Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Parental Control App Developers Urge Apple to Make Screen Time APIs Available for Third-Party Apps
- Thread starter MacRumors
- Start date
- Sort by reaction score
Of course the data can be encrypted.. you think Apple doesn't already perform this in Screentime?
I don't think you're understanding what people want here.
While Screentime APIs can provide the access to the data and parental control functions, app developers can give the app more functionality on top of them.
App developers could make something that actually works in a more coherent manner, as opposed to the Screentime app that is limited in things like scheduling options and the navigation is a hot mess.
There's tons of room for improvement.
And again, there would be no reason for the developer to capture or even see the control data between the child and parent's device.
Only the on device app needs to be able to access the data.
We develop in these scenarios all the time. There's no need (and where I work, no legal option) for me to see the customer data our apps are using.
I HIGHLY recommend setting up Family Sharing using Apple's easy to follow instructions. Regardless of whether you use a 3rd party parental control app, families really do need to set up Family Sharing: https://support.apple.com/en-us/HT201088
With Family Sharing turned on, you can then follow Apple's four step process to turn on Screen Time: https://support.apple.com/en-us/HT208982
And last, but certainly not least, you can follow another 4 easy steps to enable Find My iPhone. Do this for each family member's devices: https://support.apple.com/en-us/HT205362
I've been through all of this. And while it takes some time, it is NOT difficult.
As long the have enough money to pay the hefty fines such companies are charged by teh EU and others for unfair business practices.
Working in the education sector and using MDM to manage our fleet of iPads; MDM is way more granular than that of screentime, allowing you to manage almost all aspects of the iPad itself. Whats more, the MDM allows you to see where an iPad is, content of the iPad and so many other things. I think that this is a good move by Apple, protecting the end user - the naive end user that doesn't understand exactly what can be divulged to a company with an MDM profile installed on the device. These companies will probably lose the ability to sell off analytics to other companies gathered by the MDM profiles.
I'm a developer at one of these companies. Not sure why you assume we sell data, but let me tell you that you are fundamentally wrong. We make our living out of user subscriptions and nothing more.
Because the vendors of those enterprise MDM apps aren’t giving themselves access to the customer devices, it’s the device owners who get that access. Unlike the Screen Time type apps, the vendor has no access to devices. Do you really not understand the difference?
In one case, a device owner is installing software on their own device which gives “unrestricted access”—including location and camera permissions. The analogous situation would be a parent who installs an MDM app, giving them unrestricted access to their own child’s device, including the ability read emails, check their child’s location, look through their browser history, etc.
But that’s not what’s happening. It’s not the parent (device owner) but instead a vendor (a third party) who has been given that unrestricted access. Apple doesn’t want apps on the App Store that, when installed, permit the vendor to have unrestricted access to customer devices. They do not have a problem with employers being given that same access—which has privacy and security implications—to devices used by their employees.
I can’t imagine you don’t see how these are two completely different uses (of the same technology).
If you still don’t understand the difference, let me ask you a few questions: 1) would you be ok with having various people, who you do not know, having access to the real-time location of your child? 2) Would you be ok with those same people being able to remotely install any software they wished on your child’s device? 3) Would you be ok with persons unknown to you having control over the camera permissions of your child’s device?
I read what you wrote, both posts. Do you remember what you wrote?
Twice (in two separate posts) you expressed a viewpoint that the information in the article might not be accurate:
My point was that if you follow the links provided, you can see exactly what both Schiller and Apple said, verbatim. You can see for yourself “if Apple actually said what MR (Joe) claimed” instead of speculating on its accuracy, implying that the article might be misstating or misquoting or otherwise incorrectly reporting Apple’s statement.
Last edited:
I don’t know exactly what Siri features are implemented in either Spotify or Apple Music, but there does seem to be a misunderstanding on the current status of Siri integration with the Spotify app. In its response statement, Apple states the following:
To me, that sounds like the ball is in Spotify’s court. Maybe Spotify has denied that’s the case; if so, I’m not aware of it. There may be other issues with respect to Siri integration; I really have no idea.
(I’m not the OP, just jumping in.)
Last edited:
First, I appreciate the help with my trying to understand this.
Second, lightening up your tone would be appreciated. If that’s impossible then I invite you to cease trying to help.
With that out of the way, I believe it would help to work backward.
Second, lightening up your tone would be appreciated. If that’s impossible then I invite you to cease trying to help.
With that out of the way, I believe it would help to work backward.
I am an employer.
I want to purchase a license for an Enterprise MDM application from a third party company to monitor and control iso devices. These iso devices are (1) company owned and (2) employee’s personally own devices used as BYOD.
My question: What oversight/controls has Apple placed on these third party development companies to verify they are not giving themself access to my company’s data and the iso devices?
I want to purchase a license for an Enterprise MDM application from a third party company to monitor and control iso devices. These iso devices are (1) company owned and (2) employee’s personally own devices used as BYOD.
My question: What oversight/controls has Apple placed on these third party development companies to verify they are not giving themself access to my company’s data and the iso devices?
That is what Apple does. I suspect major new API’s in this an Marzipan soon.
[doublepost=1556855647][/doublepost]
You are in a different legal position than a developer is. The Supreme Court has several times given the corporate executives, the boss, the right to control the employee’s desktop. I believe you have to divulge this to them, perhaps some of the BYOD staff would want you to buy them a new phone if they don’t want to have you peeking in on their personal phone. You have the right to read their business mail, search it if you suspect corporate spying, you can find it and fire the employee, and probably get them arrested if bad enough. Buy the MDM iPhone app, for your business. Use it for that purpose and you’re good. Quite different from having a software vendor use MDM software to allow someone to profile your kid without you knowing.
[doublepost=1556855647][/doublepost]
You are in a different legal position than a developer is. The Supreme Court has several times given the corporate executives, the boss, the right to control the employee’s desktop. I believe you have to divulge this to them, perhaps some of the BYOD staff would want you to buy them a new phone if they don’t want to have you peeking in on their personal phone. You have the right to read their business mail, search it if you suspect corporate spying, you can find it and fire the employee, and probably get them arrested if bad enough. Buy the MDM iPhone app, for your business. Use it for that purpose and you’re good. Quite different from having a software vendor use MDM software to allow someone to profile your kid without you knowing.
Last edited:
Depends if you include taking the name and function of an existing app and pre-installing their own version on all new devices.
So what you're saying is that Apple has been incompetent in detecting the use of MDM for monitoring children usage? They have NEVER bothered to ask how are these apps able to use functionalities that are not permissible? So much for their robust vetting process.
Or are you saying that Apple KNEW about it but INTENTIONALLY ignored the issue? And then magically BANNED all of them just shortly before or shortly after the release of Screen Time? What wonderful coincidence! Geez I wonder why Apple was sooooooo generous to allow these apps that intentionally broke the rules. So much for enforcing security and privacy for the last few years. Basically Apple allowed these apps in the App Store when it was beneficial to the ecosystem and then threw them under bus after they copied the features. Typical.
Apple is blowing smoke up everyone's ass. The term "security" has become everybody's bitch - it's always used as an excuse for someone to do (or not do) something they shouldn't be doing. Apple is more and more frequently doing stupid ****. They're slowly becoming the Microsoft of old we used to despise.
Security huh ? Now, what kind of "security" would there to not proving Screen time or API to others? Once you get hooked on a word, you can link to just about anything and believe it *rolls eyes*
Apple should be loosening up, and stop trying to claim security when there isn't any. They already lock down iOS as is... what more do they expect ?
Apple should be loosening up, and stop trying to claim security when there isn't any. They already lock down iOS as is... what more do they expect ?
1. Well, what else would you say.
2. That's today. What if/when your CEO gets greedy?
Are you not aware that many of the major MDM vendors offer cloud based solutions? No big difference. The major MDM company (Jamf, VMWare, Zuludesk, etc.) all would have the ability to see the data on device enrolled in cloud instances. In addition, there are companies that offer managed services utilizing these same MDM. There are for companies (usually small businesses), that offer to manage MDMs for customer. They would have the same (if not more) access to the data coming from the devices than the companies we are talking about her.
Wrong, possible but not unlimited, and wrong. First of all, no company, either the MDM vendor or even the Organization will have UNRESTRICTED access. That is flat out false. You can not "read emails" or "look through a browser history" utilizing MDM. Apple has been very clear to their MDM vendor what data they can access. For the most part, MDM focuses on a few key functions:
- Initial setup fo the device including App installation
- App installation of both App Stores Apps and Enterprise Apps
- Ability to set restriction on usage and control data access (i.e. ensure that data on the device is not shared in unsafe manner)
- Ability to collect certain usage data and data about the device (Apps installed, phone time, etc.)
"Unrestricted" - You keep using that word, I don't think it means what you think it means. No company, MDM Vendor, or person ever has unrestricted access to an iOS device. Apple has done a great job with their MDM protocol of balancing the needs of a company to manage their device and data while maintaining the privacy of the users.
Actually the use case if very similar. Companies want to make sure devices they own are used appropriate and be able to take action if necessary. Parents want to make sure their children use their device appropriately and take action if necessary.
For #2 & #3, you are 100% wrong. An MDM can not install any App without permission UNLESS the device has been Supervised. For 99% of the supervised devices, that means they are enrolled in Apple DEP program, which ONLY is available to Enterprise and Educational customer. These Parental Control companies would only be able to install Apps if the user approved them. The camera is COMPLETE false. MDM can only disable access to the camera (for security purpose). No MDM option exists to enable the camera. Any App that asks for Camera use will require approval from the user.
Apple has spent a significant time and effort to refine their MDM protocols and balance the need of company to control their devices and data while maintaining the privacy of the end users. Apple continues to move a vast majority of the more restrictive and intrusive MDM functions to only be available on Supervised devices. And Apple's unofficial roadmap indicates this trend will continue.
Last edited:
1) “MDM gives a third party control and access over a device and its most sensitive information including user location, app use, email accounts, camera permissions, and browsing history”.
As I said in an early post, that’s what Apple says. I didn’t make that up; it’s directly from their press release. It clearly states MDM gives access to email accounts and browsing history. If you have a disagreement with that, maybe that’s best taken up with Apple.
2) “Unrestricted access” is also from the press release. Schiller uses the term as well in his email:
“No one, except you, should have unrestricted access to manage your child’s device, know their location, track their app use, control their mail accounts, web surfing, camera use, network access, and even remotely erase their devices”.
Apparently you and Apple differ on what “unrestricted access” means.
3) As I said in an earlier post, Apple doesn’t have a problem when enterprises use MDM to access and exert control over devices if that company has a right to all of the data and use of those devices.
(Apple also doesn’t have a problem with hosted/third party/managed service providers of MDM servers. Companies choose to outsource many different aspects of IT, including VPN, Exchange/email, DNS/AD, etc. Any use of service providers for these types of services can bring with it privacy and security concerns, however enterprises that outsource those functions are well aware of the potential issues.)
4) Apple definitely has a problem with a private, consumer-focused app business installing MDM control over a customer’s device.
5) I’m sure you understand the difference between an allowable internal-only enterprise use vs. a prohibited consumer-facing app. OP did not.
6) #3 is why MDM exists. #4 is against App Store rules since 2017 and is why the offending apps were removed. Apps that didn’t abuse MDM remain.
7) For any of the companies of the pulled apps to pretend they had no idea what the problem was with their apps, or what they needed to do to be compliant is disingenuous and not at all believable. It’s simple: don’t use MDM in a non-enterprise setting.
8) For vendors of the apps abusing MDM to call Apple’s actions anticompetitive doesn’t make any sense when Apple doesn’t have a competing app for sale. Instead of benefiting from those app removals, Apple actually loses money—15/30% of all the revenue those apps make.
9) I can’t imagine that the EU complaints will result in any action against Apple, but you might disagree.
10) Apps that don’t want to get pulled from the App Store shouldn’t flagrantly violate the rules. But when you get caught, please do us a favor and don’t insult our intelligence by claiming to be caught off guard/not given sufficient notice/unaware of the reason you got pulled/don’t know what you have to change in order to be compliant/etc. You knew you were violating App Store rules (and no doubt the T&C for MDM as well) and have been on borrowed time for months/years. It finally caught up with you, and crying to the EU and writing snarky open letters to Apple is not likely to be helpful.
Last edited:
Seems easier, cheaper, and better in other ways to just not give the kids smartphones
[doublepost=1557050500][/doublepost]
This still doesn't make sense. You say the app has access to the data, either on the parent's phone or the child's (there's no other way this would work). What's stopping the app from sending it to the dev's servers?
[doublepost=1557050643][/doublepost]
Learning at age 18 or using the school-provided machines seems like not an issue. I was in 7th grade when the iPhone 3G came out, and within a few years nearly everyone at my school had an iPhone, so I lived right through this. Smartphones ruined a lot of aspects of being a kid, and nobody learned self-control until like halfway through college.
That and there's no need or compelling reason to have one as a kid. A dumbphone is legitimately useful, though. I'm worried because today's parents didn't have this tech as children and don't know how messed up things are.
[doublepost=1557051135][/doublepost]
It's impossible unless Apple implements a new level of sandboxing for these apps that makes them pretty much hermetic except for access to this API, and that's hard. Otherwise, nothing stops an app with access to this data from sharing it.
[doublepost=1557051509][/doublepost]
Well, there's nothing wrong with their argument this time. I don't think I'd update my iOS if they added screentime APIs as described here.
Last edited:
I grew up before smartphones, the Internet and even before computers were commonplace in homes and I have news for you. Many people don’t learn self-control until halfway through college and a lot never learn it.
Human behavior hasnt changed. Things have always been messed up. Smartphones have just given these things a wider audience.
You are simply taking CEO and Executives words as truths. These are PR words designed to mislead and invoke fear. They differ significantly from the actual MDM documentation that developers have access to. It's simply a lie or misleading at best to say "unrestricted". They were also the ones that lied about battery throttling until they got caught.
Fact: MDM has been used for Parental Control since at least 2012 - over 6 years ago. Not a word from Apple.
Fact: iOS 12 is released with Screen Time for parental control - 2018 - suddenly same apps get removed.
You can read more facts here on Apple Executives PR vs. MDM Documentation: https://medium.com/@ourpactapp/there-used-to-be-an-app-for-that-41344f61fb6f
So this begs four questions:
1. Why did Apple allow non-business and non-enterprise developers to use MDM for the last 6 years?
2. How is it possible that this "unrestricted" MDM feature was used and escaped detection for 6 years?
3. Why is it now a problem only after screen time is released?
4. Why does Apple executives contradicts their own MDM documentation?
So IMO Apple was either incompetent in their vetting process of "god mode" of using MDM or they simply did not care until now with the release of Screen Time. I am going with the latter. Now that they have Screen Time these apps are no longer beneficial to the ecosystem - so they removed for violating MDM six years ago (that Apple allowed).
Last edited:
2012 is not relevant. The rules were updated in 2017, giving these vendors plenty of time to become compliant. Some did, and remain in the App Store. Those that refused to stop installing MDM profiles were blocked/removed.
Deal with it. Update your apps. Crying to the EU or complaining you used to get away with it but now you don’t is not going to change Apple’s mind about MDM use outside the enterprise.
You think Apple releasing Screen Time is relevant to them cracking down on vendors abusing functionality meant only for enterprise use, but it’s a bigger issue than just Screen Time type apps. The crackdown on the abuses of features and capabilities meant for enterprise but used in customer-facing apps has been ongoing, with even Google and Facebook getting busted recently.
Furthermore, Apple has nothing to gain financially from blocking those MDM-abusing apps, and in fact their revenue and profits suffer for having done so. I don’t understand the anticompetitive angle that’s being pushed. If Apple were selling a Screen Time app that argument would at least make sense, but that’s not the case here.
There are plenty of apps that compete with Apple, including email, notes, camera, file sync/backup, video and music rental/streaming/purchase, messaging, podcast, FaceTime, maps, keyboards, calculators. emoji/Animoji, alarms/timers, photo library and many more—including Screen Time type apps. One thing all those available apps have in common is that they do not violate rules and restrictions against non-enterprise use of MDM.
btw PR spin from companies with apps blocked due to MDM abuse may not be the best source of information.