Comparing Facebook and Google’s responses to being caught with hands in Apple’s cookie jar

While I was on the road this week, a blizzard of interesting stories broke. One of them involved both Facebook and Google, both linked by Shawn yesterday.

One detail that stuck out to me was the vastly different responses from each company.

Here’s Facebook’s official response, from this TechCrunch article:

Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.

Absolutely no mea culpa here. This feels more like “we’re being unfairly blamed”. But from that same article:

Facebook’s claim that it doesn’t violate Apple’s Enterprise Certificate policy is directly contradicted by the terms of that policy. Those include that developers “Distribute Provisioning Profiles only to Your Employees and only in conjunction with Your Internal Use Applications for the purpose of developing and testing”. The policy also states that “You may not use, distribute or otherwise make Your Internal Use Applications available to Your Customers” unless under direct supervision of employees or on company premises.


Facebook did not publicly promote the Research VPN itself and used intermediaries that often didn’t disclose Facebook’s involvement until users had begun the signup process. While users were given clear instructions and warnings, the program never stresses nor mentions the full extent of the data Facebook can collect through the VPN.

Google did a somewhat similar thing. When the Facebook news broke, Google released this statement (via this Verge article):

The Screenwise Meter iOS app should not have operated under Apple’s developer enterprise program — this was a mistake, and we apologize. We have disabled this app on iOS devices. This app is completely voluntary and always has been. We’ve been upfront with users about the way we use their data in this app, we have no access to encrypted data in apps and on devices, and users can opt out of the program at any time.

Like night and day. I get that Google had the advantage, in that they got to watch the Facebook story make headlines and had the opportunity to control their message. But Facebook did have the opportunity to own their actions. They chose to prolong the story, to pretend innocence, compounding their bad actions.