Well both Facebook and Google have already convinced consumers in the past to install certificates that were only meant for internally distributed iOS apps so they could spy on end users.