Apple has revoked Google’s enterprise certificates. According to The Verge, this caused early versions of Google Maps, Hangouts, Gmail and other pre-release beta apps to stop working. It also broke Google’s employee-only apps like the Gbus app for transportation and Google’s internal cafe app.
This comes shortly after Apple revoked Facebook’s enterprise certificates. This was done because Facebook was using its enterprise certificates, which were only supposed to be used on employee-only apps, in its “Facebook Research” app.
In short, the “Facebook Research” app was paying teenagers (and adults) to install a VPN that sucked up all of the user’s phone and web activity and allowed Facebook to collect it.
Google had its enterprise certificates removed because it was running a app called Screenwise Meter. TechCrunch reported that the app let users (some as young as 13 if they were part of a family group) to earn gift cards. The app allowed Google to monitor and analyze the user’s traffic and data.
In both cases, the companies were using their enterprise certificates in ways that they were not supposed to. The enterprise certificates were intended to be used in the company’s employee-only apps.
Recode reported that Apple made a statement after it revoked Facebook’s enterprise certificates. Part of that statement said: “Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”
To me, it sounds like companies that have iOS apps, and have been using their enterprise certificate in it to sneakily gather user’s data, should be worried. Apple has made it clear that they are willing and able to revoke enterprise certificates from companies that misuse it.