Facebook’s toughest regulator may not be the Federal Trade Commission or another government agency, but rather its tech giant rival Apple.
Facebook suffered another public relations black eye on Tuesday when tech publication TechCrunch reported about its latest in a series of data privacy blunders.
In short, Facebook allegedly abused the Apple Developer Enterprise Program that lets partner companies make corporate apps and work-related tools available to their employees outside of the consumer-facing Apple App Store.
While the program was intended to let Facebook employees test apps and new features prior to major releases, among other reasons, Facebook, in fact, used it as a way to get the public download a data-tracking “research” app outside of the Apple App store. The strategy let Facebook bypass Apple’s app approval process, which almost certainly would have otherwise blocked Facebook’s data-collecting app for violating Apple’s privacy policies.
Apple responded on Wednesday by rescinding Facebook’s development credentials, which hurts the social networking giant’s ability to test software products, among other things. Apple said that “Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple.”
As several journalists and analysts have commented, this is a major blow for Facebook, which relies on the program for its internal product development and for quickly providing app updates to its users.
Apple’s punishment may sting more than any FTC fines, considering that Facebook had over $40 billion in sales during its last fiscal year.
Get Data Sheet, Fortune’s technology newsletter.
If Facebook is unable to test its apps and release new features, it won’t be able to quickly copy the features for iOS devices by competitors like Snapchat. Reports also indicate that Facebook employees are unable to access internal food and transportation apps for its campus, which could cause a major roadblock for Facebook’s employees who use iPhones.
In essence, Apple is putting the brakes on Facebook’s ability to “move fast and break things,” to quote the one-time Facebook motto popularized by CEO Mark Zuckerberg. He has since changed the motto to “Move fast with stable infrastructure.”
Facebook has so far escaped any major U.S. government penalty for misbehavior as well as any significant consequences from its series of blunders ranging from data breaches, questionable public relations efforts, and the infamous Cambridge Analytica scandal that involved an academic researcher who obtained user data in order to sell the information to a political consulting firm, violating company policies.
The FTC is reportedly investigating whether some of Facebook’s recent data privacy issues may have violated the terms or a previously enforced consent decree, with fines possibly totaling over a billion dollars.
Facebook latest stumble, however, could end up being a lot more painful.
Cybersecurity researchers typically recommend that people only download apps to their smartphones from sanctioned app stores like Apple’s, because downloading software from third-party services is more risky. There’s a reason companies are willing to pay Apple a 30% fee to sell software through Apple’s App Store, and that’s because Apple offers consumers at least some sense of security that the apps they download through it are safe.
In this case, Facebook encouraged some users to download iOS software outside the Apple App store, which could lead to people feeling more comfortable about downloads outside Apple’s universe.
As Jen Miller-Osborn, a deputy director of threat Intelligence at security firm Palo Alto Networks described Facebook’s behavior to Fortune, “That’s horrible.”
“There’s no way to do that without knowing you are at least violating the spirit of some agreement,” Miller-Osborn said. ” To do it officially and against the parent company is at least—wow.”
It’s unclear if Apple’s decision to revoke Facebook’s developer credentials is only temporary. But if it does cause Facebook pain, maybe it will be less cavalier about data collection.
Perhaps this is what is meant when businesses say companies, not governments, should regulate themselves.
