iOS: If you’re having trouble finding a good parental control app in the iOS App Store, there’s a reason for that: MDM, or Mobile Device management. According to Apple, apps using MDM “incorrectly” pose serious security risk, and so the company is cracking down—but what does this actually mean?
What is Mobile Device Management?
Mobile Device Management (MDM) is a general term for any technology that allows one device to be controlled and/or monitored by another remotely. Parental control apps on iOS often rely on MDM as a means for controlling screen time, applying content filters, and collecting usage reports, because it’s the only way to obtain device permissions for these kinds of activities. Otherwise, your everyday app on the App Store can’t control your device to this great a degree.
This isn’t some newly implemented technology. MDM has been present on iPhone for years now, with Apple overseeing MDM certification for its devices and even controlling all MDM-based actions on iOS apps.
So why is Apple now so worried about apps using this feature in a way it wasn’t intended? The company now claims that apps with MDM can leave your personal data vulnerable and open to exploitation by hackers, hence the purging of parental control apps from the App Store.
On paper, the move makes sense. If an unwilling person is tricked into installing a certificate from a less-than-stellar app, they’ve just given over the keys to their digital kingdom—a privacy breach Apple would very much like to prevent.
“MDM does have legitimate uses. Businesses will sometimes install MDM on enterprise devices to keep better control over proprietary data and hardware. But it is incredibly risky—and a clear violation of App Store policies—for a private, consumer-focused app business to install MDM control over a customer’s device. Beyond the control that the app itself can exert over the user’s device, research has shown that MDM profiles could be used by hackers to gain access for malicious purposes,” reads a statement Apple published last last month.
Developers (try to) fight back
Several developers with parental control apps now affected by the new MDM policy have responded to Apple’s claims, and their arguments highlight some inconsistencies with Apple’s reasoning.
One app, OurPact, uses MDM to allow parents to set screen time limits on their child’s devices. OurPact’s developers released a statement using Apple’s own MDM documentation to refute the alleged security risks. You can read the full statement here, but the gist of the argument is that since Apple controls the entire MDM review process for iOS apps, properly vetted apps should not pose any of the risks Apple is warning against. As well, OurPact has been open about what it does and how it does it:
“OurPact’s core functionality would not be possible without the use of MDM; it is the only API available for the Apple platform that enables the remote management of applications and functions on children’s devices. We have also been transparent about our use of this technology since the outset, and have documented its use in our submissions to the App Store,” the company’s statement reads.
Some have suggested Apple’s actual reason for removing these MDM-enabled parental control apps is to curb potential competition with iOS 12’s screen time feature. However, other reports point out that many of the apps were purged for various other violations unrelated to MDM, like the prohibition on creating “an App that appears confusing similar to an existing Apple Product, interface, app, or advertising theme.”
If you ask us, the whole thi