Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google's Also Peddling a Data Collector Through Apple's Back Door (techcrunch.com)

Posted by msmash on from the infestation-breaks dept.

Facebook is not the only one abusing Apple's system for distributing employee-only apps to sidestep the App Store and collect extensive data on users. Google has been running an app called Screenwise Meter, which bears a strong resemblance to the app distributed by Facebook Research that has now been barred by Apple, TechCrunch reported Wednesday. From the report: In its app, Google invites users aged 18 and up (or 13 if part of a family group) to download the app by way of a special code and registration process using an Enterprise Certificate. That's the same type of policy violation that led Apple to shut down Facebook's similar Research VPN iOS app, which had the knock-on effect of also disabling usage of Facebook's legitimate employee-only apps -- which run on the same Facebook Enterprise Certificate -- and making Facebook look very iffy in the process. It needs to be pointed out that Google's app is relatively transparent about what it does and who runs it.

46 comments

  1. Through Apple's Back Door by Anonymous Coward · · Score: 0, Funny

    I'm waiting the funny posts

    1. Re:Through Apple's Back Door by Anonymous Coward · · Score: 0

      Yep, straight to the gutter. Work a Tim Cook reference in for extra credit!

    2. Re: Through Apple's Back Door by Anonymous Coward · · Score: 1

      It takes courage to go in through the out door.

    3. Re: Through Apple's Back Door by Anonymous Coward · · Score: 0

      Bye

    4. Re: Through Apple's Back Door by Anonymous Coward · · Score: 0

      ...everything is a sex toy!

    5. Re: Through Apple's Back Door by Anonymous Coward · · Score: 0

      Guys, there is nothing wrong with this. I'm sure Google and Facebook are just using this data to fight the war on terrorism, just like their sponsors from the CIA and NSA. Nothing to see, hear; move along...

    6. Re:Through Apple's Back Door by antdude · · Score: 1

      Haha, that's a funny post! ;)

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  2. They're not even bothering to deny it anymore by Rick+Schumann · · Score: 1

    This shit has GOT. TO. STOP. NOW.
    These asshole corporations aren't even bothering to TRY to hide their overreaching ways anymore. What's next? Are they going to go to Congress and DEMAND legislation REQUIRING citizens to hand over all their personal data and communications to them? REQUIRE everyone to have so-called 'smart speakers/digital assistants' in every room of their houses so they can be spied on directly 24/7?

    FUCK THIS SHIT. IT HAS TO STOP!

    1. Re:They're not even bothering to deny it anymore by Anonymous Coward · · Score: 1

      Facebook lies to Congress directly, why is this any worse? ALL of them need to be dealt with.

    2. Re: They're not even bothering to deny it anymore by Anonymous Coward · · Score: 0

      They are directly âoeattackingâ kids too. Premeditated attacks effectively. Heads should role on this one.

    3. Re:They're not even bothering to deny it anymore by Anonymous Coward · · Score: 0

      But . . . but . . . ."Google's app is relatively transparent about what it does and who runs it"

      Because announcing "I am a rapist and I am here to rape you" makes it OK.

    4. Re:They're not even bothering to deny it anymore by Anonymous Coward · · Score: 0

      Nobody said that makes it OK.

    5. Re:They're not even bothering to deny it anymore by supernova87a · · Score: 4, Interesting

      Why?

      How is this different from a person volunteering for a 1-week medical study where you're put in a room and everything about you is recorded?

      As the article said, Google is relatively more upfront that this is monitoring everything you do on your phone.

      If a company tells you explicitly what it's going to do with you + your info, and you agree and affirmatively opt in, why should government step in?

      Are you saying the people are not aware of their full involvement? Should govt lay down the ground rules for what these studies can record / collect like a medical study? What do you propose?

    6. Re:They're not even bothering to deny it anymore by Anonymous Coward · · Score: 0

      Don't say it like that. You want to ensure that your users are aware that you will use strong coercion tactics to better improve the platform experience.

    7. Re:They're not even bothering to deny it anymore by swillden · · Score: 2

      But . . . but . . . ."Google's app is relatively transparent about what it does and who runs it"

      Because announcing "I am a rapist and I am here to rape you" makes it OK.

      If the rapee consents (and is competent to consent; of legal age, of sound mind, etc.)... it does make it okay.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    8. Re:They're not even bothering to deny it anymore by ceoyoyo · · Score: 1

      "Should govt lay down the ground rules for what these studies can record / collect like a medical study?"

      That's not a bad place to start. After various nastiness, like the US Army infecting soldiers with syphilis and the Nazi's crucifying people to see how they died, the world decided that human subject research needed some oversight, safeguards, and strong ethical rules. Corporations that don't do human subject research as their bread and butter generally don't bother to follow those rules.

    9. Re:They're not even bothering to deny it anymore by Anonymous Coward · · Score: 0

      Nobody said that makes it OK.

      Then what is the purpose of the last sentence:

      "It needs to be pointed out that Google's app is relatively transparent about what it does and who runs it."

      The only purpose of that sentence is to imply that Google being "transparent" about what it is doing somehow makes it OK.

    10. Re:They're not even bothering to deny it anymore by Anonymous Coward · · Score: 0

      It's most likely the government itself will be the ones to demand every citizen be electronically tethered and info gathered at all times. They're already convinced that if they can't access a person's data directly the person MUST be guilty of something. It's not that big of a stretch to require data gathering on all citizens and sell it as "better security" to the dipshits that actually believe anything the government does is in our best interests.

    11. Re:They're not even bothering to deny it anymore by bill_mcgonigle · · Score: 1

      You want the people who infected soldiers with syphilis (not to mention Tuskegee) and crucified people to see how they died to make up the rules about how to treat people? Because corporations?

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    12. Re:They're not even bothering to deny it anymore by Anonymous Coward · · Score: 0

      If a company tells you explicitly what it's going to do with you + your info, and you agree and affirmatively opt in, why should government step in?

      Damn straight they should!

      Here's a strawman for ya:
      Imagine a company explicitly tells you it will murder you if you stop using their product of which they will give to you for FREE FOR ALL ETERNITY!!! Just opt-in and all will be fine...

      Extremes? fuck yeah. Necessary to protect the people from all types of snake oil? fuck yeah as well. People are fucking stupid and need to be herded, period.

    13. Re:They're not even bothering to deny it anymore by mrwireless · · Score: 1

      Choosing to install an app like this doesn't just affect you, it affects us all.

      Take Cambridge Analytica:

      Step 1.
      Know a lot about a relatively small amount of people. In their case, people filled in questionaires using an app.

      Step 2.
      Use machine learning algorithms to find common patterns in the Facebook likes of people who are neurotic (or gullible, have experienced childhood trauma, etc). For example, you might discover that they are more likely to like both christian rock and lobster restaurants. Or some other non-common-sense pattern.

      Step 3.
      Once you find the indicators that predict the traits you are looking for, you start looking for similar patterns in the larger populace. Anyone who displays the same patterns is branded as being "above average likely to be neurotic". (And they dare to call this 'data science'..)

      Step 4.
      Sell your new list of 'all neurotic people in the country' to banks, insurers, employers and political parties. (If you think profiling is about 'better personalised advertising', then you should wake up quick).

      So, the "nothing to hide" transparant people make it easier to profile those who do value their privacy. And that's why the government stepping in isn't as crazy as you think.

      By the way, Google actually works with a lot of companies all over the globe that do similar things. For example, a company I know asks people to install a special browser plugin, which then tracks every site they visit, in return for about $3 a month. I know this because a friend of mine works there. Who also told me Google doesn't want this to be public knowledge..

    14. Re:They're not even bothering to deny it anymore by ceoyoyo · · Score: 1

      Yeah, corporations *never* do anything evil.

      International human research conventions were written as a collaboration by lots of different groups, not just governments.

    15. Re:They're not even bothering to deny it anymore by Anubis+IV · · Score: 1

      Hold up. There's a very important adjective missing from anything you've just said: informed. Where was the informed consent?

      Sure, users may be willing to consent, but how many of them actually understood what they were consenting to? Is it valid consent if the other person mumbles inaudibly that they have HIV? Is it valid consent if Facebook buries in the middle of 400 pages of legalese that they'll have unfettered access to absolutely everything you do on the device, not just your browsing? And given that this consent takes the form of a provision profile, how much of it was actually reaffirmed after the GDPR went into effect?

      Separately, how many users even knew who they were getting into bed with in the first place? TechCrunch listed off a number of other companies that lured users in on behalf of Facebook. It wasn't until the last stage of signing up that there was any indication whatsoever that Facebook was involved in any capacity. That's like consenting to have sex with one person, but right as you're about to do the deed, they turn off the lights and pull a switcheroo with a disease-riddled prostitute. If you happened to be looking at just the right moment, you might have caught it and had a chance to say "no". Otherwise, however, the only way you'd find out is if someone put a light on the situation.

      (Quick aside: I have far less to complain about Google's handling of this situation than Facebook's. Google abused their enterprise license by allowing customers to use the app, so they're not in the clear there, but they acknowledged the error and took the app down immediately when news broke. It also sounds like your (current? former?) employer never requested as much access in the first place, thus reducing the severity of any privacy violations that may have taken place.)

      Consent doesn't mean much if it isn't informed.

    16. Re:They're not even bothering to deny it anymore by Anonymous Coward · · Score: 0

      It ain't rape if the target is past the age of consent and willingly consents...

    17. Re:They're not even bothering to deny it anymore by Anonymous Coward · · Score: 0

      How is this different from a person volunteering for a 1-week medical study where you're put in a room and everything about you is recorded?

      That is subject to privacy legislation and ethics comittees.

    18. Re:They're not even bothering to deny it anymore by Actually,+I+do+RTFA · · Score: 1

      How is this different from a person volunteering for a 1-week medical study

      Every 1-week medical study has (a) Isolation of PII data from medical data with strict rules on who can access the PII data and for what purpose; (b) Written procedures that cover the same (including who can be in the room as data is collected); (c) Written explanations of any possible harm (including reputation damage and/or emotional distress) that could occur to their subjects and mitigation strategies; (d) Informed consent not just of the data collected but all purposes the data can be used for, prior to beginning that can be revoked at any time (with destruction of the data) (Note, It's unclear how informed the Google consent is); (e) a scientific research purpose (as opposed to Google's financial purpose); (f) Oversight by a third party validator (an institutional review board) to ensure that all those steps are documented, etc.

      If a company tells you explicitly what it's going to do with you + your info, and you agree and affirmatively opt in, why should government step in?

      For the same reason as we have sexual harassment laws that make it so secretaries cannot also have to blow the boss. Just because the boss was upfront when hiring her, doesn't make it okay.

      Should govt lay down the ground rules for what these studies can record / collect like a medical study?

      Yes. Hell yes. To start with, any company should have to delete all the data they hold on you upon request with huge fines/civil damages for failing to do so (per instance, not waivable in EULAs/TOS). Secondly, they should have to report on anyone they sell or lease your data to (which includes a followon responsibility for them to have those companies delete your data when you request the original company do so). Third, they should have third party oversight of their data collection and storage. Fourth, their PII should be separated out from other data.

      --
      Your ad here. Ask me how!
    19. Re:They're not even bothering to deny it anymore by ChatHuant · · Score: 2

      If the rapee consents (and is competent to consent; of legal age, of sound mind, etc.)... it does make it okay.

      But that's not Google's modus operandi. A customer (competent, of legal age, of sound mind, with up to date vaccinations and a document from the neighborhood association certifying he's a good guy) who explicitly disables location tracking, still gets tracked. It's more like

      "I'm a rapist - do you want to be raped?"
      "No, please"
      "OK, I won't" - proceeds to rape you.

    20. Re:They're not even bothering to deny it anymore by swillden · · Score: 1

      Hold up. There's a very important adjective missing from anything you've just said: informed. Where was the informed consent?

      In the case of the Google app, you're talking about people who were invited to join a panel, regularly answer questionnaires, place additional monitoring devices near the TVs in their homes... I think they are well-informed.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    21. Re: They're not even bothering to deny it anymore by bursch-X · · Score: 1

      Via a special browser plugin

      On the other hand 60% or more of internet users use Chrome, which does exactly the same. Odd, innit?

      --
      There are two rules for success:
      1. Never tell everything you know.
    22. Re: They're not even bothering to deny it anymore by sheramil · · Score: 1

      They are directly âoeattackingâ kids too.

      âoeattackingâ

      vera góður eða ég mun snúa ér í froskur

  3. Re:This is racist by Anonymous Coward · · Score: 0

    Someone needs to send Jesse Jackson and Al Sharpton over to Apple so they can learn about how things REALLY work.

  4. So are Google and Facebook doing this on Android? by SuperKendall · · Score: 2

    One thing I hadn't read yet, do Facebook and Google have similar apps for Android? It seems likely they would... but I had not read that they did.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  5. making Facebook look very iffy by Anonymous Coward · · Score: 0

    Apple efforts aren't "making Facebook look very iffy". FaceBook IS iffy.

  6. Re:So are Google and Facebook doing this on Androi by swillden · · Score: 2

    One thing I hadn't read yet, do Facebook and Google have similar apps for Android? It seems likely they would... but I had not read that they did.

    https://play.google.com/store/apps/details?id=com.google.android.apps.userpanel&hl=en_US

    The Screenwise Meter mobile app is used to manage registered panelists' participation in market research panels. If you are not a registered panelist with Google, this app will not function; please do not download or use this app. This app works in sync with external Screenwise measurement devices.

    ABOUT PANEL RESEARCH: Like many other companies, Google brings together market research panels to help learn more about things like technology usage, how people are consuming media, and how they use Google products. This is part of our Panel Research program.

    Apparently there are "Screenwise" devices that you put near your TV that track usage (a la Nielsen, I guess), and the Screenwise Meter app works with them somehow. The panel enrollment page is here, but it's by invitation only.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  7. Employee benefits by Anonymous Coward · · Score: 0

    Could the fact that they are getting users to use the "employee only" certificates be used in a court case to extract employee benefits from google and Facebook?

  8. Re:So are Google and Facebook doing this on Androi by WillAffleckUW · · Score: 1

    Oh, that explains why Neilsen phoned me. They are rolling out something similar, but apparently they want households with land lines and a teen with an Android phone.

    At least I got $3 in cash (bills) for my time.

    --
    -- Tigger warning: This post may contain tiggers! --
  9. the cycle of diversity by Anonymous Coward · · Score: 0

    LOL, Black in reception. Pajeet in the back. White or Jew owner. Don't even think of applying whitey, are you trying to run the company or something? Otherwise you're too expensive and don't look good for our advertisers.

  10. Re:So are Google and Facebook doing this on Androi by fermion · · Score: 1
    I think the issue is going to be that Android is going to have a harder time protecting its user. Apple has a walled garden and I commend them for boldly protecting users and enforcing the wall. It could mean that companies that are primarily interested in abusing users may use this as an excuse to promote Android. And this at a time when Apple is very venerable and is losing market share, for example in China.

    That Facebook was willing to face the wrath of Apple and lose all functionality on corporate devices just shows how desperate they are. we will see how this plays out.

    --
    "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  11. It doesn't matter how up front the are by Dixie_Flatline · · Score: 3, Insightful

    There's a really excellent breakdown of the terms of the Enterprise agreement in the Facebook thread (https://apple.slashdot.org/comments.pl?sid=13320022&cid=58046318) and it's clear that this is a violation of that agreement no matter how you swing it. Unless these people are contractors and only use the application on-site (which is to say, at Google, under the DIRECT supervision of an employee) this is a clear breach of the contract.

    Google may have a little less to lose than Facebook by having the certificate rejected, but it's not going to be a trivial thing for them either.

  12. Friendly.. by Anonymous Coward · · Score: 0

    "It needs to be pointed out that Google's app is relatively transparent about what it does and who runs it."

    So is this like Facebooks "Friendly Fraud" ?

    The USA needs to stop pretending its a democracy, because the people and the government are no longer in control.

  13. Re:So are Google and Facebook doing this on Androi by SuperKendall · · Score: 1

    I really think this was a case of Facebook thinking they were "too big to revoke".

    Every iOS developer pretty much is cognizant of the Apple rules around enterprise releases, so I would think Facebook would have had a lot of people purposefully choosing to break those rules to do anything like an external release (involving money no less!!) of an enterprise signed app...

    As for how Android addresses this, maybe they could at least have more control around what apps are allowed VPN access, or some global way Google can define a kill list the system would check for? I'm kind of wondering if Google might not have something like that already for truly dangerous rogue apps.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  14. iOS Screenwise Meter has been disabled by Anonymous Coward · · Score: 0

    iOS Screenwise Meter has been disabled for more than a year. It is only available for android phones and tablets.