Facebook’s data practices are in the spotlight again as Apple recently barred Facebook’s Research VPN app which gave the social media giant access to all data in a user's phone.
Recent investigation by TechCrunch revealed that Facebook was paying users of ages 13 to 35 up to $20 per month to install the iOS or Android Facebook Research app which gave Facebook the ability to see virtually everything about the user’s web and phone activity. Facebook also worked with third party beta testing services to distribute the app leading to suspicions that it tried to conceal its involvement in the app.
Apple’s decision to ban the Research app, however, wasn’t based on privacy concerns around Facebook’s data collection method. Facebook had sidestepped the App Store by distributing the app through Apple’s Enterprise Developer Program — a program designed to allow companies to create apps for their own employees and offer them without having to be reviewed by Apple. Apple found that Facebook’s use of their membership to distribute a data-collecting app directly to consumers was a clear breach of their Enterprise Certificate policy. Following these events, Google also shut down its own iOS research app that was distributed to Apple device users via the same developer program.
It wasn’t the first time Facebook had encountered issues with Apple concerning data-sniffing apps. Facebook previously collected user data in a similar way using Onavo, a VPN service that it acquired in 2013. The company has used the data to identify up-and-coming competitors, then acquire or clone them. Facebook removed the app from the App Store last year after Apple complained that it violated the App Store’s guidelines on data collection.
Aside from the oft-discussed privacy issues around such practices — such as that users of research apps may not fully understand the implications of providing full access to their devices — these events highlight the extent tech giants are willing to go to collect more data about users.
TechCrunch’s investigation discovered that Facebook has been quietly operated the Research program on iOS and Android since 2016, recently under the name Project Atlas. It recruited 13 to 35 year olds, 5 percent of which were teenagers, with ads on Instagram and Snapchat and paid them a monthly fee plus referral bonuses to install Facebook’s Research app, the included VPN app that routes traffic to Facebook, and to ‘Trust’ the company with root network access to their phone. That lets Facebook pull in a user’s web browsing activity, what apps are on their phone and how they use them, and even decrypt their encrypted traffic. Facebook went so far as to ask users to screenshot and submit their Amazon order history. Facebook uses all this data to track competitors, assess trends, and plan its product roadmap.