Judge says Apple may be ‘stretching the truth’ on Mac malware concerns

During the Apple v. Epic trial, Apple software leader Craig Federighi argued that tight control over the App Store was necessary for securing the iPhone. But Judge Yvonne Gonzalez Rogers didn’t buy it, writing in her ruling Friday that he may have been “stretching the truth for the sake of the argument.”

© Illustration by Alex Castro / The Verge

Federighi cast heavy doubts about whether Apple would be able to secure iPhones without its App Review system acting as a gateway, by saying that the macOS security was basically in a bad place. Judge Rodgers doesn’t think Federighi has the proof to back it up (you can read her quotes below in context on page 114):

While Mr. Federighi’s Mac malware opinions may appear plausible, they appear to have emerged for the first time at trial which suggests he is stretching the truth for the sake of the argument. During deposition, he testified that he did not have any data on the relative rates of malware on notarized Mac apps compared to iOS apps. At trial, he acknowledged that Apple only has malware data collection tools for Mac, not for iOS, which raises the question of how he knows the relative rates. Prior to this lawsuit, Apple has consistently represented Mac as secure and safe from malware. Thus, the Court affords Mr. Federighi’s testimony on this topic little weight.

Woof. Basically, Judge Rodgers says that Federighi was trying to make the Mac look bad so iOS could shine, without much evidence. After discussing notarization and App Review a bit more, she concludes that Apple could implement a system similar to the Mac’s without giving up much of the security iOS already enjoys:

Ultimately, the Court finds persuasive that app review can be relatively independent of app distribution. As Mr. Federighi confirmed at trial, once an app has been reviewed, Apple can send it back to the developer to be distributed directly or in another store. Thus, even though unrestricted app distribution likely decreases security, alternative models are readily achievable to attain the same ends even if not currently employed.

It’s worth keeping in mind that Judge Rogers didn’t end up forcing Apple to allow alternative…