Written by Nick Heer.

Apple Suspends Clearview’s Enterprise Distribution Certificate

Logan McDonald, Ryan Mac, and Caroline Haskins, Buzzfeed News:

In distributing its app for Apple devices, Clearview, which BuzzFeed News reported earlier this week has been used by more than 2,200 public and private entities including Immigration and Customs Enforcement (ICE), the FBI, Macy’s, Walmart, and the NBA, has been sidestepping the Apple App Store, encouraging those who want to use the software to download its app through a program reserved exclusively for developers. In response to an inquiry from BuzzFeed News, Apple investigated and suspended the developer account associated with Clearview, effectively preventing the iOS app from operating.

An Apple spokesperson told BuzzFeed News that the Apple Developer Enterprise Program should only be used to distribute apps within a company. Companies that violate that rule, the spokesperson said, are subject to revocation of their accounts. Clearview has 14 days to respond to Apple.

Zack Whittaker, TechCrunch:

TechCrunch found Clearview AI’s iPhone app on an public Amazon S3 storage bucket on Thursday, despite a warning on the page that the app is “not to be shared with the public.”

The page asks users to “open this page on your iPhone” to install and approve the company’s enterprise certificate, allowing the app to run.

But this, according to Apple’s policies, is prohibited if the app’s users are outside of Clearview AI’s organization.

Dell Cameron, Dhruv Mehrotra, and Shoshana Wodinsky of Gizmodo found the Android version of the app yesterday as well. They were unable to log in, but observed connections being opened to third-party app analytics providers:

Clearview CEO Hoan Ton-That said in an email to Gizmodo that the companion app is a prototype and “is not an active product.” RealWear, another company, which makes “a powerful, fully-rugged, voice operated Android computer” that is “worn on the head,” is also mentioned in the app, though it’s not immediately clear what for.

The app also contains a script created by Google for scanning barcodes in connection with drivers licenses. (The file is named “Barcode$DriverLicense.smali”) Asked about the feature, Ton-That responded: “It doesn’t scan drivers licenses.” Gizmodo also inquired about the app’s so-called “private search mode” but did not get a response.

The company frequently demurs when asked difficult but legitimate questions, and its clients deny all knowledge before recanting upon evidence being presented. Everything about Clearview is skeevy and it should not exist. I propose that everything it has ever created be sunk into the ocean.