If you think Apple’s official statement on its removal of some parental control apps put a close to that chapter, one app developer argues it shouldn’t be. OurPact, one of those booted from the iOS App Store, is now calling Apple out over its response. It says, in effect, that the Mobile Device Management (MDM) technology that Apple cites as a potentially insecure is the very same MDM technology that it assures its business customers is totally secure.
The drama all began when the NYT published a piece over the weekend on how Apple has been removing apps from the App Store that seemed to rival its new Screen Time functionality built right into iOS. In response, Apple published a statement saying that many of these apps used MDM technology to provide parental controls and monitoring and could become an attack vector for attackers.
OurPact calls that statement misleading because it is simply using Apple’s own MDM system to do that. Not only that, all the commands it uses for parental controls pass through Apple’s MDM servers and are sent by Apple itself. In effect, the developer says, Apple is now claiming that its own MDM technology might not be that secure.
To be fair to Apple, its statement singles out business/enterprise apps as legitimate users of its MDM system, not consumer apps like OurPact. It App Store policies, which it updated just recently, apparently prohibit the use of MDM functionality in such consumer-facing iOS apps. OurPact, however, also questions both the timing and process of Apple’s crackdown on MDM users.
The developer says that the app was approved 37 times on the App Store, even while clearly stating the use of MDM. It also didn’t receive any 30-day notice before its app was removed, contrary to Apple’s claims. The unspoken accusation is that Apple instigated such changes in light of its Screen Time launch. Given it has not provided any API such apps can use instead of MDM, it is practically forcing those parental control apps to fold.