Apple busts Facebook for distributing data-sucking app

Thursday, 31 Jan, 2019

Apple is not pleased that Facebook used this program to send powerful apps to users, and Facebook's decision to pull the research app isn't enough to satisfy Apple.

As TechCrunch reports, in 2016 Facebook started offering to pay users aged between 13 and 35 as much as $20 per month plus referral fees to install an app.

A year ago in August, Apple forced Facebook to remove its Onavo VPN app from the App Store as it was silently collecting user information and data on the pretext of being a VPN app.

Several hours after the report was published, Facebook shut down the iOS Research app, but it appears to still be available to Android users.

Facebook has quietly been running a "Facebook Research" VPN app for years that offered teens, including minors, up to $20 per month in exchange for access to all of their private data, including private messages, photos and videos, and even real-time location, according to a new investigation report by TechCrunch.

The project may have allowed Facebook to scoop up more data about younger users as it fends off a challenge from rival services like Snapchat, which has become more popular than Facebook among United States teens.

At TechCrunch's request, internet security company Guardian Mobile Firewall's expert Will Strafach looked into the Facebook Research VPN to see what could it be doing.

It found that Facebook has been using the research program for some time to "gather data on usage habits". Apple's app store, as well as its own app testing service, was avoided. This type of data gathering can not be done using an App Store app. When they did, all of their internet data, however they connected and whatever app they were using, was funnelled through the company's servers, allowing it to keep track of their activities on other services.

Facebook said fewer than 5 percent of the participants in the program were teens and that all of those teens had signed parental consent forms. The certificates enabling root access were revoked last night, immediately disabling the ability to sideload apps on iOS and preventing current apps from functioning.

Facebook claimed that it was open about its app, that it was obviously monitoring the users' online activity from the description of the software, and pointed to the fact it was called "Facebook Research" as evidence. It's permission-based, and Facebook has apparently being paying the users who participate, but this has nevertheless generated yet another serious black eye for Facebook, which bypassed Apple's App Store and seemingly broke some of Apple's rules to do this.

"Despite early reports, there was nothing "secret" about this", Facebook said in a statement. Facebook removed the Onavo app in August.

The Facebook CEO was by Cook's remarks that he reportedly ordered Facebook staff to switch over from iPhones to Android phones.

The spokesperson also made it clear that the program was not in violation of any of Apple's App Store policies, though there is evidence pointing to the actions being contradictory to Apple's Enterprise Certificate Policy.

This is far from the first time Apple and Facebook have.

In revoking Facebook's developer certificate for iOS, Apple said the permission was intended "solely for the internal distribution of apps within an organization".