Facebook is not the only major tech company found to be misusing Apple's Enterprise Certificate system, with a report claiming Google is pulling the same trick for its own app, one that is similar in nature to Facebook's now-blocked "Research" app.
Apple's Enterprise Certificates are designed for use within a company and not for the public, but following the revocation of certificates used by Facebook due to their misuse, it has been found Google has done practically the same thing. In Google's case, it has been distributing an iOS app called Screenwise Meter.
Much like the now-blocked Facebook Research app, Screenwise allows users to earn gift cards in exchange for Google monitoring a user's web traffic and data, reports TechCrunch, by installing a VPN app. Just as with Facebook's app, Screenwise Meter is sideloaded onto the iOS device with a Enterprise Certificate.
Under Apple's rules, the Enterprise Developer Certificates are meant for use within a company and not for public usage. To push apps out to the public, developers must either put it through the App Store, which has stringent privacy rules that must be obeyed, or offer it as part of Apple's TestFlight beta program, though that has a maximum user count of 10,000.
Furthermore, the original version of the app collected data from users as young as 13 years old. While the program is currently open to users of Google's Opinion Rewards aged 18 or older following a rebranding, it is still able to be used by those as young as 13 years if they are in the same household and added as a secondary panelist.
Sources inside Apple corporate not authorized to speak on behalf of the company told AppleInsider that "yeah, it's being talked about today upstairs" referring to conversation by executives, regarding Google's Screenwise Meter.
Given Apple's decision to pull Facebook's access to the system, it is likely a similar action will occur to Google. While Facebook discovered many of its in-beta and internal apps were inactive following the certificate withdrawal, it is unclear if Google will face a similar situation internally.
A statement provided to AppleInsider on Wednesday about Facebook's certificate removal notes "Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data."
Update: In a statement to AppleInsider, Google said it has disabled the Screenwise Meter iOS, adding that it should not have operated under an Enterprise Developer Certificate.
The Screenwise Meter iOS app should not have operated under Apple's developer enterprise program. This was a mistake, and we apologize.
We have disabled this app on iOS devices. This app is completely voluntary and always has been. We've been upfront with users about the way that we use their data in this app, we have no access to encrypted data in apps and on devices, and users can opt out of the program at any time.
58 Comments
Show of hands:
How many are surprised that Google is violating privacy rules like Facebook?
This just keeps on getting more disturbing. Please stop this Apple
Rene Ritchie posed the question ‘should Apple abanadon Google (as default search engine)?’ Billions of dollars of ‘services’ revenue be damned. Google/Facebook are a disgrace.
The Good Fight: Also in this case it would be sweet if Apple opts to cover the legal fees for all those users who were rewarded by Google to sideload the VPN onto their devices, so they can all go to court and ask the judge to force Google to hire them since Google made them use that sw after contractually agreeing with Apple that it could be used by employees only.