Ivan Krstic, who leads security engineering at Apple, spoke about the EU Digital Markets Act in an interview with The Independent, highlighting concerns over a requirement that would let users install apps on iPhone and iPad from sources beyond the App Store. The discussion drew attention across tech circles and was noted by industry press such as 9to5Mac.
During the conversation, Krstic outlined Apple’s approach to security, describing a two-tier strategy that anchors safety in both hardware and software layers. He pointed to the company’s security laboratory based in Paris, where engineers simulate a wide range of attack techniques to understand how devices can be penetrated and, crucially, how those breaches can be prevented. This venue, he indicated, serves as a key hub for testing defenses against evolving threats and for validating the integrity of Apple’s protective measures.
Krstic asserted that Apple places a high priority on safeguarding its devices and the data they hold. He explained that security design starts with hardware—the physical components and their resilience—before moving to software, where the majority of risk management occurs. In this layered model, the App Store represents a comprehensive security moat because it imposes strict vetting and ongoing scrutiny of every application before it reaches users. This, he suggested, is where Apple’s strongest line of defense resides, ensuring that software installed on iPhones and iPads meets rigorous standards.
The conversation touched on the regulatory landscape, with Krstic arguing that permitting third-party app sources could undermine the protections that Apple’s ecosystem currently enforces. He warned that while open installation avenues may seem convenient, they could complicate the security workflows that keep devices secure for millions of users. The central concern, he noted, is that broader app markets could dilute the controls designed to prevent malware, data leakage, and other adversarial activity from compromising devices or user information.
Beyond regulatory and security topics, Krstic touched on Apple’s ongoing engineering challenges, including the company’s efforts to advance its own 5G modem development. He described the journey as a demanding one, marked by rigorous testing, integration challenges, and the need to balance performance with security and reliability. The broader takeaway from his remarks is that Apple remains committed to strengthening every layer of its platform—from the silicon up through the software layer and the services that tie everything together—while navigating a regulatory environment that could alter how users access and install software on Apple devices. This stance emphasizes the importance of maintaining trusted, secure foundations even as the company adapts to changing policy landscapes and advancing technology.