Apple’s clash with Facebook and Google: What you need to know
February 2, 2019
Apple CEO Tim Cook
Justin Sullivan/Getty Images
On Wednesday, Apple yanked enterprise certificates — digital signatures that both the tech giants used to run software on iPhones and iPads. That shut down internal apps employees at Google and Facebook used to communicate with their co-workers, find shuttle buses and test new features that could eventually be released to the public.
It proved to be more a show of power than long-term punishment. Apple, which didn’t respond to a request for comment, had restored both companies’ certificates by Thursday. Google said its internal apps are back up and running. Facebook confirmed that Apple restored its certificates but said it didn’t have any new information to share.
Here’s what you need to know.
What’s going on?
The spat started after TechCrunch reported that Facebook had taken advantage of an Apple program that lets companies design apps for private corporate use, as well as test apps before they’re available to you. Using a certificate from Apple’s Developer Enterprise Program, Facebook distributed a market research app that offered people as much as $20 a month to give the social network access to their phone and web activity. The data Facebook could view included web searches, location data and even private messages.
The situation got worse when Google revealed that it also used an enterprise certificate for a market research app, called Screenwise Meter, that gave the company access to a person’s phone activity. The search giant offered gift cards to people to download the app.
Apple determined that both companies had violated the rules of its Developer Enterprise Program because they distributed the apps to consumers instead of just employees. Apple blocked the apps by revoking the companies’ enterprise certificates — a move that shut down apps that Google and Facebook employees rely on at their campuses.
What’s an enterprise certificate anyway?
An iPhone won’t run an app unless the app has been signed using a cryptographic stamp of approval called a digital certificate. The certificate lets the iOS operating system verify that an app was written by an authorized party and hasn’t been tampered with. Apple signs software downloaded from the App Store with its own certificate. Apps distributed to consumers don’t get that certificate until it’s been vetted by Apple’s staff and made available through the App Store.
Companies have another way to get certificates, though. The Apple Developer Enterprise Program lets them apply for an Apple-supplied certificate for their software. To qualify, companies have to jump through some hoops, as well as pay $299 a year. Once they’ve qualified, they can use the certificate to approve and distribute software to iPhones and iPads for employee use.
If this certificate isn’t installed, “these apps would show up as completely untrusted,” said Navin Kumar, lead engineer at Insight Engines. “You wouldn’t be able to install or run them. Period.”
So how did Facebook and Google misuse their certificates?
They used them to let people outside their companies install apps on their iPhones without going through Apple’s app store and its approval process. That’s a big no-no.
Apple lays down rules in no uncertain terms: “Enroll in the Apple Developer Enterprise Program only if you intend to distribute proprietary apps to employees within your organization.”
Obviously, ordinary Facebook users don’t qualify as employees even if you’re paying them $20 a month to see how they use their phones.
What happens when an enterprise certificate is revoked?
iOS won’t run the corporate app. Apple supplies companies with enterprise certificates, and it can withdraw them too. When you try to run an an app signed with a revoked certificate, iOS will discover that it’s been revoked and refuse to run the software.
That means Apple was able to block the Facebook and Google market research apps from working for consumers. But the decision also meant that apps used by Google and Facebook employees stopped working.
OK, but how does this affect me?
The good news is that Apple’s move didn’t affect other Facebook and Google apps that consumers use. Those apps, which include Facebook, Instagram, Gmail and others, were still available in the App Store and running as usual.
“This didn’t have an impact on our consumer-facing services,” a Facebook spokesperson said.
Internally, though, the move disrupted the daily lives of Facebook and Google employees who test new products and features before they’re released to the public — a process known as “dogfooding.” When Apple yanked the companies’ enterprise certificates, it could also have slowed down the tech giants’ product development. As it turned out, though, the disruption lasted only about a day.