Facebook paid teens, even minors, to install app that spies all of their phone activity

Facebook paid teens, even minors, to install app that spies all of their phone activity
Facebook has quietly been running a "Facebook Research" VPN app for years that offered teens, including minors, up to $20 per month in exchange for access to all of their private data, including private messages, photos and videos, and even real-time location, according to a new investigation report by TechCrunch.

This "Facebook Research" application is a direct successor to Onavo, the VPN app that Facebook used to mine data about user habits and use of third-party apps, but had shut down by Apple in August. The ban came after Cupertino changed its terms to explicitly ban apps from collecting data about third-party applications that is not needed. Facebook's Onavo VPN app was secretly spying on users and gathering private information while officially its goal was to minimize mobile data usage.

Clearly, Onavo VPN was in violation of Apple's rules then, but rather than abandoning the practice, Facebook has launched the Research VPN app that is not published on the App Store, but rather distributed as a developer package using a certificate system only intended for distribution of corporate apps to employees. This is a direct violation of Apple's terms and services. Also, to bypass the App Store's rigorous review process, Facebook is using beta testing services Applause, BetaBound and uTest to deliver the application and to conceal its own involvement.

The Facebook Research app targets people of ages 13 (!) to 35, with those from 13 to 17 being required to submit parental consent forms. The app requires "participants" to install Root Certificate, which grants Facebook full rights to practically every little piece of information you have on your phone, including prized access to usage data about third party apps. It even required users to screenshot their Amazon order history page.

This is not a new strategy for Facebook. Earlier, BuzzFeed News obtained internal documents showing how Facebook has used Onavo's app to gather intel about former rivals like WhatsApp. For months, Facebook had been tracking WhatsApp via the Onavo VPN application only to find out that not only is WhatsApp a growing competitor, but it had the potential to overtake Facebook as users on WhatsApp were sending more than twice as many daily messages as via Facebook Messenger. This key intelligence was what justified Facebook to spend the shocking for the times $19 billion on acquiring WhatsApp in 2014 and neutralizing the threat.

With a growing number of youngsters leaving Facebook in favor of SnapChat, YouTube and others, the social network run by Mark Zuckerberg has clear interest in getting key information about how those competitors are doing. In fact, it is insights from such extensive spying on users that has revealed to Facebook trends like the quickly growing popularity of Chinese video music platform TikTok and the huge growth of memes, both quickly cloned by Facebook with its own Lasso app and a meme-browser called LOL.

At the end of the day, it's clear that even after Apple's warnings and the ban of the Onavo app, Facebook has continued to find ways to spy on users and gather information about competitors by all means possible.

“I have never seen such open and flagrant defiance of Apple’s rules by an App Store developer,” Guardian Mobile Firewall’s security expert Will Strafach said.

Right after the report broke about this new application, Facebook has said that it will shut down the Facebook Research application.

Of course, the data that Facebook has already gathered cannot be unseen and the ball is now in Apple's court to react to the way Facebook has violated the rules of Apple's platform to carry on its extensive data mining operations.



1. RebelwithoutaClue unregistered

"Facebook's Onavo VPN app was secretly spying" So if Facebook is paying $20 to people to give up their privacy (and also claiming they do so), what is so secretive about the spying part? People gave up their privacy willingly.

4. Victor.H

Posts: 1104; Member since: May 27, 2011

There is two parts to the story. The first is with the Onavo VPN app that was advertized as a means to minimize your mobile data usage, while it was secretly spying and that one was pulled from the Apple App Store in August. The second part is what this news is all about. It is the Facebook Research and the problem with it is that it goes against Apple's terms that forbid excessive mining of data from other apps. Moreover, it is very problematic to ask for root permissions for users that are under 18 with the majority of them probably not even understanding what this is all about. And even for those over 18, agreeing to Facebook Research is not a transparent way to say: we will have access to see all your private messages, photos, videos and real-time location. Of course, Facebook realizes all of this and that's why it has immediately decided to stop the program after TechCrunch brought all those practices to light.

6. RebelwithoutaClue unregistered

Ah ok, that part I didn't get. Btw that app (Onavo) is also (and still) available in the Play store. With 10 million installs, that's pretty high. Also, it's weird to ask for root permissions, since this is normally not possible on either iOS and Android without Jailbreak/Rooting.

2. Juneli35

Posts: 4; Member since: Jan 30, 2019

I did this with old phone knowing I rarely used Facebook. But the idea gone wrong after a year. 2 months was not paid by them. With excuses like app was not installed. Or not using the app. Don't do it.

3. dimas

Posts: 3446; Member since: Jul 22, 2014

How about every country in the world teach sucktheirbird a very hard lesson on anti-competitive moves like this? Freeze his assets or give him big penalty or something.

5. cmdacos

Posts: 4386; Member since: Nov 01, 2016

Opt in with parental consent. No big deal. And when it comes to Onavo, you should expect any VPN app you aren't paying for to be mining your data. Heck you should expect it from a few you are paying for.

7. Victor.H

Posts: 1104; Member since: May 27, 2011

Maybe from a very cynical point of view, but really, I would argue that the average user would not "expect" a VPN app to steal their data. I don't think that most users would equate using a VPN to giving all your private messages, photos, videos and location to Facebook. That is a BIG DEAL. So yeah maybe you can suspect it, but expecting that is really very cynical.

10. RebelwithoutaClue unregistered

If I look at the reviews on that app in the Play store, some know it's a s**tty app that steals data. Others have no idea and are somehow glad they installed it

8. raky_b

Posts: 440; Member since: Jul 02, 2014

Damn you Huawei, for all the spying.

9. Panzer

Posts: 283; Member since: May 13, 2016

I thought the Facebook app did enough data harvesting by itself. I run a whole home adblocker and we were having issues with Amazon (another data harvesting pig). So I started digging through the log files. The gf had Facebook on her phone it was constantly pinging back to Facebook. And she was not even using the phone she was using her tablet. Even with three Android devices on the network and a few Nest items there was less traffic going to Google. Scary stuff

11. mootu

Posts: 1541; Member since: Mar 16, 2017

How is the Facebook Research App spying. It's research into how users use their phones, they installed the app knowing full well what it did, signed permissions and were paid by Facebook for doing so. I'm no fan of Zuckerberk or Facebook but this just comes across as a witch hunt.

12. JRPG_Guy

Posts: 152; Member since: Jan 13, 2019

People still use this trash?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless