Yesterday, it came to light that Facebook had distributed an app via Apple’s developer enterprise program that paid users—including teenagers—$20 per month to essentially give up their data. According to Recode, Apple’s now revoking the certificates used to distribute the app:
Apple’s response, via a PR rep this morning: “We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”
The reason that Facebook used the enterprise certificate was because it’s an end-run around the App Store policies, which prohibit this. In fact, the app in question appears to be a superficially retuned version of the Onavo VPN app that Facebook was distributing on the store last August.
In almost any other circumstance, this is a violation that would probably lead to all of a developer’s apps getting pulled, but, well, this is Facebook. Not that Apple is afraid to pull large developers’ apps from their store (cf. the Tumblr incident of last fall). But Facebook, Instagram, and WhatsApp are so ubiquitous that the blowback from users who don’t understand why they can’t find or access those apps would likely be more trouble than it’s worth for Apple.
Update: Apple has apparently revoked all of Facebook’s enterprise certificates, including the ones it uses to distribute apps to its employees internally, creating a significant amount of havoc for the company. (Thanks to Joe Rosensteel.)