Snippet: Google Abuses Enterprise Certificates, Too ☇

Shared on January 31, 2019

Like Facebook, Google was using their internal iOS enterprise certificates externally to distribute an app outside of the App Store. They shut it down when Facebook was caught, but it looks like Apple is at least inconveniencing them as punishment. Zach Whittaker from TechCrunch:

Apple has blocked Google from distributing its internal-only iOS apps on its corporate network after a TechCrunch investigation found the search giant abusing the certificates.

“We’re working with Apple to fix a temporary disruption to some of our corporate iOS apps, which we expect will be resolved soon,” said a Google spokesperson. A spokesperson for Apple said: “We are working together with Google to help them reinstate their enterprise certificates very quickly.”

TechCrunch reported Wednesday that Google was using an Apple-issued certificate that allows the company to create and build internal apps for its staff for one of its consumer-facing apps, called Screenwise Meter, in violation of Apple’s rules. The app was designed to collect an extensive amount of data from a person’s iPhone for research, but using the special certificate allowed the company to allow users to bypass Apple’s App Store. Google later apologized, and said that the app “should not have operated under Apple’s developer enterprise program — this was a mistake.”

I suspect that athlete very least, Apple did this to enforce their terms of service consistently, but also to break any of these rogue apps that are out there. The fact that Google stopped themselves and issued an apology doesn’t necessarily make it much better. As a sidenote, I’ve been very impressed with TechCrunch’s investigation on all of this.

Snippets are posts that share a linked item with a bit of commentary.