In January 2018 Apple investors complained publicly about the lack of parental controls on their popular devices. At one point even CEO Tim Cook expressed concern about the addictive nature of social media. Vancouver-based app entrepreneur Justin Payeur saw this as validation for the Boomerang Parental Control app he was developing.
What is really needed, apparently, is an app to move apps through the Apple Store app approval process. Reasons for rejecting and requiring changes to the app were numerous, varied, changing, and frustrating. The whole ordeal can drag out for years. That was Payeur’s experience as he chronicled it in an open letter on the Boomerang blog, complete with the text of email exchanges with the Apple app review team and emails to Tim Cook. The most consistent bone Apple picked with the app was that private consumer data could be shared or compromised. Developers aren’t so sure about that. Apple also didn’t like an app that controlled or shut off Apple’s own apps, like Safari, based on parents’ settings.
In June 2018 Payeur was first told that the app didn’t comply with one or more of the App Review Guidelines. He was informed that more time was needed for review and that the use of Mobile Device Management (MDM) was no longer allowed. After some fixes, he was told via message that the app still installed MDM profiles for unapproved purposes. “Specifically, your app blocks or restricts access to third-party apps using MDM,” Apple said. Payeur appealed and was again rejected because, he was told, installing MDM profiles for parental controls was not appropriate for the App Store: “Apps may only use public APIs and must run on the currently shipping OS.”
Payeur continued to log his ping-pong journey with Apple that continued through 2019. During that time Apple requested more information and more time to review. Apple offered vague new reasons for rejecting versions of the app, e.g. “false information and features.” and also cited improper mention of Android because that violates Apple’s metadata guidelines.
‘The timing was suspect’
“We did not use any private APIs or any framework in unintended uses,” Payeur wrote in his January 2020 open letter. “So our internal conclusion … was simple: Apple wanted us out of the App Store …” He said the timing was suspect; Apple was about to launch iOS 12 with screen time controls.
Abandoning development of the app for child devices, Boomerang focused on the parent mode because many of its customers were parents with iPhones and kids with Androids, or the other way around. Revenues for the app tanked and users didn’t like it.
Then the press lit a fire.
In December 2018 it was a TechCrunch piece about the challenges facing third-party developers of iOS parental control apps. In April 2019 the New York Times wrote about Apple’s anti-competitive approach to these apps, to which Apple responded that several of the rejected apps posed privacy risks. Payeur found other developers experienced the same treatment from Apple.
One of those developers was OurPact, a competitor to Boomerang in the parental control app arena. In an article published on Medium.com in May 2019, OurPact also detailed its interactions with Apple, which were very similar to what Boomerang experienced. OurPact also was met with Apple’s alleged privacy concerns. OurPact was unconvinced. According to the developer, Apple stated that “its own MDM technology, used by millions, poses risks to user privacy and can be abused by hackers. This stands in contradiction to the fact that MDM technology was initially developed by Apple to ensure security of private data on remotely managed devices.”
“Apple alone issues certificates to third parties to communicate with their MDM servers, and Apple themselves are responsible for sending all MDM commands to user devices.” OurPact went on to say, “OurPact does not have access to any of this private information via MDM. It is impossible for us, hackers, or anybody else to obtain it. Apple is the only one who has access to and uses this data.”
In June 2019 Boomerang was invited to re-submit its parental control app and was told there was a new Mobile Device Management Capability form to complete. The updated app was approved with MDM, but before it was released Apple again said the app violated the rules. This time it was because the app contained Google Analytics, which could grab sensitive data, Apple maintained.
“This was false,” Payeur said. He fixed the app, pushed the update, then was told the app was in violation for using Google Firebase, which Apple again said risked disclosure of sensitive information. After more back and forth and more waiting, his appeal was rejected. When he removed any analytics, Boomerang Parental Control was approved in October 2019.
Are you sensing a pattern?
However, Apple changed its policies yet again, saying the app was not permitted to block Safari and the App Store itself. Apple was requiring “supervised mode” used by governments and large organizations, but the app timed out these applications based on parental controls, or when parents wanted the only browser on their kids’ phones to be the SPIN Safe Brower. The Boomerang app no longer has these features.
Today, Payeur says that parents are not aware that iOS includes screen time features because it’s buried in the device settings. Parents still have a mix of devices in their families, of course.
“Apple has shown that they will change their minds if there is negative press about them. These are some of the reasons why we continue to recommend Android devices for your kids first smartphone (and you can still control them from your iPhone!). … Any way you slice it, Apple continues to be anti-competitive,” Payeur wrote.
You might think it would be unwise for the owner of a small business to come out so vehemently against such a dominant player. So many developers count on their Apple relationship and the broad distribution it offers through its monopoly on apps on Apple devices to generate revenue. When it comes to Payeur, he told the MoginRubin Blog that he figures he has little to lose since he has turned his attention to Android and only updates his existing Apple apps.
“They neutered our app through all their guideline changes,” he said. “And people (parents) are unhappy that they can’t access on their iPhones the same or similar features that we offer on Android.”
“There are a lot of app developers and they are not multi-million businesses,” Payeur told us. “We provide these apps to do good. That was the biggest frustration. Apple labeled us as bad players with their user privacy angle. That rubbed me the wrong way. At no point did we create our service to [mine and sell user data]. We used Apple’s own technology, not ours, that’s used across the world. We got creative to create parental controls. They weren’t being up front.”
‘One of the most beloved companies in the world.’
The people at OurPact also addressed the David and Goliath nature of the playing field. They said they respect Apple as “one of the most beloved companies in the world,” but they “made a mistake” and “sometimes truth has to be spoken to power,” OurPact wrote. “Given that there are no privacy issues with properly vetted MDM apps like OurPact being on the App Store, we humbly request that we are reinstated and allowed to continue providing our million users with the service they love and depend on. If Apple truly believes that parents should have tools to manage their children’s device usage, and are committed to providing a competitive, innovative app ecosystem, then they will also provide open APIs for developers to utilize.”
Boomerang and OurPact are part of a group of developers who are calling for a Screen Time API, a cross-platform API that would allow developers to provide apps that monitor and control time spent on devices. “It aims to provide a generic API that can be used for a wide range of use cases, from personal health to remote parental controls to social media monitoring. It also aims to do this in a way that is respectful of the device owners privacy, by not providing more information than is necessary and using the platforms permissions system to access data.” The document they published shows how the API would look for iOS, MacOS and tvOS.
Global concerns.
Apple’s management of its store hasn’t just raised concerns in the U.S.
The European Commission recently began investigating whether Apple is fairly applying its rules. The investigations follow separate complaints by Spotify and by an e-book/audiobook distributor on the impact of the App Store rules on competition in music streaming and e-books/audiobooks. Margrethe Vestager, the EC’s competition policy chief, said, “Apple sets the rules for the distribution of apps to users of iPhones and iPads. It appears that Apple obtained a ‘gatekeeper’ role when it comes to the distribution of apps and content to users of Apple’s popular devices. We need to ensure that Apple’s rules do not distort competition in markets where Apple is competing with other app developers ….”
Even in Russia, not exactly a bastion for ethical behavior, Apple’s conduct came to the attention of the country’s Federal Antimonopoly Service when Russian antivirus software developer Kaspersky complained in March 2019. According to CNET and ZDNet, the Russian regulator last month found Apple abuses its power over iOS apps because iPhone and iPad owners must install them from Apple’s App Story. “Kaspersky alleged that it was forced to remove features like app control and Safari browser blocking from its Safe Kids iOS app to reduce its ability to compete with Apple’s own usage-monitoring Screen Time feature,” CNET reported. The irony of a Russian agency charging anyone with abusing power shouldn’t be lost on anyone.
Back in the USA, The Washington Post published an article last year titled, “How Apple uses its App Store to copy the best ideas.” In it, the paper wrote, “Developers have come to accept that, without warning, Apple can make their work obsolete by announcing a new app or feature that uses or incorporates their ideas. Some apps have simply buckled under the pressure, in some cases shutting down.”
Asked about this article, Payeur told us in an email, “The tough part is that apps are making money. Apple copies them and offers the same or similar functionality for free, built into their platform. It’s tough to compete with ‘good enough.'”
It’s especially tough when you’re developing apps on your own dime and can’t predict the changing rules of the game.
Edited by Tom Hagy for MoginRubin LLP.