Apple Kills Facebook’s Internal Apps on iOS

[RejZoR]

11 hours ago, straight_stewie said:

No, we don't know that. To date, there hasn't been a single incident in which Facebook was knowingly handing over users information that the users didn't give them permission to use.

Of course not. It's always some "undocumented glitch" that causes it to happen. Like that second time after Cambridge Analytica where user data was just openly and entirely accessible to developers if user gave permission to use some service. How do you design an API that just hands over all access to user just by using some 3rd party app? Either Facebook is doing it on purpose or they are monumental idiots and shouldn't be doing what they are doing because its out of their capabilities and knowledge.

[Ashleyyyy]

8 hours ago, jagdtigger said:

Since most google stuff is registered as system app they can do it, even apple could do it(no doubt about it). But if you revoke it from a normal app it cant access any of it. Especially on a AOSP based ROM.

still though. if you tell google don't track my location they straight up don't listen. 

[mr moose]

3 hours ago, ARikozuM said:

Selling implies there's the benefit of monetary or goods to be gained. This data is ongoing and should be paid in an ongoing manner. But that's a long-winded argument. If T&C's are legally binding, I don't think that Facebook should be allowed to skirt Apple's T&C, which includes this. This is also an issue for teens as many countries have the consenting age at the higher end of the teens (aside from Japan). 

 

Is it actually against Apples T&C though,  they did not steal data nor did they take data without specific user notification and consent before installation of the app.  Which term did they break?

 

Besides that, even if they did break a term or condition, how does this justify taking away the rights of everyone else.  What if I want to sell my data to a greedy corporate monopoly who owns the government? is't that my right?  Why does apple get to decide if I am or am not allowed to do that? 

 

Also age of consent is moot because it appears Facebook specifically called for account evidence that people under age of consent had parental permission.  If a law has been broken than have them charged otherwise this is little more than apple dictating who can put apps on their phones.  And while I generally hold that apple should be allowed to control their own product, it would be no different the Microsoft dictating who can and can't install apps in windows.  

[Thony]

I am very pleasantly surprised by this move. 

[Ashleyyyy]

1 hour ago, Thony said:

I am very pleasantly surprised by this move. 

why? Apple has been pushing hard on privacy for a while. there was that whole thing with the FBI a few years back as well. that really gave me a lot of confidence in Apple caring about my privacy.

[Thony]

1 hour ago, firelighter487 said:

why? Apple has been pushing hard on privacy for a while. there was that whole thing with the FBI a few years back as well. that really gave me a lot of confidence in Apple caring about my privacy.

The FBI thing was them denying the fact they could use backdoor to access the phones data. The phone they created, the OS they created. Bunch of BS.

[Bruke53]

9 hours ago, mr moose said:

 

Is it actually against Apples T&C though,  they did not steal data nor did they take data without specific user notification and consent before installation of the app.  Which term did they break?

 

Besides that, even if they did break a term or condition, how does this justify taking away the rights of everyone else.  What if I want to sell my data to a greedy corporate monopoly who owns the government? is't that my right?  Why does apple get to decide if I am or am not allowed to do that?  

The way Facebook had implemented the system, it was 100% against Apple's T&C. Large companies can use Apple's Enterprise program to better be able to manage their own devices (such as employee iPhones). This is implemented by Apple providing Facebook (or whatever company) a secure certificate to sign their apps with. Part of the T&C of the enterprise program is that these certificates/ privileges are only to be used on internal devices. So Facebook can only install their custom applications on devices internal to the company. In order to install this data tracking application, Facebook was using their internal certificate to perform the install. Misusing that certificate was what broke Apple's T&C, and Apple de-authenticated the certificate because of it. Ironically, it killed all of the applications the Facebook had signed with that certificate, causing them to no longer work. Not a fun day to be Facebook.

 

 Facebook could have gone through the proper process to have the app on Apple's App Store. Nothing was preventing them from doing so. Apple takes their devices security very seriously, and anytime anyone is circumventing the security they take action, especially if it is impacting their customers. I'm sure that Facebook was not completely forthcoming to the people that installed the app about the implications of their data collection. I am certain that it would have been a very long contract with lots of hidden caveats that would not be apparent to the end user. Facebook has already been under scrutiny over their own T&C. Though the end user may have agreed to it, there is discussion happening regarding whether end user's are bound, as no proof can be made whether they actually read the contract.

 

In terms of your comment about Apple "taking away your right", their device their rules. You, as an individual, are more than welcome to sign whatever contract you want to with Facebook or any other corporation for that matter. Because Facebook was not within the T&C of Apple's program, Apple had every right to pull the certificate. Both parties agreed to a set of rules and one party broke their agreement. Additionally, Apple maintains every right to block certain use on any iPhone. If you read the terms and conditions of using iOS, which is a requirement on an iPhone (or any i device), you will find that Apple reserves the right to govern the activity and use of the device. So, like I said earlier, you are welcome to enter into any contract you want to with Facebook, but if you are using an iPhone, Apple can say, "Not on my device you aren't."

[Commodus]

9 hours ago, mr moose said:

 

Is it actually against Apples T&C though,  they did not steal data nor did they take data without specific user notification and consent before installation of the app.  Which term did they break?

 

Besides that, even if they did break a term or condition, how does this justify taking away the rights of everyone else.  What if I want to sell my data to a greedy corporate monopoly who owns the government? is't that my right?  Why does apple get to decide if I am or am not allowed to do that? 

 

Also age of consent is moot because it appears Facebook specifically called for account evidence that people under age of consent had parental permission.  If a law has been broken than have them charged otherwise this is little more than apple dictating who can put apps on their phones.  And while I generally hold that apple should be allowed to control their own product, it would be no different the Microsoft dictating who can and can't install apps in windows.  

The main violation is a fairly pedestrian one: Facebook was using its enterprise certificate to distribute an app to people outside the company.  It was an end-run around the App Store to dodge Apple's privacy rules.  What I can't believe is that Facebook was so stupid as to jeopardize its ability to test regular iOS apps just so it could get some questionable market research.

 

As for age of consent, there are a few problems.  While Facebook says parents signed permission forms, I've seen at least one instance where someone could sign up as a teen without requiring that form.  Also, signing a consent form doesn't necessarily mean the parents or the kids understand what's going on.  Something tells me many parents wouldn't be keen on the research app if they knew that it tracked activity in detail across the entire phone.

[Ashleyyyy]

1 hour ago, Thony said:

The FBI thing was them denying the fact they could use backdoor to access the phones data. The phone they created, the OS they created. Bunch of BS.

no it was them saying if we make a backdoor hackers will find it at some point and that's bad. 

[captain_to_fire]

1 hour ago, Thony said:

The FBI thing was them denying the fact they could use backdoor to access the phones data. The phone they created, the OS they created. Bunch of BS.

If you actually read the news way back in 2015, Apple admitted that they can create a backdoored iOS with the security features disabled. But they’re not doing it despite the multiple subpoenas they received. 

https://www.apple.com/customer-letter/answers/ 

Quote

Is it technically possible to do what the government has ordered?

Yes, it is certainly possible to create an entirely new operating system to undermine our security features as the government wants. But it’s something we believe is too dangerous to do. The only way to guarantee that such a powerful tool isn’t abused and doesn’t fall into the wrong hands is to never create it.

 

[mr moose]

2 hours ago, Bruke53 said:

The way Facebook had implemented the system, it was 100% against Apple's T&C. Large companies can use Apple's Enterprise program to better be able to manage their own devices (such as employee iPhones). This is implemented by Apple providing Facebook (or whatever company) a secure certificate to sign their apps with. Part of the T&C of the enterprise program is that these certificates/ privileges are only to be used on internal devices. So Facebook can only install their custom applications on devices internal to the company. In order to install this data tracking application, Facebook was using their internal certificate to perform the install. Misusing that certificate was what broke Apple's T&C, and Apple de-authenticated the certificate because of it. Ironically, it killed all of the applications the Facebook had signed with that certificate, causing them to no longer work. Not a fun day to be Facebook.

 

 Facebook could have gone through the proper process to have the app on Apple's App Store. Nothing was preventing them from doing so. Apple takes their devices security very seriously, and anytime anyone is circumventing the security they take action, especially if it is impacting their customers. I'm sure that Facebook was not completely forthcoming to the people that installed the app about the implications of their data collection. I am certain that it would have been a very long contract with lots of hidden caveats that would not be apparent to the end user. Facebook has already been under scrutiny over their own T&C. Though the end user may have agreed to it, there is discussion happening regarding whether end user's are bound, as no proof can be made whether they actually read the contract.

Now if we consider that facebook was paying those people to use this app for data collection, then it is an internal tool, it was sent out to the general public only those who were signed up and paid to use it.   Big fat grey area.

 

2 hours ago, Bruke53 said:

In terms of your comment about Apple "taking away your right", their device their rules. You, as an individual, are more than welcome to sign whatever contract you want to with Facebook or any other corporation for that matter. Because Facebook was not within the T&C of Apple's program, Apple had every right to pull the certificate. Both parties agreed to a set of rules and one party broke their agreement. Additionally, Apple maintains every right to block certain use on any iPhone. If you read the terms and conditions of using iOS, which is a requirement on an iPhone (or any i device), you will find that Apple reserves the right to govern the activity and use of the device. So, like I said earlier, you are welcome to enter into any contract you want to with Facebook, but if you are using an iPhone, Apple can say, "Not on my device you aren't."

 

  It's not apples device once you pay for it, it's the customers device.  you are ignoring the bigger picture here.  what you are essentially arguing is that because apple made it then they can decide what you use it for. That's Bullshit in the highest order.  Imagine if Microsoft told you you weerean't allowed to run discord, or use windows to play games not bought through their store?  What if google said every android device from now on could only install programs through the play store and you had to share user data to do it? 

 

 

 

2 hours ago, Commodus said:

The main violation is a fairly pedestrian one: Facebook was using its enterprise certificate to distribute an app to people outside the company.  It was an end-run around the App Store to dodge Apple's privacy rules.  What I can't believe is that Facebook was so stupid as to jeopardize its ability to test regular iOS apps just so it could get some questionable market research.

 

As for age of consent, there are a few problems.  While Facebook says parents signed permission forms, I've seen at least one instance where someone could sign up as a teen without requiring that form.  Also, signing a consent form doesn't necessarily mean the parents or the kids understand what's going on.  Something tells me many parents wouldn't be keen on the research app if they knew that it tracked activity in detail across the entire phone.

 

 

I think I could come at it as a pedestrian violation (one with some grey area to it).

 

 

 

To the rest of the thread:

 

I can't believe people actually think that being allowed to install your own apps on a phone is a privilege, we should be grateful that apple have allowed us to use the apps they permit us to use.   And to think people shit on MS for this sort of thinking

[Ashleyyyy]

8 minutes ago, mr moose said:

And to think people shit on MS for this sort of thinking

the problem with MS is that their store offers nothing decent. it's why Windows mobile died. there were no good apps for it. 

 

the problem with Google is that the play store has malware in it, even on the trending page sometimes. 

 

do i like Apple's locked down ecosystem? yes. why? i've never wanted to install something that i couldn't install that was available on Android (ignoring the apk thing because that's insecure as all hell) and i feel way more comfortable and secure on iOS because it is so locked down. 

[mr moose]

1 minute ago, firelighter487 said:

the problem with MS is that their store offers nothing decent. it's why Windows mobile died. there were no good apps for it. 

 

the problem with Google is that the play store has malware in it, even on the trending page sometimes. 

 

do i like Apple's locked down ecosystem? yes. why? i've never wanted to install something that i couldn't install that was available on Android (ignoring the apk thing because that's insecure as all hell) and i feel way more comfortable and secure on iOS because it is so locked down. 

That doesn't address the argument that any company has the right to dictate what programs you get to install on your device.

 

 

 

 

[Ashleyyyy]

Just now, mr moose said:

That doesn't address the argument that any company has the right to dictate what programs you get to install on your device.

for me it depends why. if it is to adress security then sure. they can tell me not to install something becuase of security. that's fine. 

 

for any other reason though i dislike it.

[mr moose]

Just now, firelighter487 said:

for me it depends why. if it is to adress security then sure. 

It does not address security in this topic.  

I can understand apple protecting their product and reputation by disallowing apps that actually do harm.  Malware is a good example of that.  But dictating that people can't knowingly and voluntarily install an app is BS.

[Ashleyyyy]

24 minutes ago, mr moose said:

It does not address security in this topic.  

I can understand apple protecting their product and reputation by disallowing apps that actually do harm.  Malware is a good example of that.  But dictating that people can't knowingly and voluntarily install an app is BS.

if that app goes against Apple's reputation for respecting user's privacy i can completely understand. Apple has a lot of trust from their consumers to protect their privacy and if they allow apps that violate all of those values then i understand them banning the apps. 

 

this can only make everything better for everyone. if apple does this and tells the developer that if they want to be on the app store then they shouldn't spy on people that can only be a good thing. 

[79wjd]

53 minutes ago, firelighter487 said:

if that app goes against Apple's reputation for respecting user's privacy i can completely understand. Apple has a lot of trust from their consumers to protect their privacy and if they allow apps that violate all of those values then i understand them banning the apps. 

 

this can only make everything better for everyone. if apple does this and tells the developer that if they want to be on the app store then they shouldn't spy on people that can only be a good thing. 

If people CHOOSE to install monitoring software then that's their prerogative. Again, personal responsibility.

[Linus_torvalds]

On 1/30/2019 at 10:38 PM, DrMacintosh said:

Now imagine what FaceBook does on Android devices

 

LOL you just can't stop trying to make android users believe that iphone is better then android.

Android is linux. Linux > any other OS EVER CREATED. Go pay premium for flexgate macbooks, shitty keyboards and designed to break hardware. If you break rear glass on newer iphones it costs 499$ to change it. LOL JUST A GLASS!

 

I FUCKING LOVE apple because it ripps off their users like you, who do not understand anything in tech.

[DrMacintosh]

27 minutes ago, mate_mate91 said:

Linux > any other OS EVER CREATED

[Curufinwe_wins]

2 hours ago, mr moose said:

It does not address security in this topic.  

I can understand apple protecting their product and reputation by disallowing apps that actually do harm.  Malware is a good example of that.  But dictating that people can't knowingly and voluntarily install an app is BS.

The only reason this issue is officially an issue is because the enterprise certificate is not supposed to be used outside of the companies internal apps. As soon as they pay any member of the general populous (Apple argues) those apps are external and thus no longer valid for the cert. I think you could make the argument that paying a person to 'beta-test an application' makes them a company contractor, but clearly that argument isn't working for Apple.

 

I think maybe that FB tried to push back with something like that, and that is why Apple (from internal company leaks) is looking to dramatically impose their will and direct meaningful punishment onto FB. Unlike the Google situation (where before Apple even did anything, Google pulled the App and apologized to users and Apple for invalidly using the enterprise certificate). In the Google situation, Apple gave an official statement to the press saying they are working to rapidly restore Google's enterprise certificate. For FB, Apple had made no such statement, and internal sources suggest Apple is intentionally dragging their feet on getting it back up, once they are back in compliance.

 

At least officially, consumer privacy has NOTHING to do with this case. PR plays very well for Apple because that is how the public will take it regardless, but there were no privacy violations in the applications (that we have yet heard of.)

[suicidalfranco]

2 hours ago, firelighter487 said:

if that app goes against Apple's reputation for respecting user's privacy i can completely understand. Apple has a lot of trust from their consumers to protect their privacy and if they allow apps that violate all of those values then i understand them banning the apps. 

then where's the ban on the facebook app, facebook messanger, twitter, instagram, snapchat, every g app and whatever social network app that is on vogue currently

[mr moose]

6 hours ago, firelighter487 said:

if that app goes against Apple's reputation for respecting user's privacy i can completely understand. Apple has a lot of trust from their consumers to protect their privacy and if they allow apps that violate all of those values then i understand them banning the apps. 

 

this can only make everything better for everyone. if apple does this and tells the developer that if they want to be on the app store then they shouldn't spy on people that can only be a good thing. 

This has nothing to do with respecting privacy, the people could only get the app if they entered into a contract with Facebook.

 

3 hours ago, Curufinwe_wins said:

The only reason this issue is officially an issue is because the enterprise certificate is not supposed to be used outside of the companies internal apps. As soon as they pay any member of the general populous (Apple argues) those apps are external and thus no longer valid for the cert. I think you could make the argument that paying a person to 'beta-test an application' makes them a company contractor, but clearly that argument isn't working for Apple.

 

I think maybe that FB tried to push back with something like that, and that is why Apple (from internal company leaks) is looking to dramatically impose their will and direct meaningful punishment onto FB. Unlike the Google situation (where before Apple even did anything, Google pulled the App and apologized to users and Apple for invalidly using the enterprise certificate). In the Google situation, Apple gave an official statement to the press saying they are working to rapidly restore Google's enterprise certificate. For FB, Apple had made no such statement, and internal sources suggest Apple is intentionally dragging their feet on getting it back up, once they are back in compliance.

 

At least officially, consumer privacy has NOTHING to do with this case. PR plays very well for Apple because that is how the public will take it regardless, but there were no privacy violations in the applications (that we have yet heard of.)

 

In the grey area that is this debate that is what I argue, however I argue it not because I care about facebook (I really don't like them), but the wider implication of apple (or any company) being able to dictate what apps you can and can't use on your phone.

[D13H4RD]

5 hours ago, mate_mate91 said:

LOL you just can't stop trying to make android users believe that iphone is better then android.

Android is linux. Linux > any other OS EVER CREATED. Go pay premium for flexgate macbooks, shitty keyboards and designed to break hardware. If you break rear glass on newer iphones it costs 499$ to change it. LOL JUST A GLASS!

 

I FUCKING LOVE apple because it ripps off their users like you, who do not understand anything in tech.

*rolls eyes*

 

Does this have to happen? Like really?