Apple Shares More Details on Parental Control App Crackdown

[realtuner]

Suspicious timing indeed, but now an official complaint has been logged with the EU competition commission, they’ll fully investigate Apple and report back I’m certain.
This public release on the matter form apple does come across as ‘damage control’ to try and deflect the negative press that will surround the story.

The EU will end up investigating the complainants since they abused Apples tools to give unprecedented access to users data. With the EU going all-in on privacy, this will look very bad.

From Qustodio’s website:

“In order to monitor activity on an iOS device, Qustodio requires you to install a Mobile Device Management (MDM) profile. This means that if you don’t install the MDM profile, you won’t be able to protect your child with Qustodio.”

From Kidslox’s website:

“Kidslox works on iOS by installing an MDM profile onto each device you wish to control – this profile allows you to remotely manage settings via the internet from any mobile device or web browser.”

This is the kind of language they use. You MUST install the MDM profile or you WON’T be able to protect your kids. This profile gives YOU the ability to control devices. These are common themes on their support sites. They say nothing about what this actually does to your device and how much control they will have after you install. They make it appear like it gives YOU the control.


Further, Qustodio also works with schools to set up device management for students. This would be a legitimate use of MDM. They should be fully aware that this is OK, but trying to use the MDM to bring this to individual users is not. Qustodio has no business playing dumb about why their App for regular users is not allowed.

 

[Solver]

Apple tells a developer that something is wrong, sites one of their subjective rules, that could mean almost anything, and that’s it. Apple remains silent, locking the developer from communication to anyone of importance except for one person. That person has the skill of a corporate lay-off man. It’s up the developer to guess what Apple believes the real problem is and come up with possible “solutions” that still allows their app to actually work. If Apple would more objectively state the problem to the developer then this would be much easier on developers, but they don’t, at all.

 

[TriBruin]

The EU will end up investigating the complainants since they abused Apples tools to give unprecedented access to users data. With the EU going all-in on privacy, this will look very bad.

From Qustodio’s website:

“In order to monitor activity on an iOS device, Qustodio requires you to install a Mobile Device Management (MDM) profile. This means that if you don’t install the MDM profile, you won’t be able to protect your child with Qustodio.”

From Kidslox’s website:

“Kidslox works on iOS by installing an MDM profile onto each device you wish to control – this profile allows you to remotely manage settings via the internet from any mobile device or web browser.”

This is the kind of language they use. You MUST install the MDM profile or you WON’T be able to protect your kids. This profile gives YOU the ability to control devices. These are common themes on their support sites. They say nothing about what this actually does to your device and how much control they will have after you install. They make it appear like it gives YOU the control.

I think this actually makes Apple's response even more suspect. At least in the case of these two companies, they were up front that their Apps were using the MDM protocol to collect the data. Again, if Apple is saying they did not know what these Apps were doing, then shame on Apple. It doesn't appear that either Qustodio's or Kidslox were hiding how anything from the public or Apple.

Further, Qustodio also works with schools to set up device management for students. This would be a legitimate use of MDM. They should be fully aware that this is OK, but trying to use the MDM to bring this to individual users is not. Qustodio has no business playing dumb about why their App for regular users is not allowed.

I will disagree that utilizing the MDM for this purpose is blanket wrong. Parents who want to monitor their kid's usage should have the ability. As long as the company was upfront about how they were doing it (and not found to be mis-using the data they collect), I don't have a problem with what they did.

 

[bb9]

Hey Phil, while you are at it, why not fix all the bugs and glitches associated with the screen time feature?

What screen rime bugs are you having?

 

[realtuner]

Sorry, you are wrong. It is impossible to install any profile (which is how you managed a MDM enrolled device) without the user knowingly accepting it. Unless Apple doesn't install an App on a device or simulator during their review process, the reviewer would have to accepted the profile installation. While a normal user may have just click OK automatically, not knowing what they are doing, any reviewer should have questioned what profile was being installed and why.

As a developer I know of several tricks to modify the behavior of an App after it's been approved. Apple reviewers can check for these, but obviously they don't catch everything that comes through. Just like malware occasionally sneaks into The App Store.

Bottom line, you can't claim a 100% success rate by Apple as an excuse to fault them when Apps get through.
[doublepost=1556550068][/doublepost]

I think this actually makes Apple's response even more suspect. At least in the case of these two companies, they were up front that their Apps were using the MDM protocol to collect the data. Again, if Apple is saying they did not know what these Apps were doing, then shame on Apple. It doesn't appear that either Qustodio's or Kidslox were hiding how anything from the public or Apple.

How do you know they were upfront? Do you have any documentation to support this (perhaps e-mail exchanges from the companies to Apple discussing this)?

I will disagree that utilizing the MDM for this purpose is blanket wrong. Parents who want to monitor their kid's usage should have the ability. As long as the company was upfront about how they were doing it (and not found to be mis-using the data they collect), I don't have a problem with what they did.

Whether or not you think it's OK to track your kids doesn't change the fact MDM and enterprise certificates are for use by companies/organizations, not individuals.

 

[cmaier]

Care to share a few specific examples?

Screen Time has worked flawlessly for me, but I'm not managing child devices. Maybe that's where your supposed flaws are?
[doublepost=1556505098][/doublepost]

Give us a scenario. Remote Unlock would be a very scary feature that bypasses the strong measures in place.

I’ve posted many a screenshot showing problems managing child Devices. Fun example include when it tells me the child has only used her device for 30 minutes, of which an hour and a half is roblox. Or that it randomly turns off the app limits or randomly changes the time for app limits. Or that when it adds the iPhone and iPad times the sum is less than the time for either device.

 

[rjp1]

I have it set up on my kids devices also, and they can request more time remotely. I even like in iOS12.3 where they have the ability to customize days for app limits and screen time blocking. My child however has been able to bypass some restrictions, which I have reported to Apple by using other features...Such as being able to use the Messages App even though restricted by taking a screen shot, hitting the share button, choosing messages, and entering who they want to send it to. Then editing the message to delete the screen shot and using being able to see new messages and send regular text/iMessage messages. They can also do this if you don’t have restrictions set up on Photos or Music, or any app with the Share button.

Interesting. I’ll have to look through the settings later.

 

[TriBruin]

As a developer I know of several tricks to modify the behavior of an App after it's been approved. Apple reviewers can check for these, but obviously they don't catch everything that comes through. Just like malware occasionally sneaks into The App Store.
se. It appears that the Apps have been utilizing the MDM protocol from the start. Unless you have proof of nefarious activity by the companies (at least the two you referenced), I have no reason to believe what was submitted

Bottom line, you can't claim a 100% success rate by Apple as an excuse to fault them when Apps get through.

Fair statement. But, there is no indication that is what happened in this case. The companies posted on their website they method they used to access the data. While most users probably wouldn't understand what that means, surely Apple would.

[doublepost=1556550068][/doublepost]
How do you know they were upfront? Do you have any documentation to support this (perhaps e-mail exchanges from the companies to Apple discussing this)?

You posted the documentation yourself. The companies posted it publicly on their website. Does Apple not have any obligation here? Apple constantly promotes the safety and security of their walled garden approach to the AppStore as why the can't allow Apps to be officially sold and distributed outside. If Apple did not catch the companies utilizing the MDM profiles, then maybe their review process is not as adequate as we are led to believe. (For the record, it is dead simple to see if an MDM profile is on your device. It can NOT be hidden by anyone including Apple.)

Whether or not you think it's OK to track your kids doesn't change the fact MDM and enterprise certificates are for use by companies/organizations, not individuals.

I disagree, but that is my opinion. You don't have to agree.

 

[atotic]

I have it enabled on my kids' phones. Sometimes on weekends we extend the time the kids get to use their devices. Last night I was out to dinner with my wife and my daughter called me and asked to unlock Netflix. I would have been fine with her using the app, but I didn't want to give her the PIN.

They can request to buy something in the app store remotely from the parent account (https://support.apple.com/en-us/HT201089). They should be able to request more screen time and get a popup on parents' devices in a similar way.

I told her I'd unlock her Nintendo Switch instead. Nintendo is known for being way behind in online functionality. So it is surprising that even they knew to include remote parental control management to their app.

 

[JetTester]

I am all for Apple cracking down on apps that violate the agreement on what can and can't be done. That's a good thing. The timing of which particular type of apps they are killing seems a bit suspicious, however.

 

[briko]

To those who say Apple should have caught them, it’s akin to saying Microsoft should have caught bugs and security hikes in their testing.

Dude, perhaps you aren't familiar with development, but some of us on this form are. Software bugs and security holes are unknowns. It's basically impossible to guarantee against them because you literally don't know if they exist until they've been discovered.

MDM is created and provided BY Apple. They hold the keys to it, and they decide who gets to use it. They literally have a list of every developer that they gave the keys to. When a developer submits an app to the review board, Apply already knows whether or not that developer has access to MDM. No app should get through review if it uses MDM.

Respectfully, there is simply no parallel to be drawn from this story about the App Store and how Microsoft goes about bug testing their OS. Microsoft would need to have a map detailing where every single bug was, and the fix would need to be as simple as clicking a "reject" button. But that scenario doesn't represent reality, because bugs can be difficult to find, and the fix is often difficult to implement.

 

[Rogifan]

I am all for Apple cracking down on apps that violate the agreement on what can and can't be done. That's a good thing. The timing of which particular type of apps they are killing seems a bit suspicious, however.

Except nobody can provide a legitimate reason Apple would want to kill these apps. Screen time doesn’t make Apple any money or create lock-in of any kind. Nobody is saying gosh I’d love to go Android but I can’t because of screen time. Even though Apple implemented a flashlight into control center and the lock screen there are still flashlight apps on the App Store.

 

[I7guy]

Dude, perhaps you aren't familiar with development, but some of us on this form are. Software bugs and security holes are unknowns. It's basically impossible to guarantee against them because you literally don't know if they exist until they've been discovered.

MDM is created and provided BY Apple. They hold the keys to it, and they decide who gets to use it. They literally have a list of every developer that they gave the keys to. When a developer submits an app to the review board, Apply already knows whether or not that developer has access to MDM. No app should get through review if it uses MDM.

Respectfully, there is simply no parallel to be drawn from this story about the App Store and how Microsoft goes about bug testing their OS. Microsoft would need to have a map detailing where every single bug was, and the fix would need to be as simple as clicking a "reject" button. But that scenario doesn't represent reality, because bugs can be difficult to find, and the fix is often difficult to implement.

I used to write embedded operating systems and code in machine language, so maybe I do know a few things about software development. (Also have had an app in the App Store)

However, it’s just an analogy. Saying somebody who is doing this for a while should have known can be applied to almost everything, which was the point.
[doublepost=1556554822][/doublepost]

Sorry, you are wrong. It is impossible to install any profile (which is how you managed a MDM enrolled device) without the user knowingly accepting it. Unless Apple doesn't install an App on a device or simulator during their review process, the reviewer would have to accepted the profile installation. While a normal user may have just click OK automatically, not knowing what they are doing, any reviewer should have questioned what profile was being installed and why.

So then how did these apps get on these devices? Remember correlation does not imply causation as contrasted with Occam’s razor.

 

[prasand]

The timing makes sense. Even if Apple was aware long before the crackdown occurred, if they simply removed those apps without providing an alternate solution there would have been much outrage. So it makes sense that when they noticed it, they then implemented a safer method before removing the harmful one.

 

[VulchR]

Why does Apple have to do this?

Clearly the apps are popular, so why destroy their capability? Apple does this over and over - app developers create some new form of function and then Apple roll it into an operating system or its own software, often thereby destroying the livelihood of the developer. Apple needs to maintain a diverse developer ecosystem, and they can't do that by killing off their competition. Remember Apple's initial myopic vision about software for the iPhone?

Source: link

 

[briko]

I used to write embedded operating systems and code in machine language, so maybe I do know a few things about software development. (Also have had an app in the App Store)

However, it’s just an analogy. Saying somebody who is doing this for a while should have known can be applied to almost everything, which was the point.

I'm not saying Apple should have known. I'm saying Apple did know. They modified their review guidelines in 2017 specifically for this issue. If Apple reacted properly when they became aware of the abuse in 2017, we wouldn't be here commenting on this story in 2019.

 

[TriBruin]

Dude, perhaps you aren't familiar with development, but some of us on this form are. Software bugs and security holes are unknowns. It's basically impossible to guarantee against them because you literally don't know if they exist until they've been discovered.

MDM is created and provided BY Apple. They hold the keys to it, and they decide who gets to use it. They literally have a list of every developer that they gave the keys to. When a developer submits an app to the review board, Apply already knows whether or not that developer has access to MDM. No app should get through review if it uses MDM.

Respectfully, there is simply no parallel to be drawn from this story about the App Store and how Microsoft goes about bug testing their OS. Microsoft would need to have a map detailing where every single bug was, and the fix would need to be as simple as clicking a "reject" button. But that scenario doesn't represent reality, because bugs can be difficult to find, and the fix is often difficult to implement.

There are no MDM keys. The MDM profile is publicly documented by Apple and anyone can utilize the MDM protocol. (There is at least one public domain MDM available.) While Apple does work very closely with their MDM vendors, it does not restrict anyone from building against the MDM profile.

You are thinking about Enterprise Application which have Developer certificates associated with them. Yes, Apple issues and manages those.
[doublepost=1556556219][/doublepost]

I used to write embedded operating systems and code in machine language, so maybe I do know a few things about software development. (Also have had an app in the App Store)

However, it’s just an analogy. Saying somebody who is doing this for a while should have known can be applied to almost everything, which was the point.
[doublepost=1556554822][/doublepost]
So then how did these apps get on these devices? Remember correlation does not imply causation as contrasted with Occam’s razor.

That is great you are a developer, but have you ever installed an MDM profile on your device? One has NOTHING to do with the other. You are comparing bugs (which as typically hidden and hard to track down.) to having to physically perform a positive action. As I have stated a number of times, an application CAN NOT install an MDM without user approval. There is no exceptions! (And, even if there was, the profile is still readily viewable in the Settings screen.)

So, if Apple is claiming that they did not know these application utilized the MDM profile to work means one of two things:

1. Apple's reviewer does not install the application on either a physical device or simulator. Therefore they did not know the app installed a profile.
2. Apple's reviewed DID install the App and accepted the profile install, but still approved it. They either did not understand this was in violation of the guidelines or were told this was within guidelines.

We don't know what happened. But, for Apple to state that they did not know that these applications utilizes the MDM profile, puts there review process in question.

 

[briko]

There are no MDM keys. The MDM profile is publicly documented by Apple and anyone can utilize the MDM protocol. (There is at least one public domain MDM available.) While Apple does work very closely with their MDM vendors, it does not restrict anyone from building against the MDM profile.

You are thinking about Enterprise Application which have Developer certificates associated with them. Yes, Apple issues and manages those.

I didn't realize MDM was available through public domain. Thank you for letting me know this.

I do still feel that the review team should have caught apps using these profiles. Wouldn't the reviewer have to acknowledge and install the profile when testing the app?

Edit: Just saw your post above addresses this.

 

[apolloa]

The EU will end up investigating the complainants since they abused Apples tools to give unprecedented access to users data. With the EU going all-in on privacy, this will look very bad.

From Qustodio’s website:

“In order to monitor activity on an iOS device, Qustodio requires you to install a Mobile Device Management (MDM) profile. This means that if you don’t install the MDM profile, you won’t be able to protect your child with Qustodio.”

From Kidslox’s website:

“Kidslox works on iOS by installing an MDM profile onto each device you wish to control – this profile allows you to remotely manage settings via the internet from any mobile device or web browser.”

This is the kind of language they use. You MUST install the MDM profile or you WON’T be able to protect your kids. This profile gives YOU the ability to control devices. These are common themes on their support sites. They say nothing about what this actually does to your device and how much control they will have after you install. They make it appear like it gives YOU the control.


Further, Qustodio also works with schools to set up device management for students. This would be a legitimate use of MDM. They should be fully aware that this is OK, but trying to use the MDM to bring this to individual users is not. Qustodio has no business playing dumb about why their App for regular users is not allowed.

Still defending Apple I see? I’m afraid you don’t know how the EU competition commission works if you believe your first paragraph...

 

[I7guy]

I'm not saying Apple should have known. I'm saying Apple did know. They modified their review guidelines in 2017 specifically for this issue. If Apple reacted properly when they became aware of the abuse in 2017, we wouldn't be here commenting on this story in 2019.

Is that you’re opinion Apple knew in 2017 or a guess?

...That is great you are a developer, but have you ever installed an MDM profile on your device? One has NOTHING to do with the other. You are comparing bugs (which as typically hidden and hard to track down.) to having to physically perform a positive action. As I have stated a number of times, an application CAN NOT install an MDM without user approval. There is no exceptions! (And, even if there was, the profile is still readily viewable in the Settings screen.)

So, if Apple is claiming that they did not know these application utilized the MDM profile to work means one of two things:

1. Apple's reviewer does not install the application on either a physical device or simulator. Therefore they did not know the app installed a profile.
2. Apple's reviewed DID install the App and accepted the profile install, but still approved it. They either did not understand this was in violation of the guidelines or were told this was within guidelines.

We don't know what happened. But, for Apple to state that they did not know that these applications utilizes the MDM profile, puts there review process in question.

The review process seems always to be in question and yes I have a few profiles on my iOS device. So I understand what they do and how they work.

 

[briko]

Is that you’re opinion Apple knew in 2017 or a guess?

My only guess here is that you didn't read the original article or Apple's own statement on the matter.

MDM technology is intended for enterprise users to manage their company-owned devices, and Apple says the use of MDM by consumer-focused apps carries privacy and security concerns that resulted in Apple addressing the situation in its App Store review guidelines in mid-2017.

 

[I7guy]

My only guess here is that you didn't read the original article or Apple's own statement on the matter.

So “we became aware” can mean anything, which is the reason for the question.

 

[zifty]

Why can't Apple require these apps to better explain what data is being exposed in order to remain approved? Or provide an API that those apps could use to gather that data without MDM, in a way that would prompt the user for consent similar to location or notifications? Apple knew that revoking the ability to use MDM would destroy these apps. There's no other way for an app to monitor what's going on with usage on the phone except through MDM. Apple might as well have sent them a letter that says, "We are going to remove your app in April. There is nothing you can do." Can't we have a choice to use some other parental control method than Apple's?

 

[falainber]

There are no MDM keys. The MDM profile is publicly documented by Apple and anyone can utilize the MDM protocol. (There is at least one public domain MDM available.) While Apple does work very closely with their MDM vendors, it does not restrict anyone from building against the MDM profile.

You are thinking about Enterprise Application which have Developer certificates associated with them. Yes, Apple issues and manages those.
[doublepost=1556556219][/doublepost]

That is great you are a developer, but have you ever installed an MDM profile on your device? One has NOTHING to do with the other. You are comparing bugs (which as typically hidden and hard to track down.) to having to physically perform a positive action. As I have stated a number of times, an application CAN NOT install an MDM without user approval. There is no exceptions! (And, even if there was, the profile is still readily viewable in the Settings screen.)

So, if Apple is claiming that they did not know these application utilized the MDM profile to work means one of two things:

1. Apple's reviewer does not install the application on either a physical device or simulator. Therefore they did not know the app installed a profile.
2. Apple's reviewed DID install the App and accepted the profile install, but still approved it. They either did not understand this was in violation of the guidelines or were told this was within guidelines.

We don't know what happened. But, for Apple to state that they did not know that these applications utilizes the MDM profile, puts there review process in question.

Good explanation. Apple are definitely lying when they say they "when we found out about these guideline violations". There is absolutely no way that they did not know such applications (including the ones from high profile developers) existed in the App Store when they started developing their own version. There is also no way that they did not realize that these apps had to use MDM even if we assume that all the reviewers who reviewed these particular apps were clueless. One does not even need to install such an app to understand that it can't work in iOS without MDM. Granted, in big companies, when they say "we found out" "we" may mean many things. It's possible that some people knew it but they were not the ones who cared one way or another.

Even if take them at their word ("when we found out about these guideline violations" and that they would never knowingly let apps with MDM into the app store) at the very least this would mean they are simply incompetent and all their claims about them caring about people privacy are empty promises because even if they do care they are incompetent to protect it.

 

[realtuner]

So, if Apple is claiming that they did not know these application utilized the MDM profile to work means one of two things:

1. Apple's reviewer does not install the application on either a physical device or simulator. Therefore they did not know the app installed a profile.
2. Apple's reviewed DID install the App and accepted the profile install, but still approved it. They either did not understand this was in violation of the guidelines or were told this was within guidelines.

We don't know what happened. But, for Apple to state that they did not know that these applications utilizes the MDM profile, puts there review process in question.

Another logical fallacy.

Show only 2 possibilities, and then claim Apple is doing something bad by implying those are the ONLY two possibilities.

How about:

3. Developer modified the behavior of the App after it was approved by an Apple reviewer.
4. Developer described the App as for use by school districts and other organizations, so it was approved based on that description.
5. Reviewer fast-tracked the App approval based on previous history of the developer and missed something they might normally check (they trusted the developer too much).
[doublepost=1556563767][/doublepost]

Still defending Apple I see? I’m afraid you don’t know how the EU competition commission works if you believe your first paragraph...

Then would you care to explain, in detail, why I am wrong?
[doublepost=1556565006][/doublepost]

Except nobody can provide a legitimate reason Apple would want to kill these apps. Screen time doesn’t make Apple any money or create lock-in of any kind. Nobody is saying gosh I’d love to go Android but I can’t because of screen time. Even though Apple implemented a flashlight into control center and the lock screen there are still flashlight apps on the App Store.

This is the key point that people are missing. There's no benefit to Apple removing these Apps. It makes Apple no revenue at all.

If that were the case, then why do we still have:

• Google Maps, Waze, MapQuest, Here and other maps that compete with Apple Maps. Google Maps and Waze now even work with CarPlay.
• Literally hundreds of music production Apps that compete directly with Garageband.
• Evernote, Notability, Bear Google Keep and countless other note Apps that compete with Apples Notes App.
• Microsoft Office, Google Docs, Polaris and other office suites that compete with iWork.
• Spotify, Deezer, Tidal, Pandora and all the other streaming services that compete with Apple Music.

You get the idea. Every Stock App that Apple includes with iOS has countless other competing Apps in The App Store. Why isn't Apple removing all these Apps?