Apple’s clash with Facebook and Google: What you need to knowDanny Smith November 9, 2020 0 COMMENTS
On Wednesday, Apple yanked enterprise certificates — digital signatures that both the tech giants used to run software on iPhones and iPads. That shut down internal apps employees at the companies used to communicate with their coworkers, find shuttle buses and test new features that could eventually be released to the public.
It proved to be more a show of power than long-term punishment. Apple, which did not respond to comment, restored both companies’ certificates by Thursday. Google said its internal apps are back up and running. Facebook confirmed Apple restored its certificates but said it did not have any new information to share.
Here’s what you need to know.
What’s going on?
The spat started after TechCrunch reported that Facebook had taken advantage of an Apple program that lets companies design apps for private corporate use, as well as test apps before they’re available to you. Using a certificate from Apple’s Developer Enterprise Program, Facebook distributed a market research app that gave the social network access to people’s phone and web activity, paying them as much as $20 a month. The data Facebook could view included web searches, location data and even private messages.
The situation got worse when Google revealed that it also used an enterprise certificate for a market research app called Screenwise Meter that gave the company access to a person’s phone activity. The search giant offered gift cards to people to download the app.
Apple determined that both companies had violated the rules of its Developer Enterprise Program because they distributed the apps to consumers instead of just employees. Apple blocked the apps by revoking the companies’ enterprise certificates — a move that shut down apps that Google and Facebook employees rely on at their campuses.
What’s an enterprise certificate anyway?
An iPhone won’t run an app unless it’s been signed using a cryptographic stamp of approval called a digital certificate. The certificate lets the iOS operating system verify that an app was written by an authorized party and hasn’t been tampered with. Apple signs software downloaded from the App Store with its own certificate. Apps distributed to consumers won’t get that certificate until it’s been vetted by Apple’s staff and made available through the App Store.
Companies have another way to get certificates, though. The Apple Developer Enterprise Program lets them apply for an Apple-supplied certificate for their software. To qualify, companies have to jump through some hoops, as well as pay $299 a year. Once they’ve qualified, they can use the certificate to approve and distribute software to iPhones and iPads for employee use.
If an employee doesn’t install this certificate, ‘these apps would show up as completely untrusted,’ said Navin Kumar, lead engineer at Insight Engines. ‘You wouldn’t be able to install or run them. Period.’
So how did Facebook and Google misuse their certificates?
They used their certificates to let people outside of their companies install apps on their iPhones without going through Apple’s app store and its approval process. That’s a big no-no.
Apple lays down rules in no uncertain terms: ‘Enroll in the Apple Developer Enterprise Program only if you intend to distribute proprietary apps to employees within your organization.’
Obviously, ordinary Facebook users don’t qualify as employees even if you’re paying them $20 a month to see how they use their phones.
What happens when an enterprise certificate is revoked?
iOS won’t run the corporate app. Apple supplies companies with enterprise certificates, and it can withdraw them too. When you try to run an an app signed with a revoked certificate, iOS will discover that it’s been revoked and refuse to run the software.
That means Apple can block the Facebook and Google market research apps from working for consumers. But the decision also means that apps used by Apple and Facebook employees stopped working.
Okay, but how does this affect me?
The good news is that Apple’s move didn’t affect other Facebook and Google apps consumers use. Those apps, which include Facebook, Instagram, Gmail and others, were still available in the App Store and running as usual. ‘This didn’t have an impact on our consumer-facing services,’ a Facebook spokesperson said.
Internally, though, the move disrupted the daily lives of Facebook and Google employees who test new products and features before they’re released to the public — a process known as ‘dogfooding.’ When Apple yanked the companies’ enterprise certificates, it could have slowed down the tech giants’ product development. As it turned out, though, the disruption only lasted about a day.