Facebook and Google have been violating Apple's policies, distributing applications that track users' behavior outside the Apple App Store, according to TechCrunch reported. Apple temporarily banned Facebook and Google from running internal software, sending a strong message.
Users supervised by Facebook (with consent)
Facebook likes to know as much as possible about its users and how they spend their time, both on and off Facebook. Remember, despite what it says, Facebook customers are not you (the person who uses the social network), but the advertising networks and other companies interested in your data. Facebook also wants to know why and when it uses alternatives to the social network.
To better track what users are doing outside of Facebook, the company created a volunteer program called "Facebook Research Application" that worked as a VPN when installed on phones. The VPN sent data to Facebook, including visited websites, sent messages, photos, videos and more. The application also required users to install a root certificate, which allowed tracking of data that would normally be encrypted. The volunteers had to choose to install the application and received $ 20 a month in electronic gift cards
Whether or not the volunteers fully understood the amount of data they gave is questionable. The application had explanations and an agreement of terms of service, but, as we all know, many people do not read beyond the $ 20 offer; go directly to the OK button.
Early reports suggested that Facebook was specifically aimed at teenagers, but that does not seem to be the case, since the company has stated that most of the users were adults. Facebook also said that minors had to request parental permission, but some tests have shown that parental verification did not always work as expected and that a minor could enroll in the program without testing the consent of parents [19459013
Facebook abused a business tool
This is the key to understanding this story: Facebook did not distribute this application in the usual way through from the Apple App Store. Apple previously banned a similar VPN application owned by Facebook in its app store called Onavo Protect and changed its terms of service to limit data collection to only that directly related to the application.
Facebook avoided this problem by distributing the application outside of the App Store. Normally, the application of an iPhone application is not easy or direct for the average person, but Facebook has an advantage here. As a large company, Apple granted a special certificate that allows the distribution of applications outside the Apple App Store. The main purpose of this process is to test future applications (internal betas) and corporate access applications (such as a social network only for companies or a restaurant menu system of the company).
Apple makes it clear that these certificates are not to be delivered to average users, and that the applications created for these certificates must remain internal to the company. The Apple TestFlight is the only method approved by Apple for beta testing with users, but it maintains strict limits and still depends on the App Store. Despite this rule, Facebook used the certificate to install its Facebook research application on volunteer telephones, volunteers who did not work for Facebook.
Apple Internal Applications Shut Down Facebook
Due to this violation, Apple revoked the certificate that makes these Internal applications work. This broke the Facebook research application and the internal applications of Facebook, including the test applications, transport and restaurant menu. It is not clear how many employees were directly affected.
Apple shares did not block any Facebook applications available in the App Store, including Facebook, Messenger and WhatsApp. Since then, Facebook has closed Facebook Research on iOS, but still has a similar application on Android.
Apple restored Facebook's ability to run internal applications about a day later, and everything returns to normal.
Google had a tracking application, too
Google had a similar program called Screenwise Meter, and Google distributed it with the same certificate method on iOS. Google does not seem to have monitored the encrypted data. In addition, the initial volunteer in a household to enroll had to be over 18, and then that adult could add a minor. Similar to Facebook, Google paid volunteers $ 20 per month to provide their data.
Apple also shut down Google's internal iOS apps, citing the same policy violation, and Google removed the iOS Screenwise Meter application. Google stated that Screenwise Meter should not have been distributed in this way, and Apple has also restored internal Google iOS applications.
Again, Google applications in the Apple App Store were not affected by any of this. Google continues to offer Screenwise Meter on Android.
As far as both companies are concerned, paying users to collect this extensive information is perfectly fine. They are not alone. In any case, compared to the rewards cards of the grocery store, this is more transparent. It is similar to the Nielsen company that follows the habits of watching television, although on a larger scale.
Apple was not happy. Their policies were violated
Apple was not happy with the way Facebook and Google eluded their App Store policies, violating the company. License rules by distributing certificates to non-employees. Facebook did all this despite a direct warning from Apple that prohibits this type of data tracking.
By disabling the company's internal applications, Apple sent a direct message that this behavior was unacceptable. Apple managed to send a strong signal to Facebook and Google without really breaking the applications that normal users of Facebook and Google also depend on. You could still use Facebook applications on your iPhone, but employees could not launch their internal applications for a day or so.
Apple abused its power?
This event is a reminder that Apple has control over its mobile operation. System and the code that can be executed on it. Apple not only heals the applications allowed in the App Store, but it can also eliminate and revoke access to those applications when necessary. Apple does this when malware is discovered in a leaked application, for example.
The company intervened to enforce its policies, which Facebook and Google infringed. Apple probably received guarantees that Facebook and Google would behave in the future before restoring their ability to run internal applications, but we do not know what was discussed between the companies.
Apple has always run iOS as a closed garden and well controlled. "In contrast to the" wild west "of Google's Android and now we know what we are subscribing to, if Apple's operating system control bothers you, at least you have an alternative: Android.
But this type of control does not it is exclusive to Apple, although Google does not directly cure the Play Store, it can and has removed applications from the store and users' phones, the exercise of this power is something that Google does in moderation, and generally to eliminate malicious applications to protect to users, but ultimately, the effect is similar.