This seems entirely legitimate. Facebook were using Apple's support for enterprise distribution based on having a corporate certificate on your device, designed to allow distributing internal apps that don't make sense on the App Store proper, to distribute an app to their users - presumably because they knew it wouldn't make it through the approval process for doing distribution using TestFlight, which is what is meant to be used for this sort of app release.
I give it a week until Facebook starts using some sort of exploit to get Onavo onto iPhones. Probably guessing it will be a Safari exploit based on past history. That's when the real fireworks will begin.
Business Insider has a leaked memo and internal discussions and even many Facebook employees agree this was stupid and shooting themselves in their foot. I quote “When will we learn?”
It's really not how Apple would treat any other company. Any other company would get banned from the app store permanently.
I do agree that this is measured. The question is how long, if ever, before Apple grants them a new cert. If Apple lets them back into the Enterprise Developer Program, this is a few days of inconvenience. If they keep them out, this effectively kills their apps on the iOS app store because FB can't effectively work on the apps internally.
I imagine this is how apple would treat any company with a widely used app. Whether it was Snapchat, dropbox or Candy Crush Saga. I doubt they'll consider such a misstep reason enough to inconvenience or even harm millions of their users.
It does not preclude test flight or just installing it through a developer machine. The vast majority of app developers don't use an enterprise account to test beta releases.
Facebook's development process for iOS (and android) is dependent on having most/all employees dogfood beta releases and report bugs that can be ignored. This breaks that pretty badly, and now users in the wild will have to report bugs before they can be ignored.
I hope they'll drag it on indefinitely, and maybe the two will have a giant war of sorts. This is one of those cases where I don't like either side, so I'm happy to see them having a destructive fight.
How so? A world without Google would have shitty search initially but would exist perfectly fine. iOS/Windows, Safari/Firefox, Apple Maps, iCloud Mail/Outlook, Vimeo already exist and soon a decent search engine would surface.
There's an interesting article on Gizmodo (so please take it with a grain of salt) about trying to cut Google out of your life - long story short, it's surprisingly hard and some things you wouldn't expect will break.
YMMV. I mostly moved off Google for my own usage last year and deleted my paid Google Apps account (let’s ignore work usage as that’s out of my hands). Remaining services I use are YouTube (no competitor), books.google.com (occasionally, when Hathi is proving too slow) and groups.google.com (the project I mostly contribute to organises there). Of those three I could dump books.google.com without too much effort and I only interface with groups.google.com via email; moving to another provider would be totally possible if needed.
True enough. I found the things mentioned in the article interesting because you also lose things like Google Web Fonts and a number of services which depend on the Google Maps APIs for mapping.
Unfortunately, I won't be able to completely disconnect because I've got a number of friends who share photos through Google Photos (and I would like to keep access to those), a number of friends who only use Hangouts (not sure if that's better or worse than FB Messenger), and YouTube doesn't have any real competitors.
I'm guessing Tim Cook is not ready to give that up in the name of "fighting for privacy." Otherwise he'd have already made DuckDuckGo the default search engine.
There's no doubt in my mind Steve Jobs would've kicked Google out, but Tim Cook is much more of a bean counter to make such a move.
However penalizing/threatening a customer of Google Cloud for something totaly unrelated would open the road to an antitrust case as huge as Google leverage on current IT sector.
PS: On the otherside migrating all services out of Google Cloud would be a technical challenge (their needs are huge) but at the end of the day a minor annoyance for Apple.
It seems Apple have been trying to occupy the moral high ground on privacy for quite a long time now. It's relatively easy for them to differentiate themselves from the other big tech companies, because Apple's products cost so much that, for once, you are not the product.
Unless FB and Big G start charging for their services, I don't see how they can change their behaviour.
Even if Facebook starts to charge for their service I wouldn't touch any of their properties with a ten foot pole.
I assume that they gladly take my cash to then nevertheless sell me out to the highest bidder.
They knowingly stole money from kids (via their parents credit cards) and did so knowingly and for years. They did just about everything possible to keep the stolen loot, including trying to automate their disputes on charge backs. [1]
This carcinogenic pustule of a company is unredeemable and is unable to learn anything. Money and growth is the only goal to be achieved. Fuck all consequences!
Why would I ever trust such a company with money and believe they're not lying to my face.
I wonder if the $20 payment was so that Facebook could plausibly claim they _were_ distributing internal apps to employees?
I'm sure "employees" is defined loosely enough in the agreement to include "contractors", and the bar there is pretty low, getting paid pretty much makes you a contractor.
For someone who isn't as familiar with the mobile development can you say how do beta testing services like Applause, BetaBound and uTest differ from TestFlight? Is it just that latter are verified to be compliant with the App Store's TOS?
Yes. Other testing services which rely on enterprise distribution are technically against the rules, although Apple usually turns a blind eye to them unless they're doing something actively malicious.
Yes, it does. For testing, in smaller business, this is fine however as you can register up to 100 devices. Enterprise certificates were much easier to use in big enterprise thought even if they weren't really "meant" for that purpose.
The problem on the Android side goes deeper, as the "Onavo Protect" app is still alive and kicking in the Google Play store [1]. The Facebook Research app here is a shallow repackaging of the iOS version of Onavo Protect, which was banned from Apple's App Store at least.
It doesn't appear Google is interested in doing anything here. They would likely have to do something about the thousands of other trojan horse VPN apps, too. It's just that those are not as transparently owned by a privacy-invading internet giant (and those apps probably sell your private information directly to the highest bidder even more eagerly).
Yea, how many other companies abuse the Enterprise program like this? Should we really trust Apple to enforce their TOS when they struggle to keep up with the usage of their own platform? If there’s informed consent, Apple isn’t really protecting users.
They have no visibility into what companies are doing with enterprise certificates. The whole point of which was to allow internal apps to be built that Apple should have no knowledge of.
They did the best they could which is to revoke the certificate once they learnt of egregious behaviour.
Looks like Google even sends people routers to intercept ALL their traffic, and has special devices to constantly listen to their TV to analyze what people are watching. Yuck.
My first reaction was: "Wow, FB finally went over the line and is actually an evil spyware distributor."
Then I started thinking about what this app really is. At $20/month per user, it's clearly impossible to recoup that money on a per-user basis via better ad targeting. This app is a market research app with a very small opt-in panel, just like having a Nielsen box on your TV.
I've never felt like Nielsen's data collection is evil, so it makes me wonder if my reaction is rational.
There's a huge difference between what Nielsen does and what Facebook did.
1) Nielsen doesn't explicitly target children.
2) The data that Nielsen collects is far less intrusive than what FB collects.
3) The consumer is much more likely to be informed about the data Nielsen collects, where as with FB, it's unlikely that a user (especially a minor) understands the extent of what FB was collecting.
And yes, Facebook was requiring "parental consent" to collect this data, but as we all know that is very hard to verify and children have been ticking the "I'm 13 or older" box for years without their parents knowing.
What Facebook did clearly crossed a line. End of story.
I've been sent those packets offering to become a Nielsen family, and looked through the included description of how it works.
1) Nielsen does explicitly target children, insofar as Nielsen families are supposed to give them data on the usage habits of every member of the family, including the kids. That said, the decision of whether or not to become a Nielsen family remains firmly in the hands of the heads of the family. Perhaps regardless of the consent of its younger members.
2) They do also now track participating families' Internet usage at large, like Facebook's app was doing. I don't know whether it relied on a VPN or some other technology.
3) I think that most people could understand the TV consumption tracking that used to be Nielsen's bread and butter. But, at least based on the recruitment materials that were sent to me, I didn't have a clear understanding of the extent or nature of Internet usage data collection. I assume the story would be similar for most other users, especially minors.
Based on that, I think that a lot of these comparisons are comparing what Facebook is doing now to what Nielsen was doing 20 or 30 years ago. Which is fair comparison to explore, but let's be careful not to absolve the Nielsen of today from any scrutiny in the process.
They're really pushy about it too. They selected my house and sent a gift basket and some guy came to the house three times emphasizing the "prestige" of being a Nielsen house because you're supposedly helping to define what shows get made. I can't imagine what kind of person would be swayed by that argument.
My uncle used to tell a story about taking a studio tour in the 1960s where part of the tour was being a test audience for Lost in Space (he was a kid at the time). The whole family had a pad with a dial and you could turn it one way to display approval and the other to give a thumbs down.
He hated the show and tried to indicate as much throughout the showing. But when the lights came back on he realized that he'd had the pad backwards the whole time.
He never forgave himself for that one time he "got Lost in Space green-lit".
I could see it being compelling decades ago. Nowadays, though, I'm guessing fans of niche programming are increasingly cord cutters who don't need Nielsen to ensure their TV consumption is being tracked.
Totally non-scientific evidence: The only acquaintances I can think of who still have cable TV subscriptions do so because their TV consumption is dominated by sports.
Good information, and based on that, I agree, Nielsen is doing similarly bad things, one distinction being that a child is unlikely to sign up for these services without their parents' knowledge.
I'm not here to defend Neilsen at all, but I do think Facebook has a bit more responsibility to make the right decisions here given their ubiquity, reach, AND the invasiveness of how a root certificate allows them access to encrypted traffic and even text messages (really?).
I'm not sure what you mean by this because Nielsen absolutely targets children. The parents are explicitly consenting to having the box in the home but the box is constantly monitoring what is on the TV and invasively forces you tell it every 30 minutes or so exactly who is watching the screen.
My family was a Nielsen family for a time when I was in college and my 8-12 year old brothers were living at home.
Nielsen asks the parents to consent to monitoring. The parents are adults, and adults are in a position to be able to give such consent. Parents routinely make decisions for their children that the children are not in a position to make on their own. This ensures that children, who do not have the education and life experience to be able to make such decisions on their own, have their interests looked out for by responsible adults.
Facebook skipped the parents and pitched their app to the kids directly.
There is no invasion like what you're mentioning in the (recently) current systems. I was a Nielsen household. They use audio tracking via HDMI/optical audio to "see" what's being watched, and they can of course tell what TV it's coming from, but that's the extent of it.
I wonder what the actual effects of saying “Period! End of Story!” are in a discussion forum.
Obvioisly someone is still free to respond, and then that won’t be the end of the discussion. So what’s the point of saying it? It seems to escalate the stakes basically: “if you disagree then you are a LABEL!”
I understand your sentiment here, but the broader point here is that we as industry have been historically timid about taking hardline ethical stances. In my opinion, Facebook's behavior here is clearly wrong, and I'm going to state it as so.
By taking a hardline stance, I'm opening the opportunity to prove me wrong. This is an open forum and I'm not calling anyone names for disagreeing with me. In fact if you do have a valid counterargument, PLEASE DO disagree. I'm more concerned about getting to the truth than being right.
But if there isn't a counterargument, then I want my comment to stand out as a stark reminder that we should not accept or be complicit to these types of practices going forward. If we don't take these types of stances, I do not think we will change the culture in tech.
Agreed. If the original commenter cannot make a cohesive and convincing argument as to why what happened is wrong, then they ought not to say anything. If they believe their argument is convincing, then these kinds of statements are unnecessary
Yeah I mean it's mostly interesting to see that at $0/mo Onavo was a fantastic deal for FB and they are willing to pay users at least $20/mo for the same quality data. I wonder what price this instrumentation is worth to them if $20/mo and PR risk was okay -- like, what is the upper bound on good quality iOS Onavo data?
Seemed like the WSJ described this tool pretty well [ https://www.wsj.com/articles/facebooks-onavo-gives-social-me... ] -- reportedly Facebook employees can just plug in "Snapchat" into the Onavo metrics and see "we estimate [XX] MAU, declining [Y%] year over year and [Z%] month over month", and they can use this info to short/long SNAP or to prioritize building/buying a competitor. Such a great idea.
I do feel bad for whatever PM in Facebook (on Project Atlas or whatever) has been watching this news for the past few days and saying "whoa, this seems disproportionately unfair, given that Google and others do the same thing on iOS". I'm just wildly speculating here but that project team is probably getting a firsthand lesson in the "New York Times test" rule: if what you are doing were published on the front page of the NYT, would you regret it? (This is a particularly rough area because I think a lot of current employees probably feel like the NYT and peers have some kind of vendetta against them and probably don't really understand the hostility.)
> Be 18 years of age or older and capable of entering into a binding contract. You expressly declare that you are the owner of or lawfully exercise control over any Device onto which you authorize the downloading of the Software.
Facebook's spyware was pushed to teenagers as young as 13. But yeah, same thing.
> "Children watch an average of 2.8 hours of video content each day – the majority use devices other than a traditional television set to watch this. "
These continued moves of desperation show a company terrified of losing its massive data-gathering surveillance machine.
Hoping Apple demonstrates its commitment to privacy by doing more than hurting internal functionality and speak to the only thing that matters to FB - its ability to surveil people.
Investors and governments pumped billions into FB in the last 5-10 years seemingly under the impression that it was too big to fail. One can definitely see the panic starting to trickle in now that it's clear the platform's days are numbered. I wonder if they will be able to shift to a less predatory/ad-based business model before it's too late or go all-out with the data harvesting.. It'll be interesting to watch it play out either way!
> now that it's clear the platform's days are numbered.
How is that "clear"? It's true that FB has received a lot of bad press and push back in recent times, but none of that changes the fact that FB is pretty much still the 10.000-pound Gorilla in the room with no real alternatives for a lot of people.
Don't get me wrong here: I don't like it either, I just don't see their days as being "numbered", but FB is too entrenched in a whole lot of sectors for it to simply vanish without some kind of competitor actually gobbling everything up they do right now.
Too many people forget that at this point FB isn't just "social media", for a whole lot of small and medium businesses FB has become their sole online presence, due to ease of use and reach.
They are definitely too entrenched with partners, but for the users themselves to mass-migrate all it takes is a big enough user-facing tactical error.
> Hoping Apple demonstrates its commitment to privacy
If Apple had a true commitment to privacy, this wouldn't have happened by design. Apple just has less commercial interest in gathering data about users outside its garden.
What design changes would have prohibited this from happening? The only changes I can think of would make it more difficult to debug things in development.
Apple has a very lucrative business where they have a sizable legion of followers who will spend almost any amount of money to own their products. They don't really need new customers, and aren't likely to convert many with traditional advertising tactics, so they just have to sit back and continue iterating on what they have to get existing customers to keep coming back for newer stuff. Basically, their business is all about draining money from their existing userbase, not expanding it.
This is exactly what Apple would do to a small indie developer if they found they did something similar. Glad to hear that they aren’t afraid to do it to a company like Facebook.
In this case the punishment fit the crime - break terms of enterprise distribution cert, get enterprise cert pulled.
However, it's very possible that if a smaller company did this that all of their certs, apps, and dev accounts would get pulled. Facebook does still get some special treatment.
well, I mean, of course... Facebook is still the proverbial 500lb gorilla, bad actor or no. Apple's going to be very slow in nuking a big player that drives a huge chunk of device usage.
Kicking Facebook's apps off the appstore would include WhatsApp, Messenger, and Instagram. It would be a bigger deal than logging into Facebook.com on safari.
Even ignoring directly related apps like Messenger, Facebook is the main way I log into a large chunk of unrelated apps on my iPhone including games, food delivery, shopping, etc. Nuking the main Facebook app could cause harm to a huge number of users and third party developers.
I think Apple is right here — they’ve detected a breach of term and shut it down.
But I still think they are wrong for blocking 3rd party apps. I understand they believe it is for my safety and security, but there needs to be a happy medium. They should have a way for experts to side load apps.
I think you're missing the point. Experts do have a way to side load apps, through enterprise certificates and developer certificates. Facebook was distributing an app to consumers using the enterprise certificates, to collect data, in somewhat malicious terms, which is a direct policy violation of using an enterprise certificate.
I think jedberg is saying he wants to be able to load whatever software he wants on a device he owns. Is this really controversial? There's no good pro-consumer argument for making it impossible. It's OK to make it technically challenging to prevent malicious software from getting on lay people's devices, but blocking it full-stop? If I own a device I should be able to put whatever I want on it. It's mine. Ownership means something. I'm not licensing my phone's hardware. I own it. I can smash it to pieces if I want, why can't I change the bits inside?
So make iPhones like Pixels. If I want to root the device, make it simple, make it factory wipe the device, and flip a bit that opts me out of software support. (I know Google doesn't do this last one, but I'm not opposed, I know what I'm doing.)
But no. I have to buy a $1200 mini-computer and then accept the arbitrary whims of Apple on what code I can run when.
I don't think it's controversial to say opening up ways to load apps outside of the app store will make it far, far harder for Apple to make any performance, security and stability guarantees about their devices. So if you choose to bypass Apple's ecosystem, you are on your own and can't blame Apple for anything that goes wrong.
I did jailbreaking for a while. It means being on an old OS all the time because it takes time for the jailbreaks. And I shouldn't have to jailbreak to side load apps. There should be an officially supported channel.
> make it far, far harder for Apple to make any performance, security and stability guarantees about their devices.
You mean like my laptop? Somehow they manage to maintain guarantees despite the fact that I can load any software I want.
To be fair, you can sideload apps on to your iPhone, it just that if you are not part of the Apple Developer program you'll need to resign them every seven days.
I am an Apple Developer, but that still requires me to use open source apps, since I have to compile it myself. Also it's a lot of effort.
It would nice if I could just go to a web page, click a link, and say "load this app, I accept the performance/security risks this entails". Like I do with my laptop.
> I don't think it's controversial to say opening up ways to load apps outside of the app store will make it far, far harder for Apple to make any performance, security and stability guarantees about their devices
Why would this necessarily be the case? Apps on iOS are already pretty restricted as to what they can do - they can only access files they create (or have to ask for permission), they have to get permission to use the camera/microphone/etc, they're throttled pretty severly when they're in the background, and they can't modify any parts of the system UI. Even if you did install a malicious app, what would it be able to do?
> So you support apps like this Research one being made available to teens ?
I 110% support that. Freedom is good. Hopefully their parents are involved enough in their lives to have explained the dangers of such things to them. Or perhaps Apple provides a parental control to allow that, but at least it would be possible for the parent to allow.
The argument isn't whether specific parties should produce malicious apps. Obviously any rational person would say no, depending upon what your own definition of malicious is (many have argued that a consenting party being paid $20 per month in exchange for data collected from their device is not malicious).
The argument is whether Apple should be the arbiter of what is considered a proper use case for an app or whether an individual should be. This argument is as old as the hills. Should the government be able to dictate to me what the correct size of a soda at McDonald's is? This is roughly the same argument. Although in Apple's case I think the restrictions have more to do with creating a reputation for consistency and quality.
I can install most any software I want on my PC but because of that you could argue the overall experience on a PC is sub-optimal compared to an iOS device. It's all about what's important to you. Personally I think Apple should be able to enforce whatever restrictions it chooses for its apps and customers are free to pick a different device with fewer restrictions. The developers are the ones who don't have a choice in this because they have to make apps for iOS if they want to get the largest possible user base so they have to abide by Apple's rules. I think the antitrust case for developers against Apple is pretty strong at this point, but I think the argument that I should be able to install what I want because it's my device is pretty weak.
Yeah, Apple have to step in here - otherwise they risk Enterprise certificates being used widely to violate Apple's AppStore restriction (which is what FB was doing), which is clearly not in Apple's best interest.
> Experts do have a way to side load apps, through enterprise certificates and developer certificates
Only their own apps. You can't use that mechanism to distribute an app to other "experts", which makes it of limited use in practice. You can distribute as source and require them to build it, but then everybody who wants to install your app on their device also needs a Mac.
I meant I want to side load apps on my phone that I don't write that other people make that perhaps violate Apple's rules. Like one that replaces springboard for example. Without having to jailbreak.
I agree. I would like to see something like we see with Linux distros. Whether I'm using apt, yum or dnf I can add a third-party repo for my package manager to download and install from. When I was into jailbreaking my phone that is what this basically meant to me even though I had to go with a different package manager (I think it was called cydia).
They’ve also been expanding the reach of TestFlight apps through public invite links. There are some notable apps (iSH, a Unix terminal emulator, comes to mind) that are only distributed through TestFlight, since that sort of thing would never make it through App Review.
Yeah testflight distribution is a decent workaround, but the limit the number of installs. Also you have to pay Apple for the ability to distribute through testflight.
I want a way for a 16 year old kid to make an awesome app and then distribute it to whoever wants it. Like back in the shareware days.
like, the App Store? Is it just the $99/yr that you object to? Because you could offer some scholarships to promising programmers. The kid already has a Mac, I bet he can talk his parents into a developer account if he's made an awesome app.
FWIW, I have a few ssh clients on my iPhone (Termius, Prompt, iTerminal) that came from the App Store. Termius even offers mosh. Why wouldn't they be approved?
I know of a lot of apps that are attached to having an active patreon sub (via testflight downloads).
The only thing I can think of that would be a problem for that 16 year old kid (or alternatively, a sneaky black hat) is permissions. Maybe a color coded permissions model where green means can only access the most basic systems, yellow means could access some personal data, red being can access very important or practically all your data, you must trust them implicitly before installing.
Does iSH really run afoul of the App Store guidelines? Seems to me that it's effectively the same thing as the various iOS Python IDEs, just using the Unix stack instead of Python. In particular it's an x86 interpreter, not a JIT...
It's nice they have the capacity to do that to protect their consumer ecosystem (indirectly), however, if I'm making an enterprise ecosystem decision to build out a fleet of mobile tools for my company, "Apple has and has used the capacity to shut down the ability of the hardware we purchased to run software we wrote on that hardware" gives me pause adopting that ecosystem.
Their purpose was generally-accepted as just in this case, but what if next time, it's because someone started competing with them and they didn't like it?
Tech has a long and storied history of anti-competitive behavior by the platform owner, even without fancy signed code + crypto:
* Microsoft and the games they played with 4DOS, undocumented calls, testing for id strings and then claiming windows woulden't run on the "Incompatible" DOS variant
* Apple re-implementing shareware utilities in the System 6/7/8/9 days right into the operating system, sometimes not compensating the original developer for the idea
* MS Word using undocumented API's for better UX + integration over all word processors in the 90s/00s
* Twitter Changing Platform API and kicking out all sorts of useful apps on their platform
* Facebook doing the same
At least this time around, there's a clear kill switch so they don't have to be underhanded about it. And in this instance there was a clear and unambiguous ToS violation in play. Most of the instances I've listed went unpunished, or were only given a slap on the wrist after the damage was done.
The license to do that comes with a contract. Facebook broke the terms of that agreement. If you don't plan on doing the same, you have nothing to worry about.
That reads an awful lot like the reasoning "You don't have to be concerned about government privacy or authority overreach if you don't break the law."
The FTC is a good backstop, but in the time it takes them to resolve a (potentially antitrust) case, your company could go bankrupt. As an enterprise purchaser, it may not be risk I want to take on for the benefit of using Apple hardware and software for internal solutions.
This is having a real effect internally at Facebook.
In many ways this is a good punishment, disruptive to the bad actor and minimally disruptive/invasive to the consumer.
>Apple has shut down Facebook’s ability to distribute internal iOS apps, from early releases of the Facebook app to basic tools like a lunch menu. A person familiar with the situation tells The Verge that early versions of Facebook, Instagram, Messenger, and other pre-release “dogfood” (beta) apps have stopped working, as have other employee apps, like one for transportation
While I have no sympathy at all for Facebook, this is a rather chilling reminder of Apple's ability to decide what you're allowed to run on your own phone.
Chilling isn't my takeaway. It's that Apple take the threat of surreptitious data gathering seriously and enforces its rules for other companies to that effect.
Given that Apple has the ability to control what software can and cannot run on your device (to a large extent), this is a praiseworthy use of this power, however, on the whole, it would be preferable for Apple not to have this ability.
Facebook still has this power on android. If you don’t want the protections of apples walled garden feel free to swim in the unregulated waters of android
Absolutely! We should have laws protecting our privacy online and offline, from governments and from private entities. We should be able to sue Facebook and their ilk into oblivion. Until then, anyone who stands for privacy is on my side and has my business.
In a world where there are no weasels like FB, constantly trying to see what they can get away with, I too would prefer that Apple not have that ability. But in the world I currently live in, I'll reluctantly side with Apple having that ability. And the instant they use it not to my liking, I can go buy some other brand of phone.
Leave it up to the user (or, possibly, their parents if they're under-age) and give them the tools for maintaining their privacy. For example:
Have appropriate app permissions (which we mostly already have).
State that only apps within the app store are monitored to be privacy-friendly/"trustworthy", while still allowing a relatively hassle-free way of installing apps from outside it, similarly to how Android does it (except that I don't necessarily trust Google to ensure that the apps within the Play Store are "trustworthy").
Label "untrustworthy" apps (similarly to how F-Droid labels potentially unwanted features).
Now, since Apple currently has more intrusive control, I want them to use it for "good", but I don't want them having this power in the first place. As an analogy, if there were policemen stationed on every corner in the city, I'd probably want them to prevent suicidal people from jumping off bridges, but that doesn't mean that I want the policemen to be there.
To me it’s a fallacy that even a highly skilled and knowledgeable person could set their own privacy settings to what they’d actually like. When you have huge forces arrayed against you, an powerful advocate is necessary.
> To me it’s a fallacy that even a highly skilled and knowledgeable person could set their own privacy settings to what they’d actually like.
Do you mean on a phone or on any computing device? I'm pretty confident that I've set the privacy settings to my liking on my GNU/Linux laptop. (Well, with the giant exception of tracking by websites, but I think that uBlock+uMatrix on Firefox still deal with that slightly better than Safari's blocking.) You could argue that in this case Debian (or the like) is my powerful advocate, but it's a powerful advocate who doesn't take away control of my device.
It's either that, or they employed their market dominance to strike at their competitor. Without a public regulator that fines both Facebook and Apple for their respective abuses, we will never know which.
A public regulator of tech oligopolies is a great idea. Until that happens we have few choices in whom we chose to trust.
Apple is no corporate saint but for now it is the best of the lot because of its business model.
Government regulation often comes about as a result of failure to self-regulate. Facebook doesn't care about torches and pitchforks, but your Congressional representative does. Now, were FB (or tech companies in general) smart, they'd self-regulate before the citizenry starts digging in the garden shed for implements.
But tech companies, and especially FB lately, aren't smart. And, like the three year olds their maturity reflects, they bitch and moan when the hammer comes down. Well hey, Ayn, I've got an idea: stick a finger to the wind and sort your shit before the Big, Bad Government(tm) comes a-knockin'. Because when they come, shit's going to change and probably not in a way you like. Might as well get out in front of that narrative.
Especially in the south, the only thing they have to do is demonize “them”, wave a bible in one hand and a gun in the other to get re-elected while raising money from corporations.
Neither they nor their constituents vote based on “privacy”.
Completely? No. But when it comes to data and privacy I think it'd be better than today's wild west.
Who would have thought ten years ago so many people would be willingly give companies a live feed video stream of the inside and outside of your house, along with voice recordings of everything?
I trust them ("them" being developed-world democracies; obviously there are more concerns with, say, the Saudis) more than I trust tech to self-regulate.
But private corporations also can’t forceable take away your freedom and your property. If I have the choice between giving the government more power and private companies. I worry a lot more about government power.
Well considering that the worse that corporations can do with data is sell your privacy compared to the worse that the government can do - throw you in jail if you give them too much power. I’d rather not give government more power.
Trump has outright said that he is in favor of jailing journalists for spreading “fake news”. You know if the government passed a law to “protect privacy” they would give themselves an exemption and want a backdoor.
I’m not debating the worse case. I’m going by history of how the FBI acted in the 60s during the Civil Rights Area and how it currently acts with the “War on Terror” and the “War on Drugs”.
Having a government that is actively hostile to minorities - religious, race, nationality, or sexuality only takes a populist leader who speaks toward their prejudices....
If we're going to go historical, we'll have to include company towns (which Facebook is revisiting as a concept, incidentally) and debt slavery, the Pinkertons machine gunning strikers...
It isn’t “historical” what is happening today in Gitmo, being able to be locked up without a trial if you are deemed a “terrorist”, or secret warrants.
I think it’s a bit of a stretch to say Apple and Facebook are competitors.
Apple makes its money selling stuff, Facebook by selling attention.
That being said, the incentives for Apple to become more like Facebook are quite strong and you can see it in the direction Microsoft has gone with Cortana and in-OS ads.
Not arguing about the point that Apple can decide what runs on your phone, but in this case Facebook was in clear violation of the terms of agreement.
And they only shut down their enterprise apps not the actual Facebook app.
It's not really an agreement, if you want to support Apple customers you either accept or leave that market to Apple itself. For something like social networking, that's absolutely massive, and we can't say that Apple has been shy to duplicate and replace applications with their own versions, and push them along with their ecosystem.
What we see here are two monopolists fighting, it's hard to pick a side but imagine what chances a startup has in this environment. The robber barons are back.
In this particular case the agreement is not the app store agreement but a entreprise certificate for which you have to apply separately and which gives you special treatment. It enables you to create and distribute apps without going through app store review under condition that you will never distribute them outside your organisation. Facebook quite deliberately violated this rule.
> it's hard to pick a side but imagine what chances a startup has in this environment.
Facebook is constantly paranoid about new social media networks taking away their advertising space. This is them admitting a startup has a chance in the environment. Social media platforms gain huge traction and lose favor every year. Facebook sticking is an unnatural position and they know it.
Apple's flagship product, the iPhone is suffering from longer and longer upgrade cycles as the category matures. Many people are starting to ask if a new product category can replace smartphones. This is coming at a time when Apple doesn't have Jobs, and it's possible they won't be in the early wave of innovators on the next tech wave. A small innovative team could outperform Apple on this front.
Yes. While they were justified this time, it is possible that they won't be justified in the future. Management now is not management then. Anything that outsources control of this level to a third party is a business risk for a company of any size. We need better solutions.
Given the number of people using iPhones, you basically have to support the platform in order to make any money, so I wouldn't say the agreement is really "voluntary".
The internal cert is different from a regular application cert. The conditions for use are explicit.
Apple and Google, these corporations signed a license agreement to conduct themselves a certain way and failed to do that WRT the enterprise org cert. They were not forced into signing an agreement and have access to excellent legal council. This is a manifestation of the prevailing culture.
Furthermore Facebook is ruthless about enforcing their IP to "their" data (also voluntarily offered by users) and Google dictates the same way, except much of Google's data is hoovered up. These companies have all have a history of dictating and exclusion.
The article indicates their lunch menus and staff transportation apps don't work.
> Apple has shut down Facebook’s ability to distribute internal iOS apps, from early releases of the Facebook app to basic tools like a lunch menu. A person familiar with the situation tells The Verge that early versions of Facebook, Instagram, Messenger, and other pre-release “dogfood” (beta) apps have stopped working, as have other employee apps, like one for transportation.
I'm totally fine with this house burning down. Just noting that this is apparently having very significant internal effects, even if the public Facebook app is fine.
> I'm totally fine with this house burning down. Just noting that this is apparently having very significant internal effects...
And this is ALL on Facebook and NOT Apple. Facebook understood the consequences when they decided to abuse the Enterprise Cert. They took the risk and got called on it.
This is Facebook's fault. Full stop.
Almost every single employee that has an iPhone is running beta/dogfood releases signed with the enterprise certificate. Facebook, Workplace, Messenger, Work Chat, Instagram all fall under this umbrella. The "lunch app" people are talking about also lists open tasks and calendar events.
I keep going back and forth regarding whether Onvaro is just "opposition research" or a sign that while Facebook is still as powerful as ever, that they are running out of product ideas. Of course it could be both, but the use of Onvaro and 'Facebook research' have a hint of desperation.
2 of the big five in a dispute over "ethics of technology (ab)use". One commenter had the thought, that this reaction from Apple is just straight aligned with the rules they created for every corp - regardless of their market share or $.
But - i guess there will be negotiations. FB is in a position to make deal.
Bad press in the dev-world - on dev-topics - didn't hold the masses and average Joe back to continue using FB. And this fail won't, too. Me sounding fatalistic, i know. But this outrage in the dev-world isn't enough to demask the beast.
Red lines crossed - and next week the PR department will fix it.
I don't know what needs to happen until the masses of FB-addicts switch to "open technology" and leave their silos.
I don't know that Facebook is in a position to make a deal. Apple just won a mountain of positive press by taking a tough stance on this, and without having to actually take Facebook's legitimate apps away from their users. I think Facebook is just going to have to live with the consequences of their decisions.
Hopefully this (likely, and unfortunately only momentary) pause in facebook employees' evil progress will inspire even a few of them to quit and use their experience for good instead.
This isn't going to stop anything. Attribution was already "laundered" through multiple different agencies and firms who were conducting this research.
They'll just cut a check to another company and proceed from there and/or a company will just sell them the data on "teen social and mobile usage" and Facebook will be able to truthfully state that they had no idea the means by which it was collected.
Can somebody explain the technical specifics of what was installed and what is revoked ? I'm not familiar with with iOS. My assumptions are: The original app, which was distributed by fb, installed a systemwide CA to MITM traffic after prompting the user. Is this not available to regular apps distributed on the store ? This app was not on the app store but distributed out of band. In order to sideload apps on iOS, they still need to be approved by Apple ? So Apple maintains a whitelist of developer certificates who can side load apps. Now, Apple has blacklisted this signing cert. However, this doesn't do anything to the CA, right ? However, the article says, "Revoking a certificate not only stops apps from being distributed on iOS, but it also stops apps from working." How does this work exactly ? Apple triggers all the clients in the world to freeze/remove these apps ?
> The original app, which was distributed by fb, installed a systemwide CA to MITM traffic after prompting the user.
Correct.
> Is this not available to regular apps distributed on the store ?
No, this is OK; VPN apps do exactly this, but they go through review to make sure that they are actually VPN apps and not, well, essentially what Facebook is trying to do here.
> This app was not on the app store but distributed out of band.
Yes.
> In order to sideload apps on iOS, they still need to be approved by Apple ? So Apple maintains a whitelist of developer certificates who can side load apps.
You haven't mentioned it, but I think it's important to make the distinction about the two ways to sideload apps on iOS: you can self sign your app yourself for your device (generally via Xcode), which Apple doesn't really check at all, or you can be a company, get an enterprise certificate, and use this to sign apps and distribute them to other iOS devices, as Facebook was doing here. The catch is that you are supposed to only do this internally inside your company.
> the article says, "Revoking a certificate not only stops apps from being distributed on iOS, but it also stops apps from working." How does this work exactly ? Apple triggers all the clients in the world to freeze/remove these apps ?
iOS, as of iOS 8.4, periodically checks for revoked certificates and will refuse to run apps that were signed with something that Apple has blacklisted.
>VPN apps do exactly this, but they go through review to make sure that they are actually VPN apps and not
A vpn app can tunnel network traffic, but it doesn't meddle with system certs or the CA. It doesn't doesn't get to decrypt TLS connections by default. So which one did fb do ? Did they just tunnel traffic, or did they MITM TLS traffic as well ? All the coverage about this story seems to be vague. If it's just the former, it doesn't seem that egregious since it is explicitly called out as a data collection app.
>iOS, as of iOS 8.4, periodically checks for revoked certificates and will refuse to run apps that were signed with something that Apple has blacklisted.
Again, I don't know how the system cert store is handled, but even if you can't run the app with the blacklisted dev cert, are the modifications that it made in the past (such as enrolling a CA) also reverted ? In this case, that may be the desired outcome, but in general, that state is not really a part of the app.
> A vpn app can tunnel network traffic, but it doesn't meddle with system certs or the CA. It doesn't doesn't get to decrypt TLS connections by default. So which one did fb do ? Did they just tunnel traffic, or did they MITM TLS traffic as well ?
Sorry, I should have been more clear. Most VPN apps tunnel traffic, but the Facebook app is going further and inserting its own root certificate, allowing them to intercept TLS traffic. Some apps, like Charles Proxy, do this, but it obviously has a legitimate use for this.
> are the modifications that it made in the past (such as enrolling a CA) also reverted
I haven't tried it, but I'd like to think that this is the case.
It's pretty crazy to think about what Apple is capable of doing now. By banning an app, they can easily kill a small company, and now they've caused some huge internal headaches for Facebook. I know Facebook broke their rules and totally deserved it here, but it's interesting to think about the power Apple has obtained by tightly controlling their platform.
You do bring up an interesting point. Apple's (expected?) responsibility here is to protect their users from malicious apps on their devices. It does seem reasonable for me what they are doing, but of course if they were to lose sight of their users' best interests, then this could become problematic. However, I think for issues like that we need to just trust the market to correct for that. If Apple were to destroy user trust, then I would not doubt that people would flock to their competitors (Google, Samsung, etc).
I see this as a start of a political battle between Apple and Facebook (maybe Google too with their Screenwise Meter app). First Facebook tries to push the limit of what Apple would deem acceptable. Then Apple pushes back and show that it's clearly not acceptable.
I'm curious as to what Facebook will need to do to get around this assuming Apple intend to have the certificate revoked indefinitely. Couldn't Facebook just start signing their apps with an alternative certificate Apple has already granted them?
This scares me. Not so much the action by apple ( they are flexing their muscle), but the reactions here. "Great!", is the jist.
It you think an unilateral revoke, and shutdown of a company internal tools, because of an external issue, without recourse is a good thing... I'm guessing you have no issues with Crazy EULA's, Monopolies, Corporate abuse, Corporations doing as they please. ( I can keep going down this slope.. )
Facebook had a program, with willing participants, that broke a third parties rules. We can argue infinitum about this.
But this is a company, STOPPING your usage of YOUR hardware, AFTER you purchased it (I'm talking about apple stopping Facebook from distributing internal tools as well, this is the side effect of this ). Think deep and clear about this. Are you ok with this?
Secondly, from the company (apple ) that literally turned everyones devices into wiretaps, globally, and ignored the issue for who knows how long... This is just.. wow. ( and they continue not to issue a formal reason for this ).
Yeah, no. Facebook had a cert for distributing internal apps. When one of their external projects was rejected by the App store, they used the internal cert to try and distribute it externally (circumventing the App Store). As a response Apple revoked the certificate that was being used in violation of its use agreement. There is nothing wrong with that action.
You're introducing a straw man argument by trying to make this about hardware ownership.
With due respect, I think you misunderstand what a straw-man argument is. This is not a different point. This IS post purchase control of hardware.
Would you be ok with Tesla disabling cars because you were using illegal drugs in them? Now do you get it? I'm not defending facebook. I'm telling you this behavior from Apple is truly scary. Apple is not law/moral/societal enforcement "police".
This is the ONLY way to run internal apps. and it wasn't one cert btw. Google has a similar "research app", their certs have not been revoked. Maybe because apple relies on google more? Maybe because they generate revenue from their search and app placement deals? Hrrm?
My point is simple, arbitrary revokes, without process, are a scary thing. Specially when they are done POST purchase, and have real tangible effects.
Since Apple didn't catch Facebook either, but reacted half a day after the media report, I don't think taking this 3 hour old story as "Apple isn't doing anything to Google!!!" is reliable: We'll see what happens.
(replying to the reply of my comment, since threading doesn't go further)
Do you think apple does not have reports of the number of users that have apps installed via an enterprise cert?
That's pretty much the basic type of stats you would gather when having an enterprise licensing/authority system. Fact is, they knew about this, this was not hidden by google OR Facebook.
Apple decided to release this the DAY after they had a huge privacy flaw in Facetime.
It's not the only way to run internal apps: They can also install them through XCode. Also, the revokation was in no way arbitrary, but due to a grave violation of the terms under which the certificate was obtained.
Exactly this. I think Apple handles it perfectly on macOS: if you want to run an app downloaded outside of the App Store, you have to explicitly go to System Preferences -> Security & Privacy -> Allow apps downloaded from: anywhere. This provides a great mix of consumer protection against malicious code, and freedom for professionals to download and run anything on their machines. Disappointed in how they handle apps outside the 'walled garden' for iOS devices.
> if you want to run an app downloaded outside of the App Store, you have to explicitly go to System Preferences -> Security & Privacy -> Allow apps downloaded from: anywhere.
You can just right click the app and choose “Open”. That deliberate action will allow you to open an app from an unidentified developer without changing your Gatekeeper preferences.
> This provides a great mix of consumer protection against malicious code, and freedom for professionals to download and run anything on their machines.
Android has something similar. Remember the Fortnite fiasco?
Yeah, but if you don't err on the side of freedom, then you're basically supporting Apple-style totalitarianism.
I'm glad that Microsoft's business model won out in the PC wars and I look forward to a time when Apple loses again in their home field. As a power user, I can't stand the amount of control has over my own hardware. In my profession, I can't afford to ignore Apple though. I really hope they lose their anti-trust case!
As others have said, all Apple did was revoke a certificate that was used to intentionally circumvent the AppStore. The fact that Facebook had a slew of internal apps that depended on that cert shows their stupidity, arrogance, or both. It's not Apple's responsibility to figure out how badly it will hurt if they revoke a cert that was used to violate their terms.
They can't test facebook tools or internal apps on apple phones, because they used their cert that signs facebook tools or internal apps to make consumer facing spyware in violation of their agreement (that they had been warned about before!).
Its not like they shut down their macbooks.
> Secondly, from the company (apple ) that literally turned everyones devices into wiretaps, globally, and ignored the issue for who knows how long... This is just.. wow. ( and they continue not to issue a formal reason for this ).
If you think there's a major equivalency of the bug on facetime, I can't help but think you're hopelessly biased.
I was really hoping Apple would yank the certs instead of just the usual “that’s not allowed, please stop and don’t do again” leniency they usually give larger companies. This is the only way to make companies listen
i’m curious why the internal tools would fail testflight beta review. i had an app fail beta review, but was still able to distribute with testflight after explaining to the reviewers it was for internal use only...
Nothing unfair about the business practices. Facebook intentionally breached their contract. It’s possible that Apple is the one with the right to sue.
Why? What Facebook does is legal (but ethically disgusting). Apple has a monopoly status as gatekeeper for their platform as there are no other competing iPhone App Stores (contrary to Google's Android).
Now, as Apple is forbidding what Facebook does in their store ToS, Apple may be prohibiting Facebook from reaching the (not small!) target audience "iPhone users" for their data collection and thus unfairly hindering Facebook's business.
I for one would be really happy if the Store ToS were to be torn down in the courts so that the only reason to block an app rollout is covert spying, malware or other user deception, but not open data analytics, porn (case in point, every porn site but especially Tumblr), firearms or using a different html/js engine.
Facebook abused their enterprise certificate to bypass the App Store and distribute their app outside of their company, which is something that is explicitly disallowed by the agreement that governs such certificates.
> If they don’t like it, there are plenty of Android variants for them to choose, which differentiate themselves precisely by having this difference.
There is no alternative for iMessage or you may have invested a serious load of money into the Apple ecosystem (e.g. Apple Music, but also games and other apps) that moving would amount to losing said money. Especially for those who got in in the early days with jailbreaking being a routine thing...
Breaking up the stores and especially forcing the various platform providers to provide synchronization abilities (why can't I sync my Fallout Shelter vaults for example or why should I need to buy my Plague Inc expansions again) is desperately needed.
On desktops this works just fine (best showcase being the Adobe apps, and I believe that at least the MS Office subscriptions are valid across Win and Mac), so why are the mobile walled gardens still a thing?
It seems like you don’t care that Facebook was happy to breach their contract with Apple here. It may not be ‘illegal’, but it’s certainly a civil tort.
Here’s a question: if Facebook is willing to breach this important contract with a company as powerful as Apple and think they’d get away with it, how much do you think they respect contracts they make with their customers?
> Here’s a question: if Facebook is willing to breach this important contract with Apple and think they’d get away with it, how much do you think they respect contracts they make with their customers?
Not at all? I don't trust any government or company pretty much these days. It's all a game of "who is most likely to screw you up in the least bad way", (corporate) ethics have gone totally downhill.
Basically, Apple wants to extract the maximum profit - and thus bans competing app stores, forcing their cut on every transaction, and banning everything which may be legal but not in their "ethical desires" (like porn) and thus hindering the informed choice of their customers.
That being sad, what Facebook is trying to do here is deeply disgusting, but if it helps break Apple's walled garden, I'm willing to cut them some slack.
Ok - at least we know where you stand - you are willing to forgive Facebook for breach of contract, deception and spying on kids, because you want to damage Apple.
Worth noting that Apple has massive and vigorous completion in the phone market in the form of the many Android variants which have exactly the open market you want, and only a minority of customers choose Apple, and they do so in the knowledge that Apple controls the App Store.
On the other hand Facebook actually does have a near monopoly on social networking with no viable competitor at all.
It makes no sense why you’d want to excuse clearly dishonest behavior by an actual monopolist, in order to harm the business of company who has clear and viable market competitors keeping it in check.
Why do you care about Apple at all, when you can just buy an Android phone?
> On the other hand Facebook actually does have a near monopoly on social networking with no viable competitor at all.
Which should be broken up and Facebook forced to re-introduce federation (their Messenger long ago offered XMPP), but that is a different question.
> Why do you care about Apple at all, when you can just buy an Android phone?
Actually I am an Android owner, who is a bit unhappy with Apple locking down their ecosystem so hard that a migration (in both directions) is next to impossible.
It'll sting internally, for sure. For how long? Not sure but I'd say it'll halt release processes for maybe a week or two.
Any large organization resorts to using enterprise certs for beta and QA distributions of an app as the device limits are unrealistically low for them. These things tend to have cycles where a features have to get in by a certain date and then builds are sent off for beta and QA testing. There's no question this issue throws a wrench in this process.
A solution to this problem is signing it with another enterprise cert. I don't know if all of Facebook's enterprise signing certs were revoked or just the one used for this app and even if FB tried applying for a new one (maybe through a subsidiary?) that takes time.
That's where I see this going. Perhaps Facebook will fork Android. Today it's Apple interfering with Facebook use of mobile devices. Tomorrow it could be Google.
To be honest, while there has been loads of bad press against FB over the past year, I had been leaning toward giving them the benefit of the doubt for the main following reason: a lot of the bad press had come about because society's views on privacy had changed (especially with the realization of how social media could be used to impact a US election), not just Facebook's. After all, when FB originally released their developer APIs that let developers gain access to friend data without the friend's explicit permission, there was barely a peep about that (among security/privacy researchers, sure, but among the general populace, no). It was only after Trump got elected that people had an "oh shit" moment about what was really possible with social media data.
This "data research" app has hardened my views, though: I now believe Facebook is rotten to the core. After all, as a security researcher pointed out, that "market research" app was basically just the previously removed Onavo app, reskinned (https://twitter.com/chronic/status/1090394419902197761). Facebook knew they got caught, and they tried to workaround by using their enterprise cert so the app wouldn't go through App Store review. Screw them, I hope this forces the heavy hand of government regulation on them. They have proved the cannot manage themselves.
> After all, when FB originally released their developer APIs that let developers gain access to friend data without the friend's explicit permission, there was barely a peep about that (among security/privacy researchers, sure, but among the general populace, no)
You're telling me that the average plumber and teacher and waiter didn't complain when Facebook introduced an interface for developers? No way.
> Bro, did you see the new API that FB put out that totally foobars luser privacy?
> Dude, I teach kindergarten, wtf is an API?
Obviously people trying to explain it aren't going to be using that language, but to outsiders it'll sound that way. And tech nerds aren't known for being able to explain things to laymen in the first place.
I view company as consistent, in same way I view Putin as consistent - expect more sneaky shit and backstabbing. Their mission as a company is clear, the way they conduct the business is pretty clear too, this ain't first nor second time FB did something amoral intentionally. We humans have full right to change our views and values, and what in our society is not aligned anymore should either change or perish.
When will the HN crowd start treating Zuckenberg (no 'Zuck' please) as amoral piece of * with rest of the company following?
Remember when people were outraged when Apple decided to give in to the demands of the Chinese government rather than shut shop. They complained about Apple not taking the high road. Now people are complaining about Apple taking the high road? Funnny how times change! Make up your mind people — you can’t have it both ways! Cheers!
Serves them right but it's hard to think that the facebook people who were in charge of the spying app wouldn't have considered this as a possible outcome.
It probably won't affect them that much if they were already prepared for this to happen.
I'm guessing you haven't worked at a large corporation, especially one that explicitly says they value speed over correctness. My guess is the team involved in the research app got hold of the enterprise certs, and the teams on the other apps were unaware.
I wasn't saying that everyone at facebook knew.
But if you were one of the people in charge of the data tracking app, wouldn't you at least know that apple revoking the licence could be a possibility since you are explicitly breaching the agreement?
Not even trying to defend them. Just curious how much it will actually affect facebook.
It’s pretty clear when you’re using an enterprise certificate, especially as an iOS dev. The whole process of building an app makes you very aware of code signing which is a pain felt by all iOS devs (it’s gotten more automated thru the years, but still..). I doubt anyone could claim ignorance.
Disclaimer: I work for apple, unrelated to all this.
Sample size of one, but I worked at a medium sized company that had an Enterprise certificate they used to distribute internal apps to internal employees, and the few individuals who were given the keys to sign these binaries were told the warning about what they could and could not do with them. It was made crystal clear that if we abused that cert, Apple could revoke it and put us into a world of pain.
If some rogue team just got ahold of the certificate and keys and signed binaries meant to be distributed to the public, it meant either a major internal security failure or a willful disregard of Apple’s policy on enterprise distribution.
The devs shouldnt be able to get important certs without justification. At that point someone should ask what they need it for, and doublecheck the license
But if you were one of the people in charge of the data tracking app, wouldn't you at least know that apple revoking the licence could be a possibility since you are explicitly breaching the agreement?
"Cleared by Legal" is (and has to be) a basic assumption when working on directed projects at real companies.
For me this disqualified the iOS platform for any software development. When they can do that with Facebook then the rest of us is just fucked up. With Android and Windows I currently at least have alternatives for distribution.
This is an example of the walled garden working exactly as intended by Apple. In this example I approve of it, but I agree that if you are developing for iOS you should be aware of the power Apple can exert on the platform.
I don’t see the problem. As a corporation you sign an agreement to use an Enterprise certificate to distribute your app internally. The rules are very clear. FB broke those rules. If you don’t break the terms of the agreement you’re in the clear.
Imagine Microsoft would shut down every computer who is not licensed properly. Without any joke, dead people are the result. For that reason you talk first and then act accordingly. Killing a business partner internal applications is very drastic behavior.
What do you think would happen if you used your Azure, AWS, or GCP account to knowingly do DDOS attacks?
Or more realistically if you do Pen testing on your own AWS resources without getting the approval of AWS and your entire organization is dependent on it? It is explicitly stated in your agreement with AWS that you can’t do that.
