New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Google Also Exploiting Enterprise Certificates to Bypass iOS App Store for Data Collection [Update: Disabled]

Facebook is facing the wrath of Apple today for misusing an enterprise certificate meant for internal use to get Facebook users to sideload a data harvesting "Facebook Research" app that violates App Store policies, and as it turns out, Google has been doing the exact same thing.

According to TechCrunch, Google has been distributing an app called "Screenwise Meter" using the enterprise certificate installation method since 2012.


Google has been privately inviting users aged 18 and up (or 13 for those part of a family group) to download Screenwise Meter, an app that is designed to collect information on internet usage, including details on how long a site is visited to apps that are downloaded.

By asking Screenwise Meter users to download the app using an enterprise certificate, Google is able to bypass App Store rules that prevent apps from gathering this kind of data from iPhone users.

Apple just this morning revoked Facebook's enterprise certificate for this exact same activity, which has rendered all of Facebook's internal apps nonoperational and has created chaos at Facebook's headquarters. Facebook employees are not able to use any of the internal apps that they rely on to get work done.

The Screenwise Meter app that Google uses lets users earn gift cards for sharing their traffic and app data. It is part of Google's Cross Media Panel and Google Opinion Rewards programs that provide rewards to people for installing tracking software on their smartphones, web browsers, routers, and TVs.


According to TechCrunch, Google is more forthcoming about the kind of data that it's collecting than Facebook, but that doesn't change the fact that Google is using an app installation method that appears to violate Apple's enterprise certificate rules in the same way the Facebook Research app did.

Additionally, people who install these kinds of apps for rewards may not fully understand the extent of the data that's collected.
Putting the not-insignificant issues of privacy aside -- in short, many people lured by financial rewards may not fully take in what it means to have a company fully monitoring all your screen-based activity -- and the implications of what extent tech businesses are willing to go to to amass more data about users to get an edge on competitors, Google Screenwise Meter for iOS appears to violate Apple's policy.
Apple and Google have not yet commented on the Screenwise Meter app, but if Apple does decide that Google is also violating its enterprise rules, which clearly state that the enterprise program is for distributing internal employee apps only, Google too could see the enterprise certificate used for the Screenwise app revoked.

Apple could also punish Google in the same way that it punished Facebook by revoking all of the company's internal apps that use the same certificate.

Update: Google has issued an apology and has disabled its Screenwise Meter app on iOS devices. "The Screenwise Meter iOS app should not have operated under Apple's developer enterprise program -- this was a mistake and we apologize. We have disabled this app on iOS devices. This app is completely voluntary and always has been. We've been upfront with users about the way we use their data in this app, and we have no access to encrypted data in apps and on devices, and users can opt out of the program at any time."

Tag: Google


Top Rated Comments

(View all)

20 weeks ago
Didn’t take long for that shoe to drop.

It’s time for people to realize that the big players in tech are surveillance operations, full stop.
Rating: 56 Votes
20 weeks ago
awkward.

Apple vs. the world.
Go Apple
Rating: 51 Votes
20 weeks ago
And the question one needs to ask: does Android contain this kind of spyware out of the box?
Rating: 48 Votes
20 weeks ago
Alright Apple...apply the rules equally, please.
Rating: 32 Votes
20 weeks ago

Lots of companies, including small businesses, exploit enterprise certificates... And why is that? Because AppStore rules are annoyingly restrictive..


Restrictive for good reason....
Rating: 32 Votes
20 weeks ago

Lots of companies, including small businesses, exploit enterprise certificates... And why is that? Because AppStore rules are annoyingly restrictive..

Only annoying if you don't care about Apple's customer's privacy.
Rating: 25 Votes
20 weeks ago

And the question one needs to ask: does Android contain this kind of spyware out of the box?


Do you REALLY need to ask that? :rolleyes: Of course it does.
Rating: 17 Votes
20 weeks ago
Difference with Facebook:
Google pays Apple so Apple uses Google Search on the iOS platform.
This will be interesting.
Rating: 15 Votes
20 weeks ago


[doublepost=1548878912][/doublepost]
Except, is any of your data on any sort of Cloud/iCloud etc?

Yes, but I trust Apple with my data a lot more than I trust Google with it.
Rating: 11 Votes
20 weeks ago

Blimey, are all these companies corrupt!


I think the problem is that the corporate mindset is to *increase* profits. It doesn't matter how well they did this or last year. They are judged by increasing profits. So instead of sitting in their meetings being happy with however profitable they are... they have to sit there thinking of how they can make a little more.
Rating: 11 Votes

[ Read All Comments ]