Good timing from Apple when it comes to Facebook’s data protection scandal and the EU’s General Data Protection Regulation (GDPR) that goes into effect this week – with the iOS 11.3 operating system update, companies can now fully separate their business and private contacts.

The exchange of blows between Mark Zuckerberg and Tim Cook seems to have had more than just a media impact. Tim Cook disparaged the Facebook business model of making money from users’ data. Until now, however, he himself hadn’t undertaken much concrete action. Zuckerberg countered and described the Apple model as a kind of Stockholm syndrome, where users fall for the manufacturer who then demands a lot of money from them. Facebook, on the other hand, wants to be there for everyone, even those who can’t pay. Whoever wants to objectively evaluate the actual scope of Facebook’s data hoarding can see for themselves by simply placing a Facebook ad.

The iOS 11.3 software update brings numerous new features

So far, however, Apple has delivered a lot of data to Facebook virtually free of charge, because unlike a managed Android smartphone, in iOS all apps access the same address book – much to the annoyance of many corporate customers. The only solution so far – besides the use of two smartphones – was “wrapping” apps, which in turn accessed their own address book separate from the iOS system. However, this approach is not only complex but often also expensive and prone to errors.

WhatsApp, Facebook and Privacy

Because the handling of personal data is a highly-sensitive issue, especially with regard to data protection and against the backdrop of the EU’s GDPR, this makes it a very unfavorable situation for companies. A German data protection commissioner, Lutz Hasse, recently warned that 99 percent of WhatsApp users were acting illegally, simply because they gave the service access to their contacts without asking for their prior consent.

While this is a problem for private customers, it is even more significant for companies. Which is why businesses need to act immediately. With iOS 11.3, Apple has responded and created the possibility to deny Facebook and WhatsApp such access. However, the prerequisite is the use of an enterprise mobility management system (EMM), such as MobileIron, AirWatch or others.

It should be noted that a pure mobile device management system (MDM) is not sufficient here. For proper implementation, the distribution of iOS-native app policies must be possible. The system must, therefore, have a native mobile application management (MAM) feature, something which fortunately is already a standard feature for many. The good news is that companies don’t have to wait for a new version of these EMM systems, because the implementation is carried out with the existing policies, only the implementation on the device itself has now been fully achieved with iOS 11.3.

Companies that do not yet use an EMM system are recommended to use the cloud offerings of the respective manufacturers for rapid implementation.

Deny access to Facebook & Co.

How do you deny private apps access to business contacts then? iOS management distinguishes between managed apps and unmanaged apps. For its system application Mail, iOS also knows the managed accounts, which behave in the same way as the managed apps. Apps and accounts, which should be managed, can be defined accordingly in the EMM system. 

To protect business communication and contacts, the corporate Exchange account should be defined as managed. In addition, it’s only necessary to set the policy that an exchange of data between the managed and unmanaged apps and accounts shouldn’t take place. This policy has been used before to ensure that Open-In data can only be exchanged among managed apps. And there you have it – you have denied private apps access to your business contacts.  However, the user has access to all contacts, both private and business contacts, at any time via the contact book. A managed app on the other hand, for example using the Cortado Workplace app, also has full access to business contacts.

 Apple’s iOS has already established itself as the leading mobile operating system in the enterprise market. The contact book was a very annoying and long overdue security gap, which has finally been closed and which didn’t even exist at competing Android for Work / Android Enterprise due to a fundamentally different approach. If the Facebook scandal has caused this development to be accelerated, then Apple users are already seeing the benefits.

Henning Volkmer
Henning Volkmer

is president and CEO of ThinPrint, a leading provider of print management software and services for businesses.