If you are thinking that Facebook is sitting quietly after being forced to remove its Onavo VPN app from Apple’s App Store, then you are mistaken. It turns out that Facebook is paying teenagers around $20 a month to use its VPN app that aggressively monitors their smartphone and web activity and then sends it back to Facebook.
Swati Khandelwal has looked into this and writes that the social media giant had previously been caught collecting some of this data through Onavo Protect, a Virtual Private Network (VPN) service that it acquired in 2013. However, the company was forced to pull the app from the App Store in August 2018 after Apple found that Facebook was using the VPN service to track its user activity and data across multiple apps, which clearly violates its App Store guidelines on data collection.
Onavo Protect became a data collection tool for Facebook helping the company track smartphone users’ activities across multiple different apps to learn insights about how Facebook users use third-party apps.
Facebook’s Paid Market Research
In some documentation, this program has been referred to as “Project Atlas.” Facebook has also confirmed the existence of the app to the publication.
Instead of downloading the app via any app store, Facebook has been using third-party beta testing services—Applause, BetaBound and uTest—that specifically runs ads on Instagram and Snapchat recruiting participants to install Facebook Research.
Facebook Research App Collects Troves of User Data
Although it is not clear if Facebook is accessing this data, but if the company wants it could, according to security researcher Will Strafach, who was commissioned by the publication.
In some instances, the Facebook Research app also asked users to take screenshots of their Amazon order histories and send it back to Facebook. According to the Facebook Research’s terms of service, installing the app gives the company permission to collect information about other mobile apps on a participant’s smartphone as well as how and when those apps are used.
“This means you are letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps,” the terms read.”
Facebook Acknowledges the Existence of the Program
While acknowledging the existence of this program, Facebook said, “like many companies, we invite people to participate in research that helps us identify things we can be doing better.”
Since Facebook Research is aimed at “helping Facebook understand how people use their mobile devices, we have provided extensive information about the type of data we collect and how they can participate. We do not share this information with others, and people can stop participating at any time.”
Though Facebook’s spokesperson claimed that the app was in line with Apple’s Enterprise Certificate program, but since Apple requires developers to only use this certificate system for distributing internal corporate apps to their own employees, “recruiting testers and paying them a monthly fee appears to violate the spirit of that rule,” the report reads.
Apple is “aware” of the issue, but it is unclear if the iPhone maker might ban Facebook from using its Enterprise Developer Certificates or not.
In response to the report, Facebook said the company is planning to shut down the iOS version of its Research app. BetaBound, uTest, and Applause have not yet responded to the report.
To find more interesting tech news, including hints and tips to keep yourself safe online visit Domain Digital.