A recent report by TechCrunch uncovered a Facebook “Research” project in which the social media giant has been paying people to install an app that tracks all user phone data and web usage.
Despite applications such as this one being against Apple’s app store policies, Facebook found a loophole and offered incentives to teenagers and adults to download their app.
Apple’s policy states that app developers cannot offer apps “for the purposes of analytics or advertising/marketing.” To sidestep the policy, Facebook installed an “enterprise developer certificate,” something “used by developers to make apps for internal use, without publishing them to the App Store,” USA Today explains.
“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization,” an Apple spokesperson said in a statement to TechCrunch on Wednesday. “Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”
The social media company has been using this project, referred to in some documentation as “Project Atlas,” for data collection since 2016, and targets users as young as 13 years old.
In exchange for access to the user’s web traffic and all phone activity, users were paid up to $20 a month, plus referral fees, to sell their privacy.
Users may have been unaware they were giving Facebook access to their privacy at first, as it hid its identity using beta testing services including uTest, Applause and BetaBound. The program was advertised as “social media research” on platforms like Instagram and Snapchat.
Facebook hid its identity but had intermediaries like uTest advertise to teens on Snapchat & Instagram that they could earn money via “social media research” aka selling their privacy. 3/ pic.twitter.com/9ohODeYXxM
— Josh Constine (@JoshConstine) January 29, 2019
According to Guardian Mobile Firewall’s security expert Will Strafach, “If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.”
While it is unknown what data Facebook is actually using, the social media giant “gets nearly limitless access to a user’s device once they install the app,” according to TechCrunch.
“The fairly technical sounding ‘install our Root Certificate’ step is appalling,” Strafach told TechCrunch. “This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this.”
TechCrunch inquired about the program with Facebook, and the company admitted to running it, but stated that it was an effort to gather information about their users’ habits.
Just hours after TechCrunch’s initial findings were published, Facebook said it would shut down the iOS version of “Facebook Research.”
Even so, Apple stepped in before Facebook removed the app, and confirmed to TechCrunch on Wednesday morning that they had blocked the app from their platform.
Following Apple’s decision and subsequent blockage of the “Facebook Research” app, a Facebook spokesperson told TechCrunch that it was pulling the iOS version of the program, without citing Apple’s decision to block it.
“Key facts about this market research program are being ignored,” Facebook’s statement said.
“Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate.
“Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”
CEO of Common Sense Media Jim Steyer attacked Facebook for their continued manipulation of users at any and all costs.
“Once again, Facebook has been exposed for putting profits before people,” he said in a statement. “The company’s manipulative tactics and desire to gather every waking thought about its users at any cost is unacceptable.”
Facebook’s Research program continues to be active on Android devices.
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.