Apple Epic Trial

Apple's Craig Federighi throws Mac security under the bus

He admitted that macOS has a malware problem.

Apple's Craig Federighi throws Mac security under the bus

Apple's Craig Federighi said the level of malware on macOS was "not acceptable."

Photo: David Paul Morris/Bloomberg via Getty Images

Apple pursued a bold, rather unexpected strategy in court on Wednesday in its antitrust fight with Epic Games: It had Craig Federighi criticize the level of security on the Mac.


On the stand was Apple's Craig Federighi, the company's senior vice president of software engineering in charge of both iOS and macOS, and his testimony thus far has largely centered on security and privacy and the lengths Apple goes to protect iPhone users.

When asked about the difference between iOS and macOS security, Federighi said, "Today, we have a level of malware on the Mac that we don't find acceptable." Federighi went on to say that malware hidden in apps downloaded from the internet is a "regularly exploited" vulnerability on desktop and that "iOS has established a dramatically higher bar for customer protection," adding that "the Mac is not meeting that bar today."

It's a stunning admission to hear Apple's software chief throw one of its major software products under the bus, but it's a strategic play from Apple and its legal team to draw strong distinctions between the level of security required on desktop computers and smartphones. On the smartphone, Federighi said it's much more important to protect user security and privacy because the devices carry sensitive information, from medical records to banking information, and those devices are carried around and out in the world all day every day.

"The Mac is a very successful product, and I love it very much, but there are well less than a tenth as many Macs out there in active use than iOS devices," Federighi said. He called iOS a "much more attractive market" for malware and other cybersecurity threats. He went on to describe the Mac as similar to an automobile. "The Mac is a car. You can take if off road if you want, and you can drive wherever you want," he said. "There's a certain level of responsibility." But, he added, "that's what you wanted to buy, you wanted a car." The iPhone, by contrast, is a device that even children can and should be able to safely operate, he argued.

Epic and its lawyers have throughout the trial pointed to the freedom consumers have on macOS to download applications outside the Mac App Store and to largely do what they please on the macOS operating system. Epic has held up the openness of the Mac as an example of what the iPhone, as a general computing device in Epic's eyes, should be transitioned into if it were to win its case.

But Federighi on Wednesday argued against this proposition by saying it would destroy the level of security enjoyed by iOS users, in effect tarnishing the Mac in order to save the iPhone. "It would become commonplace for users to be directed to download misrepresented software from untrusted sources where they'd be subject to malware," Federighi argued, referring to the notion of alternative app stores as a "pretty devastating setback for iOS security."

Subscribe to Protocol newsletters for the latest news, analysis and research on the people, power and politics of tech.

Power

How the creators of Spligate built gaming’s newest unicorn

1047 Games is now valued at $1.5 billion after three rounds of funding since May.

1047 Games' Splitgate amassed 13 million downloads when its beta launched in July.

Image: 1047 Games

The creators of Splitgate had a problem. Their new free-to-play video game, a take on the legendary arena shooter Halo with a teleportation twist borrowed from Valve's Portal, was gaining steam during its open beta period in July. But it was happening too quickly.

Splitgate was growing so fast and unexpectedly that the entire game was starting to break, as the servers supporting the game began to, figuratively speaking, melt down. The game went from fewer than 1,000 people playing it at any given moment in time to suddenly having tens of thousands of concurrent players. Then it grew to hundreds of thousands of players, all trying to log in and play at once across PlayStation, Xbox and PC.

Keep Reading Show less
Nick Statt
Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.

While it's easy to get lost in the operational and technical side of a transaction, it's important to remember the third component of a payment. That is, the human behind the screen.

Over the last two years, many retailers have seen the benefit of investing in new, flexible payments. Ones that reflect the changing lifestyles of younger spenders, who are increasingly holding onto their cash — despite reports to the contrary. This means it's more important than ever for merchants to take note of the latest payment innovations so they can tap into the savings of the COVID-19 generation.

Keep Reading Show less
Antoine Nougue,Checkout.com

Antoine Nougue is Head of Europe at Checkout.com. He works with ambitious enterprise businesses to help them scale and grow their operations through payment processing services. He is responsible for leading the European sales, customer success, engineering & implementation teams and is based out of London, U.K.

Protocol | Policy

Why Twitch’s 'hate raid' lawsuit isn’t just about Twitch

When is it OK for tech companies to unmask their anonymous users? And when should a violation of terms of service get someone sued?

The case Twitch is bringing against two hate raiders is hardly black and white.

Photo: Caspar Camille Rubin/Unsplash

It isn't hard to figure out who the bad guys are in Twitch's latest lawsuit against two of its users. On one side are two anonymous "hate raiders" who have been allegedly bombarding the gaming platform with abhorrent attacks on Black and LGBTQ+ users, using armies of bots to do it. On the other side is Twitch, a company that, for all the lumps it's taken for ignoring harassment on its platform, is finally standing up to protect its users against persistent violators whom it's been unable to stop any other way.

But the case Twitch is bringing against these hate raiders is hardly black and white. For starters, the plaintiff here isn't an aggrieved user suing another user for defamation on the platform. The plaintiff is the platform itself. Complicating matters more is the fact that, according to a spokesperson, at least part of Twitch's goal in the case is to "shed light on the identity of the individuals behind these attacks," raising complicated questions about when tech companies should be able to use the courts to unmask their own anonymous users and, just as critically, when they should be able to actually sue them for violating their speech policies.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Protocol | Workplace

Remote work is here to stay. Here are the cybersecurity risks.

Phishing and ransomware are on the rise. Is your remote workforce prepared?

Before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

Photo: Stefan Wermuth/Bloomberg via Getty Images

The delta variant continues to dash or delay return-to-work plans, but before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

So far in 2021, CrowdStrike has already observed over 1,400 "big game hunting" ransomware incidents and $180 million in ransom demands averaging over $5 million each. That's due in part to the "expanded attack surface that work-from-home creates," according to CTO Michael Sentonas.

Keep Reading Show less
Michelle Ma
Michelle Ma (@himichellema) is a reporter at Protocol, where she writes about management, leadership and workplace issues in tech. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at mma@protocol.com.
Protocol | Fintech

When COVID rocked the insurance market, this startup saw opportunity

Ethos has outraised and outmarketed the competition in selling life insurance directly online — but there's still an $887 billion industry to transform.

Life insurance has been slow to change.

Image: courtneyk/Getty Images

Peter Colis cited a striking statistic that he said led him to launch a life insurance startup: One in twenty children will lose a parent before they turn 15.

"No one ever thinks that will happen to them, but that's the statistics," the co-CEO and co-founder of Ethos told Protocol. "If it's a breadwinning parent, the majority of those families will go bankrupt immediately, within three months. Life insurance elegantly solves this problem."

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.

Latest Stories