Sonos should learn from Facebook

by Volker Weber


Apple pulled the rug out from under Facebook today by revoking their Enterprise Developer certificate. You deploy this on your employees' iOS devices so you can distribute apps without going through the App Store process.

Facebook used this mechanism to deploy their spyware and Apple simply killed those apps by revoking the certificate. Collateral damage: all other internal apps using the very same certificate also died the very same minute.

Sonos is still using the same process to distribute their betas outside the company and I would wager they violate the same terms and conditions as Facebook. The proper way to do this is use TestFlight, like everybody else.


Maybe Sonos is using private APIs in the beta versions of their iOS app and hence they have chosen this deployment approach?

Abdelkader Boui, 2019-01-30

I don't know. Maybe they are just lazy because they always did it this way, before TestFliight existed.

Volker Weber, 2019-01-30

As far as I understood, Facebook's main violation was, that they used it for spying. In days before Testflight, wasn't this the usual method for deploying betas?

Christian Gut, 2019-01-31

What Facebook did here was against Apple's privacy stance. That called them into action, and using the enterprise developer certificate for distributing apps outside the enterprise gave Apple a reason and means to stop them. They could do the same thing to Sonos if they ever chose to.

Volker Weber, 2019-01-31

Prior to Apple's acquisition of TestFlight the usual method was also the prescribed one — adding individual test device UDIDs to the build. TestFlight was created as nothing more than a streamlined workflow for use of the limited allocation of UDID slots provided to every developer account for testing on 'external' devices. There has never been a time when the issuing agreement for enterprise certificates permitted deployment to users not directly bound by the enterprise's legal obligations. Apple may have been less than aggressive in enforcement of this rule but also has no direct method of monitoring such breaches of the agreement.

Facebook egregiously flouted this rule for malign purposes with predictable consequences - including that their own internal apps and testing workflows, which daily operation of their business is dependent upon, are now non-functional.

Any organization using this mechanism in this way exhibits a shocking lack of foresight consistent with the absence of adult supervision. It makes one wonder what other bad decisions Sonos has made.

David Richardson, 2019-01-31

I can remember they used to add UDIDs way back when. Which in the olden days limited them to 200 test devices. I used to have to of them: one iPhone and one iPad.

Volker Weber, 2019-01-31

Old archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.


Paypal vowe