30 Jan 2019

Google Also Violated Apple's Trust With App That Quietly Collected Sensitive User Data

GoogleBy Tyler Durden: After setting off another firestorm over Facebook's abusive data privacy practices when it revealed that the social media giant encouraged users as young as 13 to bypass the Apple app store and side-load an app that offered them a small financial incentive to allow the company unfettered access to their personal data, TechCrunch has followed up its earlier report with another bombshell: Google built a very similar app that functioned in practically the same exact way.
The app built by Google, called Screenwise Meter, was available for iOS and Android users. Like Facebook, the app violated Apple's policies over using its enterprise developer certificate to allow non-employees to download the app. It also encouraged teenagers to download the app, allowing Google to hoover up sensitive personal data about their phone-usage habits.
The only differences are that Google's app was around longer (it launched in 2012, whereas Facebook's app wasn't introduced until 2016, after Apple banned Facebook's Onavo "corporate spyware" app from its app store), and Google was slightly more transparent about the app's functionality.
First launched in 2012, Screenwise lets users earn gift cards for sideloading an Enterprise Certificate-based VPN app that allows Google to monitor and analyze their traffic and data. Google has rebranded the program as part of the Cross Media Panel and Google Opinion Rewards programs that reward users for installing tracking systems on their mobile phone, PC web browser, router and TV. In fact, Google actually sends participants a special router that it can monitor. Originally, Screenwise was open to users as young as 13, just like Facebook’s Research app that’s now been shut down on iOS but remains on Android.
Now, according to the site’s Panelist Eligibility rules, Google requires the primary users of its Opinion Rewards to be 18 or older, but still allows secondary panelists as young as 13 in the same household to join the program and have their devices tracked, as demonstrated in this video here (which was created in August of last year, underscoring that the program is still active):
[…]
Originally, Screenwise was open to users as young as 13, just like Facebook’s Research app that’s now been shut down on iOS but remains on Android. Now, according to the site’s Panelist Eligibility rules, Google requires the primary users of its Opinion Rewards to be 18 or older, but still allows secondary panelists as young as 13 in the same household to join the program and have their devices tracked, as demonstrated in this video here (which was created in August of last year, underscoring that the program is still active):
But while Facebook had initially tried to defend its data-hoovering app, Google, probably rattled after witnessing the backlash to Facebook (which led Apple to tear up Facebook's enterprise development certificate, sowing chaos inside Facebook's office), skipped straight to the apology.
After we asked Google whether its app violated Apple policy, Google announced it will remove Screenwise Meter from Apple’s Enterprise Certificate program and disable it on iOS devices. The company provided TechCrunch with this statement: "The Screenwise Meter iOS app should not have operated under Apple’s developer enterprise program - this was a mistake, and we apologize. We have disabled this app on iOS devices. This app is completely voluntary and always has been. We’ve been upfront with users about the way we use their data in this app, we have no access to encrypted data in apps and on devices, and users can opt out of the program at any time."
Eager to give credit where credit is due, TechCrunch praised Google for at least being upfront with users of the side-loaded app about the type of data it collects (again, it's practically all of the data generated when users on are on their phones) while also providing for a guest mode that can be activated when somebody younger than 13 is using the app.
Still, many users probably ignored all of these implications when Google dangled the financial incentive of a $20 gift card in front of them.
Unlike Facebook, Google is much more upfront about how its research data collection programs work, what’s collected and that it’s directly involved. It also gives users the option of “guest mode” for when they don’t want traffic monitored, or someone younger than 13 is using the device.
Putting the not-insignificant issues of privacy aside - in short, many people lured by financial rewards may not fully take in what it means to have a company fully monitoring all your screen-based activity - and the implications of what extent tech businesses are willing to go to to amass more data about users to get an edge on competitors, Google Screenwise Meter for iOS appears to violate Apple’s policy.
This states, in essence, that the Enterprise Certificate program for distributing apps without the App Store or Apple’s oversight is only for internal employee-only apps.
Google walks users through how to install the Enterprise Certificate and VPN on their phone. Developers seeking to do external testing on iOS are supposed to use the TestFlight system that sees apps reviewed and limits their distribution to 10,000 people.
The question now is whether Apple will revoke Google's developer credentials, which would throw a wrench in the workflow of employees who rely on internal company apps to do their work, like it did to Facebook. Will Google's ever-so-slightly more transparent approach be enough to avert such a reaction?
We guess we'll need to wait and see.

No comments:

Post a Comment