On Wednesday, TechCrunch reported that Facebook isn’t alone in inflicting an uber-snoopy app via what’s supposed to be a way for companies to distribute custom-made apps to their employees off of the App Store.
Google’s also been sneaking in through the back door, using the system to run an app called Screenwise Meter that sounds a lot like Facebook’s Research virtual private networking (VPN) app.
Fast on the heels of Apple kicking Facebook Research out of the program on Tuesday, so too did Screenwise Meter get the heave-ho.
This time, however, it sounds like Apple didn’t need its bouncers to show Google to the door. Rather, after being contacted about whether its app likewise violated Apple’s policy, Google apologized and showed itself out, disabling the app on iOS devices:
The Screenwise Meter iOS app should not have operated under Apple’s developer enterprise program – this was a mistake, and we apologize. We have disabled this app on iOS devices. This app is completely voluntary and always has been. We’ve been upfront with users about the way we use their data in this app, we have no access to encrypted data in apps and on devices, and users can opt out of the program at any time.
The reference to encrypted data is meant to differentiate Google’s app from Facebook Research, which Facebook said could collect data in some instances “even where the app uses encryption, or from within secure browser sessions”.
Before it blinked out of existence, Google was inviting users aged 18 and up (or 13, if part of a participating family) to download Screenwise Meter by using a special code and registration process that depended on Enterprise Certificate.
That’s the same thing that got Facebook in trouble with its Research app. When Facebook got kicked out of the Enterprise Developer Program, Apple noted that it had designed the program “solely for the internal distribution of apps within an organization,” not to distribute data-collecting apps to consumers: what Apple called “a clear breach” of its licensing terms.
Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.
Free tracking router, anyone?
Compared with Facebook, Google is far more upfront about how Screenwise Meter and its other market research programs work and what data they collect. And, unlike Facebook – which stripped its name off Research VPN following the similarly snoopy Onavo VPN getting pushed out of the App Store – Google’s clear about its involvement.
On the Screenwise Meter Play Store listing, for example, Google clearly states that data is collected for market research purposes and provides a link to its research panel membership page (you need to be on the panel to download the app).
According to TechCrunch, Google launched Screenwise in 2012. Users earn gift cards for sideloading an Enterprise Certificate-based VPN app that allows Google to monitor and analyze their traffic and data, tracking what they watch and what devices they watch it on. Google has since rebranded the program as part of its Cross Media Panel and Google Opinion Rewards programs, which reward users for installing tracking systems on their mobile phone, PC web browser, router and TV. The company even sends participants a special router that it can monitor.
Google also offers the ability to hit pause when participants want a break from monitoring or when someone younger than 13 is using the device.
Apple hadn’t responded to inquiries as of Thursday morning, but as TechCrunch’s Zack Whittaker hypothesizes, Google’s alacrity in responding to the issue – and, probably, its full awareness of how much bad press Facebook got over first the Onavo VPN and then the Research VPN – is probably enough to keep it out of being baked into another deep-dish Apple privacy-protecting pie.
Source : Naked Security