With so much happening in the tech world, this week feels like it’s 21 days long. The highlight of the week has been the Facebook–Google–Apple saga that’s seen numerous developments with major privacy implications over just a few hours. There’s a lot to chew on in this story, so I’d like to present a timeline of events to help you catch up with what’s been going with these three tech giants over the past couple of days.
Late Tuesday night, TechCrunch published a sensational story detailing how Facebook paid $20 to users – some in their teens – to let the company monitor their activities on their iPhones. It used a rehashed VPN app, named it Facebook Research, circumvented the App Store to distribute it, and used non-Apple beta testing platforms like Applause, BetaBound, and uTest in order to avoid running afoul of Apple’s policies for software on its platform.
As part of what it called “Project Atlas,” Facebook asked testers to install the Research app via a URL and verify the app by installing a separate enterprise certificate and grant the app extensive permissions to monitor and access user data. Hours after the report was published, Facebook said it had shut down the Research app.
Now, ideally, iOS enterprise certificates are meant to allow developers to test apps internally within their organization, so that they can extensively test their software under real-world conditions. This helps ensure that the final version of the app that’s made available to users is bug-free.
According to Apple’s policy, a company can’t distribute apps to users, ask them to sign it with an enterprise developer certificate, and collect data. So the Cupertino-based company revoked Facebook’s enterprise developer certificate on Wednesday:
We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.
This step rendered all Facebook’s internal iOS apps ineffective, including the shuttle app it used for transporting staff between different parts of its massive headquarters. The company’s employees were understandably upset over the rift between the two firms; one of them told Business Insider, “This is probably one of the worse things that can happen to the company internally,” and “Apple hates Facebook so it is their attempt to take Facebook down.”
Meanwhile, TechCrunch found that Google also used Apple’s enterprise developer certificate to distribute a similar iOS app called Screenwise Meter. It rewarded users for granting access to their usage data on their phones. Google quickly apologized and shuttered the app.
Earlier this morning, Apple revoked Google’s enterprise developer certificate as well – rendering some of the early versions of Maps, Gmail, and the company’s internal cafeteria app unusable. Within hours, Google said in a statement that its enterprise certificate has been restored. Last night, Apple reinstated Facebook’s certificate as well.
While Apple did its job of keeping companies from misusing its enterprise developer program, some critics think that the iPhone-maker wields a lot of power over others.
Both @CaseyNewton and I have been getting this a lot, and it troubles me. If Apple is the player with the power to knock Facebook in line — certainly more power than our government! — than we should be as critical of that power as we are celebratory of it. https://t.co/BlKWReDxef
— nilay patel (@reckless) January 31, 2019
It’s surely necessary to keep companies like Apple in check, but in this particular instance, it was simply following its App Store guidelines.
If there’s one key takeaway from all this, it’s that Facebook needs to take a good, hard look at its methods of collecting and monetizing user data in order to keep shareholders happy. From that internal memo, it’s clear the company’s not apologetic about it.
It’s been a stressful week. Grab a drink, y’all.