Facebook has quietly been running a "Facebook Research" VPN app for years that offered teens, including minors, up to $20 per month in exchange for access to all of their private data, including private messages, photos and videos, and even real-time location, according to a new investigation report by TechCrunch
This "Facebook Research" application is a direct successor to Onavo, the VPN app that Facebook used to mine data about user habits and use of third-party apps, but had shut down by Apple in August. The ban came after Cupertino changed its terms to explicitly ban apps from collecting data about third-party applications that is not needed. Facebook's Onavo VPN app was secretly spying on users and gathering private information while officially its goal was to minimize mobile data usage.
Clearly, Onavo VPN was in violation of Apple's rules then, but rather than abandoning the practice, Facebook has launched the Research VPN app that is not published on the App Store, but rather distributed as a developer package using a certificate system only intended for distribution of corporate apps to employees. This is a direct violation of Apple's terms and services. Also, to bypass the App Store's rigorous review process, Facebook is using beta testing services Applause, BetaBound and uTest to deliver the application and to conceal its own involvement.
Facebook has acted in defiance of rules in a desperate attempt to gather user data
The Facebook Research app targets people of ages 13 (!) to 35, with those from 13 to 17 being required to submit parental consent forms. The app requires "participants" to install Root Certificate, which grants Facebook full rights to practically every little piece of information you have on your phone, including prized access to usage data about third party apps. It even required users to screenshot their Amazon order history page.
Facebook Research requires you give it access to most of your private data, screenshots by TechCrunch
This is not a new strategy for Facebook. Earlier, BuzzFeed News obtained internal documents
showing how Facebook has used Onavo's app to gather intel about former rivals like WhatsApp. For months, Facebook had been tracking WhatsApp via the Onavo VPN application only to find out that not only is WhatsApp a growing competitor, but it had the potential to overtake Facebook as users on WhatsApp were sending more than twice as many daily messages as via Facebook Messenger. This key intelligence was what justified Facebook to spend the shocking for the times $19 billion on acquiring WhatsApp in 2014 and neutralizing the threat.
Spied secret intelligence was the reason why Facebook acquired WhatsApp
With a growing number of youngsters leaving Facebook in favor of SnapChat, YouTube and others, the social network run by Mark Zuckerberg has clear interest in getting key information about how those competitors are doing. In fact, it is insights from such extensive spying on users that has revealed to Facebook trends like the quickly growing popularity of Chinese video music platform TikTok and the huge growth of memes, both quickly cloned by Facebook with its own Lasso app and a meme-browser called LOL.
At the end of the day, it's clear that even after Apple's warnings and the ban of the Onavo app, Facebook has continued to find ways to spy on users and gather information about competitors by all means possible.
“I have never seen such open and flagrant defiance of Apple’s rules by an App Store developer,” Guardian Mobile Firewall’s security expert Will Strafach said.
Right after the report broke about this new application, Facebook has said that it will shut down the Facebook Research application.
Of course, the data that Facebook has already gathered cannot be unseen and the ball is now in Apple's court to react to the way Facebook has violated the rules of Apple's platform to carry on its extensive data mining operations.