Earlier this week, The New York Times reported that Apple has been cracking down on parental control apps from a number of developers, a move that created such a furor that Apple issued a rare public press release to set the record straight.
The crux of the issue at hand, according to Apple, was that developers of parental control apps were misusing Apple’s Mobile Device Management (MDM) technology, which is designed to allow corporations and schools to manage their own, company-owned devices, and thereby opening up a number of potential privacy issues.
Of course, Apple’s relatively sudden move has left many developers of parental control apps feeling disenfranchised, and at least one developer is pushing back against Apple’s claims, saying that the company’s statement is “misleading and prevents a constructive conversation around the future of parental controls on iOS.”
The Problem According to Apple
As we reported earlier this week, Apple has stated quite clearly that it considers the use of MDM technology by parental control apps to be something that “puts users’ privacy and security at risk,” describing its own MDM technology as “highly invasive.”
Apple emphasizes that the technology was intended to allow organizations to maintain control over confidential data and their own hardware, but that it’s actually a “clear violation” of its App Store policies “for a private, consumer-focused app business to install MDM control over a customer’s device” and “incredibly risky” for end users.
Parents shouldn’t have to trade their fears of their children’s device usage for risks to privacy and security.
Apple’s Statement on Parental Control Apps
Apple claims that not only do MDM profiles allow apps — and by extension, the developer itself — to gain an invasive level of control over a device, but MDM profiles can also be “used by hackers to gain access for malicious purposes.”
The Facts According to OurPact
In a blog post on Medium, OurPact, the developer behind one of the most popular parental control apps on the App Store, has taken issue with Apple’s claims, suggesting that the company is being hyperbolic at best, and perhaps even outright disingenuous about how its own MDM technology works.
In a point-by-point breakdown, OurPact attempts to refute, or at least clarify, many of Apple’s claims, contrasting them with quotes from Apple’s own MDM documentation, Managing Devices & Corporate Data on iOS, dated July 2018.
For example, in responding to Apple’s claims that MDM apps can access private data, OurPact cites Apple’s documentation which clearly states a list of personal data that MDM servers cannot access, including personal or work email, text messages, browser history, call logs, reminders and notes, frequency of app use, or device location.
OurPact emphasizes that it does not — and indeed cannot — access any of this private information. However, OurPact doesn’t mention the data that they do potentially have access to, which includes the device name, model, and serial number, the owner’s phone number, and the iOS version and apps that happen to be installed.
OurPact goes on to challenge Apple’s statement that MDM is risky and unsafe by citing sections of Apple’s documentation that talk about how the installation process helps users to “understand how their devices are being managed and trust that their privacy is protected” along with “assurance that users’ personal data won’t be accessed”
Further, Apple’s statement that MDM isn’t suitable for children is refuted by OurPact by pointing to Apple’s own support for third-party developers to create MDM applications for schools through the Apple Classroom program, suggesting that Apple is being hypocritical in suggesting that parents shouldn’t use the technology while encouraging “hundreds of thousands” of children to use MDM-enabled devices in schools every day, and in fact making it “a major selling point to schools.”
OurPact then goes on to explain the data that it does in fact collect, while emphasizing that it complies with “all global data protection laws.” Specifically, the child’s name, age and gender are collected, and the app does monitor location data, but notes that in neither case is Apple’s MDM technology used for this. A list of applications installed on the child’s device is also displayed by the premium version of the app, which is likely one of the features that actually does require MDM. OurPact adds that “this list of applications is only visible to parents within their OurPact account.”
OurPact also provides a detailed timeline of their interactions with Apple, adding that the app had been approved for sale on the App Store 37 times since 2015, with “documented use of MDM.” They also take umbrage with Apple’s public statement that developers were given 30 days to modify their apps, stating that they received no notice at all before OurPact was removed from the App Store by Apple, which happened less than a month after iOS 12 was released with Apple’s own Screen Time feature.
By way of background, I have worked in information technology for three decades, and have set up numerous device management systems over the years, going back to the days when BlackBerry was leading the charge for corporate device management and the iPhone was merely a gleam in Steve Jobs’ eye. I have also deployed the technology specifically for iPhone users in several different ways for corporations and schools that require control over their own devices or those of their employees.
While OurPact is not wrong in pointing out Apple’s misleading statements when it comes to privacy, the developer isn’t telling the whole story either. While it’s true that there’s very little information that an MDM server can access from a user-registered device, I’m not convinced that this should give them a pass for being able to use the technology.
If asked, I think most parents would consider their child’s phone number to be confidential information — as the father of a nine-year-old, I know I certainly would — and while OurPact suggests that they’re not collecting this information, the point is that MDM makes it possible for them to do so, whether deliberately or simply by failing to scrub that data properly when devices are registered with their MDM back-end. Further, just because OurPact may be handling it properly doesn’t mean every developer is doing so. Even beyond the phone number, which of course wouldn’t apply to iPad and iPod touch users, privacy-conscious parents may still have qualms about other data being available to the developer without their knowledge, such as the device serial number and the list of installed apps.
Further, although what OurPact says about installing an MDM profile is technically correct — by Apple’s own iOS design, the user is shown what restrictions will be enforced — in my own experience this is not done in such a way that an unknowing parent will fully understand what is happening. For one, while it may be obvious to the parent that the device is going to be managed, since that’s the whole point of installing OurPact, it’s less obvious that the developer itself will have the ability to do this from its own servers, and not just through the app that the parent is using.
Lastly, OurPact says nothing about the level of control that MDM offers. Since it’s of course necessary for MDM to be used to enforce parental restrictions, as Apple provides no other method for third-party apps to do so, this also means that the developer’s own MDM infrastructure has the ability to enforce these restrictions. In other words, anything that a parent can do to their child’s iOS device using their own parental control app can just as easily be done by the developer themselves — or anybody with access to the developer’s systems. Depending on how MDM is deployed by the developer, this can even include features like remote wipe, changing or removing the device passcode, and actually installing or removing apps.
At the end of the day, the issue isn’t what OurPact itself is or isn’t doing, but what their systems are capable of doing using MDM. Consider that a hacker who compromised OurPact’s systems would gain control over potentially millions of childrens’ iOS devices. Regardless of how limited that access may be, there’s still more than enough room for abuse here. As somebody who understands this technology very well, I can say without hesitation that any app that even attempted to install an MDM profile on one of my family’s devices would be deleted a few seconds later without any hesitation at all.
If Apple truly believes that parents should have tools to manage their children’s device usage, and are committed to providing a competitive, innovative app ecosystem, then they will also provide open APIs for developers to utilize. Now, more than ever, the focus should be on building better and more diverse solutions for families to choose from.
That said, there’s one excellent point that OurPact makes which I agree with wholeheartedly: Apple needs to come up with a better way of doing this. It’s hard to blame OurPact, and other parental control app developers, from using the only technology that makes their apps possible, and it’s certainly understandable how they would feel that it’s unfair of Apple to suddenly pull a successful app after years of approvals. However, if Apple is being honest in its statement that it “has always supported third-party apps on the App Store that help parents manage their kids’ devices” then it’s going to be critical for the company to do this sooner rather than later. Despite the accusations of anti-competitive behaviour, Apple has no incentive to force users into its own Screen Time feature, and the company has everything to gain by ensuring a robust ecosystem of parental control apps are available to its users.