Skip to main content

Facebook paid teens to install banned app, spy on their data

Another week, another jaw-dropping, bomb-shell Facebook privacy violation.

Josh Constantine, writing for TechCrunch:

Desperate for data on its competitors, Facebook has been secretly paying people to install a "Facebook Research" VPN that lets the company suck in all of a user's phone and web activity, similar to Facebook's Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.

To put this in context, Facebook had the kids basically give them root access to their phones so Facebook could, in theory, spy on everything they did. It's beyond creepy. It's grotesque.

Facebook was, initially, its usual defensive, deflective self. Then:

After this story was published, Facebook later told TechCrunch it will shut down the iOS version of its Research app in the wake of our report.

Apple has already retaliated:

"We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization," said a spokesperson. "Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data."

It's a proportional response, though the internet is filled with people angry enough to demand Apple ban all the Facebook apps from the App Store as well now. (Though Facebook is a web service, so unless Apple blacklists their domains at the root level, Safari would serve just as easily as a gateway on mobile as it does on the desktop.)

As it is, this means all of Facebook's internal iOS apps have stopped working. That includes company directories. In other words, it will be a huge pain for everyone working there that uses an iPhone or iPad, and an even bigger pain for Facebook's IT team to try to work around.

Though, Mark Zuckerberg may just use it as an excuse to push the company further towards Android, like he did following TIm Cook's criticism last spring.

Google, to the best of my knowledge, hasn't addressed any of this at all, in any way, ever.

Security researcher Will Strafach has been digging through the misdeeds on Twitter.

See more

While this is egregious on its own, taken together with Facebook's numerous other violations, it shows a pattern of behavior so anti-user and anti-social that something needs to be done.

It's clear Facebook is addicted to its own data drug and can't and won't regulate its intake in any meaningful way. Instead, it will do anything, no matter how obscene, to keep getting data hits.

The only option at this point is U.S. and E.U. intervention and "treatment".

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

7 Comments
  • Clever way to skirt the rules but very disturbing. Makes me wonder how many other apps/companies have done this.
  • Why does anyone use this crap? How do you think these companies are making money? By you posting pictures of what you have for dinner? No. Of course they are collecting data and selling it to advertisers. I have never been to any of these sites, or use any of these apps. Facebook, Twitter, MySpace, Instagram, whatever. With all of these, YOU are the product being sold. Wake up.
  • You certainly wouldn't want to use these sites if you want to protect your privacy, but I use Facebook and Twitter because I like the social aspect, and I'm not super scared about what they're collecting about me, even though I think it's wrong.
  • I think that you may be the one of the few intelligent people left on the planet besides myself and my life partner. Take care.
  • Hilarious how you complain that Spybook's VPN spied, but still advertise for "Lifetime VPNs" that 100% spy on you too.
  • On one hand, the issue is the targeting of teens. That's wrong. On the other hand, why are we so opposed to users using their phones as they see fit? If my neighbor wants to allow this, so be it. They paid for their phones and they should be allowed to do whatever and use them how they see fit. I personally wouldn't sell my data for $20 a month. But what is the issue if others want to? Why is that your or anyone else's concern outside of the person doing it? I just think companies need to be transparent in what they are doing. Facebook seems to have been manipulative with this.
  • In case you are really curious about privacy and companies not telling you what is tracked; this article contains 24 trackers (data thanks to Ghostery).