by Tom Kaneshige

Apple iPhone Kill Switch: Can CIOs Trust Apple?

Nov 15, 2010
Enterprise Applications

Enterprise iPhone apps at the mercy of an Apple kill switch should scare every CIO.

Let’s say your company depends on an enterprise iPhone app that Apple suddenly deemed inappropriate. Apple may be able to hit a “kill switch” that puts a quick end to the app. Is this a good or bad thing?

I spoke with Cimarron Buser, vice president of products and marketing at Apperian, which offers an enterprise app developer platform for the iPhone and iPad, at length last week during the Mobile Open Summit in San Francisco. Buser later wrote an excellent blog post over the weekend about the subject of one of our topics: The Apple kill switch with an enterprise twist.


The kill switch is based on the fact that every app has a profile certificate that can be turned off by Apple at any time. Certificate-checking is a good, standard practice that ensures the integrity of apps, Buser explains. Indeed, Apple’s draconian practices of app approval and control has led to some of the best platform security in the mobile space.

“You don’t need anti-virus software on an iPhone!” Buser writes in his blog. The kill switch (or “emergency cutoff,” as he describes it) guards against rogue developers letting lose a dangerous iPhone or iPad app without any way of corralling it. For consumers, a malicious app is bad; for enterprises, it’s really, really bad.

But I think CIOs should worry about an Apple kill switch for enterprise apps. While a kill switch may be standard practice, we’re talking about Apple, a company that has shown a complete disregard toward businesses in its ecosystem. Apple is relatively indifferent to an enterprise’s needs, such as product lead times, clarity of requirements and flexibility with consumer technology.

The Apple iPhone kill switch came to light a couple of years ago, although no one aside from Apple is really sure how it works. Apparently, the iPhone phones home from time to time (that is, to an Apple server) and verifies an app’s profile certificate. If Apple has marked the certificate invalid, then the app stops working.

Without going into details, Apple CEO Steve Jobs confirmed the existence of such a kill switch. “Hopefully, we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull,” Jobs told the Wall Street Journal in 2008.

On the enterprise front, it’s conceivable that an employee’s iPhone will attempt to verify an enterprise app’s profile certificate at some point in time. It might be an indirect route to an Apple server or not. Either way, an enterprise app, like an App Store consumer app, will likely be in the shadow of Apple’s kill switch.

So what does this mean? Recall earlier this year that Apple suddenly banned apps for having explicit sexual content. Never mind that Apple had already approved these apps. Online retailer The Simply Group woke up one day to find its app pulled because it showed women modeling bikinis for sale. There was no forewarning, as businesses helplessly saw revenue dry up due to an Apple whim.

(Four days later, Apple restored The Simply Group’s app with nary a word. Oddly, the Sports Illustrated Swimsuit app didn’t get swept up in Apple’s “bikini” raid.)

All of which begs the question: Are you prepared to have an app that your sales people, IT staffers, doctors, field workers, educators, and others rely on to be at the mercy of Apple? Don’t forget, your industry and products might also be judged one day by the folks in Cupertino.

Maybe that’s why Buser tempers his positive take on the Apple kill switch by offering three ways Apple can improve its enterprise app developer program. His recommendations are solid yet underscore the core problem: Apple ignorance (or is it arrogance?).

Buser would like to see Apple explain what is acceptable in an enterprise app. Currently, he concedes, Apple’s iOS Developer Enterprise Program contains a lot of ambiguous language, such as what an app’s impact on bandwidth should be. Buser also wants Apple to “make clear to enterprises that [Apple is] not intending to interfere in their business.” Can you hear the bikini ban echoing in the distance?

Next, Buser told me that if Apple had a problem with an enterprise app, Apple would probably just let the one-year profile license expire rather than hit the kill switch. “An enterprise should be able to get a multi-year license,” Buser writes in his second recommendation. The fact that Apple’s iOS Developer Enterprise Program has only a one-year license shows that Apple doesn’t understand business needs.

Buser’s third recommendation is to allow enterprise apps under the iOS Developer Enterprise Program to be used by more than just employees and contractors. He wants business partners and suppliers to be able to use the enterprise app, too. After all, many ERP and SCM apps need this kind of user range.

Apple’s ignorance of the enterprise might be overlooked if Apple was truly serious about serving companies. But history shows that Apple throws bones to the enterprise every year but has yet to fully embrace the enterprise.

Moreover, Apple’s treatment of companies inside its own App Store should be a warning to CIOs. Apple has destroyed businesses overnight without even a phone call. Can you imagine a kill switch of a mission-critical enterprise app in the hands of Apple? ‘Tis a scary thought.

Tom Kaneshige covers Apple and Networking for Follow Tom on Twitter @kaneshige. Follow everything from on Twitter @CIOonline. Email Tom at