
Apple blocks Google from running its internal iOS apps - rising-sky
https://www.theverge.com/2019/1/31/18205795/apple-google-blocked-internal-ios-apps-developer-certificate
======
askafriend
Let’s say you’re using a Google API like Maps, and you violate terms by
snapshotting sections of their maps and storing them on your severs so you can
serve static maps without making API calls. They’d shut down your API access
immediately

Google and Facebook both knew the terms. They both knew that the Enterprise
Distribution Program was for internal use only. They still put ads out in the
wild to recruit regular consumers to use internal apps which is beyond the
scope of the program. Why would the certificates not be revoked?

I don’t understand people who are acting offended that Apple is enforcing the
clear terms of service it laid out.

~~~
blhack
Because lots of people still think that if you own a piece of hardware, you
should be able to run whatever code you want on it.

~~~
51lver
You're not wrong, you're just in the wrong place. Apple is the sysadmin and
the phone holders are the users. They WANT apple looking out for them. Anyone
who says otherwise stupidly wasted $1000 when they could have bought any
number of unlockable devices for that money.

I say this with an unlocked and de-googled android phone next to me, and
several hacked arm devices at home. I OWN THEM, with no doubt, so I agree with
you in a different world.

~~~
wutbrodo
Is this true of people who voluntarily signed up to be paid for data
collection? It's like saying that Nielsen panelists need to be protected from
Nielsen by Vizio. (Insert standard caveat about the degree to which kids'
autonomy is in the hands of their parents).

~~~
Legogris
An important difference that Nielsen doesn't have an agreement with Vizio that
they broke and the "protection" being Vizio terminating their end of that
agreement as a response.

~~~
wutbrodo
As much as I dislike Apple, its amorality, its attitude towards it users, its
effect on the markets it's in, etc, I don't have any disagreements with
Apple's actions here: Facebook/Google violated their license, so Apple revoked
them.

But the terms of this license are by no means "protecting" users who
voluntarily chose to install these apps for payment. A license can have
multiple legitimate purposes, including protecting the business interests of
the licenser. There's no need to pretend that Apple is protecting users in
order to defend their actions here.

~~~
Legogris
Indeed. The violation here really has nothing to do with protecting users, as
you say, it's more of a positive side-effect. On the other hand, if it weren't
for that aspect, the press-coverage that sparked Apple's revokal would most
likely not have happened.

Apple found themselves in a position were doing "the good thing" aligned with
business.

------
zapzupnz
Yeah, this is pretty clear cut. Apple has rule. Facebook and Google agree to
rule. Facebook and Google violate rule. Apple enforces rule.

This isn't some grey area where the details are difficult to ascertain.
Everything is pretty clear; the enterprise app distribution service is most
assuredly _not_ for distributing apps that break the App Store rules to
_customers_. This isn't difficult to understand, so I'm struggling to see
where people are trying to find some sort of detail to exonerate two well-
known, repeated rule breakers, violators of personal privacy, and altogether
companies who think their size puts them above reproach.

I mean, when Apple makes a big screw up, everybody leaps on it, even when it's
just based on unconfirmed (and sometimes fabricated, like the journalist
reporting on conditions in the Foxconn factories) reports; but if it's
Facebook or Google, somehow they're underdogs with clean records, deserving of
the benefit of the doubt? I don't swallow it.

How about we all just pass judgement equally upon the big companies, Apple
included, for their foibles? But let's also take into account when these
companies have been caught red-handed before, and if the best punishment we
could muster was a slap with a wet bus ticket, let's not umm and ahh about why
they think they can get away with their behaviour, and not be at all surprised
when finally someone takes a stand on their own territory.

~~~
Despegar
If you're Facebook or Google you're used to being able to dictate terms to
others. But there's always a bigger fish and in this case it's Apple.

They're outraged because they have no recourse. What they usually do to users
or partners, dictate take-it-or-leave-it terms, is being done to them. They
can't even complain to antitrust regulators because Apple is only lord of its
own kingdom (which doesn't have market dominance).

~~~
benologist
If anything Google should be grateful Apple's support isn't as deliberately-
shit as their own fake support system, they may yet resolve this instead of
being banned for life.

~~~
xd1936
Company-on-company support is an entirely different thing from customer
support. These are developers with direct lines to one another. Google isn't
filing a support ticket at an Apple Store.

~~~
chris_wot
Tell that to GSuite customers. The service can be... spotty.

~~~
xd1936
I am one of said customers.

I think our support that we get is probably quite different than the support
Apple gives to the developers of Google and Facebook, who make most of the top
10 apps downloaded from the App Store.

------
GeekyBear
Google immediately admitted that they were aware that what they had done
violated those terms.

>A Google spokesperson told The Verge, “The Screenwise Meter iOS app should
not have operated under Apple’s developer enterprise program — this was a
mistake, and we apologize.

[https://www.theverge.com/2019/1/30/18204064/apple-google-
mon...](https://www.theverge.com/2019/1/30/18204064/apple-google-monitoring-
phone-usage-screenwise-meter)

~~~
ocdtrekkie
And so they should be fully understanding why Apple enforced them.
Furthermore, the terrifying level of abuse of the Screenwise program has been
going on a really, really long time:
[https://arstechnica.com/gadgets/2012/02/google-paying-
users-...](https://arstechnica.com/gadgets/2012/02/google-paying-users-to-
track-100-of-their-web-usage-via-little-black-box/)

It's hard to tell exactly how long the iOS app has been available, but I found
version 7.x of the Android app all the way back in 2015 on APKmirror (it's
archive only goes back so far). So presumably the mobile app strategy has been
around a long time.

~~~
vilhelm_s
How is that "terribly abusive"? People are getting paid to participate, to me
that seems like a higher level of informed consent and more ethical than other
forms of user tracking.

~~~
_underfl0w_
I believe the parent was referring to Google having "abused" Apple's
Enterprise Cert program - which is the central crux of both this article and
the majority of commentary here on HN.

~~~
ehsankia
I don't think so, the article linked talks about the other ways the program
worked. That specific one refers to the free router they would send users.
That has nothing to do with Apple whatsoever.

------
_bxg1
I feel less vengeful satisfaction from this one, but I respect that they're
applying their rules consistently. I just hope it doesn't backfire. On a
totally personal level, I'd rather Facebook feel the hurt for its audacity
than Apple be forced to backtrack because they made too many enemies.

~~~
jdietrich
It's worth bearing in mind that Google pay Apple billions of dollars a year to
be the default search engine on iOS. To my eyes, Apple clearly have the upper
hand in this relationship.

[https://www.theinquirer.net/inquirer/news/3063669/google-
is-...](https://www.theinquirer.net/inquirer/news/3063669/google-is-paying-
over-gbp16bn-to-apple-for-two-years-as-safaris-primary-search-engine)

~~~
nostrademons
Android has 85% of the worldwide smartphone market. Apple doesn't exactly have
the upper hand in the relationship, but they have enough leverage to make it
sting if they decide not to cooperate and to force a reasonable settlement.

In my mind, a reasonable settlement includes not installing spyware on users'
iPhones through the enterprise development program, so it looks like they're
doing precisely that.

~~~
zapzupnz
> Android has 85% of the worldwide smartphone market

I think a mistake to make here is thinking that Apple gives a toss.

~~~
kodablah
In fact, one could reasonably say Apple actively tries not to obtain too large
of a market percentage to avoid laws affecting monopolies.

~~~
jimmy1
> In fact, one could reasonably say Apple actively tries not to obtain too
> large of a market percentage to avoid laws affecting monopolies.

I would say rather to avoid laws it's to avoid appearing as a commodity and
losing its "fashion" or "hip" status. If everyone has an iPhone suddenly it is
less desirable to own an iPhone.

~~~
BuckRogers
Yeah, I feel that way about my microwave too. Your analogy may have applied at
one point in time but not now.

------
dombili
I don't want to pass judgment on whether Google (or in the previous case,
Facebook) was in the wrong, but it doesn't sit well with me that Apple wields
so much power on what software their phones can run _after_ it sells them. You
may very well think that they're using their power sparingly and benevolently,
but who is to say that will be the case next time around?

~~~
_bxg1
I used to feel that way, and I used Android for years for that reason. But
since switching to an iPhone, I've found that what I really want from my phone
is not a totally open platform, but a tool that's simple, secure, and
effective. Something I don't have to mess with, something I can trust to do
its job and respect my privacy and be pleasant to interact with. They tried
going that direction a bit with macOS when they launched its App Store, and
there's a reason that pretty much failed. Workstations need to be totally
user-controlled, but phones don't.

~~~
klodolph
I'm not sure I quite understand your complaint about the Mac's App Store. I
want to have free reign on my workstation, but part of that is I want to be
able to limit the amount of access that programs have. The big difference with
the App Store, from my perspective, is that I know that the applications are
sandboxed, signed, and someone out there can revoke the code signing
certificate.

This is basically what I want, most of the time, and it's hard to achieve it
outside the App Store.

~~~
saagarjha
Fun fact: not all apps on the App Store are sandboxed. Some older apps, that
were released before sandboxing was a requirement, were "grandfathered" in.

~~~
walterbell
Any examples?

------
stevenjohns
Extremely happy with my decision to get an iPhone. Events like these are what
is going to keep me as a customer moving forward, too.

I unplugged[0] from Google Last year - went DDG for search, went to iOS,
dropped gmail for fastmail, etc. As time goes on I’m continually reaffirmed
that I made the right decisions.

[0] I still use some Google services, like YouTube, frequently, some of my
mail still goes through Gmail, albeit forwarded to my Fastmail account, and I
occasionally use Maps.

~~~
grumpopotamus
Is getting an iPhone the only reasonable path? I tried this briefly on
Android, but various other apps started complaining that Play was not
installed.

~~~
stevenjohns
It's not the only reasonable path, of course. There are heavily de-Googled
versions of Android out there as well.

In this case I'm voting with my dollars and paying a premium for a device made
by a company that is, at least overtly, pushing for a bare minimum level of
support for their customers.

It certainly doesn't hurt that they're nice phones too, though.

------
arduinomancer
I don't get how everyone working on these apps thought there would be no
issues doing this.

"Yup, getting consumers to bypass the app store and side-load our app is
perfectly reasonable, no issues here. No way this could possibly backfire."

Only thing I could see is the PM's didn't actually understand what the
enterprise certificate program was supposed to be for.

~~~
basil-rash
I very much doubt it was a PM in charge of reading the TOS for the enterprise
certificate program. When you need to sign a contract on behalf of your
(multinational, FAANG) company, you get your legal team to go over it.

~~~
javagram
The legal team would have reviewed the TOS but they probably weren’t looped in
when some PM got the idea to use the certificate for this purpose.

In my own experience people often avoid consulting legal when they think they
can get away with it (or don’t realize they need to), although I’m sure it
varies a LOT based on company culture.

------
roenxi
It isn't relevant here if Apple is justified or not, if Google is trustworthy
or not or if terms of service are enforceable or not.

This is what might be called a classic Stallman effect, where it has been
pointed out since the mid-90s that if you don't have a few basic freedoms [0]
then at some point an external party will shut you down for reasons you don't
like. Google is in a lousy strategic position on this one because they gave up
software freedom because Apple didn't seem like a threat at the time. They are
lucky their internal apps were not being particularly targeted, I suppose.

This is why a good military plans on capabilities, not intents.

[0] [https://www.gnu.org/philosophy/free-
sw.en.html](https://www.gnu.org/philosophy/free-sw.en.html)

------
ancorevard
Got to give Apple credit for staying consistent.

One thing is to break the rules Apple put down to keep iOS users safe and
secure which is what Apple is targeting here, but another thing is just being
stupid and unethical.

Regardless of their (FB+G) cries of "they consented to it", who really thinks
a 13 year old understand the technical implications of installing a root
certificate on their iPhone?

~~~
yuchi
No root cert was involved. Apps built with an enterprise distribution profile,
once correctly signed, can be installed on _any_ device. The limit is that it
must be an employee’s device. This last rule, broken by GOOG and FB, is
exclusively enforced through legal actions.

~~~
saagarjha
The root certificate was for intercepting traffic, not installing the app.

~~~
yuchi
Sorry! Missed the point entirely

------
deca6cda37d0
Big companies should be treated the same way as small developers. I'm glad
Apple applies the rules to everyone :-)

~~~
oldgradstudent
Wouldn't Apple close the developer account for a violation by a small
developer rather than just revoking their enterprise certificate?

------
minimaxir
I called it last thread
([https://news.ycombinator.com/item?id=19038328](https://news.ycombinator.com/item?id=19038328)),
but I'm legit impressed Apple went through with it.

This might open the floodgates for Apple to shut down even more certs.

~~~
smitty1110
More than that, I think this will result in Apple being a bit less laissez
faire about what companies do with their certificates. I think they may even
look to change the system, maybe make it so that enterprise certificates have
to register the devices they are installed on.

~~~
noja
Exactly.

I expect in future you'll need to push these apps to the official app store,
but have the ability to restrict who downloads them (to registered devices, or
accounts - like with the Play Store beta program).

------
watertom
IF you really want to get scared about content theft, you should read the
terms of service for Grammerly. Their plug in scans everything data input
window and by using the service you agree to the following:

"By uploading or entering any User Content, you give Grammarly (and those it
works with) a nonexclusive, worldwide, royalty-free and fully-paid,
transferable and sublicensable, perpetual, and irrevocable license to copy,
store and use your User Content (and, if you are an Authorized User, your
Enterprise Subscriber’s User Content) in connection with the provision of the
Software and the Services and to improve the algorithms underlying the
Software and the Services."

If you were to write a book online using Grammerly they would have the full
rights to what you wrote, and they could sell it themselves and not pay you a
cent.

If you work for a company that uses Grammerly any IP typed into a windowd
monitored by Grammerly also becomes their property.

Two years ago I looked into an enterprise license because I had so many
employees using it, after reading the terms of service and speaking with their
General Counsesl where he essentially gave the "my way or the highway
speech","we own it all, and we can do what we want with it" I scrubbed the
software and plugins from all our company computers.

Run from Grammerly

------
Varcht
There are over 100,000 Google and Facebook employees, just a small percentage
of them with good old fashion loyalty to their companies could explain the
amount offended here.

~~~
shhehebehdh
As a googler, I’m not offended. “Abide by the terms of your agreements,” or,
as Stranger Things would put it, “friends don’t lie.” That being said, I am in
popcorn mode to see what act of contrition apple will demand.

I would also loooove to know how this clusterfuck came about. But I guess we
will never know that. I doubt this crosses Sundar’s desk, but I would be
curious to know where the buck did stop. Was counsel involved or did a couple
of teams just adopt a better to seek forgiveness stance?

------
vlozko
I shocked and surprised that Apple went this route. At least they’re enforcing
the rules consistently. My company uses enterprise certs for internal beta/QA
builds and I’d hate to see Apple change this program to make things harder for
those who have been following the rules.

~~~
saagarjha
> My company uses enterprise certs for internal beta/QA builds

That's exactly how they're supposed to be used, so barring rule changes you
should be fine.

------
gojomo
Still, no story or commenter is quoting the exact terms that Facebook/Google
are alleged to have violated. (There's an attempt here –
[https://news.ycombinator.com/item?id=19044643](https://news.ycombinator.com/item?id=19044643)
– but without necessary definitions of key terms which would make all the
difference.)

Of course, Apple has immense discretion here. Even if FB/Google lawyers can
make a good case that their usage was technically compliant, Apple can still
just unilaterally change the terms in short order. Public & regulatory
sentiment would support them.

But I'd really like to know if Facebook's and Google's actions were plausibly
compliant, under the actual language of the Enterprise agreement, at the time
Facebook and Google (and likely others) pursued this strategy.

~~~
javagram
They weren’t. See the terms at
[https://apple.stackexchange.com/a/193060](https://apple.stackexchange.com/a/193060)
“solely for internal use by Your Employees or Permitted Users, or as otherwise
expressly permitted in Section 2.1(f).”

[https://github.com/nicwise/apple-
agreements/blob/master/appl...](https://github.com/nicwise/apple-
agreements/blob/master/apple-developer-program-enterprise-agreement.txt)

2.1(f) Allow Your Customers to use Your Internal Use Applications on
Deployment Devices, but only (i) on Your physical premises and/or on Your
Permitted Entity’s physical premises, or (ii) in other locations, provided all
such use is under the direct supervision and physical control of Your
Employees or Permitted Users (e.g., a sales presentation to a Customer); and

~~~
gojomo
Thank you for a link to a readable version of the agreement!

It looks to me like "Permitted Users" includes "contractors" like those in a
compensated research panel, and thus the Facebook/Google uses are plausibly
enabled under the program.

~~~
dannyw
Can you call a 9 year old getting $20 gift cards a contractor?

~~~
gojomo
If that $20 card was delivered pursuant to a signed contract, and that
contract had the parental consent required for under-18-year-olds, then yes.

------
superkuh
Looks like Google has a taste of it's own medicine. It's been deplatformed.

------
mcgwiz
This is a godsend for Apple's PR, now that attention is no longer focused on
Group FaceTime.

------
tokyodude
Apple is likely going to be sued by FB and Google and eventually they will
lose the control over their platform. Yes the terms are in the TOS. Those
terms should be illegal. Same as say non-competes are illegal in some places.
No company should have that kind of power.

And, before you say it's the same as some company turning off your net based
account, no it is not. For example if you upload porn to flickr and they
delete your account in that case you're using flickr's servers. In this case
Google is using phones owned by Googlers and other customers to run software
by Google. Apple is not involved at all here unlike the example flickr case
above. Apple should not be allowed to reach into another company and kill it.

AFAICT Google and FB did nothing wrong here. Those apps were test apps. How
else are you supposed to beta test something? Tons of software does this. You
build an app, you offer beta program. You had out codes for the beta users.
Beta testing with direct employees is not useful because employees are no
representative of actual users.

~~~
ViViDboarder
Apple offers a program for doing public betas:
[https://developer.apple.com/testflight/](https://developer.apple.com/testflight/)

Google and Facebook appear to have used a different method of distribution
than this and thus violated their terms.

------
gorkish
What I want to know is why these companies are using the same cert to sign
apps with widely differing uses and security profiles. It seems to me that
they should have a number of enterprise signing certs for each use case such
as internal beta, external beta, internal utility, external utility, whatever.

If the companies are signing all of their apps under the same cert then it's
kind of on them for being stupid to sign critical internal apps with the same
cert they use to sign these privacy violating apps; but if Apple is globally
disabling all enterprise distribution certificates under the guise that the
companies violated their developer agreements and NOT disabling their user-
facing apps then it still seems to me they are engaging in selective
enforcement.

Regardless of how I feel about the ethical questions involved, I don't think
this skirmish will end well.

~~~
evgen
There are terms and conditions that apply to the enterprise cert which are
different than those of the standard developer cert. Some of the conditions
are relaxed (e.g. wrt the lack of oversight on what you are pushing to your
enterprise users) but your enterprise only gets one cert that covers all apps
you distribute with these relaxed terms and conditions. If one of your
developers pisses in the pool by using the cert to distribute an app outside
of the enterprise, particularly an app that violates app store policies and
therefore could only be distributed via the enterprise cert, then your cert
gets yanked.

This revocation only applies to the apps that are signed with the enterprise
cert, so, for example, the Facebook app or Google Maps app in the app store
are not affected.

~~~
gorkish
OK I did not understand they only issued one cert.

Still, with a company the size of Google you'd still think they would have
multiple certs under different legal entities even if they werent doing
anything wrong.

------
dkrich
So now it comes out that Apple is working to “quickly reinstate Google’s
enterprise certificates” but won’t work with Facebook?

By now it should be fairly obvious that Apple hates Facebook for a very good
reason- Facebook is Apple’s single biggest threat. I’m completely convinced
this has nothing to do with privacy or protecting users, it just makes for a
convenient excuse.

If people slowly start replacing iMessage with WhatsApp or messenger, that
creates a bridge to leave iOS for Android since Apple’s software is one of the
main features of the phone. If you become less reliant on the software the
hardware suddenly becomes a commodity.

This whole episode is giving me pause about staying in the iOS ecosystem.
Beyond that I think some antitrust litigation is going to hit Apple soon.

~~~
rootusrootus
I doubt Apple sees Facebook as any kind of threat. There is already a far more
plausible messaging bridge from iOS to Android called Hangouts and it hasn't
really been effective for that. People aren't staying with iPhone because
they're trapped by imessage.

~~~
dkrich
Agree to disagree. Messenger and WhatsApp are more advanced and combine the
social dynamic to chats. They’ve also made a lot of headway in competing with
FaceTime. Which apps would Apple have a distinct advantage of it loses
iMessage and FaceTime?

Edit: to elaborate I don’t mean a direct bridge to android, rather a
substitute for iMessage that’s available on iOS and Android which makes
switching relatively painless.

~~~
rootusrootus
In my experience, it is not a tech problem. Equivalents absolutely exist. They
may even be superior, although us tech folk tend to focus on features and not
usability, and then we are surprised why regular folk don't like what we've
built. In any case, when I switch out of the iPhone world, a solid half my
contacts are unavailable to chat with except by old-school texts, and no
equivalent for FaceTime. Some family members I switched over to Hangouts, but
since they only use it for me, they forget about it, or how it works.

Every iPhone can do iMessage and FaceTime out of the box. That is a meaningful
advantage for Apple, I think. Making something good enough that your users
don't want to go find something 'better' and then making it 100% universal
makes a strong ecosystem.

~~~
dkrich
No question that iMessage and FaceTime are advantages for Apple out of the
box.

But what happens when Facebook continues to enhance its messaging platform and
people slowly find themselves in a hybrid situation where they are
communicating with a mixture of WhatsApp, iMessage, and Instagram?

Anecdotally, I probably use iMessage for 80% of my texts with my girlfriend
but we still regularly use Instagram and WhatsApp for chatting, depending on
the situation. I could foresee us ending up swinging the other way and using
Whatsapp for texting and then getting used to it. Sound unlikely?

Suppose we are discussing what we want to order for dinner and WhatsApp has
our favorite delivery places and their menus available and we can order and
pay through the app. Now instead of texting back and forth and then opening
Grubhub to look at a menu and order and pay we can do it all in one place.
Pretty soon we are using WhatsApp to communicate and haven’t used iMessage in
months. I find myself using WhatsApp so much I replace iMessage in the dock
with WhatsApp.

Six months later I’m in the market for a new phone. Since I use third party
software for just about everything now, all these devices are on a level
playing field and maybe I try a Pixel this time and find I like it just as
much as my iPhone. This may sound far fetched but this is how disruption
happens and is pretty much how Facebook destroyed MySpace- users finding
themselves using two services for the same purpose and eventually scrapping
the one they use the least.

------
blueboo
Positive PR hit for Apple vs minor inconvenience for competitor/client...easy
decision by Apple.

~~~
elicash
Unless Google takes action against Apple.

~~~
untog
On what basis? They clearly violated the rules.

~~~
izacus
"The rules" were not given by God, government or the people. The rules were
written by the same company that enforces them and Google, Facebook or anyone
else can make the same type of "Rules".

~~~
evilduck
The rules were mutually agreed upon in their enterprise account legal contract
someone signed. That legal structure is acknowledged by the government and
implicitly the people.

If you've done business with Google or Facebook, they behave _exactly_ the
same way.

------
DannyBee
From: [https://www.axios.com/google-also-finds-itself-unable-to-
use...](https://www.axios.com/google-also-finds-itself-unable-to-use-
internal-1548971518-9bbd477c-90b9-4d30-a405-8a4e7282c38b.html)

"What they're saying: Google confirmed it is being impacted: "We're working
with Apple to fix a temporary disruption to some of our corporate iOS apps,
which we expect will be resolved soon."

In a statement, Apple said "We are working together with Google to help them
reinstate their enterprise certificates very quickly."

------
rdiddly
"Banning spree" is a bit much, isn't it? If two instances of something
constitute a spree, I guess I went on a "handwashing spree" on my last trip to
the bathroom earlier.

------
chooseaname
I wouldn't be surprised if Apple gave Google a heads up to let them know they
have to be consistent. Especially given that Google basically apologized.

------
doener
„Google is correct, there does not appear to be any Root Certificate install
for their app. pretty substantial difference. I also notice a phrase
completely absent from Facebook’s replies: ‚We apologize‘“

[https://twitter.com/chronic/status/1090761957194502150?s=21](https://twitter.com/chronic/status/1090761957194502150?s=21)

------
imagiko
> Apple’s move to block Google’s developer certificate comes just a day after
> Google disabled its Screenwise Meter app following press coverage

So Apple got to know it's terms are being violated after the press attention?
Did they already know/is there a way they can detect this is happening? If
not, then there could certainly be smaller players who have been routinely
abusing this contract? I am trying to understand if Apple knew of this
beforehand and are trying to avoid a PR disaster, or were caught off
guard(which is scarier imo).

~~~
pixl97
Good question. I use an Apple agreement like this to push apps via MDM, and I
don't remember seeing anything about Apple monitoring for this. At the same
time what would apple monitor for? How would they know if iPhone serial
#75346345346 doesn't belong to an employee and how would they know what
BusinessApp401 is, that doesn't get sent to their headquarters.

~~~
imagiko
If these internal apps use a corporate certificate, I would imagine their
Apple ID needs to be on a company domain email in order to download/use the
app?

~~~
pixl97
Um, no, pretty sure it doesn't. Many companies use BYOD with MDM certs.

------
sidcool
Apple seems to have restored both FB and Google certificates:

[https://techcrunch.com/2019/01/31/apple-ban-google-data-
app/](https://techcrunch.com/2019/01/31/apple-ban-google-data-app/)

[https://techcrunch.com/2019/01/31/mess-with-the-
cook/](https://techcrunch.com/2019/01/31/mess-with-the-cook/)

------
lsiebert
On the one hand, I get what Apple is doing. On the other hand, the walled
garden's walls are showing.

I'm curious what the TOS actually says, is there a link?

------
dekhn
Googlers should be asking: did the folks who did this go through privacy and
security review, because I'm really surprised this was approved.

------
dawhizkid
At least with Google it doesn't look like they were hiding anything (e.g. the
app is clearly from Google and not some random intermediary).

------
zmmmmm
On the one hand it sounds like it was legitimate enforcement of their
policies. On the other hand, it might be stupid for Apple to do it because it
highlights that they are running a walled garden and any fortune 500 could -
rightly or wrongly - find their line of business application shut down
arbitrarily by Apple on any given day. Who wants to be in that position?

------
sidcool
If Google does this on iOS, what does it do on Android? I get jitters even
thinking about it. Anyone knows about this?

------
asdf333
So Does that mean that you currently cannot write an app for yourself on iOS
without first getting it approved by apple?

~~~
mistercow
No, why would it mean that?

~~~
asdf333
Ah ok. I don't do iOS development so I don't know how it works.

So if I just write an app for myself I can run it for my own phone
indefinitely without going through the app store is that right? Seems like if
you could do that, Facebook and Google could just do that for their internal
apps?

I am genuinely just curious how it works.

------
_bxg1
UPDATE: "Facebook’s internal iOS apps have since resumed functioning, as the
social network said this afternoon that Apple had restored its enterprise
certificate. Similarly, both Apple and Google’s statements make it clear that
the companies are working together to fix Google’s issues."

[siggghhh]

~~~
djohnston
What else would you expect? They removed the app that was viotating tos, the
other apps were in line w apples terms.

~~~
_bxg1
They revoked Google's certificate after they'd already taken down their app.
This was supposed to be punishment for crossing the line; apparently it was
just a fluffy PR move.

~~~
stetrain
Revoking the certificate deals with the apps that have already been signed
with that certificate. Google taking it down doesn't remove it from the
devices where it has already been installed or prevent it being distributed by
other means. Revoking the certificate does.

In both cases Apple has reached an agreement to issue new enterprise certs for
both companies. They can now use those certs for their approved purposes. If
Apple finds that those certs are being used for disallowed activity they can
revoke them again.

I don't really see any issue with that.

~~~
_bxg1
Ah. Thanks for clarifying. I thought they were just un-revoking the other one,
which would've made this a pretty empty wrist-slap.

------
jn4
FB, G clearly violated the ToS of the Enterprise Acc (no public distribution
of such Apps) and Apple has rightly suspended their enterprise distribution
cert.

But Apple has been selective in enforcing this rule. If I recall, for many
years Uber's driver App was distributed as an enterprise app. Uber has always
claimed that drivers are not employees and so this was in clear violation of
the ToS.

Imo, Uber's use case was legit. During early days Uber probably did not wish
to have 2 Apps in the App Store to avoid customer confusion. Or maybe they
were actively updating the Driver App and did not want to add days of App
review holding up every update.

Apple should change their ToS and allow such use cases in some form. At times
this would get misused (like FB/G) but opening up the walled garden to enable
such "private" apps to be easily distributed can make iOS a more interesting
platform. In any case they always have the final kill switch of revoking an
Enterprise Cert for malicious use.

------
8bitsrule
Thinking back on history, interesting that Apple's old nemesis MS is _not_ one
of the names involved here. Not a 'friend' of any of them, but on my intuitive
ethic-ometer Apple (barely) retains the top position.

~~~
burlesona
Apple and Microsoft are practically buddies in this stuff, they both make
money primarily by selling products and services to customers, and have
relatively less overlap in their target markets than they ever have. Meanwhile
FB and Google make money by mining users for data and selling ads. It’s a
pretty different business.

------
CivBase
I've never published an iOS app before. What exactly does a "developer
certificate" do and why does it affect their ability to distribute internal
apps in particular?

~~~
saagarjha
There are two certificates that are important here, with different
requirements and capabilities. First, you have normal developer certificates,
which you can use to submit apps to the App Store. On the other hand, you have
enterprise certificates, which can be used to distribute apps outside of the
App Store (and without Apple's review), and these are supposed to only be used
for company use (such as internal beta testing or apps). Google and Facebook
used their enterprise certificate to distribute an app to external users, most
likely because the app would be rejected from the App Store, so Apple revoked
their enterprise certificate.

------
taurath
Regardless of the reason behind the move, the fact that Apple is MAKING the
moves against the 2 largest ad companies seems a bit like a war declaration.
They could have told Google "Get rid of this app or we kill your cert" but the
fact that they did so without any negotiations means its past a shot across
the bow, its a full attack.

I expect we'll see a LOT of Apple Vs Google/FB in the near future -
Google/FB's business model is what is under attack here, and I'd bet it'll be
fought in terms of public privacy breaches, bugs, and other embarrassments
rather than direct marketing. Welcome to politics silicon valley, its gonna
suck.

------
olegbl
Now I'm really curious if they're going to casually shut down doordash (afaik
the doordash app for the dashers uses enterprise certs).

~~~
dannyw
It’s fine, dashers are contractors and contractors are expressly allowed.

~~~
olegbl
I have a hard time seeing the distinction between people paid by Google or
Facebook to share their phone usage data vs people paid by DoorDash to deliver
food. You're probably right though.

~~~
HEHENE
"Here's a $20 Amazon gift card for taking a survey" vs. "Here's a 1099 for the
$1,200 you earned driving food around last year."

One is a consumer, one is a contractor.

~~~
olegbl
Do they really get 1099s? TIL

Seems like this doesn't apply then.

------
partiallypro
I understand that Google and Facebook both violated Apple terms, but does it
not seem a tad bit anti-competitive in the same vein?

------
miguelmota
If you play on Apple's territory then you must follow Apple's rules. Seems
pretty clear cut.

------
kevintb
Hilarious! Good on Apple, I hope they continue doing this for all the other
companies doing the same.

------
enra
I wonder if Apple will ban their own internal apps that they use in Apple Park
and Apple Stores.

------
glitchc
It's so entertaining to watch this unfold. Very exciting!

------
ddebernardy
Congrats to Apple for having a pair and taking a stance.

------
HelloFellowDevs
So what's the play here for Apple?

~~~
gilrain
Trying to get corporations to respect the agreements they make.

------
dewiz
It should be a user choice whether not to trust apps.

iOS should say “this app violates Apple agreements blah blah do you want to
continue using it?”

------
RosanaAnaDana
Begun, the Chrome war has.

------
rekshaw
Applocalypse!

------
mesozoic
The war has begun

------
zozbot123
Rumor has it that Google's subsequent requests for clarification to Apple have
gone entirely unanswered, save for automated messages stating that Apple's
decision on this matter should be regarded as "final" and "binding", and that
no further statement from Apple should be expected.

~~~
berbec
Maybe Google and Apple's "decision is final" bots can work it out between
them.

~~~
tomschwiha
I'd love to see the Google AI [1] automatically calling Apple customer support
"Hello there my app is not starting. May you help me please?".

Is this the achievement of machine learning and speech recognition?

[1] [https://youtu.be/pKVppdt_-B4](https://youtu.be/pKVppdt_-B4)

~~~
berbec
Hall of mirrors tech support?

------
Hernanpm
sound like a war declaration who follows? amazon, miscrosoft...

~~~
gilrain
If they’re also baldly and maliciously breaking the rules? I’d hope so.

------
chj
Another horror story of Apple's totalitarian control. Some people say that
what Big Apple is doing is necessary for their security and privacy needs.
This sort of blind trust, while incurable, waits for a major scandal to kill
itself.

~~~
userbinator
Indeed. The authoritarianism in the comments here is rather disturbing. I am
baffled at how everyone seems to be so keen on putting Apple's nooses around
their own necks.

~~~
chj
Guess that most of the HN audience are not hackers any more.

------
iamleppert
A real show of power would be Apple disabling all of Facebook and Google's
public apps, and then bricking all of Facebook and Google's employees' phones.

~~~
jasonvorhe
And lose a couple of million in annual sales, for a cute little PR stunt, that
would send ripples through trust in their ecosystem?

~~~
pixl97
Million? Google pays apple 9 _billion_ a year to be the default browser.

------
iainmerrick
What I really like about both the Facebook and Google scenarios here is that
Apple's response causes inconvenience for the developers (the party at fault)
but not for end users. Facebook's app still works fine, it's just Facebook
employees who are affected.

Before Apple's response, it seemed like Facebook might get away with it
because their app is so big and important -- blocking the app would hurt a
large fraction of Apple's own customers.

But Apple's response is a clever way to show that, hey, they're big and
important too! A large fraction of Facebook's employees use iPhones, not just
for developing the iPhone app, but for general work purposes, because the
iPhone is a great product. (I wonder how many of those employees will now
switch to Android, though...)

------
reneberlin
Popcorn-time extended. 3 of the big 5 in a dispute about "lawful behaviour"
and "ethical (ab)use of tech possibilities"

Kindergarden, at it's best. What everyone is still unclear about is: how will
this play out for them - and for Apple especially, of course.

We can only speculate. And order another ton of popcorn.

