A critique of Apple’s statement of facts
The New York Times opened a can of worms by throwing light on Apple taking what is seen as anti-competitive action on parental controls apps on the iOS App Store, especially ones that help parents manage the amount of time children spend on their Apple devices. Apple countered with a statement the very next day titled, “The Facts About Parental Control Apps,” which has generated much polarized debate between Apple fans and critics. The question is, did Apple’s statement get all the “facts” right?
Fact #1: Over the Last Year
Over the last year, we became aware that several of these parental control apps were using a highly invasive technology called Mobile Device Management, or MDM… We started exploring this use of MDM by non-enterprise developers back in early 2017 and updated our guidelines based on that work in mid-2017.
Parental control apps started using the Apple Mobile Device Management (MDM) framework as far back as 2012. Every single app version and update for such parental control apps was reviewed carefully by the Apple App Review team and approved. The role of the App Review is, according to Apple, to “review all apps and app updates submitted to the App Store in an effort to determine whether they are reliable, perform as expected, and are free of offensive material.” Until 2018, several hundreds of app updates submitted by parental control app developers were carefully reviewed and approved. Using the MDM technology is not subtle at all, which means the App Review team must have become well aware of and intimately familiar with the usage of MDM by parental control apps. That Apple became aware of such apps’ use of what it considers invasive technology only by last year says something about the company’s culpability in allowing such a practice to continue unhindered over many years.
Fact #2: Highly Invasive Technology
several of these parental control apps were using a highly invasive technology called Mobile Device Management, or MDM
Mobile Device Management is a technology based on a framework, protocol and APIs created by Apple. Third-party developers are encouraged to sign up for and develop MDM software using the tools offered by Apple. The software, thus developed, is intended for use by businesses and schools to manage a large number of iOS devices. Most employees of large companies enroll their personal mobile devices, specifically consumer devices, in the enterprise MDM. If the underlying technology is “highly invasive” and prone to “malicious hacking”, such usage should be of great worry to the users and IT departments alike. What Apple probably intends to say is that the technology could be misused by a bad actor. However, it paints a broad picture of MDM software as something like a virus or malware, and any IT expert can tell you that it couldn’t be farther from the truth.
Fact #3: MDM is Installed on Enterprise Devices Only
MDM does have legitimate uses. Businesses will sometimes install MDM on enterprise devices to keep better control over proprietary data and hardware.
MDM is installed by Enterprises on company-owned devices and also on employee-owned devices. According to Forbes, 60% of employees use a personal smartphone for work, and nearly all large companies enforce IT policies on such consumer smartphones using MDM software. See this document from Apple — Managing Devices and Corporate Data on iOS. Specifically pages 8–10.
On page 10, Apple clearly delineates what the MDM can and cannot see, and why it is still a very secure thing to do.
By claiming that MDM is a highly invasive technology, Apple has severely undermined its own marketing to enterprise IT departments.
Apple is right in saying that the MDM framework was intended to be used by Enterprise IT. But by allowing the use for other purposes, like parental controls, over the years, in apps that were reviewed and approved for the App Store, Apple is just as guilty of all the charges that it has laid on the doorsteps of developers of such apps. If the IT department of a large corporation installing and using MDM software on consumer smartphones is a legitimate use case, the parent acting as the IT department of a household installing and using MDM software on the family’s devices is an equally legitimate use case. Typical IT departments of companies purchase MDM software from Apple or other third party developers who are vetted and approved by Apple. The developers of parental control apps have also been vetted and approved by Apple for the very same purpose. It may be true that Apple intended for MDM to be used on enterprise devices only, but the fact is that MDM software is routinely and widely installed on consumer devices.
Fact #4: App Store Forces Trade-off on Parents
Parents shouldn’t have to trade their fears of their children’s device usage for risks to privacy and security, and the App Store should not be a platform to force this choice.
Note that when anyone installs an MDM on a device, the user has to explicitly agree to the permission screens that pop up. It doesn’t make for a great user experience and causes a lot frustration to end users, but it is a necessary step. In our experience in working with parents over the years, we find that they are generally well informed about what they are trading off when they setup parental controls on their family’s devices. Nearly 52% of parents have a situation in the family or have noticed something that warrants an intervention, 38% of parents take pre-emptive steps by following the recommendations of the World Health Organization (WHO) and American Academy of Pediatrics to limit screentime and Internet usage, and some 10% of parents setup parental controls following the recommendation from the school or library. By making the trade-off on behalf of the parents, Apple is pre-empting their judgment and making the choice unilaterally without acknowledging that there are situations when a parent needs to be able to make touch choices.
Fact #5: Apple Has Always Supported Third-party Parental Control Apps
Apple has always supported third-party apps on the App Store that help parents manage their kids’ devices. We are committed to offering a place for these apps to thrive as they improve the user experience for everyone.
Of all the so-called facts in the news release, this is the most laughably ridiculous and ironic one. Every product maker is always in a quest to achieve product-market fit. In Paul Graham’s words, it is when you “make stuff that people want”. Being in this business for as long as we have, we know quite well what parents want, which is usually one or more of the following options depending on the age, family situation, and perceived risk factors. To filter the Internet and videos. To manage the time kids spend on screens. To monitor what apps are installed. To keep tabs on how much they spend on apps. To check on who they are talking to about what. To intervene when necessary. To locate where the children are. To identify risky and dangerous behavior early.
Apple has done virtually nothing to help developers of parental control apps. Nearly all parental control apps on the App Store today exist in spite of Apple’s support (or lack thereof) and not because of it. Not a single API has been created for these developers, not a single developer session at any of the developer conferences devoted to it, and not a single article in its support content addresses this need. Parents find it shocking when we express our helplessness and say, “Ah, well, you have to live with that, as thats about what Apple allows us to do!”
For press inquiries, please email firstname.lastname@example.org.