Pages: [1]   Go Down
  Print  
Author Topic: Google Also Exploiting Enterprise Certificates to Bypass iOS App Store for Data Collection [Update: Disabled]  (Read 309 times)
HCK
Global Moderator
Hero Member
*****
Posts: 79425



« on: February 01, 2019, 04:05:09 pm »

Google Also Exploiting Enterprise Certificates to Bypass iOS App Store for Data Collection [Update: Disabled]

Facebook is facing the wrath of Apple today for misusing an enterprise certificate meant for internal use to get Facebook users to sideload a data harvesting "Facebook Research" app that violates App Store policies, and as it turns out, Google has been doing the exact same thing.





According to TechCrunch, Google has been distributing an app called "Screenwise Meter" using the enterprise certificate installation method since 2012.





<img src="" alt="" width="800" height="417" class="aligncenter size-large wp-image-677577" />


Google has been privately inviting users aged 18 and up (or 13 for those part of a family group) to download Screenwise Meter, an app that is designed to collect information on internet usage, including details on how long a site is visited to apps that are downloaded.





By asking Screenwise Meter users to download the app using an enterprise certificate, Google is able to bypass <!---->App Store<!----> rules that prevent apps from gathering this kind of data from iPhone users.





Apple just this morning revoked Facebook's enterprise certificate for this exact same activity, which has rendered all of Facebook's internal apps nonoperational and has created chaos at Facebook's headquarters. Facebook employees are not able to use any of the internal apps that they rely on to get work done.





The Screenwise Meter app that Google uses lets users earn gift cards for sharing their traffic and app data. It is part of Google's Cross Media Panel and Google Opinion Rewards programs that provide rewards to people for installing tracking software on their smartphones, web browsers, routers, and TVs.





<center><iframe src="https://www.youtube.com/embed/uikWgn5MswY" width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen"></iframe></center>


According to TechCrunch, Google is more forthcoming about the kind of data that it's collecting than Facebook, but that doesn't change the fact that Google is using an app installation method that appears to violate Apple's enterprise certificate rules in the same way the Facebook Research app did.





Additionally, people who install these kinds of apps for rewards may not fully understand the extent of the data that's collected.
Putting the not-insignificant issues of privacy aside -- in short, many people lured by financial rewards may not fully take in what it means to have a company fully monitoring all your screen-based activity -- and the implications of what extent tech businesses are willing to go to to amass more data about users to get an edge on competitors, Google Screenwise Meter for iOS appears to violate Apple's policy.
Apple and Google have not yet commented on the Screenwise Meter app, but if Apple does decide that Google is also violating its enterprise rules, which clearly state that the enterprise program is for distributing internal employee apps only, Google too could see the enterprise certificate used for the Screenwise app revoked.





Apple could also punish Google in the same way that it punished Facebook by revoking all of the company's internal apps that use the same certificate.





Update: Google has issued an apology and has disabled its Screenwise Meter app on iOS devices. "The Screenwise Meter iOS app should not have operated under Apple's developer enterprise program -- this was a mistake and we apologize. We have disabled this app on iOS devices. This app is completely voluntary and always has been. We've been upfront with users about the way we use their data in this app, and we have no access to encrypted data in apps and on devices, and users can opt out of the program at any time."

<div class="linkback">Tag: Google</div>
This article, &quot;Google Also Exploiting Enterprise Certificates to Bypass iOS App Store for Data Collection [Update: Disabled]&quot; first appeared on MacRumors.com

Discuss this article in our forums

<div class="feedflare">
<img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img> <img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img> <img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>
</div><img src="http://feeds.feedburner.com/~r/MacRumors-Front/~4/qGAE7Ge0Fqk" height="1" width="1" alt=""/>

Source: Google Also Exploiting Enterprise Certificates to Bypass iOS App Store for Data Collection [Update: Disabled]
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: