Skip to main content

Apple reactivates Facebook’s employee apps after punishment for Research spying

After TechCrunch caught Facebook violating Apple’s employee-only app distribution policy to pay people for all their phone data, Apple invalidated the social network’s Enterprise Certificate as punishment. That deactivated not only this Facebook Research app VPN, but also all of Facebook’s internal iOS apps for workplace collaboration, beta testing and even getting the company lunch or bus schedule. That threw Facebook’s offices into chaos yesterday morning. Now after nearly two work days, Apple has ended Facebook’s time-out and restored its Enterprise Certification. That means employees can once again access all their office tools, pre-launch test versions of Facebook and Instagram… and the lunch menu.

A Facebook spokesperson issued this statement to TechCrunch: “We have had our Enterprise Certification, which enables our internal employee applications, restored. We are in the process of getting our internal apps up and running. To be clear, this didn’t have an impact on our consumer-facing services.”

Meanwhile, TechCrunch’s follow-up report found that Google was also violating the Enterprise Certificate program with its own “market research” VPN app called Screenwise Meter that paid people to snoop on their phone activity. After we informed Google and Apple yesterday, Google quickly apologized and took down the app. But apparently in service of consistency, this morning Apple invalidated Google’s Enterprise Certificate too, breaking its employee-only iOS apps.

Google’s internal apps are still broken. Unlike Facebook that has tons of employees on iOS, Google at least employs plenty of users of its own Android platform, so the disruption may have caused fewer problems in Mountain View than Menlo park. “We’re working with Apple to fix a temporary disruption to some of our corporate iOS apps, which we expect will be resolved soon,” said a Google spokesperson. A spokesperson for Apple said: “We are working together with Google to help them reinstate their enterprise certificates very quickly.”

TechCrunch’s investigation found that the Facebook Research app not only installed an Enterprise Certificate on users’ phones and a VPN that could collect their data, but also demanded root network access that allows Facebook to man-in-the-middle their traffic and even deencrypt secure transmissions. It paid users age 13 to 35 $10 to $20 per month to run the app so it could collect competitive intelligence on who to buy or copy. The Facebook Research app contained numerous code references to Onavo Protect, the app Apple banned and pushed Facebook to remove last August, yet Facebook kept on operating the Research data collection program.

When we first contacted Facebook, it claimed the Research app and its Enterprise Certificate distribution that sidestepped Apple’s oversight was in line with Apple’s policy. Seven hours later, Facebook announced it would shut down the Research app on iOS (though it’s still running on Android, which has fewer rules). Facebook also claimed that “there was nothing ‘secret’ about this,” challenging the characterization of our reporting. However, TechCrunch has since reviewed communications proving that the Facebook Research program threatened legal action if its users spoke publicly about the app. That sounds pretty “secret” to us.

Then we learned yesterday morning that Facebook hadn’t voluntarily pulled the app, as Apple had actually already invalidated Facebook’s Enterprise Certificate, thereby breaking the Research app and the social network’s employee tools. Apple provided this brutal statement, which it in turn applied to Google today:

We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.

Apple is being likened to a vigilante privacy regulator overseeing Facebook and Google by The Verge’s Casey Newton and The New York Times’ Kevin Roose, perhaps with too much power, given they’re all competitors. But in this case, both Facebook and Google blatantly violated Apple’s policies to collect the maximum amount of data about iOS users, including teenagers. That means Apple was fully within its right to shut down their market research apps. Breaking their employee apps too could be seen as just collateral damage since they all use the same Enterprise Certification, or as additional punishment for violating the rules. This only becomes a real problem if Apple steps beyond the boundaries of its policies. But now, all eyes are on how it enforces its rules, whether to benefit its users or beat up on its rivals.



from Apple – TechCrunch https://tcrn.ch/2DMjaoh
Labels:

Comments

Post a Comment

Popular posts from this blog

Thousands of cryptocurrency projects are already dead

Two sites that are actively cataloging failed crypto projects, Coinopsy and DeadCoins , have found that over a 1,000 projects have failed so far in 2018. The projects range from true abandonware to outright scams and include BRIG , a scam by two “brothers,” Jack and Jay Brig, and Titanium , a project that ended in an SEC investigation. Obviously any new set of institutions must create their own sets of rules and that is exactly what is happening in the blockchain world. But when faced with the potential for massive token fundraising, bigger problems arise. While everyone expects startups to fail, the sheer amount of cash flooding these projects is a big problem. When a startup has too much fuel too quickly the resulting conflagration ends up consuming both the company and the founders and there is little help for the investors. These conflagrations happen everywhere are a global phenomenon. Scam and dead ICOs raised $1 billion in 2017 with 297 questionable startups in the mix. The
Post a Comment
Read more

Dance launches its e-bike subscription service in Berlin

German startup Dance is launching its subscription service in its hometown Berlin. For a flat monthly fee of €79 (around $93 at today’s exchange rate), users will get a custom-designed electric bike as well as access to an on-demand repair and maintenance service. Founded by the former founders of SoundCloud and Jimdo , the company managed to raise some significant funding before launching its service. BlueYard led the startup’s seed round while HV Capital (formerly known as HV Holtzbrinck Ventures) led Dance’s €15 million Series A round, which represented $17.7 million at the time. E-bike subscription service Dance closes $17.7M Series A, led by HV Holtzbrinck Ventures The reason why Dance needed so much capital is that the company has designed its own e-bike internally. Called the Dance One, it features an aluminum frame and weighs around 22kg (48.5lb). It has a single speed and it relies on its electric motor to help you go from 0 to 25kmph. And the best part is that you
Post a Comment
Read more