Apple escalates its fight with Facebook following report of data-collecting iPhone app

But it didn't use the nuclear option.

Credit: Tim Bennett

Apple has had it up to here with Facebook. Following a report by TechCrunch Tuesday night that the company had circumvented the App Store to distribute a “research” app to users, Apple has revoked a developer license from the social media giant, effectively shutting down any iOS apps that haven’t already been approved for the App Store.

While the move won’t have an effect on your ability to post and message your friends using your iPhone, Facebook employees will certainly feel the repercussions. Without the developer certificate, Facebook’s internal iOS apps, which likely include beta versions of its consumer apps as well as company-specific resources, will no longer work. Apple hasn’t indicated whether this is a temporary ban or how it will monitor Facebook’s activities in the future, but it sends a clear message: Play by our rules or pay the price.

Why this matters: Facebook and Apple are two of the biggest companies in the world, but they need each other to survive. If this fight ever reached the point where Apple removed Facebook from the App Store, both companies would feel the effects, so there’s a certain amount of gamesmanship being played here. However, Apple’s reputation is far more at risk than Facebook’s at this point, so this likely amounts to the final warning.

Research without development

The app at the center of the controversy was revealed by TechCrunch Tuesday night. Called Facebook Research, the app is basically a virtual private network that opens a portal between Facebook and whomever is running it, which the company used to collect “all of a user’s phone and web activity,” according to the report. In return for unfettered access, Facebook paid users—which included children as young as 13—up to $20 per month.

Social media apps—among them, Facebook, Twitter and Instagram Thomas Ulrich (CC0)

Facebook has been running a “Research” app on iPhones for years right under Apple’s nose.

While the merits of the program can be debated, the nefarious method of delivery cannot. Apple clearly states that participants in its Enterprise Developer Program cannot distribute apps outside of the company: “We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization,” an Apple spokesperson said. “Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

To circumvent Apple’s sandbox, Facebook used beta testing services other than Apple’s own TestFlight, including Applause, BetaBound, and uTest to hide the app’s true identity. The app’s primary function is similar to the Onavo VPN that Apple removed from the App Store in August for heavy-handed data gathering.

A hard slap on the wrist

But while Apple is certainly playing hard ball, it’s also giving Facebook something of a pass. While revocation of the license will cause a temporary headache for Facebook and its employees, Apple will still allow Facebook to distribute its apps through the App Store. It also isn’t addressing the root of the issue, which is that Facebook was able to run its Research App undetected for more than two years despite Apple’s claims that “What happens on your iPhone stays on your iPhone.” It’s basically a firm slap on the wrist.

apple privacy ad Mark Hachman/IDG

Apple took out a giant billboard in Las Vegas to tout its privacy stance during CES.

For its part, Facebook admits to running the app, but is challenging the media’s assessment of the story. In a statement, the beleaguered social media giant asserts that “there was nothing ‘secret’ about the app” and participants “went through a clear on-boarding process asking for their (or their parents’) permission and were paid to participate.” Facebook says it shut down the app on iOS on its own accord, though it still continues to operate on Android phones.

But as far as Apple is concerned, the case is cut and dried: Facebook violated its terms of service in a big way. Not only does it skip Apple’s review process, but it collects a staggering amount of data, according to TechCrunch, including, “private messages in social media apps, chats from instant messaging apps...emails, web searches, web browsing activity, and even ongoing location information.” To get its hands on such a treasure trove of data, the Facebook Research app required the installation of a new profile on the user’s iPhone as well as root certificate access, which could open up the iPhone to malware in addition to the open portal to Facebook.

Tim Cook hasn’t personally commented on the revelation, but he’s offered thinly veiled criticisms of Facebook’s data-collecting practices in the past.

Show Comments