Facebook is reportedly paying users secretly to install an app which allows the tech giant access to the data on their smartphones and how they use it. According to a security expert, the app allows Facebook to collect data such as private messages in social media apps, emails, web searches and web browsing activities. TechCrunch notes it can also track ongoing location information from other location tracking apps installed in the user’s phone, as the report states.
“Facebook Research” VPN allows the company to gather all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and ultimately removed in August. Facebook avoided the App Store this time around by rewarding those who download the Research app and give it root access to network traffic so that the social network can “decrypt and analyze their phone activity,” a TechCrunch investigation confirms.
A Facebook spokesperson acknowledged to CNBC that the company is running the program to gather data on usage habits, saying, “Like many companies, we invite people to participate in research that helps us identify things we can be doing better.”
“Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate,” the spokesperson said. “We don’t share this information with others and people can stop participating at any time.”
Facebook has been paying users that are ages 13 to 35 up to $20 per month for installing the iOS or Android “Facebook Research” app. Facebook admitted to TechCrunch that it was running the Research program to collect data on usage habits and even added that it has no plans of stopping. In order to mask its direct involvement, the program is said to be administered through beta testing services Applause, BetaBound and uTest. It is referred to as “Project Atlas.”
“If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed,” states Guardian Mobile Firewall’s security expert Will Strafach.
While it’s unclear what exactly Facebook is looking for, the strategy shows just how far Facebook is willing to go and how much it is willing to pay in order to keep its dominance. The risk of breaking the rules of Apple’s iOS platform on which it depends is quite high as Apple could block Facebook from continuing to distribute its Research app, and even revoke permission to offer employee-only apps. TechCrunch did speak with Apple, in which Apple stated it’s aware of the issue, but the company did not provide a stateme
“The fairly technical sounding ‘install our Root Certificate’ step is appalling,” Strafach tells us. “This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this.”