I’ll link to that article in the show notes. I never went any further with this. I contacted the police and neck and they didn’t do anything about it here. They don’t really care.

    Josh Long 7:31
    To be fair, this was nine years ago. So things have probably changed quite a bit and apples, you know, back in systems since then. But that’s a pretty interesting story.

    Apple researchers announce AI model to assist with image editing

    Kirk McElhearn 7:39
    Yeah. Okay. So we have some AI stories this week. And one of the most interesting one is that Apple has announced an AI model that can edit images based on natural language input. What that means is, let’s say you’ve got a picture of I don’t know, a sunset, but you don’t like the colors in the sunset, you want them to be more vivid. So you say, give me a sunset that’s more vivid. And the Photos app goes poof. And there’s a car in the background of this photo of a group of my friends, can you take the car out? Poof, it’s gonna do all these things. And in some ways, Apple is way behind in terms of photo editing. Because there are tons of photo editing apps that have wonderful AI tools. I think that we’re going to see a lot more AI stuff rolled into the Photos app, both on the Mac on iPhone, and I think this is going to be one of the big pushes for Apple in generative AI.

    Josh Long 8:31
    Yeah, definitely. Some other phone manufacturers are already doing things like this, I think Samsung already has similar technology built into the latest phones, their flagship phones. So this makes sense to be something that Apple is really looking at closely. Now. At the same time. You know, a lot of people will argue that you need to be very careful about this. Because you know, you don’t want to have people intentionally making deceptive images, right and tricking people into believing something that’s not actually true. But at the same time, I also see a lot of potential really valuable use cases for that for this, you gave an example of like editing out somebody in the background. And those kinds of things would be really nice to have as just standard features. Now, how Apple goes about, you know, that potential ethical quandary, right, if you, if you go to post this on social media, is is Apple going to be putting some kind of not visible to the human eye, but somehow still their watermark or something to like, indicate that this is AI manipulated.

    Kirk McElhearn 9:35
    Why would that be the case? I mean, you’ve been able to do things like this in Photoshop for a long time. The difference is that you’ve had to do them manually. In other words, you would have to create what’s called a mask to select something and the early days of Photoshop people will do this pixel by pixel. The difference now is that you can do this much more easily in current Apple operating systems on the iPhone if you have a photo. I don’t know of a cat with the background if you tap and hold The cat, it selects the cat and not the background. So apples already got a tool for this. Many photo editing apps offer AI features such particularly, you know, removing things or what’s called overpainting, where you extend an image. This has become commonplace in photo editing. So Apple really needs to catch up. Apple has not updated many of the features in its Photos app in several years, they’ve only had minor tweaks. And they’ve been focusing on portrait mode and that sort of Apple specific thing. But they’re losing ground to all the other photo editing apps. Now, Apple is not trying to compete when they discontinued aperture, which was a pro level photo editing app, they gave up on that. But photo editing, as you say, on Android is so much more powerful by default. Apple really needs to do something, I’m sure we’re going to hear more about this at the Worldwide Developer Conference in June.

    Josh Long 10:49
    You mentioned out painting, which is something where you can take a photo as it is, and then extend it beyond its borders, what In other words, whatever was actually photographed, you’ve got just what was photographed, and you have no idea what actually was on the sides. But sometimes there are scenarios where you want to just imagine it doesn’t particularly matter, maybe what’s outside the photo, but you need like a bigger frame, maybe you’re cropping it a certain way. And you just need to know, to imagine what might have been been beyond the photo. Now, I’ve seen a lot of free services that do something like this, but don’t necessarily do a very good job. And so if Apple can really put it together something innovative, that works really well, then that would be really impressive. I would love to see features like that added to the Photos app.

    UK security agency warns AI to be widely used to create ransomeware

    Kirk McElhearn 11:37
    Okay, the UK is National Cybersecurity Center is warming that the global ransomware threat is expected to rise with AI, that artificial intelligence not that someone will create their own personal GPT to attack people with ransomware. But they will use the tools in AI to write malware to write messages and to attack more people with ransomware. Basically, the bar is much lower, you don’t need the same kind of skills that you needed a few years ago, to be able to attack people with ransomware.

    Josh Long 12:07
    Yeah, and they do mention ransomware, specifically in the headline. But of course, they also say in general cyber attacks will increase that are that are leveraging AI in some way or other. Now in the article that we mentioned, last week, we were talking about our malware urine review. And at the end of that article, I also talked about what we can expect to see in 2024. And I give some examples of how AI is already able to do some of these things, to help create malware to help create phishing emails that are pretty convincing, that can be translated into multiple languages very easily with perfect grammar, make sure to check out that article. If you haven’t already. We’ll have a link again in the show notes about what to expect in 2024. So we’re definitely in line with what the NCSC and other organizations are predicting about what we’ll see in 2024. Now one of the things that may not be obvious is that just because threat actors are using AI, doesn’t necessarily mean that it’s going to be obvious that they’re using AI because this all goes on behind the scenes, right? This is just helping them to develop a better product, if you want to call it that when it comes to creating malware, or creating phishing content or whatever it might be.

    Kirk McElhearn 13:20
    Well, here’s a quick mention of a story that happened in Hong Kong, deep fake colleagues trick Hong Kong clerk into paying 200 million Hong Kong dollars. Basically, Corker financial company got onto a zoom phone call with several people, one of whom was the company’s CFO, and they convinced him to wire 200 million Hong Kong dollars, I think that’s 20 million US. And all the other people on the call, we’re deep fakes, except for him.

    Josh Long 13:44
    That’s kind of crazy. Like I have a hard time imagining that you would have technology that’s convincing enough that everybody on the call is fake, except for you, and you don’t notice it. Like you don’t notice some kind of telltale signs that something might not be right here.

    Kirk McElhearn 14:00
    Well, you know, we discussed this, I’ll try and find the episode and link in the show notes when we were talking about creating AI voices, and I created a sample using your voice that I taken from the podcast. And my scenario was you get a phone call from the boss who’s at the airport, and he’s in a rush. And you’ve got to give the password for this to so and so who’s got to do something right and he’s in a hurry, and he gets away but you’ve heard his voice and you know, it’s him. And it’s gonna be if you can do it with video, it’s even more convincing. You know, we need to do I don’t I don’t even know if you’re really you in this zoom call. We need to come up with some sort of a password, like a safe word that we can share. You know, so we can if we ever get on a zoom call with each other, we can make sure that we are who we think we are.

    Josh Long 14:43
    But see, they might be spying on our zoom call right now while we’re developing exactly as code exactly. They could use that pass code with the deep fake and then the our whole system is messed up so I don’t know what we’re gonna have to do.

    Kirk McElhearn 14:59
    I don’t know We’ll do this over iMessage because it’s secure and it’s encrypted. And by the way, WhatsApp claims that their chats will soon work with other encrypted messaging apps. We’re not really sure what protocol we’re going to use, how they’re going to make this work. But this is part of the EU Digital Markets Act, which we’re going to talk about after the break.

    Voice Over 15:19
    Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X 9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Sonoma, and the latest Apple Silicon Macs. Download the free trial of Mac Premium Bundle X 9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the Special Discount Link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.

    WhatsApp messaging may work with other encrypted messaging services

    Kirk McElhearn 16:34
    So yes, WhatsApp chats working with other encrypted messaging apps. We’re not really sure how this is going to work. Because if one app is using a certain encryption protocol, it can’t really communicate with an app that’s using another protocol. It’s like to speak in different languages. But WhatsApp claims that they are consulting with other companies. I kind of think that WhatsApp wants everyone to use the Signal protocol that they use. And maybe companies like signal want to do that. But apparently, they’ve already contacted one secure messaging app company who says no way. We’re not doing that.

    Josh Long 17:04
    I’m glad you mentioned that. Because one of the companies that WhatsApp has reached out to is a Swiss company called Threema. It’s not as well known because it’s not free. And most people are looking for a free solution, right. But Threema is is one of these apps that has a good history, a good reputation. And when WhatsApp reached out to Threema, Threema said that WhatsApps proposed system did not meet Threema’s security and privacy standards, at least from Threema’s perspective. Now Threema, of course, is not using the Signal protocol, they have a system of their own. That’s the thing with this whole interoperability is that if other companies are not using the Signal protocol, then they’ve got to figure out some way to interact with each other. And you may not have other companies that are willing to sign on with whatever WhatsApp might be proposing. Yeah, I don’t know how well this is gonna work out for anybody but it with with his whole interoperability thing.

    Did Bluetooth toothbrushes help hackers create bot-net for DDoS attacks?

    Kirk McElhearn 18:01
    Okay, before we get to the DMA, I just want to briefly talk about my favorite story of the week the headline is 3 million malware infected smart toothbrushes used in Swiss DDoS attacks. This is just wonderful. You know, we kind of laugh about this. It’s serious. And someone used a sizable army of connected dental cleansing tools for a DDoS attack on a Swiss company’s website, which is kind of sad. The firm site collapsed into the strain of the attack reported resulting in the loss of millions of euros in business. But toothbrushes I mean, we’ve worried about smart lightbulbs, and we’ve talked about routers and printers and all sorts of things. But toothbrushes, that’s clever.

    Josh Long 18:36
    Sometimes it seems more like IOT stands for Internet of trash. But, actually, Kirk, it turns out that the Swiss online publication that originally made the claim about this toothbrush botnet didn’t cite any sources, and in fact the whole story just wasn’t even true at all. So, fear not, your toothbrush isn’t infected with malware.

    What changes will iPhone users see when the Digital Markets Act takes effect for EU countries?

    Kirk McElhearn 18:41
    Okay, DMA Digital Markets Act in the EU, I believe this goes live at the end of March. We talked about this when Apple first floated information. And Apple has since made an announcement of many of the changes that they’re going to make. We did speculate at the time that Apple would roll these out in the EU and potentially around the world. But given how strict the rules that Apple is proposing, I don’t know that Apple is going to try to roll this out anywhere else. And remember, these are propositions right now, these are proposals, the EU has to agree, we’re going to just quickly go through all of this because while you may not be in the EU, you are a favorite listener. This could be coming to your country sometime soon, because once other countries see that the EU has made this work. They’re going to have complaints from companies who don’t want apple to have full control over the App Store in their country, notably the United States. There have already been complaints about Apple in the App Store. So there are several things going on here. One of them is third party app stores in the European Union. Another one is when you set up a new iPhone, you will be presented with a screen offering you to choose the default web browser you want to use. It looks like you get a screen with all the web browsers available even if they’re not on the device. So you would then be able to download In the App Store, Apple is also opening up the NFC chip to third party apps in the EU allowing new tap to pay options. And we’re going to talk about the new Apple tax that the verge says Every Apple developer is going to hate. So let’s start with the App Store. How is it going to work? How are these apps in these third party app stores going to be secure? How can we be sure that these apps are going to be safe?

    Josh Long 20:23
    Well, Apple doesn’t call them third party app stores, they call them Alternative App Marketplaces. Because you know, it’s not App Store TM, it’s essentially a third party app store, it’s a place where you can get apps that is going to be coming to iOS very soon. So this is all happening, supposedly in iOS 17.4, currently in beta. But as you mentioned, this is only available in the in the EU. So if you go and download the 17.4 beta and you’re anywhere else in the world, you’re not going to see any hint of these changes, because this is exclusively to comply with EU law for right now.

    Kirk McElhearn 20:59
    It’s not if you’re anywhere else in the world, it’s whether your account is linked to an EU country. So for example, I know people who have bought the Apple Vision Pro, which you can only use with the US App Store account, but they are not in the US. So Apple understands that people travel if your Apple ID is linked to the European Union, you’ll be able to use one of these alternate Alternative App Marketplaces of a third party app stores is a little bit better. So Apple claims that these new options for developers, eu apps create new risks to Apple users and their devices. So they’re going to do things such as notarizing apps, which is just an automated process, right, you upload an app, you get some sort of a file back with the app, no one looks at it right?

    Josh Long 21:41
    Up till now, when Apple talks about notarization. At least on macOS, this has been something that is exclusive to macOS so far. And notarization on macOS has been an automated process. So you submit an app to get notarized and within a short period of time, you get your notarization, it just happens very quickly. But Apple is saying that if you are distributing an app through an alternative app marketplace, now notarization For iOS is going to include human review. So this is new, this is different from what we’ve seen on macOS so far. So that means that there’s basically Apple is saying, We review all the apps that are going in the App Store TM, right. And now if you want to submit an app that’s going to be available in an alternative app marketplace, well, we need to make sure we need to do something to make sure that you’re not just putting malware on our platform, right? So they’re saying we’re going to have a human on our team review that app as well as whatever vetting system that these Alternative App Marketplaces might have. So that’s kind of an interesting way that Apple is going about this. Now at the same time. They’re also saying, well, but now you’re so much more likely to get malware and other things. But it’s like, you know, Apple, Apple, you still got somebody vetting these apps. So which is it is that were more likely to have malware? Or is it now there’s Apple vetting apps, as well as whatever the third party marketplace vetting the apps like? It seems like they’re, they’re kind of contradicting themselves a little bit there.

    Kirk McElhearn 23:18
    Well, they do talk about additional malware protections that prevent iOS apps from launching if they’re found to contain malware after being installed to a user’s device. So this is basically we already know that Apple can, what do they do, they turn off a certificate from an app because basically notarization returns the app with their certificate, and Apple can basically have a kill switch to make sure that that app can’t warn. So I guess they’re doing the same thing here. Apple also says that they have less ability to address other risks, things that may negatively affect the user experience, including impacts to system performance and battery life. And this is one of the ways that Apple’s trying to say we need our app store in third party app stores are bad.

    Josh Long 23:56
    Right. And one of the specific things that Apple is talking about there is alternative browser engines. So we’ve mentioned before that if you download, for example, Google Chrome on iOS, currently, Google Chrome on iOS, as obtained through the official Apple App Store, is really just a skin on top of WebKit. So it’s essentially Safari, behind the scenes. And it’s got whatever interface elements that Google wants to put on top of the safari codebase. That’s it. That’s the case for any apps that you’re getting from the App Store. Right now. Any browser that you’re getting from the Apple App Store is really just WebKit underneath. And so one of the changes in order to comply with the Digital Markets Act is that now, alternative browser developers are going to be able to bring their own engine so for example, Firefox has its Gecko engine and if they want to have a version of Firefox that’s available through an alternative app marketplace. As that has the Gecko engine, they’re allowed to do that. Now, same thing with Google Chrome, they can bring their their Blink and V8 engines and all that kind of stuff. So they don’t have to be forced to use WebKit anymore.

    Kirk McElhearn 25:12
    And they can use up all the memory on your iPhone.

    Josh Long 25:15
    And that’s what Apple is talking about here, at least in part, they’re like, you know, we know what vulnerabilities are in WebKit, we patch those ourselves. So you don’t have to worry about what other vulnerabilities might become problematic on your device, if you’re using third party browsers, if you get it from the App Store, if you get it from us. But if you’re getting a third party browser, you just don’t know what you’re gonna get, you could be opening yourself up to all kinds of new vulnerabilities. And it’s like, well, yeah, but they’re patching the vulnerabilities too.

    Kirk McElhearn 25:46
    So. Well, as we’ve discussed, as we’ve discussed, in Chromium, the browsing engine that runs the Chrome browser, and many others, a lot of developers don’t patch as quickly as they should I believe Opera is on your kill list for not patching vulnerabilities for weeks, and it’s a valid thing. But I mean, if this is so important, then how can we can install these things on our Mac?

    Josh Long 26:09
    Now, that’s a really interesting point. Apple has always kind of argued, right? They need a walled garden for your security for your safety on iOS. And now Apple’s saying we still need that No, no, I the we’re being forced to comply with these terrible laws in the EU. And it’s going to ruin our ecosystem, and then make things terrible for everybody. But it’s like, you know, we’ve been able to just install whatever apps we want on macOS for like all of history.

    Kirk McElhearn 26:38
    And then we have anti virus software to protect from malware.

    Josh Long 26:43
    Exactly. We have antivirus software on macOS, which Apple still at this point is not allowing on iOS. By the way, that’s one of the things that I’m very curious to see what happens will we start to see the reemergence of anti virus software on iOS. So remember, back in the day, I, you may or may not know this if you’re a listener, but there was a version of Virus Barrier Scanner for iOS. Once upon a time, I think it was back in what 2015 ish that Apple decided that they were going to ban all antivirus apps was not going to be a category that was allowed in the iOS App Store anymore, because they probably didn’t want to give the misperception that, you know, malware could be on an iPhone, which of course, you know, that’s silly, because we know that malware can be on iPhones. But the whole point is like even when that did exist as a category of app on iOS, you can only scan particular files. And what Apple’s doing right now in order to comply with the laws, they’re opening up the platform a little bit more. And because this was just an app store rule, I suspect that we’re going to start seeing the reemergence of similar apps, at least that file scanner type apps. Now, it’s an entirely different thing to be able to scan the entire operating system for active malware that might exist on the platform. And I don’t think that that’s going to be possible with the new changes that Apple is rolling out in 17.4. But maybe we’ll start to see third party apps that allow you to scan files for malware that’ll be interesting to see.

    Kirk McElhearn 28:16
    Well, even Virus Barrier for iPhone couldn’t scan the entire operating system, it couldn’t scan all the files, it could only scan the files in the user space, which is the equivalent of the home folder on a Mac. So it could scan all the files that you’ve downloaded that you created. But it couldn’t scan anything like he couldn’t scan apps themselves or it couldn’t scan system files.

    Josh Long 28:37
    By the way, it’s worth mentioning here that if you are using Virus Barrier X9 and you plug your iPhone into your Mac, you are able to scan your iPhone for malware, malicious files in those same areas that we’re talking about of the file system on iPhone and iPad, and older iPod Touches as well.

    Kirk McElhearn 28:54
    There’s a lot more that Apple is doing to comply with the Digital Markets Act and we’ll have an article on the Intego Mac security blog linked in the show notes. If you’re in the EU, you’ll be seeing this sometime soon. If not well might be coming to a country near you soon. Until next week, just stay secure.

    Josh Long 29:08
    Alright, stay secure.

    Voice Over 29:12
    Thanks for listening to the Intego Mac podcast, the voice of Mac security with your host, Kirk McElhearn, and Josh Long. To get every weekly episode, be sure to follow us on Apple Podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like or review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at podcast.intego.com. The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.

    About Kirk McElhearn

    Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →