Facebook has been giving teens money in exchange for their data
How much is continual access to your data worth? $20, according to Facebook.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
In the latest installment of “OMG, what scummy thing has Facebook been doing,” the social media giant has been paying teens $20 a month to let them spy on their smartphones. A deep-dive from TechCrunch has uncovered a trail of questionable morals, disregard for rules of other platforms, and Machiavellian ways of gathering data.
Since 2016, Facebook has been coaxing users to part with their privacy in return for $20 per month plus referral fees. The “Facebook Research” app that has to be installed to get this payout is a VPN that can monitor everything a user does online since the app requires users to install a Root Certificate on their devices.
According to Will Strafach, a security expert at Guardian Mobile Firewall, once that Certificate is installed “[Facebook will have] the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location-tracking apps you may have installed.”
So, almost anything you do on your device. Worth it for $20 a month? I don’t feel it is, but obviously, enough people did or didn’t realize the level of access that the app gave to Facebook before agreeing to the terms. The Facebook Research app used to be on the App Store, under another name – Onavo Protect. That was taken out of the App Store after Apple updated its developer policies to ban collecting data about usage of other apps or data that is not necessary for an app to function, back in June of last year.
Facebook, of course, repackaged its app to get around those blocks
Not one to let something as trivial as rules to stop wholesale data collection, Facebook repackaged the app as “Facebook Research” and distributed it through beta testing services Applause, BetaBound, and uTest. Crucially, it used Apple’s Enterprise Developer cert program to enable this, a program that is intended for internal corporate apps only. Some of these sites don’t even mention Facebook’s involvement in the data collection, instead referring to the program as “Project Atlas.”
Since the story broke last night, Facebook has said it will shut down the controversial data collection program. Is this the only questionable project Facebook has running? I doubt it, Zuckerberg’s company has repeatedly shown that its thirst for data overrides any moral considerations.
Apple has revoked some of the company’s credentials
Earlier this morning, Apple appears to have revoked Facebook’s credentials for the Enterprise Developer certs, as it’s being reported that none of Facebook’s internal apps work anymore. That includes apps as trivial as lunch menus to internal beta versions of things like Facebook and Messenger apps for testing purposes. This is going to be a big problem for Facebook internally, just imagine if G.apps or Office365 was turned off at your workplace – what chaos would ensue?
What will this mean for Facebook’s app development going forward? While the revocation of certificates shouldn’t affect the development, it will affect testing and QA. This would be a perfect time for Apple to stand its ground and make all Facebook developed apps go through TestFlight, so they’re reviewed by Apple, as well.
This data collection looks like it will land Facebook in hot water again with legislators in Europe. While Facebook maintains that it had parental permission for the 5-percent of teenagers using this app, that likely won’t be enough. The GDPR clearly states that requests for consent must be “in an intelligible and easily accessible form, using clear and plain language,” otherwise the agreement isn’t legal. I find it difficult to see how Facebook’s obfuscation of its own role in the “Project Atlas” app will satisfy this requirement.
Maybe it’s time for lawmakers to finally look at regulating Facebook, certainly, it appears to be incapable of self-censure.
What do you think? Surprised by the news? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- Wanna Kicks is a killer AR shopping app that lets you try sneakers on before buying
- For some reason, Amazon now sells an entire hospital room for $285k
- A new report claims Netflix is working on its own Resident Evil series
- You may soon be able to send a Facebook Message to Instagram and WhatsApp users
- Influencers are turning to their own hackers to combat account theft on Instagram