It seems that a can of privacy worms has just been opened up and Facebook isn’t the only one that’s going to stew. The social network giant was recently reported to have been luring users with monetary rewards to track the phone use while abusing a program Apple put in place for internal testing only. Apparently it isn’t the only one and Google has informally issued a mea culpa for doing likewise and has taken down the offending Screenwise Meter “research” app on iOS.
While the two companies implemented their programs differently, they shared a few common traits. For one, both Facebook’s Facebook Research and Google’s Screenwise Meter offered monetary compensation for installing an app and approving a certificate that would track their activities on their iOS or Android device. But while both targeted users legally capable of giving consent, they also allowed minors to join, provided they have parental approval. Unfortunately, when money is involved, common sense and better judgment may go out the window.
More critically, however, both Facebook and Google misused Apple’s Enterprise Certificate program to get users to install apps outside of the App Store. These certificates are supposed to be used by company employees for testing apps internally only. Any public testing should go through Apple’s TestFlight platform instead.
Google was quick to disable the iOS app and, in a statement to TechCrunch, claimed that it was just a mistake. Screenwise Meter, it says, shouldn’t have been distributed via Apple’s Enterprise Certificate program. That said, it also claims that it has always been upfront about exactly what data it tracks and do not access any encrypted data from the phone. Plus, it was completely voluntary and anyone can opt out of getting paid to be tracked by Google.
Apple has still to respond to this development but it has already revoked Facebook’s Enterprise Certificate. That action, however, did more than just shut down Facebook Research but all of the social giant’s internal iOS apps. Facebook argues that it wasn’t hiding anything, since the app was called “Facebook Research” after all, and it wasn’t spying on anyone since users were oriented and gave their explicit consent. Facebook didn’t clarify why it had used its internal Enterprise Certificate for that purpose or why the app shared much in common with the banned Onavo VPN app. Facebook Research remains available on Android.