Apple iPhone Kill Switch: Can CIOs Trust Apple?

Enterprise iPhone apps at the mercy of an Apple kill switch should scare every CIO.

Let's say your company depends on an enterprise iPhone app that Apple suddenly deemed inappropriate. Apple may be able to hit a "kill switch" that puts a quick end to the app. Is this a good or bad thing?

I spoke with Cimarron Buser, vice president of products and marketing at Apperian, which offers an enterprise app developer platform for the iPhone and iPad, at length last week during the Mobile Open Summit in San Francisco. Buser later wrote an excellent blog post over the weekend about the subject of one of our topics: The Apple kill switch with an enterprise twist.


The kill switch is based on the fact that every app has a profile certificate that can be turned off by Apple at any time. Certificate-checking is a good, standard practice that ensures the integrity of apps, Buser explains. Indeed, Apple's draconian practices of app approval and control has led to some of the best platform security in the mobile space.

"You don't need anti-virus software on an iPhone!" Buser writes in his blog. The kill switch (or "emergency cutoff," as he describes it) guards against rogue developers letting lose a dangerous iPhone or iPad app without any way of corralling it. For consumers, a malicious app is bad; for enterprises, it's really, really bad.

But I think CIOs should worry about an Apple kill switch for enterprise apps. While a kill switch may be standard practice, we're talking about Apple, a company that has shown a complete disregard toward businesses in its ecosystem. Apple is relatively indifferent to an enterprise's needs, such as product lead times, clarity of requirements and flexibility with consumer technology.

The Apple iPhone kill switch came to light a couple of years ago, although no one aside from Apple is really sure how it works. Apparently, the iPhone phones home from time to time (that is, to an Apple server) and verifies an app's profile certificate. If Apple has marked the certificate invalid, then the app stops working.

Without going into details, Apple CEO Steve Jobs confirmed the existence of such a kill switch. "Hopefully, we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull," Jobs told the Wall Street Journal in 2008.

On the enterprise front, it's conceivable that an employee's iPhone will attempt to verify an enterprise app's profile certificate at some point in time. It might be an indirect route to an Apple server or not. Either way, an enterprise app, like an App Store consumer app, will likely be in the shadow of Apple's kill switch.

So what does this mean? Recall earlier this year that Apple suddenly banned apps for having explicit sexual content. Never mind that Apple had already approved these apps. Online retailer The Simply Group woke up one day to find its app pulled because it showed women modeling bikinis for sale. There was no forewarning, as businesses helplessly saw revenue dry up due to an Apple whim.

(Four days later, Apple restored The Simply Group's app with nary a word. Oddly, the Sports Illustrated Swimsuit app didn't get swept up in Apple's "bikini" raid.)

All of which begs the question: Are you prepared to have an app that your sales people, IT staffers, doctors, field workers, educators, and others rely on to be at the mercy of Apple? Don't forget, your industry and products might also be judged one day by the folks in Cupertino.

1 2 Page 1
Page 1 of 2
7 secrets of successful remote IT teams