Facebook and Google have both been given a hefty warning shot by Apple after it was revealed that the two companies had been using internal security certificates to bypass restrictions on iOS applications in order to release data-gathering apps that would otherwise be banned.
The news that Facebook had been paying money to young people to install a 'research' application which monitors all of their network traffic broke earlier this week, and was followed by reports that Google was running a similar programme. In both cases, the companies were bypassing restrictions in place on Apple App Store listed applications that would have prevented both apps from being distributed by publishing them under internal security certificates meant for beta, internal, and otherwise non-public use only.
Apple, naturally, was unimpressed, and its reaction was swift and brutal: cancelling both Facebook and Google's internal certificates, preventing not only the data-gathering apps in question from running but all internal and in-development apps as well - everything from unreleased versions of upcoming updates to the software Facebook uses to tell its staff what's available in the cafeteria today.
Apple issued a brief statement to press explaining that it was working with both Google and Apple to reinstate their enterprise certificates, presumably on the understanding that neither company would continue to use them to distribute public applications. Facebook, however, is continuing to insist that its 'research' application was entirely above-board, according to an internal memo published by Business Insider.
Thus far, Apple has not indicated whether it will be ramping up its policing of companies' use of enterprise certificates as a result of Facebook and Google's actions.
March 25 2020 | 14:00