UPDATED May 3 with updated summary of events. This story was initially published April 29, 2019.
Apple's Parental Control App Controversy Explained
- Apple has reportedly targeted 11 of the 17 most downloaded third-party apps designed to limit screen time or oversee children’s phone use.
- Apple either restricted the apps' functions or removed them from the App Store entirely, giving developers 30 days to comply, causing some to cry foul.
- Apple says these apps put privacy and security at risk because they use software which gives access to location, app use, email accounts, camera permissions, browsing history and more.
- Many of the targeted apps offered more robust functionality than Apple’s own Screen Time, such as the ability to schedule blocking of apps, a kill switch for blocking everything at once, support for additional browsers and apps and the ability to control kids' Android phones.
- OurPact, one of the apps affected by Apple’s decision, published a statement disputing many of Apple’s claims, as well as a timeline of its relationship with Apple, showing the difficulty it’s had getting definite answers about the alleged issues with its app.
- Two of the apps are challenging Apple in European courts on the grounds of the company stifling competition.
Following a new report that Apple has been cracking down on third-party screen-time and parental-control apps, which includes some apps being kicked out of the App Store, Apple has issued a formal response to explain its actions.
To recap: Developers of popular apps with features designed to limit a user's screen time have complained that Apple forced them to remove these features, suspiciously around the time that Apple introduced the Screen Time feature in iOS 12.
According to the report in the The New York Times, many of the third-party apps have additional features than the ones Apple offers in its own settings.
The developers also complained that their apps, some of which had hundreds of thousands of paying customers, were given very little notice or guidance on how to become compliant before being removed from the App Store due to unclear violations, with requests for extra information yielding little additional help.
Two of the apps in question, Kidslox and Qustodio, are now attempting to take legal action against Apple via the European Commission’s competition authority, on the grounds of the company exercising unfair levels of control over its rivals.
Tom's Guide reported last fall that Apple had effectively crippled the functionality of OurPact, a top-rated iOS parental-control app, without much notice. OurPact representatives told us that Apple claimed OurPact was violating App Store guidelines on using mobile-device-management (MDM) software to control kids' phones, even though Apple had allowed OurPact and other parental-control apps to do so for years previously. (UPDATE: The Times story reported that OurPact had been expelled from the App Store in February, which OurPact independently confirmed.)
Apple itself denied to The New York Times that the removals were made to coincide with the implementation of its own screen-time features, and that it acted to protect users from the apps in question, which it says requested too much information from users.
Apple has since made an additional statement (opens in new tab) on the matter on its press site clarifying these comments. It says that the reason it removed apps was because they used MDM software, which permits remote control of a phone’s functions and which Apple describes as "a highly invasive technology."
While Apple concedes there are legitimate uses for MDM, such as for managing iPhones a company gives to employees, the company says the software is susceptible to hacking, and its appearance on apps for private use was not acceptable.
According to Apple, MDM software "gives a third-party control and access over a device and its most sensitive information including user location, app use, email accounts, camera permissions, and browsing history."
That's technically true, but Apple didn't seem to mind that parental-control apps were using MDM software until it developed its own parental-control app.
Apple claims that it gave the developers of the apps in question 30 days to remove MDM functions from their products, and those that didn’t were removed. It again denied that this was a malicious attempt to force the use of its own Screen Time tool, saying that “this isn’t a matter of competition. It’s a matter of security.”
Apple’s statement does sound like a reasonable course of action to take. However, when we take the accounts of the developers who spoke to the NYT into consideration as well, it seems like several businesses were severely damaged in the process. Hopefully the affected developers are able to recover, and Apple can figure out why its communications left so many unanswered questions.
UPDATE: "Apple's statement is misleading and prevents a constructive conversation around the future of parental controls on iOS," OurPact wrote in its own statement, posted on Medium May 1, regarding the Times story.
"MDM technology was initially developed by Apple to ensure security of private data on remotely managed devices," OurPact's statement adds. "Apple alone issues certificates to third parties to communicate with their MDM servers, and Apple themselves are responsible for sending all MDM commands to user devices. ... Apple offers its MDM security as a major selling point to schools."
"There is no way for any company offering a parental-control app to remove MDM functionality and still have a viable product. If Apple offered alternate APIs to achieve the robust parental controls that OurPact provide, we would happily use them."