Professional working on smartphone remotely

The European Union’s recent passing of the Digital Markets Act (DMA) has brought significant changes to the digital landscape. One of the key provisions of this act, noteworthy for businesses with BYOD programs, is the requirement for Apple to allow side-loading of applications from third-party stores outside the Apple Store. This move, aimed at ensuring fair and open digital markets, is set to take effect soon and could have profound implications for iOS users and businesses.

The Digital Markets Act in Brief

The Digital Markets Act came into force on November 1, 2022, and its provisions became applicable on May 2, 2023. The act aims to identify and regulate gatekeepers in the digital realm, and they must comply with its regulations by March 6, 2024. As a result of this legislation, Apple will be compelled to permit users to install applications from sources beyond their own App Store.

The Impact on Apple’s Platform Security

The ability for users to sideload applications from untrusted sources outside the Apple Store is likely to have a substantial impact on platform security. Apple has long maintained strict control over the apps available in its store to limit risks associated with malicious apps, phishing attempts, and data theft. With this change, the threat landscape could expand, making BYOD (Bring Your Own Device) environments particularly vulnerable.

Implications for employees

Unsuspecting employees will inevitably download apps from app stores other than the Apple App Store. They might see an ad for a cool new app, click, install, and accept the terms and conditions. The first version of the app might be perfectly benign. All good so far.

Over time the app will receive updates and change permissions, potentially turning on location tracking, microphone, camera, accessing contacts, tracking browsing activity, logging keystrokes, etc. The user may be unaware of these changes, and if prompted the user will likely accept new terms and conditions.  Slowly that app becomes a surveillance device, invading the user’s privacy and posing a risk to the company whose contacts, email, attachments and files are on the same device.

Implications for Users and Businesses

We have all enjoyed the security of Apple walled garden for the past 15+ years and come to trust their app vetting process. The impact of the DMA will be a significant new threat vector as that trusted ecosystem opens up.

Most mobile users have 100+ mobile apps and now we need to consider the source of those apps, their permissions, behaviors, and access to our company information.

Mobile Threat Management (MTM) solutions will become imperative for businesses with BYOD policies to safeguard their sensitive data from these new threats.

Preparing for the Changes

As the DMA’s implementation draws closer, businesses need to take proactive steps to mitigate risks and capitalize on potential opportunities. Key actions to consider include:

Generating awareness in your C-Suite

Discuss the changes with IT leadership, InfoSec Leadership, and Finance. The changes will have implications on your company manages its BYOD program and on the tools needed by IT.  They will impact your security posture and effectively introduce a new threat vector. Your Finance team will need to budget for a threat management tool that may not be in your arsenal today.

Understand the mobile security stack (MDM, MAM and MTM)

Many IT professionals mistakenly believe that if they have MDM they are protected. Wrong! MDM and MAM are ‘management’ tools that can apply policies and procedures for the administration and governance of mobile devices and applications. For protection against mobile cybersecurity attacks, MTM is required so that threats can be detected and blocked in real-time or reported to a SIEM or MSSP for action.

Here is a high-level summary of the 3 layers of the stack:

  • MDM (mobile device management) is a management solution, not a security solution. It enables you to configure policies and profiles, deploy applications and certificates, push out OS updates, and generally manage your company devices. Examples are Intune, AirWatch, MobileIron, etc.
  • MAM (mobile application management) is an application layer solution that enables you to manage company apps such as Microsoft Outlook, Teams, OneDrive and to apply security controls to protect the data in those specific apps. Intune App Protection Policies is the best example where you can protect data in Office 365 apps even on an unmanaged BYO device.
  • MTM (mobile threat management) is a true security solution to detect malicious apps and inappropriate app permissions that invade privacy (turning on camera and mic). MTM protects against app side-loading, phishing attempts, malicious weblinks, and man-in-the-middle attacks. MTM also detects jailbreak attempts in real-time and passes telemetry to a SIEM or MSSP.

Integrating MTM with an existing MDM and/or MAM solution is a sound strategy and will enable these management tools to apply policies based on threat information.

Complete the stack

Most businesses have an MDM, this technology has been around for 15 years.

Some businesses have MAM, specifically to protect Office 365 apps on BYO devices.

Few businesses have an MTM solution today, but the majority will need to deploy one in the coming months. MTM will become ubiquitous, just like anti-virus agents on our desktops and laptops.

Securing Your Devices with Lookout for Work

Lookout for Work is the leading MTM platform. The app provides persistent, on-device protection to combat the risks described above and it is effective on both Android and Apple devices. Mobile Mentor has been working with Lookout since 2016 and we love this tool.

How does Lookout Work?

The on-device Lookout for Work protection works by scanning apps that are installed on a device, checking certificates, and checking certificates of websites visited on the device. It does so without violating employee privacy by only checking certificates of websites against an internal database – and not spying on what device owners are viewing.

For those unfamiliar with Lookout, our team has developed a set of FAQs, found here to help businesses gain an understanding of the tool’s capabilities.

Conclusion:

In conclusion, the European Union’s Digital Markets Act (DMA) requiring Apple to allow side-loading of third-party apps has significant implications for iOS users and businesses with BYOD programs. This change may impact platform security, making Mobile Application Management (MAM) and Mobile Threat Management (MTM) crucial for safeguarding networks and data. Businesses should prepare by creating awareness, and understanding the differences between MDM, MAM and MTM. Most businesses will need to invest in a product like Lookout and Mobile Mentor is the ideal partner to deploy and manage this new capability. Embracing these changes responsibly will help businesses thrive in the evolving digital landscape under the DMA’s implementation.

CONTACT US TO LEARN MORE ABOUT LOOKOUT FOR WORK



Denis O'Shea

Denis O’Shea

Denis founded Mobile Mentor in 2004 with a clear purpose – to empower people to achieve more with their technology. The technology is always changing but Denis’ purpose is the same and today most of Denis’s energy is helping clients to navigate the balance between security and employee experience.

Denis is really passionate about solutions that make an impact in healthcare, education and government. Since 2017, Denis has lived in the US, working closely with Microsoft to make a difference at scale.