Apple has revoked Facebook's enterprise developer certificates after sideload violations [...
Apple has stopped Facebook from being able to use its internal apps by revoking its enterprise developer certificates, in response to reports the social network ignored guidelines relating to user privacy by distributing apps outside the app store, and paid users to install the spyware.
Source: TechCrunch
It was revealed yesterday Facebook paid users $20 to sideload a VPN onto their devices, allowing the social network to monitor what participants aged 17 to 35 did online. Claimed to be a "social media research study," the Facebook Research iOS app took advantage of Apple's Enterprise Developer Certificates to allow the apps to be distributed separately from the main App Store, as well as effectively providing root access to a user's device.
Since the discovery of the activity, The Verge reports access to early beta versions of Facebook, Instagram, Messenger, and other apps used internally are no longer able to launch on employee iPhones. The block also applies to other employee-specific apps not used by the public.
AppleInsider has been told by sources inside the company not authorized to speak on behalf of Facebook, that all the internal iOS apps used by employees are nonfunctional, including messaging, pre-release versions of consumer apps, file management, transportation facilitation, and other in-house utilities.
A statement provided by Apple to AppleInsider advises:
Public versions of the social network's apps are still available to download and use, as the revocation only applies to apps using enterprise certificates, not consumer-facing variants. That said, there may still be some impact, as it will affect the development of new features that may be added to apps in the future.
The distribution of the app uses beta testing services Applause, BetaBound, and uTest, rather than taking other official routes to get the app to its intended users. The App Store has stringent guidelines relating to privacy that the app may have fallen afoul of, while TestFlight is limited to a maximum of 10,000 users.
Update Jan. 30, 3:30 p.m. Eastern Time: Sources inside Apple not authorized to speak on behalf of the company have told AppleInsider that Facebook is trying to work out some arrangement to get the enterprise development certificate restored. A perusal of social media, however, suggests that the negotiations are taking a long time, or Apple has no interest in serious discussion at the moment.
The discovery of Facebook Research and the certificate abuse is the latest privacy-related scandal to hit the company. Most prominently was the Cambridge Analytica fiasco where user data was collected and used for political purposes, triggering scrutiny from governments around the world.
A report from December claimed Facebook had made special data sharing arrangements with other tech companies, enabling Facebook to collect more data on its users generated on Apple devices, without either Apple or the users' permission or knowledge.
That same month, Facebook admitted that as many as 6.8 million people may have been affected by a September bug that exposed more photographs than intended to third-party apps that used Facebook logins.
Source: TechCrunch
It was revealed yesterday Facebook paid users $20 to sideload a VPN onto their devices, allowing the social network to monitor what participants aged 17 to 35 did online. Claimed to be a "social media research study," the Facebook Research iOS app took advantage of Apple's Enterprise Developer Certificates to allow the apps to be distributed separately from the main App Store, as well as effectively providing root access to a user's device.
Since the discovery of the activity, The Verge reports access to early beta versions of Facebook, Instagram, Messenger, and other apps used internally are no longer able to launch on employee iPhones. The block also applies to other employee-specific apps not used by the public.
AppleInsider has been told by sources inside the company not authorized to speak on behalf of Facebook, that all the internal iOS apps used by employees are nonfunctional, including messaging, pre-release versions of consumer apps, file management, transportation facilitation, and other in-house utilities.
A statement provided by Apple to AppleInsider advises:
The revocation is a serious measure, as it has not only affected users who used the certificates to install the monitoring app, but also to internal tools being "dogfooded" by the company before being made public. The loss of multiple apps, including those used by employees as part of their job, is causing considerable disruption to work in Facebook, and could take a long time to rectify, if Apple permits it use of Enterprise Developer Program certificates again."We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple."
"Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data."
Public versions of the social network's apps are still available to download and use, as the revocation only applies to apps using enterprise certificates, not consumer-facing variants. That said, there may still be some impact, as it will affect the development of new features that may be added to apps in the future.
The distribution of the app uses beta testing services Applause, BetaBound, and uTest, rather than taking other official routes to get the app to its intended users. The App Store has stringent guidelines relating to privacy that the app may have fallen afoul of, while TestFlight is limited to a maximum of 10,000 users.
Update Jan. 30, 3:30 p.m. Eastern Time: Sources inside Apple not authorized to speak on behalf of the company have told AppleInsider that Facebook is trying to work out some arrangement to get the enterprise development certificate restored. A perusal of social media, however, suggests that the negotiations are taking a long time, or Apple has no interest in serious discussion at the moment.
The discovery of Facebook Research and the certificate abuse is the latest privacy-related scandal to hit the company. Most prominently was the Cambridge Analytica fiasco where user data was collected and used for political purposes, triggering scrutiny from governments around the world.
A report from December claimed Facebook had made special data sharing arrangements with other tech companies, enabling Facebook to collect more data on its users generated on Apple devices, without either Apple or the users' permission or knowledge.
That same month, Facebook admitted that as many as 6.8 million people may have been affected by a September bug that exposed more photographs than intended to third-party apps that used Facebook logins.
Comments
But they had no choice.
Facebook was soliciting children to hand over their personal data on an ongoing basis, and paying them to solicit other children.
Let that sink in for a second.
Whoever signed off on this should never work in social media again.
Bloomberg take note: that's what journalism looks like.
They were side-loading the app, the software didn't pass through Apple before it ended up on the phone. The use of vouchers was very clever, as it meant the whole thing could be kept a secret from the children's parents.
What Apple needs to do is tighten up the enterprise developer programme, but that will be tricky without causing pain to the other 99% of developers who don't see children as commodities.
Neither, since folk will still be able to access the site through Safari.
But well done you for showing support for using children as products.
In any case, this new Facebook example is exhibit A (or Z) to explain the difference between FB and AAPL.
Perfect time for Apple to introduce a social media platform pre-installed on all Apple devices. One tht works flawlessly across every damn Apple product.
Why do trolls have bad grammar? Like every damn time. Never fails.
But it's true Apple users make up 80% of most apps revenue. All Apple has to do is show a popup that describes what Facebook is guilty of every time you open their apps. Lawsuits, loss of revenue, users, trust. It could look like Myspace 2.0.
Of course Apple is doomed if they do, doomed if they don't.
Meanwhile every other tech company is allowing anyone to play in their playground.