Apple recently blocked the enterprise apps of Google and Facebook on its iOS platform. The move took the tech industry by surprise and many wondered whether this was the start of a “tech war” in Silicon Valley. However, the ban was the result of both companies breaking privacy rules and not because of any bad blood between Apple and the other tech giants.
Since 2016, Facebook had been paying iOS users aged between 13 and 35 years up to US$20 per month to keep their “Facebook Research” app installed and active on their phones. The app accessed nearly every activity done by the user on their phones, giving Facebook information like the user’s web search history, private messages, and location data. Google did a similar thing through its “Screenwise Meter” app.
Both apps were distributed using an enterprise certificate provided by Apple. However, apps developed using the certificate could only be used by employees of the company. Neither Facebook nor Google had any right to distribute the apps to the public. By doing so, they had violated the agreement of the enterprise certificate. When Apple came to know about the activity, they decided to take strict action against both the companies.
“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data,” Apple said in a statement (Tech Crunch).
As a consequence, Google and Facebook employees were unable to use the enterprise apps. Employees could neither test any new apps nor access apps that were designed for things like displaying bus schedules, lunch menus, and so on. Facebook defended itself by stating that the company had asked permission to access private information before a user installed the app.
But since the company has a history of loosely defining what “permission” actually is, many believe that most users really had no idea that Facebook was literally snooping in on their mobile activity. “I don’t think they make it very clear to users precisely what level of access they were granted when they gave permission… There is simply no way the users understood this,” Will Strafach, a mobile app security researcher, said to Money Control.
To run an app on an iPhone, it has to be signed with a cryptographic stamp of approval. This is known as a digital certificate, which lets iOS confirm that a specific app has been created by a trusted source. Consumer apps need to be vetted by Apple’s staff before they can be made available through the app store. For businesses, Apple has created the “Developer Enterprise Program.”
Firms have to pay US$299 per year and adhere to strict regulations to get an enterprise certificate through the program. Only when they receive the certificate can the businesses distribute apps for use by their employees. So what would happen if the certificate was not installed? “These apps would show up as completely untrusted… You wouldn’t be able to install or run them. Period,” Navin Kumar, lead engineer at Insight Engines, said to CNET.
Following the ban, Apple was touted as the “protector” of Internet data privacy by several people in social media. However, the ban did not last long and Apple restored the enterprise certificates of both firms shortly after.