Another day, another Facebook controversy. The latest backlash follows a TechCrunch report that the company was secretly paying teenagers to access their data and basically monitor their every move on the web. Facebook was asking people to install a VPN app called "Facebook Research," which gave it full access to a user's phone and internet activity. That, according to security expert Will Strafach (who helped TechCrunch with the investigation), gave the company the ability to continuously collect "private messages in social media apps, chats from in instant messaging apps (including photos/videos sent to others), emails, web searches, web browsing activity and even ongoing location information."
And what did these teens get in exchange for giving up every last illusion of privacy? Twenty dollars in e-gift cards per month. For a company that's been involved in countless data privacy scandals in recent months, Facebook has a lot of nerve. Rather than changing its approach to collecting people's personal data, especially in the wake of the Cambridge Analytica scandal, Facebook continues to test the limits of what it can get away with.
The Research VPN program seems to be a clone of Onavo Protect, a data-collecting app that was pulled from the iOS App Store last year after Apple said it would violate its privacy policy. According to TechCrunch, Facebook Research was created using the same code as Onavo Protect, but the social network found a way around Apple's restrictions. Through a simple browser link, those who agreed to participate could give Facebook root access to their iPhone, essentially allowing the company to install anything it wanted on their device.
By using its developer credentials to do this, Facebook bypassed Apple's TestFlight beta-testing program and instead let users download it from three other services: BetaBound, uTest and Applause. One of the beta-testing services Facebook used, Applause, went as far as asking users to provide a screenshot of their Amazon purchase history. Which is just shameless.
Given Apple's stance on Onavo Protect, it would appear that asking users for root access to their devices is a clear violation of its privacy policy — especially since Research was intended for people outside of Facebook. As a result of Facebook's actions with Research, Apple has banned the social network from testing iOS apps internally. "We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization," Apple said in a statement on Wednesday. "Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data."
Apple's decision to block Facebook from the Enterprise Developer Program is going to make it difficult to beta-test its various apps, including Messenger and Instagram. Beyond that, Apple CEO Tim Cook hasn't shied away from criticizing Facebook's privacy standards, and this is only going to heighten the tension between him and Mark Zuckerberg.
Facebook might argue that the people who signed up for the Research program (which reportedly targeted users between 13 and 35) consented to have their data harvested. But, it's not as if the company was being explicit about its involvement, since it was essentially hiding behind BetaBound, uTest and Applause as a "social media study." Per TechCrunch, it wasn't until a minor tried to sign-up that a parent consent form revealed that the data being collected would be provided to Facebook.
Here's how that form read: "There are no known risks associated with the project, however you acknowledge that the inherent nature of the project involves tracking of personal information via your child's use of apps."
Since TechCrunch's investigation came out Tuesday night, Facebook has said it is shutting down the program for iOS users, though it will still be available on Android. Google has not replied to our request for comment, but TechCrunch is now reporting that it, too, has a data-collecting application (called Screenwise Meter) that side-steps Apple's App Store.
Meanwhile, in a statement to Engadget, Facebook disputed the TechCrunch story on its Research program, saying that "key facts" are being ignored. "Despite early reports, there was nothing 'secret' about this; it was literally called the Facebook Research App," Facebook said. "It wasn't 'spying' as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms."
Source: Edgar Alvarez
