Apple Blocks Google From Running Its Internal iOS Apps (theverge.com) 175
Apple has now shut down Google's ability to distribute its internal iOS apps, following a similar shutdown that was issued to Facebook earlier this week. From a report: A person familiar with the situation tells The Verge that early versions of Google Maps, Hangouts, Gmail, and other pre-release beta apps have stopped working today, alongside employee-only apps like a Gbus app for transportation and Google's internal cafe app. UPDATE: Apple has restored Google's Enterprise Certificate so its internal apps will now function.
Good to see (Score:4, Interesting)
Good to see that Apple are not letting these big corps get away with breaking the rules.
Re: (Score:2)
Yeah, they act as soon as bad press makes headlines.
They did nothing about it for the years this has been going on for.
Apple are protecting their image, nothing more.
Re:Good to see (Score:5, Insightful)
How was Apple supposed to know? The whole point of enterprise apps is that enterprises can run anything they want on any of their devices without going through Apple. The users who were involved in this stuff were installing provisioning profiles that identified their devices as belonging to Facebook and Google. Given that Apple isn't privy to employee records at Facebook and Google, they have no way of telling whether provisioning profiles are being abused, so again I ask: how was Apple supposed to know?
Re: (Score:2)
The thousands upon thousands of different devices claiming to belong to Google and Facebook employees?
Google has been running their Screenwide programme for at least 5 years now. Apple apparently didn't click that an app called Screenwise Meter was using Google's enterprise certificate.
Took the media less than a day to figure it out one the Facebook news came out.
Re:Good to see (Score:4, Informative)
Both companies employee tens of thousands of people around the world, and enterprise apps aren’t registered through Apple, so they don’t know what the names of the apps are like you seem to think. Unlike the App Store, they’re signed by the enterprises themselves without Apple’s involvement, other than Apple issuing a certificate that can be reused time and time again.
Re:Good to see (Score:5, Interesting)
How do you figure? The enterprises affected so far have all been caught redhanded in the act of flagrantly misusing a "for in-house, internal use applications" license to intentionally deploy applications externally. The only enterprise level purchases who should be quaking in their boots are purchasers acting in bad faith.
Re: (Score:2)
Sure, so Apple demonstrated why no corporation should allow I-stuff on internal networks. I doubt that Google will need a second lesson.
Re: (Score:3)
... You're missing the point. They weren't making employees install this shit, they were releasing these outside of the company. That's what he means by internal and external. In case you didn't know..
Re: (Score:2)
The point I got is that Apple used a kill switch to shut down Google software running on Apple hardware. Obvious way to make absolutely sure this doesn't happen again is...
Re: (Score:2)
Use a companies service, and break the rules.. See what happens.. You're the same guy screaming about youtube being a private company and being allowed to ban who they want from youtube. for ANY reason. Yet you fail to grasp this...
Re: (Score:2)
Sabotage your customer's business with remote kill switch. See what happens.
Re: (Score:2)
Sabotage would be correct had Google not broken any rules in the contract. You are now firmly in a delusional state of mind.
Re: (Score:2)
Sabotage is the correct word for it regardless of what Google did. Two wrongs do not make a right. Or did your mother fail to teach you that?
Re: (Score:2)
That was about the dumbest shit I've ever read. Do you even know how certificates work? They used an INTERNAL ONLY certificate to sign PUBLIC software. When Apple, or Any CA revokes a certificate... EVERYTHING signed by it stops working. Why are you even here?
Re: (Score:2)
Apple revoked the certificate intentionally as an act of sabotage, pure and simple. Now go ahead and try to justify the unjustifiable, that would be very Apple of you.
Re:Good to see (Score:5, Insightful)
This should demonstrate to enterprise level purchasers the peril in becoming involved with Apple, who are historically an enterprise-hostile vendor.
Or perhaps it will demonstrate that Apple won't let them get away with abusing their internal use certificates that allow less restricted use of device resources in order for those licensees to take further advantage of public end users and violate Apple's software license agreements.
Re: (Score:2)
Then its on with more ads.
Funny to see (Score:2)
Google got banned from distributing iOS apps internally...
The funny part isn't Google got banned.
The funny part is that Google was distributing iOS apps internally.
Re: (Score:2)
Google uses iOS devices to test versions of their apps written for iOS devices?
Yeah, hilarious.
Apple, the champion of Data Security! (Score:2, Insightful)
It's not like anything else privacy related happened recently at Apple that they might be compensating for...
Re: (Score:2)
Wonder what the US gov/mil collected on a lot of other US brands internally
Re: (Score:2)
I have to think this will be restored sometime... (Score:3)
I think for both Facebook and Google, enterprise certs will be restored at some point - maybe Apple is going to do a review of all the apps signed with them and devices they are installed on before restoring.
There are a lot of valid uses of enterprise certs too, I think this blanket cancellation is more a message to never do it again, then they'll at least get internal apps back.
Re: (Score:2)
Re: (Score:3)
Apple apparently confirmed at least some of your thoughts in a comment given to BuzzFeed [twitter.com]:
We are working together with Google to help them reinstate their enterprise certificates very quickly
As Daring Fireball [daringfireball.net] points out, however, they've said nothing of the sort with regards to Facebook.
Re: (Score:2)
Re: (Score:2)
I think for both Facebook and Google, enterprise certs will be restored at some point
Probably, but from now on Apple products inside Google will be regarded as ticking time bombs, that trust will never be restored.
Re: (Score:2)
That's a bit arse-over-tit, isn't it? Apple is certainly not going to take Google's or FB's word that their in-house apps are only being used in-house after this fiasco -- that's the trust that's been destroyed.
Re: (Score:2)
Google and Facebook will mitigate the risk of Apple sabotaging their business again by banning Apple products.
Re: (Score:2)
That's a very exciting and obviously wrong statement (what, you think FB aren't going to do in-house testing of their iOS app any more?), but even *more* excitingly, it represents a complete failure to respond to the substance of my post. Well done!
Re: (Score:2)
You're right, Apple won't be banned inside GOOG and FB, it will be quarantined. And employees will wave Apple products around inside corporate HQ at risk to their career trajectory.
Re:I have to think this will be restored sometime. (Score:5, Insightful)
Oh, you mean instead of following the letter of the contract you signed, you do something that violates that contract, and when you are caught, and the other party terminates their part of the contract, it is their fault?
You are a special kind of stupid, aren't you?
Re: (Score:2)
Missing the point. Contract violations are often subjective and need to be resolved in court. Meanwhile your business is fucked because all your internal apps don't work.
Or just use Android.
Re: (Score:2)
You are a special kind of stupid, aren't you?
Right, you are that kind of stupid that allows Apple to come inside your network and control your business.
Re: (Score:2)
You say the dumbest shit sometimes.
Re:I have to think this will be restored sometime. (Score:5, Insightful)
By all indications, Facebook and Google agreed to the same license as everyone else, and the license is anything BUT ambiguous, given that it's subtitled "for in-house, internal use applications" and then only gets more explicit about how it's intended to be used from there. I ran through a lot of the details about the license [slashdot.org] in a comment yesterday.
Re: (Score:2)
By all indications, Facebook and Google agreed to the same license as everyone else, and the license is anything BUT ambiguous, given that it's subtitled "for in-house, internal use applications" and then only gets more explicit about how it's intended to be used from there. I ran through a lot of the details about the license [slashdot.org] in a comment yesterday.
Given that Facebook was paying the users, whose to say they can't argue they were 'internal/employed/contracted' users as far as Apple's Terms define them? I'd argue that they are wrong and in my view are not compliant - but no doubt FB has a small nation army of lawyers to argue the contrary...
Re: (Score:2)
They can argue anything they want, but I already quoted the relevant definition from the license in that other comment I linked, and it’s pretty clear these people did not have the sort of employment relationship (e.g. where are the tax forms if they’re employees?) nor the written, binding agreements required by the license.
Re: (Score:2)
There are some breech of contracts that could result in criminal charges (ie, fraud), but most contract disputes are just that -- contract disputes, not criminal activities that can be prosecuted by the state.
I'm sure Google has attorneys who could make a compelling case that using their internal development certs for external users is somehow covered, especially if the users in question get material compensation. Google could say this makes them contractors, and I doubt Apple's intent for enterprise certs
Re: (Score:3)
Apple's draconian contract enforcement
This is the only thing I'm going to touch on here.
With the facts in the thread you have replied to, you basically said you want anarchy. No enforceable contract.
Re: (Score:2)
You'll have to explain this better, because I don't know if you're *backing* Apple's ability to arbitrarily enforce the contract or *critical* of Apple's ability to arbitrarily enforce the contract.
While the scale of Apple's enforcement would seem to make it extreme (ie, all internal apps stop), many contracts revolve around one party supplying a good they control to their contract partner. If you get fuel delivered every week and you stop paying the bill (ie, violate the contract terms) they will stop del
Re: (Score:2)
Its very clear what happened. Apple caught Facebook red handed, and chopped their hand off. Someone stepped up and said "but google!!" In fairness and not wanting their contracts broken and services abused Apple cut Googles hand off too. It is real clear what happened, Don't break the rules you signed up for and you wont be treated like a kid and grounded.
Re: (Score:2)
My guess is that Google and Apple will resolve this without the courts. I'd guess neither side wants a legal precedent that says that immediate kill-switching all of a platforms apps and not just an offending one is too extreme. Apple wants control of what happens on their platform and I'm sure Google worries that "winning" a dispute with Apple could affect their ability to control the Android platform in similar ways.
I'd wager there will be some additional contract language between Apple and Google that
Re: (Score:2)
I completely agree. I don't think it will ever see court either. But as you said Google probably doesn't want to shoot their self in the foot. I was basically talking about all of the ERR MA GAWD APPLE IS THE DEVIL!!! We have seen here. They are just enforcing their rules.
Re: (Score:2)
Apple clearly are enforcing their rules and I'm sure their legal department said it was within their rights in the contract language.
That being said, this is one of those situations where there's little legal precedence -- who knows what kind of wild-ass challenges might undermine Apple's iron-clad right to do this.
I could see an argument against Apple based on quasi-monopoly power. Apple's products have no identical substitute goods, only similar substitute goods. In a normal market, someone selling tape
Re: (Score:2)
Apple can only get away with this behavior because they have a kind of monopoly power
I think you meant brain slugs...
Seriously Apple believers are brainwashed. The only thing they got right was mobile... In 30 years or so... But they did create a rather large cult.
Re: (Score:2)
The thing is, I don't think we have a very good way to describe a company with a product for which there *is* a substitute (ie, you can get an Android if you don't like iPhone) but where at the same time there's a lot of barriers to switching because of the nature of the goods in question -- apps, user interface, and some cases purchased/cloud data that's not usable on the substitute good.
It's not accurate to call iPhones a monopoly, but at the same time an Android is a very imperfect substitute. If I don'
Re:I have to think this will be restored sometime. (Score:4, Insightful)
Isn't it a message to every enterprise everywhere that Apple are in total control of your platform and can disable your work without notice or warning, rendering any investment you made worthless?
"Without notice or warning"? They flagrantly disregarded the cardinal rule of the license they agreed to [apple.com], which is spelled out in plain language in the subtitle, first paragraph, second paragraph, definitions, appropriate use section, etc. of the license. The license is even subtitled "for in-house, internal use applications". It really couldn't be any clearer. You can make pretty much anything you want for internal use, so long as it remains internal.
If I were a corporation looking to deploy an internal app, I'd be looking at non-apple options. Having your internal platform disabled could cripple smaller business to the point of threatening their viability.
Why? Is your hypothetical corporation breaking the cardinal rule too? The only people who need to be worried are those who haven't been using the license in good faith. So long as you're using the license as it was plainly intended to be used—to develop and use apps internally—you have nothing to fear, despite suggestions to the contrary.
Re: (Score:2)
When people hate Apple more than Facebook AND Google.. Well, I'll let you take it from there.. LOL This shit is great. people are forecasting delusion everywhere these last few days. I think this bitch is about to break!
Re: (Score:2)
I could also see Google and Facebook trying to turn this into an anti-trust complaint. Apple having the ability to basically shut down their internal applications remotely without recourse and there being no other way to sideload onto the OS is an extreme level of control over a platform.
Re: (Score:2)
But these companies are in breach of contract. I don't see how that would hold water in court.
Re: (Score:2)
Anti-trust law > contract law.
When the gatekeeping is so strong that signing such a contract with a competitor is even slightly attractive to an enterprise who wants to run internally developed applications on corporate-owned devices, I think there's a strong argument that there's something fishy going on.
Re: (Score:2)
Whats fishy is that these companies blatantly broke the rules, and got caught doing so and punished. Yet the same people that want to castrate Facebook and Google for "fake news" and such other bullshit are now trying to skewer Apple because they don't want their customers tracked WHILE these companies break the rules. That's the only thing suspect in this. You people defending Google and Facebook.
Re: (Score:2)
You seem to be confusing slamming Apple's tight grip on the iOS platform with defending Google and Facebook.
In a sane world, Google and Facebook or you or I shouldn't need Apple's permission to install anything on devices they own, period. The only consent necessary should be the consent of the device owner, period. That Apple makes it infeasble to do this on an enterprise full of iOS devices without signing a contract with Apple is a problem no matter who the enterprise is. That Apple won't allow iOS devic
Re: (Score:2)
I somewhat agree. Hi normally would be on the Apple hate train, but fact if the matter is nobody can touch them in the mobile space. Their computers are crap, iPhones are not. I type this on a shitty android tablet as we speak. But the iPhone in my pocket it's tethered to is far superior in all but screen size. It is also jailbroken so i can install what I want. Okih and it's more secure and as we can see in this article has more privacy and less tracking.
Re: (Score:2)
That's completely wrong. You can install your own self-signed certificates, or any other Server Identity or Authenticode certificates, on iOS devices. The procedure is no different than installing a Provisioning Profile with an Apple-supplied code signing certificate which is what enterprises need to do before installing their own (supposed-to-be-internal-use-only) apps.
Re: (Score:2)
"no other way" was maybe a bit strong. "no viable way for a large corporation..." would be more accurate.
I'm going to have to assume that Google and Facebook are aware of various other ways to sideload apps, and I'm also going to have to assume that if there was a viable Apple-free solution to running internal apps for their entire iOS-using employee base then this issue wouldn't have hit the front page.
If you know of a way to build an Apple-free equivalent to Apple's enterprise program, I can think of a co
Re: (Score:2)
Re: (Score:2)
Isn't it a message to every enterprise everywhere that Apple are in total control of your platform and can disable your work without notice or warning, rendering any investment you made worthless?
They're not, though. You can still install self-signed certificates on iDevices and then any apps code signed with those certificates. What Apple has done is enforce its ToS for Enterprise certificates by revoking Facebook's and Google's Apple-supplied code signing certificates - they're only meant to be used for internal apps.
FYI GlobalSign, Microsoft and all other Authenticode certificate authorities have Terms of Service as well and they can revoke the certificates you purchase from them at any time.
Re: (Score:2)
Re: (Score:2)
The US gov had the keys too
Clarification (Score:5, Informative)
So... as usual the summary (and even TFA in this case) had me confused about what is going on here. At first I thought Google was redistributing Apple's internal iOS apps. I thought maybe they were embedding iOS apps within their own apps or something. Anyway here's what this is about.
An enterprise developer license for iOS allows a developer to sign an app for limited *internal* distribution of an app. This is for testing and enterprise use internally within the company the license was issued to. This is in contrast to apps intended for public distribution, which as we know can only be done through the iOS App Store, and which requires Apple to approve the app.
What Facebook and Google have been doing is publicly distributing what should be internal-use-only apps to the public - apps that would not be approved by Apple for various reasons (including privacy issues) - through their enterprise developer license. So it's clearly a violation Apple's terms, and it sounds like both FB and Google are doing the overreaching data collection through these special apps.
Apple has reacted, disabling the signing keys for these apps so they no longer function.
Further clarification - not limited (Score:3)
An enterprise developer license for iOS allows a developer to sign an app for limited *internal* distribution of an app.
The point of the Enterprise developer license is it lets you distribute unlimited internal applications for use by your employees, on any number of devices.
When you have a developer certificate, you have to register devices you want to be able to distribute test builds for. Using an enterprise certificate for deployment, you do not have to register anyones device in your developer portal
Re: (Score:2)
Its also useful for some companies because the enterprise apps can do things that regular ones cannot, including things that are privacy violating but might be an acceptable option for employees who are using a corporate phone for corporate work or who want to use their personal phone for work purposes but that means they need to be audited like any other device.
App Store apps aren't allowed to use some. of the APIs that are available in the system, enterprise apps bypass this allowing them to do things lik
Re: (Score:2)
Emphasis mine. It's unclear whether paying someone to run an app is sufficient to legally consider that person to be a contractor, but IMO, that's a big enough grey area to build a large office building inside it. :-)
Re: (Score:2)
Nope. Employees have to be paid minimum wage. Contractors do not. In fact, most contracts are fixed-price contracts, where the company pays a specific amount of money in exchange for a specific job getting completed by a particular deadline. The contractor asks for an amount of money based on how long he or she thinks the job will take. If it takes longer and the contractor ends up getting less than minimum wage, it's the contractor's fault for bidding too low.
Re: (Score:3, Insightful)
Yes, we'll all take note - that Apple considers the privacy of their users to be of paramount importance. So important, in fact, that Apple will drop even facebook and google from their platform if that's what it takes.
Re: Further clarification - not limited (Score:3, Insightful)
Blatant violation requires extreme response. This was a message to Google and Facebook to stop being total dicks
Re: (Score:2)
Own the crypto, own the production, own the GUI, the OS.
Other brands products are trusted for testing only.
Why risk another brand with the ability to turn off anything internal?
Re: (Score:2)
Or how about don't fuck about and violate the contract you signed to be able to provide these internal apps. I doubt many of the privileged tech nerds that work at google and facebook are going to carry around multiple phones. Most likely they are dead set in their ways and you wont be able to change a fucking thing about them.
Re: (Score:2)
Just the company product they actually work for would be a good start
Why risk another big brand issue again?
Re: (Score:2)
Because google devices suck for privacy and tracking. And obviously something like this would have never came to light if it was all on android. So theres that..
Re: (Score:2)
Why would the smartest workers want to carry around another brands average consumer smart phone products?
Its the dream tech job and they don't want to use their own brands products?
Make using the company internal project smart phone fun and different.
More ram, more cpu, more resolution. More camera ability due to so many different lens additions.
Mandate it internally as a company smart phone project that wil
Re: (Score:2)
I don't know who the users of Google's monitoring application were or if they got any compensation, but I was their lawyer my first question would be "what does 'internal use only' mean?"
Does it mean only internal to the Google property? Probably not rational, it's a smartphone and use/testing implies it should be used anywhere the smartphone works.
Does it mean only to internal Google employees? I think this is probably closer to the meaning, but both Apple and Google employ thousands of contractors who a
Re: (Score:2)
FB was paying 13 year olds. No-one's going to pretend that a young teenager is any kind of employee or contractor in court, not least because it will open up a different world of pain related to the legal inadvisability of employing young teenagers.
The real question is (Score:2)
Why Google people use iPhone ?
Re: (Score:2)
There are two competing philosophies on this (Score:2)
I support the former. I believe the strength of democracy derives from its diversity of opinion, allowing ideas to compete and the better ideas to percolate up to the top. A
Re: (Score:2)
Average staff are used to consumer OS and devices. Productive and ready for work with the consumer level OS they know.
That some how average staff using the same big brand consumer devices will be more productive and find errors?
Re: (Score:2)
Googlers running IOS? (Score:2)
Googlers running IOS, serves them right. I suppose they don't know that Google makes phones. Well, and it's more than stupid that Google doesn't just give every employee a high end phone.
Re: Shoe on the other foot (Score:2)
Except that my 10 year old macbook pro 13" still renders webstuff just fine.
Even with an ssd upgrade, though, it's still not quite as speedy as my '12 rmbp 13. But that one, at 7 years old, is still as speedy for nearly all user interface functions as my partner's '17 15".
That one is by far the most amazing piece of comouter hardware i have ever owned.
Re: (Score:2)
Yore
Re: (Score:2)
Rittin
FTFH also.
and that will just lead to laws force them to open (Score:3)
and that will just lead to laws force them to open to outside apps. Maybe the EU can push that though.
Re: (Score:2)
And he got modded up for it...
Re: (Score:2, Insightful)
No, not really. Your premise is false. Normal people can't secure their device; Windows before the garden was "insecure" because people installed stuff without performing a security audit first.
Everyone I know looked at me really weird when I told them what I had to do to stay secure on an open platform.
They all asked me if they could just buy something secure and not have to get a CS degree.
So they have an iPhone now. /shrug
Re: Walled gardens are trash (Score:2)
So, from your own post, people have choices for hardware they can install anything they want on. If that is important to you, buy one of those pieces of hardware and leave the rest of us alone.
Re: Walled gardens are trash (Score:2)
No, the great thing is that people have options and you can choose one with a gatekeeper or not.
What is NOT great is acting like a gatekeeper by not allowing others to have a gatekeeper if they do choose.
Re: (Score:2)
Re: Walled gardens are trash (Score:2)
User has a choice to buy hardware without such restrictions.
Re: (Score:2)
That's not the point. The normalization of walled gardens makes them more acceptable to use in future technology, even if it's just updated versions of the existing technology....
Which I don't have a problem with.
Additionally, if there is software that you must use but that is not available on different platforms, you DON'T have a hardware choice. QuickBooks and the entire Adobe professional software suite are major pieces of software in extremely common use that are not available on Linux, not even through Wine.
Oh, but you do. You can use a different software package. And if it doesn't exist, you can write it. And if you can't, you can hire someone to write it. Then you can sell it, to all the people that don't like walled gardens. Then you'll be a BILLIONAIRE!!!
You're also completely ignoring the difference between a computer's administrator choosing to lock the system down vs. the manufacturer locking both users and administrators down. There are zero situations where a walled garden is a good thing. It's called vendor lock-in [wikipedia.org] and you need to do more research on the subject before continuing to advocate for it; it's simply a universally evil action.
Once again - there is always a choice - even if you find it to be an unattractive one.
Re: (Score:2)
Re: (Score:2)
Trust other brands products for testing only.
Select staff with the skills to quickly learn a new internal smart phone product.
Re: (Score:2)
Re: (Score:2, Interesting)
Ask them for a GDPR compliance statement.
The tumbleweed will be deafening.
Apple iCloud is run on AWS, Azure and Google Cloud instances in all kinds of territories, and they can't even be bothered to pass on the guarantees of those same places to their own customers because they just shift your iCloud data anywhere they like.
Literally. I spent six months asking, pre-GDPR, no answer. They failed to provide anything other than their current "working towards"-like statements they have on their website, wherea
Re: (Score:2)
This is stupid. iCloud is a consumer service and thus GDPR compliance in the sense you mean it: iCloud being usable by an enterprise for purposes that fall under the purview of GDPR, is a contradiction in terms.
Re: (Score:2, Interesting)
Reality:
In my professional capacity as an IT Manager, I requested, demanded and ultimately have never received - despite hundreds of thousands of pounds of investment in Apple kit - a GDPR compliance statement that the compulsory inspectorate for my industry, the data protection authorities in my country, or my employers themselves, would accept. As in, I didn't just get something they didn't like, but Apple could not, did not, and refuse to supply such compliance, where ALL their major competitors did.
I d
Re: (Score:2)
I'll say it again: it makes zero sense that you were trying to buy enterprise cloud services from Apple. iCloud isn't an enterprise cloud service.
Re: (Score:2)
No, the short sighted act that had consequences was Google's and FB's decisions to abuse Enterprise Dev certificates. Apple's response is a strategic act to protect the long term value of Enterprise Dev certs and disincentivise corporations who want to lie their way into the program and into their consumers' devices.