Epic accuses Apple of using security as a pretext, enabling fraud | #mac | #macos | #macsecurity


Today saw the publication of court filings by both Apple and Epic Games, and in them we see that Epic accuses Apple of using app security as a “pretext” for its commission. The company also argues that Apple enables fraud by app users.

In the run-up to the antitrust trial between the two companies, both sides were required to submit documents known as Findings of Fact and Conclusions of Law. Each company presents the facts it considers relevant to the case, and the legal arguments on which it intends to rely …

This follows disclosure of documents by each side, as well as depositions, in which lawyers from one side get to question witnesses from the opposition.

We earlier summarized Apple’s side of the case. The Cupertino company argues that developers are free to create apps for a wide range of devices, as well as web apps, and therefore Apple has no monopoly powers. Apple goes on to say that Epic created a PR campaign designed to make Apple look bad in the eyes of both developers and the public.

According to Apple, Epic Games has hired PR firms in 2019 to work on a media strategy called “Project Liberty” aimed at portraying Apple “as the bad guy.” In October 2020, Judge Yvonne Rogers had concerns that Epic knew exactly what they were doing with the controversial Fortnite update, so this doesn’t come as a surprise.

Epic makes four main arguments against Apple.

Ecosystem lock-in

While Apple claims there are many app markets, Epic argues that iOS is a key market in its own right, as there are many customers who can only be reached on this platform. Epic accuses Apple of going to great lengths to ensure this is the case.

It seems Epic did manage to track down Scott Forstall’s phone number and depose him, as the former iOS senior vice president is cited as the source of one piece of evidence presented.

In an agenda for a 2010 executive team meeting, Apple founder and late CEO Steve Jobs wrote that he wanted to “tie all of our products together, so [Apple] further lock[s] customers into [its] ecosystem” [Forstall]

Eddy Cue also talked about what Apple does “to get people hooked to the ecosystem,” and Epic also presents evidence that this is why Apple never offered iMessage on Android.

Craig Federighi, Apple’s Senior Vice President of Software Engineering and the executive in charge of iOS, feared that “iMessage on Android would simply serve to remove [an] obstacle to iPhone families giving their kids Android phones” […]

Schiller commented that “moving iMessage to Android will hurt us more than help us.”

Consumers and developers both have bad experiences

Apple inserting itself as an intermediary between consumers and developers means that both have a worse experience if a problem occurs with an app, says Epic.

If the transaction raises any issue such as a payment dispute, a request for a refund, etc., both the developer and the user must rely on Apple to communicate with the user and resolve the issue […]

In Epic’s own experience, the disconnect between customer service and transaction servicing, and between Epic and its own customers over in-app transactions, has led to confusion and complaints from customers, who contact Epic hoping to rectify disputes over payments—and blame Epic for sending them to Apple about a transaction users rightfully view as a transaction between them and Epic.

Epic accuses Apple of enabling fraud

In particular, says Epic, consumers can complain to Apple that their IAP content doesn’t work. Apple has no way to verify this, so tends to take the consumer’s word for it and refund them. But because this process is handled by Apple, not the developer, there is no way for a developer to block access to the content. This means that people can fraudulently obtain refunds for IAP content while continuing to enjoy access to it.

Alternatively, says the developer, Apple may wrongly refuse a refund to a customer experiencing a genuine issue, again because the iPhone maker has no ability to see whether the customer is able to use the content.

Vetting justifications are “a pretext”

One of Apple’s key arguments for acting as an intermediary between developers and app customers is that it vets apps to ensure their safety, security, and functionality. This argument has already come under fire from another developer, which points to the number of scam apps that go undetected by Apple despite some pretty glaring red flags. But Epic goes further and accuses Apple of using this as a pretext for its cut.

It says that Apple allows direct app sales on the Mac, proving that there is no need for the iPhone maker to control the App Store in order to keep devices safe.

iOS was designed based on macOS; it inherited many of the core macOS architectural features and improved on some of them. Apple, and over a hundred million macOS users, consider the macOS system to be secure even while permitting users to download apps from sources other than Apple’s official Mac App Store.

iOS was designed based on macOS; it inherited many of the core macOS architectural features and improved on some of them. Apple, and over a hundred million macOS users, consider the macOS system to be secure even while permitting users to download apps from sources other than Apple’s official Mac App Store.

Apple’s App Review process is cursory and provides minimal security benefits beyond the on-device security that is already provided by iOS.

In particular, says, Epic, there is no justification at all for Apple intervening in in-app purchases.

There were no widespread or significant security issues regarding payment with the App Store prior to the […] requirement that apps selling subscriptions use IAP rather than alternate payment solutions, nor evidence that IAP is far superior to third-party payment alternatives with respect to security.

Apple has conducted no “study which looked at the relative safety and security of the App Store in 2008,” in the period of little over a year when IAP was not required in the App Store.

Epic even says that Eddy Cue supports this stance.

The use of payment processing solutions other than IAP has not led to any “physical hardware vulnerability . . . [on] an iPhone”, nor could such vulnerabilities be introduced through the use of a third party payment platform – Eddy Cue.

You can read Epic’s full filing here.

The trial is expected to take place early next month, though the exact date is subject to change.

Photo by Romain Dancre on Unsplash

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:



Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Your email address will not be published. Required fields are marked *

9 + 1 =