Yesterday, Apple cut off Facebook's enterprise distribution certificate after the social media giant was caught abusing it to collect user data. Google was subsequently caught doing the same thing and questions rapidly arose as to whether or not Apple would cut off Google's certificate as well. Now, it appears as though Apple has.
An Apple spokesperson gave me the following statement:
We are working together with Google to help them reinstate their enterprise certificates very quickly.
UPDATE: Both Facebook and Google spokespeople have now confirmed they've gotten their certificates restores. Now, we'll have to wait and see if any lessons have been learned.
The Verge has the background:
Apple has now shut down Google's ability to distribute its internal iOS apps, following a similar shutdown that was issued to Facebook earlier this week. A person familiar with the situation tells The Verge that early versions of Google Maps, Hangouts, Gmail, and other pre-release beta apps have stopped working today, alongside employee-only apps like a Gbus app for transportation and Google's internal cafe app.
"We're working with Apple to fix a temporary disruption to some of our corporate iOS apps, which we expect will be resolved soon," says a Google spokesperson in a statement to The Verge. Apple has not yet commented on the situation.
This follows the revelation by TechCrunch that Google was also violating Apple's Enterprise Distribution program to collect information from iOS users, although in a way slightly less egregious than Facebook was caught doing just the day before.
Google has been running an app called Screenwise Meter, which bears a strong resemblance to the app distributed by Facebook Research that has now been barred by Apple, TechCrunch has learned.
In its app, Google invites users aged 18 and up (or 13 if part of a family group) to download the app by way of a special code and registration process using an Enterprise Certificate.
The company said in a statement to TechCrunch:
"The Screenwise Meter iOS app should not have operated under Apple's developer enterprise program — this was a mistake, and we apologize. We have disabled this app on iOS devices. This app is completely voluntary and always has been. We've been upfront with users about the way we use their data in this app, we have no access to encrypted data in apps and on devices, and users can opt out of the program at any time."
The Facebook violation, in case anyone's lost track in this whiplash of a news week, was discovered by TechCrunch just the day before:
Desperate for data on its competitors, Facebook has been secretly paying people to install a "Facebook Research" VPN that lets the company suck in all of a user's phone and web activity, similar to Facebook's Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.
Facebook admitted to TechCrunch it was running the Research program to gather data on usage habits.
Apple then removed the certificate Facebook had been abusing. Apple's statement:
We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.
Now, it appears like Apple has done the same thing to Google's certificate.
Of course, this is getting headlined as "Apple is breaking Facebook and Google's internal apps", which to me is kinda all shades of counter-factual.
It was Facebook and Google's choice to tie these data harvesting apps to their main Enterprise distribution certificate. Apple didn't make them do that. They chose to do that and for reasons of their own choosing. (There's a theory being floated that Facebook, at least, did it intentionally on the hopes it would make Apple hesitant to take action, but it's just as likely they were dumb, lazy, or simply didn't consider it instead.)
The bottom line is, though, that if you're going to run a red light, don't do it in your work car. Because, if that work car gets impounded, and your ability to make deliveries suffers, it's nobody's fault but your own.
Now, all that remains to be seen is whether or not these are time outs or full on cut offs.