I think this highlights the conflict between owner and a user. For Corporations with employees there is a clean distinctions. For kids it’s a lot more difficult decision. Apple in its zeal to maintain the woke privacy friendly image (everywhere except China) made calculated decision that risk of these apps getting used in Intimate Partner Surveillance leading to negative PR is more than parents being unable to protect their kids from drugs and grooming. We will soon see how it plays out. My guess the the timer will turn red as it does when recording screen to alert user of MDM.
FTA: "The controversy follows comments last week by chief executive Tim Cook, who said that Apple wanted to see customers spend less time on their devices."
Apple doesn't make money from you spending all day on your phone. They would be fine if everybody would buy a phone, maybe a couple of apps, and set aside until there was a need.
You are mistaking them for Facebook or any of the other engagement-driven, ad-selling companies.
But you use the service, just not 24/7 or to the maximum capacity. And you might subscribe because it gives you other benefits.
E.g. I have an Office 365 subscription. I haven't used Office in forever, but it comes with 5Tb of OneDrive space (family account), so I keep the subscription to store my photos. However, I've filled less than 100Gb so far and I'm sure my family has even less than that. Same thing with Prime, some months I buy a few things things, others nothing at all. But I know that every package arrives the next day, so I keep the subscription.
TV content is a bit special in this regard, true. However... If you keep binge watching, how long until you have nothing else to watch? Would you not cancel your service, then? The service is then _forced_ to keep delivering new quality content at the same speed that you watch it. Maybe Apple doesn't want to play that game.
Apple most certainly makes money off of ads. It isn’t a major profit center but according to the following article it is on track to rake in $2B by next year. Also they make a nice cut of sales via app purchases an in-app purchases. They. Definitely want you using your device as regularly as possible to capitalize on that revenue opportunity. Their stance on privacy and security is a marketing angle capitalizing on the fear currently out there as a result of people awakening to how much of the web is monetized (I.e. with ads).
Again, nobody spends all day searching the App store. Apple's business model is not driven by your engagement. They make vastly more money when you make discreet choices, like buying a device, purchasing a subscription, etc.
Search ads in the Apple store that the third party apps couldn’t block any way. Yes they could block users from the App Store but that’s been part of parental controls in iOS for years.
Less time on your phone could equal less app purchases, less revenue for app developers, less loyalty to the eco-system. If everyone truly cut screen time down just 10% less a week, Apple would feel it through the app developers pain.
I find the decision of the scorned developers to file with the European Union’s competition office amusing considering the Union's incredibly strong stance on individual data privacy.
iPhones contain so much personal data on-device that Apple is absolutely responsible for protecting that data from illegitimate access. Using MDM which is clearly intended for enterprise management is an illegitimate use-case. Period.
The argument that their ability to use MDM APIs in the past and earn revenue due to a gap in Apple's vigilance dictates that they should be able to continue unimpeded is a logical fallacy.
Apple is under no obligation to offer unfettered API access to these companies just because they were filling a market need that Apple didn't want to pursue. You can tell if Apple wasn't under a market demand obligation to offer MDM to enterprises, they would cut that too.
One of the value props of the iPhone and the iOS ecosystem is that Apple exerts this level of control and editorializing on the platform. The result of which is easily seen when comparing the quantity of data mining apps on Android vs iOS.
I'm sure if I was one of these scorned developers, I would feel abused even victimized by Apple. Unfortunately that is a biased perspective. Apple is doing the right thing for consumers and end-users by blocking these apps.
The reporting on this was atrocious and seems to be a result of the recent competitive chatter about sandboxed computing platforms like iOS. Broader discussions around anti-competitive behavior on these platforms are needed, but this wasn't the poster-child.
And the thing is Apple is not banning parents from buying something like AirWatch - a legitimate MDM software/service ($4.95 per device per month) - where the parents are in complete control of the profiles installed on their kids devices.
What are the differences between the legitimate apps and the others?
Is the difference publicized by Apple somewhere?
Granting access to sensitive data via an app, under stringent but fair conditions, would be a compromise. For example, implementing a controlled device mode, where the "spy" data is on-device only, and spy mode is clearly notified in the status bar, or what-have-you, so the person being monitored knows the rules at all times they are on device.
There is nothing stopping you from using AirWatch for personal use. It’s a per device service. The difference is that you as the end user controls the maintenance of the profiles and control over the data being sent.
From the press release “No one, except you, should have unrestricted access to manage your child’s device.”.
If you honestly believe that users make informed decisions when they click through a EULA, I’ve got a bridge to sell you. Maybe if these companies presented the privacy trade offs in a user-understandable way - but that would interfere with their popularity/monetization.
Make the UI more clear then a regular EULA, like when you want to allow a webpage or application your microphone or camera you get a clear warning, do you also consider that it will be fine Apple not allowing you to use the webcam on third party applications because users are naive.
Whatever Europe's crazy data privacy laws, it's ridiculous they'd apply to the case of a parent keeping track of their kids. The kid's right to wander into crazy elsagate videos and have covert online conversations with predators unsupervised is more important than the parent's right to protect their kid, and Apple is justified in ripping the monitoring capability out of parents' hands? Is that what you're saying?
Hopefully the parents either switch to Android if such a thing is still possible on Android or just get them flip phones with no data plan intended only for emergency calls. Where they can get a list of sent/received calls at the end of the month from the cellphone company at least, I assume.
On an ethical argument (not a what-does-the-law-say-now argument), it seems defensible for kids (over a certain age, perhaps) to have reliable channels that their parents can't monitor. It's how you realize your family is abusive and get help when they are (the same arguments apply to people in abusive romantic relationships having their own digital root-of-trust that their partner doesn't have access to). It's how you find out that other people are queer too and it's not just you when your parents won't tell you anything.
Your argument also has merit, and I don't know where the balance is, but I don't think it's entirely one or the other.
Over a certain age, yes, probably starting at high school. Sex ed and history classes should go over LGBT stuff and teachers/guidance counselors are supposed to be avenues for getting help for abuse, not that these two things work out right all the time in practice.
Please be careful to separate the principle from the implementation. What the app developers had done was unquestionably against the developer terms. They would have known it was wrong. And Apple was right to stop them.
These apps were dodgy. They effectively became a new and incredibly convenient vector for an app developer to spy on children. It's disgusting that people defend them.
No what they're saying is that if you want to monitor your child mobile usage, handing over full access of their phone to a 3rd party developer isn't the way to go about it.
Its not about parental access. Its about third party access. Unfortunately, allowing parental access means that the device is vulnerable to malicious actors also gaining access.
This is not about Europe data privacy laws. It's about businesses misusing APIs in a way not intended by Apple.
MDMs are meant to allow a business to manage its devices through a third-party provider. They are NOT meant for personal usage, as they are privacy and security issues (who do you turn to when your device is bricked by your MDM?).
This is not the first time Apple is shutting down businesses misuing its APIs, and it won't Apple.
Should Apple provide parental control APIs? That's a separate issue. They currently don't have enough, and user who wants more can indeed switch to Android.
You realize these apps give strangers the ability to monitor your child’s phone? The company is running an MDM server and has unfettered access to the phone via the MDM APIs. They may choose to offer parents a subset of that access in their Ui for the purposes you present above, but the fact remains they basically fully control your full consumer device.
Do you think that is an appropriate level of access to grant?
Parents don’t need to switch to Android, they have tools built into iOS that offer the features they need without essentially giving away the device to a third party company.
> The kid's right to wander into crazy elsagate videos and have covert online conversations with predators unsupervised is more important than the parent's right to protect their kid, and Apple is justified in ripping the monitoring capability out of parents' hands? Is that what you're saying?
No one is saying that. Just like privacy laws don’t exist to protect encrypted hard drives full of pedophilia. The right to privacy does NOT enable or endorse deviancy or illicit behavior! At all! Privacy is a human right, not an adult right.
Kids do deserve to have an assumption that when they are texting with their friends that their parents aren’t watching them. Especially teenagers. What about the young boy in a conservative Christian family who is struggling with his sexual identity? What about the young girl who is trying to learn how to report her abusive family members? These are the reasons why children’s privacy are important. Young people need their own secure places to express themselves and form an identity — that doesn’t happen, thankfully, under parental supervision.
That said, of course it’s a parent’s job to protect their children. But spying on a personal device like a cell phone is oppressive and paranoid.
I went over abuse reporting/sexual identity in another comment, but to your point about right to privacy, I don't think there's a reasonable absolute right to privacy as a kid, at least not before maybe high school or late middle school. This doesn't mean no alone time with friends, but at least at elementary school age, internet should be monitored, and phone location tracking is certainly reasonable before high school.
it's ridiculous they'd apply to the case of a parent keeping track of their kids. The kid's right to wander into crazy elsagate videos and have covert online conversations with predators unsupervised is more important than the parent's right to protect their kid, and Apple is justified in ripping the monitoring capability out of parents' hands? Is that what you're saying?
You mean the same app that allows a random third party company to record and track everything that your child does on his phone?
Yes and switching to ^Android* that has built in Google surveillance that tracks every time you open an app and also has a horrible security record is really a better alternative.
> I find the decision of the scorned developers to file with the European Union’s competition office amusing... Apple is under no obligation to offer unfettered API access to these companies just because they were filling a market need that Apple didn't want to pursue.
The crux of the complaint is that Apple is pursuing this market need with Screentime introduced at the same time Apple started banning these competitor apps from developers
Yes, that's the complaint, but it's not a convincing one. Apple doesn't make money from Screen Time; it's a default part of iOS, with no subscription fees, and everyone with a compatible device gets iOS upgrades themselves for free (and Apple's been really good about compatibility in the last few releases). Apple saying "We wish that third parties were not abusing MDM to provide this feature, but we recognize the feature is important, so we'll just implement it ourselves and only kill the third-party apps once our thing works" is an entirely coherent thought process. It is exactly what Apple would do if the are genuinely motivated by user privacy/security and genuinely not motivated by trying to be anti-competitive towards these apps.
Yes and you’re free to get a real MDM solution where you control the profile. The other half is the VPN software. If people are so concerned with their child’s well being, how are they comfortable installing third party VPN software that can record, track and use your data?
The issue is who controls the MDM profile. In the case of these apps it's the app developers instead of the parents.
So by using it, you're giving some complete strangers access to snoop on everything in your child's phone. Even if you trust the developer not to abuse that, you're trusting them to keep their own systems secure and to not hire an employee who might abuse it. We know how that worked out for the NSA where they had people using their surveillance programs to snoop on exes.
If you want to use MDM to manage your child's phone, the way to do that is with a service where you manage the MDM yourself like a company would do with their fleet of phones, not to hand the keys off to an untrusted third party.
Being a parent doesn't mean you own your child. Particularly by the time that they're teenagers. I can justify a great deal of authority over my four year old because she still doesn't quite have the capacity to avoid running into traffic.
Similar thing, I had a nest camera in my daughter's room when she was under 3. Now I've removed it, because she is old enough to have time to herself. I know one parent who demands to have a camera in their kids room and one of those kids is 14. That's beyond awful.
While the apps are atrocious. The apps from what I csn tell are just front ends for websites and services being offered. They don’t do anything on the phone itself that takes advantage of special permissions.
I don't support the way women are treated in SA, but I don't really see why Apple should get to be the global moral police. Those applications are presumably perfectly legal where they are used.
> but I don't really see why Apple should get to be the global moral police.
Apple already takes a moral stance on certain things. This isn't a debate. If they don't want to allow something on their App store, they will shut it down, even if it's 100% legal. These are the slipper slopes people have talked about for years. This is not new.
Apple has shown that if it doesn't want to support something, they won't. This means it's perfectly reasonable to hold them to account for things that are supported by their platform. This is why some platforms simply don't do any policing, or very limited.
Porn is also perfectly legal, yet you can't have a porn app on App Store. Since Apple decided to play moral arbiter, it's perfectly fine to judge them when they allow something like that on their platform.
Doesn't that violate the Apple store's terms of use in a completely different way (ie adds no functionality outside of what the user can do in the browser?)
I mentioned this once before, but there are reports of women escaping KSA by surreptitiously using their guardian’s phone, approving travel, and getting the heck out before the guardian figures out what is going on.
Their laws are their laws, and they suck. I’d rather have an app that at least allows some women to escape.
Why go right to Saudi Arabia? Are they going to do more about spousal spyware in the US and Europe? It's a popular product, and in many places in the US the law is as tolerant of spousal abuse as they are in SA. We see thousands of examples every year of domestic abusers in the US and UK getting slaps on the wrist for things that would have been assault charges without a marriage license in play.
I agree, SA's culture promotes a toxic repression of women. But before Apple goes world policing I'd like to see them take a domestic stand, because last time I checked spouse spyware apps are still in the store and aren't auto-banned. Please correct me if Apple took action since then.
> “Over the last year, we became aware that several of these parental control apps were using a highly invasive technology called Mobile Device Management, or MDM.
> “MDM gives a third-party control and access over a device and its most sensitive information, including user location, app use, email accounts, camera permissions, and browsing history.”
They make this sound like MDM is some scary third-party attack on their platform, neglecting to point out MDM is a system they designed. There's always been some schizophrenia from Apple around MDM (publicize new control features to admins in one release, add a big scary vague user-facing warning when that feature is actually used in the next release), but their general stance has consistently been that you, as a company, have a right to enforce whatever restrictions are available on devices used by your employees so long as you own them, and so long as you accept whatever user-disclosure features they decide to implement. Likewise, you have a right to enforce a more limited suite of controls on your employee's personal devices, so long as it's all opt-in.
I would presume any parent intending to enforce restrictions on a child's device also purchased that device. So Apple's stance here is really that parents should have less control over their children's devices than employers have over those of their employees? Or are they really talking about some exploit of the MDM framework? Because the way it's phrased here clearly seems to be framing MDM in general as a nefarious tool.
Apple’s pejorative comments about MDM make sense if you consider Apple thinks MDM an necessary evil that they must provide for their phones to be viable in the enterprise.
I think the prospect of MDM establishing itself as a necessary evil for consumer use-cases is such affront to their thoughts about individual data privacy rights that they would rather trash MDM than risk that possibility.
If you want to get a sense of how Apple thinks parental management of a device and enterprise management of a device in a corporate setting differ, all you need to do is compare the experiences and features. MDM is like a nuke compared to screentime and parental controls.
As a final note Apple refuses to even provide the management server portion of MDM, another clear signal that of their split feelings on the matter.
> They make this sound like MDM is some scary third-party attack on their platform, neglecting to point out MDM is a system they designed. There's always been some schizophrenia from Apple around MDM
Apple is a huge, gargantuan company, and it wouldn't surprise me that the implementation details around enterprise deployment probably didn't get far up the chain to the people who actually care about this stuff. Someone like Tim Cook might have spent five minutes talking about its existence in 2018.
> So Apple's stance here is really that parents should have less control over their children's devices than employers have over those of their employees?
No, Apple's stance here is that app developers should have less control over your child's device than employers have over those of their employees.
> the way it's phrased here clearly seems to be framing MDM in general as a nefarious tool.
MDM is a nefarious tool when incorrectly used. Its intended use is to allow big corporates to deploy nerfed and bugged phones to their minions.
Facebook and Google abused MDM a few months ago and the community cheered when Apple ripped these toys away from them. The same abuses are now discovered to be used to make creepy "child control" apps that place an app developer in control over your child'd entire phone. After all the shit went down against Facebook and Google, these app developers received fair warning that what they were doing was wrong.
> They make this sound like MDM is some scary third-party attack on their platform, neglecting to point out MDM is a system they designed. There's always been some schizophrenia from Apple around MDM (publicize new control features to admins in one release, add a big scary vague user-facing warning when that feature is actually used in the next release), but their general stance has consistently been that you, as a company, have a right to enforce whatever restrictions are available on devices used by your employees so long as you own them, and so long as you accept whatever user-disclosure features they decide to implement. Likewise, you have a right to enforce a more limited suite of controls on your employee's personal devices, so long as it's all opt-in.
Right, sure. I got a work device and the company owns it and I don't do my own personal stuff on it (and hopefully other folks follow suit). If the company screws up its security, those devices are utterly compromised. MDM, for all its good intention, is a comprehensive surveillance system for a phone. It is a little piece of the corporate panopticon on your pocket. That can actually be quite convenient, but I certainly think folks should keep the aspects of their lives separate.
It's a bit different with kids and parents though? MDM is a massive invasion of privacy and unlike in the work phone relationship, we'd expect a vulnerable young person's entire personal life to be embedded on the device. Also, children generally don't have the option to walk away from their parents and find new, less restrictive parents.
It is true, the parents own the device legally. They can take it away. That isn't necessarily a call for Apple to enable parents to run spyware run by third parties. Quite frankly, third parties no well-informed consumer should trust given their abysmal track records for privacy and security issues. The idea of Kaspersky running the intermediary rendezvous server for all of my child's private communications is pretty scary to me.
I appreciate the desire to keep kids safe, but coming from an abusive home I have to tell you that computers were my escape from physical and mental abuse and I am fairly sure I wouldn't be alive today if my parents could have closed a net as powerful as MDM around my life.
>So Apple's stance here is really that parents should have less control over their children's devices than employers have over those of their employees?
Someone please correct me if I'm wrong as I haven't used any of these apps, but I thought the point here is that it's not the parents running an MDM server. I mean, I personally have long made use of MDM and profiles on iOS devices for myself and family, it's super useful (and necessary for some things like using S/MIME certs in native Mail). But I've done it via actual MDM, myself (you can also do a lot via simple distributed one shot profiles made with the free Apple Configurator software). There is no 3rd party involved.
It sounds like here that it was 3rd party apps/services that were making use of MDM functionality. "On behalf of parents" sure, but there's still a fundamentally different relationship and set of expectations for loading an app via the general App Store vs specifically enrolling a device/loading a profile from an employer someone has contractual agreements with, or someone running an MDM server themselves on their own behalf. There isn't really any way around the fact that MDM offers enormous power over devices, much of which happens without any user interaction or much (if any) exposure via the GUI. That's much of the point of it after all. That power certainly offers avenues for abuse that are different in scope.
I'm sure many of the 3rd parties are trustworthy and hopefully at least trying their best in terms of not themselves being hacked by malicious actors, but I think Apple also has a genuine legitimate concern here. A real goal for iOS is that someone can browse through the App Store and install absolutely anything they see and think looks interesting based purely on descriptions/reviews and face a known, fairly minimal and easy to reason about threat profile. Of course it hasn't always been perfect, but it's been a lot better at this then the general free for all. If some of those apps make use of MDM powers outside of normal MDM usage that breaks those expectations, that's not made up.
FWIW I personally think Apple should be required to allow other stores and permanent device owner created master signing cert loading capability, even if only via offering a more expensive "developer" model of phone with that capability not fused off. But the security and privacy tradeoffs there are worthy of consideration and efforts to find the best balances, and even in those cases I'd still be fine with Apple having their own curated App Store that remained as strict as they wished.
If Apple really cared about developers, they should create a new set of features that allows developers to recreate the same functionality in their apps without having to use MDM tech, instead of banning them without listening to them...
> “When we found out about these guideline violations, we communicated these violations to the app developers, giving them 30 days to submit an updated app to avoid availability interruption in the App Store,” a spokesperson explained. “Several developers released updates to bring their apps in line with these policies. Those that didn’t were removed from the App Store.”
I can’t imagine growing up in a time like today where some parents think it’s their right to know every single thing you do on your devices. It probably would have stunted my growth as a person in many ways.
Apple's long-standing policy of rolling out a new feature then criminalizing whatever subsequently competes with them doesn't need defending. There's maybe even too much defending - broken keyboards, bent iPads, anti-competitive practices, and not enough honesty or ethics in that company.
69 comments
[ 4.6 ms ] story [ 150 ms ] threadTalk is cheap and sells well...
You are mistaking them for Facebook or any of the other engagement-driven, ad-selling companies.
In fact, the less you use them, the more profitable it is for them.
And viewing figures are going to have a big impact on future Apple tv content.
E.g. I have an Office 365 subscription. I haven't used Office in forever, but it comes with 5Tb of OneDrive space (family account), so I keep the subscription to store my photos. However, I've filled less than 100Gb so far and I'm sure my family has even less than that. Same thing with Prime, some months I buy a few things things, others nothing at all. But I know that every package arrives the next day, so I keep the subscription.
TV content is a bit special in this regard, true. However... If you keep binge watching, how long until you have nothing else to watch? Would you not cancel your service, then? The service is then _forced_ to keep delivering new quality content at the same speed that you watch it. Maybe Apple doesn't want to play that game.
https://searchengineland.com/apple-search-ads-expected-to-ge...
Again, nobody spends all day searching the App store. Apple's business model is not driven by your engagement. They make vastly more money when you make discreet choices, like buying a device, purchasing a subscription, etc.
iPhones contain so much personal data on-device that Apple is absolutely responsible for protecting that data from illegitimate access. Using MDM which is clearly intended for enterprise management is an illegitimate use-case. Period.
The argument that their ability to use MDM APIs in the past and earn revenue due to a gap in Apple's vigilance dictates that they should be able to continue unimpeded is a logical fallacy.
Apple is under no obligation to offer unfettered API access to these companies just because they were filling a market need that Apple didn't want to pursue. You can tell if Apple wasn't under a market demand obligation to offer MDM to enterprises, they would cut that too.
One of the value props of the iPhone and the iOS ecosystem is that Apple exerts this level of control and editorializing on the platform. The result of which is easily seen when comparing the quantity of data mining apps on Android vs iOS.
I'm sure if I was one of these scorned developers, I would feel abused even victimized by Apple. Unfortunately that is a biased perspective. Apple is doing the right thing for consumers and end-users by blocking these apps.
The reporting on this was atrocious and seems to be a result of the recent competitive chatter about sandboxed computing platforms like iOS. Broader discussions around anti-competitive behavior on these platforms are needed, but this wasn't the poster-child.
What are the differences between the legitimate apps and the others?
Is the difference publicized by Apple somewhere?
Granting access to sensitive data via an app, under stringent but fair conditions, would be a compromise. For example, implementing a controlled device mode, where the "spy" data is on-device only, and spy mode is clearly notified in the status bar, or what-have-you, so the person being monitored knows the rules at all times they are on device.
From the press release “No one, except you, should have unrestricted access to manage your child’s device.”.
Edit: Is Apple offering similar applications? if yes are they using private APIs to implement the features?
Hopefully the parents either switch to Android if such a thing is still possible on Android or just get them flip phones with no data plan intended only for emergency calls. Where they can get a list of sent/received calls at the end of the month from the cellphone company at least, I assume.
Your argument also has merit, and I don't know where the balance is, but I don't think it's entirely one or the other.
These apps were dodgy. They effectively became a new and incredibly convenient vector for an app developer to spy on children. It's disgusting that people defend them.
MDMs are meant to allow a business to manage its devices through a third-party provider. They are NOT meant for personal usage, as they are privacy and security issues (who do you turn to when your device is bricked by your MDM?).
This is not the first time Apple is shutting down businesses misuing its APIs, and it won't Apple.
Should Apple provide parental control APIs? That's a separate issue. They currently don't have enough, and user who wants more can indeed switch to Android.
Do you think that is an appropriate level of access to grant?
Parents don’t need to switch to Android, they have tools built into iOS that offer the features they need without essentially giving away the device to a third party company.
No one is saying that. Just like privacy laws don’t exist to protect encrypted hard drives full of pedophilia. The right to privacy does NOT enable or endorse deviancy or illicit behavior! At all! Privacy is a human right, not an adult right.
Kids do deserve to have an assumption that when they are texting with their friends that their parents aren’t watching them. Especially teenagers. What about the young boy in a conservative Christian family who is struggling with his sexual identity? What about the young girl who is trying to learn how to report her abusive family members? These are the reasons why children’s privacy are important. Young people need their own secure places to express themselves and form an identity — that doesn’t happen, thankfully, under parental supervision.
That said, of course it’s a parent’s job to protect their children. But spying on a personal device like a cell phone is oppressive and paranoid.
The kids are safe, no need to think about them.
You mean the same app that allows a random third party company to record and track everything that your child does on his phone?
Yes and switching to ^Android* that has built in Google surveillance that tracks every time you open an app and also has a horrible security record is really a better alternative.
The crux of the complaint is that Apple is pursuing this market need with Screentime introduced at the same time Apple started banning these competitor apps from developers
So by using it, you're giving some complete strangers access to snoop on everything in your child's phone. Even if you trust the developer not to abuse that, you're trusting them to keep their own systems secure and to not hire an employee who might abuse it. We know how that worked out for the NSA where they had people using their surveillance programs to snoop on exes.
If you want to use MDM to manage your child's phone, the way to do that is with a service where you manage the MDM yourself like a company would do with their fleet of phones, not to hand the keys off to an untrusted third party.
Ah. That makes perfect sense and I'm changing my mind on this one. Apple did the right thing.
Similar thing, I had a nest camera in my daughter's room when she was under 3. Now I've removed it, because she is old enough to have time to herself. I know one parent who demands to have a camera in their kids room and one of those kids is 14. That's beyond awful.
Of course they should remove them too.
Research shows customers do care about a company's ethics / moral stance, so I don't see why Apple wouldn't want to do this.
Apple already takes a moral stance on certain things. This isn't a debate. If they don't want to allow something on their App store, they will shut it down, even if it's 100% legal. These are the slipper slopes people have talked about for years. This is not new.
Apple has shown that if it doesn't want to support something, they won't. This means it's perfectly reasonable to hold them to account for things that are supported by their platform. This is why some platforms simply don't do any policing, or very limited.
Their laws are their laws, and they suck. I’d rather have an app that at least allows some women to escape.
I agree, SA's culture promotes a toxic repression of women. But before Apple goes world policing I'd like to see them take a domestic stand, because last time I checked spouse spyware apps are still in the store and aren't auto-banned. Please correct me if Apple took action since then.
> “Over the last year, we became aware that several of these parental control apps were using a highly invasive technology called Mobile Device Management, or MDM.
> “MDM gives a third-party control and access over a device and its most sensitive information, including user location, app use, email accounts, camera permissions, and browsing history.”
They make this sound like MDM is some scary third-party attack on their platform, neglecting to point out MDM is a system they designed. There's always been some schizophrenia from Apple around MDM (publicize new control features to admins in one release, add a big scary vague user-facing warning when that feature is actually used in the next release), but their general stance has consistently been that you, as a company, have a right to enforce whatever restrictions are available on devices used by your employees so long as you own them, and so long as you accept whatever user-disclosure features they decide to implement. Likewise, you have a right to enforce a more limited suite of controls on your employee's personal devices, so long as it's all opt-in.
I would presume any parent intending to enforce restrictions on a child's device also purchased that device. So Apple's stance here is really that parents should have less control over their children's devices than employers have over those of their employees? Or are they really talking about some exploit of the MDM framework? Because the way it's phrased here clearly seems to be framing MDM in general as a nefarious tool.
I think the prospect of MDM establishing itself as a necessary evil for consumer use-cases is such affront to their thoughts about individual data privacy rights that they would rather trash MDM than risk that possibility.
If you want to get a sense of how Apple thinks parental management of a device and enterprise management of a device in a corporate setting differ, all you need to do is compare the experiences and features. MDM is like a nuke compared to screentime and parental controls.
As a final note Apple refuses to even provide the management server portion of MDM, another clear signal that of their split feelings on the matter.
Apple is a huge, gargantuan company, and it wouldn't surprise me that the implementation details around enterprise deployment probably didn't get far up the chain to the people who actually care about this stuff. Someone like Tim Cook might have spent five minutes talking about its existence in 2018.
> So Apple's stance here is really that parents should have less control over their children's devices than employers have over those of their employees?
No, Apple's stance here is that app developers should have less control over your child's device than employers have over those of their employees.
> the way it's phrased here clearly seems to be framing MDM in general as a nefarious tool.
MDM is a nefarious tool when incorrectly used. Its intended use is to allow big corporates to deploy nerfed and bugged phones to their minions.
Facebook and Google abused MDM a few months ago and the community cheered when Apple ripped these toys away from them. The same abuses are now discovered to be used to make creepy "child control" apps that place an app developer in control over your child'd entire phone. After all the shit went down against Facebook and Google, these app developers received fair warning that what they were doing was wrong.
Right, sure. I got a work device and the company owns it and I don't do my own personal stuff on it (and hopefully other folks follow suit). If the company screws up its security, those devices are utterly compromised. MDM, for all its good intention, is a comprehensive surveillance system for a phone. It is a little piece of the corporate panopticon on your pocket. That can actually be quite convenient, but I certainly think folks should keep the aspects of their lives separate.
It's a bit different with kids and parents though? MDM is a massive invasion of privacy and unlike in the work phone relationship, we'd expect a vulnerable young person's entire personal life to be embedded on the device. Also, children generally don't have the option to walk away from their parents and find new, less restrictive parents.
It is true, the parents own the device legally. They can take it away. That isn't necessarily a call for Apple to enable parents to run spyware run by third parties. Quite frankly, third parties no well-informed consumer should trust given their abysmal track records for privacy and security issues. The idea of Kaspersky running the intermediary rendezvous server for all of my child's private communications is pretty scary to me.
I appreciate the desire to keep kids safe, but coming from an abusive home I have to tell you that computers were my escape from physical and mental abuse and I am fairly sure I wouldn't be alive today if my parents could have closed a net as powerful as MDM around my life.
Someone please correct me if I'm wrong as I haven't used any of these apps, but I thought the point here is that it's not the parents running an MDM server. I mean, I personally have long made use of MDM and profiles on iOS devices for myself and family, it's super useful (and necessary for some things like using S/MIME certs in native Mail). But I've done it via actual MDM, myself (you can also do a lot via simple distributed one shot profiles made with the free Apple Configurator software). There is no 3rd party involved.
It sounds like here that it was 3rd party apps/services that were making use of MDM functionality. "On behalf of parents" sure, but there's still a fundamentally different relationship and set of expectations for loading an app via the general App Store vs specifically enrolling a device/loading a profile from an employer someone has contractual agreements with, or someone running an MDM server themselves on their own behalf. There isn't really any way around the fact that MDM offers enormous power over devices, much of which happens without any user interaction or much (if any) exposure via the GUI. That's much of the point of it after all. That power certainly offers avenues for abuse that are different in scope.
I'm sure many of the 3rd parties are trustworthy and hopefully at least trying their best in terms of not themselves being hacked by malicious actors, but I think Apple also has a genuine legitimate concern here. A real goal for iOS is that someone can browse through the App Store and install absolutely anything they see and think looks interesting based purely on descriptions/reviews and face a known, fairly minimal and easy to reason about threat profile. Of course it hasn't always been perfect, but it's been a lot better at this then the general free for all. If some of those apps make use of MDM powers outside of normal MDM usage that breaks those expectations, that's not made up.
FWIW I personally think Apple should be required to allow other stores and permanent device owner created master signing cert loading capability, even if only via offering a more expensive "developer" model of phone with that capability not fused off. But the security and privacy tradeoffs there are worthy of consideration and efforts to find the best balances, and even in those cases I'd still be fine with Apple having their own curated App Store that remained as strict as they wished.
> “When we found out about these guideline violations, we communicated these violations to the app developers, giving them 30 days to submit an updated app to avoid availability interruption in the App Store,” a spokesperson explained. “Several developers released updates to bring their apps in line with these policies. Those that didn’t were removed from the App Store.”
I'm in education and the iOS schools we deal with use different MDM solutions, and certainly not Apple's MDM software.