Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Serves them right but it's hard to think that the facebook people who were in charge of the spying app wouldn't have considered this as a possible outcome. It probably won't affect them that much if they were already prepared for this to happen.


I'm guessing you haven't worked at a large corporation, especially one that explicitly says they value speed over correctness. My guess is the team involved in the research app got hold of the enterprise certs, and the teams on the other apps were unaware.


Facebook's Onavo Protect app (which this is a reskin of) was banned by Apple in June. I don't think they can claim ignorance here.


If you play with dogs, you can't be surprised when you get fleas.


I wasn't saying that everyone at facebook knew. But if you were one of the people in charge of the data tracking app, wouldn't you at least know that apple revoking the licence could be a possibility since you are explicitly breaching the agreement?

Not even trying to defend them. Just curious how much it will actually affect facebook.


You're assuming they knew that was a breach of the agreement... And I doubt the devs in question have ever read the agreement.

This is a company that had the motto "move fast and break things". They prefer to "fail forward" and push things live sooner rather than safer.

It doesn't surprise me at all that someone just saw that something was possible and did it without considering the consequences.


It’s pretty clear when you’re using an enterprise certificate, especially as an iOS dev. The whole process of building an app makes you very aware of code signing which is a pain felt by all iOS devs (it’s gotten more automated thru the years, but still..). I doubt anyone could claim ignorance.

Disclaimer: I work for apple, unrelated to all this.


Sample size of one, but I worked at a medium sized company that had an Enterprise certificate they used to distribute internal apps to internal employees, and the few individuals who were given the keys to sign these binaries were told the warning about what they could and could not do with them. It was made crystal clear that if we abused that cert, Apple could revoke it and put us into a world of pain.

If some rogue team just got ahold of the certificate and keys and signed binaries meant to be distributed to the public, it meant either a major internal security failure or a willful disregard of Apple’s policy on enterprise distribution.


The devs shouldnt be able to get important certs without justification. At that point someone should ask what they need it for, and doublecheck the license


But if you were one of the people in charge of the data tracking app, wouldn't you at least know that apple revoking the licence could be a possibility since you are explicitly breaching the agreement?

"Cleared by Legal" is (and has to be) a basic assumption when working on directed projects at real companies.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: