{"id":14466,"date":"2019-01-31T09:10:03","date_gmt":"2019-01-31T17:10:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/01\/31\/news-8218\/"},"modified":"2019-01-31T09:10:03","modified_gmt":"2019-01-31T17:10:03","slug":"news-8218","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/01\/31\/news-8218\/","title":{"rendered":"Apple pulls Facebook enterprise certificate"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Thu, 31 Jan 2019 16:44:03 +0000<\/strong><\/p>\n

It\u2019s been an astonishing few days for Facebook. They’ve seen both an app and their enterprise certificate removed and revoked with big consequences.<\/p>\n

What happened?<\/h3>\n

Apple issue enterprise certificates<\/a> to organizations with which they can create internal apps. Those apps don\u2019t end up released on the Apple store, because the terms of service don\u2019t allow it. Anything storefront-bound must go through the mandatory app checks by Apple before being loaded up for sale.<\/p>\n

What went wrong?<\/h3>\n

Facebook put together a \u201cFacebook research\u201d market research app using the internal process. However, they then went on to distribute it externally to non-Facebook employees. And by \u201cnon Facebook employees\u201d we mean \u201cpeople between the ages of 13 to 35.\u201d In return for access to large swathes of user data, the participants received monthly $20 gift cards.<\/p>\n

The program was managed via various Beta testing services<\/a>, and within hours of news breaking, Facebook stated they\u2019d pulled the app<\/a>.<\/p>\n

Problem solved?<\/h3>\n

Not exactly. Apple has, in fact,\u00a0revoked Facebook\u2019s certificate<\/a>, essentially breaking all of their internal apps and causing major disruptions for their 33,000 or so employees in the process. As per the Apple statement<\/a>:<\/p>\n

\n

We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers…a clear breach of their agreement.<\/em><\/p>\n<\/blockquote>\n

Whoops<\/h3>\n

Yes, whoops. Now the race is on to get things back up and running over at Facebook HQ. Things may be a little tense behind the scenes<\/a> due to, uh, something similar involving a VPN-themed app collecting data it shouldn\u2019t have been earlier this year<\/a>. That one didn\u2019t use the developer certificate, but it took some 33 million downloads<\/a> before Apple noticed and decided to pull the plug.<\/p>\n

Could things get any worse for Facebook?<\/h3>\n

Cue Senator Ed Markey, with a statement<\/a> on this particular subject:<\/p>\n

\n

It is inherently manipulative to offer teens money in exchange for their personal information when younger users don\u2019t have a clear understanding of how much data they\u2019re handing over and how sensitive it is,\u201d said Senator Markey. \u201cI strongly urge Facebook to immediately cease its recruitment of teens for its Research Program and explicitly prohibit minors from participating. Congress also needs to pass legislation that updates children\u2019s online privacy rules for the 21st century. I will be reintroducing my \u2018Do Not Track Kids Act\u2019 to update the Children\u2019s Online Privacy Protection Act by instituting key privacy safeguards for teens.<\/em><\/p>\n

But my concerns also extend to adult users. I am alarmed by reports that Facebook is not providing participants with complete information about the extent of the information that the company can access through this program. Consumers deserve simple and clear explanations of what data is being collected and how it being used.<\/em><\/p>\n<\/blockquote>\n

Well, that definitely sounds like a slide towards \u201cworse\u201d instead of \u201cbetter.”<\/p>\n

A one-two punch?<\/h3>\n

Facebook is already drawing heavy criticism this past week for the wonderfully-named \u201cfriendly fraud\u201d practice of kids making dubious purchases<\/a>, and chargebacks being made. It happens, sure, but perhaps not quite like this. From the linked Register article:<\/p>\n

\n

Facebook, according to the full lawsuit, was encouraging game devs to build Facebook-hosted games that allowed children to input parents’ credit card details, save those details, and then bill over and over without further authorisation.<\/em><\/p>\n<\/blockquote>\n

While large amounts of money were being spent, some refunds proved to be problematic. Employees were querying why most apps with child-related issues are \u201cdefaulting to the highest-cost setting in the purchase flows.\u201d You’d better believe there may be further issues worth addressing.<\/p>\n

What next?<\/h3>\n

The Facebook research program app will continue to run on Android, which is unaffected by the certificate antics. There\u2019s also this app from Google<\/a> in Apple land which has since been pulled due to also operating under Apple\u2019s developer enterprise program. No word yet as to whether or not Apple will revoke Google\u2019s certificate, too. It could be a bumpy few days for some organizations as we wait to see what Apple does next. Facebook, too, could certainly do with a lot less bad publicity<\/a> as it struggles to regain positive momentum. Whether that happens or not remains to be seen.<\/p>\n

The post Apple pulls Facebook enterprise certificate<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Christopher Boyd| Date: Thu, 31 Jan 2019 16:44:03 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
After an app using an internal-only certificate from Facebook made its way into the outside world, Apple has responded by pulling Facebook’s developer certificate with immediate consequences for the social media giant.<\/p>\n

Categories: <\/p>\n