pixel
Connect with us

Facebook

Facebook has been giving teens money in exchange for their data

How much is continual access to your data worth? $20, according to Facebook.

person scribbling on facebook logo on phone
Image: Unsplash

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

In the latest installment of “OMG, what scummy thing has Facebook been doing,” the social media giant has been paying teens $20 a month to let them spy on their smartphones. A deep-dive from TechCrunch has uncovered a trail of questionable morals, disregard for rules of other platforms, and Machiavellian ways of gathering data.

Since 2016, Facebook has been coaxing users to part with their privacy in return for $20 per month plus referral fees. The “Facebook Research” app that has to be installed to get this payout is a VPN that can monitor everything a user does online since the app requires users to install a Root Certificate on their devices.

According to Will Strafach, a security expert at Guardian Mobile Firewall, once that Certificate is installed “[Facebook will have] the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location-tracking apps you may have installed.”

facebook study teens data

Image: TechCrunch

So, almost anything you do on your device. Worth it for $20 a month? I don’t feel it is, but obviously, enough people did or didn’t realize the level of access that the app gave to Facebook before agreeing to the terms. The Facebook Research app used to be on the App Store, under another name – Onavo Protect. That was taken out of the App Store after Apple updated its developer policies to ban collecting data about usage of other apps or data that is not necessary for an app to function, back in June of last year.

Facebook, of course, repackaged its app to get around those blocks

Not one to let something as trivial as rules to stop wholesale data collection, Facebook repackaged the app as “Facebook Research” and distributed it through beta testing services Applause, BetaBound, and uTest. Crucially, it used Apple’s Enterprise Developer cert program to enable this, a program that is intended for internal corporate apps only. Some of these sites don’t even mention Facebook’s involvement in the data collection, instead referring to the program as “Project Atlas.”

Since the story broke last night, Facebook has said it will shut down the controversial data collection program. Is this the only questionable project Facebook has running? I doubt it, Zuckerberg’s company has repeatedly shown that its thirst for data overrides any moral considerations.

Apple has revoked some of the company’s credentials

Earlier this morning, Apple appears to have revoked Facebook’s credentials for the Enterprise Developer certs, as it’s being reported that none of Facebook’s internal apps work anymore. That includes apps as trivial as lunch menus to internal beta versions of things like Facebook and Messenger apps for testing purposes. This is going to be a big problem for Facebook internally, just imagine if G.apps or Office365 was turned off at your workplace – what chaos would ensue?

What will this mean for Facebook’s app development going forward? While the revocation of certificates shouldn’t affect the development, it will affect testing and QA. This would be a perfect time for Apple to stand its ground and make all Facebook developed apps go through TestFlight, so they’re reviewed by Apple, as well.

This data collection looks like it will land Facebook in hot water again with legislators in Europe. While Facebook maintains that it had parental permission for the 5-percent of teenagers using this app, that likely won’t be enough. The GDPR clearly states that requests for consent must be “in an intelligible and easily accessible form, using clear and plain language,” otherwise the agreement isn’t legal. I find it difficult to see how Facebook’s obfuscation of its own role in the “Project Atlas” app will satisfy this requirement.

Maybe it’s time for lawmakers to finally look at regulating Facebook, certainly, it appears to be incapable of self-censure.

What do you think? Surprised by the news? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience at KnowTechie, SlashGear and XDA Developers. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere, with particular focus in gadgetry and handheld gaming. Shoot him an email at joe@knowtechie.com.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Facebook