Update 2/1/19: Yesterday, Apple reinstated Facebook’s access to its Enterprise Developer Program. “We have had our Enterprise Certification, which enables our internal employee applications, restored. We are in the process of getting our internal apps up and running,” a Facebook spokesperson wrote in an email. “To be clear, this didn’t have an impact on our consumer-facing services.”
When Apple said on Wednesday that, in response to a revelation that Facebook was monitoring minors’ cellphone usage, it would curtail the platform’s ability to distribute apps, it overshadowed the US government as a regulator of the company’s privacy practices.
Apple’s action comes after TechCrunch revealed on Tuesday that Facebook had been paying users since 2016, including some minors, as much as $20 a month to install a “Facebook Research” app on their phones, allowing the social-media company to collect large amounts of the users’ data and activity.
Facebook has had its access to Apple’s Enterprise Developer Program suspended; the program is designed to let developers distribute and test apps internally within their own companies. Facebook instead used it to sidestep the Apple app store’s more stringent privacy requirements.
According to TechCrunch’s investigation, Facebook took steps that would initially hide its involvement with the app during the process of soliciting participants, often working through intermediaries and not revealing its involvement until later in the sign-up process.
“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization,” Apple said. “Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple.”
Facebook maintains that it did nothing wrong, despite Apple’s suspension and strong criticism from the public and lawmakers.
“Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App,” a Facebook spokesperson said in a statement emailed to Mother Jones. “It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate.”
Apple’s enforcement action against Facebook is a stiffer penalty than any meted out recently by US regulators. While the Federal Trade Commission is expected to soon hand Facebook a record-breaking fine for violating a series of 2011 agreements, the agency has not taken action on the company since then despite rising consumer frustration. Data privacy regulation has been proposed by Sens. Brian Schatz (D-Hawaii), Amy Klobuchar (D-Minn.), and John Kennedy (R-La.), among others, but has not caught serious traction in Congress.
“It’s ridiculous that we have to rely on tech companies to regulate other tech companies,” said Justin Brookman, the director of consumer privacy and tech policy at Consumer Reports Advocacy. “It’s good that Apple is stepping up here, but that’s the government’s job. That’s what consumer protection law is supposed to do.”
Apple benefits from being seen as protective of consumer data, and its CEO Tim Cook has vocally differentiated his company from other tech giants by reassuring consumers it will protect data. But that commercial commitment lacks any of the legal authority, or permanence, of a government regulatory regime.
Matt Stoller, an economist at Open Markets, a think tank that focuses on competition and antitrust policy, said that his colleagues sent a letter to the FTC in 2017 urging a close look at Facebook’s 2013 acquisition of Onavo, an app that functioned similarly to the recently uncovered monitoring program and that gave the platform the ability to surveil its competitors’ interactions with users. To Stoller, the acquisition represented an unfair competitive advantage.
Apple removed Facebook’s Onavo app in 2018 citing violations of its app store privacy rules. Facebook says the Facebook Research app was not built to replace Onavo.
“The FTC should have been looking into what Facebook was doing with this data,” Stoller says. “They’re obviously not doing that—because the FTC doesn’t do anything—but Apple at least took the step to make it harder to install this VPN spyware.”
Stoller has advocated that the FTC break up major technology companies like Facebook to prevent internal conflicts of interest harmful to consumers. Companies like Facebook that facilitate vast amounts of communication shouldn’t also be advertising business, he says, “because the potential for surveillance is overwhelming.”
Meanwhile, Brookman says, Congress should provide the FTC with “more substantive authority.”
“They’ve done a pretty good job,” he adds, “but they’re limited in what they can do…Apple doesn’t have the same restrictions. Because of that, they have the ability to stop Facebook.”