Google abused an Apple backdoor to collect user data

Google abused an Apple backdoor to collect user data
In the wake of the Facebook VPN scandal, it was recently revealed that Google has also been abusing the same Apple backdoor to collect data from users as young as thirteen. Similar to the Facebook Research app, Google's Screenwise Meter has been using Apple's Enterprise Certificate, which is meant for distributing employee-only apps, to circumvent the App Store and tap into a wealthy reserve of user data.

Upon downloading the app, users complete a survey and are then sent a special code that allows them to download the Enterprise Certificate-based VPN app that is then used to track all of their app and Internet use. In order to entice people to go through with it, Screenwise lets users earn gift cards in return for their data. The app was first launched in 2012, though, as TechCrunch points out, it was later rebranded as part of the broader Cross Media Panel and Google Opinion Rewards programs.

Similarly to Facebook's now-defunct Research app, Screenwise Meter was also initially available to people as young as thirteen, though Google later changed the age requirement to eighteen or older. However, minors could still partake in the program in the same household as other testers that met the age requirement.

Screenshots from Google's Screenwise Meter app

If nothing else, Google has at least been a bit more transparent than Facebook when it came to explaining what it does with its VPN tracker. Following TechCrunch's investigation, Google has announced that it will be shutting down the Screenwise Meter app for iOS:

"The Screenwise Meter iOS app should not have operated under Apple’s developer enterprise program — this was a mistake, and we apologize. We have disabled this app on iOS devices. This app is completely voluntary and always has been. We’ve been upfront with users about the way we use their data in this app, we have no access to encrypted data in apps and on devices, and users can opt out of the program at any time."

Following the Facebook VPN fiasco, Apple swiftly invalidated all certifications for Facebook employee-only apps. It is yet unclear if the same punishment will be issued to Google. If it is, this will be highly damaging to Google's workflow, not to mention the detrimental effects it will have on the public's opinion on the company (which Google won't be able to track via an app).


Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless