Monday, April 29, 2019

Apple Cracks Down on Screen Time Apps That Use MDM

Jack Nicas (Hacker News):

Over the past year, Apple has removed or restricted at least 11 of the 17 most downloaded screen-time and parental-control apps, according to an analysis by The New York Times and Sensor Tower, an app-data firm. Apple has also clamped down on a number of lesser-known apps.

In some cases, Apple forced companies to remove features that allowed parents to control their children’s devices or that blocked children’s access to certain apps and adult content. In other cases, it simply pulled the apps from its App Store.

[…]

“We treat all apps the same, including those that compete with our own services,” said Tammy Levine, an Apple spokeswoman. “Our incentive is to have a vibrant app ecosystem that provides consumers access to as many quality apps as possible.” She said the timing of Apple’s moves were not related to its debut of similar tools.

[…]

Apple told the companies that their apps violated App Store rules, like enabling one iPhone to control another, although it had allowed such practices for years and had approved hundreds of versions of their apps.

Apple allows corporations to use such software to control employees’ phones. But last year, the company stopped apps from using the software to enable parents to control their children’s devices.

[…]

The app makers said they were most frustrated by the process of meeting Apple’s sudden demands. In many cases, Apple alerted them that their apps would be removed — and their businesses crippled — via a short note, according to correspondence viewed by The Times.

When app makers asked for more information, responses were often perfunctory and slow in coming.

The article doesn’t do a very good job of presenting Apple’s point of view.

miki123211:

So, let’s get the facts straight here:

1. The apps used MDM profiles, intended for control of employee’s smartphones and/or vpns to filter access to apps.

2. Those approaches gave the app makers enormous control over the devices. If they used vpns, all internet traffic from the device could be intercepted. If they used MDM profiles, they had deep access to all the device’s settings. It was a huge privacy risk.

3. This was clearly against Apple’s policies. APIs were used for the purpose they were not intended for. That was what Facebooks’s certificates were revoked for. They should’ve feared removal since the day they wrote their first line of code.

4. I guess that Apple understood the need for parental control apps and allowed them, with the privacy risks, as there was no other way to get parental control at the time.

5. Apple knew how important iPhone addiction has become and developed their own, privacy respecting solution, screen Time.

6. The need for parental control has now been filled and the privacy risks of those apps now outweigh the benefits. Apple made the decision to remove.

Eric Slivka:

The report quotes several developers who had their apps removed, including one who says the removal came “out of the blue with no warning.” Apple is facing several complaints related to the moves, with a pair of developers filing with the European Union’s competition office and Russian cybersecurity firm Kaspersky Lab filing an antitrust complaint in that country.

Apple (via Phil Schiller):

Over the last year, we became aware that several of these parental control apps were using a highly invasive technology called Mobile Device Management, or MDM. MDM gives a third party control and access over a device and its most sensitive information including user location, app use, email accounts, camera permissions, and browsing history. We started exploring this use of MDM by non-enterprise developers back in early 2017 and updated our guidelines based on that work in mid-2017.

MDM does have legitimate uses. Businesses will sometimes install MDM on enterprise devices to keep better control over proprietary data and hardware. But it is incredibly risky—and a clear violation of App Store policies—for a private, consumer-focused app business to install MDM control over a customer’s device.

[…]

When we found out about these guideline violations, we communicated these violations to the app developers, giving them 30 days to submit an updated app to avoid availability interruption in the App Store. Several developers released updates to bring their apps in line with these policies. Those that didn’t were removed from the App Store.

I think Apple’s heart is in the right place, but I don’t like the way they’ve handled this.

It’s hard to believe that Apple only recently figured out that these very popular apps had been using MDM for years or that MDM was potentially dangerous. Their spin is basically that App Review was asleep at the switch—which I guess sounds better than that they just decided to change the rules and pull the rug out from underneath these developers and users.

The framing is that the developers are choosing not to bring their apps into compliance, but it sounds like it’s not possible for them to do so—hence the quotes in The Times about Apple being unwilling to provide specific guidance.

There’s no evidence presented that any of these developers abused the power of MDM. I’m sure they would prefer to have a more tailored API, but there isn’t one. In the meantime, they seem to have provided useful features that customers liked and that are not available in Apple’s first-party solution.

John Gordon:

This is a complicated area I know well. Overall Apple is wrong and abusive. OTOH these apps all failed my testing. OTOH Apple’s solution has huge unfixed bugs ...

Colin Cornaby:

The point about MDM is fair, but the lack of an alternative to MDM for these use cases is problematic.

John Gordon:

In my testing, for a user with two iOS devices, Apple’s remote control “Content & Privacy Restrictions” only work for one of a user’s devices. The other is not affected …

… I don’t think anyone else on earth has actually tried using Apple’s Screen Time… It’s as broken as their keyboards.

… interestingly looking at Screen Time on either the controlling or controlled device shows that account cannot be changed … but it can be changed (not grayed out)

Nick Heer:

App Review should, at the very least, prevent rule breakers from getting into the App Store in the first place. They failed to do that by allowing high-profile parental control apps into the store that cannot work without violating their rules. But they should at least be very clear about the circumstances of rule violation, particularly when an app has already been approved.

It’s also clear that there is a demand for these apps. I think it would be great if there were APIs for Screen Time data, perhaps tied into HealthKit.

Benjamin Mayo:

The timing of Apple discovering the MDM abuse does line up almost too conveniently with the launch of Apple’s own Screen Time features in iOS 12, but realistically Apple has no real incentives to push Screen Time over third-party offerings.

However, there is a nuance to Schiller’s words. He welcomes developers to continue making parental control apps that are not based on MDM profiles. The problem is, making such a service results in a significantly limited user-experience. The iOS app sandbox prevents a normal app from gathering phone-wide data like which apps were opened and for how long, or support ‘downtime’ behaviours like blocking an app from working after a timeout.

Schiller names an app called Moment – Balance Screen Time as an example of a great app for parents. This app relies on user’s manually screenshotting their Battery screen every day to upload to the Moment app, which uses optical character recognition to read the rows of most used apps. It’s a big hack and nowhere near as seamless as the always-running-in-the-background, official, Screen Time.

Tony Fadell:

Apple’s Screen Time still has many holes & deficiencies. Their v1.0 solution was a rush job & it’s very non-intuitive to use. Apple should be building true APIs for Screen Time so the “privacy” concerns are taken into account instead of limiting users App Store choices.

[…]

Apple until you have a real API, let the 3rd party apps be available to App stores users. Those devs are trying to help, not steal data. The only reason they have to do what they do is because you don’t provide a proper API.

John Gordon:

I’m so glad you wrote this. I felt like only user. We need API to build solutions for special use cases. Great need for cognitive disability users who age out of “traditional parental controls”. OTOH, no 3rd party solution actually works. I tried them.

Will Strafach:

Apple seems to now be very serious about apps capable of access to certain data. we had to fight tooth and nail to get approval for Guardian, and the nature of Apple’s questions indicated to me that they would like to avoid another Onavo.

Previously:

Update (2019-04-30): Shawn King:

While becoming more common, it’s still a fairly unusual move for Apple to respond so quickly, directly, and on a weekend to stories like the one in the New York Times.

Timo Perfitt:

Is it possible that Apple didn’t know that companies were using MDM for parental controls? Why were the apps approved in the first place?

All of this seems like a communications / feedback failure.

Ryan Jones:

This is a really bad look for Apple. These apps have been using MDM for years and years.

Either they allowed apps that “put users’ privacy and security at risk” for 3+ years or they only now care for competitive reasons. Has to be one (or both).

Rene Ritchie:

What was Apple’s full statement to the times? Unless and until the Times posts it, we don’t know.

[…]

Apple opens up this way:

Apple has always believed that parents should have tools to manage their children’s device usage. It’s the reason we created, and continue to develop, Screen Time. Other apps in the App Store, including Balance Screen Time by Moment Health and Verizon Smart Family, give parents the power to balance the benefits of technology with other activities that help young minds learn and grow.

And, really, I think that’s just about the worst way to open. No other apps currently permissible on the App Store has the capabilities to really offer similar features in a convenient, effective way.

My guess is that Apple is doing what Apple typically does: Introducing Screen Time as a built-in feature, dog-fooding it, adjusting it if and as needed, and then, a year or two later, introducing an API — application programming interface — that other apps can use to securely, reliably, privately tap into the same data and offer alternative implementations and value-added services.

I would say: “typically” for areas where Apple wants to have an API. I’m not sure that this is a case where they do. They haven’t added an API for Night Shift, and I doubt that they will. There’s no API to make third-party e-mail clients or Web browsers that can do what Mail and Safari can (Schiller’s comments notwithstanding) or even set a default app.

Update (2019-05-01): OurPact (via Zac Cichy):

We present here, point by point, Apple’s recent claims in defense of removing apps that use MDM, to be contrasted with quotes from their own MDM documentation.

[…]

To date, OurPact has been approved by Apple for release to the App Store 37 times, with documented use of MDM.

In Apple’s public statement, they claimed that they gave developers 30 days to modify their apps in line with their guidelines, even though their guidelines make no mention of MDM. We did not receive any notice before OurPact’s child app was removed by Apple.

More importantly, there is no way for any company offering a parental control app to remove MDM functionality and still have a viable product. If Apple offered alternate APIs to achieve the robust parental controls that OurPact provides we would happily use them. Unfortunately, no such API exists. All attempts to open a dialogue with Apple to create those APIs have also been refused.

[…]

The takeaway from the call was that the technology in use was not the issue, but the act of blocking or restricting the use of third party apps was. Once again, user privacy was never raised by Apple as a concern.

Update (2019-05-02): Joe Rossignol:

In the days since, a handful of developers behind parental control apps including Qustodio, Kidslox, OurPact, and Mobicip have responded to Apple's press release with open letters, calling for the company to make the APIs behind its Screen Time feature available to the public for use in third-party apps.

See also: Techmeme.

Update (2019-05-10): See also: Accidental Tech Podcast.

9 Comments RSS · Twitter

> relies on user’s manually screenshotting their Battery screen every
>day to upload to the Moment app, which uses optical character
>recognition to read the rows of most used apps

This is amazing.

This all comes down to iOS users are really only renting their devices. iOS devices are not personal computers, no matter how you stretch that term. iOS is really a bozo lane for computing at the moment. Which is strange because the hardware is so capable, but it's the software which is a complete failure.

I would argue the Mac is suffering more from the opposite problem, hardware failing software, but Apple is really trying its hardest to go all in on their toaster strategy.

Sigh.

P.s. Seriously, allow apps to be installed outside the app store and all these complaints evaporate.

[…] I’ve asked whether certain designs/features would be allowed for my apps, I could only get perfunctory responses saying that I needed to follow the guidelines and would have to develop the feature and […]

[…] Apple Cracks Down on Screen Time Apps That Use MDM – Michael Tsai […]

[…] Apple Cracks Down on Screen Time Apps That Use MDM […]

[…] apps also get to use private APIs and daemons, have greater access to public APIs, act as default apps, and have privileged access to the lock screen, Control Center, and Siri. […]

[…] Apple Cracks Down on Screen Time Apps That Use MDM […]

[…] Apple Cracks Down on Screen Time Apps That Use MDM […]

[…] Apple Cracks Down on Screen Time Apps That Use MDM […]

Leave a Comment