Right. I love hating on FB as much as the next person but the stronghold Apple has over the hardware is absolutely unreal. Imagine buying $10M worth of iPhones every year for your workforce and then Apple pulling your critical software because there's no alternative way to side load apps for the market research department. Which, by the way, might be a bit scummy but as far as I can see theres no indication they have broken any laws there either.

Makes you wonder who really owns the phone?

I don't agree.

FB can still side load apps all they want, they just can't do it on an enterprise scale like they currently do because they've abused their enterprise agreement.

This is not different than abusing (say) Microsofts MSSQL to host on a 10,000 core machine when you have a 2 core license.

"Who really owns the phone" is a misnomer, because you've licensed the OS. The physical hardware is of course yours but the OS remains property of Apple, your data remains the property of you. This is especially clear if you take the time to read the EULA. (Although EULA's have questionable legality in many parts of the world)

It’s a very good point that a less efficient way to side load apps onto an iPhone exists.

The enterprise cert program and associated software and infrastructure allows efficient internal side-loading under specific licensing conditions. If you break the license you don’t get to keeping using the product just because you bought the hardware that that licensed software happens to run on!

What less efficient way to side load apps exist? Flying the person to FB HQ and plugging their phone into a developers machine by USB? Yeah, right.

No, collecting UDIDs and using (multiple) standard developer accounts.

With TestFlight you don't even need to collect UDIDs or even email accounts anymore. And that's 10,000 users per app.

TestFlight requires going through a partial app review processes.

True. I'm surprised the enterprise app doesn't involve the same review.

It shouldn't involve the same review. Apps internal to a company might break some rules set by Apple, but are agreed to by the employee in question via their contract or consent. The whole point of the enterprise distribution system is to easily distribute apps inside your organization.

Facebook clearly abused the distribution system here.

> Which, by the way, might be a bit scummy but as far as I can see theres no indication they have broken any laws there either.

It broke the agreement they made with Apple to get the key and as such Apple revoked the key. It seems very cut and dry to me.

FB first broke their appstore agreement with Apple (resulting in the app getting kicked out of the appstore), then violated another agreement, which was subsequently cancelled by Apple.

My point is Apple offers no alternative.

Why should they? Facebook went out of their way to abuse the rules, but should get an exception because they buy a lot of iPhones?

You don't understand what parent comment is saying ... it complains Apple's closed environment not allowing of any apps to be installed in anyone's phone unless app is downloaded from AppStore.

> Apple's closed environment not allowing of any apps to be installed in anyone's phone unless app is downloaded from AppStore

Except the enterprise distribution which is what Facebook fucked up by breaking the rules. You have to try really hard to get that revoked, Facebook did and now they're in a tough spot. This is fine.

I don't think anybody's suggesting that Facebook should be an exception - rather, it would be good if Apple allowed everybody to sideload iphone apps (other than enterprise and developer keys, which are both great for their niche but not general-purpose)

Apple should offer an alternative way to load apps onto the phones that Facebook paid for that can't be revoked.

The market has no alternative is the real story here

TINA (there is no alternative)

Some people buy iphone precisely because Apple does things like this, and they want effective privacy settings enforced on their device.

But yeah, it does still make you wonder...

Why does Facebook need to use native apps for employee shuttle and information portal? They could use a web page or PWA saved to the phone's home screen.

iOS deliberately has no notification options available for PWAs and various other shortcomings to push people into the app store. I imagine internal enterprise apps need those.

People like native apps. This isn't just Facebook; other companies in the valley do the same thing.

> Apple's power on device owned by customers is ridiculous

It's a feature I appreciate. Malware is a serious problem and one I'd rather not deal with on my phone.

I don't think anybody is forcing you to avoid the app store? Your love of curated app-stores and other people's love of side-loading aren't mutually exclusive...

If you tell the average user they need to sideload your app to access some free content, they will happily click past any number of scary warnings. I personally would appreciate being able to sideload, but there’s a reason iPhones don’t get laden with crapware in the hands of someone inexperienced with tech the way that desktop computers do. Does that mean we shouldn’t support sideloading? No idea. But there are trade offs.

It is as soon as several must-have apps (say, the ones all your friends and family use to communicate) are side-load only. If they allow other channels to install apps and make them easy enough that non-nerds can do it, network effects will quickly make it de facto necessary to run at least some apps from outside the app store.

iPhone users pay a premium to have a third party evaluate apps before they’re out on the App Store. If they wanted to do the evaluation themselves, they wouldn’t pay that premium.

> iPhone users pay a premium to have a third party evaluate apps before they’re out on the App Store.

And I appreciate that they provide that service and happily pay premium for it.

But I'd still like a way to load apps that they don't approve.

I would like the ability as well, but I can see the argument against it. If you provide that vector, there will be plenty of people trying to attack it. If you are staking a claim on privacy and security, you want to minimize the number of attack vectors on your devices.

Download XCode, compile the app yourself, load it onto your phone. Now you have apps on your phone that do not need Apple approval.

What if I want to install closed source apps?

Then don't buy an iPhone?

I don't understand why people keep bringing up this point.

Yes, it's your phone but it's not your app store. One can use an iPhone without ever opening the app store.

That level of control is exactly one of the reasons why I don't buy devices from Apple. If FB think they can use iPhones and mess with Apple's licensing terms they are very delusional. Hopefully this was (another) wake up call for everybody.

I agree, but try using an Apple TV without an account...

> Apple's power on device owned by customers is ridiculous

It's a feature.

FB Employees do get the choice of either 2 Android phones (a Galaxy S9 or a Pixel 3, IIRC) or an iPhone so I'd wager they're just going to make a build system for their iPhone employees to sideload the apps through their internal build process or something.

You can only sideload to devices that are registered in your Apple Developer account, and there's a 100-count limit per each device class (iPhone/iPad, i.e.). This doesn't seem feasible.

Another option is TestFlight, but for devices that aren't registered (so-called "external beta") the app has to go through some App Store review.

That's true, don't know how their developer accounts work.

I guess then they'll have to beg for forgiveness or just spin the native apps into web apps. I feel sorry for their Enterprise Engineering team!

Does this mean there is ultimately no way of running your own code on your iDevices without first going through Apple?

Essentially, yes. The OS enforces that an app bundle is signed by a cert that was issued by Apple.

Without going through Apple at all, the only option is jailbreaking, to bypass the signing check. No one's figured out (publicly) how to jailbreak the last two major versions, though, as far as I know (there were some jailbreaks that worked for iOS 11 betas).

Another option still involves getting a cert from Apple, but it's free. You just need to create an Apple ID. The limitation here is that you have to re-install the app (IIRC) every seven days.