Did Apple Really Ban Facebook and Google’s Apps? Why?
As reported in TechCrunch Google and Facebook have been violating Apple’s policies, using apps that tracked user behavior outside Apple’s App Store. Apple temporarily banned Facebook and Google from running internal software, sending a strong message.
Facebook Tracked Users
Facebook likes to know more about its users and what the users do both on and off Facebook. That is the kind of nature Facebook has, so literally, it means they will even be interested to know if the users are using any alternatives social networking platform, if so why and when do they go there and what all they love to do.
To keep a better track of what their users are doing Facebook created “Facebook Research App” a volunteer program that functioned as a VPN when installing on phones. The VPN sent data to Facebook, the app also required users to install a root certificate, which allowed tracking data that would typically be encrypted. Volunteers had to choose to install the app, and received $20 a month in e-gift cards
Whether or not users fully understood how much data they are revealing is a matter of debate, but nevertheless, they don’t read past the $20 offer and hit the OK button.
Since Apple had earlier banned a similar VPN app from their App Store called Onavo, so this time Facebook didn’t distribute this app through Apple’s App Store, They distributed the app outside the App Store. Sideloading an app on iPhone normally isn’t easy, but Facebook had an advantage here. Apple had granted Facebook a special certificate allowing distribution of apps outside of App Store. The primary purpose of this process is for testing future apps.
Apple makes it clear certificates should remain internal to the company. Apple’s TestFlight is the only Apple-sanctioned method for beta testing with users, but retains strict limits and still relies on the App Store. Despite this rule, Facebook used the certificate to install their Facebook Research app on volunteer’s phones—volunteers who did not work for Facebook.
Apple Shut down Facebook Research App on iOS
Because of this violation, Apple revoked the certificate that makes these internal apps work. Apple’s actions did not block any Facebook apps available on the App Store, including Facebook, Messenger, and WhatsApp. Facebook has since shut down Facebook Research on iOS, but it still has a similar app on Android.
Apple reinstated Facebook’s ability to run internal apps about a day later, and all is normal again.
Google had a similar program called Screenwise Meter in place, and Google distributed it with the same certificate method on iOS. Google doesn’t seem to have monitored encrypted data. Apple also shut down Google’s internal iOS apps, citing the same violation of policies. Google pulled the Screenwise Meter iOS app.
Again, Google apps on the Apple App Store were unaffected by any of this. Google continues to offer Screenwise Meter on Android.
As far as both companies are concerned, paying users to collect this extensive data is perfectly fine. It’s similar to the Nielsen Company tracking TV watching habits, albeit on a larger scale. They’re not alone. If anything, compared to grocery store rewards cards, this is more transparent.
Apple not happy with policy violation
Apple wasn’t happy about how Facebook and Google violated enterprise licensing rules by distributing certificates to non-employees. Facebook did all this despite a direct warning from Apple that it bars this sort of data tracking. Apple managed to send a strong signal to Google and Facebook that this behavior was unacceptable.
Did Apple went overboard?
This event is a reminder that Apple has control over its operating system and the code that can run on it. Apple not only curates the apps allowed in the App Store but can remove and revoke access to those apps when necessary. Apple does this when malware is discovered in an app that slipped through, for example.
Apple probably received assurances that Facebook and Google would behave in the future before reinstating their ability to run internal apps, but we don’t know what was discussed between the companies.
Apple has always run iOS as a tightly controlled “walled garden” in contrast to the “wild west” of Google’s Android and by now we all sort of know what we’re signing up for. If Apple’s control of the operating system bothers you, at least you have an alternative: Android.
But this sort of control isn’t unique to Apple. While Google doesn’t curate the Play Store directly, it can and has removed apps from the store and user’s phones. Exercising this power is something Google does sparingly, and usually to remove malicious apps to protect users, but ultimately the effect is similar.
Julia Sowells827 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.