Security

Apple revokes Facebook's ability to deploy apps internally amid privacy scandal dispute

What happens when you get kicked out of Apple's Enterprise Developer program? Facebook is finding out the hard way.

On Wednesday, Apple rescinded Facebook's access to the Developer Enterprise Program that permits Apple-approved organizations to test and distribute apps specifically for internal use, in the latest development of both Facebook's protracted data privacy scandal and a personal dispute between Facebook CEO Mark Zuckerberg and Apple CEO Tim Cook.

Apple's disciplinary action against the social media giant prohibits Facebook from using the Developer Enterprise Program from distributing apps used by employees, including beta versions of Facebook, Messenger, Instagram, prerelease apps for unlaunched products, and employee-only utilities for transportation around the Facebook campus and lunch menus, an unnamed source told The Verge. Apps already installed on iPhones and iPads as part of the Developer Enterprise Program now simply fail to open following Apple's decision. This is likely to prevent people from getting work done at Facebook, as the sudden revocation is hugely disruptive.

SEE: IT staff systems/data access policy (Tech Pro Research)

Apple has taken this disciplinary action following revelations that the company violated the terms of service of the Developer Enterprise Program by using it to distribute a "Facebook Research" VPN, allowing the company to monitor all data going in and out of a given device, independent of the app used to transmit data, giving the company unrestricted access to messages, emails, and browsing activity. The VPN was distributed through beta testing service brokers Applause, BetaBound and uTest to disguise Facebook's participation.

This operation, called "Project Atlas" in documents according to TechCrunch, paid users between ages 13 and 25 up to $20 per month in addition to referral fees to install the app.

Because of the relatively more open nature of Android, internally distributed apps, beta versions, and Project Atlas are still available on Android, though not distributed through the Play Store.

This is not the first time Apple has taken action on Facebook for illicitly collecting user data. Onavo Protect, an app which claimed to "[help] keep you and your data safe when you go online, by blocking potentially harmful websites and securing your personal information," was discovered to be collecting and sending usage data to Facebook, including about the frequency with which non-browsers were used, even when the VPN functionality was disabled. After these revelations were published in March 2018, Apple updated their policies in June to prohibit this, informing Facebook in August the app must be removed from the App Store.

Onavo was acquired by Facebook in 2013 for roughly $120 million. Internal documents published by MP Damian Collins as part of a probe of a company named Six4Three found that Facebook used data collected through Onavo to determine "which companies to acquire, and which to treat as a threat." Buzzfeed reported in December 2018 that Facebook's purchase of WhatsApp for $19 billion in February 2014 was informed by data retrieved through Onavo.

Facebook characterized Project Atlas as a focus group "in alignment" with Apple's policies in initial comments to TechCrunch, though seven hours later admitted the company was stopping operations on iOS, "without admitting that Apple forced it to do," according to their report.

Facebook's collection of user data extends far beyond the service itself, as the company has been observed on multiple occasions illicitly extracting personally identifying information from users, often in circumstances—including these most recent developments—where their involvement was concealed. This is at least the second time the company has been caught violating Apple's developer agreements.

In December 2018, following Collins' publication of documents, Zuckerberg said scrutiny of the service shouldn't "misrepresent our actions or motives." This month, in an op-ed published in the Wall Street Journal, Zuckerberg said "we're all distrustful of systems we don't understand." At this juncture, nothing can possibly be left to misunderstand or misrepresent. The task of regulating Facebook should not rest solely on Tim Cook's shoulders—it is time for regulators to act.

The big takeaways for tech leaders:

  • Facebook's "Project Atlas" paid users between ages 13 and 25 up to $20 per month in exchange for sharing all device usage information with the social media giant.
  • The program, which used an Apple service intended for enterprises deploying apps for internal use only, ended on iOS when Apple disabled Facebook's access to that service.

Also see

facebook-f8-mark-zuckerberg-data-privacy-2018-0218.jpg

About James Sanders

James Sanders is a technology writer for TechRepublic. He covers future technology, including quantum computing, AI, and 5G, as well as cloud, security, open source, mobility, and the impact of globalization on the industry, with a focus on Asia.

Editor's Picks

Free Newsletters, In your Inbox