Apple has blocked Clearview AI’s iPhone app for violating its rules

An iPhone app built by controversial facial recognition startup Clearview AI has been blocked by Apple, effectively banning the app from use.

Apple confirmed to TechCrunch that the startup “violated” the terms of its enterprise developer program.

The app allows its users — which the company claims it serves only law enforcement officers — to use their phone camera or upload a photo to search its database of 3 billion photos. But BuzzFeed News revealed that the company — which claims to only cater to law enforcement users — also includes many private-sector users, including Macy’s, Walmart and Wells Fargo.

Clearview AI has been at the middle of a media — and legal — storm since its public debut in The New York Times last month. The company scrapes public photos from social media sites, drawing ire from the big tech giants that claim Clearview AI misused their services. But it’s also gained attention from hackers. On Wednesday, Clearview AI confirmed a data breach in which its client list was stolen.

The public Amazon S3 page containing the iPhone app (Image: TechCrunch)

TechCrunch found Clearview AI’s iPhone app on an public Amazon S3 storage bucket on Thursday, despite a warning on the page that the app is “not to be shared with the public.”

The page asks users to “open this page on your iPhone” to install and approve the company’s enterprise certificate, allowing the app to run.

But this, according to Apple’s policies, is prohibited if the app’s users are outside of Clearview AI’s organization.

Clearview AI’s use of an enterprise certificate on an iPhone (Image: TechCrunch)

Enterprise certificates are issued by Apple to allow companies to build and approve iPhone and iPad apps designed for internal company use only. It’s common for these certificates to be used to test apps internally before they are pushed out to the App Store. Apple maintains a strict set of rules on use of enterprise certificates, and says they cannot be used by consumers. But there have been cases of abuse.

Last year, TechCrunch exclusively reported that both Facebook and Google were using their enterprise certificates for consumer-facing apps in an effort to bypass Apple’s App Store. Apple revoked the tech giants’ enterprise certificates, disabling the infracting app but also any other app that relied on the certificate, including their catering and lunch menu apps.

The app was labeled as “beta” — typically a pre-release or a test version of the app. Besides this claim, there is no evidence to suggest this app was not used by Clearview AI customers.

Clearview AI chief executive Hoan Ton-That told TechCrunch: “We are in contact with Apple and working on complying with their terms and conditions.”

A brief analysis of the app through network traffic tools and disassembly tools shows it works largely in the same way as Clearview AI’s Android app, which was discovered by Gizmodo on Thursday.

Like the Android app, a user needs a Clearview AI-approved username and password to use the app.