Table of Contents

Related Blogs

September 12, 2024

Client-Side vs. Server-Side Security: What’s the Difference?

Learn how to choose the right security approach for your web applications. Explore client-side and server-side security measures to enhance your defenses.

Learn More
September 9, 2024

Grass Valley Triumphs Over Application Piracy with Digital.ai Application Security

Grass Valley combats piracy with Digital.ai Application Security, boosting revenue, innovation, and customer trust in the media industry.

Learn More
September 4, 2024

How to Obfuscate Dart Code in Flutter Applications

Safeguard Flutter applications by mastering Dart code obfuscation. Our guide covers everything from setup to best practices for maximum security.

Learn More

In a previous blog post, Dan Shugrue discussed how the Digital Markets Act (DMA) has affected Apple’s previously closed ecosystem by increasing choice and freedom for consumers but potentially increasing the likelihood of security threats such as code lifting and malware.

The DMA includes requirements for interoperability, forcing operating systems managed by companies designated as “gatekeepers” to provide equal access to APIs and ancillary services, like hardware or software features.

To comply with the DMA’s provisions, Apple has created and released over 600 new APIs that are available to developers, including interfaces relating to their NFC technology.

Prior to the DMA, the mobile payment and broader mobile NFC ecosystem were divided, with Apple controlling NFC operations on iOS and other entities operating on Android. This included mobile wallets, soft POS, ID providers, NFC tag readers, etc.

Less than a month after the DMA’s implementation, there was a scramble in the market to migrate NFC applications to iOS and capture market share as soon as possible, leading to several potential security challenges, including:

  • Impersonation Threats: If your company does not port its app to iOS, threat actors “may do it for you,” attempting to phish your customers to trick them into sideloading a fraudulent app.
  • Compliance and Regulations: In the payment industry, NFC cards and POS systems still require certification to industry standards such as PCI-DSS and EMV) which have quite stringent security criteria, necessitating a strong hardening of your application.
  • Code-Lifting Threats: Being the first to market may lead your competitors to steal unique features of your application and rebrand them. Additionally, threat actors who have access to the application source code may try to embed malware in your app and offer that same sideloading option.

All the threats currently impacting Android applications are expected to eventually affect iOS apps as well, which previously benefited from the increased security of Apple’s “walled garden” ecosystem.

Digital.ai can help organizations combat threat actors by protecting their applications against reverse engineering, tampering, and code lifting, and by providing companies with early alerts to attacks through our App Aware service.

 

Stay ahead of app security threats in 2024—explore our Application Security Threat Report for insights on rising attack trends and effective protection strategies.

demo placeholder jungle

Author

Ricardo Giorgi

Take Our Security And Testing Assessment

Explore

What's New In The World of stg-digitalai-staging.kinsta.cloud

September 12, 2024

Client-Side vs. Server-Side Security: What’s the Difference?

Learn how to choose the right security approach for your web applications. Explore client-side and server-side security measures to enhance your defenses.

Learn More
September 9, 2024

Grass Valley Triumphs Over Application Piracy with Digital.ai Application Security

Grass Valley combats piracy with Digital.ai Application Security, boosting revenue, innovation, and customer trust in the media industry.

Learn More
September 4, 2024

How to Obfuscate Dart Code in Flutter Applications

Safeguard Flutter applications by mastering Dart code obfuscation. Our guide covers everything from setup to best practices for maximum security.

Learn More