Lucene search

K
threatpostLindsey O'DonnellTHREATPOST:7D0D4DEB8639F1B8789561405CB9252B
HistoryJan 31, 2019 - 2:26 p.m.

Google Pulls Data-Chugging App From iOS Devices

2019-01-3114:26:05
Lindsey O'Donnell
threatpost.com
59

Google has found itself in hot water for a research app that may have violated Apple’s policies by collecting user data in exchange for gift cards.

The tech giant said it has now disabled Screenwise Meter“audience measurement” app – which voluntarily collects data from users’ phones, browsers and even routers – from iOS devices.

The app was using a similar method as the recently-highlighted “Facebook Research” app to sidestep the Apple App Store’s strict data collection policies, according to a TechCrunch report. This involved distributing the app via Apple’s developer enterprise program, meant for companies who want to create apps for their own employees.

“The Screenwise Meter iOS app should not have operated under Apple’s developer enterprise program — this was a mistake, and we apologize,” a Google spokesperson told Threatpost. “We have disabled this app on iOS devices.”

Developer Enterprise Program

The developer enterprise program enables companies to create apps for their own employees – so the apps don’t go through the public App Store.

Apple has strict data-collection policies as part of its developer policies, which bar the collection of data about usage of other apps or data that’s not necessary for an app to function, as of June.

“Apps should only request access to data relevant to the core functionality of the app, and should only collect and use data that is required to accomplish the relevant task,” according to Apple’s policy.

It was discovered earlier this week that Facebook had used a similar method for its own

A Tuesday TechCrunch report uncovered that the social-media giant has been paying users (between the ages of 13 to 35) up to $20 a month to install the app, referred to as Project Atlas, on iOS or Android. The app gave Facebook full data access – including how and when users utilize the apps on their phone, their internet browsing history, and even screenshots of their Amazon order-history page, according to the report.

In response, Apple revoked Facebook’s enterprise iOS developer certificateand banned the app from its ecosystem.

A Facebook spokesperson however told Threatpost that key facts about the market research program are being ignored.

“Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research app,” the spokesperson said. “It wasn’t ‘spying,’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission, and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”

Apple did not respond to a request for comment from Threatpost about Google’s app.

Screenwise Meter

Google’s own app came to the forefront a day after Facebook’s app was banned from the iOS ecosystem.

The app, which has been running since 2014, dishes out gift cards to users in exchange for their data across their mobile devices, web browsers, routers and even televisions.

Screenwise Meter appears to still be available on Google Play, where a description of the app reads: “The Screenwise Meter mobile app is used to manage registered panelists’ participation in market research panels. If you are not a registered panelist with Google, this app will not function; please do not download or use this app. This app works in sync with external Screenwise measurement devices.”

In order to download the app, Google gives users a special code and they can then go through the registration process using Apple’s Enterprise Certificate. This is a similar process to how Facebook’s research app was downloaded.

According to the app’s panelist eligibility requirements, users must be 18 years or older while “household-invited secondary panelists” must be 13 years or older, with parental consent.

A Google spokesperson told Threatpost that the app “is completely voluntary and always has been.”

“We’ve been upfront with users about the way we use their data in this app, we have no access to encrypted data in apps and on devices, and users can opt out of the program at any time,” the spokesperson said.