Facebook has yet again vowed to “do better” after it was caught secretly bypassing Apple’s privacy rules to pay adults and teenagers to install a data-slurping iOS app on their phones.
The increasingly worthless promises of the social media giant have fallen on deaf ears however: on Wednesday, Apple revoked the company’s enterprise certificate for its internal non-public apps, and one lawmaker vowed to reintroduce legislation that would make it illegal for Facebook to carry out such “research” in future.
The enterprise cert allows Facebook to sign iOS applications so they can be installed for internal use only, without having to go through the official App Store. It’s useful for intranet applications and in-house software development work.
Facebook, though, used the certificate to sign a market research iPhone application that folks could install it on their devices. The app was previously kicked out of the official App Store for breaking Apple’s rules on privacy: Facebook had to use the cert to skirt Cupertino’s ban.
With its certificate revoked, Facebook employees are reporting that their legitimate internal apps, also signed by the cert, have stopped working. The consumer iOS Facebook app is unaffected.
Trust us, we’re Facebook!
At the heart of the issue is an app for iPhones called “Facebook Research” that the company advertised through third parties. The app is downloaded outside of the normal Apple App Store, and gives Facebook extraordinary access to a user’s phone, allowing the company to see pretty much everything that person does on their device. For that trove of personal data, Facebook paid an unknown number of users aged between 13 and 35 up to $20 a month in e-gifts.
A person familiar with the situation tells The Verge that early versions of Facebook, Instagram, Messenger, and other pre-release “dogfood” (beta) apps have stopped working, as have other employee apps, like one for transportation. Facebook is treating this as a critical problem internally, we’re told, as the affected apps simply don’t launch on employees’ phones anymore.