Program that enrolled users as young as 13 prompts Apple to ban Facebook from publishing some apps
Facebook paid users as young as 13 to install an app that gave the company access to everything their phone sent or received over the internet. In response, Apple has revoked Facebook’s ability to publish certain apps, in a move that could have far-reaching implications for both companies.
Facebook has been accused of exploiting a loophole in Apple’s privacy regulations to publish the iPhone app, which provided it with data it used to keep ahead of youth trends.
As well as sparking renewed privacy concerns, the discovery revived the cold war between the two businesses, which have previously attacked each other in the press over issues of privacy and security.
Facebook was found to be using a voluntarily installed virtual private network (VPN) to route all data from participants’ devices through its own servers – despite the fact that Apple had removed a previous Facebook app that did the same thing, Onavo, from the iOS App Store over privacy violations.
Facebook now says it will shut down the app, called Facebook Research, on iOS and maintains it did nothing wrong, and that the service was not a replacement for the Onavo VPN.
According to TechCrunch, which first reported the existence of Facebook Research, the company paid users aged 13 to 35 a monthly fee, of up to $20, to install the app on iOS and Android. When they did, all of their internet data, however they connected and whatever apps they were using, was funnelled through the company’s servers, allowing it to keep track of their activities on other services.
Onavo Protect was used by the company for the same purpose but was removed from the iOS App Store in June 2018 when Apple implemented new rules that banned the collection of “information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing”.
Facebook Research avoided Apple’s enforcement of those privacy rules by asking users to install it using a feature called an “enterprise developer certificate”, which is intended to allow companies to build applications for internal use without needing to publish them to the App Store.