Following Sunday’s report in The New York Times revealing Apple recently cracked down on screen time-monitoring apps on App Store, the company the following day published a detailed explainer on its website.
First, the gist of the Times report:
Over the past year, Apple has removed or restricted at least eleven of the seventeen most downloaded screen-time and parental-control apps, according to an analysis by The New York Times and Sensor Tower, an app-data firm. Apple has also clamped down on a number of lesser-known apps.
In some cases, Apple forced companies to remove features that allowed parents to control their children’s devices or that blocked children’s access to certain apps and adult content. In other cases, it simply pulled the apps from its App Store.
The story asserts that Apple is pulling down these apps because they compete with Screen Time, its own feature available on iPhone and iPad with iOS 12.
Apple spokeswoman Tammy Levine:
We treat all apps the same, including those that compete with our own services. Our incentive is to have a vibrant app ecosystem that provides consumers access to as many quality apps as possible.
She added that Apple removed or required changes to these apps because they could “gain too much information” from users’ devices. She said the timing of Apple’s moves was not related to its introduction of its own Screen Time feature in iOS 12.
What the company found was that some of the screen time-monitoring apps available on App Store use its Mobile Device Management (MDM) technology in invasive ways, to monitor everything that happens on the user’s phone.
And here’s Apple’s statement on the matter in full:
Apple has always believed that parents should have tools to manage their children’s device usage. It’s the reason we created, and continue to develop, Screen Time. Other apps in App Store, including Balance Screen Time by Moment Health and Verizon Smart Family, give parents the power to balance the benefits of technology with other activities that help young minds learn and grow.
We recently removed several parental control apps from the App Store, and we did it for a simple reason: they put users’ privacy and security at risk. It’s important to understand why and how this happened.
Over the last year, we became aware that several of these parental control apps were using a highly invasive technology called Mobile Device Management, or MDM. MDM gives a third party control and access over a device and its most sensitive information including user location, app use, email accounts, camera permissions and browsing history. We started exploring this use of MDM by non-enterprise developers back in early 2017 and updated our guidelines based on that work in mid-2017.
MDM does have legitimate uses. Businesses will sometimes install MDM on enterprise devices to keep better control over proprietary data and hardware. But it is incredibly risky—and a clear violation of App Store policies—for a private, consumer-focused app business to install MDM control over a customer’s device. Beyond the control that the app itself can exert over the user’s device, research has shown that MDM profiles could be used by hackers to gain access for malicious purposes.
Parents shouldn’t have to trade their fears of their children’s device usage for risks to privacy and security, and App Store should not be a platform to force this choice. No one, except you, should have unrestricted access to manage your child’s device.
When we found out about these guideline violations, we communicated these violations to the app developers, giving them 30 days to submit an updated app to avoid availability interruption in App Store. Several developers released updates to bring their apps in line with these policies. Those that didn’t were removed from App Store.
We created App Store to provide a secure, vibrant marketplace where developers and entrepreneurs can bring their ideas to users worldwide, and users can have faith that the apps they discover meet Apple’s standards of security and responsibility.
Apple has always supported third-party apps on App Store that help parents manage their kids’ devices. Contrary to what The New York Times reported over the weekend, this isn’t a matter of competition. It’s a matter of security.
In this app category, and in every category, we are committed to providing a competitive, innovative app ecosystem. There are many tremendously successful apps that offer functions and services similar to Apple’s in categories like messaging, maps, email, music, web browsers, photos, note-taking apps, contact managers and payment systems, just to name a few. We are committed to offering a place for these apps to thrive as they improve the user experience for everyone.
MacRumors reader Zachary Robinson emailed Tim Cook with his reactions to the story and received the following reply from marketing head Phil Schiller.
Thank you for being a fan of Apple and for your email.
I would like to assure you that the App Store team has acted extremely responsibly in this matter, helping to protect our children from technologies that could be used to violate their privacy and security. After you learn of some of the facts I hope that you agree.
Unfortunately the New York Times article you reference did not share our complete statement, nor explain the risks to children had Apple not acted on their behalf. Apple has long supported providing apps on App Store, that work like our ScreenTime feature, to help parents manage their children’s access to technology and we will continue to encourage development of these apps.
However, over the last year we became aware that some parental management apps were using a technology called Mobile Device Management or MDM and installing an MDM Profile as a method to limit and control use of these devices. MDM is a technology that gives one party access to and control over many devices, it was meant to be used by a company on it’s own mobile devices as a management tool, where that company has a right to all of the data and use of the devices.
The MDM technology is not intended to enable a developer to have access to and control over consumers’ data and devices, but the apps we removed from the store did just that. No one, except you, should have unrestricted access to manage your child’s device, know their location, track their app use, control their mail accounts, web surfing, camera use, network access and even remotely erase their devices. Further, security research has shown that there is risk that MDM profiles could be used as a technology for hacker attacks by assisting them in installing apps for malicious purposes on users’ devices.
When the App Store team investigated the use of MDM technology by some developers of apps for managing kids devices and learned the risk they create to user privacy and security, we asked these developers to stop using MDM technology in their apps.
Protecting user privacy and security is paramount in the Apple ecosystem and we have important App Store guidelines to not allow apps that could pose a threat to consumers privacy and security.
We will continue to provide features, like ScreenTime, designed to help parents manage their children’s access to technology and we will work with developers to offer many great apps on App Store for these uses, using technologies that are safe and private for us and our children.
Former Apple executive Tony Fadell, also know as the father of the iPod music player, offered his take on the situation, proposing that Apple release an official Screen Time API that makers of these apps could use.
Apple’s Screen Time still has many holes and deficiencies. Their v1.0 solution was a rush job and it’s very non-intuitive to use. Apple should be building true APIs for Screen Time so the privacy concerns are taken into account instead of limiting users App Store choices.
Here’s how that might work.
We need complete digital health data. The API should cover both, usage data and controls. Apple should also provide and enforce APIs for app developers to notify users and parents when a new account is created or logins occur.
In his tweestorm, Fadell concluded that Apple shouldn’t discourage entrepreneurs from creating more solutions akin to Screen Time. That, he pointed out, is “the antithesis of what we need and as a responsible technology community we can do better.”
I’m not sure sharing sensitive data— such as our how many times we pick up the phone per day, how many notifications we receive, when we engage with the Instagram app the most and so forth—is a clever idea because once a developer gets hold of this data, there’s little Apple can do to control whether it’s been used properly and not sold to a third-party.
There were some controversial app rejections and app removals in the past, but in this case—I side with Apple. We saw what kind of damage and privacy intrusions are possible when developers misuse enterprise certificates and MDM systems.
Had Apple gone after all screen time-monitoring apps on App Store, it could have been accused of anticompetitive behavior, but clearly they’re cracking down only on apps that specifically misuse MDM, and developers who used MDM technology in their apps clearly knew they were in violation of Apple’s guidelines.
What do you make of this?
Let us know by leaving a comment below.