diff --git a/CHANGES b/CHANGES
index 609d579d6..e95ba9237 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1586,4 +1586,5 @@
 * Add support for an external email relay that does not require authentication
 * Add option to accept self-signed certs when using external mail relay
 * Allow publishing and listing community supported apps
+* Remove spaces support
 
diff --git a/src/accesscontrol.js b/src/accesscontrol.js
index 21b9d7072..e94e5fff4 100644
--- a/src/accesscontrol.js
+++ b/src/accesscontrol.js
@@ -115,7 +115,7 @@ function scopesForUser(user, callback) {
 
     if (user.admin) return callback(null, exports.VALID_SCOPES);
 
-    callback(null, config.isSpacesEnabled() ? [ 'profile', 'apps', 'domains:read', 'users:read' ] : [ 'profile', 'apps:read' ]);
+    callback(null, [ 'profile', 'apps:read' ]);
 }
 
 function validateToken(accessToken, callback) {
diff --git a/src/apps.js b/src/apps.js
index 562cff2d1..19d490be1 100644
--- a/src/apps.js
+++ b/src/apps.js
@@ -201,13 +201,6 @@ function translatePortBindings(portBindings, manifest) {
     return result;
 }
 
-function addSpacesSuffix(location, user) {
-    if (user.admin || !config.isSpacesEnabled()) return location;
-
-    const spacesSuffix = user.username.replace(/\./g, '-');
-    return location === '' ? spacesSuffix : `${location}-${spacesSuffix}`;
-}
-
 function validateAccessRestriction(accessRestriction) {
     assert.strictEqual(typeof accessRestriction, 'object');
 
@@ -665,9 +658,6 @@ function install(data, user, auditSource, callback) {
             if (error && error.reason === DomainsError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such domain'));
             if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Could not get domain info:' + error.message));
 
-            location = addSpacesSuffix(location, user);
-            alternateDomains.forEach(function (ad) { ad.subdomain = addSpacesSuffix(ad.subdomain, user); }); // TODO: validate these
-
             error = domains.validateHostname(location, domainObject);
             if (error) return callback(new AppsError(AppsError.BAD_FIELD, 'Bad location: ' + error.message));
 
@@ -809,7 +799,6 @@ function configure(appId, data, user, auditSource, callback) {
         if ('alternateDomains' in data) {
             // TODO validate all subdomains [{ domain: '', subdomain: ''}]
             values.alternateDomains = data.alternateDomains;
-            values.alternateDomains.forEach(function (ad) { ad.subdomain = addSpacesSuffix(ad.subdomain, user); }); // TODO: validate these
         }
 
         if ('env' in data) {
@@ -840,8 +829,6 @@ function configure(appId, data, user, auditSource, callback) {
             if (error && error.reason === DomainsError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such domain'));
             if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Could not get domain info:' + error.message));
 
-            location = addSpacesSuffix(location, user);
-
             error = domains.validateHostname(location, domainObject);
             if (error) return callback(new AppsError(AppsError.BAD_FIELD, 'Bad location: ' + error.message));
 
@@ -1112,7 +1099,6 @@ function clone(appId, data, user, auditSource, callback) {
                 if (error && error.reason === DomainsError.NOT_FOUND) return callback(new AppsError(AppsError.EXTERNAL_ERROR, 'No such domain'));
                 if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Could not get domain info:' + error.message));
 
-                location = addSpacesSuffix(location, user);
                 error = domains.validateHostname(location, domainObject);
                 if (error) return callback(new AppsError(AppsError.BAD_FIELD, 'Bad location: ' + error.message));
 
diff --git a/src/config.js b/src/config.js
index ff5a298f4..040cdbbec 100644
--- a/src/config.js
+++ b/src/config.js
@@ -35,9 +35,6 @@ exports = module.exports = {
     isManaged: isManaged,
     isDemo: isDemo,
 
-    // feature flags based on editions (these have a separate license from standard edition)
-    isSpacesEnabled: isSpacesEnabled,
-
     // for testing resets to defaults
     _reset: _reset
 };
@@ -199,10 +196,6 @@ function isDemo() {
     return get('isDemo') === true;
 }
 
-function isSpacesEnabled() {
-    return get('edition') === 'education';
-}
-
 function provider() {
     return get('provider');
 }
diff --git a/src/routes/apps.js b/src/routes/apps.js
index 7dff7703a..200d1753b 100644
--- a/src/routes/apps.js
+++ b/src/routes/apps.js
@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    verifyOwnership: verifyOwnership,
-
     getApp: getApp,
     getApps: getApps,
     getAppIcon: getAppIcon,
@@ -43,25 +41,6 @@ var apps = require('../apps.js'),
     util = require('util'),
     WebSocket = require('ws');
 
-function verifyOwnership(req, res, next) {
-    if (req.user.admin) return next();
-
-    if (!config.isSpacesEnabled()) return next();
-
-    const appCreate = !('id' in req.params);
-
-    if (appCreate) return next(); // ok to install app
-
-    apps.get(req.params.id, function (error, app) {
-        if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app'));
-        if (error) return next(new HttpError(500, error));
-
-        if (app.ownerId !== req.user.id) return next(new HttpError(403, 'User is not owner'));
-
-        next();
-    });
-}
-
 function getApp(req, res, next) {
     assert.strictEqual(typeof req.params.id, 'string');
 
diff --git a/src/server.js b/src/server.js
index b8a6747f3..c23e9ecb6 100644
--- a/src/server.js
+++ b/src/server.js
@@ -95,7 +95,7 @@ function initializeExpressSync() {
     var usersReadScope = routes.accesscontrol.scope(accesscontrol.SCOPE_USERS_READ);
     var usersManageScope = routes.accesscontrol.scope(accesscontrol.SCOPE_USERS_MANAGE);
     var appsReadScope = routes.accesscontrol.scope(accesscontrol.SCOPE_APPS_READ);
-    var appsManageScope = [ routes.accesscontrol.scope(accesscontrol.SCOPE_APPS_MANAGE), routes.apps.verifyOwnership ];
+    var appsManageScope = [ routes.accesscontrol.scope(accesscontrol.SCOPE_APPS_MANAGE) ];
     var settingsScope = routes.accesscontrol.scope(accesscontrol.SCOPE_SETTINGS);
     var mailScope = routes.accesscontrol.scope(accesscontrol.SCOPE_MAIL);
     var notificationsScope = [ routes.accesscontrol.scope(accesscontrol.SCOPE_PROFILE), routes.notifications.verifyOwnership ];
@@ -240,7 +240,7 @@ function initializeExpressSync() {
     router.get ('/api/v1/apps/:id/logs',      appsManageScope, routes.apps.getLogs);
     router.get ('/api/v1/apps/:id/exec',      appsManageScope, routes.apps.exec);
     // websocket cannot do bearer authentication
-    router.get ('/api/v1/apps/:id/execws',    routes.accesscontrol.websocketAuth.bind(null, [ accesscontrol.SCOPE_APPS_MANAGE ]), routes.apps.verifyOwnership, routes.apps.execWebSocket);
+    router.get ('/api/v1/apps/:id/execws',    routes.accesscontrol.websocketAuth.bind(null, [ accesscontrol.SCOPE_APPS_MANAGE ]), routes.apps.execWebSocket);
     router.post('/api/v1/apps/:id/clone',     appsManageScope, routes.apps.cloneApp);
     router.get ('/api/v1/apps/:id/download',  appsManageScope, routes.apps.downloadFile);
     router.post('/api/v1/apps/:id/upload',    appsManageScope, multipart, routes.apps.uploadFile);