This illegal use of enterprise certificates must have leaked. How big is Facebook, after all.

I'm not sure if "in violation of contract" counts as illegal in this case.

You're right, not illegal in that way. I miswrote.

They know how many installations are active and how many people work for the org. When wildly out of line they could send a lawyer-gram and then shut it down if they don't get a response that accounts for the difference. Enterprise apps still phone home to the mother ship (Apple) and will refuse to run if, for example, the device doesn't have an internet connection for some number of days. (90 if memory serves.)

> Enterprise apps still phone home to the mother ship (Apple) and will refuse to run if, for example, the device doesn't have an internet connection for some number of days. (90 if memory serves.)

I would not be surprised if the list of apps that a user has is not disclosed to Apple, and the only thing that is exchanged is Apple's "blacklist" of revoked certificates.

Ok, but this is now Apple having to police thousands of organizations. That's just not practical. I think they should handle it on a case by case basis.