Facebook’s new Study app pays adults for data after teen scandal
Facebook shut down its Research and Onavo programs after TechCrunch exposed how the company paid teenagers for root access to their phones to gain market data on competitors. Now Facebook is relaunching its paid market research program, but this time with principles — namely transparency, fair compensation and safety. The goal? To find out which other competing apps and features Facebook should buy, copy or ignore.
Today Facebook releases its “Study from Facebook” app for Android only. Some adults 18+ in the U.S. and India will be recruited by ads on and off Facebook to willingly sign up to let Facebook collect extra data from them in exchange for a monthly payment. They’ll be warned that Facebook will gather which apps are on their phone, how much time they spend using those apps, the app activity names of features they use in other apps, plus their country, device and network type.
Facebook promises it won’t snoop on user IDs, passwords or any of participants’ content, including photos, videos or messages. It won’t sell participants’ info to third parties, use it to target ads or add it to their account or the behavior profiles the company keeps on each user. Yet while Facebook writes that “transparency” is a major part of “Approaching market research in a responsible way,” it refuses to tell us how much participants will be paid.
“Study from Facebook” could give the company critical insights for shaping its product roadmap. If it learns everyone is using screensharing social network Squad, maybe it will add its own screensharing feature. If it finds group video chat app Houseparty is on the decline, it might not worry about cloning that functionality. Or if it finds Snapchat’s Discover mobile TV shows are retaining users for a ton of time, it might amp up teen marketing of Facebook Watch. But it also might rile up regulators and politicians who already see it as beating back competition through acquisitions and feature cloning.
An attempt to be less creepy
TechCrunch’s investigation from January revealed that Facebook had been quietly operating a research program codenamed Atlas that paid users ages 13 to 35 up to $20 per month in gift cards in exchange for root access to their phone so it could gather all their data for competitive analysis. That included everything the Study app grabs, but also their web browsing activity, and even encrypted information, as the app required users to install a VPN that routed all their data through Facebook. It even had the means to collect private messages and content shared — potentially including data owned by their friends.
Facebook’s Research app also abused Apple’s enterprise certificate program designed for distributing internal use-only apps to employees without the App Store or Apple’s approval. Facebook originally claimed it obeyed Apple’s rules, but Apple quickly disabled Facebook’s Research app and also shut down its enterprise certificate, temporarily breaking Facebook’s internal test builds of its public apps, as well as the shuttle times and lunch menu apps employees rely on.
In the aftermath of our investigation, Facebook shut down its Research program. It then also announced in February that it would shut down its Onavo Protect app on Android, which branded itself as a privacy app providing a free VPN instead of paying users while it collected tons of data on them. After giving users until May 9th to find a replacement VPN, the Onavo Protect was killed off.
This was an embarrassing string of events that stemmed from unprincipled user research. Now Facebook is trying to correct its course and revive its paid data collection program but with more scruples.
How Study from Facebook works
Unlike Onavo or Facebook Research, users can’t freely sign up for Study. They have to be recruited through ads Facebook will show on its own app and others to both 18+ Facebook users and non-users in the U.S. and India. That should keep out grifters and make sure the studies stay representative of Facebook’s user base. Eventually, Facebook plans to extend the program to other countries.
If users click through the ad, they’ll be brought to Facebook’s research operations partner Applause’s website, which clearly identifies Facebook’s involvement, unlike Facebook Research, which hid that fact until users were fully registered. There they’ll be informed how the Study app is opt-in, what data they’ll give up in exchange for what compensation and that they can opt out at any time. They’ll need to confirm their age, have a PayPal account (which are only supposed to be available to users 18 and over) and Facebook will cross-check the age to make sure it matches the person’s Facebook profile, if they have one. They won’t have to sign and NDA like with the Facebook Research program.
Anyone can download the Study from Facebook app from Google Play, but only those who’ve been approved through Applause will be able to log in and unlock the app. It will again explain what Facebook will collect, and ask for data permissions. The app will send periodic notifications to users reminding them they’re selling their data to Facebook and offering them an opt-out. Study from Facebook will use standard Google-approved APIs and won’t use a VPN, SSL bumping, root access, enterprise certificates or permission profiles you install on your device like the Research program that ruffled feathers.
Different users will be paid the same amount to their PayPal account, but Facebook wouldn’t say how much it’s dealing out, or even whether it was in the ball park of cents, dollars or hundreds of dollars per month. That seems like a stern departure from its stated principle of transparency. This matters, because Facebook earns billions in profit per quarter. It has the cash to potentially offer so much to Study participants that it effectively coerces them to give up their data; $10 to $20 per month like it was paying Research participants seems reasonable in the U.S., but that’s enough money in India to make people act against their better judgement.
The launch shows Facebook’s boldness despite the threat of antitrust regulation focusing on how it has suppressed competition through its acquisitions and copying. Democrat presidential candidates could use Study from Facebook as a talking point, noting how the company’s huge profits earned from its social network domination afford it a way to buy private user data to entrench its lead.
At 15 years old, Facebook is at risk of losing touch with what the next generation wants out of their phones. Rather than trying to guess based on their activity on its own app, it’s putting its huge wallet to work so it can pay for an edge on the competition.
Powered by WPeMatico
Misfits Market raises $16.5 million for their ‘ugly’ produce subscription box
As grocery shopping moves online, one piece of the puzzle hasn’t been directly addressed: fresh fruits and vegetables. That also happens to be a category in which there is a ton of food waste, with a good deal of fruits and veggies never making it out of the grocery store to begin with.
Misfits Market has raised $16.5 million in Series A to handle just that.
Greenoaks Capital led the round, but Misfits isn’t disclosing other participants in the financing. Other Greenoaks Capital investments include Deliveroo, OYO, Clover Health, Brex and Discord.
Misfits Market offers a subscription box of “ugly” fruits and veggies, the ones with blemishes or odd shapes that make a grocery shopper think twice before checking out, each week.
Misfits sources these fruits and veggies straight from farms. This means that the extra time spent shipping them to a grocery store, and then sitting on shelves, is eliminated from the equation with Misfits.
The company currently operates in all zip codes in Pennsylvania, New York, New Jersey, Connecticut, Delaware, Massachusetts, Vermont, New Hampshire, Rhode Island, Maine and Ohio, with plans to expand into Washington, D.C., Maryland, Virginia, West Virginia, North Carolina, South Carolina, Georgia and Florida.
Currently, Misfits Market offers two different box options. The smaller box, called The Mischief, includes 10 to 12 pounds of fruits and veggies each week for $23.75 à la carte, or less than $20 as a weekly subscription. The Madness, Misfits’ bigger box, includes 18 to 20 pounds of fresh fruits and veggies for $42.50 as a one-time purchase, or for $34 as a subscription.
Users can pause their weekly subscription or cancel at any time.
CEO and founder Abhi Ramesh said the idea for Misfits Market started when he visited a farm a few years ago. The farmer was collecting apples that he said weren’t of the grade he could sell to grocery stores or farmers’ markets, and that they’d either be given away to neighbors or thrown away.
“That was my sort of romanticized light bulb moment,” said Ramesh.
He was fascinated and started interviewing farmers in the north east and asking them how much of their produce ended up going to waste because it wasn’t pretty enough for grocery stores. The answer was consistently between 20% and 40%.
Ramesh says there is an opportunity down the line to expand beyond fruits and veggies, but that for now the company is laser-focused on that category.
Since launching in 2018, Misfits has sent out 5 million pounds of produce that would have gone to waste otherwise.
Powered by WPeMatico
Colombian point-of-sale lender ADDI nabs $12.5 million from Andreessen Horowitz
Andreessen Horowitz <3 Latin American startups.
Latin America is the only region outside of the U.S. where the venture firm is routinely investing capital, and it just made another commitment, doubling down on its early-stage support for the point-of-sale lending startup ADDI.
ADDI picked up $12.5 million in new financing in April of this year as the company looks to expand its lending services online.
For an American audience, the closest corollary to what ADDI is up to is likely Affirm, the point-of-sale lender that’s raised a ton of cash and come in for some (valid) criticism for its basic business model.
Like Affirm, ADDI lets its borrowers apply for credit at the moment of purchase. The company likens its service to the layaway and credit plans that already exist in Colombia — but involve pretty onerous requirements to use. Company co-founder Santiago Suarez and Andreessen Horowitz general partner Angela Strange both commented on how, in some cases, Colombian shoppers have to have three people vouch for a borrower before a store will issue credit or agree to a layaway plan.
The difference between an ADDI loan — or any loan — and layaway is that an installment payment plan doesn’t charge interest (and even with the fees that installment plans do charge, they are often still cheaper than taking out a loan).
But financial products are coming for consumers in Latin America whether those buyers like it or not — and for the most part, it seems they do like it.
Historically, only the wealthiest clientele in Latin America received anything resembling the kinds of financial products that are more widely available in the United States, according to Strange. And the investment in ADDI is just part of her firm’s thesis in trying to make more services more broadly available in a region where a technological transformation is creating unprecedented opportunities for challengers.
That assessment is what drew Santiago Suarez back to Latin America only two years ago. A former executive at Lending Club who previously had worked as the head of New Product Development and Emerging Services at J.P. Morgan, Suarez saw the tremendous growth happening in Latin America and returned to Colombia to see if he could bring some much needed services to his home country.
Suarez partnered with his childhood friend, Elmer Ortega, who was working as the chief technology officer of the local hedge fund where he had previously been employed as a derivatives trader before learning how to code.
Together, the two men, who had known each other since they were five years old, set out to transform how credit was offered in retail shops. It’s an industry that Suarez had known well since his parents had owned stores.
“In the U.S. there are all of these gaps that fintech companies are filling,” says Suarez. “But the gaps in Latin America are bigger.”
Suarez and Ortega incorporated the company in September 2018, around the same time they raised $2.3 million from the regional investment firm, Monashees, Andreessen and Village Global . They then raised another $1.5 million in an internal round of financing before closing the most recent funding.
The company offers loans at annual percentage rates ranging from 19.99% to 28.90%. The company started with a digital solution for brick and mortar retailers because 90% of retail in Colombia still happens offline.
Although it’s in its early days, the company has already originated 10,000 borrowers and typically loans out roughly $500 since it launched on February 22, according to Suarez. He declined to comment on the company’s default rate on loans.
Now with 40 employees on staff, the company is looking to bring its lending tool to more e-commerce and physical retailers, according to Suarez. And despite the threat of cyclical political turmoil, Suarez says there’s no better time to be investing in Colombia.
“It’s the most stable country outside of Chile… Way more stable than Brazil, way more stable than Argentina and way more stable than Mexico,” Suarez says. “What we’re looking at is more than cyclical instability… those things go beyond that. Nubank was able to build a multibillion business in the worst political and economic crisis in Brazil’s history. I think Colombia is an incredibly attractive space with a deep talent pool.”
Powered by WPeMatico
Embraer’s new EmbraerX eVTOL concept is accessible, autonomous and courteous
Short-distance commuter air travel has come a long way in the past few years — at least when it comes to concepts. The latest vision from Embraer of how we’ll get around in the city skies of the (near?) future involves some of what we’ve already seen, and highlights a few things that make clear where it’s focusing its priorities — namely, on community adoption and acceptance.
The concept created by EmbraerX, which is aircraft maker Embraer’s market acceleration and innovation arm, features electric power, as well as vertical take-off and landing (the “eVTOL” piece of the puzzle). It’s optimized for a ridesharing model, and is focused on “user experience” as well as “making the aircraft easily accessible to everyone,” according to the company.
It includes redundant flight systems for safety, as well as an intentional effort to reduce overall noise output with an eight rotor system that distributes lift across the span of the vehicle’s body. The introductory video highlights how the concept vehicle can accommodate passengers who user wheelchairs, and there’s both fly-by-wire control for today, as well as all the technology on board needed for autonomous operation once the tech is ready.
No word on target timelines for bringing these to the actual skies, but this looks a lot more technically feasible when compared to existing aircraft, beyond maybe an electric drivetrain that can provide the kind of lift needed for transporting what looks like up to four passengers, and doing so reliably and consistently.
Powered by WPeMatico
Welcome’s new app will do your travel planning for you
Welcome is a new app that CEO Matthew Rosenberg said is designed for a more spontaneous approach to traveling.
“What we’re going after is these millennials [and] Gen Z travelers who feel comfortable going in the moment,” Rosenberg told me. “Eighty-five percent of people aren’t even looking at activities before they arrive.”
So instead of asking travelers to create their own itineraries by browsing through a list of recommendations and reviews, Welcome builds the itinerary for them. When you’re planning to visit a destination, or when you’ve arrived and you’re wondering what to do, you can open Welcome and browse through a list of potential locations and activities, indicating which ones interest you. You also can browse recommendations from local experts, or ask for tips from your friends.
Welcome then uses your responses to create a schedule for you, consisting both of places you’ve explicitly said you want to visit and of things that would probably be of interest. The itineraries are also based on location, with different travel options like taking an Uber or Lyft, mass transit or walking.
Most intriguingly, the itineraries adjust in real time — if one of the items on the list doesn’t interest you, you can swipe to skip it, and Welcome will automatically fill in the gap with new activities. Or if you find a great spot where you want want to spend the whole afternoon, the app will once again adjust. Rosenberg said it’s even pulling in weather data, so “if we were going to send you to a park in the afternoon, and at lunch it starts raining, we can replace it with a museum.”
He acknowledged that this approach might be less suited for travelers who like to plan everything in advance — but even then, he noted, “The truth is, for all the planning that happens, most people’s plans tend to fall apart in the moment. Something always changes, some alley you want to go down, some boat you want to take, some sort of adventure that if you didn’t take it, you’d regret. That’s what we’ve really tried to embrace.”
Rosenberg added that the app could eventually introduce new ways for users to more explicitly filter the results based on their preferences — say, if they’re particularly interested in theater or museums, or if they’re on a tight budget.
Welcome says it already offers recommendations in more than 250 cities worldwide.
It’s a free app, and Rosenberg said the focus is on growth, not monetization. While he plans to make money by driving purchases and transactions, he said Welcome will never be advertising-driven. “Everything we show you is authentic. No one’s paying us to send you to some mediocre restaurant.”
The startup was founded by Rosenberg (who previously founded video app Cameo) and Peter Gerard, and has raised $1.2 million in seed funding led by 3 Rodeo.
“What we use today in travel is rooted in this old-school style of thinking,” Rosenberg said. “What I mean by that is, most travel sites put a bunch of pins on a map, but it’s still up to you to look around and figure out what to do. I don’t think anyone’s really thought: How can we take advantage not only of the mobile device, but really the data that’s out there right now … No one’s really built tools for our generation.”
Powered by WPeMatico
UK carriers warn over ongoing Huawei 5G uncertainty: Report
UK mobile network operators have drafted a letter urging the government for greater clarity on Chinese tech giant Huawei’s involvement in domestic 5G infrastructure, according to a report by the BBC.
Huawei remains under a cloud of security suspicion attached to its relationship with the Chinese state, which in 2017 passed legislation that gives authorities more direct control over the operations of internet-based companies — leading to fears it could repurpose network kit supplied by Huawei as a conduit for foreign spying.
Back in April, press reports emerged suggesting the UK government was intending to give Huawei a limited role in 5G infrastructure — for ‘non-core’ parts of the network — despite multiple cabinet ministers apparently raising concerns about any role for the Chinese tech giant. The UK government did not officially confirmed the leaks.
In the draft letter UK operators warn the government that the country risks losing its position as a world leader in mobile connectivity as a result of ongoing uncertainty attached to Huawei and 5G, per the BBC’s report.
The broadcaster says it has reviewed the letter which is intended to be sent to cabinet secretary, Mark Sedwill, as soon as this week.
It also reports that operators have asked for an urgent meeting between industry leaders and the government to discuss their concerns — saying they can can’t invest in 5G infrastructure while uncertainty over the use of Chinese tech persists.
The BBC’s report does not name which operators have put their names to the draft letter.
We reached out to the major UK mobile network operators for comment.
A spokesperson for BT, which owns the mobile brand EE — and was the first to go live with a consumer 5G service in the UK last month — told us: “We are in regular contact with UK government around this topic, and continue to discuss the impact of possible regulation on UK telecoms networks.”
A Vodafone spokesperson added: “We do not comment on draft documents. We would ask for any decision regarding the future use of Huawei equipment in the UK not to be rushed but based on all the facts.”
At the time of writing Orange, O2 and 3 had not yet responded to requests for comment.
A report in March by a UK oversight body set up to evaluate Huawei’s security was damning — describing “serious and systematic defects” in its software engineering and cyber security competence, although it resisted calls for an outright ban.
Reached for comment on the draft letter, a spokesperson for the Department for Digital, Culture, Media and Sport told us it has not yet received it — but sent the following statement:
The security and resilience of the UK’s telecoms networks is of paramount importance. We have robust procedures in place to manage risks to national security and are committed to the highest possible security standards.
The Telecoms Supply Chain Review will be announced in due course. We have been clear throughout the process that all network operators will need to comply with the Government’s decision.
The spokesperson added that the government has undertaken extensive consultation with industry as part of its review of the 5G supply chain, in addition to regular engagement, and emphasized that it is for network operators to confirm the details of any steps they have taken in upgrading their networks.
Carriers are aware they must comply with the government’s final decision, the spokesperson added.
At the pan-Europe level, the European Commission has urged member states to step up individual and collective attention on network security to mitigate potential risks as they roll out 5G networks.
The Commission remains very unlikely to try to impose 5G supplier bans itself. Its interventions so far call for EU member states to pay close attention to network security, and help each other by sharing more information, with the Commission also warning of the risk of fragmentation to its flagship “digital single market” project if national governments impose individual bans on Chinese kit vendors.
Powered by WPeMatico
Workhorse gets $25 million needed to finish electric delivery van
Workhorse Group, the electric vehicle company that grabbed headlines last month over a proposed deal to buy General Motors’ Lordstown, Ohio factory, has raised $25 million from a group of unnamed investors.
The money will not go toward the factory. Instead, it will be used for the more pressing matter of keeping the company running. Under terms of the deal, investors will receive preferred stock and warrants to buy shares. An annual dividend will be paid out in shares of Workhorse stock.
The Cincinnati-based company is small, with fewer than 100 employees. Its biggest problem isn’t ideas or even product pipeline; it’s capital.
Workhorse has struggled financially at various points since its founding in 1998. The company reported just $364,000 in revenue in the first quarter, down from $560,000 in the same period last year. As of March 30, 2019, the company had cash, cash equivalents and short-term investments of $2.8 million, compared to $1.5 million as of December 31, 2018.
Workhorse borrowed $35 million from hedge fund Marathon Asset Management earlier this year.
Workhorse, which was once owned by Navistar and sold in 2013 to AMP Holding, has a customer pipeline for its electric trucks that includes UPS. It’s also hoping to win a contract with the United States Postal Service.
But it needs capital to scale up. The funding gives Workhorse the capital to deliver on its existing backlog and produce its N-GEN delivery van, according to CEO Duane Hughes.
“We now have all necessary pieces in place to bridge Workhorse into full-scale N-GEN production and are looking forward to commencing the manufacturing process, in earnest, during the fourth quarter of this year,” Hughes said in a statement.
Meanwhile, GM has been in talks since early 2019 to sell its Lordstown vehicle factory in Ohio to Workhorse Group. GM’s Lordstown factory stopped producing the automaker’s Chevrolet Cruze in March; without any new vehicles slated for the factory, workers were laid off.
Under the potential Lordstown deal, a new entity led by Workhorse founder Steve Burns would acquire the facility. Workhorse would hold a minority interest in the new entity. This new entity would allow Workhorse to seek new equity without diluting existing shareholder value.
Workhorse would build a commercial electric pickup at the plant if the deal goes through, Hughes has said.
Powered by WPeMatico
Lilium, the ambitious German air taxi company, picks London for its new software engineering base
Lilium, the ambitious Munich-based startup developing an all-electric vertical take-off and landing (VTOL) device, has announced that London is to be its new software engineering base, flying in the face of Brexit, you may well say. This, says the company, will create “hundreds of high-end software engineering roles” in the U.K. capital city over the next five years.
Alongside designing and manufacturing a new type of jet, Lilium plans to launch a fully vertical “air taxi” service by 2025, which will require consumer-facing “hailing” apps and sophisticated software for fleet management, including maintenance, and scheduling flights on-demand. That system also will need to integrate with existing air traffic control regulations and systems, all of which isn’t trivial, to say the least.
The announcement comes in the slipstream of Lilium unveiling a new five-seater prototype and a maiden flight last month. This saw the full-scale, full-weight prototype successfully take off and land, following extensive ground testing.
Meanwhile, the German startup is disclosing a trio of new senior hires, including the appointment of Carlos Morgado, former chief technology officer (CTO) at Just Eat, to lead the development of the new London software engineering team as VP, Digital Technology.
In addition, Lilium has appointed Anja Maassen van den Brink as chief people officer (CPO), and Luca Benassi as chief development engineer. Maassen van den Brink joins Lilium from VodafoneZiggo. Benassi is said to bring more than 20 years of experience in the aerospace sector, having worked at NASA, Boeing and, most recently, Airbus, where he was a senior expert and head of Acoustics and Vibration.
Commenting on the choice of London as a base for the engineering team, Remo Gerber, chief commercial officer (CCO), comments: “Achieving our aims will require us to build one of the world’s most innovative and high-performing software engineering teams. While we recognize that talent is global, London offers us access to a rich talent pool and an environment that’s well-suited to delivering the extraordinary.”
Of course, how rich that talent pool will remain after Brexit is yet to be seen. But for now it’s clear that Lilium believes that long-term London has more upsides than downsides, regardless of the current Brexit impasse.
Powered by WPeMatico
Here are the trailers from Ubisoft’s E3 press conference
For a press conference that spent most of the first half on a single title (Watch Dogs: Legion), Ubisoft’s E3 press conference was surprisingly packed on the news front. We got a new subscription service, a TV show and even an upcoming film. As always though, games were the real focus here — and there were plenty.
Here’s the best of what we saw at today’s big event.
Watch Dogs: Legion – Easily the biggest and arguably the most exciting reveal from the event, the open world, character swapping game got a lengthy walkthrough at the show. The title is set for arrival in March 2020.
Assassin’s Creed: Odyssey – The popular title gets a new trailer for its new story mode.
Brawlhalla – The free-to-play fighting game gets two familiar faces from Adventure Time.
Tom Clancy’s Ghost Recon Breakpoint – The latest tactical shooter to bear Tom Clancy’s name is due out October 4.
Rainbow Six Quarantine – This three-player FPS is due out in 2020.
Tom Clancy’s Elite Squad – Tom Clancy goes mobile in five player battles.
Roller Champions: This free-to-play game takes on the colorful world of roller derby.
Gods & Monsters: The creators of Assassin’s Creed Odyssey take on the world of Greek myth with this February 2020 title.
Powered by WPeMatico
Apple is making corporate ‘BYOD’ programs less invasive to user privacy
When people bring their own devices to work or school, they don’t want IT administrators to manage the entire device. But until now, Apple only offered two ways for IT to manage its iOS devices: either device enrollments, which offered device-wide management capabilities to admins or those same device management capabilities combined with an automated setup process. At Apple’s Worldwide Developer Conference last week, the company announced plans to introduce a third method: user enrollments.
This new MDM (mobile device management) enrollment option is meant to better balance the needs of IT to protect sensitive corporate data and manage the software and settings available to users, while at the same time allowing users’ private personal data to remain separate from IT oversight.
According to Apple, when both users’ and IT’s needs are in balance, users are more likely to accept a corporate “bring your own device” (BYOD) program — something that can ultimately save the business money that doesn’t have to be invested in hardware purchases.
The new user enrollments option for MDM has three components: a managed Apple ID that sits alongside the personal ID; cryptographic separation of personal and work data; and a limited set of device-wide management capabilities for IT.
The managed Apple ID will be the user’s work identity on the device, and is created by the admin in either Apple School Manager or Apple Business Manager — depending on whether this is for a school or a business. The user signs into the managed Apple ID during the enrollment process.
From that point forward until the enrollment ends, the company’s managed apps and accounts will use the managed Apple ID’s iCloud account.
Meanwhile, the user’s personal apps and accounts will use the personal Apple ID’s iCloud account, if one is signed into the device.
Third-party apps are then either used in managed or unmanaged modes.
That means users won’t be able to change modes or run the apps in both modes at the same time. However, some of the built-in apps like Notes will be account-based, meaning the app will use the appropriate Apple ID — either the managed one or personal — depending on which account they’re operating on at the time.
To separate work data from personal, iOS will create a managed APFS volume at the time of the enrollment. The volume uses separate cryptographic keys which are destroyed along with the volume itself when the enrollment period ends. (iOS had always removed the managed data when the enrollment ends, but this is a cryptographic backstop just in case anything were to go wrong during unenrollment, the company explained.)
The managed volume will host the local data stored by any managed third-party apps along with the managed data from the Notes app. It also will house a managed keychain that stores secure items like passwords and certificates; the authentication credentials for managed accounts; and mail attachments and full email bodies.
The system volume does host a central database for mail, including some metadata and five line previews, but this is removed as well when the enrollment ends.
Users’ personal apps and their data can’t be managed by the IT admin, so they’re never at risk of having their data read or erased.
And unlike device enrollments, user enrollments don’t provide a UDID or any other persistent identifier to the admin. Instead, it creates a new identifier called the “enrollment ID.” This identifier is used in communication with the MDM server for all communications and is destroyed when enrollment ends.
Apple also noted that one of the big reasons users fear corporate BYOD programs is because they think the IT admin will erase their entire device when the enrollment ends — including their personal apps and data.
To address this concern, the MDM queries can only return the managed results.
In practice, that means IT can’t even find out what personal apps are installed on the device — something that can feel like an invasion of privacy to end users. (This feature will be offered for device enrollments, too.) And because IT doesn’t know which personal apps are installed, it also can’t restrict certain apps’ use.
User enrollments will also not support the “erase device” command — and they don’t have to, because IT will know the sensitive data and emails are gone. There’s no need for a full device wipe.
Similarly, the Exchange Server can’t send its remote wipe command — just the account-only remote wipe to remove the managed data.
Another new feature related to user enrollments is how traffic for managed accounts is guided through the corporate VPN. Using the per-app VPN feature, traffic from the Mail, Contacts and Calendars built-in apps will only go through the VPN if the domains match that of the business. For example, mail.acme.com can pass through the VPN, but not mail.aol.com. In other words, the user’s personal mail remains private.
This addresses what has been an ongoing concern about how some MDM solutions operate — routing traffic through a corporate proxy meant the business could see the employees’ personal emails, social networking accounts and other private information.
User enrollments also only enforces a six-digit non-simple passcode, as the MDM server can’t help users by clearing the past code if the user forgets it.
Some today advise users to not accept BYOD MDM policies because of the impact to personal privacy. While a business has every right to manage and wipe its own apps and data, IT has overstepped with some of its remote management capabilities — including its ability to erase entire devices, access personal data, track a phone’s location, restrict personal use of apps and more.
Apple’s MDM policies haven’t included GPS tracking, however, nor does this new option.
Apple’s new policy is a step toward a better balance of concerns, but will require that users understand the nuances of these more technical details — which they may not.
That user education will come down to the businesses that insist on these MDM policies to begin with — they will need to establish their own documentation, explainers, and establish new privacy policies with their employees that detail what sort of data they can and cannot access, as well as what sort of control they have over corporate devices.
Powered by WPeMatico