Risk & Repeat: Apple restores enterprise certificates for Facebook, Google
This week's Risk & Repeat podcast looks at Apple's decision to temporarily revoke Facebook's and Google's enterprise certificates following reports of questionable app activity.
After revoking Facebook's and Google's enterprise certificates and disabling their internal iOS apps, Apple later reversed its decision.
Apple took the harsh action after two separate reports from TechCrunch revealed Facebook and Google had misused their enterprise certificates under the rules of Apple's Developer Enterprise Program. Those rules state that enterprise certificates granted to business should only be used for internal corporate apps and not customer-facing apps, since those certificates give the businesses root access to the device's network traffic.
TechCrunch reported that Facebook had taken its Onavo Protect VPN app, which had already been banned by Apple's App Store for misusing an enterprise certificate, and reskinned and relaunched it as a "Facebook Research" app that collected data on users, some of whom were teenagers. TechCrunch later reported that a Google app called Screenwise Meter was also misusing its certificate, leading to Apple revoking both companies' certificates.
What kind of access do enterprise certificates provide? What effects will this controversy have on Facebook and Google? Was Apple right to revoke these certificates? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.