Google's approach appears to be less sinister than Facebook's approach (it doesn't obfuscate what the research is really for), but I suspect Apple's decision today to revoke FB's Enterprise cert will force them to also take action on Google's Enterprise cert. Well played, TechCrunch.
I might be naive in this but I hope Apple does revoke the certs, not because of the privacy implications (which I still do have concerns about), but because I would like to see the rules applied evenly. We’ve seen Apple apply the rules differently to big vs small developers but this time it’s Google and FB and by revoking FB certs for being in violation of terms, they must unquestionably revoke Google’s certs lest they bring on another bias debate.
The rules should not be applied the same to everyone. Apple needs to look out for its long term interests and it can deal with small companies in ways that it can not deal with Google or Facebook without harming said interests. It's sort of like the quip, "Owe the bank $10,000 and they control you. Owe the bank $1,000,000,000 and you control them." In the world of business there are unequal relationships.
What enterprise certs are meant for and what they are used for in practice are very different things. Apple themselves bought out the Testflight service and integrated it into their toolchain and it was built on using enterprise certs to distribute to external users.
It has always been used as a release valve for the standard restrictions of the app store process.
> Apple themselves bought out the Testflight service and integrated it into their toolchain and it was built on using enterprise certs to distribute to external users.
This isn't true; when you logged in with TestFlight, they pushed a configuration profile to you that would collect your UDID. The developer would then register those UDIDs with Apple and sign the app with an ad hoc provisioning profile / normal developer certificate, as Apple intends.
You could also distribute enterprise apps through TestFlight, but they did nothing specifically to help you do that, they were just a hosting service in that respect. They certainly didn't abuse enterprise certificates themselves, although somebody using their service could, just as they could use any hosting service to distribute the apps OTA.
We're talking about the old TestFlight service from before Apple acquired them.
It's the new TestFlight service that distinguishes between internal and external testers. There's very little similarity between the old and the new TestFlight beyond their general mission statements. They don't work in the same way at all and the new TestFlight was built from the ground up.
Depending on exact definitions, the people in an outside compensated "research panel" could be seen as "employed by" the company doing the research. There's consideration being exchanged for services rendered.
I don't think lawyering over the terms is what's important here. Instead what matters is whether Apple thinks it is better for its business to pull Google's enterprise cert.
Apple holds all the cards here. If it wants to punish Google over this, it will, and Google won't be able to do a thing about it, terms or no terms.
Apple has immense discretion here, of course. But a punitive enforcement action with potentially large spillover effects, in impairing other apps, is being discussed.
Whether that's considered justified, and even whether such an action might create a legal/antitrust liability for Apple, could depend on the actual terms/definitions Apple provided.
In the long run, Apple can adjust their terms subject only to a few legal and market checks. But in the short term, Apple should respect the terms they've offered, contractually, to other entities.
I don't think antitrust is relevant in this case, because Apple doesn't have a monopoly in smartphones. In fact, if anyone does, it's Google, since Android accounts for 75% of mobile phones worldwide [1].
True, kind of — it depends on the definition of “market power.” There is a dominant market share test used by the courts, generally a market share over 50% is required while some courts require a much higher percentage.
> Further, Apple has a 100% monopoly control of the iOS App Store.
That irrelevant. Best Buy also has a 100% monopoly control of Best Buy stores. That doesn’t mean that Best Buy has a monopoly on consumer electronics stores, nor does Apple have a monopoly for computer app stores.
True, Apple does have a monopoly when it comes to the iOS App Store.. but no more of a monopoly than Baskin Robbins has for ice cream sold by Baskin Robbins. That doesn’t mean you can’t by non-Baskin Robbins ice cream somewhere else, nor does it require Baskin Robbins to sell Hagen-Daz. If you want to be a sell your stuff at a store, you have to follow the rules of that store and pay the commission. Just like there are other places to buy computer software for a mobile device, there are other places to buy ice cream.
There are much greater implications for consumer welfare, and competition across many tech/service/product markets, in App Store control than in branded ice cream.
I've actually suggested, not fully seriously, that my employer give us the option of taking part of our pay in Costco gift cards.
A Costco member can buy and load gift cards, and then give them to a non-member, and that card will admit the non-member to Costco stores and allow them to buy things there on the card.
Some of us wouldn't use Costco enough to justify buying a membership, but would like to use them occasionally, and this gift card hack would allow that.
Sure would. If that would pass, I would simply create a club, let everyone join up and call them members of my organization and ship apps through it, bypassing Apple, the 30% and App Store review all in one shot. Considering how I've been treated at the hands of the iTunes support team, I'd do it in a heartbeat.
Kind of disappointing that so many people just want to downvote this thought, but no one can quote (or even seems to care about) the actual terms that Google (and Facebook) are alleged to have violated.
All hail arbitrary Apple, unbound by contract or law! Save us from ourselves, Tim Cook!
(f) Allow Your Customers to use Your Internal Use Applications on Deployment Devices, but only (i) on Your physical premises and/or on Your Permitted Entity’s physical premises, or (ii) in other locations, provided all such use is under the direct supervision and physical control of Your Employees or Permitted Users (e.g., a sales presentation to a Customer);"
Thanks! But, depending on the definitions of 'Employees' and 'Permitted Users' (and perhaps 'Permitted Entity'), that section's wording doesn't necessarily make the Facebook/Google use prohibited.
FWIW, I am a paid-up, registered member of the Apple Developer program, but still can't access that page, as it is apparently limited only to enterprise developers. So I can't check the definitions/details myself.
That limitation also helps me understand why so few, here or in the journalistic coverage I've seen, seem willing to quote the exact section violated. Those curious and willing to answer perhaps cannot access the formal wording, whereas those with the rights to access the terms may fear they'd be violating some obscure provision of their Apple agreements by merely quoting it.
Apple just took Google’s money to be the default integrated browser/Siri search engine in iOS. Apple’s morality on privacy has a price. The public outrage will need to be huge. Heh.
I remember a while back them talking about how they use Bing with Siri and about how Apple anonymizes the queries so Bing doesn't know who's actually doing them. I would imagine they'd apply the same anonymization to other search providers too.
Reminds me of the anonymized AOL search dump from back in the day[1]. Needless to say, the dump was a trove of personally identifiable information despite being "anonymized".
My vague recollection is Apple would actually take the Siri request and route it to Bing for you, so Bing doesn't know your IP, and they would attach a unique identifier that they'd rotate every 15-or-so minutes, so that way Bing can correlate multiple requests done back-to-back but loses any correlation with requests outside that 15-minute window.
For those billions, Apple links to the Google search results page in Safari when you type a query in the iOS system search field. That page includes Google search ads. According to the 2017 annual report, Google made $77 billion in revenue from “Google properties revenues”, which is mainly search ads but also includes other sources such as YouTube. Ads served by Google elsewhere (such as AdMob or DoubleClick) aka “Google Network Members’ properties” are only $17 billion. Search intent is an extremely strong signal for ads even with no personal information, although the ads are probably personalized if the user is logged into Google in Safari.
$9 billion is the “traffic acquisition cost to distribution partners” in 2017, which includes payments to Apple as well as other entities that send people to Google properties. This cost comes out to only 11.6% of the associated revenue. It’s likely that the amount of money paid to Apple is contractually linked to the revenue Google gets from ad clicks that can be tracked back to a link from Apple.
So there’s really no need for theories about the abstract value of user data here, it’s a simple referral fee for the ad clicks that are Google’s main business.
For actually serving Siri search results directly, I'm not sure what benefit the search provider gets. My guess is they're really after the "Search Web" fallback if you're not satisfied by Siri's initial synopsis, which will take you to the search page (and therefore the search provider will now know who you are).
OK, thank you for clarifying. It does read that way though, basically "Google was not abusing it like fb, thanks to Techchrunch they will lose their cert anyways".
