It all started in 2015 when we became early innovators and offered parental control for Apple iOS devices using Apple’s own Mobile Device Management (MDM) frameworks. Boomerang Parental Control offered parents remote control of iOS device screen time, age and content restrictions, purchasing restrictions, safe browsing, and location tracking but our Apple app continued to be inferior to our Android app. The limitations were due to how iOS didn’t provide the flexibility for an approved third party app to control other areas of iOS for the purposes of security or parental controls. At this time, Apple’s own parental controls were very rudimentary. So after 2 years of user feedback and my own experience with what was possible on iOS vs Android, I thought it would be smart and strategic to email my thoughts, frustrations and user feedback to Tim Cook, CEO of Apple. Similar to Steve Jobs, Tim welcomes direct feedback to his work email (firstname.lastname@example.org). My emails never bounced. The goal was to bring light to the limited parental controls built-in iOS and to also offer suggestions on how to improve things for both iOS and third party apps like Boomerang Parental Control.
Here are my three original emails that I shared in my Medium blog post.
The key points I made were:
- Screen Time controls – device and app level
- Safe Browsing – the adult filter in iOS is OK but doesn’t handle the nuances of filtering inappropriate websites
- iOS onboarding for parental controls when first setting an iPhone/iPad
- Improved support for controls via Device Profile (MDM) for third parties like us
I never received a reply but maybe there’s an element of “watch what you wish for” in the following experience.
In January 2018, a significant group of Apple investors went public with Apple’s lack of compelling parental controls. This started a public conversation about Apple improving this area in an upcoming iOS update. We thought “great, validation for what we’ve been building!”. Tim Cook then came out and mentioned how he didn’t want his own nephew on social media platforms and how he didn’t support overuse of technology. In a way admitting devices had addictive properties – what we knew already existed.
Fast forward to Apple’s annual Worldwide Developer Conference in June 2018, Apple formally announced its screen time features that would be built into their upcoming iOS update (iOS 12). Apple mainly added the same key features missing in iOS that I had shared in my emails to Tim. Apple did not provide any improvements to third party options to leverage these new controls. Most apps installed on iOS can integrate with app permissions (like Camera, Contacts, Location, etc).
In late July 2018, we pushed an app update for review to the App Store Review Team. This update brought new features to our Parent Mode and fixed a few bugs. Typically app approval came within a few days. When almost 2 weeks went by without any status updates, I started to get concerned. We finally received a message for the App Review team on Aug 12th which said that they needed more time to review our app. Here’s a timeline of the events starting with our app submissions on July 31st 2018.
TIMELINE OF KEY EVENTS – PART 1
July 31st 2018 – Our app update is submitted to Apple’s App Review team for review. It contained app limits for Android child devices from iOS Parent Mode and a few bug fixes.
August 12th 2018 – Message from Apple’s App Review team via their Resolution Centre – Your app, Boomerang Parental Control (1053543710), does not comply with one or more App Review Guidelines. The actual message simply said:
Aug 16th, 2018 – I pushed a new app update that fixed a few bugs (we were not approved yet).
Aug 20th, 2018 – Another resolution Centre message from Apple’s App Review team. The message stated they wanted to talk. I called them back and the Apple representative was now starting that the use of Mobile Device Management was no longer being allowed. I requested more information where in the guidelines this was mentioned as there was none at the time except for a very vague statement about “App Performance”. We had a couple new bugs to fix so I published another update for review.
Aug 27th, 2018 – New Resolution Centre message “we continue to find that the app installs mobile device management (MDM) profiles for unapproved purposes, which is not allowed on the App Store. Specifically, your app blocks or restricts access to third-party apps using MDM.” I decided to file an appeal with the App Review Board.
Sept 3rd 2018 – Following my appeal, it was rejected and confirmed the original August 27th 2018 reason was still valid for rejection. The exact wording from this email was:
Your app installs MDM profiles for parental control, which is not appropriate for the App Store. It would be appropriate to remove this feature from your app before resubmitting for review.
Apple’s guideline at the time said the following:
2.5.1 Apps may only use public APIs and must run on the currently shipping OS. Learn more about public APIs. Keep your apps up-to-date and make sure you phase out any deprecated features, frameworks or technologies that will no longer be supported in future versions of an OS. Apps should use APIs and frameworks for their intended purposes and indicate that integration in their app description. For example, the HomeKit framework should provide home automation services; and HealthKit should be used for health and fitness purposes and integrate with the Health app.
Firstly, this was the first mention of specific wording targeting the use of MDM profiles for parental control. We did not use any private APIs or any framework in unintended uses. So our internal conclusion at this time was simple: Apple wanted us out of the App Store and the timing was very suspect as iOS 12 with Screen Time controls was about to get released with the launch of their new iPhones.
Sept 4th 2018 – we started work on the necessary changes to remove the prompt for the Device Profile installation. We pushed the update to Apple’s App Review team.
Sept 5th, 2018 – Boomerang Parental Control is In Review
Sept 10th, 2018 – Rejected because they wanted additional information about our app in relation to:
- Is the app still in use of an MDM profile? (at this time we no longer did)
- If not, how is it delivering device control such as hours of use and app specific restrictions?
- Your app uses the “prefs:root=” non-public URL scheme, which is a private entity (this is what all other apps were using to allow you the parent to get forwarded to iOS Settings to complete the installation of the Device Profile after the app was installed).
We still mentioned screen time features that parents can control Android devices when they set up their child’s iOS device. Apple didn’t like this as per this guideline:
1.1.6 False information and features, including inaccurate device data or trick/joke functionality, such as fake location trackers. Stating that the app is “for entertainment purposes” won’t overcome this guideline. Apps that enable anonymous or prank phone calls or SMS/MMS messaging will be rejected.
We cannot mention Android in any of our App Store descriptions as it violates Apple’s metadata guidelines.
Sept 12th 2018 – We continued making the required changes and pushed those final changes to review.
Sept 14th, 2018 – So about a month and a half later, our updated app was approved by Apple and ready to be released. This update removed all key features around app controls and device screen time schedules. Boomerang Parental Control at this time officially no longer provided app and screen time controls for iOS child devices. We continued to develop and improve our Parent Mode as a good percentage of our users are parents with iPhones and kids with Android devices.
Oct/Nov/Dec 2018 – Our app revenues declined, the user feedback was negative and yet many competitors still had their unchanged app with MDM still live on the App Store.
In early December 2018, TechCrunch published an article which summarized the 2018 challenges for third party iOS parental control apps. The challenges also extended to digital wellbeing apps as well such as Moment and Space. Meanwhile, I was already in touch with a few iOS parental control competitors and they confirmed their experience with Apple matched ours.
Fast forward to April 27th 2019, the New York Times published an article sharing Apple’s anti-competitive approach towards third party control apps. This one got Apple’s attention. Apple replied aggressively to this article in a press release stating several parental control apps “…put users’ privacy and security at risk.” They didn’t name names, and of the ones I was in touch with, none were a privacy or security risk. Apple’s reason? Apple stated “MDM gives a third party control and access over a device and its most sensitive information including user location, app use, email accounts, camera permissions, and browsing history.”. What wasn’t mentioned was, Boomerang Parental Control used a lighter version of the Device Profile Management and was only able to control things like age ratings and a few other app preferences like hiding Safari or the Camera/Facetime apps. Location tracking was done by proper requests via our app’s permission request (like all other apps). Apple further stated that “…this isn’t a matter of competition. It’s a matter of security.”. Which is also their opinion vs our experience. Apple in fact continued their privacy marketing after this following their billboard at CES 2019 about “what happens on your iPhone, stays on your iPhone” which is in fact false.
Meanwhile, a few conversations had already occurred with some of our competitors and we all wanted to bring clarity on Apple’s comments and awareness to the experience Apple provided to our group. This was not about user privacy/security. Our alignment resulted in the creation of a draft proposal written to provide requirements for an API (fancy techie term that really stands for allowing two pieces of software to communicate with each other). This would allow our apps to communicate with secure and approved methods (so removing the need for a Device Profile) – screentimeapi.com was created.
In May 2019, OurPact (one of our competitors also fighting the argument vs Apple), wrote a very detailed timeline of their own experience with Apple in this Medium post.
On June 3rd 2019, at Apple’s WWDC, there were no announcements to improvements of any screen time feature updates in iOS13. By this time, the media had shared the New York Times article and various versions of it leading to WWDC. Thanks to the keen eye of one of our competitors, he noticed Apple had in fact made an update in their App Store guidelines mentioning “Mobile Device Management Apps that offer Mobile Device Management (MDM) services must request this capability from Apple. Such apps may only be offered by commercial enterprises (such as business organizations, educational institutions, or government agencies), and in limited cases, companies using MDM for parental control services.” This meant, the past year was pretty much a waste as Apple was not offering a new method but just allowing the previous approaches but with a screening process. In the meantime, The New York Times wrote a follow up article announcing this silent change. Also note, Apple didn’t make any changes in their technology to support their own claim about user privacy and security. They just added a new screening process.
TIMELINE OF KEY EVENTS – PART 2
June 12th 2019 – I received a call from the App Review contact I had previously been in touch with. It was a proactive follow up asking if we were planning to re-submit our app. I obviously replied yes. There was a new process that now required a completed Mobile Device Management Capability form for app developers using a Device Profile. To my knowledge, only apps using MDM for parental controls had to do this. None of the enterprise MDM used in schools/businesses required this form.
July 11th 2019 – We push our app update that brings back MDM.
July 12th, 2019 – Boomerang Parental Control gets approved with MDM. We held off releasing as we wanted to now align the launch with back to school in August.
Aug 2st, 2019 – a message was received from the App Store Review team. I was away so didn’t get back to this message. A bit of phone tag occurred afterwards.
Aug 9th, 2019 – App Review team sends a message mentioning that our app is in violation and could get taken down from the app store in 90 days. I inform the representative that our app is in Pending Developer Release, was approved on July 12th and we are holding off releasing until back to school. Now the reason for Boomerang Parental Control’s violation this time was the MDM Approval form wasn’t approved as our app contained Google Analytics, an analytics platform that many apps on the App Store still use today for app crashes, screen usage and more. Apple has no alternative to this technology. Her claim was that Google Analytics could grab sensitive MDM information. This was false, our code didn’t have any such information being shared in our app or backend services with Google Analytics for MDM related purposes.
Aug 23rd, 2019 – we pushed an update that removes Google Analytics from our app. Got thanks by the App Review team and they would review as soon as possible.
Sept 5th 2019 – Got another call from the App Review team and now the violation was Google Firebase. The exact wording in the message was “Apps offering MDM services may not sell, use, or disclose to third parties any data for any purpose.” Also note that everytime we sent a new update, I had to redo the Mobile Device Management Capability form. Frustration level was increasing at this point.
Sept 6th, 2019 – I replied confirming what we used Google Firebase for: app crashes to monitor the health of our app (again Apple has no alternatives to this) and a database service for our Family Messenger feature that handles app approval/general family communication. I had also confirmed this with the support team at Google Firebase.
Sept 10th, 2019 – No answer so I followed up.
Sept 11th, 2019 – Received a voicemail… the App Review team was asking for additional clarity on Google Firebase.
Sept 12th, 2019 – I reiterated what was collected in the crash report via Google Firebase. I even reviewed the privacy policies and it clearly said no user data was being stored anywhere. I also went into further detail of what our Family Messenger feature leveraged in Google Firebase.
Sept 16th, 2019 – Still waiting for a reply… sent a follow up message. I also shared further details including recent negative user reviews, how their continual delays and unfair digging into our app vs others now had us miss our back to school launch and missed opportunity to increase our sales. This was officially hurting our business because of Apple’s processes. I requested an escalation to a Manager.
Sept 18th 2019 – I received a call from an App Review Manager. He shared that he had escalated us to the App Review Board.
Sept 27th 2019 – Finally heard back and the App Review Board rejected our appeal again. We had to completely remove the Analytical portion in our app. I reiterated our use of Google Firebase with our Family Messenger feature which was not an analytics service.
Oct 11th, 2019 – we pushed our app for review without the analytics.
Oct 21st, 2019 – Received App Review team message from the apologizing for the delay… 10 days and counting since submitting the update.
Oct 25th, 2019 – Boomerang Parental Control was now approved for release.
With the fall 2019 release of iOS 13, Apple silently changed MDM policies again, resulting in even less available functionality for parental control apps. We can no longer block Safari and the App Store since Apple now requires devices set up in “Supervised Mode” which is normally used by companies, government and schools for advanced mobile device management. These were two key apps we blocked when the schedule was up, when parents timed out their kids’ iOS devices or when parents wanted our SPIN Safe Browser as the only browser on their child’s iPhones.
So it’s early 2020 and we still have parents that:
- are not aware that iOS now includes screen time features – it’s buried in iOS Settings > Screen Time.
- are mixed – parents use Android and kids use iPhones/iPads
- are asking us why we cannot offer our Android feature set for iOS devices (hopefully I answered why above).
Apple has shown that they will change their minds if there is negative press about them. These are some of the reasons why we continue to recommend Android devices for your kids first smartphone (and you can still control them from your iPhone!). I thank you for sharing this post with your social media networks – certainly many other parents would benefit from knowing this.
Any way you slice it, Apple continues to be anti-competitive.
Thanks you for reading, for listening and for sharing. 🙏
P.S. The most memorable quote from a customer that switched his kids to Android: “Well, it’s like going out and buying a suit to match your tie, but it’s worth it.”