Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
the-airpower-announcement-at-the-2017-iphone-keynote.jpeg
What does this have to do with anything? Airpower was cancelled, nobody actually had hands on with a real prototype.
I actually kind of disagree with Apple here.

It has become increasingly clear to me that parents need more control over their child’s devices.

If I want to disable cameras on my kids device I should be able to do so. If I want to create an app blacklist of things they can’t install on the device I should be able to do so. If I want to remove safari, give them a managed browser and create a blacklist of websites they can’t visit I should be able to do that.

This is not possible outside of installing an MDM profile. There needs to be an MDM equivalent for parents and it sounds like Apple is trying to restrict those choices.
Because the MDM profile has a downside for apple that is worse than the upside. With an mdm profile any app (even predator apps) can be installed on the iphone. So yeah, Apple is definitely, for the safety of the children, restricting choices.
 
Last edited by a moderator:
Interesting that of the hundreds of millions of iOS users around the world, Phil replies to just one email and that person happens to be a Mac Rumors member just itching to spread the word to the editors.

If this mysterious person happened to be a non active member of any blog site, Phil's uncommonly detailed response would only be read by one person.

But that wasn't the intent.
The intent is to provide this information to a fake random emailer so as to not have to reply to any official source.

This news will be on every Apple news website shortly. Funny how that works.

Hi! I’m the person who emailed Tim Cook and received the response from Phil. I’ve emailed Apple a few times over the years and have never received a response until yesterday. I’m not sure why Phil gave me such a detailed reply. But I also wouldn’t be surprised if it was more or less a form email that Apple was sending to everyone who submitted their concerns over the NYT article. He just happened to reply to an Apple geek who reads MacRumors and I thought others would appreciate his response. It added context for me and hopefully will for others too. :)
 
  • Like
Reactions: I7guy
This seems like an convenient excuse by Apple to limit competition. So let me understand this; apple believes MDM is appropriate for corporations to control phones they own but provides too much access and control for parents over their children's phone. Nonsense! Parents should have unfettered access to control their children's phones however they like, including taking them away altogether if they deem it appropriate. This is just a BS excuse by Apple.
So you’re saying mobile device management should be used for consumer apps?
 
I’m out of my element here but in the age of BYOD it’s happening, is it not?

I'm sure used in the context they did, they meant it was not appropriate to be used in the way in which these apps used it. MDM when used in a corporate BYOD or enterprise device sense is very much appropriate.
 
  • Like
Reactions: Gutwrench
I'm sure used in the context they did, they meant it was not appropriate to be used in the way in which these apps used it. MDM when used in a corporate BYOD or enterprise device sense is very much appropriate.

Thank you. So Apple is allowing MDM in commercial apps already right? (I’m not arguing, I’m asking a legit question because I don’t understand.) If so, why can’t it be appropriate in a home setting just as it is in a company BYOD setting?
 
  • Like
Reactions: Garsun
Good job, Apple. I knew the article was poorly written and slanted to paint an inaccurate picture of, and actions from Apple.

Good on government monitoring/spying on us to make sure our safety is in checked. You know, government should able to send a agent to every single household and monitor everyone’s movement just to make sure we will not suffer any terrorist attack.

Apple can say whatever they want to say, doesn’t mean it it is true. If Apple really cares about anything, they should prevent these app in the App Store in first place, not after Apple has similar features build in iOS, then ban them. Apple has monopolistic control over their App Store, you will never know what motive Apple has.
 
OTOH, parents are using these apps because Apple has yet to provide a mechanism for monitoring and managing usage by kids. I agree and support Apple pulling 3rd party, unregulated MDM solutions. Now... Apple... how about YOU provide a solution to this very real problem scenario!
Absolutely. I use screen time for my kid and it doesn’t work at all. Apple needs to do better. And also these MDM solutions should not be permitted. Maybe give Mac owners an easy mdm adnjnistration tool we can manage ourselves :)
 
MDM can be very dangerous in the wrong hands. Lots of ability to spy on someone by the company, who many abide far less data as is.

Not a great implementation to trust for family/kids letting some company having device access.

Social Network is very dangerous in the wrong hand, lots of ability to spy or plotting terrorist attract. We should never use social network that is not monitored by government. You know our safety is very important, far more important than anything else. Let the big brother handle everything, oh and Apple too.
 
I get why Apple would be concerned. However, the reason these apps came into being is because Apple's parental controls are so lacking. Apple ought to come up with a way to do the same things without the MDM profile, or their built in controls (Screen Time, Content Restrictions) should be more robust and granular. Screen Time is a joke for really managing a kid's device.
 
Awful sensationalism journalism from NYT and anyone who picked the story.

But clicks sell, who cares about the facts. Shameful.

The whole idea that Apple would block these apps to favour their own Screen Time makes no sense to begin with:

Screen Time is FREE. Apple isn’t making any money out of it.

These third party apps were NOT free and by removing them Apple is losing money. No AppStore 15-30% cut anymore.

Apple has historic trend of removing app that duplicate function of iOS and Apple has total control over App Store. These two adds up and suddenly everything Apple does are suspicious.
[doublepost=1556478202][/doublepost]
Almost any app in the store can be abused and or violate Apple policy. The issue is abuse. Apple stated the various removals had nothing to do with competition.

If you don't believe Apple's statement, you might as well sell all your Apple products and move to a different brand, because there really is no logical point in staying with a company you believe lies to you and seeks to tear down other businesses just because it makes money with similar apps.

So, you can only use Apple devices if you totally and blindly trust Apple? Wow...
 
  • Like
Reactions: ipponrg and apolloa
Thank you. So Apple is allowing MDM in commercial apps already right? (I’m not arguing, I’m asking a legit question because I don’t understand.) If so, why can’t it be appropriate in a home setting just as it is in a company BYOD setting?
Apple allows companies to run their own private apps which use MDM certs, those apps aren't obtainable straight from the app store. One example is the enterprise phones used by the military for encryption purposes.

I hope I explain this right. In an enterprise setting, the company controls how the data is handled/monitored and not some outside organization, it's a vulnerability that is controlled and used to enforce policies on devices utilizing the company network. These app companies used the app store to distribute software that placed vulnerabilities on other devices (parent phone issuing MDM cert to child phone) in a non-enterprise setting, thereby becoming capable of harvesting data from the child's phone. MDM's have different extents to which they can be employed, I don't know the full extent of the individual apps, but it's never a good idea to install an MDM on a device unless you know the exact scope of what you're giving up.
 
  • Like
Reactions: Gutwrench
Yes it is great that Apple is focussing on protecting the privacy and security of the platform, but this is still a bit odd.

The only way for app developers to limit functionality on iOS devices is MDM. Apple allows it and approves the apps for the App Store. Apple introduces screen time and now blocks these apps without introducing an API for developers to replace MDM.
 
Apple has historic trend of removing app that duplicate function of iOS and Apple has total control over App Store. These two adds up and suddenly everything Apple does are suspicious.
[doublepost=1556478202][/doublepost]

So, you can only use Apple devices if you totally and blindly trust Apple? Wow...
My post didn't state or infer any such thing. Read what I said and not what you want to project with personal bias. Your interpretation is certainly "Wow" indeed.
 
If Apple provided tools to monitor children/spouses/au pairs/ect., there wouldn’t be a need for these MDM enabled apps.

ScreenTime isn’t enough and (as an example) doesn’t have the capability to track iMessages.

If Apple doesn’t want to provide basic features, then Apple needs to allow developers the opportunity to fill the gap and approve these Apps.
 
what's the game pictured?
AG Drive but don't bother it hasn't had an update in 2 years
[doublepost=1556480441][/doublepost]The game on this iPad is AG Drive used to love it but they have quit so no update in 2 years so doesn't run well on new hardware
 
Apple allows companies to run their own private apps which use MDM certs, those apps aren't obtainable straight from the app store. One example is the enterprise phones used by the military for encryption purposes.

I hope I explain this right. In an enterprise setting, the company controls how the data is handled/monitored and not some outside organization, it's a vulnerability that is controlled and used to enforce policies on devices utilizing the company network. These app companies used the app store to distribute software that placed vulnerabilities on other devices (parent phone issuing MDM cert to child phone) in a non-enterprise setting, thereby becoming capable of harvesting data from the child's phone. MDM's have different extents to which they can be employed, I don't know the full extent of the individual apps, but it's never a good idea to install an MDM on a device unless you know the exact scope of what you're giving up.

Thank you! I sent you a pm. I hope you don’t mind.
 
If Apple provided tools to monitor children/spouses/au pairs/ect., there wouldn’t be a need for these MDM enabled apps.

ScreenTime isn’t enough and (as an example) doesn’t have the capability to track iMessages.

If Apple doesn’t want to provide basic features, then Apple needs to allow developers the opportunity to fill the gap and approve these Apps.

They actually don’t “need” to. I wish they would. But if they think the downsides to privacy outweigh the benefits, then they are entitled to make that choice and you are entitled to use a different ecosystem where they have made different choices.
 
Last edited by a moderator:
Nothing wrong with that. Let market forces prevail. The devs will soon find out just how many people think their app is worth $400/month. Kind of cute of them to try. Got to admire the ba££$. At least they’re not maybe spying on kids.

They weren't seeing if people thought their app was worth $400/month; they were gaming the subscription process to see how many people could accidentally be charged $400.
[doublepost=1556482602][/doublepost]
MDM should only ever be used on a phone owned by your company. It should never be used on your own phone. It might be a nice feature if a phone used for private and company use could have a switch that 100 percent separates both.

Thats how it works on Android; there are positive and negative aspects to that. They can 'remote wipe' just the company apps, and have very limited powers over the whole phone (things like requiring you to have a passcode set to keep the corporate profile). In terms of privacy, there's a wall between personal and business data. But, you wind up having two of every app - so for example, only the company version of google maps is able to easily bring up the address that meeting you are going to is at. Or only the corporate phone dialer ties into your business contacts.

iOS does such sandboxing per account for things like mail, and per app for third party stuff. But things like networking and VPN policy apply to the whole device, not just the work profile. Remote wipe also applies to the whole device.
[doublepost=1556483413][/doublepost]
OK ... wait. So it's OK for Apple to use this technology, and collect far more data from every user, but not other companies? That's the definition of anti-competitive behavior (masked in faux altruism). I don't think it will fly with EU authorities. It's amazing how easily it is for Apple to dupe their fan boys and girls.

The big difference is that Apple can handle collection and decisions of this data on device, and share data (encrypted) only between members of that plan.

A VPN solution gives a remote third party the ability to read and modify nearly all web and app traffic from the (child's) device.
[doublepost=1556484474][/doublepost]
My families right to privacy is of paramount importance and should never be infringed. This means strong encryption and no government back doors.
That said, my children are my responsibility and do not have a right to privacy from my wife and I. Their data is our data and we (my wife and I) should be allowed to investigate any part of it. I see no reason why my family plan should not have the same capabilities as any company or enterprise. If I purchased the phone and the data plan for my children I should have right to those phones data.
Now it gets a bit more awkward when it comes to my wife’s phone....

There are still ways to do this with static profile documents rather than MDM, installed and managed through the browser rather than through the app store.

That said, eavesdropping on your wife/husband or children are things that have different moral (and criminal) perceptions in different localities, state-to-state and country-to-country. I'm not surprised Apple would take a stance that it is not allowed in the store.
[doublepost=1556484952][/doublepost]
But don't sit here and pretend like Apple isn't collecting the very same data. I have no reason to think that Apple is using user data for nefarious purposes ... but if they could make money off it, you are fooling yourself if you think they wouldn't.

Right now, Apple's stance is that they can make far more money siding with the user on privacy than they could make by selling user data. Individual user data is actually not worth much compared to hardware sales.

To that end, they have several processes which make it Hard (as in, mathematically infeasible) to correlate user information shared with Apple. My understanding is that every bit of new data that an Apple engineer thinks they might want to start acquiring and using (such as say internal vs external keyboard utilization or average typing speed/volume over time on MacBook pros) requires both extensive legal review and user notification.
 
It sure would be nice if Schiller would explain to the public precisely why the Perf of the 2018 iPhone XR is so Low relative to the Perf of the 2016 iPhone 7+ !

Is it due to Bugs, OR is it intentional ???
 
This is not possible outside of installing an MDM profile. There needs to be an MDM equivalent for parents and it sounds like Apple is trying to restrict those choices.

There is nothing preventing these companies from having a MDM equivalent outside the App Store.

And I think Apple is working toward more sophisticated functions being built into the OS. It's difficult though - there are a lot of different philosophies on how to raise children, and a lot of pushback for coming out and actually saying certain ones are 'wrong'.

For example, some parents would prefer to be notified if their children went to certain sites or used certain apps rather than them being blacklisted - even if they specifically told their kids not to go to those sites. Some parents would like to lock the device completely down when they aren't present.
[doublepost=1556488320][/doublepost]
Thank you. So Apple is allowing MDM in commercial apps already right? (I’m not arguing, I’m asking a legit question because I don’t understand.) If so, why can’t it be appropriate in a home setting just as it is in a company BYOD setting?

Not that I know of - there are apps that are used by a MDM product, but management is always via an external service. You don't need an app to install an MDM profile. Only certain kinds of profiles (like enterprise profiles) can install their own apps outside of Apple review, but you don't need an app to set up a VPN (unless its a custom VPN protocol).

In fact, you can do it with static profiles, which aren't even necessarily signed.

The big difference is informed consent and liability. An operational director at a company pushing for EMM is assumed to have a responsibility for understanding the ramifications of their policy, and the risk if say their systems get hacked. The company suffers the ramifications if they are found to abuse laws, etc, so they are apt to also inform the employees of what the profile does. If not, they have the liability.

A parent doesn't have informed consent - they understand the advertised product features, but not the consequences of the implementation (that their children's traffic is being broadcasted to a third party over the internet who can monitor/alter/log/monetize it, and may not have proper security practices).

Not to mention that these products (like eavesdropping products for suspicious spouses) are meant to be installed on someone else's device without necessarily getting their knowledge or consent, and even to be hidden behind a fake app icon or the like.

In some cases, Apple pushes for features to require a demonstration of intelligent consent before letting them be configured - for instance, the dance needed to turn on/off SEP requires rebooting and running console operations. Consenting to run unsigned or badly signed Mac apps is way lower - it requires a right click. Installing a MDM profile requires loading it in one of three ways (Safari browser, Mail, or via the Apple Configurator Mac app), clicking through to indicate you understand the features, and I believe relatively recently they require you to navigate to settings to enable the profile.

Apple is restricted in their ability to move quickly here, but I suspect they will partially fix this through requiring certificate transparency (which is added in the latest OS release but the MDM can turn it off). This should allow them to prevent a profile from making its own certificates to see or compromise TLS-protected traffic.
 
  • Like
Reactions: Arran and Gutwrench
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.