There Used to Be An App For That

May 1, 2019 · 11 min read

Apple Removed OurPact From the App Store. Here’s What You Need to Know.

On Saturday, April 27th, The New York Times exposed Apple’s systematic removal of screen time applications from the App Store.

Other major publications quickly picked up the story, leading Apple to share a public statement claiming these removals are justified on the grounds that parental control apps using MDM “put users’ privacy and security at risk.” An email from Phil Shiller, SVP Worldwide Marketing, also stated Apple’s position that these apps pose a risk to privacy.

Unfortunately, Apple’s statement is misleading and prevents a constructive conversation around the future of parental controls on iOS.

We want to take the opportunity to set the record straight about MDM for our loyal users and the many families looking for solutions to guide healthy digital habits. Our hope is that Apple will work with developers in this space so that families continue to have a wide selection of parental controls to choose from.

Image for post
Image for post
OurPact is the top-rated parental control on iOS, with over 3 million installations.

Our Mission

Shortly after the release of the iPhone in 2007, a growing body of research confirmed the negative impact of excessive screen time exposure for growing children and teens. In 2012, the OurPact team recognized the lack of solutions available on iOS and set out to develop comprehensive parental controls for families. We don’t just develop OurPact, we use it in our own homes.

From day one, our focus has been what’s best for parents and their children. A core part of that mission is a commitment to data protection and user privacy — we never have and never will sell or provide any user data to any third party.

OurPact’s Use of MDM

Since its initial release, OurPact has employed a public, documented Apple technology known as MDM.

While MDM was initially intended for company-owned or personally-owned BYOD implementations, it has also been used by many parental control applications to give parents more freedom to manage their children’s mobile devices. In recent years, Apple has also extended MDM for use by children and teachers in schools.

OurPact’s core functionality would not be possible without the use of MDM; it is the only API available for the Apple platform that enables the remote management of applications and functions on children’s devices. We have also been transparent about our use of this technology since the outset, and have documented its use in our submissions to the App Store.

Apple’s Statements on MDM

Apple recently stated that its own MDM technology, used by millions, poses risks to user privacy and can be abused by hackers. This stands in contradiction to the fact that MDM technology was initially developed by Apple to ensure security of private data on remotely managed devices. Apple alone issues certificates to third parties to communicate with their MDM servers, and Apple themselves are responsible for sending all MDM commands to user devices.

We present here, point by point, Apple’s recent claims in defense of removing apps that use MDM, to be contrasted with quotes from their own MDM documentation.

Can MDM apps access your private data?

Apple Press Statement: “MDM gives a third party control and access over a device and its most sensitive information including user location, app use, email accounts, camera permissions, and browsing history.”

Phil Schiller: “No one, except you, should have unrestricted access to manage your child’s device, know their location, track their app use, control their mail accounts, web surfing, camera use, network access, and even remotely erase their devices.”

— VS —

Apple’s MDM Documentation:

MDM cannot see personal data such as:

  • Personal or work mail, calendars, contacts

To clarify this very important point: OurPact does not have access to any of this private information via MDM. It is impossible for us, hackers, or anybody else to obtain it. Apple is the only one who has access to and uses this data.

Is MDM risky or unsafe?

Apple Press Statement: “Businesses will sometimes install MDM on enterprise devices to keep better control over proprietary data and hardware. But it is incredibly risky…”

Apple Press Statement: “Research has shown that MDM profiles could be used by hackers to gain access for malicious purposes.”

Phil Schiller: “Further, security research has shown that there is risk that MDM profiles could be used as a technology for hacker attacks by assisting them in installing apps for malicious purposes on users’ devices”

— VS —

Apple’s MDM Documentation:

“When users enroll in MDM for the first time on an iOS device, they are provided with information about what the MDM server can access on their devices and the features it will configure. This provides transparency to users about what is being managed, and establishes trust between you and the users.”

“Users understand how their devices are being managed and trust that their privacy is protected.”

“With a user-owned deployment, iOS [MDM] offers personalized setup by users and transparency around how devices are configured, along with the assurance that users’ personal data won’t be accessed…”

Is MDM suitable for children?

Apple Press Statement: “Parents shouldn’t have to trade their fears of their children’s device usage for risks to privacy and security, and the App Store should not be a platform to force this choice. No one, except you, should have unrestricted access to manage your child’s device.”

— VS —

Apple’s Support of MDM For Children in Practice:

Apple allows 3rd party developers to create MDM applications for schools through their Apple Classroom program — they do not publish data on its usage, but likely hundreds of thousands (or more) children use devices with Apple MDM installed every day. These apps are not being pulled because of risk to privacy, in fact, Apple offers its MDM security as a major selling point to schools.

What Data Does OurPact Collect?

OurPact collects only the data absolutely necessary to provide our service and we retain it for as short a period as possible. We comply with all global data protection laws, including GDPR.

The most sensitive data OurPact collects is:

1. Child Name, Age & Gender

Parents provide their child’s name (or alternatively a nickname) to easily switch between their children’s profiles within OurPact.

Optionally, parents can specify their child’s age and gender. Our team was actively developing an update to provide recommended daily screen time allowances and app recommendations for children, based on age.

2. Installed Applications

OurPact Premium displays a list of apps installed on child devices so that parents can manage access to each app individually. This list of applications is only visible to parents within their OurPact account.

3. Location Data

OurPact Premium uses iOS location data to help parents monitor their children’s device location in real time.

OurPact’s location usage is in no way tied to MDM functionality. It operates in the same manner as all other family location apps on iOS. This data is only available if location permissions are explicitly enabled by the parent in both the parent application and within system settings on the child’s device.

Timeline of Events

To date, OurPact has been approved by Apple for release to the App Store 37 times, with documented use of MDM.

In Apple’s public statement, they claimed that they gave developers 30 days to modify their apps in line with their guidelines, even though their guidelines make no mention of MDM. We did not receive any notice before OurPact’s child app was removed by Apple.

More importantly, there is no way for any company offering a parental control app to remove MDM functionality and still have a viable product. If Apple offered alternate APIs to achieve the robust parental controls that OurPact provides we would happily use them. Unfortunately, no such API exists. All attempts to open a dialogue with Apple to create those APIs have also been refused.

  • February 4, 2015: Apple approves the initial release of OurPact for distribution on the App Store.

Our Plea

Apple is a company that we have great respect for, and their stance on privacy for their users is one we wholeheartedly agree with. It is why the majority of the OurPact team are iPhone users and many of us have been Apple users since the Apple II. So, by choice, we would never be in the unfortunate position of telling one of the most beloved companies in the world that they have made a mistake, but sometimes the truth has to be spoken to power.

Given that there are no privacy issues with properly vetted MDM apps like OurPact being on the App Store, we humbly request that we are reinstated and allowed to continue providing our million users with the service they love and depend on.

If Apple truly believes that parents should have tools to manage their children’s device usage, and are committed to providing a competitive, innovative app ecosystem, then they will also provide open APIs for developers to utilize. Now, more than ever, the focus should be on building better and more diverse solutions for families to choose from.

We remain committed to solving this problem, and we implore Apple to recognize they have a responsibility to support and encourage the growth of this industry.

This issue will only be resolved if you voice your concern over the future of parental controls.

If you care about this issue, let your voice be heard with these hashtags: #ThereUsedToBeAnAppForThat #SaveOurPact #GiveParentsControl

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store