Apple Says It Restricted Screen Time-like Apps Due To Concerns Over Children Privacy (fastcompany.com) 52
Apple has issued a rare public statement following a report by the New York Times on Saturday that alleged Apple was cracking down on apps that its Screen Time feature emulates. From a report: The Times story says that over the past year, Apple has removed or restricted at least 11 of the 17 apps that offer Screen Time-like features. Screen Time is a feature on iOS 12 and later that allows a user to see how much time they spend on their iPhone, what apps they use the most, and the ability for the user or parents of the users to set limitations on the apps. While it's true that Apple has removed some of the apps from the App Store since the company introduced its Screen Time software, the company's senior vice president of worldwide marketing, Phil Schiller, said the Times did not publish the full reason Apple gave them as to why some of the competing apps were pulled.
From Apple's response: Over the last year, we became aware that several of these parental control apps were using a highly invasive technology called Mobile Device Management, or MDM. MDM gives a third party control and access over a device and its most sensitive information including user location, app use, email accounts, camera permissions, and browsing history. We started exploring this use of MDM by non-enterprise developers back in early 2017 and updated our guidelines based on that work in mid-2017.
MDM does have legitimate uses. Businesses will sometimes install MDM on enterprise devices to keep better control over proprietary data and hardware. But it is incredibly risky -- and a clear violation of App Store policies -- for a private, consumer-focused app business to install MDM control over a customer's device. Beyond the control that the app itself can exert over the user's device, research has shown that MDM profiles could be used by hackers to gain access for malicious purposes.
MDM does have legitimate uses. Businesses will sometimes install MDM on enterprise devices to keep better control over proprietary data and hardware. But it is incredibly risky -- and a clear violation of App Store policies -- for a private, consumer-focused app business to install MDM control over a customer's device. Beyond the control that the app itself can exert over the user's device, research has shown that MDM profiles could be used by hackers to gain access for malicious purposes.
But (Score:5, Funny)
But what about space-like apps?
I mean, relatively speaking.
Re: (Score:2)
Mod parent up +1 Funny for getting the joke.
children's privacy?! (Score:4, Insightful)
While I cautiously agree with Apple that this could've been abused - it was being abused in the same way that they still allow for corporate monitoring. But one is approved and the other isn't? Is corporate monitoring not just as hackable as parental monitoring?
Or is Apple just trying to deflect from the story (and app makers point) that Apple only pays lip service to "screen time" monitoring of children and wants to keep them hooked?
Re:children's privacy?! (Score:5, Informative)
Then parents should sign up for an MDM service (which there are plenty of).
These were apps pretending to be apps doing 1 thing (eg. checking screen time) but surreptitiously installing an MDM profile without telling their customers that they actually had control over the entire device.
Re:children's privacy?! (Score:4, Insightful)
But one is approved and the other isn't? Is corporate monitoring not just as hackable as parental monitoring?
I think Apple's position is that caring for children requires the kind of compassion and care that only a faceless, for-profit corporation like Apple can provide. Putting such control in the hands of parents might give them the false impression that they are allowed to decide for the kids without Apple's approval.
Re:children's privacy?! (Score:5, Insightful)
and yet, mysteriously, Screen Time now is unable to limit access to Youtube and other google apps. You can set the time limit of 'entertainment' all the way down to 1 minute and watch every other app get the hourglass, but not YouTube. Youtube is probably one of the biggest time-sinks on the entire device. This bug showed up last fall. If they gave one shit about the children's privacy or wellbeing they would have had this fixed in 3 days.
Re:children's privacy?! (Score:5, Insightful)
The point of the MDM control was to give enterprise level control to PARENTS.
No, MDM was being used to give enterprise level control to the app developers, not the parents. MDM is a gigantic back door to whoever owns the cert, and regular users don't understand the repercussions of installing an MDM cert from an untrusted app developer, hence why Apple has a clear-cut policy of only allowing MDM certs for internal use by organizations.
While I cautiously agree with Apple that this could've been abused
Could? Apparently you don't remember the scandals from a few months back when it was revealed that both Facebook and Google were deploying apps to users (including children) that made use of their for-internal-use-only MDM certs to surreptitiously track everything that those users were doing on their devices? And you apparently also forgot that Apple revoked the certs for both organizations—meaning everything from Facebook's internal-use lunch app to unreleased versions of Google's apps were disabled—because of Apple's policy about MDM certs only ever being used internally? This is the exact same issue. Apple has been systematically cracking down on MDM abuse for the last several months since those incidents. Screen time apps are simply one of the latest batches of apps to get hit, but they're hardly the first and will hardly be the last.
Or is Apple just trying to deflect from the story (and app makers point) that Apple only pays lip service to "screen time" monitoring of children and wants to keep them hooked?
If that were true, Apple would have pulled all of the screen time monitoring apps, but they didn't. There are plenty of other screen time monitoring apps that remain readily available because they didn't rely on abusing MDM certs to do their job. Mind you, that's on top of iOS' baked-in screen time monitoring and parental controls, which already include the ability to limit screen time for children. Apple clearly has no problem with screen time monitoring apps or features.
The only deflection here is by the misbehaving, license-breaking, backdoor-installing app developers who want to confuse the public by making this about "think of the children" rather than their misdeeds. These app takedowns have nothing to do with screen time monitoring and everything to do with MDM certs being abused in the same sorts of ways that caused scandals for major organizations just a few months ago. This isn't a hypothetical bogeyman to cover up nefarious app takedowns; this is Apple slamming the door shut in direct response to something that has recently been, and is actively being, abused.
Apple's stance on this is pretty clear: don't abuse MDM certs and your app won't get pulled, abuse MDM certs and your app will get pulled regardless of what it is.
Re: (Score:2)
Minor self-correction: for some reason I referred to them as "MDM certs" when they are actually "MDM profiles". There are certs involved, but they're issued to the organizations/developers and are used to sign the profiles. End users install profiles, not certs. In the end, it doesn't affect anything I said, but getting terminology correct is important, so I wanted to call myself out anyway. I'm gonna blame my mental lapse on the fact that we just had a kid, so I haven't had decent sleep in...what day is to
Re: (Score:2)
Could? Apparently you don't remember the scandals from a few months back when it was revealed that both Facebook and Google were deploying apps to users (including children) that made use of their for-internal-use-only MDM certs to surreptitiously track everything that those users were doing on their devices? And you apparently also forgot that Apple revoked the certs for both organizations—meaning everything from Facebook's internal-use lunch app to unreleased versions of Google's apps were disabled—because of Apple's policy about MDM certs only ever being used internally? This is the exact same issue. Apple has been systematically cracking down on MDM abuse for the last several months since those incidents. Screen time apps are simply one of the latest batches of apps to get hit, but they're hardly the first and will hardly be the last.
Maybe I am wrong, but those were NOT MDM certs. In fact, MDM certs aren't really a thing, except in the context of an MDM profile that contains a cert used for trust establishment (e.g. "our company uses a self-signed cert for internal servers, and we wish that down in our MDM profile to get rid of warnings in browsers"). An MDM profile gives the MDM server owner access to a set of permissions that cannot be granted via API because those APIs aren't available on the platform.
The certs you mentioned were de
Re: children's privacy?! (Score:3)
Yeah. And malicious, or even incompetently setup and operated, MDM is a huge opening for abuse and compromised privacy of every sort. Just who exactly were the developers who got their apps pulled? Iâ(TM)d bet that weâ(TM)re not talking about consumer variants of JAMF or Cisco Jasper or any other legitimate and reputable MDM vendor here. But that the pulled apps (and the backend services supporting them) were from random no-names of unknown pedigree and integrity. Hell, I donâ(TM)t even allow
Re:Flim-flam excuse (Score:4, Insightful)
MDM means 1 thing: Mobile Device Management. This was an app and thus the MDM wasn't disclosed. In many cases these were 'free' apps so you have to consider how they were monetizing their app (similar to Facebook and their MDM-based app)
Think of the children (Score:2)
Well played, Apple.
Re: (Score:3)
Properly played by Apple means doing something a lot of people would fund initially disturbing. Apple is all into walled garden and that is really the kind of internet children need, a walled playground, where the children have no privacy and are monitored by trained professionals, trained in child psychology and welfare.
So a Apple children's garden, that parents can run pre-configured Apple devices to connect to, instead of the wild, wild, internet. A curated and monitored network playground, that connect
Woke up, did we? (Score:5, Interesting)
MDM profiles on Apple devices have been installed for *legitimate* apps and games for literally years.
Honestly, they're only just catching up? Schools have been complaining about this for years - I've been complaining about it since at least iOS 7 which is when I was made to manage a bunch of iOS devices (all now relegated to toy-use because of their lack of effective manageability).
Plus, any user with any iTunes account on a device could install them, agree to them, and end up with a "Profile" on the device that could do everything - intercept all internet access, install SSL roots, etc. everything.
Guess what kids do? They literally sign out their iPads from a school account, sign in with their iTunes account, install a bunch of games, reinstall the school iTunes account. The counter for that took FOREVER to arrive and only works if you're using Apple School Manager which - effectively - means buying every iPad brand-new, direct-from-Apple at list-price.
Apple have *zero* interest in device manageability, they pay only lip-service to school needs, let alone parental needs, they still don't offer GDPR compliance statements (because they can't).
There is a reason that iPads are being retired out of school and Chromebooks are everywhere... they are half the price, don't allow the above, are fully GDPR compliant (literally telling you what datacentres will hold your organisation's data) and the management licence is a pittance per device and the rest of Google's MDM is basically free to schools.
Apple have no interest in me, schools or programs that did this, and haven't had for 5 years minimum. They also did not care about a program rated "4+" that was called - and allowed - "Bypass your school filters". It installed an MDM profile that allowed you to do just that. They literally refused to do ANYTHING about it when reported ("It's up to the app creator to decide an appropriate age level") but they restricted Chrome - which is really just Safari on iPad - to 18+ because it "allowed access to the Internet".
They don't care, so I don't care. And they lost an AWFUL lot of business over the last 5 years from me because of problems just like that, but mainly because of their attitude when it was reported.
Does anyone want to buy a shedload of second-hand iPad Mini's of various vintages, a Macbook Pro, and a bunch of iMacs? Asking for a friend...
Re: (Score:2)
Honestly, they're only just catching up?
No they are just pretending to now that they need an excuse to boot apps off the store that emulate Apple functionality at a time where in places like Europe the control over these stores is being more heavily scrutinized.
Re: Woke up, did we? (Score:2)
Oh, this is rich. In one breath, you lot bitch about âoeproprietary and non-free softwareâ, âoewalled gardensâ, âoevendor lock-inâ, and all that, with the notion that Apple does not allow the user full control over Apple devices. Now, in the next breath, you people are complaining that Apple enables users to have TOO MUCH control over their iDevices; making it possible for them to thwart your wannabe-BOFH aspirations.
The doublethink here is so thick you could cut it with a butt
Parental rights superseded by Apple (Score:2)
Yes, we don't want you to track your kids behavior even though you should. If these apps were somehow questionable how'd they get past the walled garden gatekeepers? Surely Apple wouldn't have blessed them in the first place for download if they knew they could take over the device. What a bunch of hypocritical nonsense from Apple. If there's a demand for such tools and there are, work with the vendors in question and don't just pull the plug.
Privacy from parents? (Score:2)
So, Apple has inserted themselves as the gatekeepers of children's privacy from their own parents? What possible value is this providing?
Watch it Apple. Elizabeth Warren might be our next president, and you could find yourself getting Ma Bell'd into obscurity.
Needs multi-user (Score:2)
As a longtime android user I was shocked when I bought an iPad (still best platform for educational apps) and discovered that while I can set up an account on my android tablet and give it access to as little as 1 user-installed app (literally 1 single button) there isn't a concept of users on an iPad -- all I can do to limit someone to use a single app is set up screen time controls limited at 1 minute (because 0 isn't an option either) to prevent substantial use of the other apps.
This is an astonishing fa
I'm really confused (Score:3)
This sounds a little bit confused and muddled. I can't tell if the motivation here is:
None of those endears Apple to me, and my wife just read this story and said, "Well, that seals it - our kids won't have any Apple devices."
Re: (Score:2)
Also, on Android there's already a great app called Screentime that parents can use to manage their children's devices. I think it's pretty lousy and hypocritical of Apple to introduce a similar feature with the exact same name. Do they believe in intellectual property and trademarks or not? Do they want theirs respected?
"Screen time" appears merely descriptive (Score:2)
I'm no lawyer, but I imagine that "screen time" is a merely descriptive mark [patenttrademarkblog.com] for applications that regulate for how much time an application may be displayed on the screen. What kind of "secondary meaning" do you think has become attached to it?
Re: (Score:2)
Whether that product's trademark has gained secondary meaning is for a jury to decide.
Re:I'm really confused (Score:4, Insightful)
I didn't read the article... but I think the gist of it is: It's not ok for an app provider to know everything that happens to a device and have total control over it while only providing one service, and not disclosing well that they have so much power over the device.
You download a screentime monitor app from some fly by the night operation that now has control to remote erase, see all the apps on your idevice, etc etc.
Why is it ok for a business and not a parent? Because the business knows what power they are installing onto the device and presumably will vet the app a little more than some parent downloading it on a whim. It's not that the parent shouldn't have the power. It's that the middleman should not have the power.
I used to be confused. (Score:2)
This level of outcry about children interacting with digital devices was confusing to me for a moment, until I realized something... The modern smartphone has been around for close to 15 years, which is enough time for a young person to grow up into an adult and start their own family.
Most of the new parents I encounter are people who have no concept of life before everyone in the universe was anchored to a smartphone like a limpet to a rock. Their concern is not "should we even consider the remote possib