Questioning Apple’s Case for Cracking Down on Screentime Apps
An Open Letter to Phil Schiller
The recent New York Times story on Apple cracking down on Screentime apps has created much debate online. Phil Schiller’s purported official response from Apple was featured by MacRumors.
As one of the developers affected by this arbitrary action, I welcome Phil’s response, but invite him to shed some light on this raging topic by answering the questions listed in my reply below.
Dear Phil
Thank you for your response to another fanboy’s concerns about Apple removing screentime apps from the App Store, and for having explained the risks to children had Apple not acted on their behalf. It is undoubtedly wonderful that Apple takes the responsibility to act as the ultimate arbiter and steward of privacy and security of children, an initiative to be truly appreciated. On the face of it. Because Apple’s noble gesture of acting on behalf of the children of this world raises some important questions. At least in my mind, as I am one of the developers affected by the action taken by Apple.
WHY NOW? WHY ONLY NOW?
Apple’s Mobile Device Management (MDM) framework has been in existence for many years now starting in 2010. As far back as Aug 2012, a parental control app called AppCertain made its debut on the App Store. AppCertain made use of MDM for enforcing or monitoring features, crossing a “gray line” in the process. A TechCrunch article from the time explains the gray line thus:
The app, whose goal is to alert parents about the nature of the applications their kids are downloading, involves the use of a “configuration profile” — special software Apple originally intended for enterprise use, not consumer-facing apps sold through its App Store marketplace. But Apple reviewed the application — for longer than most, founder and CEO Spencer Whitman tells us — and subsequently approved it. For how long that will remain the case, however, is unknown. “We think we are on a gray line with respect to Apple, but we don’t really know,” Whitman admits.
Please note that Apple did take a “longer than most” time to approve the app, which I presume was enough time to consider the privacy and security of children being monitored. AppCertain is not in business anymore, but it set the stage for many more parental control apps to move in the direction of MDM. By 2016, Qustodio, OurPact, Kidslox and many others had rolled out MDM based parental control apps on the App Store. By late 2018, almost any parental control app, including Mobicip of which yours truly is one of the co-founders, worth its name had to use MDM to be competitive and offer parents a holistic feature set. In June 2018, Apple’s Screentime makes its debut at the Worldwide Developer Conference (WWDC). Within a few weeks of this, developers like Kidslox are notified that the app violates Guideline 2.5.1, as Apple has abruptly decided to be the gatekeeper of security and privacy of innocent children, something Apple apparently didn’t care much about over almost 6 years.
STONEWALLING? OR NOT?
Mobicip was first notified about its parental control app violating the guideline on January 19, 2019, with a cryptic message that said all of the following:
We are writing to let you know about new information regarding your app, Parental Control & App Blocker, version 5.2, currently live on the App Store. Upon re-evaluation, we found that your app is not in compliance with the App Store Review Guidelines. Specifically, we found:
Performance — 2.5.1. Your app is using MDM profiles in an unapproved manner such as blocking third party apps and parental monitoring.
After no less than five responses requesting an explanation for what in the world this means, given that apps have been doing the very same thing for years, we finally received a response from Apple that was even more cryptic:
Regarding the 2.5.1 issue, your app uses public APIs in an unapproved manner, which does not comply with guideline 2.5.1 of the App Store Review Guidelines.
If Apple’s intention was, as you so rightly put it, to “continue to encourage development of these apps,” why did the App Store team choose to stonewall questions raised by a guideline-abiding developer until Feb 16, 2019, and then offer a less-than useful response? Follow up questions were not responded to within 2–3 days. On Feb 19, 2019, the Mobicip Parental Control app, in its MDM form, was summarily removed from the App Store.
WHY TARGET A FEW?
To this day, there are other apps on the App Store that violate the same guideline and are still available for sale. By applying the rules inconsistently, Apple is creating imbalance in the marketplace by selectively allowing some developers to use the MDM framework for parental controls, while disallowing others like Mobicip. The following is a list of apps that possibly continue to use MDM for parental controls and continue to be available on the AppStore.
Norton Family
UnGlue
Qustodio
Kidslox
SoaringSafe
Screentime
I’m not one to harbor any ill-will to a fellow developer, but if the guideline is enforced, it will be fair if it is enforced impartially and without favor. Does the fact that some of these apps are made by companies too big for Apple to take on, or by companies that have taken Apple to antitrust court have a bearing on the selective enforcement of guidelines?
WHAT ABOUT THE PARENTS?
When any of the parental control apps that use MDM to enforce parental controls is installed, it is the parent that goes through the process of setting up. During the process, the parent is explicitly asked to agree to the terms and conditions and privacy policy before installing the MDM profile and certificate. Please note that the parent has explicitly agreed to enroll the device in a third-party MDM system. Do these parents understand the risks? May be. May be not. But should it be the parent who decides the risk vs. reward? Given that Apple’ Screentime requires both parents and children to be on Apple devices, and given that most families today have a blend of devices with the parents on Android, isn’t it anti-competitive to not give parents this choice?
WHAT ABOUT AN OFFICIAL API?
Knowing that parental controls apps using MDM have been around for years, wouldn’t it have been a better option for Apple to support an officially supported API before pulling the plug?
WHAT ABOUT OLD-FASHIONED COURTESY?
Apple welcomes developers to build solutions for Apple devices and platforms. Hundreds of thousands of developers have done so over the years. Apple is big and powerful. About 0.5% of apps make a profit in a given year. When you have a lopsided David vs. Goliath relationship, is it too much to ask the giant to extend a little bit of courtesy? If you wish, I can share the entire thread of conversations with Apple. See this sample below:
Feb 19, 2019 at 8:34 AM
From Mobicip
Dear App Review Team
We hear you loud and clear:
>> It would be appropriate to revise your app to ensure that documented APIs
>> are used in the manner prescribed by Apple and submit your revised binary for review.
Could you please give some clue as to which documented API or APIs are being used in a manner that is not prescribed by Apple? Any general direction, clue, or specific guidance will be deeply appreciated. We have been one of the pioneers among parental control apps on the App Store over 10 long years and have always been playing by the rules, following Apple policies and guidelines as they evolved over time. There are hundreds of thousands of users who will benefit from your guidance. Please point us in the right direction and we can take it from there.
A phone call to explain the change and what a developer is expected to do would have been nice. After all, there weren’t too many of us. The response to my email above was this a few hours later:
Feb 19, 2019 at 1:43 PM
From Apple
Your app has an unresolved issue and has been removed from the App Store.
DOESN’T ANYONE ELSE HAVE A CONSCIENCE?
If Apple cares about the security and privacy of children, do the developers of apps that are to be used by the very same children with the express approval of their parents not share the same concerns? Why does only Apple have the right to act conscientiously on behalf of children, even overriding the good judgment of app developers and parents of those children?
Phil, I have always been and will continue to be an Apple fanboy. You may want to look into the whole chain of events here and how they unfolded, the long inaction and suspicious timing of the actions taken, the arbitrary enforcement, the selective removals, and the lack of common courtesy. When you grow too big for your own shoes, it is important to remember that there is a community of developers whose shoulders you are riding on. Once again, thank you for your response to the article and for engaging in the conversation.
Thanks
Suren Ramasubbu
Co-founder & CEO, Mobicip
If you’re a parent and wish to voice your concerns about Apple’s action, use the hashtag #GiveParentsControl.
UPDATE: Mobicip continues to be available on the App Store as an Internet filtering app with parental controls (that follow the Apple Guidelines), which can also be used in “parent” mode to establish rules for and monitor usage on all types of family devices like smartphones, tablets and computers. Despite Apple’s actions, Mobicip continues to be one of the best options for parents to create a safe experience for young users.
For press inquiries, please email pr@mobicip.com.
Photo credit: Photo by Alexandr Bormotin on Unsplash
