If Apple’s email from Phil has holes, then so does your article. I get that the email mentioned things like monitoring Safari Browsing history or call logs which are misleading or vague at the very best. However, as a tech company, you should not hide away from the fact that it is technically possible and in fact not hard to instrument such kind of an behavior on a managed device. Here is why:

1. Would you disagree that you can essentially intercept the phone’s entire internet traffic by pushing an always on VPN tunnel profile which will force all the network traffic go via your own servers which neither Apple nor parents can really interfere with? Now, there may be some security features like end to end encryption or certificate pinning built in the apps which safe guard against a Man in the middle attack. And that you would also need to disclose this in the agreement text when the profile is installed. But does that really mitigate the risk and possibility?
2. With the usage of managed domains, wouldn’t you be able to regulate downloads from particular domains. Sure, you cannot look at the contents of the images and documents most likely but you do have some control which extends beyond what your app is intended to have. You could even restrict that all PDFs should open with a particular app which leaks information.
3. With the managed apps, especially when you can easily request for managing other apps which were not really deployed from your MDM server, can’t you simply uninstall or wipe their local data, which upon the next start may even sync to the cloud thereby permanently destroying it.
4. “Apple themselves are responsible for sending all MDM commands to user devices”. This made me laugh honestly. It is like blaming the knife for a murder. Yes, Apple will deliver the command to the device. But does it really control which commands it should send (once of course your profile is installed)? For example, if you request for managing the DropBox app on an iPhone after the device is provisioned, would Apple intervene and say, “Hey OurPact, I won’t send this command to Emily’s phone because she is only 10”. NO. Your statement is completely very irrational at the very least.

The list goes on.. In fact, you forget to mention that once a device is provisioned, you can still ask for more control like managing other apps later, when a parent isn’t around to make that decision. Sure, many of these will require an explicit consent from the user ( a child) by tapping an Okay button on the alert. But can you, as a parent really count on your kid understanding EMM/MDM and denying to such a prompt?

Your comparison to schools is actually unreasonable. The simple reason is that very rarely you’ll find children enrolling their “personal” devices with a school’s EMM server. They may need to do that to connect to their school’s wifi for example. Even in doing so, they are putting a trust in school that the profile will only let them connect to internet. In the most common case, the school issues devices which it wants to control via MDM or EMM. So it is okay for them to really restrict and monitor what students are allowed to do on those devices. You can’t compare that with your app because your app is installed on a “Personal” device, again a device which belongs to a child or their parents. You cannot compare those two, period.

Lastly, whether this can be exploited by a hacker or not depends on your overall infrastructure’s security too. I cannot comment on that.

The fact is with the use of MDM, you have way more control than you need and should have. Whether you exercise that control or not is solely based on the trust. Putting this much faith in any company is a pretty big deal.

Now as an iOS engineer, I do understand how these decisions may have hurt your business, especially when there is really no workaround. It is bad that Apple first allows use of certain tech and then rejects apps. Apps have been rejected for silly reasons all the time. But this isn’t one of those reasons, in my own opinion of course.