App Developers Vs. Apple an Overview of the Proceedings in Europe
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Managing App Sideloading Threats on Ios Whitepaper
Whitepaper Enterprise Mobile Security Managing App Sideloading Threats on iOS Whitepaper I. Introduction II. The Path to App Sideloading Through rigorous app review Apple has lowered the risk Signing Certificates of downloading malware from its App Stores to near Apple offers two types of signing certificates for app zero. Companies, however, increasingly rely on an app- distribution outside of their App Stores and both types distribution mechanism called enterprise provisioning allow users to install and execute signed apps on that allows them to distribute apps to employees without non-jailbroken devices: Apple’s review as long as the apps are signed with an Apple-issued enterprise signing certificate. 1) A developer certificate, intended to sign and deploy test apps to a limited number of devices. Unfortunately, attackers have managed to hijack this app-distribution mechanism to sideload apps on 2) An enterprise certificate, intended to sign non-jailbroken devices, as demonstrated in the recent and widely deploy apps to devices within an Wirelurker attack. Organizations today face a real organization. security threat that attackers will continue to abuse To obtain these certificates you must enroll in one of enterprise provisioning and use it to sideload malware, Apple’s two iOS developer programs. Table 1 on the especially since: following page summarizes the enrollment requirements 1) The widespread prevalence of legitimate, for each program and their app provisioning restrictictions. enterprise-provisioned iOS apps in the workplace Both types of signing certificates expire after a year, has conditioned employees to seeing (and ignoring) whereupon developers can apply for new ones. Apple can the security warnings triggered on devices also revoke certificates if it learns of abuse and an app when installing these apps. -
Digital Markets Act – Part I Obligations for Online Platforms Content Key Issues
EU-Regulation DIGITAL MARKETS ACT – PART I OBLIGATIONS FOR ONLINE PLATFORMS cepPolicyBrief No. 14/2021 KEY ISSUES Background: Digital platforms bring benefits for users and create business opportunities. However, as a result of their position between business users and end users, a few large platforms (“gatekeepers”) enjoy significant market power which allows them to capitalise on economic dependence and to limit opportunities for competitors to enter the market. Objective of the Regulation: The Digital Market Act (DMA) is to ensure that competitors can enter digital markets and that relationships between gatekeepers and their users are fair. To this end, the DMA contains obligations for providers of platform services [this cepPolicyBrief] as well as enforcement and governance rules [cepPolicyBrief to follow]. Affected parties: Gatekeepers and their end users and business users. Pro: (1) The obligations capture problematic conduct that is often investigated under competition law. (2) Since competition law proceedings often take a long time, it is beneficial that the DMA generally compels gatekeepers to comply with the obligations. Contra: The lack of precision regarding the circumstances under which the Commission may declare an un- dertaking to be a gatekeeper despite not meeting the quantitative thresholds is problematic in view of the principle of legal certainty. The most important passages in the text are indicated by a line in the margin. CONTENT Title Proposal COM(2020) 842 of 15 December 2020 for a Regulation on contestable and fair markets in the digital sector Brief Summary ► Background and objectives – The Digital Markets Act (DMA) is to ensure contestable and fair digital markets by imposing strict conduct obli- gations on certain providers of “core platform services” (CPS) defined as “gatekeepers”. -
The CMA's Digital Markets Strategy
The CMA’s Digital Markets Strategy February 2021 refresh © Crown copyright 2021 You may reuse this information (not including logos) free of charge in any format or medium, under the terms of the Open Government Licence. To view this licence, visit www.nationalarchives.gov.uk/doc/open-government- licence/ or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: [email protected]. Contents Page 1. Introduction ........................................................................................................... 4 2. Our strategic aims ................................................................................................. 7 3. Priority areas of focus ......................................................................................... 10 Priority 1: Establishing the pro-competition regulatory framework and function .. 10 Designing and establishing the function ........................................................ 10 Legislation and guidance ............................................................................... 10 Preparing for the SMS regime ....................................................................... 11 Priority 2: Using our existing tools ....................................................................... 11 Priority 3: The work of the Data Technology and Analytics (DaTA) unit .............. 12 Priority 4: Digital Regulation Cooperation Forum ................................................ 12 Priority 5: International cooperation ................................................................... -
[email protected]
23 Marcus Clarke Street Canberra ACT 2601 GPO Box 3131 Canberra ACT 2601 www.accc.gov.au 23 May 2021 Committee Secretary Parliamentary Joint Committee on Corporations and Financial Services PO Box 6100 Parliament House Canberra ACT 2600 By Email: [email protected] Dear Secretary ACCC submission to the Inquiry into mobile payment and digital financial services The Australian Competition and Consumer Commission (ACCC) welcomes the opportunity to provide a submission to the Parliamentary Joint Committee on Corporations and Financial Services’ Inquiry into mobile payment and digital wallet financial services. The Australian Competition and Consumer Commission (ACCC) is an independent Commonwealth statutory agency that promotes competition, fair trading and product safety for the benefit of consumers, businesses and the Australian community. The primary responsibilities of the ACCC are to enforce compliance with the competition, consumer protection, fair trading and product safety provisions of the Competition and Consumer Act 2010 (CCA), regulate national infrastructure and undertake market studies. The ACCC recognises the value and convenience that mobile payment and digital wallet financial services offer to consumers, and is interested to ensure that there is effective competition in the supply of these services to maximise the benefits for consumers. This submission provides an overview of the ACCC’s previous consideration of related issues and, in particular: - the ACCC’s 2016 decision regarding Bendigo and Adelaide Bank, Commonwealth Bank, NAB and Westpac’s application for authorisation - the ACCC’s recent report under the Digital Platform Services Inquiry (published April 2021) which examined the competition and consumer issues associated with app marketplaces (e.g. -
Compromised Connections
COMPROMISED CONNECTIONS OVERCOMING PRIVACY CHALLENGES OF THE MOBILE INTERNET The Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and many other international and regional treaties recognize privacy as a fundamental human right. Privacy A WORLD OF INFORMATION underpins key values such as freedom of expression, freedom of association, and freedom of speech, IN YOUR MOBILE PHONE and it is one of the most important, nuanced and complex fundamental rights of contemporary age. For those of us who care deeply about privacy, safety and security, not only for ourselves but also for our development partners and their missions, we need to think of mobile phones as primary computers As mobile phones have transformed from clunky handheld calling devices to nifty touch-screen rather than just calling devices. We need to keep in mind that, as the storage, functionality, and smartphones loaded with apps and supported by cloud access, the networks these phones rely on capability of mobiles increase, so do the risks to users. have become ubiquitous, ferrying vast amounts of data across invisible spectrums and reaching the Can we address these hidden costs to our digital connections? Fortunately, yes! We recommend: most remote corners of the world. • Adopting device, data, network and application safety measures From a technical point-of-view, today’s phones are actually more like compact mobile computers. They are packed with digital intelligence and capable of processing many of the tasks previously confined -
Developer Bootstrap: Good Control Essentials
Developer Bootstrap: Good Control Essentials Last updated: Wednesday, December 21, 2016 ©2016 BlackBerry Limited. Trademarks, including but not limited to BLACKBERRY, BBM, BES, EMBLEM Design, ATHOC, MOVIRTU and SECUSMART are the trademarks or registered trademarks of BlackBerry Limited, its subsidiaries and/or affiliates, used under license, and the exclusive rights to such trademarks are expressly reserved. All other trademarks are the property of their respective owners. All other trademarks are the property of their respective owners. This documentation is provided "as is" and without condition, endorsement, guarantee, representation or warranty, or liability of any kind by BlackBerry Limited and its affiliated companies, all of which are expressly disclaimed to the maximum extent permitted by applicable law in your jurisdiction. 2 Developer Bootsrap: Good Control Contents Revision history 5 Introduction 6 Background and assumptions 6 Activating Your First GD Application 6 To set up your first GD application and prepare for activation 6 To set up the user's device 7 Add Users 7 Adding A Single User Account via Active Directory 7 Import Users by AD Group 8 Adding Multiple User Accounts via Active Directory 8 Adding User Accounts 9 Importing Multiple User Accounts from CSV File 10 CSV Record Layout and Limits 10 Import Process 11 Possible Error Messages 11 Adding applications 13 Adding a custom application 13 Adding BlackBerry Dynamics app IDand version only 13 Specifying app servers 14 Adding new BlackBerry Dynamics entitlement versions (BlackBerry Dynamics app versions) 14 Entitling end-users to applications or denying them 15 Sequence of app version entitling and denying: entitle, then deny 15 Activating an Application for a User 15 Action by the User 16 3 BlackBerry Dynamics documentation 17 4 Revision history Revision history Date Description 2016-12-19 Version numbers updated for latest release; no content changes. -
Digital Markets Act Impact Assessment Support Study Executive Summary and Synthesis Report
Digital Markets Act Impact Assessment support study Executive Summary and Synthesis Report Internal identification Contract number: VIGIE 2020/630 Written by December 2020 Authors: Joe Sunderland (ICF), Facundo Herrera (ICF), Sofia Esteves (ICF), Ilsa Godlovitch (WIK- Consult), Lukas Wiewiorra (WIK-Consult), Peter Kroon (WIK-Consult), Serpil Tas (WIK-Consult), Alexandre de Streel (University of Namur), Janne Kalliala (Cullen International), Javier Huerta Bravo (Cullen International), Winston Maxwell (Telecom Paristech), Andrea Renda (CEPS) VIGIE number: 2020/630 EUROPEAN COMMISSION Directorate-General for Communications Networks, Content and Technology Directorate F - Digital Single Market Unit F2 – E-commerce and platforms Contact: [email protected] European Commission B-1049 Brussels EUROPEAN COMMISSION Digital Markets Act - Impact Assessment support study Executive Summary and Synthesis Report Directorate-General for Communications Networks, Content and Technology December , 2020 EN EUROPE DIRECT is a service to help you find answers to your questions about the European Union Freephone number (*): 00 800 6 7 8 9 10 11 (*) The information given is free, as are most calls (though some operators, phone boxes or hotels may charge you) LEGAL NOTICE This document has been prepared for the European Commission however it reflects the views only of the authors, and the European Commission is not liable for any consequence stemming from the reuse of this publication. The Commission does not guarantee the accuracy of the data included in this study. More information on the European Union is available on the Internet (http://www.europa.eu). PDF ISBN: 978-92-76-27450-6 Doi: 10.2759/791349 Catalogue number: KK-06-20-190-EN-N Manuscript completed in 12/2020 The European Commission is not liable for any consequence stemming from the reuse of this publication. -
Defendant Apple Inc.'S Proposed Findings of Fact and Conclusions Of
Case 4:20-cv-05640-YGR Document 410 Filed 04/08/21 Page 1 of 325 1 THEODORE J. BOUTROUS JR., SBN 132099 MARK A. PERRY, SBN 212532 [email protected] [email protected] 2 RICHARD J. DOREN, SBN 124666 CYNTHIA E. RICHMAN (D.C. Bar No. [email protected] 492089; pro hac vice) 3 DANIEL G. SWANSON, SBN 116556 [email protected] [email protected] GIBSON, DUNN & CRUTCHER LLP 4 JAY P. SRINIVASAN, SBN 181471 1050 Connecticut Avenue, N.W. [email protected] Washington, DC 20036 5 GIBSON, DUNN & CRUTCHER LLP Telephone: 202.955.8500 333 South Grand Avenue Facsimile: 202.467.0539 6 Los Angeles, CA 90071 Telephone: 213.229.7000 ETHAN DETTMER, SBN 196046 7 Facsimile: 213.229.7520 [email protected] ELI M. LAZARUS, SBN 284082 8 VERONICA S. MOYÉ (Texas Bar No. [email protected] 24000092; pro hac vice) GIBSON, DUNN & CRUTCHER LLP 9 [email protected] 555 Mission Street GIBSON, DUNN & CRUTCHER LLP San Francisco, CA 94105 10 2100 McKinney Avenue, Suite 1100 Telephone: 415.393.8200 Dallas, TX 75201 Facsimile: 415.393.8306 11 Telephone: 214.698.3100 Facsimile: 214.571.2900 Attorneys for Defendant APPLE INC. 12 13 14 15 UNITED STATES DISTRICT COURT 16 FOR THE NORTHERN DISTRICT OF CALIFORNIA 17 OAKLAND DIVISION 18 19 EPIC GAMES, INC., Case No. 4:20-cv-05640-YGR 20 Plaintiff, Counter- DEFENDANT APPLE INC.’S PROPOSED defendant FINDINGS OF FACT AND CONCLUSIONS 21 OF LAW v. 22 APPLE INC., The Honorable Yvonne Gonzalez Rogers 23 Defendant, 24 Counterclaimant. Trial: May 3, 2021 25 26 27 28 Gibson, Dunn & Crutcher LLP DEFENDANT APPLE INC.’S PROPOSED FINDINGS OF FACT AND CONCLUSIONS OF LAW, 4:20-cv-05640- YGR Case 4:20-cv-05640-YGR Document 410 Filed 04/08/21 Page 2 of 325 1 Apple Inc. -
Executive Summary
1 Executive summary Welcome to the third edition of the Mobile Security and Risk Review. This bi-annual review provides IT security leaders with timely information about the mobile threat landscape and the emerging risks facing their organizations. This edition includes: Regional data Industry-specific Statistics from Australia, Belgium, France, data for financial services, on the adoption of Apple’s Device Germany, Japan, the Netherlands, government, and healthcare Enrollment Program (DEP) and Spain, the United Kingdom, and the Volume Purchase Program (VPP) United States The most popular The top blacklisted enterprise apps mobile apps Several areas saw little change or improvement over the last six months: only Less than 29% 55% 5% of companies had outdated consistently enforced deployed mobile anti-malware policies security policies To help IT organizations make risk mitigation part of their mobile security routine, we developed the Security Hygiene Priority Checklist. 2 The mobile threat landscape New Threats and Trends Almost immediately after we published the second edition of this report, high profile vulnerabilities and new malware families began appearing. The Godless malware, identified in late June 2016, managed to infect an estimated 850,000 devices.1 Initially discovered in February 2016, Hummingbad was more widely analyzed in July, and it appears it was created by Yingmob, the group behind the YiSpectre iOS malware that made headlines last year. Hummingbad succeeded in infecting nearly 85,000,000 devices.2 The apparent goal of both malware families was to drive fraudulent ad revenue. However, what is more more notable — and sinister — is that they contained exploits that attempt to “root” devices over the air without the user’s knowledge, thus giving attackers full control of an infected device. -
Critical Infrastructure Cybersecurity for Mobility
MOBILE CYBERSECURITY IN THE DIGITAL ECONOMY Modern organizations have recognized the need to embrace mobile devices and the benefits they can provide in the workplace. However, when it comes to Cybersecurity for mobile devices, most IT and security professionals have overlooked this important aspect of their environment. The thinking is that the biggest security challenges were on PCs, where employees did the majority of their work. As cloud-based services proliferate and more mobile applications are increasingly available for businesses, the vast majority of employees now rely on mobile devices for productivity, forcing IT departments to rethink device security priorities to include mobile. Mobile devices are increasingly becoming the primary method to access corporate data and resources so security professionals need to develop strategies for securing their mobile environment The mobile, demanding, and productive workforce is literally dragging companies into this new world. The way we work, live and connect is different, and over the next few years we will see a complete transformation in the way security is used to protect people and businesses where mobility and cloud access to data are requirements. We think the world is mobile today, but in fact, we’re just scratching the surface. Gartner estimates that there will be 5.3B smartphones and tablets in 2019. To give that number context: the world population to be 7.5B people by that time. Nearly every person on earth will have a smartphone or tablet by then. In Mary Meeker’s latest “State of the Internet” report, it found that time spent on mobile surpassed desktops in 2014. -
DMA) Proposal Is Due to Comprise Two Parts
Digital Markets Act What is it? The forthcoming Digital Markets Act (DMA) proposal is due to comprise two parts. First, it would establish a clear list of dos and don’ts for so-called digital gatekeepers i.e. powerful online platforms that dominate their sector (e.g. online search or e-commerce). Currently, tech giants can use their huge network of users, and the massive collections of data that brings, to make it very hard for other businesses to compete, even if they develop a much better service. This initiative should prevent certain harmful practices occurring in the first place and allow authorities to act much faster and more effectively to tackle behaviour that stops markets working well. For example, the proposal is expected to ban digital gatekeepers from: - ‘self-preferencing’ where this would enable them to unfairly promote their own services e.g. by ranking rivals lower in search results or by otherwise giving their own products greater prominence. Such unfair ranking can make or break businesses in dozens of markets that depend on a platform. - misuse of their business users’ data, for example on pricing and popularity of products, to unfairly compete against those very same businesses. - locking users in to their platform, including via pre-installation of their own apps – gatekeepers would instead have to make it easier for users to switch platform, or to use more than one service. That would keep the market open for competition, by making it easier for innovative rivals to compete. A second part of the DMA would set up a harmonised set of rules to allow authorities to investigate digital gatekeeper markets and, if necessary, to take action to make it possible for businesses to enter and compete in these markets to the benefit of consumers and other customers. -
Evaluating Mobile App Vetting Integration with Enterprise Mobility Management in the Enterprise
Evaluating Mobile App Vetting Integration with Enterprise Mobility Management in the Enterprise June 26, 2019 ii Executive Summary Federal agencies increasingly use mobile devices and mobile applications (apps) to meet their mission and business needs and improve productivity and efficiency. The ubiquity of mobile apps and the increased reliance on their use has a counter side, however. Mobile apps pose substantial risk to federal enterprises because of their potential for exploitable vulnerabilities, malicious code, or privacy-violating behaviors and should be deployed with care. Even apps from the Google Play or Apple App Stores are not free of these risks. Mobile app vetting solutions can automate security analysis of mobile apps to help enterprises determine whether apps are safe to deploy on mobile devices. This generally takes time to review and act upon the findings from these solutions. Enterprise mobility management (EMM) provides the centralized capability to manage an enterprise’s mobile devices, including provisioning security policies to the devices. Many EMM and mobile app vetting solutions advertise integration capabilities—the mobile app vetting solution can share an inventory of installed apps with the EMM, and the EMM can take action based on app vetting findings. The Mobile Security Research and Development (R&D) program within the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) promotes such adoption of safe and secure mobile technology within DHS and across the federal government, and encourages development and adoption of integrated cybersecurity solutions to improve mobile security for the federal government. To help promote this adoption and explore other solutions, the team solicited the Homeland Security Systems Engineering and Development Institute (HSSEDI) to perform an independent evaluation of the integration capabilities of mobile app vetting and EMM solutions.