Slashdot Mirror
Apple Blocks Google From Running Its Internal iOS Apps (theverge.com)
Apple has now shut down Google's ability to distribute its internal iOS apps, following a similar shutdown that was issued to Facebook earlier this week. From a report: A person familiar with the situation tells The Verge that early versions of Google Maps, Hangouts, Gmail, and other pre-release beta apps have stopped working today, alongside employee-only apps like a Gbus app for transportation and Google's internal cafe app. UPDATE: Apple has restored Google's Enterprise Certificate so its internal apps will now function.
And the Ban Hammer is swinging.
Good to see that Apple are not letting these big corps get away with breaking the rules.
Google has been fucking with Apple for years, started with Maps, extended into browser space. Using Safari I can't get Google sites to render properly. On the other hand, Apple should have not messed with the web and introduced the new mobile web, which sucks balls, and sites detect your browser, and won't give you the content you want. But on the other hand, Google is far more meddling than Apple has been to the web at large. This idea of manipulating Internet users with new web standards is bullshit, and both Apple and Google are culpable. Any browser, even those from 1994, should work forever! Updating the web the way they have been only serves the big corps. This is shit Adobe pulled to force updates, which Apple has done for some time, to force hardware upgrades: "sorry, we broke the web, your 3yo browser won't render properly anymore! Buy a new computer!" Fuckers.
It's not like anything else privacy related happened recently at Apple that they might be compensating for...
Check your premises.
I wonder if Google employees will retaliate by ditching Apple phones for the Android phones so they can get access to the GBus app. That's pretty important for daily commuting if you take the bus to Google - knowing when your bus is arriving so you can micro-manage your time is important. There may be an incentive to jailbreak phones as well to get around these restrictions - it's a serious disruption of business. How many internal teams doing legit development on apps like Maps for Apple are affected?
This is a short-sighted response. It will have consequences.
I think for both Facebook and Google, enterprise certs will be restored at some point - maybe Apple is going to do a review of all the apps signed with them and devices they are installed on before restoring.
There are a lot of valid uses of enterprise certs too, I think this blanket cancellation is more a message to never do it again, then they'll at least get internal apps back.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
and that will just lead to laws force them to open to outside apps. Maybe the EU can push that though.
So... as usual the summary (and even TFA in this case) had me confused about what is going on here. At first I thought Google was redistributing Apple's internal iOS apps. I thought maybe they were embedding iOS apps within their own apps or something. Anyway here's what this is about.
An enterprise developer license for iOS allows a developer to sign an app for limited *internal* distribution of an app. This is for testing and enterprise use internally within the company the license was issued to. This is in contrast to apps intended for public distribution, which as we know can only be done through the iOS App Store, and which requires Apple to approve the app.
What Facebook and Google have been doing is publicly distributing what should be internal-use-only apps to the public - apps that would not be approved by Apple for various reasons (including privacy issues) - through their enterprise developer license. So it's clearly a violation Apple's terms, and it sounds like both FB and Google are doing the overreaching data collection through these special apps.
Apple has reacted, disabling the signing keys for these apps so they no longer function.
Better known as 318230.
I know this little spate probably won't help tear them apart, but this sort of thing totally activates my inner desire to see all of these stupid walled gardens torn down. We used to have general-purpose computing where if you owned a piece of hardware, you could put any software you wanted to on it and no one else could stop you. Now we see Apple's iOS walled garden firmly entrenched and macOS tightening the screws in small increments with each OS update to move in that direction, plus Microsoft trying to coerce people into walled gardens with Windows 10 S Mode and even with some of the SmartScreen options. Android and Linux are the only places that are generally free from the dangers of these walled gardens that lock users out of using their own hardware as they see fit. Wouldn't it be great if these big corporations got in a childish feud that resulted in tearing down the walls of their walled gardens?
Isn't it a message to every enterprise everywhere that Apple are in total control of your platform and can disable your work without notice or warning, rendering any investment you made worthless?
If I were a corporation looking to deploy an internal app, I'd be looking at non-apple options. Having your internal platform disabled could cripple smaller business to the point of threatening their viability.
And if I were Google, I'd be relaxed to see Apple making that point so effectively.
Oh, you mean instead of following the letter of the contract you signed, you do something that violates that contract, and when you are caught, and the other party terminates their part of the contract, it is their fault?
You are a special kind of stupid, aren't you?
Why Google people use iPhone ?
Ceci n'est pas une Signature !
They take privacy more seriously than any other phone OS platform. They shut as shit donâ(TM)t take it seriously enough but fuck. Google isnâ(TM)t to be trusted at all.
I'm not stupid enough to believe that companies the size of Google and Facebook don't have lawyers.
Nor am I stupid enough to think that companies that size would necessarily have agreed to the same terms as others.
And I'm not stupid enough to believe that a contract, even when drafted by expensive lawyers, can't have ambiguity.
So, perhaps, it's not me who's a special kind of stupid.
Googlers running IOS, serves them right. I suppose they don't know that Google makes phones. Well, and it's more than stupid that Google doesn't just give every employee a high end phone.
When all you have is a hammer, every problem starts to look like a thumb.
An enterprise developer license for iOS allows a developer to sign an app for limited *internal* distribution of an app.
The point of the Enterprise developer license is it lets you distribute unlimited internal applications for use by your employees, on any number of devices.
When you have a developer certificate, you have to register devices you want to be able to distribute test builds for. Using an enterprise certificate for deployment, you do not have to register anyones device in your developer portal - in that way it's like an App Store build, but you can choose who to send the IPA (compiled app bundle) to for distribution.
Because it could be any device and Apple does not really know who is an employee or not, there's no control over who can install an enterprise signed IPA. That how companies were able to do this for so long, because Apple does not police this. It's a good idea because it keeps a lot of apps from the App Store that would be of no use to anyone outside of employees.
Apple does provide a way to do limited external testing, called TestFlight - there you can distribute a built to up to 10,000 external testers.
So it's clearly a violation Apple's terms....Apple has reacted, disabling the signing keys for these apps so they no longer function.
Oh yes, it's a very clear violation of terms as you are told when you sign up for the program that it's only for use by employees of the company (or contractors).
They didn't just revoke they keys for those apps though, they revoked the whole certificate on which all app distribution profiles were built - affecting possibly hundreds of valid internal apps as well. But since all we know is Google/Facebook were not obeying the rules, was the smart thing to do as who knows how many other apps were being sent outside the company... not quite sure how companies walk back from this to restore enterprise builds, as I've never seen a company run afoul of this rule before.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Isn't it a message to every enterprise everywhere that Apple are in total control of your platform and can disable your work without notice or warning, rendering any investment you made worthless?
"Without notice or warning"? They flagrantly disregarded the cardinal rule of the license they agreed to, which is spelled out in plain language in the subtitle, first paragraph, second paragraph, definitions, appropriate use section, etc. of the license. The license is even subtitled "for in-house, internal use applications". It really couldn't be any clearer. You can make pretty much anything you want for internal use, so long as it remains internal.
If I were a corporation looking to deploy an internal app, I'd be looking at non-apple options. Having your internal platform disabled could cripple smaller business to the point of threatening their viability.
Why? Is your hypothetical corporation breaking the cardinal rule too? The only people who need to be worried are those who haven't been using the license in good faith. So long as you're using the license as it was plainly intended to be used—to develop and use apps internally—you have nothing to fear, despite suggestions to the contrary.
Since apple is sooo concerned about my personal data and privacy, I wish they would add a switch to enable/disable network access on a per-application basis (they already do that for cellular data, so I'd imagine it should not be hard to do)
Isn't it a message to every enterprise everywhere that Apple are in total control of your platform and can disable your work without notice or warning
If you stray outside the extremely clear and well defined lines? Yes. It is also a message to everyone. But as I said that message from Apple is very clear when you make use of this program, which is very much a privilege, not a right.
If I were a corporation looking to deploy an internal app, I'd be looking at non-apple options
Why? tens of thousands of companies deploy internal apps just fine. The system works really well and there are a lot of advanced management tools for internal apps... so why would you hamstring yourself just because Facebook did something immoral and stupid and in clear violation?
What you are saying is kind of crazy, like saying you'd move out a low crime area into a high crime slum, just because if you chose to rob someone you might be caught - even when you weren't planning to rob anyone... by moving your enterprise off iOS devices you are just opening it to a potential world of hurt.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Yet here we are with both Google and Facebook having non-working enterprise apps across the board, with no evidence whatsoever to validate your speculation.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Missing the point. Contract violations are often subjective and need to be resolved in court. Meanwhile your business is fucked because all your internal apps don't work.
Or just use Android.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
You think it should be a legal requirement that they allow Google and Facebook to pay people to install spyware?
Some sort of operating system for a glorified toy or something?
By all indications, Facebook and Google agreed to the same license as everyone else, and the license is anything BUT ambiguous, given that it's subtitled "for in-house, internal use applications" and then only gets more explicit about how it's intended to be used from there. I ran through a lot of the details about the license in a comment yesterday.
Crapple is a piece of shit company. Buying their shitty iphones turns you into a dickwart.
I could also see Google and Facebook trying to turn this into an anti-trust complaint. Apple having the ability to basically shut down their internal applications remotely without recourse and there being no other way to sideload onto the OS is an extreme level of control over a platform.
Log in or piss off.
For internal use only.
Nothing ambiguous about that at all. Google and Facebook both violated these terms knowingly because they have zero respect for peopleâ(TM)s privacy and thought this was a great way to invade it further.
The "blanket cancellation" will induce each big social media and ad brand to create their own secure smart phone network and hardware.
Domestic spying is now "Benign Information Gathering"
After PRISM who would trust another brands products for that kind of "advanced management tools for internal" use? :)
The US gov had the keys too
Domestic spying is now "Benign Information Gathering"
Are you trying to tell Google to 'just use Android'?
Anyway, the point isn't just that the internal apps for menus are broken, Google and Facebook couldn't even beta-test their iOS apps anymore. And if you want to make money, you build apps for iOS. Even Google. They paid $9 billion to remain Apple's default search, because there's a lot of money writing apps for Apple devices.
So if you want to write apps for Apple, play by the rules. If you don't like them, fine, find somewhere else to make a buck. Nobody's forcing you.
Facebook and Google can take Apple to civil court if they think Apple has violated the terms of the contract.
That should've said, 'because there's a lot of money being on Apple devices', regardless of whether you're making apps or not. Anyway.
Apple apparently confirmed at least some of your thoughts in a comment given to BuzzFeed:
We are working together with Google to help them reinstate their enterprise certificates very quickly
As Daring Fireball points out, however, they've said nothing of the sort with regards to Facebook.
I support the former. I believe the strength of democracy derives from its diversity of opinion, allowing ideas to compete and the better ideas to percolate up to the top. As opposed to dictatorships where someone else decides what can do and think. What about you?
For those of you too young to remember, the Soviet Union had elections too. And the predesignated candidate always won with 99% of the vote (about 1% of people weren't able to make it to the polls). They liked to brag that it was a sign of how unified the population was in supporting the government, while democratic candidates rarely got more than 60% of the popular vote. A friend of mine who had managed to flee the U.S.S.R. told us that if you failed to vote for the designated candidate and didn't have a good excuse, you could be thrown into a gulag.
Yeah if I were Google I'd look into developing my own mobile platf... oh wait.
So, perhaps, it's not me who's a special kind of stupid.
In the USA where Apple and Google are, violating contracts is illegal.
You just openly admitted in a public form that if you ran a company (and clearly you don't) you would intentionally break the law and violate every contract you signed, all the while claiming you never read the contracts you signed.
Not only would no business or person ever have any business dealings with you after stating your intent to illegally defraud them like you just did, but you aren't rich or powerful enough to avoid the jail time such crimes carry.
I do hope you admitting to a crime like this comes back to bite you.
That they will be stopping proving its employees with Apple HW options.
There are some breech of contracts that could result in criminal charges (ie, fraud), but most contract disputes are just that -- contract disputes, not criminal activities that can be prosecuted by the state.
I'm sure Google has attorneys who could make a compelling case that using their internal development certs for external users is somehow covered, especially if the users in question get material compensation. Google could say this makes them contractors, and I doubt Apple's intent for enterprise certs is meant to block contractors from using internal enterprise apps.
But this boils down to Apple and Google settling this dispute on their own, not a "criminal" matter. They may decide to go to court over this, but my guess is neither wants to see some kind of precedent set that works against them. Apple doesn't want to find out that yanking a cert exposes them to damages and liability for business disruption, and Google doesn't want the court to affirm Apple's draconian contract enforcement as justifiable and their business losses resulting from it their own "contributory negligence".
I think for both Facebook and Google, enterprise certs will be restored at some point
Probably, but from now on Apple products inside Google will be regarded as ticking time bombs, that trust will never be restored.
When all you have is a hammer, every problem starts to look like a thumb.
You are a special kind of stupid, aren't you?
Right, you are that kind of stupid that allows Apple to come inside your network and control your business.
When all you have is a hammer, every problem starts to look like a thumb.
By all indications, Facebook and Google agreed to the same license as everyone else, and the license is anything BUT ambiguous, given that it's subtitled "for in-house, internal use applications" and then only gets more explicit about how it's intended to be used from there. I ran through a lot of the details about the license in a comment yesterday.
Given that Facebook was paying the users, whose to say they can't argue they were 'internal/employed/contracted' users as far as Apple's Terms define them? I'd argue that they are wrong and in my view are not compliant - but no doubt FB has a small nation army of lawyers to argue the contrary...
And he got modded up for it...
I am surprised these aren't web apps anyways? Why do they need to install apps.
Apple's draconian contract enforcement
This is the only thing I'm going to touch on here.
With the facts in the thread you have replied to, you basically said you want anarchy. No enforceable contract.
Google got banned from distributing iOS apps internally...
The funny part isn't Google got banned.
The funny part is that Google was distributing iOS apps internally.
They can argue anything they want, but I already quoted the relevant definition from the license in that other comment I linked, and it’s pretty clear these people did not have the sort of employment relationship (e.g. where are the tax forms if they’re employees?) nor the written, binding agreements required by the license.
You say the dumbest shit sometimes.
When people hate Apple more than Facebook AND Google.. Well, I'll let you take it from there.. LOL This shit is great. people are forecasting delusion everywhere these last few days. I think this bitch is about to break!
But these companies are in breach of contract. I don't see how that would hold water in court.
Isn't it a message to every enterprise everywhere that Apple are in total control of your platform and can disable your work without notice or warning, rendering any investment you made worthless?
They're not, though. You can still install self-signed certificates on iDevices and then any apps code signed with those certificates. What Apple has done is enforce its ToS for Enterprise certificates by revoking Facebook's and Google's Apple-supplied code signing certificates - they're only meant to be used for internal apps.
FYI GlobalSign, Microsoft and all other Authenticode certificate authorities have Terms of Service as well and they can revoke the certificates you purchase from them at any time.
That's completely wrong. You can install your own self-signed certificates, or any other Server Identity or Authenticode certificates, on iOS devices. The procedure is no different than installing a Provisioning Profile with an Apple-supplied code signing certificate which is what enterprises need to do before installing their own (supposed-to-be-internal-use-only) apps.
and that will just lead to laws force them to open to outside apps. Maybe the EU can push that though.
Why? There was a contractual agreement between two parties and Google broken their end of the agreement. Ditto for Facebook.
Why? There was a contractual agreement between two parties and Google broken their end of the agreement. Ditto for Facebook.
Because statutory requirements can override contractual agreements. If the EU, or its member nations, wanted to mandate that Apple allow Google and Facebook to push spyware to iOS users, and that any contractual condition is invalid to the extent it infringes Google's right to surveil, they could do so. That being said, given the European (esp. German) obsession with all that fancy privacy stuff, it's unlikely they would.
https://arstechnica.com/tech-p...
You'll have to explain this better, because I don't know if you're *backing* Apple's ability to arbitrarily enforce the contract or *critical* of Apple's ability to arbitrarily enforce the contract.
While the scale of Apple's enforcement would seem to make it extreme (ie, all internal apps stop), many contracts revolve around one party supplying a good they control to their contract partner. If you get fuel delivered every week and you stop paying the bill (ie, violate the contract terms) they will stop delivering your fuel.
I was friends with a guy who worked for a banking software vendor back in the early 1990s. He told me their software had a dead man's switch -- the license was only good for 90 days or something and had to be renewed. They would issue a new 90 day license key with every month's payment -- stop paying, and the software stopped without any intervention.
I mean, I'm of two minds about about whether Apple went too far. Did they *ask* Google to revoke the app first, or did they just "find out" and then flip a switch? Was immediate revocation a term in the contract? Does their cancellation appear to be associated with some other business competition or dispute? Some of these things could result in injunctive relief from a court if they could be shown to be true and worth litigating.
But they'd have to be litigated, and with that in mind, I don't know how you get to anarchy. Both sides have access to the civil court system and can file lawsuits around the enforcement of this contract. That's what it's for. But it's most likely not criminal behavior on either side.
Anti-trust law > contract law.
When the gatekeeping is so strong that signing such a contract with a competitor is even slightly attractive to an enterprise who wants to run internally developed applications on corporate-owned devices, I think there's a strong argument that there's something fishy going on.
Log in or piss off.
"no other way" was maybe a bit strong. "no viable way for a large corporation..." would be more accurate.
I'm going to have to assume that Google and Facebook are aware of various other ways to sideload apps, and I'm also going to have to assume that if there was a viable Apple-free solution to running internal apps for their entire iOS-using employee base then this issue wouldn't have hit the front page.
If you know of a way to build an Apple-free equivalent to Apple's enterprise program, I can think of a couple large companies who'd be willing to give you a heck of a lot of money right now...
Log in or piss off.
Whats fishy is that these companies blatantly broke the rules, and got caught doing so and punished. Yet the same people that want to castrate Facebook and Google for "fake news" and such other bullshit are now trying to skewer Apple because they don't want their customers tracked WHILE these companies break the rules. That's the only thing suspect in this. You people defending Google and Facebook.
Its very clear what happened. Apple caught Facebook red handed, and chopped their hand off. Someone stepped up and said "but google!!" In fairness and not wanting their contracts broken and services abused Apple cut Googles hand off too. It is real clear what happened, Don't break the rules you signed up for and you wont be treated like a kid and grounded.
My guess is that Google and Apple will resolve this without the courts. I'd guess neither side wants a legal precedent that says that immediate kill-switching all of a platforms apps and not just an offending one is too extreme. Apple wants control of what happens on their platform and I'm sure Google worries that "winning" a dispute with Apple could affect their ability to control the Android platform in similar ways.
I'd wager there will be some additional contract language between Apple and Google that further defines what "internal use only" actually means, probably tying it to some constructive internal business function, not making use of apps for collection of data/behavior about non-Google apps, data or platforms.
I'd wager that Apple is mostly in the driver seat here due the existing contract, but it's not hard to see a court providing injunctive relief based around the breadth of the certificate revocation's impact and the ambiguous nature of who is an internal employee. But it would have to be litigated and I doubt either party wants a legal precedent.
google looking for a non-apple option? waaaaaaaaaaaat................ dude, reread wat you wrote! google goooooooooooooooogle..... don't they have a phone os or what?
You seem to be confusing slamming Apple's tight grip on the iOS platform with defending Google and Facebook.
In a sane world, Google and Facebook or you or I shouldn't need Apple's permission to install anything on devices they own, period. The only consent necessary should be the consent of the device owner, period. That Apple makes it infeasble to do this on an enterprise full of iOS devices without signing a contract with Apple is a problem no matter who the enterprise is. That Apple won't allow iOS device owners to install and run whatever they like (no matter how stupid this would be) on their own devices is unacceptable.
That people are dumb enough to install these internal Google and Facebook apps on their personal devices is a different matter entirely. That's a dumb thing and I don't recommend it, but I can't fix stupid.
Log in or piss off.
I completely agree. I don't think it will ever see court either. But as you said Google probably doesn't want to shoot their self in the foot. I was basically talking about all of the ERR MA GAWD APPLE IS THE DEVIL!!! We have seen here. They are just enforcing their rules.
I somewhat agree. Hi normally would be on the Apple hate train, but fact if the matter is nobody can touch them in the mobile space. Their computers are crap, iPhones are not. I type this on a shitty android tablet as we speak. But the iPhone in my pocket it's tethered to is far superior in all but screen size. It is also jailbroken so i can install what I want. Okih and it's more secure and as we can see in this article has more privacy and less tracking.
That's a bit arse-over-tit, isn't it? Apple is certainly not going to take Google's or FB's word that their in-house apps are only being used in-house after this fiasco -- that's the trust that's been destroyed.
I wouldn't. I'd be calling my app writers into my office and asking them why crude interfaces to a remote database such as a bus time scheduling app that the entire company relies upon couldn't have been done in HTML5 instead.
OK, OK, I know, it also crippled the ability of developers working on native apps for general distribution to test what they wee writing, kinda, sorta (I assume the iOS development tools come with an iPhone emulator), so that would have just lead to issues with people testing the apps. But in that instance... that'd have been Apple's loss as much as Google's.
If I were in either Google or Facebook's shoes, I'd be doing two things. (1) I'd be reviewing how they got into a situation where they were clearly misusing an Enterprise certificate in a way that clearly violated their agreement with Apple, and (2) why they're so reliant upon "native apps" when HTML5 can do virtually everything they need anyway with no significant performance issues. They're not writing 3D games, and frankly, I'd be surprised if they have problems porting Google Earth to Safari if they really need that kind of functionality anyway.
You are not alone. This is not normal. None of this is normal.
Apple clearly are enforcing their rules and I'm sure their legal department said it was within their rights in the contract language.
That being said, this is one of those situations where there's little legal precedence -- who knows what kind of wild-ass challenges might undermine Apple's iron-clad right to do this.
I could see an argument against Apple based on quasi-monopoly power. Apple's products have no identical substitute goods, only similar substitute goods. In a normal market, someone selling tape, or diesel fuel or some other product would be less likely to severely cut off a customer for a contract term violation because they would worry that it would generate ill will and they would lose the customer. Apple can only get away with this behavior because they have a kind of monopoly power, and thus maybe they shouldn't be able to pull the kill switch without negotiating first or some more granular punishment that doesn't affect everything.
I think they definitely figure they are covered by the contract and by their exclusive control of an influential product.
Google and Facebook will mitigate the risk of Apple sabotaging their business again by banning Apple products.
When all you have is a hammer, every problem starts to look like a thumb.
That's a very exciting and obviously wrong statement (what, you think FB aren't going to do in-house testing of their iOS app any more?), but even *more* excitingly, it represents a complete failure to respond to the substance of my post. Well done!
Apple can only get away with this behavior because they have a kind of monopoly power
I think you meant brain slugs...
Seriously Apple believers are brainwashed. The only thing they got right was mobile... In 30 years or so... But they did create a rather large cult.
You're right, Apple won't be banned inside GOOG and FB, it will be quarantined. And employees will wave Apple products around inside corporate HQ at risk to their career trajectory.
When all you have is a hammer, every problem starts to look like a thumb.
The thing is, I don't think we have a very good way to describe a company with a product for which there *is* a substitute (ie, you can get an Android if you don't like iPhone) but where at the same time there's a lot of barriers to switching because of the nature of the goods in question -- apps, user interface, and some cases purchased/cloud data that's not usable on the substitute good.
It's not accurate to call iPhones a monopoly, but at the same time an Android is a very imperfect substitute. If I don't like a particular car, I can switch to a similar model that will be nearly identical in most ways.
Sure, some of this is in the heads of the users who could in fact switch and over time might not see it as all that different, but this discounts a lot of very real differences.
Yea, but the problem with technology patents, especially shit like software, It's not easy to see whats actually being done. So joe shmo engineer can't just make a copy of it and start selling it. Especially in the world of "app stores" be it google or apple. I honestly don't care I use my phone to talk/text and occasionally look something up on the internet at work, I can do all of that with any phone on the market. Any time I need heavy lifting I pull my 7 year old laptop out of my backpack and do whatever it is I needed more power for. I have never worked directly for a large corporation so I don't really know what their needs are. I do however figure they would have the skill and resources to make whatever they needed on any platform. I would also expect companies like Google and Facebook to know what they were doing is risky and that they agreed to take that risk to get that sweet user data.
Yeah right
You are definitely the special kind of stupid.