Yesterday, Apple killed Facebook’s access to internal iOS applications after it discovered the company was abusing its enterprise software applications to run aggressive data monitoring collection on teenagers. Today, it did the same thing to Google.
Google’s application, dubbed Screenwise Meter, appears to have been very similar to what Facebook deployed. Users had to be at least 18 unless they were part of a family, in which case 13 year-olds could join. Like Facebook, Google abused Apple’s enterprise certificates — which are only intended for internal use within a company — to collect data on every aspect of a user’s digital life.
When contacted about the issue, Google attempted to pass it off as a mistake, claiming:
The Screenwise Meter iOS app should not have operated under Apple’s developer enterprise program — this was a mistake, and we apologize. We have disabled this app on iOS devices. This app is completely voluntary and always has been. We’ve been upfront with users about the way we use their data in this app, we have no access to encrypted data in apps and on devices, and users can opt out of the program at any time.
It’s not clear when Screenwise explicitly launched on iOS. The earliest references to Screenwise online don’t mention a mobile application until 2014 (Screenwise launched in 2012). This article also explicitly mentions the age target: 13 and older, not 18 and over unless you are part of a family. And, as Techcrunch points out, the video below was released on August 29. The program was active right up until the present day.
It also isn’t clear when the application began requiring users to sideload an enterprise certificate to allow Google to track them more aggressively. This may have been a “feature” of the program from the very beginning, or it may have rolled out post-launch. Either way, this isn’t the kind of mistake that companies make by accident. Google had pages (now deleted, but thank-you Google Cache) walking people through the process of sideloading the app.
You can argue that Google was more ethical in how it treated the situation, given that it didn’t explicitly target teenagers for at least part of the time the program was running and was more upfront about the types of data it collected. But regardless, this is still an abuse of Apple’s enterprise policies. Beyond that, it shows just how rapacious companies are when it comes to seizing data they shouldn’t have a right to in the first place. Not only was Google willing to hoover up people’s data in exchange for some gift cards, it was willing to break its corporate agreements with Apple to do it.
Does Apple Deserve Any Credit?
At first glance, Apple looks like the good guy in this situation, locking down its servers and preventing abuse by companies like Google and Facebook. Writing for The Atlantic, Ian Bogost argues that this isn’t the case.
Apple didn’t take a position on Facebook’s creation of a paid “research” program to extract data from users. It enforced the terms of a licensing agreement; appearing to fight for user privacy is just a side effect. Apple is flexing its contract-law muscle, not its privacy muscle, and gaining a publicity win in the process. Crucially, Apple didn’t ban Facebook from the App Store or the iPhone platform: You can still download and use Messenger.
Bogost has a point. If Apple wanted to get serious about punishing Facebook or Google, it could stop partnering with Google on search. It could stop distributing Google and Facebook apps. It could put stronger limits on the types of data social media sites and search engines are allowed to collect off iOS devices and then enforce those limits when companies stepped over the line. At the very least, Apple could warn users upon installation that the companies who built the apps in question cannot be trusted with private user data.
Taking such steps would undoubtedly anger iOS users who rely on Google Maps, G Suite, Gmail, and Facebook — but it would also represent a genuinely courageous stand. Banning Facebook and Google from its enterprise application suite is nothing more than a slap on the wrist for either company. As demonstrations of courage go, it’s weak. And given that an Apple spokesperson has already told Buzzfeed that “We are working together with Google to help them reinstate their enterprise certificates very quickly,” even that weak punishment is likely to be over soon.