Over the last year, we’ve seen how Facebook has been involved in various data harvesting activities. Many expected that in light of recent criticism, Facebook would avoid coming in the spotlight for wrong reasons. But a new report by TechCrunch shows that negative press was not enough to break their resolve.
As per the report, Facebook made a VPN app back in 2016 with the sole purpose of harvesting user data. Users could side-load the app on iOS devices by installing a certificate, which is in violation of Apple’s developer privacy laws.
“Facebook Research” app is meant to target people from the age group of 13-35 by giving them up to $20 per month and extra for referrals. It’s a asks users to download and install a certificate on their phone, which gives it permission to access their network and decrypt the incoming and outgoing traffic on their phone, allowing Facebook to basically access to private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location-tracking apps the user might have installed.
“By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed . . . This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps. You are also letting our client collect information about your internet browsing activity (including the websites you visit and data that is exchanged between your device and those websites) and your use of other online services. There are some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions.”
Facebook had a similar app called Onavo Protect. It used the app to track down how people interacted with their mobile phones. The report revealed that it was with the help of Onavo that Facebook was able to foresee the meteoric rise of WhatsApp and justify the high price tag of $19 billion.
However, the app was removed from the App Store last year as it violated Apple’s privacy laws. So this time, Facebook relied on beta testing services like BetaBound, uTest, and Applause to sign up for the app. Not so surprisingly, they avoided using Apple’s beta testing platform which reviews every app and limits downloads to 10,000. Interestingly Facebook did not show their involvement when downloading the app from these 3rd party beta testing services. The only time Facebook came out was when minors were signing up using Applause which demanded parental approval.
A few hours after the report went live, Facebook said that it would shut down the iOS version of the program. The program, however, will continue to run on Android. They have defended their stance by saying, “It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear onboarding process asking for their permission and were paid to participate.” If it wasn’t really spying, or wrong then the question that arises is why did they shut the app down after the story went live? Why didn’t Facebook use more public means like App Store to distribute it?
After the fiasco with Cambridge Analytica, people expected Facebook to learn from their mistakes and put a halt to the many data collection services that are currently involved in. But it looks like nothing has changed. What remains now is to see how Google and more importantly Apple will react to this news. The latter even boasted about privacy during CES. Facebook and Apple have had a rough relationship for quite some time, with Tim Cook openly criticizing Facebook for selling user data and Mark Zuckerberg responding without holding anything back. Apple is expected to clamp down on privileges Facebook is currently enjoying in App Store, which includes revoking permission to offer employee-only apps.