Apple turn to Flash for security

Late on Friday night, Norwegian blogger Ally Tenor posted a number of screen grabs from Firebug that appeared to show Apple’s Norway store running scripts through an eu-ampd.swf file — a format output by Adobe’s Flash Professional software.

Over the weekend several other commentators reported the same thing and by Monday morning a reported 74.8% of browser requests to the Apple online store across Europe and Asia were requesting data from the same front-end SWF file.

Initially feared to be some form of trojan attack, the SWF file appears to be authentic, as it requests permission from a crossdomain.xml file hosted on apple.com before responding to data requests.

Apple’s opposition to the Flash plugin and their refusal to make it installable on iOS is widely regarded as the catalyst for the technology’s rapid fall from grace. However, it isn’t the first time Apple have made a major u-turn; Steve Jobs famously stated that the iPhone would never have a screen larger than 3.5″ (the iPhone 5 has a 4″ screen).

The relationship between the two corporations has been considerably warmer recently, and rumors of back-room deals have been rife over the past few weeks, since it was leaked in a SEC filing that Adobe’s CTO Kevin Lynch was leaving the company to become Apple’s Vice President for Technology.

Lynch, a key member of first Macromedia and later Adobe, was instrumental in the Flash platform’s development and eventual dominance of the rich media market. He is on record as having warned Apple that their failure to embrace Flash would cost them customers.

Championing Flash appears to have made Lynch appealing to an Apple board that is watching its market share slip away; the dominance of Android in Europe, the release of Windows Mobile and the rebranding of RIM as Blackberry are all eating into Apple’s device sales.

On top of stiff competition Apple, along with all other technology companies, are facing strict regulations in Europe on the security of the data they hold on users. Current cookie laws are being expanded and EU regulators seem determined to enforce strict codes of conduct. It is significant that at around the same time as the eu-ampd.swf file first appeared, the number of browser cookies set by Apple’s sites dropped by nearly a third.

So it appears that Apple are making a switch from browser-based cookie data, to Flash-based Local Shared Object data on all of their sites; and speculation is now mounting that a full Flash redesign of all of Apple’s online services is about to be rolled out across Europe and Asia, with the rest of the world following shortly afterwards.

Poor cross-browser support for many of HTML5’s most promising features, HTML5 performance issues on devices and draconian data storage laws in the EU all appear to have delivered to Flash, an entirely unlikely champion.

Update: Thanks for all your great feedback! This article is of course an April Fools joke. The eagle-eyed amongst you will notice the name of the SWF file is an anagram of “made-up.swf”, the fictional blogger’s name is an anagram of “Not Really” and any Norwegian readers will know that the tweet he ‘posted’ translates as “This is a completely made up story. There is no truth in it whatsoever!”.

Are Apple right to rely on SWF files for data security? Will Apple redesign their sites in Flash? Let us know your thoughts in the comments.

Featured image/thumbnail, flash image via Shutterstock.

Ben Moss

Ben Moss has designed and coded work for award-winning startups, and global names including IBM, UBS, and the FBI. When he’s not in front of a screen he’s probably out trail-running.