Apple bans Facebook from running internal iOS apps following data misuse

Facebook's VPN-based research app was the main offender.

Apple isn't taking chances just because Facebook is shutting down the iOS version of its controversial research app. The company told Recode in a statement that it was revoking the enterprise certificates Facebook had been using to distribute the software outside of the App Store. The social network's use of business certificates to distribute apps to non-employees was a "clear breach" of its agreement with Apple, a spokesperson said. However, while the pay-for-user-data app was the main offender, the decision appears to have had broader consequences for Facebook -- numerous internal tools might not work.

A source for The Verge said that development versions of key Facebook iOS apps (including Messenger and Instagram) stopped working after Apple pulled the certificates. It also broke internal-use-only apps like ones for a food menu and transportation. This has reportedly become a "critical" issue, since the apps are flat-out broken.

Facebook has already defended the research program in spite of deciding to shut it down. It argued that the app wasn't secret given its obvious name and clear messaging when you signed up. It also downplayed the discovery that some users were teens, noting that "less than 5 percent" were teenagers and that all of them reportedly signed parental consent forms. It didn't, however, explain why it was using enterprise certificates to provide apps outside of Facebook.

Whatever the justifications, the move underscores tensions between the two companies. Apple has made privacy one of its central tenets, and chief exec Tim Cook blasted Facebook in 2018 for what he saw as poor privacy standards. Facebook's Mark Zuckerberg, meanwhile, shot back with assertions that Cook wasn't telling the truth. Things only got worse later in the year when Apple got Facebook to pull the VPN client that would later become its disputed research tool. The two aren't strictly enemies, but pulling enterprise certificates isn't about to help them patch things up.